Modern battlefield doctrine is based on mobility, flexibility, and rapid response to changing situations. As is well known, mobile ad hoc network systems are among the best utilities for battlefield activity. Although...Modern battlefield doctrine is based on mobility, flexibility, and rapid response to changing situations. As is well known, mobile ad hoc network systems are among the best utilities for battlefield activity. Although much research has been done on secure routing, security issues have largely been ignored in applying mobile ad hoc network theory to computer technology. An ad hoc network is usually assumed to be homogeneous, which is an irrational assumption for armies. It is clear that soldiers, commanders, and commanders-in-chief should have different security levels and computation powers as they have access to asymmetric resources. Imitating basic military rank levels in battlefield situations, how multilevel security can be introduced into ad hoc networks is indicated, thereby controlling restricted classified information flows among nodes that have different security levels.展开更多
The exponential advancement in telecommunication embeds the Internet in every aspect of communication.Interconnections of networks all over the world impose monumental risks on the Internet.A Flooding Attack(FA)is one...The exponential advancement in telecommunication embeds the Internet in every aspect of communication.Interconnections of networks all over the world impose monumental risks on the Internet.A Flooding Attack(FA)is one of the major intimidating risks on the Internet where legitimate users are prevented from accessing network services.Irrespective of the protective measures incorporated in the communication infrastructure,FA still persists due to the lack of global cooperation.Most of the existing mitigation is set up either at the traffic starting point or at the traffic ending point.Providing mitigation at one or the other end may not be a complete solution.To insist on better protection againstflooding attacks,this work proposes a cooperative multilevel defense mechanism.The proposed cooperative multilevel defense mechanism consists of two-level of mitigation.In thefirst level,it is proposed to design a Threshold-based rate-limiting with a Spoofing Resistant Tag(TSRT),as a source end countermeasure for High-Rate Flooding Attacks(HRFA)and spoofing attacks.In the second level,the accent is to discriminate normal traffic after Distributed Denial of Service(DDoS)traffic and drop the DDoS traffic at the destination end.Flow Congruence-based Selective Pushback(FCSP),as a destination-initiated countermeasure for the Low Rate Flooding Attack(LRFA).The source and the destination cooperate to identify and block the attack.A key advantage of this cooperative mechanism is that it can distinguish and channel down the attack traffic nearer to the starting point of the attack.The presentation of the agreeable cooperative multilevel safeguard mechanism is approved through broad recreation in NS-2.The investigation and the exploratory outcomes show that the proposed plan can effectively identify and shield from the attack.展开更多
Online review platforms are becoming increasingly popular,encouraging dishonest merchants and service providers to deceive customers by creating fake reviews for their goods or services.Using Sybil accounts,bot farms,...Online review platforms are becoming increasingly popular,encouraging dishonest merchants and service providers to deceive customers by creating fake reviews for their goods or services.Using Sybil accounts,bot farms,and real account purchases,immoral actors demonize rivals and advertise their goods.Most academic and industry efforts have been aimed at detecting fake/fraudulent product or service evaluations for years.The primary hurdle to identifying fraudulent reviews is the lack of a reliable means to distinguish fraudulent reviews from real ones.This paper adopts a semi-supervised machine learning method to detect fake reviews on any website,among other things.Online reviews are classified using a semi-supervised approach(PU-learning)since there is a shortage of labeled data,and they are dynamic.Then,classification is performed using the machine learning techniques Support Vector Machine(SVM)and Nave Bayes.The performance of the suggested system has been compared with standard works,and experimental findings are assessed using several assessment metrics.展开更多
The conception of multilevel security (MLS) is commonly used in the study of data model for secure database. But there are some limitations in the basic MLS model, such as inference channels. The availability and data...The conception of multilevel security (MLS) is commonly used in the study of data model for secure database. But there are some limitations in the basic MLS model, such as inference channels. The availability and data integrity of the system are seriously constrained by it′s 'No Read Up, No Write Down' property in the basic MLS model. In order to eliminate the covert channels, the polyinstantiation and the cover story are used in the new data model. The read and write rules have been redefined for improving the agility and usability of the system based on the MLS model. All the methods in the improved data model make the system more secure, agile and usable.展开更多
Traditional multi-level security(MLS)systems have the defect of centralizing authorized facilities,which is difficult to meet the security requirements of modern distributed peer-to-peer network architecture.Blockchai...Traditional multi-level security(MLS)systems have the defect of centralizing authorized facilities,which is difficult to meet the security requirements of modern distributed peer-to-peer network architecture.Blockchain is widely used in the field of access control with its decentralization,traceability and non-defective modification.Combining the blockchain technology and the Bell-LaPadula model,we propose a new access control model,named BCBLPM,for MLS environment.The“multi-chain”blockchain architecture is used for dividing resources into isolated access domains,providing a fine-grained data protection mechanism.The access control policies are implemented by smart contracts deployed in each access domain,so that the side chains of different access domains storage access records from outside and maintain the integrity of the records.Finally,we implement the BC-BLPM prototype system using the Hyperledger Fabric.The experimental and analytical results show that the model can adapt well to the needs of multi-level security environment,and it has the feasibility of application in actual scenarios.展开更多
XML's increasing popularity highlights the security demand for XML documents. A mandatory access control model for XML document is presented on the basis of investigation of the function dependency of XML documents a...XML's increasing popularity highlights the security demand for XML documents. A mandatory access control model for XML document is presented on the basis of investigation of the function dependency of XML documents and discussion of the integrity properties of multilevel XML document. Then, the algorithms for decomposition/recovery multilevel XML document into/from single level document are given, and the manipulation rules for typical operations of XQuery and XUpdate: QUERY, INSERT, UPDATE, and REMOVE, are elaborated. The multilevel XML document access model can meet the requirement of sensitive information processing application.展开更多
Deep learning(DL)is a subdivision of machine learning(ML)that employs numerous algorithms,each of which provides various explanations of the data it consumes;mobile ad-hoc networks(MANET)are growing in promi-nence.For...Deep learning(DL)is a subdivision of machine learning(ML)that employs numerous algorithms,each of which provides various explanations of the data it consumes;mobile ad-hoc networks(MANET)are growing in promi-nence.For reasons including node mobility,due to MANET’s potential to provide small-cost solutions for real-world contact challenges,decentralized management,and restricted bandwidth,MANETs are more vulnerable to security threats.When protecting MANETs from attack,encryption and authentication schemes have their limits.However,deep learning(DL)approaches in intrusion detection sys-tems(IDS)can adapt to the changing environment of MANETs and allow a sys-tem to make intrusion decisions while learning about its mobility in the environment.IDSs are a secondary defiance system for mobile ad-hoc networks vs.attacks since they monitor network traffic and report anything unusual.Recently,many scientists have employed deep neural networks(DNNs)to address intrusion detection concerns.This paper used MANET to recognize com-plex patterns by focusing on security standards through efficiency determination and identifying malicious nodes,and mitigating network attacks using the three algorithms presented Cascading Back Propagation Neural Network(CBPNN),Feedforward-Neural-Network(FNN),and Cascading-Back-Propagation-Neural-Network(CBPNN)(FFNN).In addition to Convolutional-Neural-Network(CNN),these primary forms of deep neural network(DNN)building designs are widely used to improve the performance of intrusion detection systems(IDS)and the use of IDS in conjunction with machine learning(ML).Further-more,machine learning(ML)techniques than their statistical and logical methods provide MANET network learning capabilities and encourage adaptation to differ-ent environments.Compared with another current model,The proposed model has better average receiving packet(ARP)and end-to-end(E2E)performance.The results have been obtained from CBP,FFNN and CNN 74%,82%and 85%,respectively,by the time(27,18,and 17 s).展开更多
Recently,automotive intrusion detection systems(IDSs)have emerged as promising defense approaches to counter attacks on in-vehicle networks(IVNs).However,the effectiveness of IDSs relies heavily on the quality of the ...Recently,automotive intrusion detection systems(IDSs)have emerged as promising defense approaches to counter attacks on in-vehicle networks(IVNs).However,the effectiveness of IDSs relies heavily on the quality of the datasets used for training and evaluation.Despite the availability of several datasets for automotive IDSs,there has been a lack of comprehensive analysis focusing on assessing these datasets.This paper aims to address the need for dataset assessment in the context of automotive IDSs.It proposes qualitative and quantitative metrics that are independent of specific automotive IDSs,to evaluate the quality of datasets.These metrics take into consideration various aspects such as dataset description,collection environment,and attack complexity.This paper evaluates eight commonly used datasets for automotive IDSs using the proposed metrics.The evaluation reveals biases in the datasets,particularly in terms of limited contexts and lack of diversity.Additionally,it highlights that the attacks in the datasets were mostly injected without considering normal behaviors,which poses challenges for training and evaluating machine learning-based IDSs.This paper emphasizes the importance of addressing the identified limitations in existing datasets to improve the performance and adaptability of automotive IDSs.The proposed metrics can serve as valuable guidelines for researchers and practitioners in selecting and constructing high-quality datasets for automotive security applications.Finally,this paper presents the requirements for high-quality datasets,including the need for representativeness,diversity,and balance.展开更多
Cyberattacks against highly integrated Internet of Things (IoT) servers, apps, and telecoms infrastructure are rapidly increasing when issues produced by IoT networks go unnoticed for an extended period. IoT interface...Cyberattacks against highly integrated Internet of Things (IoT) servers, apps, and telecoms infrastructure are rapidly increasing when issues produced by IoT networks go unnoticed for an extended period. IoT interface attacks must be evaluated in real-time for effective safety and security measures. This study implements a smart intrusion detection system (IDS) designed for IoT threats, and interoperability with IoT connectivity standards is offered by the identity solution. An IDS is a common type of network security technology that has recently received increasing interest in the research community. The system has already piqued the curiosity of scientific and industrial communities to identify intrusions. Several IDSs based on machine learning (ML) and deep learning (DL) have been proposed. This study introduces IDS-SIoDL, a novel IDS for IoT-based smart cities that integrates long shortterm memory (LSTM) and feature engineering. This model is tested using tensor processing unit (TPU) on the enhanced BoT-IoT, Edge-IIoT, and NSL-KDD datasets. Compared with current IDSs, the obtained results provide good assessment features, such as accuracy, recall, and precision, with approximately 0.9990 recording time and calculating times of approximately 600 and 6 ms for training and classification, respectively.展开更多
针对当前云计算环境中因缺乏多级安全机制而使结构化文档容易产生信息泄露和非授权访问等问题,提出基于行为的多级访问控制(action-based multilevel access control model,AMAC)模型并给出策略的形式化描述.利用信息流中的不干扰理论建...针对当前云计算环境中因缺乏多级安全机制而使结构化文档容易产生信息泄露和非授权访问等问题,提出基于行为的多级访问控制(action-based multilevel access control model,AMAC)模型并给出策略的形式化描述.利用信息流中的不干扰理论建立AMAC不干扰模型,并证明AMAC模型中多级访问控制策略的安全性.与已有访问控制模型的比较与分析表明,AMAC模型既可以利用角色、上下文和用户访问行为以提高访问控制策略的灵活性,还可以依据用户,用户访问行为和结构化文档的安全等级实现多级安全机制.展开更多
基金the National Natural Science Foundation of China (60773049)the Natural Science Foundationof Jiangsu Province (BK2007086)the Fundamental Research Project of Natural Science in Colleges of Jiangsu Province(07KJB520016).
文摘Modern battlefield doctrine is based on mobility, flexibility, and rapid response to changing situations. As is well known, mobile ad hoc network systems are among the best utilities for battlefield activity. Although much research has been done on secure routing, security issues have largely been ignored in applying mobile ad hoc network theory to computer technology. An ad hoc network is usually assumed to be homogeneous, which is an irrational assumption for armies. It is clear that soldiers, commanders, and commanders-in-chief should have different security levels and computation powers as they have access to asymmetric resources. Imitating basic military rank levels in battlefield situations, how multilevel security can be introduced into ad hoc networks is indicated, thereby controlling restricted classified information flows among nodes that have different security levels.
文摘The exponential advancement in telecommunication embeds the Internet in every aspect of communication.Interconnections of networks all over the world impose monumental risks on the Internet.A Flooding Attack(FA)is one of the major intimidating risks on the Internet where legitimate users are prevented from accessing network services.Irrespective of the protective measures incorporated in the communication infrastructure,FA still persists due to the lack of global cooperation.Most of the existing mitigation is set up either at the traffic starting point or at the traffic ending point.Providing mitigation at one or the other end may not be a complete solution.To insist on better protection againstflooding attacks,this work proposes a cooperative multilevel defense mechanism.The proposed cooperative multilevel defense mechanism consists of two-level of mitigation.In thefirst level,it is proposed to design a Threshold-based rate-limiting with a Spoofing Resistant Tag(TSRT),as a source end countermeasure for High-Rate Flooding Attacks(HRFA)and spoofing attacks.In the second level,the accent is to discriminate normal traffic after Distributed Denial of Service(DDoS)traffic and drop the DDoS traffic at the destination end.Flow Congruence-based Selective Pushback(FCSP),as a destination-initiated countermeasure for the Low Rate Flooding Attack(LRFA).The source and the destination cooperate to identify and block the attack.A key advantage of this cooperative mechanism is that it can distinguish and channel down the attack traffic nearer to the starting point of the attack.The presentation of the agreeable cooperative multilevel safeguard mechanism is approved through broad recreation in NS-2.The investigation and the exploratory outcomes show that the proposed plan can effectively identify and shield from the attack.
文摘Online review platforms are becoming increasingly popular,encouraging dishonest merchants and service providers to deceive customers by creating fake reviews for their goods or services.Using Sybil accounts,bot farms,and real account purchases,immoral actors demonize rivals and advertise their goods.Most academic and industry efforts have been aimed at detecting fake/fraudulent product or service evaluations for years.The primary hurdle to identifying fraudulent reviews is the lack of a reliable means to distinguish fraudulent reviews from real ones.This paper adopts a semi-supervised machine learning method to detect fake reviews on any website,among other things.Online reviews are classified using a semi-supervised approach(PU-learning)since there is a shortage of labeled data,and they are dynamic.Then,classification is performed using the machine learning techniques Support Vector Machine(SVM)and Nave Bayes.The performance of the suggested system has been compared with standard works,and experimental findings are assessed using several assessment metrics.
文摘The conception of multilevel security (MLS) is commonly used in the study of data model for secure database. But there are some limitations in the basic MLS model, such as inference channels. The availability and data integrity of the system are seriously constrained by it′s 'No Read Up, No Write Down' property in the basic MLS model. In order to eliminate the covert channels, the polyinstantiation and the cover story are used in the new data model. The read and write rules have been redefined for improving the agility and usability of the system based on the MLS model. All the methods in the improved data model make the system more secure, agile and usable.
文摘Traditional multi-level security(MLS)systems have the defect of centralizing authorized facilities,which is difficult to meet the security requirements of modern distributed peer-to-peer network architecture.Blockchain is widely used in the field of access control with its decentralization,traceability and non-defective modification.Combining the blockchain technology and the Bell-LaPadula model,we propose a new access control model,named BCBLPM,for MLS environment.The“multi-chain”blockchain architecture is used for dividing resources into isolated access domains,providing a fine-grained data protection mechanism.The access control policies are implemented by smart contracts deployed in each access domain,so that the side chains of different access domains storage access records from outside and maintain the integrity of the records.Finally,we implement the BC-BLPM prototype system using the Hyperledger Fabric.The experimental and analytical results show that the model can adapt well to the needs of multi-level security environment,and it has the feasibility of application in actual scenarios.
基金The National Natural Science Foundationof China (No.60703048)Hubei Municipal Natural Science Foundation (No.2007ABA313)
文摘XML's increasing popularity highlights the security demand for XML documents. A mandatory access control model for XML document is presented on the basis of investigation of the function dependency of XML documents and discussion of the integrity properties of multilevel XML document. Then, the algorithms for decomposition/recovery multilevel XML document into/from single level document are given, and the manipulation rules for typical operations of XQuery and XUpdate: QUERY, INSERT, UPDATE, and REMOVE, are elaborated. The multilevel XML document access model can meet the requirement of sensitive information processing application.
文摘Deep learning(DL)is a subdivision of machine learning(ML)that employs numerous algorithms,each of which provides various explanations of the data it consumes;mobile ad-hoc networks(MANET)are growing in promi-nence.For reasons including node mobility,due to MANET’s potential to provide small-cost solutions for real-world contact challenges,decentralized management,and restricted bandwidth,MANETs are more vulnerable to security threats.When protecting MANETs from attack,encryption and authentication schemes have their limits.However,deep learning(DL)approaches in intrusion detection sys-tems(IDS)can adapt to the changing environment of MANETs and allow a sys-tem to make intrusion decisions while learning about its mobility in the environment.IDSs are a secondary defiance system for mobile ad-hoc networks vs.attacks since they monitor network traffic and report anything unusual.Recently,many scientists have employed deep neural networks(DNNs)to address intrusion detection concerns.This paper used MANET to recognize com-plex patterns by focusing on security standards through efficiency determination and identifying malicious nodes,and mitigating network attacks using the three algorithms presented Cascading Back Propagation Neural Network(CBPNN),Feedforward-Neural-Network(FNN),and Cascading-Back-Propagation-Neural-Network(CBPNN)(FFNN).In addition to Convolutional-Neural-Network(CNN),these primary forms of deep neural network(DNN)building designs are widely used to improve the performance of intrusion detection systems(IDS)and the use of IDS in conjunction with machine learning(ML).Further-more,machine learning(ML)techniques than their statistical and logical methods provide MANET network learning capabilities and encourage adaptation to differ-ent environments.Compared with another current model,The proposed model has better average receiving packet(ARP)and end-to-end(E2E)performance.The results have been obtained from CBP,FFNN and CNN 74%,82%and 85%,respectively,by the time(27,18,and 17 s).
基金supported in part by the 2021 Autonomous Driving Development Innovation Project of the Ministry of Science and ICT,‘Development of Technology for Security and Ultra-High-Speed Integrity of the Next-Generation Internal Net-Work of Autonomous Vehicles’(No.2021-0-01348)and in part by the National Research Foundation of Korea(NRF)grant funded by the Korean Government Ministry of Science and ICT(MSIT)under Grant NRF-2021R1A2C2014428.
文摘Recently,automotive intrusion detection systems(IDSs)have emerged as promising defense approaches to counter attacks on in-vehicle networks(IVNs).However,the effectiveness of IDSs relies heavily on the quality of the datasets used for training and evaluation.Despite the availability of several datasets for automotive IDSs,there has been a lack of comprehensive analysis focusing on assessing these datasets.This paper aims to address the need for dataset assessment in the context of automotive IDSs.It proposes qualitative and quantitative metrics that are independent of specific automotive IDSs,to evaluate the quality of datasets.These metrics take into consideration various aspects such as dataset description,collection environment,and attack complexity.This paper evaluates eight commonly used datasets for automotive IDSs using the proposed metrics.The evaluation reveals biases in the datasets,particularly in terms of limited contexts and lack of diversity.Additionally,it highlights that the attacks in the datasets were mostly injected without considering normal behaviors,which poses challenges for training and evaluating machine learning-based IDSs.This paper emphasizes the importance of addressing the identified limitations in existing datasets to improve the performance and adaptability of automotive IDSs.The proposed metrics can serve as valuable guidelines for researchers and practitioners in selecting and constructing high-quality datasets for automotive security applications.Finally,this paper presents the requirements for high-quality datasets,including the need for representativeness,diversity,and balance.
文摘Cyberattacks against highly integrated Internet of Things (IoT) servers, apps, and telecoms infrastructure are rapidly increasing when issues produced by IoT networks go unnoticed for an extended period. IoT interface attacks must be evaluated in real-time for effective safety and security measures. This study implements a smart intrusion detection system (IDS) designed for IoT threats, and interoperability with IoT connectivity standards is offered by the identity solution. An IDS is a common type of network security technology that has recently received increasing interest in the research community. The system has already piqued the curiosity of scientific and industrial communities to identify intrusions. Several IDSs based on machine learning (ML) and deep learning (DL) have been proposed. This study introduces IDS-SIoDL, a novel IDS for IoT-based smart cities that integrates long shortterm memory (LSTM) and feature engineering. This model is tested using tensor processing unit (TPU) on the enhanced BoT-IoT, Edge-IIoT, and NSL-KDD datasets. Compared with current IDSs, the obtained results provide good assessment features, such as accuracy, recall, and precision, with approximately 0.9990 recording time and calculating times of approximately 600 and 6 ms for training and classification, respectively.
文摘针对当前云计算环境中因缺乏多级安全机制而使结构化文档容易产生信息泄露和非授权访问等问题,提出基于行为的多级访问控制(action-based multilevel access control model,AMAC)模型并给出策略的形式化描述.利用信息流中的不干扰理论建立AMAC不干扰模型,并证明AMAC模型中多级访问控制策略的安全性.与已有访问控制模型的比较与分析表明,AMAC模型既可以利用角色、上下文和用户访问行为以提高访问控制策略的灵活性,还可以依据用户,用户访问行为和结构化文档的安全等级实现多级安全机制.
