Adversarial distillation(AD)has emerged as a potential solution to tackle the challenging optimization problem of loss with hard labels in adversarial training.However,fixed sample-agnostic and student-egocentric atta...Adversarial distillation(AD)has emerged as a potential solution to tackle the challenging optimization problem of loss with hard labels in adversarial training.However,fixed sample-agnostic and student-egocentric attack strategies are unsuitable for distillation.Additionally,the reliability of guidance from static teachers diminishes as target models become more robust.This paper proposes an AD method called Learnable Distillation Attack Strategies and Evolvable Teachers Adversarial Distillation(LDAS&ET-AD).Firstly,a learnable distillation attack strategies generating mechanism is developed to automatically generate sample-dependent attack strategies tailored for distillation.A strategy model is introduced to produce attack strategies that enable adversarial examples(AEs)to be created in areas where the target model significantly diverges from the teachers by competing with the target model in minimizing or maximizing the AD loss.Secondly,a teacher evolution strategy is introduced to enhance the reliability and effectiveness of knowledge in improving the generalization performance of the target model.By calculating the experimentally updated target model’s validation performance on both clean samples and AEs,the impact of distillation from each training sample and AE on the target model’s generalization and robustness abilities is assessed to serve as feedback to fine-tune standard and robust teachers accordingly.Experiments evaluate the performance of LDAS&ET-AD against different adversarial attacks on the CIFAR-10 and CIFAR-100 datasets.The experimental results demonstrate that the proposed method achieves a robust precision of 45.39%and 42.63%against AutoAttack(AA)on the CIFAR-10 dataset for ResNet-18 and MobileNet-V2,respectively,marking an improvement of 2.31%and 3.49%over the baseline method.In comparison to state-of-the-art adversarial defense techniques,our method surpasses Introspective Adversarial Distillation,the top-performing method in terms of robustness under AA attack for the CIFAR-10 dataset,with enhancements of 1.40%and 1.43%for ResNet-18 and MobileNet-V2,respectively.These findings demonstrate the effectiveness of our proposed method in enhancing the robustness of deep learning networks(DNNs)against prevalent adversarial attacks when compared to other competing methods.In conclusion,LDAS&ET-AD provides reliable and informative soft labels to one of the most promising defense methods,AT,alleviating the limitations of untrusted teachers and unsuitable AEs in existing AD techniques.We hope this paper promotes the development of DNNs in real-world trust-sensitive fields and helps ensure a more secure and dependable future for artificial intelligence systems.展开更多
A cyber physical system(CPS)is a complex system that integrates sensing,computation,control and networking into physical processes and objects over Internet.It plays a key role in modern industry since it connects phy...A cyber physical system(CPS)is a complex system that integrates sensing,computation,control and networking into physical processes and objects over Internet.It plays a key role in modern industry since it connects physical and cyber worlds.In order to meet ever-changing industrial requirements,its structures and functions are constantly improved.Meanwhile,new security issues have arisen.A ubiquitous problem is the fact that cyber attacks can cause significant damage to industrial systems,and thus has gained increasing attention from researchers and practitioners.This paper presents a survey of state-of-the-art results of cyber attacks on cyber physical systems.First,as typical system models are employed to study these systems,time-driven and event-driven systems are reviewed.Then,recent advances on three types of attacks,i.e.,those on availability,integrity,and confidentiality are discussed.In particular,the detailed studies on availability and integrity attacks are introduced from the perspective of attackers and defenders.Namely,both attack and defense strategies are discussed based on different system models.Some challenges and open issues are indicated to guide future research and inspire the further exploration of this increasingly important area.展开更多
A kind of attack strategy based on a probabilistic cloning machine is proposed in this letter. The security of BB84 and the six-state quantum key distribution protocols under this attack is studied by theoretic analys...A kind of attack strategy based on a probabilistic cloning machine is proposed in this letter. The security of BB84 and the six-state quantum key distribution protocols under this attack is studied by theoretic analyses and corroborated by simulations. It is concluded that the quantum key distribution protocols still have an asymptotic perfect security even if the eavesdropper adopts the proposed attack strategy.展开更多
To investigate the attack and defense strategies in complex net works,the authors propose a two-player zero-sum static game model with complete information which considers attack and defense strategies simultaneously....To investigate the attack and defense strategies in complex net works,the authors propose a two-player zero-sum static game model with complete information which considers attack and defense strategies simultaneously.The authors assume that both the attacker and defender have two typical strategies:Targeted strategy and random strategy.The authors explore the Nash equilibriums of the attacker-defender game and demonstrate that when the attacker's attack resources are not so significantly abundant as the defender's resources,there exists a pure-strategy Nash equilibrium in both model net works and real-world net works,in which the defender protects the hub t arge ts with large degrees preferentially,while the attacker prefers selecting the targets randomly.When the attack resources are much higher than defense resources,both the attacker and the defender adopt the targeted strategy in equilibriums.This paper provides a new theoretical framework for the study of attack and defense st rat egies in complex net works.展开更多
This paper investigates the system security problem of cyber-physical systems(CPSs),which is not only more practical but also more significant to deal with than the detecting faults problem.The purpose of this paper i...This paper investigates the system security problem of cyber-physical systems(CPSs),which is not only more practical but also more significant to deal with than the detecting faults problem.The purpose of this paper is to find an optimal attack strat-egy that maximizes the output error of the attacked system with low energy consumption.Based on a general model of linear time-invariant systems and a key technical lemma,a new optimal attack strategy for the meticulously designed false data injection attack is constructed.It is worth mentioning that compared with the existing model-based attack strategies,the designed one is more general and the corresponding attack strategy is more easily implemented when system states and external input are inaccessible.Key to overcom-ing the inaccessible information,a dynamic observer in the form of Luenberger is constructed.Finally,a networked magnetic levitation steel ball movement system is applied to illustrate the effectiveness of the proposed scheme.展开更多
This paper investigates the system security problem of cyber-physical systems(CPSs),which is not only more practical but also more signi cant to deal with than the detecting faults problem.The purpose of this paper is...This paper investigates the system security problem of cyber-physical systems(CPSs),which is not only more practical but also more signi cant to deal with than the detecting faults problem.The purpose of this paper is to nd an optimal attack strategy that maximizes the output error of the attacked system with low energy consumption.Based on a general model of linear time-invariant systems and a key technical lemma,a new optimal attack strategy for the meticulously designed false data injection attack is constructed.It is worth mentioning that compared with the existing model-based attack strategies,the designed one is more general and the corresponding attack strategy is more easily implemented when system states and external input are inaccessible.Key to overcoming the inaccessible information,a dynamic observer in the form of Luenberger is constructed.Finally,a networked magnetic levitation steel ball movement system is applied to illustrate the e ectiveness of the proposed scheme.展开更多
Robustness of transportation networks is one of the major challenges of the 21 st century.This paper investigates the resilience of global air transportation from a complex network point of view,with focus on attackin...Robustness of transportation networks is one of the major challenges of the 21 st century.This paper investigates the resilience of global air transportation from a complex network point of view,with focus on attacking strategies in the airport network,i.e.,to remove airports from the system and see what could affect the air traffic system from a passenger's perspective.Specifically,we identify commonalities and differences between several robustness measures and attacking strategies,proposing a novel notion of functional robustness:unaffected passengers with rerouting.We apply twelve attacking strategies to the worldwide airport network with three weights,and evaluate three robustness measures.We find that degree and Bonacich based attacks harm passenger weighted network most.Our evaluation is geared toward a unified view on air transportation network attack and serves as a foundation on how to develop effective mitigation strategies.展开更多
It is universally acknowledged by network security experts that proactive peer-to-peer (P2P) worms may soon en-gender serious threats to the Internet infrastructures. These latent threats stimulate activities of model...It is universally acknowledged by network security experts that proactive peer-to-peer (P2P) worms may soon en-gender serious threats to the Internet infrastructures. These latent threats stimulate activities of modeling and analysis of the proactive P2P worm propagation. Based on the classical two-factor model,in this paper,we propose a novel proactive worm propagation model in unstructured P2P networks (called the four-factor model) by considering four factors:(1) network topology,(2) countermeasures taken by Internet service providers (ISPs) and users,(3) configuration diversity of nodes in the P2P network,and (4) attack and defense strategies. Simulations and experiments show that proactive P2P worms can be slowed down by two ways:improvement of the configuration diversity of the P2P network and using powerful rules to reinforce the most connected nodes from being compromised. The four-factor model provides a better description and prediction of the proactive P2P worm propagation.展开更多
The world airport network(WAN) is one of the networked infrastructures that shape today's economic and social activity, so its resilience against incidents affecting the WAN is an important problem. In this paper, ...The world airport network(WAN) is one of the networked infrastructures that shape today's economic and social activity, so its resilience against incidents affecting the WAN is an important problem. In this paper, the robustness of air route networks is extended by defining and testing several heuristics to define selection criteria to detect the critical nodes of the WAN.In addition to heuristics based on genetic algorithms and simulated annealing, custom heuristics based on node damage and node betweenness are defined. The most effective heuristic is a multiattack heuristic combining both custom heuristics. Results obtained are of importance not only for advance in the understanding of the structure of complex networks, but also for critical node detection.展开更多
基金the National Key Research and Development Program of China(2021YFB1006200)Major Science and Technology Project of Henan Province in China(221100211200).Grant was received by S.Li.
文摘Adversarial distillation(AD)has emerged as a potential solution to tackle the challenging optimization problem of loss with hard labels in adversarial training.However,fixed sample-agnostic and student-egocentric attack strategies are unsuitable for distillation.Additionally,the reliability of guidance from static teachers diminishes as target models become more robust.This paper proposes an AD method called Learnable Distillation Attack Strategies and Evolvable Teachers Adversarial Distillation(LDAS&ET-AD).Firstly,a learnable distillation attack strategies generating mechanism is developed to automatically generate sample-dependent attack strategies tailored for distillation.A strategy model is introduced to produce attack strategies that enable adversarial examples(AEs)to be created in areas where the target model significantly diverges from the teachers by competing with the target model in minimizing or maximizing the AD loss.Secondly,a teacher evolution strategy is introduced to enhance the reliability and effectiveness of knowledge in improving the generalization performance of the target model.By calculating the experimentally updated target model’s validation performance on both clean samples and AEs,the impact of distillation from each training sample and AE on the target model’s generalization and robustness abilities is assessed to serve as feedback to fine-tune standard and robust teachers accordingly.Experiments evaluate the performance of LDAS&ET-AD against different adversarial attacks on the CIFAR-10 and CIFAR-100 datasets.The experimental results demonstrate that the proposed method achieves a robust precision of 45.39%and 42.63%against AutoAttack(AA)on the CIFAR-10 dataset for ResNet-18 and MobileNet-V2,respectively,marking an improvement of 2.31%and 3.49%over the baseline method.In comparison to state-of-the-art adversarial defense techniques,our method surpasses Introspective Adversarial Distillation,the top-performing method in terms of robustness under AA attack for the CIFAR-10 dataset,with enhancements of 1.40%and 1.43%for ResNet-18 and MobileNet-V2,respectively.These findings demonstrate the effectiveness of our proposed method in enhancing the robustness of deep learning networks(DNNs)against prevalent adversarial attacks when compared to other competing methods.In conclusion,LDAS&ET-AD provides reliable and informative soft labels to one of the most promising defense methods,AT,alleviating the limitations of untrusted teachers and unsuitable AEs in existing AD techniques.We hope this paper promotes the development of DNNs in real-world trust-sensitive fields and helps ensure a more secure and dependable future for artificial intelligence systems.
基金supported by Institutional Fund Projects(IFPNC-001-135-2020)technical and financial support from the Ministry of Education and King Abdulaziz University,DSR,Jeddah,Saudi Arabia。
文摘A cyber physical system(CPS)is a complex system that integrates sensing,computation,control and networking into physical processes and objects over Internet.It plays a key role in modern industry since it connects physical and cyber worlds.In order to meet ever-changing industrial requirements,its structures and functions are constantly improved.Meanwhile,new security issues have arisen.A ubiquitous problem is the fact that cyber attacks can cause significant damage to industrial systems,and thus has gained increasing attention from researchers and practitioners.This paper presents a survey of state-of-the-art results of cyber attacks on cyber physical systems.First,as typical system models are employed to study these systems,time-driven and event-driven systems are reviewed.Then,recent advances on three types of attacks,i.e.,those on availability,integrity,and confidentiality are discussed.In particular,the detailed studies on availability and integrity attacks are introduced from the perspective of attackers and defenders.Namely,both attack and defense strategies are discussed based on different system models.Some challenges and open issues are indicated to guide future research and inspire the further exploration of this increasingly important area.
文摘A kind of attack strategy based on a probabilistic cloning machine is proposed in this letter. The security of BB84 and the six-state quantum key distribution protocols under this attack is studied by theoretic analyses and corroborated by simulations. It is concluded that the quantum key distribution protocols still have an asymptotic perfect security even if the eavesdropper adopts the proposed attack strategy.
基金supported by the National Natural Science Foundation of China under Grant Nos.71871217 and 71371185the Natural Science Foundation of Hunan Province under Grant No.2019JJ20019
文摘To investigate the attack and defense strategies in complex net works,the authors propose a two-player zero-sum static game model with complete information which considers attack and defense strategies simultaneously.The authors assume that both the attacker and defender have two typical strategies:Targeted strategy and random strategy.The authors explore the Nash equilibriums of the attacker-defender game and demonstrate that when the attacker's attack resources are not so significantly abundant as the defender's resources,there exists a pure-strategy Nash equilibrium in both model net works and real-world net works,in which the defender protects the hub t arge ts with large degrees preferentially,while the attacker prefers selecting the targets randomly.When the attack resources are much higher than defense resources,both the attacker and the defender adopt the targeted strategy in equilibriums.This paper provides a new theoretical framework for the study of attack and defense st rat egies in complex net works.
基金supported by National Natural Science Foundation of China(61922063)Shanghai International Science and Technology Cooperation Project(18510711100)+5 种基金Shanghai Shuguang Project(18sg18)Shanghai Natural Science Foundation(19zr1461400)Shanghai Sailing Program under grant(20YF1452900)Shanghai Municipal Science and Technology Major Project(2021SHZDZX0100)Shanghai Hong Kong Macao Taiwan Science and Technology Cooperation Project(21550760900)Fundamental Research Funds for the Central Universities.
文摘This paper investigates the system security problem of cyber-physical systems(CPSs),which is not only more practical but also more significant to deal with than the detecting faults problem.The purpose of this paper is to find an optimal attack strat-egy that maximizes the output error of the attacked system with low energy consumption.Based on a general model of linear time-invariant systems and a key technical lemma,a new optimal attack strategy for the meticulously designed false data injection attack is constructed.It is worth mentioning that compared with the existing model-based attack strategies,the designed one is more general and the corresponding attack strategy is more easily implemented when system states and external input are inaccessible.Key to overcom-ing the inaccessible information,a dynamic observer in the form of Luenberger is constructed.Finally,a networked magnetic levitation steel ball movement system is applied to illustrate the effectiveness of the proposed scheme.
基金National Natural Science Foundation of China(61922063)Shanghai International Science and Technology Cooperation Project(18510711100)+4 种基金Shanghai Shuguang Project(18sg18)Shanghai Natural Science Foundation(19zr1461400),Shanghai Sailing Program under grant(20YF1452900)Shanghai Municipal Science and Technology Major Project(2021SHZDZX0100)Shanghai Hong Kong Macao Taiwan Science and Technology Cooperation Project(21550760900)Fundamental Research Funds for the Central Universities.
文摘This paper investigates the system security problem of cyber-physical systems(CPSs),which is not only more practical but also more signi cant to deal with than the detecting faults problem.The purpose of this paper is to nd an optimal attack strategy that maximizes the output error of the attacked system with low energy consumption.Based on a general model of linear time-invariant systems and a key technical lemma,a new optimal attack strategy for the meticulously designed false data injection attack is constructed.It is worth mentioning that compared with the existing model-based attack strategies,the designed one is more general and the corresponding attack strategy is more easily implemented when system states and external input are inaccessible.Key to overcoming the inaccessible information,a dynamic observer in the form of Luenberger is constructed.Finally,a networked magnetic levitation steel ball movement system is applied to illustrate the e ectiveness of the proposed scheme.
基金supported by the National Natural Science Foundation of China(Nos.61650110516,61601013 and 61521091)
文摘Robustness of transportation networks is one of the major challenges of the 21 st century.This paper investigates the resilience of global air transportation from a complex network point of view,with focus on attacking strategies in the airport network,i.e.,to remove airports from the system and see what could affect the air traffic system from a passenger's perspective.Specifically,we identify commonalities and differences between several robustness measures and attacking strategies,proposing a novel notion of functional robustness:unaffected passengers with rerouting.We apply twelve attacking strategies to the worldwide airport network with three weights,and evaluate three robustness measures.We find that degree and Bonacich based attacks harm passenger weighted network most.Our evaluation is geared toward a unified view on air transportation network attack and serves as a foundation on how to develop effective mitigation strategies.
基金Project (No. 09511501600) partially supported by the Science and Technology Commission of Shanghai Municipality, China
文摘It is universally acknowledged by network security experts that proactive peer-to-peer (P2P) worms may soon en-gender serious threats to the Internet infrastructures. These latent threats stimulate activities of modeling and analysis of the proactive P2P worm propagation. Based on the classical two-factor model,in this paper,we propose a novel proactive worm propagation model in unstructured P2P networks (called the four-factor model) by considering four factors:(1) network topology,(2) countermeasures taken by Internet service providers (ISPs) and users,(3) configuration diversity of nodes in the P2P network,and (4) attack and defense strategies. Simulations and experiments show that proactive P2P worms can be slowed down by two ways:improvement of the configuration diversity of the P2P network and using powerful rules to reinforce the most connected nodes from being compromised. The four-factor model provides a better description and prediction of the proactive P2P worm propagation.
文摘The world airport network(WAN) is one of the networked infrastructures that shape today's economic and social activity, so its resilience against incidents affecting the WAN is an important problem. In this paper, the robustness of air route networks is extended by defining and testing several heuristics to define selection criteria to detect the critical nodes of the WAN.In addition to heuristics based on genetic algorithms and simulated annealing, custom heuristics based on node damage and node betweenness are defined. The most effective heuristic is a multiattack heuristic combining both custom heuristics. Results obtained are of importance not only for advance in the understanding of the structure of complex networks, but also for critical node detection.