Biblio

With the rapid growth of the number of global network entities and interconnections, the security risks of network relationships are constantly accumulating. As the basis of network interconnection and communication, Internet routing is facing severe challenges such as insufficient online monitoring capability of large-scale routing events and lack of effective and credible verification mechanism. Major global routing security events emerge one after another, causing extensive and far-reaching impacts. To solve these problems, China Telecom studied the BGP (border gateway protocol) SDN (software defined network) controller technology to monitor the interconnection routing, constructed the global routing information database trust source integrating multi-dimensional information and developed the function of the protocol level based real-time monitoring system of Internet routing security events. Through these means, it realizes the second-level online monitoring capability of large-scale IP network Internet service routing events, forms the minute-level route leakage interception and route hijacking blocking solutions, and achieves intelligent protection capability of Internet routing security.

Internet of Vehicles consists of a three-layer architecture of electric vehicles, charging piles, and a grid dispatch management control center. Therefore, V2G presents multi-level, multi-agent and frequent information interaction, which requires a highly secure and lightweight identity authentication method. Based on the characteristics of Internet of Vehicles, this paper designs a multi-subject information interaction and one-way hash chain authentication method, it includes one-way hash chain and key distribution update strategy. The operation experiment of multiple electric vehicles and charging piles shows that the algorithm proposed in this paper can meet the V2G ID authentication requirements of Internet of Vehicles, and has the advantages of lightweight and low consumption. It is of great significance to improve the security protection level of Internet of Vehicles V2G.

Nowadays, smart cities (SCs) use technologies and different types of data collected to improve the lifestyles of their citizens. Indeed, connected smart vehicles are technologies used for an SC’s intelligent traffic monitoring systems (ITMSs). However, most proposed monitoring approaches do not consider realtime monitoring. This paper presents real-time data processing for an intelligent traffic monitoring dashboard using the Hadoop ecosystem dashboard components. Many data are available due to our proposed monitoring approach, such as the total number of vehicles on different routes and data on trucks within a radius (10KM) of a specific point given. Based on our generated data, we can make real-time decisions to improve circulation and optimize traffic flow.

This paper deals with how to implement a system that extends insider threat behavior data using private blockchain technology to overcome the limitations of insider threat datasets. Currently, insider threat data is completely undetectable in existing datasets for new methods of insider threat due to the lack of insider threat scenarios and abstracted event behavior. Also, depending on the size of the company, it was difficult to secure a sample of data with the limit of a small number of leaks among many general users in other organizations. In this study, we consider insiders who pose a threat to all businesses as public enemies. In addition, we proposed a system that can use a private blockchain to expand insider threat behavior data between network participants in real-time to ensure reliability and transparency.

The Industrial Internet expands the attack surface of industrial control systems(ICS), bringing cybersecurity threats to industrial controllers located in operation technology(OT) networks. Honeypot technology is an important means to detect network attacks. However, the existing honeypot system cannot simulate business logic and is difficult to resist highly concealed APT attacks. This paper proposes a high-simulation ICS security defense framework based on virtualization technology. The framework utilizes virtualization technology to build twins for protected control systems. The architecture can infer the execution results of control instructions in advance based on actual production data, so as to discover hidden attack behaviors in time. This paper designs and implements a prototype system and demonstrates the effectiveness and potential of this architecture for ICS security.

In recent years, cyber-attacks on modern industrial control systems (ICS) have become more common and it acts as a victim to various kind of attackers. The percentage of attacked ICS computers in the world in 2021 is 39.6%. To identify the anomaly in a large database system is a challenging task. Deep-learning model provides better solutions for handling the huge dataset with good accuracy. On the other hand, real time datasets are highly imbalanced with their sample proportions. In this research, GAN based model, a supervised learning method which generates new fake samples that is similar to real samples has been proposed. GAN based adversarial training would address the class imbalance problem in real time datasets. Adversarial samples are combined with legitimate samples and shuffled via proper proportion and given as input to the classifiers. The generated data samples along with the original ones are classified using various machine learning classifiers and their performances have been evaluated. Gradient boosting was found to classify with 98% accuracy when compared to other

Industrial Control Systems (ICS) are not secure by design–with recent developments requiring them to connect to the Internet, they tend to be highly vulnerable. Additionally, attacks on critical infrastructures such as power grids and nuclear plants can cause significant damage and loss of lives. Since such attacks tend to generate anomalies in the systems, an efficient way of attack detection is to monitor the systems and identify anomalies in real-time. An automated anomaly detection tool is introduced in this paper. Additionally, the functioning of the systems is viewed as Finite State Automata. Specific sensor measurements are used to determine permissible transitions, and statistical measures such as the Interquartile Range are used to determine acceptable boundaries for the remaining sensor measurements provided by the system. Deviations from the boundaries or permissible transitions are considered as anomalies. An additional feature is the provision of a finite state automata diagram that provides the operational constraints of a system, given a set of regulated input. This tool showed a high anomaly detection rate when tested with three types of ICS. The concepts are also benchmarked against a state-of-the-art anomaly detection algorithm called Isolation Forest, and the results are provided.

In recent years, the design of anomaly detectors has attracted a tremendous surge of interest due to security issues in industrial control systems (ICS). Restricted by hardware resources, most anomaly detectors can only be deployed at the remote monitoring ends, far away from the control sites, which brings potential threats to anomaly detection. In this paper, we propose an active real-time anomaly detection framework deployed in the controller of OpenPLC, which is a standardized open-source PLC and has high scalability. Specifically, we add adaptive active noises to control signals, and then identify a linear dynamic system model of the plant offline and implement it in the controller. Finally, we design two filters to process the estimated residuals based on the obtained model and use χ2 detector for anomaly detection. Extensive experiments are conducted on an industrial control virtual platform to show the effectiveness of the proposed detection framework.

Anomaly detection for devices (e.g, sensors and actuators) plays a crucial role in Industrial Control Systems (ICS) for security protection. The typical framework of deep learning-based anomaly detection includes a model to predict or reconstruct the state of devices and a detection mechanism to determine anomalies. The majority of anomaly detection methods use a fixed threshold detection mechanism to detect anomalous points. However, the anomalies caused by cyberattacks in ICSs are usually continuous anomaly segments. In this paper, we propose a novel detection mechanism to detect continuous anomaly segments. Its core idea is to determine the start and end times of anomalies based on the continuity characteristics of anomalies and the dynamics of error. We conducted experiments on the two real-world datasets for performance evaluation using five baselines. The F1 score increased by 3.8% on average in the SWAT dataset and increased by 15.6% in the WADI dataset. The results show a significant improvement in the performance of baselines using an error neighborhood-based continuity detection mechanism in a real-time manner.

The expansion of the internet has resulted in huge growth in every industry. It does, however, have a substantial impact on the downsides. Because of the internet's rapid growth, personally identifiable information (PII) should be kept secure in the coming years. Obtaining someone's personal information is rather simple nowadays. There are some established methods for keeping our personal information private. Further, it is essential because we must provide our identity cards to someone for every verification step. In this paper, we will look at some of the attempted methods for protecting our identities. We will highlight the research gaps and potential future enhancements in the research for more enhanced security based on our literature review.

The correctness of user traffic forwarding paths is an important goal of trusted transmission. Many network security issues are related to it, i.e., denial-of-service attacks, route hijacking, etc. The current path-aware network architecture can effectively overcome this issue through path verification. At present, the main problems of path verification are high communication and high computation overhead. To this aim, this article proposes a lightweight real-time verification mechanism of intradomain forwarding paths in autonomous systems to achieve a path verification architecture with no communication overhead and low computing overhead. The problem situation is that a packet finally reaches the destination, but its forwarding path is inconsistent with the expected path. The expected path refers to the packet forwarding path determined by the interior gateway protocols. If the actual forwarding path is different from the expected one, it is regarded as an incorrect forwarding path. This article focuses on the most typical intradomain routing environment. A few routers are set as the verification routers to block the traffic with incorrect forwarding paths and raise alerts. Experiments prove that this article effectively solves the problem of path verification and the problem of high communication and computing overhead.

In this work, we implement a complete probabilistic amplitude shaping (PAS) architecture on a field-programmable gate array (FPGA) platform to study the interplay between probabilistic shaping (PS) and forward error correction (FEC). Due to the fully parallelized input–output interfaces based on look up table (LUT) and low computational complexity without high-precision multiplication, hierarchical distribution matching (HiDM) is chosen as the solution for real time probabilistic shaping. In terms of FEC, we select two kinds of the mainstream soft decision-forward error correction (SD-FEC) algorithms currently used in optical communication system, namely Open FEC (OFEC) and soft-decision quasi-cyclic low-density parity-check (SD-QC-LDPC) codes. Through FPGA experimental investigation, we studied the impact of probabilistic shaping on OFEC and LDPC, respectively, based on PS-16QAM under moderate shaping, and also the impact of probabilistic shaping on LDPC code based on PS-64QAM under weak/strong shaping. The FPGA experimental results show that if pre-FEC bit error rate (BER) is used as the predictor, moderate shaping induces no degradation on the OFEC performance, while strong shaping slightly degrades the error correction performance of LDPC. Nevertheless, there is no error floor when the output BER is around 10-15. However, if normalized generalized mutual information (NGMI) is selected as the predictor, the performance degradation of LDPC will become insignificant, which means pre-FEC BER may not a good predictor for LDPC in probabilistic shaping scenario. We also studied the impact of residual errors after FEC decoding on HiDM. The FPGA experimental results show that the increased BER after HiDM decoding is within 10 times compared to post-FEC BER.

In order to control users’ access to the information system, it is necessary to develop a security system that can work in real time and easily reconfigure. This problem can be solved using a fuzzy logic. In this paper the authors propose a fuzzy distribution system for access to the student assessment system, which takes into account the level of user access, identifier and the risk of attack during the request. This approach allows process fuzzy or incomplete information about the user and implement a sufficient level of confidential information protection.

This paper aims to contribute towards creating ambient abnormal behavior detection for smart security system from real-time human pose estimation using fuzzy-based systems. Human poses from keypoint detected by pose estimation model are transformed to as angle positions of the axis between human bodies joints comparing to reference point in the axis x to deal with problem of the position change occurred when an individual move in the image. Also, the article attempts to resolve the problem of the ambiguity interpreting the poses with triangular fuzzy logic-based system that determines the detected individual behavior and compares to the poses previously learnt, trained, and recorded by the system. The experiment reveals that the accuracy of the system ranges between 90.75% (maximum) and 84% (minimum). This means that if the accuracy of the system at 85%. The system can be applied to guide future research for designing automatic visual human behavior detection systems.

To reduce the false negative rate in power data anomaly detection, enhance the overall detection accuracy and reliability, and create a more stable data detection environment, this paper designs a power big data anomaly detection method based on improved support vector machine technology. The abnormal features are extracted in advance, combined with the changes of power data, the multi-target anomaly detection nodes are laid, and on this basis, the improved support vector machine anomaly detection model is constructed. The anomaly detection is realized by combining the normalization processing of the equivalent vector. The final test results show that compared with the traditional clustering algorithm big data anomaly detection test group and the traditional multi-domain feature extraction big data anomaly detection test group, the final false negative rate of the improved support vector machine big data exception detection test group designed in this paper is only 2.04, which shows that the effect of the anomaly detection method is better. It is more accurate and reliable for testing in a complex power environment and has practical application value.

The fast-evolving Intelligent Transportation Systems (ITS) are crucial in the 21st century, promising answers to congestion and accidents that bother people worldwide. ITS applications such as Connected and Autonomous Vehicle (CAVs) update and broadcasts road incident event messages, and this requires significant data to be transmitted between vehicles for a decision to be made in real-time. However, broadcasting trusted incident messages such as accident alerts between vehicles pose a challenge for CAVs. Most of the existing-trust solutions are based on the vehicle's direct interaction base reputation and the psychological approaches to evaluate the trustworthiness of the received messages. This paper provides a scheme for improving trust in the received incident alert messages for real-time decision-making to detect malicious alerts between CAVs using direct and indirect interactions. This paper applies artificial intelligence and statistical data classification for decision-making on the received messages. The model is trained based on the US Department of Technology Safety Pilot Deployment Model (SPMD). An Autonomous Decision-making Trust Scheme (ADmTS) that incorporates a machine learning algorithm and a local trust manager for decision-making has been developed. The experiment showed that the trained model could make correct predictions such as 98% and 0.55% standard deviation accuracy in predicting false alerts on the 25% malicious data

Cooperative Intelligent Transportation System (CITS) has been introduced recently to increase road safety, traffic efficiency, and to enable various infotainment and comfort applications and services. To this end, a bunch technologies have been deployed to maintain and promote ITS. In essence, ITS is composed of vehicles, roadside infrastructure, and the environment that includes pedestrians, and other entities. Recently, several solutions were suggested to handle with the challenges faced by the vehicular networks (VN) using future internet architectures. One of the promising solutions proposed recently is Vehicular Fog computing (VFC), an attractive solution that supports sensitive service requests considering factors such as latency, mobility, localization, and scalability. VFC also provides a virtual platform for real-time big data analytic using servers or vehicles as a fog infrastructure. This paper surveys the general fog computing (FC) concept, the VFC architectures, and the key characteristics of several intelligent computing applications. We mainly focus on trust and security challenges in VFC deployment and real-time BD analytic in vehicular environment. We identify the faced challenges and future research directions in VFC and we highlight the research gap that can be exploited by researchers and vehicular manufactures while designing a new secure VFC architecture.

The development of marine environment monitoring equipment has been improved by leaps and bounds in recent years. Numerous types of marine environment monitoring equipment have mushroomed with a wide range of high-performance capabilities. However, the existing data recording software cannot meet the demands of real-time and comprehensive data recording in view of the growing data types and the exponential data growth rate generated by various types of marine environment monitoring equipment. Based on the above-mentioned conundrum, this paper proposes a multi-source heterogeneous marine environmental data acquisition and storage method, which can record and replay multi-source heterogeneous data based upon the needs of real-time and accurate performance and also possess good compatibility and expandability.

This paper presents a novel approach for a facial security system using elliptic curve cryptography. Face images extracted from input video are encrypted before sending to a remote server. The input face images are completely encrypted by mapping each pixel value of the detected face from the input video frame to a point on an elliptic curve. The original image can be recovered when needed using the elliptic curve cryptography decryption function. Specifically, we modify point multiplication designed for projective coordinates and apply the modified approach in affine coordinates to speed up scalar point multiplication operation. Image encryption and decryption operations are also facilitated using our existing scheme. Simulation results on Visual Studio demonstrate that the proposed systems help accelerate encryption and decryption operations while maintaining information confidentiality.

The proliferation of real-time cyber-physical systems (CPS) is making profound changes to our daily life. Many real-time CPSs are security and safety-critical because of their continuous interactions with the physical world. While the general perception is that the security protection mechanism deployment is often absent in real-time embedded systems, there is no existing empirical study that measures the adoption of these mechanisms in the ecosystem. To bridge this gap, we conduct a measurement study for real-time embedded firmware from both a security perspective and a real-time perspective. To begin with, we collected more than 16 terabytes of embedded firmware and sampled 1,000 of them for the study. Then, we analyzed the adoption of security protection mechanisms and their potential impacts on the timeliness of real-time embedded systems. Besides, we measured the scheduling algorithms supported by real-time embedded systems since they are also security-critical.

Embedded systems involve an integration of a large number of intellectual property (IP) blocks to shorten chip's time to market, in which, many IPs are acquired from the untrusted third-party suppliers. However, existing IP trust verification techniques cannot provide an adequate security assurance that no hardware Trojan was implanted inside the untrusted IPs. Hardware Trojans in untrusted IPs may cause processor program execution failures by tampering instruction code and return address. Therefore, this paper presents a secure RISC-V embedded system by integrating a Security Monitoring Unit (SMU), in which, instruction integrity monitoring by the fine-grained program basic blocks and function return address monitoring by the shadow stack are implemented, respectively. The hardware-assisted SMU is tested and validated that while CPU executes a CoreMark program, the SMU does not incur significant performance overhead on providing instruction security monitoring. And the proposed RISC-V embedded system satisfies good balance between performance overhead and resource consumption.

Electronic control units (ECU) have been widely used in modern resource-constrained automotive systems, com-municating through the controller area network (CAN) bus. However, they are still facing man-in-the-middle attacks in CAN bus due to the absence of a more effective authenti-cation/encryption mechanism. In this paper, to defend against the attacks more effectively, we propose a unified lightweight authenticated encryption that integrates recent prevalent cryp-tography standardization Isap and Ascon.First, we reuse the common permutation block of ISAP and Asconto support authenticated encryption and encryption/decryption. Second, we provide a flexible and independent switch between authenticated encryption and encryption/decryption to support specific application requirements. Third, we adopt standard CAESAR hardware API as the interface standard to support compatibility between different interfaces or platforms. Experimental results show that our proposed unified lightweight authenticated encryption can reduce 26.09% area consumption on Xilinx Artix-7 FPGA board compared with the state-of-the-arts. In addition, the encryption overhead of the proposed design for transferring one CAN data frame is \textbackslashmathbf10.75 \textbackslashmu s using Asconand \textbackslashmathbf72.25 \textbackslashmu s using ISAP at the frequency of 4 MHz on embedded devices.

Accurately constructing dynamic network topology is one of the core tasks to provide on-demand security services to the ubiquitous network. Existing schemes cannot accurately construct dynamic network topologies in time. In this paper, we propose a novel scheme to construct the ubiquitous network topology. Firstly, ubiquitous network nodes are divided into three categories: terminal node, sink node, and control node. On this basis, we propose two operation primitives (i.e., addition and subtraction) and three atomic operations (i.e., intersection, union, and fusion), and design a series of algorithms to describe the network change and construct the network topology. We further use our scheme to depict the specific time-varying network topologies, including Satellite Internet and Internet of things. It demonstrates that their communication and security protection modes can be efficiently and accurately constructed on our scheme. The simulation and theoretical analysis also prove that the efficiency of our scheme, and effectively support the orchestration of protection capabilities.

With the continues growth of our technology, majority in our sectors are becoming smart and one of its great applications is in agriculture, which we call it as smart farming. The application of sensors, IoT, artificial intelligence, networking in the agricultural setting with the main purpose of increasing crop production and security level. With this advancement in farming, this provides a lot of privileges like remote monitoring, optimization of produce and too many to mention. In light of the thorough systematic analysis performed in this study, it was discovered that Edge-of-things is a potential computing scheme that could boost an artificial intelligence for intelligent remote farm security and intrusion detection pre-alarm system over other computing schemes. Again, the purpose of this study is not to replace existing cloud computing, but rather to highlight the potential of the Edge. The Edge architecture improves end-user experience by improving the time-related response of the system. response time of the system. One of the strengths of this system is to provide time-critical response service to make a decision with almost no delay, making it ideal for a farm security setting. Moreover, this study discussed the comparative analysis of Cloud, Fog and Edge in relation to farm security, the demand for a farm security system and the tools needed to materialize an Edge computing in a farm environment.

Train operation is highly influenced by the rail track state and the surrounding environment. An abnormal obstacle on the rail track will pose a severe threat to the safe operation of urban rail transit. The existing general obstacle detection approaches do not consider the specific urban rail environment and requirements. In this paper, we propose an edge intelligence (EI)-based obstacle intrusion detection system to detect accurate obstacle intrusion in real-time. A two-stage lightweight deep learning model is designed to detect obstacle intrusion and obtain the distance from the train to the obstacle. Edge computing (EC) and 5G are used to conduct the detection model and improve the real-time detection performance. A multi-agent reinforcement learning-based offloading and service migration model is formulated to optimize the edge computing resource. Experimental results show that the two-stage intrusion detection model with the reinforcement learning (RL)-based edge resource optimization model can achieve higher detection accuracy and real-time performance compared to traditional methods.