ResNeSt-biGRU: An Intrusion Detection Model Based on Internet of Things

The rapid expansion of Internet of Things (IoT) devices across various sectors is driven by steadily increasingdemands for interconnected and smart technologies. Nevertheless, the surge in the number of IoT device hascaught the attention of cyber hackers, as it provides them with expanded avenues to access valuable data. Thishas resulted in a myriad of security challenges, including information leakage, malware propagation, and financialloss, among others. Consequently, developing an intrusion detection system to identify both active and potentialintrusion traffic in IoT networks is of paramount importance. In this paper, we propose ResNeSt-biGRU, a practicalintrusion detection model that combines the strengths of ResNeSt, a variant of Residual Neural Network, andbidirectionalGated RecurrentUnitNetwork (biGRU).Our ResNeSt-biGRUframework diverges fromconventionalintrusion detection systems (IDS) by employing this dual-layeredmechanism that exploits the temporal continuityand spatial feature within network data streams, a methodological innovation that enhances detection accuracy.In conjunction with this, we introduce the PreIoT dataset, a compilation of prevalent IoT network behaviors, totrain and evaluate IDSmodels with a focus on identifying potential intrusion traffics. The effectiveness of proposedscheme is demonstrated through testing, wherein it achieved an average accuracy of 99.90% on theN-BaIoT datasetas well as on the PreIoT dataset and 94.45% on UNSW-NB15 dataset. The outcomes of this research reveal thepotential of ResNeSt-biGRU to bolster security measures, diminish intrusion-related vulnerabilities, and preservethe overall security of IoT ecosystems.

Exploration of Industrial Internet Security Technology and Application from the Perspective of Generative Artificial Intelligence

In recent years,artificial intelligence technology has developed rapidly around the world is widely used in various fields,and plays an important role.The integration of industrial Internet security with new technologies such as big models and generative artificial intelligence has become a hot research issue.In this regard,this paper briefly analyzes the industrial Internet security technology and application from the perspective of generative artificial intelligence,hoping to provide some valuable reference and reference for readers.

Performance Evaluation of an Internet Protocol Security (IPSec) Based Multiprotocol Label Switching (MPLS) Virtual Private Network

This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in data networks has been increasing owing to the high cyber attacks and potential risks associated with networks spread over distant geographical locations. The MPLS networks ride on the public network backbone that is porous and highly susceptible to attacks and so the need for reliable security mechanisms to be part of the deployment plan. The evaluation criteria concentrated on Voice over Internet Protocol (VoIP) and Video conferencing with keen interest in jitter, end to end delivery and general data flow. This study used both structured questionnaire and observation methods. The structured questionnaire was administered to a group of 70 VPN users in a company. This provided the study with precise responses. The observation method was used in data simulations using OPNET Version 14.5 Simulation software. The results show that the IPSec features increase the size of data packets by approximately 9.98% translating into approximately 90.02% effectiveness. The tests showed that the performance metrics are all well within the recommended standards. The IPSec Based MPLS Virtual private network is more stable and secure than one without IPSec.

Security Framew ork of Mobile Internet

The article describes the layered model of physical network and information security, and the establishment of the mobile Internet’s security framework based on its network architecture. The mobile Internet has three parts, i.e. terminal, network and service system, each of which can be studied in four layers of the network and information security, namely, the equipment/environment security layer, the service and application security layer, the information security layer and the information content security layer.

Analysis and Research on China′s Industrial Internet Security Development

Under the new situation of"integration of industrialization and industrialization"in China,security situational awareness is an important means to solve the problems of unclear boundaries,multiple roles and complex business relationships of industrial Internet.The main contents of the platform include industrial data collection,industrial protocol identification,industrial asset detection and industrial threat monitoring.Among them,risk prevention and detection,key data protection,cloud platform and identification resolution node protection are all important issues.On the one hand,escorting the industrial Internet business needs to summarize the industrial Internet network security data and master the network security situation from the overall perspective.On the other hand,it is also necessary to establish an industrial Internet platform security early warning and emergency response process system,promote the security rectification of industrial platform enterprises,find the security threats and risks that have been hidden in the industrial Internet platform for a long time,and provide perception and decision⁃making support for enterprises.

Research on the Propagation Models and Defense Techniques of Internet Worms

Internet worm is harmful to network security,and it has become a research hotspot in recent years.A thorough survey on the propagation models and defense techniques of Internet worm is made in this paper.We first give its strict definition and discuss the working mechanism.We then analyze and compare some repre-sentative worm propagation models proposed in recent years,such as K-M model,two-factor model,worm-anti-worm model（WAW）,firewall-based model,quarantine-based model and hybrid benign worm-based model,etc.Some typical defense techniques such as virtual honeypot,active worm prevention and agent-oriented worm defense,etc.,are also discussed.The future direction of the worm defense system is pointed out.

Comprehensive DDoS Attack Classification Using Machine LearningAlgorithms

The fast development of Internet technologies ignited the growthof techniques for information security that protect data, networks, systems,and applications from various threats. There are many types of threats. Thededicated denial of service attack (DDoS) is one of the most serious andwidespread attacks on Internet resources. This attack is intended to paralyzethe victim’s system and cause the service to fail. This work is devoted tothe classification of DDoS attacks in the special network environment calledSoftware-Defined Networking (SDN) using machine learning algorithms. Theanalyzed dataset included instances of two classes: benign and malicious.As the dataset contained twenty-two features, the feature selection techniques were required for dimensionality reduction. In these experiments, theInformation gain, the Chi-square, and the F-test were applied to decreasethe number of features to ten. The classes were also not completely balanced, so undersampling, oversampling, and synthetic minority oversampling(SMOTE) techniques were used to balance classes equally. The previousresearch works observed the classification of DDoS attacks applying variousfeature selection techniques and one or more machine learning algorithms.Still, they did not pay much attention to classifying the combinations offeature selection and balancing methods with different machine learningalgorithms. This work is devoted to the classification of datasets with eightmachine learning algorithms: naïve Bayes, logistic regression, support vectormachine, k-nearest neighbors, decision tree, random forest, XGBoost, andCatBoost. In the experimental results, the Information gain and F-test featureselection methods achieved better performance with all eight ML algorithmsthan with the Chi-square technique. Furthermore, the accuracy values of theoversampled and SMOTE datasets were higher than that of the undersampledand imbalanced datasets. Among machine learning algorithms, the accuracyof support vector machine, logistic regression, and naïve Bayes fluctuatesbetween 0.59 and 0.75, while decision tree, random forest, XGBoost, and CatBoost allowed achieving values around 0.99 and 1.00 with all featureselection and class balancing techniques among all the algorithms.

SAFE:a Scalable Filter-Based Packet Filtering Scheme

Recently, attacks have become Denial-of-Service （DOS） the mainstream threat to the internet service availability. The filter-based packet filtering is a key technology to defend against such attacks. Relying on the filtering location, the proposed schemes can be grouped into Victim-end Filtering and Source-end Filtering. The first scheme uses a single filtering router to block the attack flows near the victim, but does not take the factor that the filters are scarce resource into account, which causes the huge loss of legitimate flows; considering each router could contribute a few filters, the other extreme scheme pushes the filtering location back into each attack source so as to obtain ample filters, but this may incur the severe network transmission delay due to the abused filtering routers. Therefore, in this paper, we propose a scalable filter-based packet filtering scheme to balance the number of filtering routers and the available filters. Through emulating DoS scenarios based on the synthetic and real-world Intemet topologies and further implementing the various filter-based packet filtering schemes on them, the results show that our scheme just uses fewer filtering routers to cut off all attack flows while minimizing the loss of legitimate flows.

A Router Based Packet Filtering Scheme for Defending Against DoS Attacks

The filter-based reactive packet filtering is a key technology in attack traffic filtering for defending against the Denial-of- Service （DOS） attacks. Two kinds of relevant schemes have been proposed as victim- end filtering and source-end filtering. The first scheme prevents attack traffic from reaching the victim, but causes the huge loss of legitimate flows due to the scarce filters （termed as collateral damages）; the other extreme scheme can obtain the sufficient filters, but severely degrades the network transmission performance due to the abused filtering routers. In this paper, we propose a router based packet filtering scheme, which provides relatively more filters while reducing the quantity of filtering touters. We implement this scheme on the emulated DoS scenarios based on the synthetic and real-world Internet topologies. Our evaluation results show that compared to the previous work, our scheme just uses 20% of its filtering routers, but only increasing less than 15 percent of its collateral damage.

On the Security of Information Dissemination in the Internet-of-Vehicles

Internet of Vehicles（IoV） is regarded as an emerging paradigm for connected vehicles to exchange their information with other vehicles using vehicle-to-vehicle（V2V） communications by forming a vehicular ad hoc networks（VANETs）, with roadside units using vehicle-to-roadside（V2R） communications. IoV offers several benefits such as road safety, traffic efficiency, and infotainment by forwarding up-to-date traffic information about upcoming traffic. For instance, IoV is regarded as a technology that could help reduce the number of deaths caused by road accidents, and reduce fuel costs and travel time on the road. Vehicles could rapidly learn about the road condition and promptly respond and notify drivers for making informed decisions. However, malicious users in IoV may mislead the whole communications and create chaos on the road. Data falsification attack is one of the main security issues in IoV where vehicles rely on information received from other peers/vehicles. In this paper,we present data falsification attack detection using hashes for enhancing network security and performance by adapting contention window size to forward accurate information to the neighboring vehicles in a timely manner（to improve throughput while reducing end-to-end delay）. We also present clustering approach to reduce travel time in case of traffic congestion. Performance of the proposed approach is evaluated using numerical results obtained from simulations. We found that the proposed adaptive approach prevents IoV from data falsification attacks and provides higher throughput with lower delay.

互联网上的私人保镖——试用Norton Internet Security中文版

曾经有人把未接入互联网的个人计算机比喻为茫茫大海上的一叶孤舟,也曾经有人把缺乏秩序约束和安全感的互联网比喻为一条狭长黑暗的小巷,当您提心吊胆地走过时,在昏暗之中不知有多少双不怀好意的眼睛在盯着您。这两个比喻形象地告诉我们一个事实,互联网上的资源是诱人的,但是互联网上的安全问题也应该引起我们足够的重视。

Preventing IP Source Address Spoofing: A Two-Level, State Machine-Based Method

A signature-and-verification-based method, automatic peer-to-peer anti-spoofing （APPA）, is pro- posed to prevent IP source address spoofing. In this method, signatures are tagged into the packets at the source peer, and verified and removed at the verification peer where packets with incorrect signatures are filtered. A unique state machine, which is used to generate signatures, is associated with each ordered pair of APPA peers. As the state machine automatically transits, the signature changes accordingly. KISS ran- dom number generator is used as the signature generating algorithm, which makes the state machine very small and fast and requires very low management costs. APPA has an intra-AS （autonomous system） level and an inter-AS level. In the intra-AS level, signatures are tagged into each departing packet at the host and verified at the gateway to achieve finer-grained anti-spoofing than ingress filtering. In the inter-AS level, signatures are tagged at the source AS border router and verified at the destination AS border router to achieve prefix-level anti-spoofing, and the automatic state machine enables the peers to change signatures without negotiation which makes APPA attack-resilient compared with the spoofing prevention method. The results show that the two levels are both incentive for deployment, and they make APPA an integrated anti-spoofing solution.

A Survey of Bitmap Index Compression Algorithms for Big Data

With the growing popularity of Internet applications and the widespread use of mobile Internet, Internet traffic has maintained rapid growth over the past two decades. Internet Traffic Archival Systems（ITAS） for packets or flow records have become more and more widely used in network monitoring, network troubleshooting, and user behavior and experience analysis. Among the three key technologies in ITAS, we focus on bitmap index compression algorithm and give a detailed survey in this paper. The current state-of-the-art bitmap index encoding schemes include： BBC, WAH, PLWAH, EWAH, PWAH, CONCISE, COMPAX, VLC, DF-WAH, and VAL-WAH. Based on differences in segmentation, chunking, merge compress, and Near Identical（NI） features, we provide a thorough categorization of the state-of-the-art bitmap index compression algorithms. We also propose some new bitmap index encoding algorithms, such as SECOMPAX, ICX, MASC, and PLWAH＋, and present the state diagrams for their encoding algorithms. We then evaluate their CPU and GPU implementations with a real Internet trace from CAIDA. Finally, we summarize and discuss the future direction of bitmap index compression algorithms. Beyond the application in network security and network forensic, bitmap index compression with faster bitwise-logical operations and reduced search space is widely used in analysis in genome data, geographical information system, graph databases, image retrieval, Internet of things, etc. It is expected that bitmap index compression will thrive and be prosperous again in Big Data era since 1980s.

A 10 Gbps in-line network security processor based on configurable hetero-multi-cores

This paper deals with an in-line network security processor （NSP） design that implements the Intemet Protocol Security （IPSec） protocol processing for the 10 Gbps Ethernet. The 10 Gbps high speed data transfer, the IPSec processing in- cluding the crypto-operation, the database query, and IPSec header processing are integrated in the design. The in-line NSP is implemented using 65 nm CMOS technology and the layout area is 2.5 mm^3 mm with 360 million gates. A configurable crossbar data transfer skeleton implementing an iSLIP scheduling algorithm is proposed, which enables simultaneous data transfer between the heterogeneous multiple cores. There are, in addition, a high speed input/output data buffering mechanism and design of high performance hardware structures for modules, wherein the transfer efficiency and the resource utilization are maximized and the IPSec protocol processing achieves 10 Gbps line speed. A high speed and low power hardware look-up method is proposed, which effectively reduces the area and power dissipation. The post simulation results demonstrate that the design gives a peak throughput for the Authentication Header （AH） transport mode of 10.06 Gbps with the average test packet length of 512 bytes under the clock rate of 250 MHz, and power dissipation less than 1 W is obtained. An FPGA prototype is constructed to verify the function of the design. A test bench is being set up for performance and function verification.

WIDE:A witness-based data priority mechanism for vehicular forensics

In this paper,we present a WItness based Data priority mEchanism(WIDE)for vehicles in the vicinity of an accident to facilitate liability decisions.WIDE evaluates the integrity of data generated by these vehicles,called witnesses,in the event of an accident to assure the reliability of data to be used for making liability decisions and ensure that such data are received from credible witnesses.To achieve this,WIDE introduces a two-level integrity assessment to achieve end-to-end integrity by initially ascertaining the integrity of data-producing sensors,and validating that data generated have not been altered on transit by compromised road-side units(RSUs)by executing a practical byzantine fault tolerance(pBFT)protocol to reach consensus on data reliability.Furthermore,WIDE utilises a blockchain based reputation management system(BRMS)to ensure that only data from highly reputable witnesses are utilised as contributing evidence for facilitating liability decisions.Finally,we formally verify the proposed framework against data integrity requirements using the Automated Verification of Internet Security Protocols and Applications(AVISPA)with High-Level Protocol Specification Language(HLPSL).Qualitative arguments show that our proposed framework is secured against identified security attacks and assures the reliability of data utilised for making liability decisions,while quantitative evaluations demonstrate that our proposal is practical for fully autonomous vehicle forensics.

Arm PSA-Certified IoT Chip Security: A Case Study

With the large scale adoption of Internet of Things(IoT)applications in people’s lives and industrial manufacturing processes,IoT security has become an important problem today.IoT security significantly relies on the security of the underlying hardware chip,which often contains critical information,such as encryption key.To understand existing IoT chip security,this study analyzes the security of an IoT security chip that has obtained an Arm Platform Security Architecture(PSA)Level 2 certification.Our analysis shows that the chip leaks part of the encryption key and presents a considerable security risk.Specifically,we use commodity equipment to collect electromagnetic traces of the chip.Using a statistical T-test,we find that the target chip has physical leakage during the AES encryption process.We further use correlation analysis to locate the detailed encryption interval in the collected electromagnetic trace for the Advanced Encryption Standard(AES)encryption operation.On the basis of the intermediate value correlation analysis,we recover half of the 16-byte AES encryption key.We repeat the process for three different tests;in all the tests,we obtain the same result,and we recover around 8 bytes of the 16-byte AES encryption key.Therefore,experimental results indicate that despite the Arm PSA Level 2 certification,the target security chip still suffers from physical leakage.Upper layer application developers should impose strong security mechanisms in addition to those of the chip itself to ensure IoT application security.

Data Secure Transmission Model Based on Compressed Sensing and Digital Watermarking Technology

Since the Internet of Things（IoT） secret information is easy to leak in data transfer,a data secure transmission model based on compressed sensing（CS） and digital watermarking technology is proposed here. Firstly, for node coding end, the digital watermarking technology is used to embed secret information in the conventional data carrier. Secondly, these data are reused to build the target transfer data by the CS algorithm which are called observed signals. Thirdly, these signals are transmitted to the base station through the wireless channel. After obtaining these observed signals, the decoder reconstructs the data carrier containing privacy information. Finally, the privacy information is obtained by digital watermark extraction algorithm to achieve the secret transmission of signals. By adopting the watermarking and compression sensing to hide secret information in the end of node code, the algorithm complexity and energy consumption are reduced. Meanwhile, the security of secret information is increased.The simulation results show that the method is able to accurately reconstruct the original signal and the energy consumption of the sensor node is also reduced significantly in consideration of the packet loss.