LDAS&ET-AD:Learnable Distillation Attack Strategies and Evolvable Teachers Adversarial Distillation

Adversarial distillation(AD)has emerged as a potential solution to tackle the challenging optimization problem of loss with hard labels in adversarial training.However,fixed sample-agnostic and student-egocentric attack strategies are unsuitable for distillation.Additionally,the reliability of guidance from static teachers diminishes as target models become more robust.This paper proposes an AD method called Learnable Distillation Attack Strategies and Evolvable Teachers Adversarial Distillation(LDAS&ET-AD).Firstly,a learnable distillation attack strategies generating mechanism is developed to automatically generate sample-dependent attack strategies tailored for distillation.A strategy model is introduced to produce attack strategies that enable adversarial examples(AEs)to be created in areas where the target model significantly diverges from the teachers by competing with the target model in minimizing or maximizing the AD loss.Secondly,a teacher evolution strategy is introduced to enhance the reliability and effectiveness of knowledge in improving the generalization performance of the target model.By calculating the experimentally updated target model’s validation performance on both clean samples and AEs,the impact of distillation from each training sample and AE on the target model’s generalization and robustness abilities is assessed to serve as feedback to fine-tune standard and robust teachers accordingly.Experiments evaluate the performance of LDAS&ET-AD against different adversarial attacks on the CIFAR-10 and CIFAR-100 datasets.The experimental results demonstrate that the proposed method achieves a robust precision of 45.39%and 42.63%against AutoAttack(AA)on the CIFAR-10 dataset for ResNet-18 and MobileNet-V2,respectively,marking an improvement of 2.31%and 3.49%over the baseline method.In comparison to state-of-the-art adversarial defense techniques,our method surpasses Introspective Adversarial Distillation,the top-performing method in terms of robustness under AA attack for the CIFAR-10 dataset,with enhancements of 1.40%and 1.43%for ResNet-18 and MobileNet-V2,respectively.These findings demonstrate the effectiveness of our proposed method in enhancing the robustness of deep learning networks(DNNs)against prevalent adversarial attacks when compared to other competing methods.In conclusion,LDAS&ET-AD provides reliable and informative soft labels to one of the most promising defense methods,AT,alleviating the limitations of untrusted teachers and unsuitable AEs in existing AD techniques.We hope this paper promotes the development of DNNs in real-world trust-sensitive fields and helps ensure a more secure and dependable future for artificial intelligence systems.

Improvement of Attributed Scattering Center Extraction by Using SAR Super-Resolution Preprocessing

Synthetic aperture radar(SAR)is able to acquire high-resolution method using the active microwave imaging method.SAR images are widely used in target recognition,classification,and surface analysis,with extracted features.Attribute scattering center(ASC)is able to describe the image features for these tasks.However,sidelobe effects reduce the accuracy and reliability of the estimated ASC model parameters.This paper incorporates the SAR super-resolution into the ASC extraction to improve its performance.Both filter bank and subspace methods are demonstrated for preprocessing to supress the sidelobe.Based on the preprocessed data,a reinforcement based ASC method is used to get the parameters.The experimental results show that the super-resolution method can reduce noise and suppress sidelobe effect,which improve accuracy of the estimated ASC model parameters.

Design and Implementation of an SDN-Enabled DNS Security Framework

The Domain Name System(DNS) is suffering from the vulnerabilities exploited to launch the cache poisoning attack. Inspired by biodiversity, we design and implement a non-intrusive and tolerant secure architecture Multi-DNS(MDNS) to deal with it. MDNS consists of Scheduling Proxy and DNS server pool with heterogeneous DNSs in it. And the Scheduling Proxy dynamically schedules m DNSs to provide service in parallel and adopts the vote results from majority of DNSs to decide valid replies. And benefit from the centralized control of software defined networking(SDN), we implement a proof of concept for it. Evaluation results prove the validity and availability of MDNS and its intrusion/fault tolerance, while the average delay can be controlled in 0.3s.

SecIngress:An API Gateway Framework to Secure Cloud Applications Based on N-Variant System

Based on the diversified technology and the cross-validation mechanism,the N-variant system provides a secure service architecture for cloud providers to protect the cloud applications from attacks by executing multiple variants of a single software in parallel and then checking their behaviors’consistency.However,it is complex to upgrade current Software as a Service(SaaS)applications to adapt N-variant system architecture.Challenges arise from the inability of tenants to adjust the application architecture in the cloud environment,and the difficulty for cloud service providers to implement N-variant systems using existing API gateways.This paper proposes SecIngress,an API gateway framework,to overcome the challenge that it is hard in the cloud environment to upgrade the applications based on N-variants system.We design a two-stage timeout processing method to lessen the service latency and an Analytic Hierarchy Process Voting under the Metadata mechanism(AHPVM)to enhance voting accuracy.We implement a prototype in a testbed environment and analyze the security and performance metrics before and after deploying the prototype to show the effectiveness of SecIngress.The results reveal that SecIngress enhances the reliability of cloud applications with acceptable performance degradation.

An Aware-Scheduling Security Architecture with Priority-Equal Multi-Controller for SDN

Current SDN controllers suffer from a series of potential attacks. For example, malicious flow rules may lead to system disorder by introducing unexpected flow entries. In this paper, we propose Mcad-SA, an aware decision-making security architecture with multiple controllers, which could coordinate heterogeneous controllers internally as a "big" controller. This architecture includes an additional plane, the scheduling plane, which consists of transponder, sensor, decider and scheduler. Meanwhile it achieves the functions of communicating, supervising and scheduling between data and control plane. In this framework, we adopt the vote results from the majority of controllers to determine valid flow rules distributed to switches. Besides, an aware dynamic scheduling(ADS) mechanism is devised in scheduler to intensify security of Mcad-SA further. Combined with perception, ADS takes advantage of heterogeneity and redundancy of controllers to enable the control plane operate in a dynamic, reliable and unsteady state, which results in significant difficulty of probing systems and executing attacks. Simulation results demonstrate the proposed methods indicate better security resilience over traditional architectures as they have lower failure probability when facing attacks.

Defending Against Link Failure in Virtual Network Embedding Using a Hybrid Scheme

Nowadays network virtualization is utterly popular.As a result,how to protect the virtual networks from attacking on the link is increasingly important.Existing schemes are mainly backup-based,which suffer from data loss and are helpless to such attacks like data tampering.To offer high security level,in this paper,we first propose a multipath and decision-making(MD) scheme which applies multipath simultaneously delivery and decision-making for protecting the virtual network.Considering different security requirement for virtual link,we devise a hybrid scheme to protect the virtual links.For the critical links,MD scheme is adopted.For the other links,we adopt the Shared Backup Scheme.Our simulation results indicate the proposed scheme can significantly increase the security level of the critical link high in the loss of less acceptance ratio.

Toward a Scalable SDN Control Mechanism via Switch Migration

Dynamic Controller Provisioning Problem(DCPP) is a key problem for scalable SDN. Previously, the solution to this problem focused on adapting the number of controllers and their locations with changing network conditions, but ignored balancing control loads via switch migration. In this paper, we study a scalable control mechanism to decide which switch and where it should be migrated for more balanced control plane, and we define it as Switch Migration Problem(SMP). The main contributions of this paper are as follows. First, we define a SDN model to describe the relation between controllers and switches from the view of loads. Based on this model, we form SMP as a Network Utility Maximization(NUM) problem with the objective of serving more requests under available control resources. Second, we design a synthesizing distributed algorithm for SMP--- Distributed Hopping Algorithm(DHA), by approximating our optimal objective via Log-Sum-Exp function. In DHA, individual controller performs algorithmic procedure independently. With the solution space F, we prove that the optimal gap caused by approximation is at most 1/βlog|F|, and DHA procedure is equal to implementation of a time-reversible Markov Chain process. Finally, the results are corroborated by several numerical simulations.

Orchestrating Network Functions in Software-Defined Networks

Software.defined networking(SDN) enables third.part companies to participate in the network function innovations. A number of instances for one network function will inevitably co.exist in the network. Although some orchestration architecture has been proposed to chain network functions, rare works are focused on how to optimize this process. In this paper, we propose an optimized model for network function orchestration, function combination model(FCM). Our main contributions are as following. First, network functions are featured with a new abstraction, and are open to external providers. And FCM identifies network functions using unique type, and organizes their instances distributed over the network with the appropriate way. Second, with the specialized demands, we can combine function instances under the global network views, and formulate it into the problem of Boolean linear program(BLP). A simulated annealing algorithm is designed to approach optimal solution for this BLP. Finally, the numerical experiment demonstrates that our model can create outstanding composite schemas efficiently.

A Game-Theoretic Approach to Elastic Control in Software-Defined Networking

Elastic control could balance the distributed control plane in Software-Defined Networking(SDN). Dynamic switch migration has been proposed to achieve it. However, existing schemes mainly focus on how to execute migration operation, but not why. This paper designs a decision-making mechanism based on zero-sum game theory to reelect a new controller as the master for migrated switches. It first chooses a switch for migration in the heavy controller which invites its neighbors as the game players to compete for the master role of this switch in the game-playing field(GPF) which is an occasional and loose domain for game-playing. Second, based on the concept of GPF, we design a decentralized strategy to play the game and determine which player as the final master. We implement it by extending the Open Flow protocol. Finally, numerical results demonstrate that our distributed strategy can approach elastic control plane with better performance.

Towards a Dynamic Controller Scheduling-Timing Problem in Software-Defined Networking

Controller vulnerabilities allow malicious actors to disrupt or hijack the Software-Defined Networking. Traditionally, it is static mappings between the control plane and data plane. Adversaries have plenty of time to exploit the controller's vulnerabilities and launch attacks wisely. We tend to believe that dynamically altering such static mappings is a promising approach to alleviate this issue, since a moving target is difficult to be compromised even by skilled adversaries. It is critical to determine the right time to conduct scheduling and to balance the overhead afforded and the security levels guaranteed. Little previous work has been done to investigate the economical time in dynamic-scheduling controllers. In this paper, we take the first step to both theoretically and experimentally study the scheduling-timing problem in dynamic control plane. We model this problem as a renewal reward process and propose an optimal algorithm in deciding the right time to schedule with the objective of minimizing the long-term loss rate. In our experiments, simulations based on real network attack datasets are conducted and we demonstrate that our proposed algorithm outperforms given scheduling schemes.

Survey on quantitative evaluations of moving target defense

Quantitative evaluations are of great importance in network security decision-making.In recent years,moving target defense(MTD)has appeared to be a promising defense approach that blocks asymmetrical advantage of attackers and favors the defender-notwithstanding,it has a limited deployment due to its uncertain efficiency and effectiveness in defense.In that case,quantitative metrics and evaluations of MTD are essential to prove its capability and impulse its further research.This article presents a comprehensive survey on state-of-the-art quantitative evaluations.First,taxonomy of MTD techniques is stated according to the software stack model.Then,a concrete review and comparison on existing quantitative evaluations of MTD is presented.Finally,notice-worthy open issues regarding this topic are proposed along with the conclusions of previous studies.