Security attacks on sensor data can deceive a control system and force the physical plant to reach an unwanted and potentially dangerous state. Therefore, attack detection mechanisms are employed in cyber-physical control systems to detect ongoing attacks, the most prominent one being a threshold-based anomaly detection method called CUSUM. Literature defines the maximum impact of stealth attacks as the maximum deviation in the plant’s state that an undetectable attack can introduce, and formulates it as an optimization problem. This paper proposes an optimization-based attack with different saturation models, and it investigates how the attack duration significantly affects the impact of the attack on the state of the plant. We show that more dangerous attacks can be discovered when allowing saturation of the control system actuators. The proposed approach is compared with the geometric attack, showing how longer attack durations can lead to a greater impact of the attack while keeping the attack stealthy.
Authored by Gabriele Gualandi, Martina Maggio, Alessandro Papadopoulos
Container security has received much research attention recently. Previous work has proposed to apply various machine learning techniques to detect security attacks in containerized applications. On one hand, supervised machine learning schemes require sufficient labelled training data to achieve good attack detection accuracy. On the other hand, unsupervised machine learning methods are more practical by avoiding training data labelling requirements, but they often suffer from high false alarm rates. In this paper, we present SHIL, a self-supervised hybrid learning solution, which combines unsupervised and supervised learning methods to achieve high accuracy without requiring any manual data labelling. We have implemented a prototype of SHIL and conducted experiments over 41 real world security attacks in 28 commonly used server applications. Our experimental results show that SHIL can reduce false alarms by 39-91% compared to existing supervised or unsupervised machine learning schemes while achieving a higher or similar detection rate.
Authored by Yuhang Lin, Olufogorehan Tunde-Onadele, Xiaohui Gu, Jingzhu He, Hugo Latapie
In the world of information technology and the Internet, which has become a part of human life today and is constantly expanding, Attention to the users' requirements such as information security, fast processing, dynamic and instant access, and costs savings has become essential. The solution that is proposed for such problems today is a technology that is called cloud computing. Today, cloud computing is considered one of the most essential distributed tools for processing and storing data on the Internet. With the increasing using this tool, the need to schedule tasks to make the best use of resources and respond appropriately to requests has received much attention, and in this regard, many efforts have been made and are being made. To this purpose, various algorithms have been proposed to calculate resource allocation, each of which has tried to solve equitable distribution challenges while using maximum resources. One of these calculation methods is the DRF algorithm. Although it offers a better approach than previous algorithms, it faces challenges, especially with time-consuming resource allocation computing. These challenges make the use of DRF more complex than ever in the low number of requests with high resource capacity as well as the high number of simultaneous requests. This study tried to reduce the computations costs associated with the DRF algorithm for resource allocation by introducing a new approach to using this DRF algorithm to automate calculations by machine learning and artificial intelligence algorithms (Autonomic Dominant Resource Fairness or A-DRF).
Authored by Amin Fakhartousi, Sofia Meacham, Keith Phalp
Unmanned autonomous vehicles (UAVs) have been receiving high interest lately due to their wide range of potential deployment options that can touch all aspects of our life and economy, such as transportation, delivery, healthcare, surveillance. However, UAVs have also introduced many new vulnerabilities and attack surfaces that can be exploited by cyberattacks. Due to their complexity, autonomous operations, and being relatively new technologies, cyberattacks can be persistent, complex, and can propagate rapidly to severely impact the main UAV functions such as mission management, support, processing operations, maneuver operations, situation awareness. Furthermore, such cyberattacks can also propagate among other UAVs or even their control stations and may even endanger human life. Hence, we need self-protection techniques with an autonomic management approach. In this paper we present our approach to implement self-protection of UAVs (SP-UAV) such that they can continue their critical functions despite cyberattacks targeting UAV operations or services. We present our design approach and implementation using a unified management interface based on three ports: Configuration, observer, and control ports. We have implemented the SP-UAV using C and demonstrated using different attack scenarios how we can apply autonomic responses without human involvement to tolerate cyberattacks against the UAV operations.
Authored by Cihan Tunc, Salim Hariri
The service mesh is a dedicated infrastructure layer in a microservice architecture. It manages service-to-service communication within an application between decoupled or loosely coupled microservices (called services) without modifying their implementations. The service mesh includes APIs for security, traffic and policy management, and observability features. These features are enabled using a pre-defined configuration, which can be changed at runtime with human intervention. However, it has no autonomy to self-manage changes to the microservice application’s operational environment. A better configuration is one that can be customized according to environmental conditions during execution to protect the application from potential threats. This customization requires enabling self-protection mechanisms within the service mesh that evaluate the risk of environmental condition changes and enable appropriate configurations to defend the application from impending threats. In this paper, we design an assessment component into a service mesh that includes a security assurance case to define the threat model and dynamically assess the application given environment changes. We experiment with a demo application, Bookinfo, using an open-source service mesh platform, Istio, to enable self-protection. We consider certain parameters extracted from the service request as environmental conditions. We evaluate those parameters against the threat model and determine the risk of violating a security requirement for controlled and authorized information flow.
Authored by Rami Alboqmi, Sharmin Jahan, Rose Gamble
Resilience and antifragility under duress present significant challenges for autonomic and self-adaptive systems operating in contested environments. In such settings, the system has to continually plan ahead, accounting for either an adversary or an environment that may negate its actions or degrade its capabilities. This will involve projecting future states, as well as assessing recovery options, counter-measures, and progress towards system goals. For antifragile systems to be effective, we envision three self-* properties to be of key importance: self-exploration, self-learning and self-training. Systems should be able to efficiently self-explore – using adversarial search – the potential impact of the adversary’s attacks and compute the most resilient responses. The exploration can be assisted by prior knowledge of the adversary’s capabilities and attack strategies, which can be self-learned – using opponent modelling – from previous attacks and interactions. The system can self-train – using reinforcement learning – such that it evolves and improves itself as a result of being attacked. This paper discusses those visions and outlines their realisation in AWaRE, a cyber-resilient and self-adaptive multi-agent system.
Authored by Saad Hashmi, Hoa Dam, Peter Smet, Mohan Chhetri
OHODIN is an online extension for data streams of the kNN-based ODIN anomaly detection approach. It provides a detection-threshold heuristic that is based on extreme value theory. In contrast to sophisticated anomaly and novelty detection approaches the decision-making process of ODIN is interpretable by humans, making it interesting for certain applications. However, it is limited in terms of the underlying detection method. In this article, we present an extension of the OHODIN to further detection techniques to reinforce OHODIN capability of online data streams anomaly detection. We introduce the algorithm modifications and an experimental evaluation with competing state-of-the-art anomaly detection approaches.
Authored by Ghassan Al-Falouji, Christian Gruhl, Torben Neumann, Sven Tomforde
Distributed computation and AI processing at the edge has been identified as an efficient solution to deliver real-time IoT services and applications compared to cloud-based paradigms. These solutions are expected to support the delay-sensitive IoT applications, autonomic decision making, and smart service creation at the edge in comparison to traditional IoT solutions. However, existing solutions have limitations concerning distributed and simultaneous resource management for AI computation and data processing at the edge; concurrent and real-time application execution; and platform-independent deployment. Hence, first, we propose a novel three-layer architecture that facilitates the above service requirements. Then we have developed a novel platform and relevant modules with integrated AI processing and edge computer paradigms considering issues related to scalability, heterogeneity, security, and interoperability of IoT services. Further, each component is designed to handle the control signals, data flows, microservice orchestration, and resource composition to match with the IoT application requirements. Finally, the effectiveness of the proposed platform is tested and have been verified.
Authored by Sewwandi Nisansala, Gayal Chandrasiri, Sonali Prasadika, Upul Jayasinghe
Machine Learning (ML) models are now commonly used as components in systems. As any other component, ML components can produce erroneous outputs that may penalize system utility. In this context, self-adaptive systems emerge as a natural approach to cope with ML mispredictions, through the execution of adaptation tactics such as model retraining. To synthesize an adaptation strategy, the self-adaptation manager needs to reason about the cost-benefit tradeoffs of the applicable tactics, which is a non-trivial task for tactics such as model retraining, whose benefits are both context- and data-dependent.To address this challenge, this paper proposes a probabilistic modeling framework that supports automated reasoning about the cost/benefit tradeoffs associated with improving ML components of ML-based systems. The key idea of the proposed approach is to decouple the problems of (i) estimating the expected performance improvement after retrain and (ii) estimating the impact of ML improved predictions on overall system utility.We demonstrate the application of the proposed framework by using it to self-adapt a state-of-the-art ML-based fraud-detection system, which we evaluate using a publicly-available, real fraud detection dataset. We show that by predicting system utility stemming from retraining a ML component, the probabilistic model checker can generate adaptation strategies that are significantly closer to the optimal, as compared against baselines such as periodic retraining, or reactive retraining.
Authored by Maria Casimiro, Paolo Romano, David Garlan, Luís Rodrigues
In the context of IoT (Internet of Things), Device Management (DM), i.e., remote administration of IoT devices, becomes essential to keep them connected, updated and secure, thus increasing their lifespan through firmware and configuration updates and security patches. Legacy DM solutions are adequate when dealing with home devices (such as Television set-top boxes) but need to be extended to adapt to new IoT requirements. Indeed, their manual operation by system administrators requires advanced knowledge and skills. Further, the static DM platform — a component above IoT platforms that offers advanced features such as campaign updates / massive operation management — is unable to scale and adapt to IoT dynamicity. To cope with this, this work, performed in an industrial context at Orange, proposes a self-adaptive architecture with runtime horizontal scaling of DM servers, with an autonomic Auto-Scaling Manager, integrating in the loop constraint programming for decision-making, validated with a meaningful industrial use-case.
Authored by Ghada Moualla, Sebastien Bolle, Marc Douet, Eric Rutten
Internet of Things (IoT) networks consist of small devices that use a wireless communication to monitor and possibly control the physical world. A common threat to such networks are jamming attacks, a particular type of denial of service attack. Current research highlights the need for the design of more effective and efficient anti-jamming techniques that can handle different types of attacks in IoT networks. In this paper, we propose DeMiJA, short for Detection and Mitigation of Jamming Attacks in IoT, a novel approach to deal with different jamming attacks in IoT networks. DeMiJA leverages architecture-based adaptation and the MAPE-K reference model (Monitor-Analyze-Plan-Execute that share Knowledge). We present the general architecture of DeMiJA and instantiate the architecture to deal with jamming attacks in the DeltaIoT exemplar. The evaluation shows that DeMiJA can handle different types of jamming attacks effectively and efficiently, with neglectable overhead.
Authored by Maxim Reynvoet, Omid Gheibi, Federico Quin, Danny Weyns
Anomalous behaviour in subsystems of complex machines often affect overall performance even without failures. We devise unsupervised methods to detect times with degraded performance, and localize correlated signals, evaluated on a system with over 4000 monitored signals. From incidents comprising both downtimes and degraded performance, our approach localizes relevant signals within 1.2% of the parameter space.
Authored by Anwesha Das, Daniel Ratner, Alex Aiken
Key management for self-organized wireless ad-hoc networks using peer-to-peer (P2P) keys is the primary goal of this article (SOWANs). Currently, wireless networks have centralized security architectures, making them difficult to secure. In most cases, ad-hoc wireless networks are not connected to trusted authorities or central servers. They are more prone to fragmentation and disintegration as a result of node and link failures. Traditional security solutions that rely on online trusted authorities do not work together to protect networks that are not planned. With open wireless networks, anyone can join or leave at any time with the right equipment, and no third party is required to verify their identity. These networks are best suited for this proposed method. Each node can make, distribute, and revoke its keying material in this paper. A minimal amount of communication and computation is required to accomplish this task. So that they can authenticate one another and create shared keys, nodes in the self-organized version of the system must communicate via a secure side channel between the users' devices.
Authored by Abin Joseph, Nidhin Sani, Vineeth V, Suresh Kumar, Ananth Kumar, R. Nishanth
Wireless ad hoc networks are characterized by dynamic topology and high node mobility. Network attacks on wireless ad hoc networks can significantly reduce performance metrics, such as the packet delivery ratio from the source to the destination node, overhead, throughput, etc. The article presents an experimental study of an intrusion detection system prototype in mobile ad hoc networks based on machine learning. The experiment is carried out in a MANET segment of 50 nodes, the detection and prevention of DDoS and cooperative blackhole attacks are investigated. The dependencies of features on the type of network traffic and the dependence of performance metrics on the speed of mobile nodes in the network are investigated. The conducted experimental studies show the effectiveness of an intrusion detection system prototype on simulated data.
Authored by Leonid Legashev, Luybov Grishina
Vehicle Ad-Hoc Networks (VANETs) are a special type of Mobile Ad-Hoc Network (MANETs). In VANETs, a group of vehicles communicates with each other to transfer data without a need for a fixed infrastructure. In this paper, we compare the performance of two routing protocols: Ad-hoc on Demand Distance Vector protocol (AODV) and Destination-Sequenced Distance Vector protocol (DSDV) in VANETs. We measure the reliability of each protocol in the packet delivery.
Authored by Ahmed Yassin, Marianne Azer
This paper addresses the issues in managing group key among clusters in Mobile Ad hoc Networks (MANETs). With the dynamic movement of the nodes, providing secure communication and managing secret keys in MANET is difficult to achieve. In this paper, we propose a distributed secure broadcast stateless groupkey management framework (DSBS-GKM) for efficient group key management. This scheme combines the benefits of hash function and Lagrange interpolation polynomial in managing MANET nodes. To provide a strong security mechanism, a revocation system that detects and revokes misbehaviour nodes is presented. The simulation results show that the proposed DSBS-GKM scheme attains betterments in terms of rekeying and revocation performance while comparing with other existing key management schemes.
Authored by V.S. Janani, M. Devaraju
Vehicular Ad-hoc Networks (VANET) are capable of offering inter and intra-vehicle wireless communication among mobility aware computing systems. Nodes are linked by applying concepts of mobile ad hoc networks. VANET uses cases empower vehicles to link to the network to aggregate and process messages in real-time. The proposed paper addresses a security vulnerability known as Sybil attack, in which numerous fake nodes broadcast false data to the neighboring nodes. In VANET, mobile nodes continuously change their network topology and exchange location sensor-generated data in real time. The basis of the presented technique is source testing that permits the scalable identification of Sybil nodes, without necessitating any pre-configuration, which was conceptualized from a comparative analysis of preceding research in the literature.
Authored by Usman Tariq
Mobile Ad-hoc Networks (MANETs) have attracted lots of concerns with its widespread use. In MANETs, wireless nodes usually self-organize into groups to complete collaborative tasks and communicate with one another via public channels which are vulnerable to attacks. Group key management is generally employed to guarantee secure group communication in MANETs. However, most existing group key management schemes for MANETs still suffer from some issues, e.g., receiver restriction, relying on a trusted dealer and heavy certificates overheads. To address these issues, we propose a group key management scheme for MANETs based on an identity-based authenticated dynamic contributory broadcast encryption (IBADConBE) protocol which builds on an earlier work. Our scheme abandons the certificate management and does not need a trusted dealer to distribute a secret key to each node. A set of wireless nodes are allowed to negotiate the secret keys in one round while forming a group. Besides, our scheme is receiver-unrestricted which means any sender can flexibly opt for any favorable nodes of a group as the receivers. Further, our scheme satisfies the authentication, confidentiality of messages, known-security, forward security and backward security concurrently. Performance evaluation shows our scheme is efficient.
Authored by Wendie Han, Rui Zhang, Lei Zhang, Lulu Wang
Vehicular Ad hoc Network (VANET) is an emerging technology that is used to provide communication between vehicle users. VANET provides communication between one vehicle node to another vehicle node, vehicle to the roadside unit, vehicle to pedestrian, and even vehicle to rail users. Communication between nodes should be very secure and confidential, Since VANET communicates through wireless mode, a malicious node may enter inside the communication zone to hack, inject false messages, and interrupt the communication. A strong protocol is necessary to detect malicious nodes and authenticate the VANET user to protect them from malicious attacks. In this paper, a fuzzy-based trust authentication scheme is used to detect malicious nodes with the Mamdani fuzzy Inference system. The parameter estimation, rules have been framed using MATLAB Mamdani Fuzzy Inference system to select a genuine node for data transmission.
Authored by Gayathri M, C. Gomathy
With the rapid growth of wireless communication, sensor technology, and mobile computing, the ad hoc network has gained increasing attention from governments, corporations, and scientific research organisations. Ad hoc and sensor network security has become crucial. Malicious node identification, network resilience and survival, and trust models are among the security challenges discussed. The security of ad hoc networks is a key problem. In this paper, we'll look at a few security procedures and approaches that can be useful in keeping this network secure. We've compiled a list of all the ad networks' descriptions with explanations. Before presenting our conclusions from the examination of the literature, we went through various papers on the issue. The taxonomy diagram for the Ad-hoc Decentralized Network is the next item on the agenda. Security is one of the most significant challenges with an ad hoc network. In most cases, cyber-attackers will be able to connect to a wireless ad hoc network and, as a result, to the device if they reach within signal range. So, we moved on to a discussion of VANET, UAVs security issues discovered in the field. The outcomes of various ad hoc network methods were then summarised in the form tables. Furthermore, the Diffie Hellman Key Exchange is used to investigate strategies for improving ad-hoc network security and privacy in the next section, and a comparison of RSA with Diffie Hellman is also illustrated. This paper can be used as a guide and reference to provide readers with a broad knowledge of wireless ad hoc networks and how to deal with their security issues.
Authored by Usman Rana, O. Elahi, M. Mushtaq, Ali Shah
Vehicular Ad-hoc Networks (VANETs) is a very fast emerging research area these days due to their contribution in designing Intelligent transportation systems (ITS). ITS is a well-organized group of wireless networks. It is a derived class of Mobile Ad-hoc Networks (MANETs). VANET is an instant-formed ad-hoc network, due to the mobility of vehicles on the road. The goal of using ITS is to enhance road safety, driving comfort, and traffic effectiveness by alerting the drivers at right time about upcoming dangerous situations, traffic jams, road diverted, weather conditions, real-time news, and entertainment. We can consider Vehicular communication as an enabler for future driverless cars. For these all above applications, it is necessary to make a threat-free environment to establish secure, fast, and efficient communication in VANETs. In this paper, we had discussed the overviews, characteristics, securities, applications, and various data dissemination techniques in VANET.
Authored by Bhagwati Sharan, Megha Chhabra, Anil Sagar
Visible light communication (VLC) is a short-range wireless optical communication that can transmit data by switching lighting elements at high speeds in indoor areas. In common areas, VLC can provide data security at every layer of communication by using physical layer security (PLS) techniques as well as existing cryptography-based techniques. In the literature, PLS techniques have generally been studied for monochrome VLC systems, and multicolor VLC studies are quite limited. In this study, to the best of authors’ knowledge, null steering (NS) and artificial noise (AN), which are widely used PLS methods, have been applied to multi-colored LED-based VLC systems for the first time in the literature and the achievable secrecy rate has been calculated.
Authored by Besra Çetindere, Cenk Albayrak, Kadir Türk
Wireless-fidelity (Wi-Fi) and Bluetooth are examples of modern wireless communication technologies that employ radio waves as the primary channel for data transmission. but it ought to find alternatives over the limitation and interference in the radio frequency (RF) band. For viable alternatives, visible light communication (VLC) technology comes to play as Light Fidelity (Li-Fi) which uses visible light as a channel for delivering very high-speed communication in a Wi-Fi way. In terms of availability, bandwidth, security and efficiency, Li-Fi is superior than Wi-Fi. In this paper, we present a Li-Fi-based indoor communication system. prototype model has been proposed for single user scenario using visible light portion of electromagnetic spectrum. This system has been designed for audio data communication in between the users in transmitter and receiver sections. LED and photoresistor have been used as optical source and receiver respectively. The electro-acoustic transducer provides the required conversion of electrical-optical signal in both ways. This system might overcome problems like radio-frequency bandwidth scarcity However, its major problem is that it only works when it is pointed directly at the target.
Authored by Alamgir Kabir, Md. Ahammed, Chinmoy Das, Mehedi Kaium, Md. Zardar, Soma Prathibha
The expanding streaming culture of large amounts of data, as well as the requirement for faster and more reliable data transport systems, necessitates the development of innovative communication technologies such as Visible Light Communication (VLC). Nonetheless, incorporating VLC into next-generation networks is challenging due to technological restrictions such as air absorption, shadowing, and beam dispersion. One technique for addressing some of the challenges is to use the multiple input multiple output (MIMO) technique, which involves the simultaneous transmission of data from several sources, hence increasing data rate. In this work, the data transmission performance of the MIMO-VLC system is evaluated using a variety of factors such as distance from the source, data bit rate, and modulation method.
Authored by Maha Sliti
Over earlier years of huge technical developments, the need for a communication system has risen tremendously. Inrecent times, public realm interaction has been a popular area, hence the research group is emphasizing the necessity of quick and efficient broadband speeds, as well as upgraded security protocols. The main objective of this project work is to combine conventional Li-Fi and VLC techniques for video communication. VLC is helping to deliver fast data speeds, bandwidth efficiency, and a relatively secure channel of communication. Li-Fi is an inexpensive wireless communication (WC) system. Li-Fi can transmit information (text, audio, and video) to any electronic device via the LEDs that are positioned in the space to provide lighting. Li-Fi provides more advantages than Wi-Fi, such as security, high efficiency, speed, throughput, and low latency. The information can be transferred based on the flash property of the LED. Communication is accomplished by turning on and off LED lights at a faster pace than the human visual system can detect.
Authored by G Hussain, M Shruthe, S Rithanyaa, Saravana Madasamy, Nandagopal Velu