Neural Network Resiliency - Over the past few years, deep neural networks (DNNs) have been used to solve a wide range of real-life problems. However, DNNs are vulnerable to adversarial attacks where carefully crafted input perturbations can mislead a well-trained DNN to produce false results. As DNNs are being deployed into security-sensitive applications such as autonomous driving, adversarial attacks may lead to catastrophic consequences.

Neural Network Resiliency - Automatic modulation classification (AMC) using the Deep Neural Network (DNN) approach outperforms the traditional classification techniques, even in the presence of challenging wireless channel environments. However, the adversarial attacks cause the loss of accuracy for the DNN-based AMC by injecting a well-designed perturbation to the wireless channels. In this paper, we propose a novel generative adversarial network (GAN)-based countermeasure approach to safeguard the DNN-based AMC systems against adversarial attack examples. GAN-based aims to eliminate the adversarial attack examples before feeding to the DNN-based classifier. Specifically, we have shown the resiliency of our proposed defense GAN against the Fast-Gradient Sign method (FGSM) algorithm as one of the most potent kinds of attack algorithms to craft the perturbed signals. The existing defense-GAN has been designed for image classification and does not work in our case where the abovementioned communication system is considered. Thus, our proposed countermeasure approach deploys GANs with a mixture of generators to overcome the mode collapsing problem in a typical GAN facing radio signal classification problem. Simulation results show the effectiveness of our proposed defense GAN so that it could enhance the accuracy of the DNN-based AMC under adversarial attacks to 81\%, approximately.

Neural Network Resiliency - With the proliferation of Low Earth Orbit (LEO) spacecraft constellations, comes the rise of space-based wireless cognitive communications systems (CCS) and the need to safeguard and protect data against potential hostiles to maintain widespread communications for enabling science, military and commercial services. For example, known adversaries are using advanced persistent threats (APT) or highly progressive intrusion mechanisms to target high priority wireless space communication systems. Specialized threats continue to evolve with the advent of machine learning and artificial intelligence, where computer systems inherently can identify system vulnerabilities expeditiously over naive human threat actors due to increased processing resources and unbiased pattern recognition. This paper presents a disruptive abuse case for an APT-attack on such a CCS and describes a trade-off analysis that was performed to evaluate a variety of machine learning techniques that could aid in the rapid detection and mitigation of an APT-attack. The trade results indicate that with the employment of neural networks, the CCS s resiliency would increase its operational functionality, and therefore, on-demand communication services reliability would increase. Further, modelling, simulation, and analysis (MS\&A) was achieved using the Knowledge Discovery and Data Mining (KDD) Cup 1999 data set as a means to validate a subset of the trade study results against Training Time and Number of Parameters selection criteria. Training and cross-validation learning curves were computed to model the learning performance over time to yield a reasonable conclusion about the application of neural networks.

Neural Network Resiliency - The globalization of the Integrated Circuit (IC) market is attracting an ever-growing number of partners, while remarkably lengthening the supply chain. Thereby, security concerns, such as those imposed by functional Reverse Engineering (RE), have become quintessential. RE leads to disclosure of confidential information to competitors, potentially enabling the theft of intellectual property. Traditional functional RE methods analyze a given gate-level netlist through employing pattern matching towards reconstructing the underlying basic blocks, and hence, reverse engineer the circuit’s function.

Network Security Architecture - Software-Defined Networking or SDN (Software-Defined Networking) is a technology for software control and management of the network in order to improve its properties. Unlike classic network management technologies, which are complex and decentralized, SDN technology is a much more flexible and simple system. The new architecture may be vulnerable to several attacks leading to resource depletion and preventing the SDN controller from providing support to legitimate users. One such attack is the Distributed Denial of Service (DDoS), which is on the rise today. We suggest Modified-DDoSNet, a system for detecting DDoS attacks in the SDN environment. A model based on Deep Learning (DL) techniques will be implemented, combining a Recurrent Neural Network (RNN) with an Autoencoder. The proposed model, which was first trained to detect attacks, was implemented in the security architecture of the SDN network, as a new component. The security architecture of the SDN network contains a total of 13 components, each of which represents an individual part of the architecture, where the first component is the RNN - autoencoder. The model itself, which is the first component, was trained in the CICDDoS2019 dataset. It has high reliability for attack detection, which increases the security of the SDN network architecture.

Network Reconnaissance - For the evaluation of UAV reconnaissance effectiveness under multiple conditions, an UAV reconnaissance effectiveness evaluation method based on rough set and neural network is proposed. In the method, the influencing factors are determined to construct the UAV reconnaissance effectiveness index system, then the redundant factors are removed combined with rough set theory, finally on the basis of the simplified factors BP neural network optimized through genetic algorithm is used to build an evaluation model of UAV reconnaissance effectiveness for improving the prediction accuracy. The simulation result shows that the method can not only overcome the shortcomings of the traditional BP neural network, such as poor fault tolerance and slow convergence speed, but also better evaluate the UAV reconnaissance effectiveness.

Network Reconnaissance - Short-wave band signal density, complex electromagn-etic environment and relatively limited detection equipment often lead to low detection efficiency. Aiming at this situation, a scheduling method of short-wave detection equipment based on Hopfield neural network is proposed to carry out cooperative detection of short-wave signals. In this paper, the definition of effective detection probability is given, the constraints of effective detection are sorted out, and the mathematical model of detection equipment scheduling is designed, which is realized by Hopfield neural network. This method uses the global optimization technology to schedule multiple detection sensors, so that different detection sensors can cooperate reasonably and maximize the overall benefit of detection system. Simulation results show the feasibility and effectiveness of the proposed method.

Network Control Systems Security - The huge advantages of cloud computing technology and the bottlenecks in the development of traditional network control systems have prompted the birth of cloud control systems to address the shortcomings of traditional network control systems in terms of bandwidth and performance. However, the information security issues faced by cloud control systems are more complex, and distributed denial-of-service (DDoS) attacks are a typical class of attacks that may lead to problems such as latency in cloud control systems and seriously affect the performance of cloud control systems. In this paper, we build a single-capacity water tank cloud control semi-physical simulation system with heterogeneous controllers and propose a DDoS attack detection method for cloud control systems based on bidirectional long short-term memory neural network (BiLSTM), study the impact of DDoS attacks on cloud control systems. The experimental results show that the BiLSTM algorithm can effectively detect the DDoS attack on the cloud control system.

Network Control Systems Security - With the development of computer and network technology, industrial control systems are connecting with the Internet and other public networks in various ways, viruses, trojans and other threats are spreading to industrial control systems, industrial control system information security issues are becoming increasingly prominent. Under this background, it is necessary to construct the network security evaluation model of industrial control system based on the safety evaluation criteria and methods, and complete the safety evaluation of the industrial control system network according to the design scheme. Based on back propagation (BP) neural network’s evaluation of the network security status of industrial control system, this paper determines the number of neurons in BP neural network input layer, hidden layer and output layer by analyzing the actual demand, empirical equation calculation and experimental comparison, and designs the network security evaluation index system of industrial control system according to factors affecting industrial control safety, and constructs a safety rating table. Finally, by comparing the performance of BP neural network and multilinear regression to the evaluation of the network security status of industrial control system through experimental simulation, it can be found that BP neural network has higher accuracy for the evaluation of network security status of industrial control system.

Network Intrusion Detection - Network intrusion detection technology has been a popular application technology for current network security, but the existing network intrusion detection technology in the application process, there are problems such as low detection efficiency, low detection accuracy and other poor detection performance. To solve the above problems, a new treatment combining artificial intelligence with network intrusion detection is proposed. Artificial intelligence-based network intrusion detection technology refers to the application of artificial intelligence techniques, such as: neural networks, neural algorithms, etc., to network intrusion detection, and the application of these artificial intelligence techniques makes the automatic detection of network intrusion detection models possible.

Network Intrusion Detection - With the development of computing technology, data security and privacy protection have also become the focus of researchers; along with this comes the issue of network link security and reliability, and these issues have become the focus of discussion when studying network security. Intrusion detection is an effective means to assist in network malicious traffic detection and maintain network stability; to meet the ever-changing demand for network traffic identification, intrusion detection models have undergone a transformation from traditional intrusion detection models to machine learning intrusion detection models to deep intrusion detection models. The efficiency and superiority of deep learning have been proven in fields such as image processing, but there are still some problems in the field of network security intrusion detection: the models are not targeted when processing data, the models have poor generalization ability, etc. The combinatorial neural network proposed in this paper can effectively propose a solution to the problems of existing models, and the CL-IDS model proposed in this paper has a better performance on the KDDCUP99 dataset as demonstrated by relevant experiments.

Network Coding - Precise binary code vulnerability detection is a significant research topic in software security. Currently, the majority of software is released in binary form, and the corresponding vulnerability detection approaches for binary code are desired. Existing deep learning-based detection techniques can only detect binary code vulnerabilities but cannot precisely identify the types of vulnerabilities. This paper proposes a Binary code-based Hybrid neural network for Multiclass Vulnerability Detection, dubbed BHMVD. BHMVD generates binary slices according to the control dependence and data dependence of library/API function calls, and then extracts syntax features from binary slices to generate type slices, which can help identify vulnerability types. This paper uses a hybrid neural network of CNN-BLSTM to extract vulnerability features from binary and type slices. The former extracts local features, while the latter extracts global features. Experiment results on 19 types of vulnerabilities show that BHMVD is effective for binary code-based multiclass vulnerability detection, and using a hybrid neural network can improve detection ability.

Network Coding - Software vulnerabilities, caused by unintentional flaws in source codes, are the main root cause of cyberattacks. Source code static analysis has been used extensively to detect the unintentional defects, i.e. vulnerabilities, introduced into the source codes by software developers. In this paper, we propose a deep learning approach to detect vulnerabilities from their LLVM IR representations based on the techniques that have been used in natural language processing. The proposed approach uses a hierarchical process to first identify source codes with vulnerabilities, and then it identifies the lines of codes that contribute to the vulnerability within the detected source codes. This proposed twostep approach reduces the false alarm of detecting vulnerable lines. Our extensive experiment on real-world and synthetic codes collected in NVD and SARD shows high accuracy (about 98\%) in detecting source code vulnerabilities 1.

Natural Language Processing - This paper presents a system to identify social engineering attacks using only text as input. This system can be used in different environments which the input is text such as SMS, chats, emails, etc. The system uses Natural Language Processing to extract features from the dialog text such as URL s report and count, spell check, blacklist count, and others. The features are used to train Machine Learning algorithms (Neural Network, Random Forest and SVM) to perform classification of social engineering attacks. The classification algorithms showed an accuracy over 80\% to detect this type of attacks.

Named Data Network Security - With the growing recognition that current Internet protocols have significant security flaws; several ongoing research projects are attempting to design potential next-generation Internet architectures to eliminate flaws made in the past. These projects are attempting to address privacy and security as their essential parameters. NDN (Named Data Networking) is a new networking paradigm that is being investigated as a potential alternative for the present host-centric IP-based Internet architecture. It concentrates on content delivery, which is probably underserved by IP, and it prioritizes security and privacy. NDN must be resistant to present and upcoming threats in order to become a feasible Internet framework. DDoS (Distributed Denial of Service) attacks are serious attacks that have the potential to interrupt servers, systems, or application layers. Due to the probability of this attack, the network security environment is made susceptible. The resilience of any new architecture against the DDoS attacks which afflict today s Internet is a critical concern that demands comprehensive consideration. As a result, research on feature selection approaches was conducted in order to use machine learning techniques to identify DDoS attacks in NDN. In this research, features were chosen using the Information Gain and Data Reduction approach with the aid of the WEKA machine learning tool to identify DDoS attacks. The dataset was tested using KNearest Neighbor (KNN), Decision Table, and Artificial Neural Network (ANN) algorithms to categorize the selected features. Experimental results shows that Decision Table classifier outperforms well when compared to other classification algorithms with the with the accuracy of 85.42\% and obtained highest precision and recall score with 0.876 and 0.854 respectively when compared to the other classification techniques.

Multiple Fault Diagnosis - Aiming at the difficulty of extracting fault features on the aircraft landing gear hydraulic system, traditional feature extraction methods rely heavily on expert knowledge, and the accuracy of fault diagnosis is difficult to guarantee. This paper combined convolutional neural network (CNN) and support vector machine classification algorithm (SVM) to propose a fault diagnosis model suitable for aircraft landing gear hydraulic system. The diagnosis model adopted the onedimensional multi-channel CNN network structure, took the original pressure signal of multiple nodes as input, adaptively extracts the feature value of the pressure signal through CNN, and built a multi-feature fusion layer to realize the feature fusion of the pressure signal of each node. Finally, input the fused features into the SVM classifier to complete the fault classification. In order to verify the proposed fault diagnosis model, a typical aircraft landing gear hydraulic system simulation model was built based on AMESim, and several typical fault types such as hydraulic pump leakage, actuator leakage, selector valve clogging and accumulator failure were simulated, and corresponding Fault type data set, and use overlapping sample segmentation for data enhancement. Experiments show that the diagnosis accuracy of the proposed fault diagnosis algorithm can reach 99.25\%, which can realize the adaptive extraction of the fault features of the aircraft landing gear hydraulic system, and the features after multidimensional fusion have better discrimination, compared with traditional feature extraction methods more effective and more accurate.

Multiple Fault Diagnosis - Bearings are key transmission parts that are extensively used in rolling mechanical and equipment. Bearing failures can affect the regular running of machines, in serious cases, can cause enormous losses in economy and personnel casualties. Therefore, it is important to implement the research of diagnosing bearing faults. In this paper, a bearing faults diagnosis method was developed based on multiple image inputs and deep convolutional neural network. Firstly, the 1Dvibration signal is transformed into three different types of two-dimensional images: time-frequency image, vibration grayscale image and symmetry dot pattern image, respectively. Enter them into multiple DCNNs separately. Finally, Finally, the nonlinear features of multiple DCNN outputs are fused and classified to achieve bearing fault diagnostics. The experimental results indicate that the diagnosis accuracy of this proposed method is 98.8\%, it can extract the fault features of vibration samples well, and it is an effective bearing fault diagnosis methodology.

Moving Target Defense - Synthetic aperture radar (SAR) is an effective remote sensor for target detection and recognition. Deep learning has a great potential for implementing automatic target recognition based on SAR images. In general, Sufficient labeled data are required to train a deep neural network to avoid overfitting. However, the availability of measured SAR images is usually limited due to high cost and security in practice. In this paper, we will investigate the relationship between the recognition performance and training dataset size. The experiments are performed on three classifiers using MSTAR (Moving and Stationary Target Acquisition and Recognition) dataset. The results show us the minimum size of the training set for a particular classification accuracy.

Multifactor Authentication - The article describes the development and integrated implementation of software modules of photo and video identification system, the system of user voice recognition by 12 parameters, neural network weights, Euclidean distance comparison of real numbers of arrays. The user s biometric data is encrypted and stored in the target folder. Based on the generated data set was developed and proposed a method for synthesizing the parameters of the mathematical model of convolutional neural network represented in the form of an array of real numbers, which are unique identifiers of the user of a personal computer. The training of the training model of multifactor authentication is implemented using categorical cross-entropy. The training sample is generated by adding distorted images by changing the receptive fields of the convolutional neural network. The authors have studied and applied features of simulation modeling of user authorization systems. The main goal of the study is to provide the necessary level of security of user accounts of personal devices. The task of this study is the software implementation of the synthesis of the mathematical model and the training neural network, necessary to provide the maximum level of protection of the user operating system of the device. The result of the research is the developed mathematical model of the software complex of multifactor authentication using biometric technologies, available for users of personal computers and automated workplaces of enterprises.

Metadata Discovery Problem - Researchers seeking to apply computational methods are increasingly turning to scientific digital archives containing images of specimens. Unfortunately, metadata errors can inhibit the discovery and use of scientific archival images. One such case is the NSF-sponsored Biology Guided Neural Network (BGNN) project, where an abundance of metadata errors has significantly delayed development of a proposed, new class of neural networks. This paper reports on research addressing this challenge. We present a prototype workflow for specimen scientific name metadata verification that is grounded in Computational Archival Science (CAS), report on a taxonomy of specimen name metadata error types with preliminary solutions. Our 3-phased workflow includes tag extraction, text processing, and interactive assessment. A baseline test with the prototype workflow identified at least 15 scientific name metadata errors out of 857 manually reviewed, potentially erroneous specimen images, corresponding to a ∼ 0.2\% error rate for the full image dataset. The prototype workflow minimizes the amount of time domain experts need to spend reviewing archive metadata for correctness and AI-readiness before these archival images can be utilized in downstream analysis.

Information Reuse and Security - Successive approximation register analog-to-digital converter (SAR ADC) is widely adopted in the Internet of Things (IoT) systems due to its simple structure and high energy efficiency. Unfortunately, SAR ADC dissipates various and unique power features when it converts different input signals, leading to severe vulnerability to power side-channel attack (PSA). The adversary can accurately derive the input signal by only measuring the power information from the analog supply pin (AVDD), digital supply pin (DVDD), and/or reference pin (Ref) which feed to the trained machine learning models. This paper first presents the detailed mathematical analysis of power side-channel attack (PSA) to SAR ADC, concluding that the power information from AVDD is the most vulnerable to PSA compared with the other supply pin. Then, an LSB-reused protection technique is proposed, which utilizes the characteristic of LSB from the SAR ADC itself to protect against PSA. Lastly, this technique is verified in a 12-bit 5 MS/s secure SAR ADC implemented in 65nm technology. By using the current waveform from AVDD, the adopted convolutional neural network (CNN) algorithms can achieve \textgreater99\% prediction accuracy from LSB to MSB in the SAR ADC without protection. With the proposed protection, the bit-wise accuracy drops to around 50\%.

Intrusion Intolerance - The cascaded multi-level inverter (CMI) is becoming increasingly popular for wide range of applications in power electronics dominated grid (PEDG). The increased number of semiconductors devices in these class of power converters leads to an increased need for fault detection, isolation, and selfhealing. In addition, the PEDG’s cyber and physical layers are exposed to malicious attacks. These malicious actions, if not detected and classified in a timely manner, can cause catastrophic events in power grid. The inverters’ internal failures make the anomaly detection and classification in PEDG a challenging task. The main objective of this paper is to address this challenge by implementing a recurrent neural network (RNN), specifically utilizing long short-term memory (LSTM) for detection and classification of internal failures in CMI and distinguish them from malicious activities in PEDG. The proposed anomaly classification framework is a module in the primary control layer of inverters which can provide information for intrusion detection systems in a secondary control layer of PEDG for further analysis.

Malware Analysis and Graph Theory - A reliable database of Indicators of Compromise (IoC’s) is a cornerstone of almost every malware detection system. Building the database and keeping it up-to-date is a lengthy and often manual process where each IoC should be manually reviewed and labeled by an analyst. In this paper, we focus on an automatic way of identifying IoC’s intended to save analysts’ time and scale to the volume of network data. We leverage relations of each IoC to other entities on the internet to build a heterogeneous graph. We formulate a classification task on this graph and apply graph neural networks (GNNs) in order to identify malicious domains. Our experiments show that the presented approach provides promising results on the task of identifying high-risk malware as well as legitimate domains classification.

Malware Analysis and Graph Theory - With the ever increasing threat of malware, extensive research effort has been put on applying Deep Learning for malware classification tasks. Graph Neural Networks (GNNs) that process malware as Control Flow Graphs (CFGs) have shown great promise for malware classification. However, these models are viewed as black-boxes, which makes it hard to validate and identify malicious patterns. To that end, we propose CFG-Explainer, a deep learning based model for interpreting GNN-oriented malware classification results. CFGExplainer identifies a subgraph of the malware CFG that contributes most towards classification and provides insight into importance of the nodes (i.e., basic blocks) within it. To the best of our knowledge, CFGExplainer is the first work that explains GNN-based mal-ware classification. We compared CFGExplainer against three explainers, namely GNNExplainer, SubgraphX and PGExplainer, and showed that CFGExplainer is able to identify top equisized subgraphs with higher classification accuracy than the other three models.

Malware Analysis and Graph Theory - With the dramatic increase in malicious software, the sophistication and innovation of malware have increased over the years. In particular, the dynamic analysis based on the deep neural network has shown high accuracy in malware detection. However, most of the existing methods only employ the raw API sequence feature, which cannot accurately reflect the actual behavior of malicious programs in detail. The relationship between API calls is critical for detecting suspicious behavior. Therefore, this paper proposes a malware detection method based on the graph neural network. We first connect the API sequences executed by different processes to build a directed process graph. Then, we apply Bert to encode the API sequences of each process into node embedding, which facilitates the semantic execution information inside the processes. Finally, we employ GCN to mine the deep semantic information based on the directed process graph and node embedding. In addition to presenting the design, we have implemented and evaluated our method on 10,000 malware and 10,000 benign software datasets. The results show that the precision and recall of our detection model reach 97.84\% and 97.83\%, verifying the effectiveness of our proposed method.