Distributed Platooning Control of Automated Vehicles Subject to Replay Attacks Based on Proportional Integral Observers

Secure platooning control plays an important role in enhancing the cooperative driving safety of automated vehicles subject to various security vulnerabilities.This paper focuses on the distributed secure control issue of automated vehicles affected by replay attacks.A proportional-integral-observer(PIO)with predetermined forgetting parameters is first constructed to acquire the dynamical information of vehicles.Then,a time-varying parameter and two positive scalars are employed to describe the temporal behavior of replay attacks.In light of such a scheme and the common properties of Laplace matrices,the closed-loop system with PIO-based controllers is transformed into a switched and time-delayed one.Furthermore,some sufficient conditions are derived to achieve the desired platooning performance by the view of the Lyapunov stability theory.The controller gains are analytically determined by resorting to the solution of certain matrix inequalities only dependent on maximum and minimum eigenvalues of communication topologies.Finally,a simulation example is provided to illustrate the effectiveness of the proposed control strategy.

Ensuring Secure Platooning of Constrained Intelligent and Connected Vehicles Against Byzantine Attacks:A Distributed MPC Framework

This study investigates resilient platoon control for constrained intelligent and connected vehicles(ICVs)against F-local Byzantine attacks.We introduce a resilient distributed model-predictive platooning control framework for such ICVs.This framework seamlessly integrates the predesigned optimal control with distributed model predictive control(DMPC)optimization and introduces a unique distributed attack detector to ensure the reliability of the transmitted information among vehicles.Notably,our strategy uses previously broadcasted information and a specialized convex set,termed the“resilience set”,to identify unreliable data.This approach significantly eases graph robustness prerequisites,requiring only an(F+1)-robust graph,in contrast to the established mean sequence reduced algorithms,which require a minimum(2F+1)-robust graph.Additionally,we introduce a verification algorithm to restore trust in vehicles under minor attacks,further reducing communication network robustness.Our analysis demonstrates the recursive feasibility of the DMPC optimization.Furthermore,the proposed method achieves exceptional control performance by minimizing the discrepancies between the DMPC control inputs and predesigned platoon control inputs,while ensuring constraint compliance and cybersecurity.Simulation results verify the effectiveness of our theoretical findings.

Evaluating the Efficacy of Latent Variables in Mitigating Data Poisoning Attacks in the Context of Bayesian Networks:An Empirical Study

Bayesian networks are a powerful class of graphical decision models used to represent causal relationships among variables.However,the reliability and integrity of learned Bayesian network models are highly dependent on the quality of incoming data streams.One of the primary challenges with Bayesian networks is their vulnerability to adversarial data poisoning attacks,wherein malicious data is injected into the training dataset to negatively influence the Bayesian network models and impair their performance.In this research paper,we propose an efficient framework for detecting data poisoning attacks against Bayesian network structure learning algorithms.Our framework utilizes latent variables to quantify the amount of belief between every two nodes in each causal model over time.We use our innovative methodology to tackle an important issue with data poisoning assaults in the context of Bayesian networks.With regard to four different forms of data poisoning attacks,we specifically aim to strengthen the security and dependability of Bayesian network structure learning techniques,such as the PC algorithm.By doing this,we explore the complexity of this area and offer workablemethods for identifying and reducing these sneaky dangers.Additionally,our research investigates one particular use case,the“Visit to Asia Network.”The practical consequences of using uncertainty as a way to spot cases of data poisoning are explored in this inquiry,which is of utmost relevance.Our results demonstrate the promising efficacy of latent variables in detecting and mitigating the threat of data poisoning attacks.Additionally,our proposed latent-based framework proves to be sensitive in detecting malicious data poisoning attacks in the context of stream data.

An Improved Framework of Massive Superpoly Recovery in Cube Attacks Against NFSR-Based Stream Ciphers

A critical problem in the cube attack is how to recover superpolies efficiently.As the targeting number of rounds of an iterative stream cipher increases,the scale of its superpolies becomes larger and larger.Recently,to recover massive superpolies,the nested monomial prediction technique,the algorithm based on the divide-and-conquer strategy,and stretching cube attacks were proposed,which have been used to recover a superpoly with over ten million monomials for the NFSR-based stream ciphers such as Trivium and Grain-128AEAD.Nevertheless,when these methods are used to recover superpolies,many invalid calculations are performed,which makes recovering superpolies more difficult.This study finds an interesting observation that can be used to improve the above methods.Based on the observation,a new method is proposed to avoid a part of invalid calculations during the process of recovering superpolies.Then,the new method is applied to the nested monomial prediction technique and an improved superpoly recovery framework is presented.To verify the effectiveness of the proposed scheme,the improved framework is applied to 844-and 846-round Trivium and the exact ANFs of the superpolies is obtained with over one hundred million monomials,showing the improved superpoly recovery technique is powerful.Besides,extensive experiments on other scaled-down variants of NFSR-based stream ciphers show that the proposed scheme indeed could be more efficient on the superpoly recovery against NFSR-based stream ciphers.

A Security Trade-Off Scheme of Anomaly Detection System in IoT to Defend against Data-Tampering Attacks

Internet of Things(IoT)is vulnerable to data-tampering(DT)attacks.Due to resource limitations,many anomaly detection systems(ADSs)for IoT have high false positive rates when detecting DT attacks.This leads to the misreporting of normal data,which will impact the normal operation of IoT.To mitigate the impact caused by the high false positive rate of ADS,this paper proposes an ADS management scheme for clustered IoT.First,we model the data transmission and anomaly detection in clustered IoT.Then,the operation strategy of the clustered IoT is formulated as the running probabilities of all ADSs deployed on every IoT device.In the presence of a high false positive rate in ADSs,to deal with the trade-off between the security and availability of data,we develop a linear programming model referred to as a security trade-off(ST)model.Next,we develop an analysis framework for the ST model,and solve the ST model on an IoT simulation platform.Last,we reveal the effect of some factors on the maximum combined detection rate through theoretical analysis.Simulations show that the ADS management scheme can mitigate the data unavailability loss caused by the high false positive rates in ADS.

Security Concerns with IoT Routing: A Review of Attacks, Countermeasures, and Future Prospects

Today’s Internet of Things (IoT) application domains are widely distributed, which exposes them to several security risks and assaults, especially when data is being transferred between endpoints with constrained resources and the backbone network. Numerous researchers have put a lot of effort into addressing routing protocol security vulnerabilities, particularly regarding IoT RPL-based networks. Despite multiple studies on the security of IoT routing protocols, routing attacks remain a major focus of ongoing research in IoT contexts. This paper examines the different types of routing attacks, how they affect Internet of Things networks, and how to mitigate them. Then, it provides an overview of recently published work on routing threats, primarily focusing on countermeasures, highlighting noteworthy security contributions, and drawing conclusions. Consequently, it achieves the study’s main objectives by summarizing intriguing current research trends in IoT routing security, pointing out knowledge gaps in this field, and suggesting directions and recommendations for future research on IoT routing security.

A Novel Intrusion Detection Model of Unknown Attacks Using Convolutional Neural Networks

With the increasing number of connected devices in the Internet of Things(IoT)era,the number of intrusions is also increasing.An intrusion detection system(IDS)is a secondary intelligent system for monitoring,detecting and alerting against malicious activity.IDS is important in developing advanced security models.This study reviews the importance of various techniques,tools,and methods used in IoT detection and/or prevention systems.Specifically,it focuses on machine learning(ML)and deep learning(DL)techniques for IDS.This paper proposes an accurate intrusion detection model to detect traditional and new attacks on the Internet of Vehicles.To speed up the detection of recent attacks,the proposed network architecture developed at the data processing layer is incorporated with a convolutional neural network(CNN),which performs better than a support vector machine(SVM).Processing data are enhanced using the synthetic minority oversampling technique to ensure learning accuracy.The nearest class mean classifier is applied during the testing phase to identify new attacks.Experimental results using the AWID dataset,which is one of the most common open intrusion detection datasets,revealed a higher detection accuracy(94%)compared to SVM and random forest methods.

CL2ES-KDBC:A Novel Covariance Embedded Selection Based on Kernel Distributed Bayes Classifier for Detection of Cyber-Attacks in IoT Systems

The Internet of Things(IoT)is a growing technology that allows the sharing of data with other devices across wireless networks.Specifically,IoT systems are vulnerable to cyberattacks due to its opennes The proposed work intends to implement a new security framework for detecting the most specific and harmful intrusions in IoT networks.In this framework,a Covariance Linear Learning Embedding Selection(CL2ES)methodology is used at first to extract the features highly associated with the IoT intrusions.Then,the Kernel Distributed Bayes Classifier(KDBC)is created to forecast attacks based on the probability distribution value precisely.In addition,a unique Mongolian Gazellas Optimization(MGO)algorithm is used to optimize the weight value for the learning of the classifier.The effectiveness of the proposed CL2ES-KDBC framework has been assessed using several IoT cyber-attack datasets,The obtained results are then compared with current classification methods regarding accuracy(97%),precision(96.5%),and other factors.Computational analysis of the CL2ES-KDBC system on IoT intrusion datasets is performed,which provides valuable insight into its performance,efficiency,and suitability for securing IoT networks.

Threshold-Based Software-Defined Networking(SDN)Solution for Healthcare Systems against Intrusion Attacks

The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.

Intelligent Detection and Identification of Attacks in IoT Networks Based on the Combination of DNN and LSTM Methods with a Set of Classifiers

Internet of Things (IoT) networks present unique cybersecurity challenges due to their distributed and heterogeneous nature. Our study explores the effectiveness of two types of deep learning models, long-term memory neural networks (LSTMs) and deep neural networks (DNNs), for detecting attacks in IoT networks. We evaluated the performance of six hybrid models combining LSTM or DNN feature extractors with classifiers such as Random Forest, k-Nearest Neighbors and XGBoost. The LSTM-RF and LSTM-XGBoost models showed lower accuracy variability in the face of different types of attack, indicating greater robustness. The LSTM-RF and LSTM-XGBoost models show variability in results, with accuracies between 58% and 99% for attack types, while LSTM-KNN has higher but more variable accuracies, between 72% and 99%. The DNN-RF and DNN-XGBoost models show lower variability in their results, with accuracies between 59% and 99%, while DNN-KNN has higher but more variable accuracies, between 71% and 99%. LSTM-based models are proving to be more effective for detecting attacks in IoT networks, particularly for sophisticated attacks. However, the final choice of model depends on the constraints of the application, taking into account a trade-off between accuracy and complexity.

FMHADP:Design of an Efficient Pre-Forensic Layer for Mitigating Hybrid Attacks via Deep Learning Pattern Analysis

Network attack detection and mitigation require packet collection,pre-processing,feature analysis,classification,and post-processing.Models for these tasks sometimes become complex or inefficient when applied to real-time data samples.To mitigate hybrid assaults,this study designs an efficient forensic layer employing deep learning pattern analysis and multidomain feature extraction.In this paper,we provide a novel multidomain feature extraction method using Fourier,Z,Laplace,Discrete Cosine Transform(DCT),1D Haar Wavelet,Gabor,and Convolutional Operations.Evolutionary method dragon fly optimisation reduces feature dimensionality and improves feature selection accuracy.The selected features are fed into VGGNet and GoogLeNet models using binary cascaded neural networks to analyse network traffic patterns,detect anomalies,and warn network administrators.The suggested model tackles the inadequacies of existing approaches to hybrid threats,which are growing more common and challenge conventional security measures.Our model integrates multidomain feature extraction,deep learning pattern analysis,and the forensic layer to improve intrusion detection and prevention systems.In diverse attack scenarios,our technique has 3.5% higher accuracy,4.3% higher precision,8.5% higher recall,and 2.9% lower delay than previous models.

A Survey of Cyber Attacks on Cyber Physical Systems:Recent Advances and Challenges

A cyber physical system(CPS)is a complex system that integrates sensing,computation,control and networking into physical processes and objects over Internet.It plays a key role in modern industry since it connects physical and cyber worlds.In order to meet ever-changing industrial requirements,its structures and functions are constantly improved.Meanwhile,new security issues have arisen.A ubiquitous problem is the fact that cyber attacks can cause significant damage to industrial systems,and thus has gained increasing attention from researchers and practitioners.This paper presents a survey of state-of-the-art results of cyber attacks on cyber physical systems.First,as typical system models are employed to study these systems,time-driven and event-driven systems are reviewed.Then,recent advances on three types of attacks,i.e.,those on availability,integrity,and confidentiality are discussed.In particular,the detailed studies on availability and integrity attacks are introduced from the perspective of attackers and defenders.Namely,both attack and defense strategies are discussed based on different system models.Some challenges and open issues are indicated to guide future research and inspire the further exploration of this increasingly important area.

Hawk mimicry does not reduce attacks of cuckoos by highly aggressive hosts

Background: Resemblance to raptors such as hawks(Accipiter spp.) is considered to be an adaptive strategy of cuckoos(Cuculus spp.), which has evolved to protect cuckoos against host attacks. However, the effectiveness of the mimicry remains controversial, and is not yet fully studied for highly aggressive hosts.Methods: We evaluated the effectiveness of sparrowhawk(Accipiter nisus) mimicry by common cuckoos(Cuculus canorus) in oriental reed warblers(Acrocephaus orientalis), which are highly aggressive hosts. Using a both the single and the paired dummy experiment, defense behaviors and attack intensities of oriental reed warblers against common cuckoos, sparrowhawks and oriental turtle doves(Streptopelia orientalis) were assessed.Results: Oriental reed warblers exhibit strong nest defense behaviors, and such behaviors do not change with breeding stage(i.e., egg stage and nestling stage). Furthermore, assistance from conspecific helpers may increase attack intensities. However, they were deterred from mobbing overall by the presence of the hawk.Conclusions: Oriental reed warblers are able to distinguish cuckoos from harmless doves. However, they may be deterred from mobbing by the presence of the predatory hawk, suggesting hawk mimicry may be ineffective and does not reduce attacks of cuckoos by highly aggressive hosts.

An Ensemble Detection Method for Shilling Attacks Based on Features of Automatic Extraction

Faced with the evolving attacks in recommender systems, many detection features have been proposed by human engineering and used in supervised or unsupervised detection methods. However, the detection features extracted by human engineering are usually aimed at some specific types of attacks. To further detect other new types of attacks, the traditional methods have to re-extract detection features with high knowledge cost. To address these limitations, the method for automatic extraction of robust features is proposed and then an Adaboost-based detection method is presented. Firstly, to obtain robust representation with prior knowledge, unlike uniform corruption rate in traditional mLDA(marginalized Linear Denoising Autoencoder), different corruption rates for items are calculated according to the ratings’ distribution. Secondly, the ratings sparsity is used to weight the mapping matrix to extract low-dimensional representation. Moreover, the uniform corruption rate is also set to the next layer in mSLDA(marginalized Stacked Linear Denoising Autoencoder) to extract the stable and robust user features. Finally, under the robust feature space, an Adaboost-based detection method is proposed to alleviate the imbalanced classification problem. Experimental results on the Netflix and Amazon review datasets indicate that the proposed method can effectively detect various attacks.

通过Glibc堆信息提取检测house of spirit类型攻击

目前有关堆的取证研究主要是针对Windows系统的堆和NT堆,然而怎样从转储文件中提取出Linux系统Glibc堆信息并没有得到充分的研究。为了重现Linux系统中Glibc堆的内部信息,采用内存对象vtype描述信息中字段偏移定位结合在内存中Glibc堆实现的方法提取Glibc堆内部信息。并基于此方法研发了基于Rekall框架的3个堆信息提取插件。还研究了house of spirit类型的堆攻击,建立了攻击模型并提取其攻击特征。基于提取的攻击特征设计出针对house of spirit攻击的检测算法。在堆信息提取插件的基础上研发了攻击检测插件。实验结果表明本方法可以有效地提取Linux系统进程中堆在内存中的信息,并且基于这些信息结合攻击检测算法成功检测内存中的house of spirit类型攻击。

Denial of Service Due to Direct and Indirect ARP Storm Attacks in LAN Environment

ARP-based Distributed Denial of Service (DDoS) attacks due to ARP-storms can happen in local area networks where many computer systems are infected by worms such as Code Red or by DDoS agents. In ARP attack, the DDoS agents constantly send a barrage of ARP requests to the gateway, or to a victim computer within the same sub-network, and tie up the resource of attacked gateway or host. In this paper, we set to measure the impact of ARP-attack on resource exhaustion of computers in a local area network. Based on attack experiments, we measure the exhaustion of processing and memory resources of a victim computer and also other computers, which are located on the same network as the victim computer. Interestingly enough, it is observed that an ARP-attack not only exhausts resource of the victim computer but also significantly exhausts processing resource of other non-victim computers, which happen to be located on the same local area network as the victim computer.

Clinical analysis on neuroprotection of transient ischemic attacks

Transient ischemic attack（TIA） is an acute cerebrovascular incident,and is generally considered the best opportunity for early neuroprotective treatment against cerebral ischemia.This study retrospectively analyzed 80 patients with TIA（38 males and 42 females）.Among 61 patients who received neuroprotective cerebrolysin treatment within 24 hours after TIA onset,13（21.31%） patients suffered subsequent strokes.Among 19 patients who received neuroprotective cerebrolysin treatment within 24-72 hours after TIA onset,seven（36.84%） developed cerebral infarction.There was a significant difference in the proportion of subsequent strokes between patients receiving cerebrolysin treatment within 24 hours and 24-72 hours after TIA onset（P = 0.438）.These findings suggest that neuroprotective drugs administrated within 24 hours after TIA onset help reduce the incidence of subsequent strokes.The results demonstrate usefulness of the ABCD2 score at TIA patients in the determination of short-term and long-term cerebrovascular risk,including the frequency of subsequent ischemic cerebral infarctions up to 12 months.

Automated Controller Placement for Software-Defined Networks to Resist DDoS Attacks

In software-defined networks(SDNs),controller placement is a critical factor in the design and planning for the future Internet of Things(IoT),telecommunication,and satellite communication systems.Existing research has concentrated largely on factors such as reliability,latency,controller capacity,propagation delay,and energy consumption.However,SDNs are vulnerable to distributed denial of service(DDoS)attacks that interfere with legitimate use of the network.The ever-increasing frequency of DDoS attacks has made it necessary to consider them in network design,especially in critical applications such as military,health care,and financial services networks requiring high availability.We propose a mathematical model for planning the deployment of SDN smart backup controllers(SBCs)to preserve service in the presence of DDoS attacks.Given a number of input parameters,our model has two distinct capabilities.First,it determines the optimal number of primary controllers to place at specific locations or nodes under normal operating conditions.Second,it recommends an optimal number of smart backup controllers for use with different levels of DDoS attacks.The goal of the model is to improve resistance to DDoS attacks while optimizing the overall cost based on the parameters.Our simulated results demonstrate that the model is useful in planning for SDN reliability in the presence of DDoS attacks while managing the overall cost.

Apple’s Lion vs Microsoft’s Windows 7: Comparing Built-In Protection against ICMP Flood Attacks

With the increase in the number of computers connected to Internet, the number of Distributed Denial of Service (DDoS) attacks has also been increasing. A DDoS attack consumes the computing resources of a computer or a server, by degrading its computing performance or by preventing legitimate users from accessing its services. Recently, Operating Systems (OS) are increasingly deploying embedded DDoS prevention schemes to prevent computing exhaustion caused by such attacks. In this paper, we compare the effectiveness of two popular operating systems, namely the Apple’s Lion and Microsoft’s Windows 7, against DDoS attacks. We compare the computing performance of these operating systems under two ICMP based DDoS attacks. Since the role of the OS is to manage the computer or servers resources as efficiently as possible, in this paper we investigate which OS manages its computing resources more efficiently. In this paper, we evaluate and compare the built-in security of these two operating systems by using an iMac computer which is capable of running both Windows 7 and Lion. The DDoS attacks that are simulated for this paper are the ICMP Ping and Land Attack. For this experiment, we measure the exhaustion of the processors and the number of Echo Request and Echo Reply messages that were generated under varying attack loads for both the Ping and Land Attack. From our experiments, we found that both operating systems were able to survive the attacks however they reacted a bit differently under attack. The Operating System Lion was handling both the Ping and Land attack in the exactly the same way, whereas Windows 7 handled the two attacks a bit differently, resulting in different processor consumptions by two different operating systems.

Performance analysis of mobile ad hoc networks under flooding attacks

Due to their characteristics of dynamic topology, wireless channels and limited resources, mobile ad hoc networks are particularly vulnerable to a denial of service （DoS） attacks launched by intruders. The effects of flooding attacks in network simulation 2 （NS2） and measured performance parameters are investigated, including packet loss ratio, average delay, throughput and average number of hops under different numbers of attack nodes, flooding frequency, network bandwidth and network size. Simulation results show that with the increase of the flooding frequency and the number of attack nodes, network performance sharply drops. But when the frequency of flooding attacks or the number of attack nodes is greater than a certain value, performance degradation tends to a stable value.