The model called CSAI-4-CPS is proposed to characterize the use of Artificial Intelligence in Cybersecurity applied to the context of CPS - Cyber-Physical Systems. The model aims to establish a methodology being able to self-adapt using shared machine learning models, without incurring the loss of data privacy. The model will be implemented in a generic framework, to assess accuracy across different datasets, taking advantage of the federated learning and machine learning approach. The proposed solution can facilitate the construction of new AI cybersecurity tools and systems for CPS, enabling a better assessment and increasing the level of security/robustness of these systems more efficiently.
Authored by Hebert Silva
In recent years, the detection of illegal and harmful messages which plays an significant role in Internet service is highly valued by the government and society. Although artificial intelligence technology is increasingly applied to actual operating systems, it is still a big challenge to be applied to systems that require high real-time performance. This paper provides a real-time detection system solution based on artificial intelligence technology. We first introduce the background of real-time detection of illegal and harmful messages. Second, we propose a complete set of intelligent detection system schemes for real-time detection, and conduct technical exploration and innovation in the media classification process including detection model optimization, traffic monitoring and automatic configuration algorithm. Finally, we carry out corresponding performance verification.
Authored by Ranran Zeng, Yue Lin, Xiaoyu Li, Lei Wang, Jie Yang, Dexin Zhao, Minglan Su
Artificial intelligence is a subfield of computer science that refers to the intelligence displayed by machines or software. The research has influenced the rapid development of smart devices that have a significant impact on our daily lives. Science, engineering, business, and medicine have all improved their prediction powers in order to make our lives easier in our daily tasks. The quality and efficiency of regions that use artificial intelligence has improved, as shown in this study. It successfully handles data organisation and environment difficulties, allowing for the development of a more solid and rigorous model. The pace of life is quickening in the digital age, and the PC Internet falls well short of meeting people’s needs. Users want to be able to get convenient network information services at any time and from any location
Authored by K. Thiagarajan, Chandra Dixit, M. Panneerselvam, C.Arunkumar Madhuvappan, Samata Gadde, Jyoti Shrote
Several excellent devices can communicate without the need for human intervention. It is one of the fastest-growing sectors in the history of computing, with an estimated 50 billion devices sold by the end of 2020. On the one hand, IoT developments play a crucial role in upgrading a few simple, intelligent applications that can increase living quality. On the other hand, the security concerns have been noted to the cross-cutting idea of frameworks and the multidisciplinary components connected with their organization. As a result, encryption, validation, access control, network security, and application security initiatives for gadgets and their inherent flaws cannot be implemented. It should upgrade existing security measures to ensure that the ML environment is sufficiently protected. Machine learning (ML) has advanced tremendously in the last few years. Machine insight has evolved from a research center curiosity to a sensible instrument in a few critical applications.
Authored by Amit Pandey, Assefa Genale, Vijaykumar Janga, Barani Sundaram, Desalegn Awoke, P. Karthika
The development of industrial robots, as a carrier of artificial intelligence, has played an important role in promoting the popularisation of artificial intelligence super automation technology. The paper introduces the system structure, hardware structure, and software system of the mobile robot climber based on computer big data technology, based on this research background. At the same time, the paper focuses on the climber robot's mechanism compound method and obstacle avoidance control algorithm. Smart home computing focuses on “home” and brings together related peripheral industries to promote smart home services such as smart appliances, home entertainment, home health care, and security monitoring in order to create a safe, secure, energy-efficient, sustainable, and comfortable residential living environment. It's been twenty years. There is still no clear definition of “intelligence at home,” according to Philips Inc., a leading consumer electronics manufacturer, which once stated that intelligence should comprise sensing, connectedness, learning, adaption, and ease of interaction. S mart applications and services are still in the early stages of development, and not all of them can yet exhibit these five intelligent traits.
Authored by Karrar Hussain, D. Vanathi, Bibin Jose, S Kavitha, Bhuvaneshwari Rane, Harpreet Kaur, C. Sandhya
Transformer is the key equipment of power system, and its stable operation is very important to the security of power system In practical application, with the progress of technology, the performance of transformer becomes more and more important, but faults also occur from time to time in practical application, and the traditional manual fault diagnosis needs to consume a lot of time and energy. At present, the rapid development of artificial intelligence technology provides a new research direction for timely and accurate detection and treatment of transformer faults. In this paper, a method of transformer fault diagnosis using artificial neural network is proposed. The neural network algorithm is used for off-line learning and training of the operation state data of normal and fault states. By adjusting the relationship between neuron nodes, the mapping relationship between fault characteristics and fault location is established by using network layer learning, Finally, the reasoning process from fault feature to fault location is realized to realize intelligent fault diagnosis.
Authored by Li Feng, Ye Bo
In the world of information technology and the Internet, which has become a part of human life today and is constantly expanding, Attention to the users' requirements such as information security, fast processing, dynamic and instant access, and costs savings has become essential. The solution that is proposed for such problems today is a technology that is called cloud computing. Today, cloud computing is considered one of the most essential distributed tools for processing and storing data on the Internet. With the increasing using this tool, the need to schedule tasks to make the best use of resources and respond appropriately to requests has received much attention, and in this regard, many efforts have been made and are being made. To this purpose, various algorithms have been proposed to calculate resource allocation, each of which has tried to solve equitable distribution challenges while using maximum resources. One of these calculation methods is the DRF algorithm. Although it offers a better approach than previous algorithms, it faces challenges, especially with time-consuming resource allocation computing. These challenges make the use of DRF more complex than ever in the low number of requests with high resource capacity as well as the high number of simultaneous requests. This study tried to reduce the computations costs associated with the DRF algorithm for resource allocation by introducing a new approach to using this DRF algorithm to automate calculations by machine learning and artificial intelligence algorithms (Autonomic Dominant Resource Fairness or A-DRF).
Authored by Amin Fakhartousi, Sofia Meacham, Keith Phalp
The Sixth Generation (6G) is currently under development and it is a planned successor of the Fifth Generation (5G). It is a new wireless communication technology expected to have a greater coverage area, significant fast and a higher data rate. The aim of this paper is to examine the literature on challenges and possible solutions of 6G's security, privacy and trust. It uses the systematic literature review technique by searching five research databases for search engines which are precise keywords like “6G,” “6G Wireless communication,” and “sixth generation”. The latter produced a total of 1856 papers, then the security, privacy and trust issues of the 6G wireless communication were extracted. Two security issues, the artificial intelligence and visible light communication, were apparent. In conclusion, there is a need for new paradigms that will provide a clear 6G security solutions.
Authored by Mulumba Gracia, Vusumuzi Malele, Sphiwe Ndlovu, Topside Mathonsi, Lebogang Maaka, Tonderai Muchenje
With the future 6G era, spiking neural networks (SNNs) can be powerful processing tools in various areas due to their strong artificial intelligence (AI) processing capabilities, such as biometric recognition, AI robotics, autonomous drive, and healthcare. However, within Cyber Physical System (CPS), SNNs are surprisingly vulnerable to adversarial examples generated by benign samples with human-imperceptible noise, this will lead to serious consequences such as face recognition anomalies, autonomous drive-out of control, and wrong medical diagnosis. Only by fully understanding the principles of adversarial attacks with adversarial samples can we defend against them. Nowadays, most existing adversarial attacks result in a severe accuracy degradation to trained SNNs. Still, the critical issue is that they only generate adversarial samples by randomly adding, deleting, and flipping spike trains, making them easy to identify by filters, even by human eyes. Besides, the attack performance and speed also can be improved further. Hence, Spike Probabilistic Attack (SPA) is presented in this paper and aims to generate adversarial samples with more minor perturbations, greater model accuracy degradation, and faster iteration. SPA uses Poisson coding to generate spikes as probabilities, directly converting input data into spikes for faster speed and generating uniformly distributed perturbation for better attack performance. Moreover, an objective function is constructed for minor perturbations and keeping attack success rate, which speeds up the convergence by adjusting parameters. Both white-box and black-box settings are conducted to evaluate the merits of SPA. Experimental results show the model's accuracy under white-box attack decreases by 9.2S% 31.1S% better than others, and average success rates are 74.87% under the black-box setting. The experimental results indicate that SPA has better attack performance than other existing attacks in the white-box and better transferability performance in the black-box setting,
Authored by Xuanwei Lin, Chen Dong, Ximeng Liu, Yuanyuan Zhang
Security incident handling and response are essen-tial parts of every organization's information and cyber security. Security incident handling consists of several phases, among which digital forensic analysis has an irreplaceable place. Due to particular digital evidence being recorded at a specific time, timelines play an essential role in analyzing this digital evidence. One of the vital tasks of the digital forensic investigator is finding relevant records in this timeline. This operation is performed manually in most cases. This paper focuses on the possibilities of automatically identifying digital evidence pertinent to the case and proposes a model that identifies this digital evidence. For this purpose, we focus on Windows operating system and the NTFS file system and use outlier detection (Local Outlier Factor method). Collected digital evidence is preprocessed, transformed to binary values, and aggregated by file system inodes and names. Subsequently, we identify digital records (file inodes, file names) relevant to the case. This paper analyzes the combinations of attributes, aggregation functions, local outlier factor parameters, and their impact on the resulting selection of relevant file inodes and file names.
Authored by Eva Marková, Pavol Sokol, Kristína Kováćová
This paper introduces an application of machine learning algorithms. In fact, support vector machine and decision tree approaches are studied and applied to compare their performances in detecting, classifying, and locating faults in the transmission network. The IEEE 14-bus transmission network is considered in this work. Besides, 13 types of faults are tested. Particularly, the one fault and the multiple fault cases are investigated and tested separately. Fault simulations are performed using the SimPowerSystems toolbox in Matlab. Basing on the accuracy score, a comparison is made between the proposed approaches while testing simple faults, on the one hand, and when complicated faults are integrated, on the other hand. Simulation results prove that the support vector machine technique can achieve an accuracy of 87% compared to the decision tree which had an accuracy of 53% in complicated cases.
Authored by Nouha Bouchiba, Azeddine Kaddouri
The rapid growth of number of devices that are connected to internet of things (IoT) networks, increases the severity of security problems that need to be solved in order to provide safe environment for network data exchange. The discovery of new vulnerabilities is everyday challenge for security experts and many novel methods for detection and prevention of intrusions are being developed for dealing with this issue. To overcome these shortcomings, artificial intelligence (AI) can be used in development of advanced intrusion detection systems (IDS). This allows such system to adapt to emerging threats, react in real-time and adjust its behavior based on previous experiences. On the other hand, the traffic classification task becomes more difficult because of the large amount of data generated by network systems and high processing demands. For this reason, feature selection (FS) process is applied to reduce data complexity by removing less relevant data for the active classification task and therefore improving algorithm's accuracy. In this work, hybrid version of recently proposed sand cat swarm optimizer algorithm is proposed for feature selection with the goal of increasing performance of extreme learning machine classifier. The performance improvements are demonstrated by validating the proposed method on two well-known datasets - UNSW-NB15 and CICIDS-2017, and comparing the results with those reported for other cutting-edge algorithms that are dealing with the same problems and work in a similar configuration.
Authored by Dijana Jovanovic, Marina Marjanovic, Milos Antonijevic, Miodrag Zivkovic, Nebojsa Budimirovic, Nebojsa Bacanin
Swarm robotics is a network based multi-device system designed to achieve shared objectives in a synchronized way. This system is widely used in industries like farming, manufacturing, and defense applications. In recent implementations, swarm robotics is integrated with Blockchain based networks to enhance communication, security, and decentralized decision-making capabilities. As most of the current blockchain applications are based on complex consensus algorithms, every individual robot in the swarm network requires high computing power to run these complex algorithms. Thus, it is a challenging task to achieve consensus between the robots in the network. This paper will discuss the details of designing an effective consensus algorithm that meets the requirements of swarm robotics network.
Authored by Sathishkumar Ranganathan, Muralindran Mariappan, Karthigayan Muthukaruppan
Classification problems have been part of numerous real-life applications in fields of security, medicine, agriculture, and more. Due to the wide range of applications, there is a constant need for more accurate and efficient methods. Besides more efficient and better classification algorithms, the optimal feature set is a significant factor for better classification accuracy. In general, more features can better describe instances, but besides showing differences between instances of different classes, it can also capture many similarities that lead to wrong classification. Determining the optimal feature set can be considered a hard optimization problem for which different metaheuristics, like swarm intelligence algorithms can be used. In this paper, we propose an adaptation of hybridized swarm intelligence (SI) algorithm for feature selection problem. To test the quality of the proposed method, classification was done by k-means algorithm and it was tested on 17 benchmark datasets from the UCI repository. The results are compared to similar approaches from the literature where SI algorithms were used for feature selection, which proves the quality of the proposed hybridized SI method. The proposed method achieved better classification accuracy for 16 datasets. Higher classification accuracy was achieved while simultaneously reducing the number of used features.
Authored by Eva Tuba, Adis Alihodzic, Una Tuba, Romana Hrosik, Milan Tuba
The Internet of Things (IoT) is advancing technology by creating smart surroundings that make it easier for humans to do their work. This technological advancement not only improves human life and expands economic opportunities, but also allows intruders or attackers to discover and exploit numerous methods in order to circumvent the security of IoT networks. Hence, security and privacy are the key concerns to the IoT networks. It is vital to protect computer and IoT networks from many sorts of anomalies and attacks. Traditional intrusion detection systems (IDS) collect and employ large amounts of data with irrelevant and inappropriate attributes to train machine learning models, resulting in long detection times and a high rate of misclassification. This research presents an advance approach for the design of IDS for IoT networks based on the Particle Swarm Optimization Algorithm (PSO) for feature selection and the Extreme Gradient Boosting (XGB) model for PSO fitness function. The classifier utilized in the intrusion detection process is Random Forest (RF). The IoTID20 is being utilized to evaluate the efficacy and robustness of our suggested strategy. The proposed system attains the following level of accuracy on the IoTID20 dataset for different levels of classification: Binary classification 98 %, multiclass classification 83 %. The results indicate that the proposed framework effectively detects cyber threats and improves the security of IoT networks.
Authored by Asima Sarwar, Salva Hasan, Waseem Khan, Salman Ahmed, Safdar Marwat
Any decentralized, biased distributed network is susceptible to the Sybil malicious attack, in which a malicious node masquerades as numerous different nodes, collectively referred to as Sybil nodes, causing the network to become unresponsive. Cloud computing environments are characterized by their loosely linked nature, which means that no node has comprehensive information of the entire system. In order to prevent Sybil attacks in cloud computing systems, it is necessary to detect them as soon as they occur. The network’s ability to function properly A Sybil attacker has the ability to construct. It is necessary to have multiple identities on a single physical device in order to execute a concerted attack on the network or switch between networks identities in order to make the detection process more difficult, and thereby lack of accountability is being promoted throughout the network. The purpose of this study is to Various varieties of Sybil assaults have been documented, including those that occur in Peer-to-peer reputation systems, self-organizing networks, and other similar technologies. The topic of social network systems is discussed. In addition, there are other approaches in which it has been urged over time that they be reduced or eliminated Their potential risks are also thoroughly investigated.
Authored by Ravula Kumar, Srikar Konda, Ramesh Karnati, Ravi Kumar.E, NarenderRavula
As a result of the inherent weaknesses of the wireless medium, ad hoc networks are susceptible to a broad variety of threats and assaults. As a direct consequence of this, intrusion detection, as well as security, privacy, and authentication in ad-hoc networks, have developed into a primary focus of current study. This body of research aims to identify the dangers posed by a variety of assaults that are often seen in wireless ad-hoc networks and provide strategies to counteract those dangers. The Black hole assault, Wormhole attack, Selective Forwarding attack, Sybil attack, and Denial-of-Service attack are the specific topics covered in this thesis. In this paper, we describe a trust-based safe routing protocol with the goal of mitigating the interference of black hole nodes in the course of routing in mobile ad-hoc networks. The overall performance of the network is negatively impacted when there are black hole nodes in the route that routing takes. As a result, we have developed a routing protocol that reduces the likelihood that packets would be lost as a result of black hole nodes. This routing system has been subjected to experimental testing in order to guarantee that the most secure path will be selected for the delivery of packets between a source and a destination. The invasion of wormholes into a wireless network results in the segmentation of the network as well as a disorder in the routing. As a result, we provide an effective approach for locating wormholes by using ordinal multi-dimensional scaling and round trip duration in wireless ad hoc networks with either sparse or dense topologies. Wormholes that are linked by both short route and long path wormhole linkages may be found using the approach that was given. In order to guarantee that this ad hoc network does not include any wormholes that go unnoticed, this method is subjected to experimental testing. In order to fight against selective forwarding attacks in wireless ad-hoc networks, we have developed three different techniques. The first method is an incentive-based algorithm that makes use of a reward-punishment system to drive cooperation among three nodes for the purpose of vi forwarding messages in crowded ad-hoc networks. A unique adversarial model has been developed by our team, and inside it, three distinct types of nodes and the activities they participate in are specified. We have shown that the suggested strategy that is based on incentives prohibits nodes from adopting an individualistic behaviour, which ensures collaboration in the process of packet forwarding. To guarantee that intermediate nodes in resource-constrained ad-hoc networks accurately convey packets, the second approach proposes a game theoretic model that uses non-cooperative game theory. This model is based on the idea that game theory may be used. This game reaches a condition of desired equilibrium, which assures that cooperation in multi-hop communication is physically possible, and it is this state that is discovered. In the third algorithm, we present a detection approach that locates malicious nodes in multihop hierarchical ad-hoc networks by employing binary search and control packets. We have shown that the cluster head is capable of accurately identifying the malicious node by analysing the sequences of packets that are dropped along the path leading from a source node to the cluster head. A lightweight symmetric encryption technique that uses Binary Playfair is presented here as a means of safeguarding the transport of data. We demonstrate via experimentation that the suggested encryption method is efficient with regard to the amount of energy used, the amount of time required for encryption, and the memory overhead. This lightweight encryption technique is used in clustered wireless ad-hoc networks to reduce the likelihood of a sybil attack occurring in such networks
Authored by Chethana C, Piyush Pareek, Victor de Albuquerque, Ashish Khanna, Deepak Gupta
Obfuscation refers to changing the structure of code in a way that original semantics can be hidden. These techniques are often used by application developers for code hardening but it has been found that obfuscation techniques are widely used by malware developers in order to hide the work flow and semantics of malicious code. Class Encryption, Code Re-Ordering, Junk Code insertion and Control Flow modifications are Code Obfuscation techniques. In these techniques, code of the application is changed. These techniques change the signature of the application and also affect the systems that use sequence of instructions in order to detect maliciousness of an application. In this paper an ’Opcode sequence’ based detection system is designed and tested against obfuscated samples. It has been found that the system works efficiently for the detection of non obfuscated samples but the performance is effected significantly against obfuscated samples. The study tests different code obfuscation schemes and reports the effect of each on sequential opcode based analytic system.
Authored by Saneeha Khalid, Faisal Hussain
This paper proposes a novel approach for privacy preserving face recognition aimed to formally define a trade-off optimization criterion between data privacy and algorithm accuracy. In our methodology, real world face images are anonymized with Gaussian blurring for privacy preservation. The anonymized images are processed for face detection, face alignment, face representation, and face verification. The proposed methodology has been validated with a set of experiments on a well known dataset and three face recognition classifiers. The results demonstrate the effectiveness of our approach to correctly verify face images with different levels of privacy and results accuracy, and to maximize privacy with the least negative impact on face detection and face verification accuracy.
Authored by Wisam Abbasi, Paolo Mori, Andrea Saracino, Valerio Frascolla
Modern consumer electronic devices often provide intelligence services with deep neural networks. We have started migrating the computing locations of intelligence services from cloud servers (traditional AI systems) to the corresponding devices (on-device AI systems). On-device AI systems generally have the advantages of preserving privacy, removing network latency, and saving cloud costs. With the emergence of on-device AI systems having relatively low computing power, the inconsistent and varying hardware resources and capabilities pose difficulties. Authors' affiliation has started applying a stream pipeline framework, NNStreamer, for on-device AI systems, saving developmental costs and hardware resources and improving performance. We want to expand the types of devices and applications with on-device AI services products of both the affiliation and second/third parties. We also want to make each AI service atomic, re-deployable, and shared among connected devices of arbitrary vendors; we now have yet another requirement introduced as it always has been. The new requirement of “among-device AI” includes connectivity between AI pipelines so that they may share computing resources and hardware capabilities across a wide range of devices regardless of vendors and manufacturers. We propose extensions of the stream pipeline framework, NNStreamer, for on-device AI so that NNStreamer may provide among-device AI capability. This work is a Linux Foundation (LF AI & Data) open source project accepting contributions from the general public.
Authored by MyungJoo Ham, Sangjung Woo, Jaeyun Jung, Wook Song, Gichan Jang, Yongjoo Ahn, Hyoungjoo Ahn
Throughout history, technological evolution has generated less desired side effects with impact on society. In the field of IT&C, there are ongoing discussions about the role of robots within economy, but also about their impact on the labour market. In the case of digital media systems, we talk about misinformation, manipulation, fake news, etc. Issues related to the protection of the citizen's life in the face of technology began more than 25 years ago; In addition to the many messages such as “the citizen is at the center of concern” or, “privacy must be respected”, transmitted through various channels of different entities or companies in the field of ICT, the EU has promoted a number of legislative and normative documents to protect citizens' rights and freedoms.
Authored by Doina Banciu, Carmen Cîrnu
Blockchain and artificial intelligence are two technologies that, when combined, have the ability to help each other realize their full potential. Blockchains can guarantee the accessibility and consistent admittance to integrity safeguarded big data indexes from numerous areas, allowing AI systems to learn more effectively and thoroughly. Similarly, artificial intelligence (AI) can be used to offer new consensus processes, and hence new methods of engaging with Blockchains. When it comes to sensitive data, such as corporate, healthcare, and financial data, various security and privacy problems arise that must be properly evaluated. Interaction with Blockchains is vulnerable to data credibility checks, transactional data leakages, data protection rules compliance, on-chain data privacy, and malicious smart contracts. To solve these issues, new security and privacy-preserving technologies are being developed. AI-based blockchain data processing, either based on AI or used to defend AI-based blockchain data processing, is emerging to simplify the integration of these two cutting-edge technologies.
Authored by Ramiz Salama, Fadi Al-Turjman
With the development of artificial intelligence, the need for data sharing is becoming more and more urgent. However, the existing data sharing methods can no longer fully meet the data sharing needs. Privacy breaches, lack of motivation and mutual distrust have become obstacles to data sharing. We design a privacy-preserving, decentralized data sharing method based on blockchain smart contracts, named PPDS. To protect data privacy, we transform the data sharing problem into a model sharing problem. This means that the data owner does not need to directly share the raw data, but the AI model trained with such data. The data requester and the data owner interact on the blockchain through a smart contract. The data owner trains the model with local data according to the requester's requirements. To fairly assess model quality, we set up several model evaluators to assess the validity of the model through voting. After the model is verified, the data owner who trained the model will receive reward in return through a smart contract. The sharing of the model avoids direct exposure of the raw data, and the reasonable incentive provides a motivation for the data owner to share the data. We describe the design and workflow of our PPDS, and analyze the security using formal verification technology, that is, we use Coloured Petri Nets (CPN) to build a formal model for our approach, proving its security through simulation execution and model checking. Finally, we demonstrate effectiveness of PPDS by developing a prototype with its corresponding case application.
Authored by Xuesong Hai, Jing Liu
Nowadays, IoT networks and devices exist in our everyday life, capturing and carrying unlimited data. However, increasing penetration of connected systems and devices implies rising threats for cybersecurity with IoT systems suffering from network attacks. Artificial Intelligence (AI) and Machine Learning take advantage of huge volumes of IoT network logs to enhance their cybersecurity in IoT. However, these data are often desired to remain private. Federated Learning (FL) provides a potential solution which enables collaborative training of attack detection model among a set of federated nodes, while preserving privacy as data remain local and are never disclosed or processed on central servers. While FL is resilient and resolves, up to a point, data governance and ownership issues, it does not guarantee security and privacy by design. Adversaries could interfere with the communication process, expose network vulnerabilities, and manipulate the training process, thus affecting the performance of the trained model. In this paper, we present a federated learning model which can successfully detect network attacks in IoT systems. Moreover, we evaluate its performance under various settings of differential privacy as a privacy preserving technique and configurations of the participating nodes. We prove that the proposed model protects the privacy without actually compromising performance. Our model realizes a limited performance impact of only ∼ 7% less testing accuracy compared to the baseline while simultaneously guaranteeing security and applicability.
Authored by Zacharias Anastasakis, Konstantinos Psychogyios, Terpsi Velivassaki, Stavroula Bourou, Artemis Voulkidis, Dimitrios Skias, Antonis Gonos, Theodore Zahariadis
Recent trends in the convergence of edge computing and artificial intelligence (AI) have led to a new paradigm of “edge intelligence”, which are more vulnerable to attack such as data and model poisoning and evasion of attacks. This paper proposes a white-box poisoning attack against online regression model for edge intelligence environment, which aim to prepare the protection methods in the future. Firstly, the new method selects data points from original stream with maximum loss by two selection strategies; Secondly, it pollutes these points with gradient ascent strategy. At last, it injects polluted points into original stream being sent to target model to complete the attack process. We extensively evaluate our proposed attack on open dataset, the results of which demonstrate the effectiveness of the novel attack method and the real implications of poisoning attack in a case study electric energy prediction application.
Authored by Yanxu Zhu, Hong Wen, Peng Zhang, Wen Han, Fan Sun, Jia Jia