Biblio

Management control and monitoring of production activities in intelligent environments in subway mines must be aligned with the strategies and objectives of each agent. It is required that in operations, the local structure of each service is fault-tolerant and that large amounts of data are transmitted online to executives to make effective and efficient decisions. The paper proposes an architecture that enables strategic text analysis on the Internet of Things devices through task partitioning with multiple agent systems and evaluates the feasibility of the design by building a prototype that improves communication. The results validate the system's design because Raspberry Pi can execute text mining algorithms and agents in about 3 seconds for 197 texts. This work emphasizes multiple agents for text analytics because the algorithms, along with the agents, use about 70% of a Raspberry Pi CPU.

This research attempts to provide some insights on the application of text mining and Natural Language Processing (NLP). The application domain is consumer complaints about financial institutions in the USA. As an advanced analytics discipline embedded within the Big Data paradigm, the practice of text analytics contains elements of emergent knowledge processes. Since our experiment should be able to scale up we make use of a pipeline based on Spark-NLP. The usage scenario is adapting the model to a specific industrial context and using the dataset offered by the "Consumer Financial Protection Bureau" to illustrate the application.

We consider the physical layer security (PLS) of non-orthogonal multiple access (NOMA) enabled multiple-input multiple-output (MIMO) visible light communication systems in the presence of a passive eavesdropper (Eve). In order to disrupt the decoding process at Eve, we propose a novel precoding scheme reinforced with random constellation coding. Multiple legitimate users (Bobs) will be served simultaneously using NOMA. For the proposed precoder design, we exploit the slow-fading characteristics of the visible light channel so that the transmitted symbols are successfully decoded at Bob, while Eve suffers from very high bit error ratios (BERs) due to precoding-induced jamming. Via computer simulations, we show that Bob can successfully decode their own information in various user configurations and receiver diversities. It is also shown that the BER at Eve's side is increased to the 0.5-level for similar and the asymmetrical positioning of Bob with respect to the transmitter, thus PLS is ensured by the proposed preceding technique.

We propose a method to let a source and a destination agree on a key that remains secret to a potential eavesdropper in an underwater acoustic network (UWAN). We generate the key from the propagation delay measured over a set of multihop routes: this harvests the randomness in the UWAN topology and turns the slow sound propagation in the water into an advantage for the key agreement protocol. Our scheme relies on a route discovery handshake. During this process, all intermediate relays accumulate message processing delays, so that both the source and the destination can compute the actual propagation delays along each route, and map this information to a string of bits. Finally, via a secret key agreement from the information-theoretic security framework, we obtain an equal set of bits at the source and destination, which is provably secret to a potential eavesdropper located away from both nodes. Our simulation results show that, even for small UWANs of 4 nodes, we obtain 11 secret bits per explored topology, and that the protocol is insensitive to an average node speed of up to 0.5 m/s.

Wireless embedded devices are key elements of Internet-of-Things (IoT) and industrial IoT (IIoT) applications. The complexity of these devices as well as the number of connected devices to networks increase steadily. The high intricacy of the overall system makes it error-prone and vulnerable to attacks and leads to the need to test individual parts or even the whole system. Therefore, this paper presents the concept of a flexible and distributed testbed to evaluate correct behavior in various operation or attack scenarios. It is based on the Robot Operating System (ROS) as communication framework to ensure modularity and expandability. The testbed integrates RF-jamming and measurement devices to evaluate remote attack scenarios and interference issues. An energy harvesting emulation cell is used to evaluate different real-world energy harvesting scenarios. A climatic test chamber allows to investigate the influence of temperature and humidity conditions on the system-under-test. As a testbed application scenario, the automated evaluation of an energy harvesting wireless sensor network designed to instrument automotive engine test benches is presented.

Blockchain is well known for its storage consistency, decentralization and tamper-proof, but the privacy disclosure and difficulty in auditing discourage the innovative application of blockchain technology. As compared to public blockchain and private blockchain, consortium blockchain is widely used across different industries and use cases due to its privacy-preserving ability, auditability and high transaction rate. However, the present co-audit of privacy-preserving data on consortium blockchain is inefficient. Private data is usually encrypted by a session key before being published on a consortium blockchain for privacy preservation. The session key is shared with transaction parties and auditors for their access. For decentralizing auditorial power, multiple auditors on the consortium blockchain jointly undertake the responsibility of auditing. The distribution of the session key to an auditor requires individually encrypting the session key with the public key of the auditor. The transaction initiator needs to be online when each auditor asks for the session key, and one encryption of the session key for each auditor consumes resources. This work proposes GAChain and applies group key agreement technology to efficiently co-audit privacy-preserving data on consortium blockchain. Multiple auditors on the consortium blockchain form a group and utilize the blockchain to generate a shared group encryption key and their respective group decryption keys. The session key is encrypted only once by the group encryption key and stored on the consortium blockchain together with the encrypted private data. Auditors then obtain the encrypted session key from the chain and decrypt it with their respective group decryption key for co-auditing. The group key generation is involved only when the group forms or group membership changes, which happens very infrequently on the consortium blockchain. We implement the prototype of GAChain based on Hyperledger Fabric framework. Our experimental studies demonstrate that GAChain improves the co-audit efficiency of transactions containing private data on Fabric, and its incurred overhead is moderate.

Differential privacy is a concept to quantity the disclosure of private information that is controlled by the privacy parameter ε. However, an intuitive interpretation of ε is needed to explain the privacy loss to data engineers and data subjects. In this paper, we conduct a worst-case study of differential privacy risks. We generalize an existing model and reduce complexity to provide more understandable statements on the privacy loss. To this end, we analyze the impact of parameters and introduce the notion of a global privacy risk and global privacy leak.

Advances in machine learning, deep learning, and Artificial Intelligence(AI) allows people to exchange other people's faces and voices in videos to make it look like what they did or say whatever you want to say. These videos and photos are called “deepfake” and are getting more complicated every day and this has lawmakers worried. This technology uses machine learning technology to provide computers with real data about images, so that we can make forgeries. The creators of Deepfake use artificial intelligence and machine learning algorithms to mimic the work and characteristics of real humans. It differs from counterfeit traditional media because it is difficult to identify. As In the 2020 elections loomed, AI-generated deepfakes were hit the news cycle. DeepFakes threatens facial recognition and online content. This deception can be dangerous, because if used incorrectly, this technique can be abused. Fake video, voice, and audio clips can do enormous damage. This paper examines the algorithms used to generate deepfakes as well as the methods proposed to detect them. We go through the threats, research patterns, and future directions for deepfake technologies in detail. This research provides a detailed description of deep imitation technology and encourages the creation of new and more powerful methods to deal with increasingly severe deep imitation by studying the history of deep imitation.

Protocol parsing is to discern and analyze packets' transmission fields, which plays an essential role in industrial security monitoring. The existing schemes parsing industrial protocols universally have problems, such as the limited parsing protocols, poor scalability, and high preliminary information requirements. This paper proposes a text similarity-based protocol parsing scheme (TPP) to identify and parse protocols for Industrial Internet of Things. TPP works in two stages, template generation and protocol parsing. In the template generation stage, TPP extracts protocol templates from protocol data packets by the cluster center extraction algorithm. The protocol templates will update continuously with the increase of the parsing packets' protocol types and quantities. In the protocol parsing phase, the protocol data packet will match the template according to the similarity measurement rules to identify and parse the fields of protocols. The similarity measurement method comprehensively measures the similarity between messages in terms of character position, sequence, and continuity to improve protocol parsing accuracy. We have implemented TPP in a smart industrial gateway and parsed more than 30 industrial protocols, including POWERLINK, DNP3, S7comm, Modbus-TCP, etc. We evaluate the performance of TPP by comparing it with the popular protocol analysis tool Netzob. The experimental results show that the accuracy of TPP is more than 20% higher than Netzob on average in industrial protocol identification and parsing.

This paper presents ongoing work on the formalism of Cyber-Physical Systems (CPS) simulations. These systems are distributed real-time systems, and their simulations might be distributed or not. In this paper, we propose a model to describe the modular components forming a simulation of a CPS. The main goal is to introduce a model of generic simulation distributed architecture, on which we are able to execute a logical architecture of simulation. This architecture of simulation allows the expression of structural and behavioural constraints on the simulation, abstracting its execution. We will propose two implementations of the execution architecture based on generic architectures of distributed simulation: $\cdot$ The High Level Architecture (HLA), an IEEE standard for distributed simulation, and one of its open-source implementation of RunTime Infrastructure (RTI): CERTI. $\cdot$ The Distributed Simulation Scheduler (DSS), an Airbus framework scheduling predefined models. Finally, we present the initial results obtained applying our formalism to the open-source case study from the ROSACE case study.

Nowadays a huge amount of sensitive information is sending via packet data networks and its security doesn't provided properly. Very often information leakage causes huge damage to organizations. One of the mechanisms to cause information leakage when it transmits through a communication channel is to construct a covert channel. Everywhere used packet networks provide huge opportunities for covert channels creating, which often leads to leakage of critical data. Moreover, covert channels based on packet length modifying can function in a system even if traffic encryption is applied and there are some data transfer schemes that are difficult to detect. The purpose of the paper is to construct and examine a normalization protection tool against covert channels. We analyze full and partial normalization, propose estimation of the residual covert channel capacity in a case of counteracting and determine the best parameters of counteraction tool.

The security and privacy concerns along with the amount of data that is required to be processed on regular basis has pushed processing to the edge of the computing systems. Deploying advanced Neural Networks (NN), such as deep neural networks (DNNs) and spiking neural networks (SNNs), that offer state-of-the-art results on resource-constrained edge devices is challenging due to the stringent memory and power/energy constraints. Moreover, these systems are required to maintain correct functionality under diverse security and reliability threats. This paper first discusses existing approaches to address energy efficiency, reliability, and security issues at different system layers, i.e., hardware (HW) and software (SW). Afterward, we discuss how to further improve the performance (latency) and the energy efficiency of Edge AI systems through HW/SW-level optimizations, such as pruning, quantization, and approximation. To address reliability threats (like permanent and transient faults), we highlight cost-effective mitigation techniques, like fault-aware training and mapping. Moreover, we briefly discuss effective detection and protection techniques to address security threats (like model and data corruption). Towards the end, we discuss how these techniques can be combined in an integrated cross-layer framework for realizing robust and energy-efficient Edge AI systems.

Software vulnerabilities have become a major problem for the security analysts, since the number of new vulnerabilities is constantly growing. Thus, there was a need for a categorization system, in order to group and handle these vulnerabilities in a more efficient way. Hence, the MITRE corporation introduced the Common Weakness Enumeration that is a list of the most common software and hardware vulnerabilities. However, the manual task of understanding and analyzing new vulnerabilities by security experts, is a very slow and exhausting process. For this reason, a new automated classification methodology is introduced in this paper, based on the vulnerability textual descriptions from National Vulnerability Database. The proposed methodology, combines textual analysis and tree-based machine learning techniques in order to classify vulnerabilities automatically. The results of the experiments showed that the proposed methodology performed pretty well achieving an overall accuracy close to 80%.

Renewed focus on spacecraft networking by government and private industry promises to establish interoperable communications infrastructures and enable distributed computing in multi-nodal systems. Planned near-Earth and cislunar missions by NASA and others evidence the start of building this networking vision. Working with space agencies, academia, and industry, NASA has developed a suite of communications protocols and algorithms collectively referred to as Delay-Tolerant Networking (DTN) to support an interoperable space network. Included in the DTN protocol suite is a security protocol - the Bundle Protocol Security Protocol - which provides the kind of delay-tolerant, transport-layer security needed for cislunar and deep-space trusted networking. We present an analysis of the lifecycle of security operations inherent in a space network with a focus on the DTN-enabled space networking paradigm. This analysis defines three security-related roles for spacecraft (Security Sources, verifiers, and acceptors) and associates a series of critical processing events with each of these roles. We then define the set of required and optional actions associated with these security events. Finally, we present a series of best practices associated with policy configurations that are unique to the space-network security problem. Framing space network security policy as a mapping of security actions to security events provides the details necessary for making trusted networks semantically interoperable. Finally, this method is flexible enough to allow for customization even while providing a unifying core set of mandatory security actions.

The test of security primitives is particularly strategic as any bias coming from the implementation or environment can wreck havoc on the security it is intended to provide. This paper presents how some security properties are tested on leading primitives: True Random Number Generation (TRNG), Physically Unclonable Function (PUF), cryptographic primitives and Digital Sensor (DS). The test of TRNG and PUF to ensure a high level of security is mainly about the entropy assessment, which requires specific statistical tests. The security against side-channel analysis (SCA) of cryptographic primitives, like the substitution box in symmetric cryptography, is generally ensured by masking. But the hardware implementation of masking can be damaged by glitches, which create leakages on sensitive variables. A test method is to search for nets of the cryptographic netlist, which are vulnerable to glitches. The DS is an efficient primitive to detect disturbances and rise alarms in case of fault injection attack (FIA). The dimensioning of this primitive requires a precise test to take into account the environment variations including the aging.

In Industry 4.0, Information Technology (IT) and Operational Technology (OT) tend to converge further with an increasing interdependence of safety and security issues to be considered. On one hand, cyber attacks are possible which can alter implemented safety functionality leading to situations where people are harmed, serious injuries may occur or the environment gets damaged. On the other side, safety can also impact security. For instance, the misuse of a Safety Instrumented System (SIS) may force a machine or a production line to shut down resulting in a denial of service. To prevent or mitigate risks from such scenarios, this paper proposes a threat modeling technique which addresses an integrated view on safety and security. The approach is tailored to the industrial automation domain considering plausible attacks and evaluating risks based on three different metrics. The metrics selected consist of Common Vulnerability Scoring System (CVSS) used as an international standard for rating cyber security vulnerabilities, Security Level (SL) from IEC 62443 to rate cyber security risks in OT environments w.r.t. the underlying architecture, and Safety Integrity Level (SIL) from IEC 61508 to rate safety risks. Due to the variety of use cases involving the chosen metrics, the approach is also feasible for followup analyses, such as integrated safety and security assessments or audits.

Anecdotal evidence suggests that Web-search engines, together with the Knowledge Graphs and Bases, such as YAGO [46], DBPedia [13], Freebase [16], Google Knowledge Graph [52] provide rapid access to most structured information on the Web. However, taking a closer look reveals a so called "knowledge gap" [18] that is largely in the dark. For example, a person searching for a relevant job opening has to spend at least 3 hours per week for several months [2] just searching job postings on numerous online job-search engines and the employer websites. The reason why this seemingly simple task cannot be completed by typing in a few keyword queries into a search-engine and getting all relevant results in seconds instead of hours is because access to structured data on the Web is still rudimentary. While searching for a job we have many parameters in mind, not just the job title, but also, usually location, salary range, remote work option, given a recent shift to hybrid work places, and many others. Ideally, we would like to write a SQL-style query, selecting all job postings satisfying our requirements, but it is currently impossible, because job postings (and all other) Web tables are structured in many different ways and scattered all over the Web. There is neither a Web-scale generalizable algorithm nor a system to locate and normalize all relevant tables in a category of interest from millions of sources.Here we describe and evaluate on a corpus having hundreds of millions of Web tables [39], a new scalable iterative training data generation algorithm, producing high quality training data required to train Deep- and Machine-learning models, capable of generalizing to Web scale. The models, trained on such en-riched training data efficiently deal with Web scale heterogeneity compared to poor generalization performance of models, trained without enrichment [20], [25], [38]. Such models are instrumental in bridging the knowledge gap for structured data on the Web.

The dark web has become a major trading platform for cybercriminals, with its anonymity and encrypted content nature make it possible to exchange hacked information and sell illegal goods without being traced. The types of items traded on the dark web have increased with the number of users and demands. In recent years, in addition to the main items sold in the past, including drugs, firearms and child pornography, a growing number of cybercriminals are targeting various types of private information, including different types of account data, identity information and visual data etc. This paper will further discuss the issue of threat detection in the dark web by reviewing the past literature on the subject. An approach is also proposed to identify criminals who commit crimes offline or on the surface network by using private information purchased from the dark web and the original sources of information on the dark web by building a database based on historical victim records for keyword matching and traffic analysis.

The rapid rise of the Dark Web and supportive technologies has served as the backbone facilitating online illegal activity worldwide. These illegal activities supported by anonymisation technologies such as Tor has made it increasingly elusive to law enforcement agencies. Despite several successful law enforcement operations, illegal activity on the Dark Web is still growing. There are approaches to monitor, mine, and research the Dark Web, all with varying degrees of success. Given the complexity and dynamics of the services offered, we recognize the need for in depth analysis of the Dark Web with regard to its infrastructures, actors, types of abuse and their relationships. This involves the challenging task of information extraction from the very heterogeneous collection of web pages that make up the Dark Web. Most providers develop their services on top of standard frameworks such as WordPress, Simple Machine Forum, phpBB and several other frameworks to deploy their services. As a result, these service providers publish significant number of pages based on similar structural and stylistic templates. We propose an efficient, scalable, repeatable and accurate approach to cluster Dark Web pages based on those structural and stylistic features. Extracting relevant information from those clusters should make it feasible to conduct in depth Dark Web analysis. This paper presents our clustering algorithm to accelerate information extraction, and as a result improve attribution of digital traces to infrastructures or individuals in the fight against cyber crime.

Modern Intrusion Detection Systems are able to identify and check all traffic crossing the network segments that they are only set to monitor. Traditional network infrastructures use static detection mechanisms that check and monitor specific types of malicious traffic. To mitigate this potential waste of resources and improve scalability across an entire network, we propose a methodology which deploys distributed IDS in a Software Defined Network allowing them to be used for specific types of traffic as and when it appears on a network. The core of our work is the creation of an SDN application that takes input from a Snort IDS instances, thus working as a classifier for incoming network traffic with a static ruleset for those classifications. Our application has been tested on a virtualised platform where it performed as planned holding its position for limited use on static and controlled test environments.

In Particle Swarm Optimization Algorithm (PSO), the learning factors \$c\_1\$ and \$c\_2\$ are used to update the speed and location of a particle. However, the setting of those two important parameters has great effect on the performance of the PSO algorithm, which has limited its range of applications. To avoid the tedious parameter tuning, we introduce a transfer learning based adaptive parameter setting strategy to PSO in this paper. The proposed transfer learning strategy can adjust the two learning factors more effectively according to the environment change. The performance of the proposed algorithm is tested on sets of widely-used benchmark multi-objective test problems for DTLZ. The results comparing and analysis are conduced by comparing it with the state-of-art evolutionary multi-objective optimization algorithm NSGA-III to verify the effectiveness and efficiency of the proposed method.

Aiming at the problems of low accuracy and poor effect caused by the lack of data labels in most real network traffic, an optimized density peak clustering based on the improved salp swarm algorithm is proposed for traffic anomaly detection. Through the optimization of cosine decline and chaos strategy, the salp swarm algorithm not only accelerates the convergence speed, but also enhances the search ability. Moreover, we use the improved salp swarm algorithm to adaptively search the best truncation distance of density peak clustering, which avoids the subjectivity and uncertainty of manually selecting the parameters. The experimental results based on NSL-KDD dataset show that the improved salp swarm algorithm achieves faster convergence speed and higher precision, increases the average anomaly detection accuracy of 4.74% and detection rate of 6.14%, and reduces the average false positive rate of 7.38%.

With the rapid development of smart grid, the data generated by grid services are growing rapidly, and the requirements for time delay are becoming more and more stringent. The storage and computing capacity of the existing terminal equipment can not meet the needs of high bandwidth and low delay of the system at the same time. Fortunately, mobile edge computing (MEC) can provide users with nearby storage and computing services at the network edge, this can give an option to simultaneously meet the requirement of high bandwidth and low delay. Aiming at the problem of service offload scheduling in edge computing, this paper proposes a delay optimized task offload algorithm based on task priority classification. Firstly, the priority of power grid services is divided by using analytic hierarchy process (AHP), and the processing efficiency and quality of service of emergency tasks are guaranteed by giving higher weight coefficients to delay constraints and security levels. Secondly, the service is initialized and unloaded according to the task preprocessing time. Finally, the reasonable subchannel allocation is carried out based on the task priority design decision method. Simulation results show that compared with the traditional approaches, our algorithm can effectively improve the overall system revenue and reduce the average user task delay.

The widespread utilization of smart grids is due to their flexibility to support the two-way flow of electricity and data. The critical nature of smart grids evokes traditional network attacks. Due to the advantages of blockchains in terms of ensuring trustworthiness and security, a significant body of literature has been recently developed to secure smart grid operations. We categorize the blockchain applications in smart grid into three categories: energy trading, infrastructure management, and smart-grid operations management. This paper provides an extensive survey of these works and the different ways to utilize blockchains in smart grid in general. We propose an abstract system to overcome a critical cyberattack; namely, the fake data injection, as previous works did not consider such an attack.

Deep neural networks (DNNs) have gained significant popularity in recent years, becoming the state of the art in a variety of domains. In particular, deep reinforcement learning (DRL) has recently been employed to train DNNs that realize control policies for various types of real-world systems. In this work, we present the whiRL 2.0 tool, which implements a new approach for verifying complex properties of interest for DRL systems. To demonstrate the benefits of whiRL 2.0, we apply it to case studies from the communication networks domain that have recently been used to motivate formal verification of DRL systems, and which exhibit characteristics that are conducive for scalable verification. We propose techniques for performing k-induction and semi-automated invariant inference on such systems, and leverage these techniques for proving safety and liveness properties that were previously impossible to verify due to the scalability barriers of prior approaches. Furthermore, we show how our proposed techniques provide insights into the inner workings and the generalizability of DRL systems. whiRL 2.0 is publicly available online.