A Survey: Typical Security Issues of Software-Defined Networking

Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmability, the “three-layer two-interface” architecture of SDN changes the traditional network and increases the network attack nodes, which results in new security issues. In this paper, we firstly introduced the background, architecture and working process of SDN. Secondly, we summarized and analyzed the typical security issues from north to south: application layer, northbound interface, control layer, southbound interface and data layer. Another contribution is to review and analyze the existing solutions and latest research progress of each layer, mainly including: authorized authentication module, application isolation, DoS/DDoS defense, multi-controller deployment and flow rule consistency detection. Finally, a conclusion about the future works of SDN security and an idealized global security architecture is proposed.

TDLens:Toward an Empirical Evaluation of Provenance Graph-Based Approach to Cyber Threat Detection

To combat increasingly sophisticated cyber attacks,the security community has proposed and deployed a large body of threat detection approaches to discover malicious behaviors on host systems and attack payloads in network traffic.Several studies have begun to focus on threat detection methods based on provenance data of host-level event tracing.On the other side,with the significant development of big data and artificial intelligence technologies,large-scale graph computing has been widely used.To this end,kinds of research try to bridge the gap between threat detection based on host log provenance data and graph algorithm,and propose the threat detection algorithm based on system provenance graph.These approaches usually generate the system provenance graph via tagging and tracking of system events,and then leverage the characteristics of the graph to conduct threat detection and attack investigation.For the purpose of deeply understanding the correctness,effectiveness,and efficiency of different graph-based threat detection algorithms,we pay attention to mainstream threat detection methods based on provenance graphs.We select and implement 5 state-of-the-art threat detection approaches among a large number of studies as evaluation objects for further analysis.To this end,we collect about 40GB of host-level raw log data in a real-world IT environment,and simulate 6 types of cyber attack scenarios in an isolated environment for malicious provenance data to build our evaluation datasets.The crosswise comparison and longitudinal assessment interpret in detail these detection approaches can detect which attack scenarios well and why.Our empirical evaluation provides a solid foundation for the improvement direction of the threat detection approach.

A hierarchical blockchain-enabled security-threat assessment architecture for IoV

In Internet of Vehicles(IoV),the security-threat information of various traffic elements can be exploited by hackers to attack vehicles,resulting in accidents,privacy leakage.Consequently,it is necessary to establish security-threat assessment architectures to evaluate risks of traffic elements by managing and sharing securitythreat information.Unfortunately,most assessment architectures process data in a centralized manner,causing delays in query services.To address this issue,in this paper,a Hierarchical Blockchain-enabled Security threat Assessment Architecture(HBSAA)is proposed,utilizing edge chains and global chains to share data.In addition,data virtualization technology is introduced to manage multi-source heterogeneous data,and a metadata association model based on attribute graph is designed to deal with complex data relationships.In order to provide high-speed query service,the ant colony optimization of key nodes is designed,and the HBSAA prototype is also developed and the performance is tested.Experimental results on the large-scale vulnerabilities data gathered from NVD demonstrate that the HBSAA not only shields data heterogeneity,but also reduces service response time.

A Survey on Smart Agriculture:Development Modes,Technologies,and Security and Privacy Challenges

With the deep combination of both modern information technology and traditional agriculture,the era of agriculture 4.0,which takes the form of smart agriculture,has come.Smart agriculture provides solutions for agricultural intelligence and automation.However,information security issues cannot be ignored with the development of agriculture brought by modern information technology.In this paper,three typical development modes of smart agriculture(precision agriculture,facility agriculture,and order agriculture)are presented.Then,7 key technologies and 11 key applications are derived from the above modes.Based on the above technologies and applications,6 security and privacy countermeasures(authentication and access control,privacy-preserving,blockchain-based solutions for data integrity,cryptography and key management,physical countermeasures,and intrusion detection systems)are summarized and discussed.Moreover,the security challenges of smart agriculture are analyzed and organized into two aspects:1)agricultural production,and 2)information technology.Most current research projects have not taken agricultural equipment as potential security threats.Therefore,we did some additional experiments based on solar insecticidal lamps Internet of Things,and the results indicate that agricultural equipment has an impact on agricultural security.Finally,more technologies(5 G communication,fog computing,Internet of Everything,renewable energy management system,software defined network,virtual reality,augmented reality,and cyber security datasets for smart agriculture)are described as the future research directions of smart agriculture.

Game Theoretical Secure Wireless Communication for UAV-assisted Vehicular Internet of Things

With the ever-expanding applications of vehicles and the development of wireless communication technology,the burgeoning unmanned aerial vehicle(UAV)assisted vehicular internet of things(UVIoTs)has emerged,where the ground vehicles can experience more efficient wireless services by employing UAVs as a temporary mobile base station.However,due to the diversity of UAVs,there exist UAVs such as jammers to degenerate the performance of wireless communication between the normal UAVs and vehicles.To solve above the problem,in this paper,we propose a game based secure data transmission scheme in UVIoTs.Specifically,we exploit the offensive and defensive game to model the interactions between the normal UAVs and jammers.Here,the strategy of the normal UAV is to determine whether to transmit data,while that of the jammer is whether to interfere.We then formulate two optimization problems,i.e.,maximizing the both utilities of UAVs and jammers.Afterwards,we exploit the backward induction method to analyze the proposed countermeasures and finally solve the optimal solution.Lastly,the simulation results show that the proposed scheme can improve the wireless communication performance under the attacks of jammers compared with conventional schemes.

Survey on Quantum Information Security

The security of classical cryptography based on computational complexity assumptions has been severely challenged with the rapid development of quantum computers and quantum algorithms. Quantum cryptography, which offers unconditional security based on some principles of quantum mechanics, has become a significant branch and hotspot in the field of modern cryptography research. In this paper, we review the research and development of several important and well-studied branches of quantum cryptography in terms of theory and experiment, including quantum key distribution, quantum secret sharing, quantum secure direct communication, quantum signature, and quantum private query. We also briefly review the research and development of some other branches which are currently in the stage of theoretical research but receive widespread concern from academia, including quantum private comparison, quantum anonymous voting, quantum secure multi-party summation, quantum sealed-bid auction, quantum public key cryptosystem, quantum key agreement, quantum dialogue, and quantum identity authentication. In addition, we discuss some open issues and future research directions for the branches referred to above.

Moving target defense of routing randomization with deep reinforcement learning against eavesdropping attack

Eavesdropping attacks have become one of the most common attacks on networks because of their easy implementation. Eavesdropping attacks not only lead to transmission data leakage but also develop into other more harmful attacks. Routing randomization is a relevant research direction for moving target defense, which has been proven to be an effective method to resist eavesdropping attacks. To counter eavesdropping attacks, in this study, we analyzed the existing routing randomization methods and found that their security and usability need to be further improved. According to the characteristics of eavesdropping attacks, which are “latent and transferable”, a routing randomization defense method based on deep reinforcement learning is proposed. The proposed method realizes routing randomization on packet-level granularity using programmable switches. To improve the security and quality of service of legitimate services in networks, we use the deep deterministic policy gradient to generate random routing schemes with support from powerful network state awareness. In-band network telemetry provides real-time, accurate, and comprehensive network state awareness for the proposed method. Various experiments show that compared with other typical routing randomization defense methods, the proposed method has obvious advantages in security and usability against eavesdropping attacks.

Recent Advances in Passive Digital Image Security Forensics： A Brief Review

With the development of sophisticated image editing and manipulation tools, the originality and authen- ticity of a digital image is usually hard to determine visually, In order to detect digital image forgeries, various kinds of digital image forensics techniques have been proposed in the last decade, Compared with active forensics approaches that require embedding additional information, passive forensics approaches are more popular due to their wider application scenario, and have attracted increasing academic and industrial research interests, Generally speaking, passive digital image forensics detects image forgeries based on the fact that there are certain intrinsic patterns in the original image left during image acqui- sition or storage, or specific patterns in image forgeries left during the image storage or editing, By ana- lyzing the above patterns, the originality of an image can he authenticated, In this paper, a brief review on passive digital image forensic methods is presented in order to provide a comprehensive introduction on recent advances in this rapidly developing research area, These forensics approaches are divided into three categories based on the various kinds of traces they can he used to track-that is, traces left in image acquisition, traces left in image storage, and traces left in image editing, For each category, the forensics scenario, the underlying rationale, and state-of-the-art methodologies are elaborated, Moreover, the major limitations of the current image forensics approaches are discussed in order to point out some possible research directions or focuses in these areas,

Detecting conflict of heterogeneous access control policies

Policy conflicts may cause substantial economic losses.Although a large amount of effort has been spent on detecting intra-domain policy conflict,it can not detect conflicts of heterogeneous policies.In this paper,considering background knowledge,we propose a conflict detection mechanism to search and locate conflicts of heterogeneous policies.First,we propose a general access control model to describe authorization mechanisms of cloud service and a translation scheme designed to translate a cloud service policy to an Extensible Access Control Markup Language(XACML)policy.Then the scheme based on Multi-terminal Multi-data-type Interval Decision Diagram(MTMIDD)and Extended MTMIDD(X-MTMIDD)is designed to represent XACML policy and search the conflict among heterogeneous policies.To reduce the rate of false positives,the description logic is used to represent XACML policy and eliminate false conflicts.Experimental results show the efficiency of our scheme.

Global Governance in Cyberspace: Process,Conflict and China’s Proposals

In recent years,problems such as cyber warfares,cyber espionages and cyber crimes have become global public nuisances and always challenge the authority of the sovereign states. Therefore,the governance of the derivative problems concerning the global cyberspace has become an issue of importance in the international law. To overcome these challenges,sovereign states begin to get involved in cyberspace and seek international cooperation,so as to promote the evolution of the international rule of law in cyberspace. Currently,the cyberspace is filled with contradictions and conflicts. The cyber hegemonic states monopolize basic resources for cyberspaces,and their liberalism of double standards is the best tool to maintain their centralized and dominant situations. Moreover,the differences on governance problems between different camps leads to the significant institutional supply shortage. Accordingly,as a responsible power,China should advocate the Chinese solution and wisdom so as to create the reform of global cyberspace governance system. Possible specific measures include clarifying the governance structure of sovereign state-orientation,adhering to the model of shared governance with multilateral approach and multi-party participation.

Mathematical Expression Extraction in Text Fields of Documents Based on HMM

Aiming at the problem that the mathematical expressions in unstructured text fields of documents are hard to be extracted automatically, rapidly and effectively, a method based on Hidden Markov Model (HMM) is proposed. Firstly, this method trained the HMM model through employing the symbol combination features of mathematical expressions. Then, some preprocessing works such as removing labels and filtering words were carried out. Finally, the preprocessed text was converted into an observation sequence as the input of the HMM model to determine which is the mathematical expression and extracts it. The experimental results show that the proposed method can effectively extract the mathematical expressions from the text fields of documents, and also has the relatively high accuracy rate and recall rate.

Network Hot Topic Discovery of Fuzzy Clustering Based on Improved Firefly Algorithm

The existing fuzzy clustering algorithm (FCM) is sensitive to the initial center point. And simple clustering of distance can neither discovery hot topics on the Network accurately nor solve the problem of semantic diversity in Chinese. Aiming at these problems, an improved fuzzy clustering method based on dynamic adaptive step firefly algorithm (FA) was proposed. The clustering center was optimized by improved FA, and the FCM was used to complete the final clustering. First, the step length was adjusted adaptively in the current iteration, and the relationship between fireflies was established according to text similarity, then the topic influence value was applied to fuzzy clustering algorithm to improve fitness function optimization. In this process the topic was categorized into the closest class to the cluster center, which can reduce the impact of topic variation. Finally, according to the level of influence value got hot topics. By collecting real data from Sina micro-blog, the effectiveness of the algorithm was verified by experiments, and the accuracy of topic discovery was improved greatly.

A Lightweight, Searchable, and Controllable EMR Sharing Scheme

Electronic medical records (EMR) facilitate the sharing of medical data, but existing sharing schemes suffer fromprivacy leakage and inefficiency. This article proposes a lightweight, searchable, and controllable EMR sharingscheme, which employs a large attribute domain and a linear secret sharing structure (LSSS), the computationaloverhead of encryption and decryption reaches a lightweight constant level, and supports keyword search andpolicy hiding, which improves the high efficiency of medical data sharing. The dynamic accumulator technologyis utilized to enable data owners to flexibly authorize or revoke the access rights of data visitors to the datato achieve controllability of the data. Meanwhile, the data is re-encrypted by Intel Software Guard Extensions(SGX) technology to realize resistance to offline dictionary guessing attacks. In addition, blockchain technology isutilized to achieve credible accountability for abnormal behaviors in the sharing process. The experiments reflectthe obvious advantages of the scheme in terms of encryption and decryption computation overhead and storageoverhead, and theoretically prove the security and controllability in the sharing process, providing a feasible solutionfor the safe and efficient sharing of EMR.

A Location Trajectory Privacy Protection Method Based on Generative Adversarial Network and Attention Mechanism

User location trajectory refers to the sequence of geographic location information that records the user’s movement or stay within a period of time and is usually used in mobile crowd sensing networks,in which the user participates in the sensing task,the process of sensing data collection faces the problem of privacy leakage.To address the privacy leakage issue of trajectory data during uploading,publishing,and sharing when users use location services on mobile smart group sensing terminal devices,this paper proposes a privacy protection method based on generative adversarial networks and attention mechanisms(BiLS-A-GAN).The method designs a generator attention model,GAttention,and a discriminator attention model,DAttention.In the generator,GAttention,combined with a bidirectional long short-term memory network,more effectively senses contextual information and captures dependencies within sequences.The discriminator uses DAttention and the long short-term memory network to distinguish the authenticity of data.Through continuous interaction between these two models,trajectory data with the statistical characteristics of the original data is generated.This non-original trajectory data can effectively reduce the probability of an attacker’s identification,thereby enhancing the privacy protection of user information.Reliability assessment of the Trajectory-User Linking(TUL)task performed on the real-world semantic trajectory dataset Foursquare NYC,compared with traditional privacy-preserving algorithms that focus only on the privacy enhancement of the data,this approach,while achieving a high level of privacy protection,retains more temporal,spatial,and thematic features from the original trajectory data,to not only guarantee the user’s personal privacy,but also retain the reliability of the information itself in the direction of geographic analysis and other directions,and to achieve the win-win purpose of both data utilization and privacy preservation.

Smart Contract Vulnerability Detection Method Based on Feature Graph and Multiple Attention Mechanisms

The fast-paced development of blockchain technology is evident.Yet,the security concerns of smart contracts represent a significant challenge to the stability and dependability of the entire blockchain ecosystem.Conventional smart contract vulnerability detection primarily relies on static analysis tools,which are less efficient and accurate.Although deep learning methods have improved detection efficiency,they are unable to fully utilize the static relationships within contracts.Therefore,we have adopted the advantages of the above two methods,combining feature extraction mode of tools with deep learning techniques.Firstly,we have constructed corresponding feature extraction mode for different vulnerabilities,which are used to extract feature graphs from the source code of smart contracts.Then,the node features in feature graphs are fed into a graph convolutional neural network for training,and the edge features are processed using a method that combines attentionmechanismwith gated units.Ultimately,the revised node features and edge features are concatenated through amulti-head attentionmechanism.The result of the splicing is a global representation of the entire feature graph.Our method was tested on three types of data:Timestamp vulnerabilities,reentrancy vulnerabilities,and access control vulnerabilities,where the F1 score of our method reaches 84.63%,92.55%,and 61.36%.The results indicate that our method surpasses most others in detecting smart contract vulnerabilities.

A Fair and Trusted Trading Scheme for Medical Data Based on Smart Contracts

Data is regarded as a valuable asset,and sharing data is a prerequisite for fully exploiting the value of data.However,the current medical data sharing scheme lacks a fair incentive mechanism,and the authenticity of data cannot be guaranteed,resulting in low enthusiasm of participants.A fair and trusted medical data trading scheme based on smart contracts is proposed,which aims to encourage participants to be honest and improve their enthusiasm for participation.The scheme uses zero-knowledge range proof for trusted verification,verifies the authenticity of the patient’s data and the specific attributes of the data before the transaction,and realizes privacy protection.At the same time,the game pricing strategy selects the best revenue strategy for all parties involved and realizes the fairness and incentive of the transaction price.The smart contract is used to complete the verification and game bargaining process,and the blockchain is used as a distributed ledger to record the medical data transaction process to prevent data tampering and transaction denial.Finally,by deploying smart contracts on the Ethereum test network and conducting experiments and theoretical calculations,it is proved that the transaction scheme achieves trusted verification and fair bargaining while ensuring privacy protection in a decentralized environment.The experimental results show that the model improves the credibility and fairness of medical data transactions,maximizes social benefits,encourages more patients and medical institutions to participate in the circulation of medical data,and more fully taps the potential value of medical data.

A Pricing-Based Cooperative Relay Selection Scheme for Reliable Communications

With the rapid development and application of energy harvesting technology,it has become a prominent research area due to its significant benefits in terms of green environmental protection,convenience,and high safety and efficiency.However,the uneven energy collection and consumption among IoT devices at varying distances may lead to resource imbalance within energy harvesting networks,thereby resulting in low energy transmission efficiency.To enhance the energy transmission efficiency of IoT devices in energy harvesting,this paper focuses on the utilization of collaborative communication,along with pricing-based incentive mechanisms and auction strategies.We propose a dynamic relay selection scheme,including a ladder pricing mechanism based on energy level and a Kuhn-Munkre Algorithm based on an auction theory employing a negotiation mechanism,to encourage more IoT devices to participate in the collaboration process.Simulation results demonstrate that the proposed algorithm outperforms traditional algorithms in terms of improving the energy efficiency of the system.

Enhancing Image Description Generation through Deep Reinforcement Learning:Fusing Multiple Visual Features and Reward Mechanisms

Image description task is the intersection of computer vision and natural language processing,and it has important prospects,including helping computers understand images and obtaining information for the visually impaired.This study presents an innovative approach employing deep reinforcement learning to enhance the accuracy of natural language descriptions of images.Our method focuses on refining the reward function in deep reinforcement learning,facilitating the generation of precise descriptions by aligning visual and textual features more closely.Our approach comprises three key architectures.Firstly,it utilizes Residual Network 101(ResNet-101)and Faster Region-based Convolutional Neural Network(Faster R-CNN)to extract average and local image features,respectively,followed by the implementation of a dual attention mechanism for intricate feature fusion.Secondly,the Transformer model is engaged to derive contextual semantic features from textual data.Finally,the generation of descriptive text is executed through a two-layer long short-term memory network(LSTM),directed by the value and reward functions.Compared with the image description method that relies on deep learning,the score of Bilingual Evaluation Understudy(BLEU-1)is 0.762,which is 1.6%higher,and the score of BLEU-4 is 0.299.Consensus-based Image Description Evaluation(CIDEr)scored 0.998,Recall-Oriented Understudy for Gisting Evaluation(ROUGE)scored 0.552,the latter improved by 0.36%.These results not only attest to the viability of our approach but also highlight its superiority in the realm of image description.Future research can explore the integration of our method with other artificial intelligence(AI)domains,such as emotional AI,to create more nuanced and context-aware systems.

TransTM:A device-free method based on time-streaming multiscale transformer for human activity recognition

RFID-based human activity recognition(HAR)attracts attention due to its convenience,noninvasiveness,and privacy protection.Existing RFID-based HAR methods use modeling,CNN,or LSTM to extract features effectively.Still,they have shortcomings:1)requiring complex hand-crafted data cleaning processes and 2)only addressing single-person activity recognition based on specific RF signals.To solve these problems,this paper proposes a novel device-free method based on Time-streaming Multiscale Transformer called TransTM.This model leverages the Transformer's powerful data fitting capabilities to take raw RFID RSSI data as input without pre-processing.Concretely,we propose a multiscale convolutional hybrid Transformer to capture behavioral features that recognizes singlehuman activities and human-to-human interactions.Compared with existing CNN-and LSTM-based methods,the Transformer-based method has more data fitting power,generalization,and scalability.Furthermore,using RF signals,our method achieves an excellent classification effect on human behaviorbased classification tasks.Experimental results on the actual RFID datasets show that this model achieves a high average recognition accuracy(99.1%).The dataset we collected for detecting RFID-based indoor human activities will be published.

Blockchain-Assisted Electronic Medical Data-Sharing:Developments,Approaches and Perspectives

Medical blockchain data-sharing is a technique that employs blockchain technology to facilitate the sharing of electronic medical data.The blockchain is a decentralized digital ledger that ensures data-sharing security,transparency,and traceability through cryptographic technology and consensus algorithms.Consequently,medical blockchain data-sharing methods have garnered significant attention and research efforts.Nevertheless,current methods have different storage and transmission measures for original data in the medical blockchain,resulting in large differences in performance and privacy.Therefore,we divide the medical blockchain data-sharing method into on-chain sharing and off-chain sharing according to the original data storage location.Among them,off-chain sharing can be subdivided into on-cloud sharing and local sharing according to whether the data is moved.Subsequently,we provide a detailed analysis of basic processes and research content for each method.Finally,we summarize the challenges posed by the current methods and discuss future research directions.