In order to enhance the accuracy of Air Traffic Control(ATC)cybersecurity attack detection,in this paper,a new clustering detection method is designed for air traffic control network security attacks.The feature set f...In order to enhance the accuracy of Air Traffic Control(ATC)cybersecurity attack detection,in this paper,a new clustering detection method is designed for air traffic control network security attacks.The feature set for ATC cybersecurity attacks is constructed by setting the feature states,adding recursive features,and determining the feature criticality.The expected information gain and entropy of the feature data are computed to determine the information gain of the feature data and reduce the interference of similar feature data.An autoencoder is introduced into the AI(artificial intelligence)algorithm to encode and decode the characteristics of ATC network security attack behavior to reduce the dimensionality of the ATC network security attack behavior data.Based on the above processing,an unsupervised learning algorithm for clustering detection of ATC network security attacks is designed.First,determine the distance between the clustering clusters of ATC network security attack behavior characteristics,calculate the clustering threshold,and construct the initial clustering center.Then,the new average value of all feature objects in each cluster is recalculated as the new cluster center.Second,it traverses all objects in a cluster of ATC network security attack behavior feature data.Finally,the cluster detection of ATC network security attack behavior is completed by the computation of objective functions.The experiment took three groups of experimental attack behavior data sets as the test object,and took the detection rate,false detection rate and recall rate as the test indicators,and selected three similar methods for comparative test.The experimental results show that the detection rate of this method is about 98%,the false positive rate is below 1%,and the recall rate is above 97%.Research shows that this method can improve the detection performance of security attacks in air traffic control network.展开更多
In this paper,we investigate and analyze the network security risks faced by 5G private industrial networks.Based on current network security architecture and 3GPP requirements and considering the actual application o...In this paper,we investigate and analyze the network security risks faced by 5G private industrial networks.Based on current network security architecture and 3GPP requirements and considering the actual application of 5G private industrial networks,a comparative analysis is used to plan and design a private network security construction scheme.The network security construction model,network organization,and key processes of 5G private industrial networks at the current stage are investigated.In addition,the key direction for the next stage of construction is discussed.展开更多
Organizations are adopting the Bring Your Own Device(BYOD)concept to enhance productivity and reduce expenses.However,this trend introduces security challenges,such as unauthorized access.Traditional access control sy...Organizations are adopting the Bring Your Own Device(BYOD)concept to enhance productivity and reduce expenses.However,this trend introduces security challenges,such as unauthorized access.Traditional access control systems,such as Attribute-Based Access Control(ABAC)and Role-Based Access Control(RBAC),are limited in their ability to enforce access decisions due to the variability and dynamism of attributes related to users and resources.This paper proposes a method for enforcing access decisions that is adaptable and dynamic,based on multilayer hybrid deep learning techniques,particularly the Tabular Deep Neural Network Tabular DNN method.This technique transforms all input attributes in an access request into a binary classification(allow or deny)using multiple layers,ensuring accurate and efficient access decision-making.The proposed solution was evaluated using the Kaggle Amazon access control policy dataset and demonstrated its effectiveness by achieving a 94%accuracy rate.Additionally,the proposed solution enhances the implementation of access decisions based on a variety of resource and user attributes while ensuring privacy through indirect communication with the Policy Administration Point(PAP).This solution significantly improves the flexibility of access control systems,making themmore dynamic and adaptable to the evolving needs ofmodern organizations.Furthermore,it offers a scalable approach to manage the complexities associated with the BYOD environment,providing a robust framework for secure and efficient access management.展开更多
This paper addresses the decentralized consensus problem for a system of multiple dynamic agents with remote controllers via networking,known as a networked control multi-agent system(NCMAS).It presents a challenging ...This paper addresses the decentralized consensus problem for a system of multiple dynamic agents with remote controllers via networking,known as a networked control multi-agent system(NCMAS).It presents a challenging scenario where partial dynamic entities or remote control units are vulnerable to disclosure attacks,making them potentially malicious.To tackle this issue,we propose a secure decentralized control design approach employing a double-layer cryptographic strategy.This approach not only ensures that the input and output information of the benign entities remains protected from the malicious entities but also practically achieves consensus performance.The paper provides an explicit design,supported by theoretical proof and numerical verification,covering stability,steady-state error,and the prevention of computation overflow or underflow.展开更多
Networked control systems are spatially distributed systems in which the communication between sensors, actuators,and controllers occurs through a shared band-limited digital communication network. Several advantages ...Networked control systems are spatially distributed systems in which the communication between sensors, actuators,and controllers occurs through a shared band-limited digital communication network. Several advantages of the network architectures include reduced system wiring, plug and play devices,increased system agility, and ease of system diagnosis and maintenance. Consequently, networked control is the current trend for industrial automation and has ever-increasing applications in a wide range of areas, such as smart grids, manufacturing systems,process control, automobiles, automated highway systems, and unmanned aerial vehicles. The modelling, analysis, and control of networked control systems have received considerable attention in the last two decades. The ‘control over networks’ is one of the key research directions for networked control systems. This paper aims at presenting a survey of trends and techniques in networked control systems from the perspective of ‘control over networks’, providing a snapshot of five control issues: sampled-data control, quantization control, networked control, event-triggered control, and security control. Some challenging issues are suggested to direct the future research.展开更多
With the development of network technology,computer systems of colleges and universities gradually use network management and services,which provides comprehensive and convenient information access and management cond...With the development of network technology,computer systems of colleges and universities gradually use network management and services,which provides comprehensive and convenient information access and management conditions.How ever,in the network environment,the security of the system faces security threats like virus,malicious software and human at tack,which may make the network data of the computer system damaged and tampered,or even lead to network system paraly sis,breakdown of system concerning management and payment,missing and stealing of confidential documents.Therefore,it is of important application significance to promote the security of computer network systems of colleges and universities.This paper conducts comprehensive analysis on the security system of computer network systems of colleges and universities,elaborates its R&D and application status and puts forward specific schemes of prevention and solutions,which provides suggestions and refer ence for its construction.展开更多
The Internet plays increasingly important roles in everyone's life; however, the existence of a mismatch between the basic architectural idea beneath the Internet and the emerging requirements for it is becoming m...The Internet plays increasingly important roles in everyone's life; however, the existence of a mismatch between the basic architectural idea beneath the Internet and the emerging requirements for it is becoming more and more obvious. Although the Internet community came up with a consensus that the future network should be trustworthy, the concept of 'trustworthy networks' and the ways leading us to a trustworthy network are not yet clear. This research insists that the security, controllability, manageability, and survivability should be basic properties of a trustworthy network. The key ideas and techniques involved in these properties are studied, and recent developments and progresses are surveyed. At the same time, the technical trends and challenges are briefly discussed. The network trustworthiness could and should be eventually achieved.展开更多
Software-Defined Networking(SDN)enables flexibility in developing security tools that can effectively and efficiently analyze and detect malicious network traffic for detecting intrusions.Recently Machine Learning(ML)...Software-Defined Networking(SDN)enables flexibility in developing security tools that can effectively and efficiently analyze and detect malicious network traffic for detecting intrusions.Recently Machine Learning(ML)techniques have attracted lots of attention from researchers and industry for developing intrusion detection systems(IDSs)considering logically centralized control and global view of the network provided by SDN.Many IDSs have developed using advances in machine learning and deep learning.This study presents a comprehensive review of recent work ofML-based IDS in context to SDN.It presents a comprehensive study of the existing review papers in the field.It is followed by introducing intrusion detection,ML techniques and their types.Specifically,we present a systematic study of recent works,discuss ongoing research challenges for effective implementation of ML-based intrusion detection in SDN,and promising future works in this field.展开更多
The access of unified power flow controllers(UPFC)has changed the structure and operation mode of power grids all across the world,and it has brought severe challenges to the traditional real-time calculation of secur...The access of unified power flow controllers(UPFC)has changed the structure and operation mode of power grids all across the world,and it has brought severe challenges to the traditional real-time calculation of security correction based on traditionalmodels.Considering the limitation of computational efficiency regarding complex,physical models,a data-driven power system security correction method with UPFC is,in this paper,proposed.Based on the complex mapping relationship between the operation state data and the security correction strategy,a two-stage deep neural network(DNN)learning framework is proposed,which divides the offline training task of security correction into two stages:in the first stage,the stacked auto-encoder(SAE)classification model is established,and the node correction state(0/1)output based on the fault information;in the second stage,the DNN learningmodel is established,and the correction amount of each action node is obtained based on the action nodes output in the previous stage.In this paper,the UPFC demonstration project of NanjingWest Ring Network is taken as a case study to validate the proposed method.The results show that the proposed method can fully meet the real-time security correction time requirements of power grids,and avoid the inherent defects of the traditional model method without an iterative solution and can also provide reasonable security correction strategies for N-1 and N-2 faults.展开更多
Secure authentication and accurate localization among Internet of Things(IoT)sensors are pivotal for the functionality and integrity of IoT networks.IoT authentication and localization are intricate and symbiotic,impa...Secure authentication and accurate localization among Internet of Things(IoT)sensors are pivotal for the functionality and integrity of IoT networks.IoT authentication and localization are intricate and symbiotic,impacting both the security and operational functionality of IoT systems.Hence,accurate localization and lightweight authentication on resource-constrained IoT devices pose several challenges.To overcome these challenges,recent approaches have used encryption techniques with well-known key infrastructures.However,these methods are inefficient due to the increasing number of data breaches in their localization approaches.This proposed research efficiently integrates authentication and localization processes in such a way that they complement each other without compromising on security or accuracy.The proposed framework aims to detect active attacks within IoT networks,precisely localize malicious IoT devices participating in these attacks,and establish dynamic implicit authentication mechanisms.This integrated framework proposes a Correlation Composition Awareness(CCA)model,which explores innovative approaches to device correlations,enhancing the accuracy of attack detection and localization.Additionally,this framework introduces the Pair Collaborative Localization(PCL)technique,facilitating precise identification of the exact locations of malicious IoT devices.To address device authentication,a Behavior and Performance Measurement(BPM)scheme is developed,ensuring that only trusted devices gain access to the network.This work has been evaluated across various environments and compared against existing models.The results prove that the proposed methodology attains 96%attack detection accuracy,84%localization accuracy,and 98%device authentication accuracy.展开更多
The use of the Internet of Things(IoT)is expanding at an unprecedented scale in many critical applications due to the ability to interconnect and utilize a plethora of wide range of devices.In critical infrastructure ...The use of the Internet of Things(IoT)is expanding at an unprecedented scale in many critical applications due to the ability to interconnect and utilize a plethora of wide range of devices.In critical infrastructure domains like oil and gas supply,intelligent transportation,power grids,and autonomous agriculture,it is essential to guarantee the confidentiality,integrity,and authenticity of data collected and exchanged.However,the limited resources coupled with the heterogeneity of IoT devices make it inefficient or sometimes infeasible to achieve secure data transmission using traditional cryptographic techniques.Consequently,designing a lightweight secure data transmission scheme is becoming essential.In this article,we propose lightweight secure data transmission(LSDT)scheme for IoT environments.LSDT consists of three phases and utilizes an effective combination of symmetric keys and the Elliptic Curve Menezes-Qu-Vanstone asymmetric key agreement protocol.We design the simulation environment and experiments to evaluate the performance of the LSDT scheme in terms of communication and computation costs.Security and performance analysis indicates that the LSDT scheme is secure,suitable for IoT applications,and performs better in comparison to other related security schemes.展开更多
The increasing prevalence of Internet of Things(IoT)devices has introduced a new phase of connectivity in recent years and,concurrently,has opened the floodgates for growing cyber threats.Among the myriad of potential...The increasing prevalence of Internet of Things(IoT)devices has introduced a new phase of connectivity in recent years and,concurrently,has opened the floodgates for growing cyber threats.Among the myriad of potential attacks,Denial of Service(DoS)attacks and Distributed Denial of Service(DDoS)attacks remain a dominant concern due to their capability to render services inoperable by overwhelming systems with an influx of traffic.As IoT devices often lack the inherent security measures found in more mature computing platforms,the need for robust DoS/DDoS detection systems tailored to IoT is paramount for the sustainable development of every domain that IoT serves.In this study,we investigate the effectiveness of three machine learning(ML)algorithms:extreme gradient boosting(XGB),multilayer perceptron(MLP)and random forest(RF),for the detection of IoTtargeted DoS/DDoS attacks and three feature engineering methods that have not been used in the existing stateof-the-art,and then employed the best performing algorithm to design a prototype of a novel real-time system towards detection of such DoS/DDoS attacks.The CICIoT2023 dataset was derived from the latest real-world IoT traffic,incorporates both benign and malicious network traffic patterns and after data preprocessing and feature engineering,the data was fed into our models for both training and validation,where findings suggest that while all threemodels exhibit commendable accuracy in detectingDoS/DDoS attacks,the use of particle swarmoptimization(PSO)for feature selection has made great improvements in the performance(accuracy,precsion recall and F1-score of 99.93%for XGB)of the ML models and their execution time(491.023 sceonds for XGB)compared to recursive feature elimination(RFE)and randomforest feature importance(RFI)methods.The proposed real-time system for DoS/DDoS attack detection entails the implementation of an platform capable of effectively processing and analyzing network traffic in real-time.This involvesemploying the best-performing ML algorithmfor detection and the integration of warning mechanisms.We believe this approach will significantly enhance the field of security research and continue to refine it based on future insights and developments.展开更多
After an introduction to the implementation of supervisory computer control (SCC) through networks and the relevant security issues, this paper centers on the core of network security design: intelligent front-end pro...After an introduction to the implementation of supervisory computer control (SCC) through networks and the relevant security issues, this paper centers on the core of network security design: intelligent front-end processor (FEP), encryption/decryption method and authentication protocol. Some other system-specific security measures are also proposed. Although these are examples only, the techniques discussed can also be used in and provide reference for other remote control systems.展开更多
Two significant issues in Internet-based networked control systems ( INCSs), transport performance of different protocols and security breach from Internet side, are investigated. First, for improving the performanc...Two significant issues in Internet-based networked control systems ( INCSs), transport performance of different protocols and security breach from Internet side, are investigated. First, for improving the performance of data transmission, user datagram protocol (UDP) is adopted as the main stand for controllers and plants using INCSs. Second, a dual-channel secure transmission scheme (DCSTS)based on data transmission characteristics of INCSs is proposed, in which a raw UDP channel and a secure TCP (transmission control protocol) connection making use of SSL/TLS (secure sockets layer/transport layer security) are included. Further, a networked control protocol (NCP) at application layer for supporting DCSTS between the controllers and plants in INCSs is designed, and it also aims at providing a universal communication mechanism for interoperability of devices among the networked control laboratories in Beijing Institute of Technology of China, Central South University of China and Tokyo University of Technology of Japan. By means of a networked single-degree-of-free- dom robot arm, an INCS under the new protocol and security environment is created. Compared with systems such as IPSec or SSL/TLS, which may cause more than 91% network throughput deduction, the new DCSTS protocol may yield results ten times better, being just 5.67%.展开更多
Heterogeneous cellular networks(HCNs)are envisioned as a promising architecture to provide seamless wireless coverage and increase network capacity.However,the densified multi-tier network architecture introduces exce...Heterogeneous cellular networks(HCNs)are envisioned as a promising architecture to provide seamless wireless coverage and increase network capacity.However,the densified multi-tier network architecture introduces excessive intra-and cross-tier interference and makes HCNs vulnerable to eavesdropping attacks.In this article,a dynamic spectrum control(DSC)-assisted transmission scheme is proposed for HCNs to strengthen network security and increase the network capacity.Specifically,the proposed DSC-assisted transmission scheme leverages the idea of block cryptography to generate sequence families,which represent the transmission decisions,by performing iterative and orthogonal sequence transformations.Based on the sequence families,multiple users can dynamically occupy different frequency slots for data transmission simultaneously.In addition,the collision probability of the data transmission is analyzed,which results in closed-form expressions of the reliable transmission probability and the secrecy probability.Then,the upper and lower bounds of network capacity are further derived with given requirements on the reliable and secure transmission probabilities.Simulation results demonstrate that the proposed DSC-assisted scheme can outperform the benchmark scheme in terms of security performance.Finally,the impacts of key factors in the proposed DSC-assisted scheme on the network capacity and security are evaluated and discussed.展开更多
According to the current problems of safety management processes in coalmine enterprises,we introduced barrel theory to coal mine safety management,constructedthe closed-loop structure of a coal mine safety management...According to the current problems of safety management processes in coalmine enterprises,we introduced barrel theory to coal mine safety management,constructedthe closed-loop structure of a coal mine safety management system,andpointed out that efficient safety management lies in three factors:safety quality of all ofthe staff in coal mine enterprises,weak links in security management systems,and cooperationamong departments.After conducting detailed analysis of these three factors,we proposed concrete ways of preventing and controlling potential safety hazards duringthe process of coal mine production.展开更多
A lot of technologies can be used in home control subnet, but the hardware and software resources available for the home control subnet are limited. There are security problems easily seen. The paper gives the system-...A lot of technologies can be used in home control subnet, but the hardware and software resources available for the home control subnet are limited. There are security problems easily seen. The paper gives the system-atic analysis of the structure and function of home control subnet based on the general model of home net-work. The paper has also analyzed two types of major equipment, namely sub-gateways and terminal equip-ment. The major networking technology used in home control subnet is summarized and concluded. In com-bination with relationship among home control subnet, home network, as well as the outside main network, the paper has systematically studied various safety problems related to home control gateways and the possi-ble solutions to those problems have been made.展开更多
As part of the ongoing information revolution,smart power grid technology has become a key focus area for research into power systems.Intelligent electrical appliances are now an important component of power systems,p...As part of the ongoing information revolution,smart power grid technology has become a key focus area for research into power systems.Intelligent electrical appliances are now an important component of power systems,providing a smart power grid with increased control,stability,and safety.Based on the secure communication requirements of cloud energy storage systems,this paper presents the design and development of a node controller for a cloud energy storage network.The function division and system deployment processes were carried out to ensure the security of the communication network used for the cloud energy storage system.Safety protection measures were proposed according to the demands of the communication network,allowing the system to run safely and stably.Finally,the effectiveness of the system was verified through a client-side distributed energy storage demonstration project in Suzhou,China.The system was observed to operate safely and stably,demonstrating good peak-clipping and valley filling effects,and improving the system load characteristics.展开更多
Along with the deepening of the reform and opening-up policy and the entering of the WTO,international exchange of economy and culture has become more and more frequent,Internet has become an indispensable part of our...Along with the deepening of the reform and opening-up policy and the entering of the WTO,international exchange of economy and culture has become more and more frequent,Internet has become an indispensable part of our life,its rapid development brings great convenience to us,and all of the computers will be connected by Internet in the 21 century,thus the meaning of information security has changed substantially.It not only changes from a general guarding to a common defence,but from a specific field to a public subject as well.However,the opening and sharing of the Internet resource,unefficient supervision as well as various virus make people's information and belongings being in an extremely dangerous environment.The fight between hackers and anti-hackers,destruction and anti-destruction has already affected the stable running of the network and users' legal right,caused great economy damages and it could also threat our country's security.So a right understanding and in-time measures should be paid special attention to.The thesis firstly expatiates the current state of the network security and its importance,and discusses some major factors and threats that affect the network security.And the thesis also introduce some catalogues of the security techniques,some relevant information and their major characters,besides that,I enumerate some popular and effective methods of protecting our network,including the widely used firewall,and the meticulous techniques such as security scan techniques and techniques of intrusion detection.Lastly,some protective measures are stated.展开更多
The explicit rate flow control mechanisms for ABR service are used to sharethe available bandwidth of a bottleneck link fairly and reasonably among many competitive users andto maintain the buffer queue length of a bo...The explicit rate flow control mechanisms for ABR service are used to sharethe available bandwidth of a bottleneck link fairly and reasonably among many competitive users andto maintain the buffer queue length of a bottleneck switch connected to the link at a desired levelin order to avoid and control congestion in ATM networks. However, designing effective flow controlmechanisms for the service is known to be difficult because of the variety of dynamic parametersinvolved such as available link bandwidth, burst of the traffic, the distances between ABR sourcesand switches. In this paper, we present a fuzzy explicit rate flow control mechanism for ABRservice. The mechanism has a simple structure and is robust in the sense that the mechanism'sstability is not sensitive to the change in the number of active virtual connections (VCs). Manysimulations show that this mechanism can not only effectively avoid network congestion, but alsoensure fair share of the bandwidth for all active VCs regardless of the number of hops theytraverse. Additionally, it has the advantages of fast convergence, low oscillation, and high linkbandwidth utilization.展开更多
基金National Natural Science Foundation of China(U2133208,U20A20161)National Natural Science Foundation of China(No.62273244)Sichuan Science and Technology Program(No.2022YFG0180).
文摘In order to enhance the accuracy of Air Traffic Control(ATC)cybersecurity attack detection,in this paper,a new clustering detection method is designed for air traffic control network security attacks.The feature set for ATC cybersecurity attacks is constructed by setting the feature states,adding recursive features,and determining the feature criticality.The expected information gain and entropy of the feature data are computed to determine the information gain of the feature data and reduce the interference of similar feature data.An autoencoder is introduced into the AI(artificial intelligence)algorithm to encode and decode the characteristics of ATC network security attack behavior to reduce the dimensionality of the ATC network security attack behavior data.Based on the above processing,an unsupervised learning algorithm for clustering detection of ATC network security attacks is designed.First,determine the distance between the clustering clusters of ATC network security attack behavior characteristics,calculate the clustering threshold,and construct the initial clustering center.Then,the new average value of all feature objects in each cluster is recalculated as the new cluster center.Second,it traverses all objects in a cluster of ATC network security attack behavior feature data.Finally,the cluster detection of ATC network security attack behavior is completed by the computation of objective functions.The experiment took three groups of experimental attack behavior data sets as the test object,and took the detection rate,false detection rate and recall rate as the test indicators,and selected three similar methods for comparative test.The experimental results show that the detection rate of this method is about 98%,the false positive rate is below 1%,and the recall rate is above 97%.Research shows that this method can improve the detection performance of security attacks in air traffic control network.
文摘In this paper,we investigate and analyze the network security risks faced by 5G private industrial networks.Based on current network security architecture and 3GPP requirements and considering the actual application of 5G private industrial networks,a comparative analysis is used to plan and design a private network security construction scheme.The network security construction model,network organization,and key processes of 5G private industrial networks at the current stage are investigated.In addition,the key direction for the next stage of construction is discussed.
基金partly supported by the University of Malaya Impact Oriented Interdisci-plinary Research Grant under Grant IIRG008(A,B,C)-19IISS.
文摘Organizations are adopting the Bring Your Own Device(BYOD)concept to enhance productivity and reduce expenses.However,this trend introduces security challenges,such as unauthorized access.Traditional access control systems,such as Attribute-Based Access Control(ABAC)and Role-Based Access Control(RBAC),are limited in their ability to enforce access decisions due to the variability and dynamism of attributes related to users and resources.This paper proposes a method for enforcing access decisions that is adaptable and dynamic,based on multilayer hybrid deep learning techniques,particularly the Tabular Deep Neural Network Tabular DNN method.This technique transforms all input attributes in an access request into a binary classification(allow or deny)using multiple layers,ensuring accurate and efficient access decision-making.The proposed solution was evaluated using the Kaggle Amazon access control policy dataset and demonstrated its effectiveness by achieving a 94%accuracy rate.Additionally,the proposed solution enhances the implementation of access decisions based on a variety of resource and user attributes while ensuring privacy through indirect communication with the Policy Administration Point(PAP).This solution significantly improves the flexibility of access control systems,making themmore dynamic and adaptable to the evolving needs ofmodern organizations.Furthermore,it offers a scalable approach to manage the complexities associated with the BYOD environment,providing a robust framework for secure and efficient access management.
文摘This paper addresses the decentralized consensus problem for a system of multiple dynamic agents with remote controllers via networking,known as a networked control multi-agent system(NCMAS).It presents a challenging scenario where partial dynamic entities or remote control units are vulnerable to disclosure attacks,making them potentially malicious.To tackle this issue,we propose a secure decentralized control design approach employing a double-layer cryptographic strategy.This approach not only ensures that the input and output information of the benign entities remains protected from the malicious entities but also practically achieves consensus performance.The paper provides an explicit design,supported by theoretical proof and numerical verification,covering stability,steady-state error,and the prevention of computation overflow or underflow.
基金supported in part by the Australian Research Council Discovery Project(DP160103567)
文摘Networked control systems are spatially distributed systems in which the communication between sensors, actuators,and controllers occurs through a shared band-limited digital communication network. Several advantages of the network architectures include reduced system wiring, plug and play devices,increased system agility, and ease of system diagnosis and maintenance. Consequently, networked control is the current trend for industrial automation and has ever-increasing applications in a wide range of areas, such as smart grids, manufacturing systems,process control, automobiles, automated highway systems, and unmanned aerial vehicles. The modelling, analysis, and control of networked control systems have received considerable attention in the last two decades. The ‘control over networks’ is one of the key research directions for networked control systems. This paper aims at presenting a survey of trends and techniques in networked control systems from the perspective of ‘control over networks’, providing a snapshot of five control issues: sampled-data control, quantization control, networked control, event-triggered control, and security control. Some challenging issues are suggested to direct the future research.
文摘With the development of network technology,computer systems of colleges and universities gradually use network management and services,which provides comprehensive and convenient information access and management conditions.How ever,in the network environment,the security of the system faces security threats like virus,malicious software and human at tack,which may make the network data of the computer system damaged and tampered,or even lead to network system paraly sis,breakdown of system concerning management and payment,missing and stealing of confidential documents.Therefore,it is of important application significance to promote the security of computer network systems of colleges and universities.This paper conducts comprehensive analysis on the security system of computer network systems of colleges and universities,elaborates its R&D and application status and puts forward specific schemes of prevention and solutions,which provides suggestions and refer ence for its construction.
基金the National Key BasicResearch Program (973 Program) under Grant2007CB307104.
文摘The Internet plays increasingly important roles in everyone's life; however, the existence of a mismatch between the basic architectural idea beneath the Internet and the emerging requirements for it is becoming more and more obvious. Although the Internet community came up with a consensus that the future network should be trustworthy, the concept of 'trustworthy networks' and the ways leading us to a trustworthy network are not yet clear. This research insists that the security, controllability, manageability, and survivability should be basic properties of a trustworthy network. The key ideas and techniques involved in these properties are studied, and recent developments and progresses are surveyed. At the same time, the technical trends and challenges are briefly discussed. The network trustworthiness could and should be eventually achieved.
基金supported by King Khalid University,Saudi Arabia underGrant No.RGP.2/61/43.
文摘Software-Defined Networking(SDN)enables flexibility in developing security tools that can effectively and efficiently analyze and detect malicious network traffic for detecting intrusions.Recently Machine Learning(ML)techniques have attracted lots of attention from researchers and industry for developing intrusion detection systems(IDSs)considering logically centralized control and global view of the network provided by SDN.Many IDSs have developed using advances in machine learning and deep learning.This study presents a comprehensive review of recent work ofML-based IDS in context to SDN.It presents a comprehensive study of the existing review papers in the field.It is followed by introducing intrusion detection,ML techniques and their types.Specifically,we present a systematic study of recent works,discuss ongoing research challenges for effective implementation of ML-based intrusion detection in SDN,and promising future works in this field.
基金supported in part by Science and Technology Projects of Electric Power Research Institute of State Grid Jiangsu Electric Power Co.,Ltd.(J2021171).
文摘The access of unified power flow controllers(UPFC)has changed the structure and operation mode of power grids all across the world,and it has brought severe challenges to the traditional real-time calculation of security correction based on traditionalmodels.Considering the limitation of computational efficiency regarding complex,physical models,a data-driven power system security correction method with UPFC is,in this paper,proposed.Based on the complex mapping relationship between the operation state data and the security correction strategy,a two-stage deep neural network(DNN)learning framework is proposed,which divides the offline training task of security correction into two stages:in the first stage,the stacked auto-encoder(SAE)classification model is established,and the node correction state(0/1)output based on the fault information;in the second stage,the DNN learningmodel is established,and the correction amount of each action node is obtained based on the action nodes output in the previous stage.In this paper,the UPFC demonstration project of NanjingWest Ring Network is taken as a case study to validate the proposed method.The results show that the proposed method can fully meet the real-time security correction time requirements of power grids,and avoid the inherent defects of the traditional model method without an iterative solution and can also provide reasonable security correction strategies for N-1 and N-2 faults.
文摘Secure authentication and accurate localization among Internet of Things(IoT)sensors are pivotal for the functionality and integrity of IoT networks.IoT authentication and localization are intricate and symbiotic,impacting both the security and operational functionality of IoT systems.Hence,accurate localization and lightweight authentication on resource-constrained IoT devices pose several challenges.To overcome these challenges,recent approaches have used encryption techniques with well-known key infrastructures.However,these methods are inefficient due to the increasing number of data breaches in their localization approaches.This proposed research efficiently integrates authentication and localization processes in such a way that they complement each other without compromising on security or accuracy.The proposed framework aims to detect active attacks within IoT networks,precisely localize malicious IoT devices participating in these attacks,and establish dynamic implicit authentication mechanisms.This integrated framework proposes a Correlation Composition Awareness(CCA)model,which explores innovative approaches to device correlations,enhancing the accuracy of attack detection and localization.Additionally,this framework introduces the Pair Collaborative Localization(PCL)technique,facilitating precise identification of the exact locations of malicious IoT devices.To address device authentication,a Behavior and Performance Measurement(BPM)scheme is developed,ensuring that only trusted devices gain access to the network.This work has been evaluated across various environments and compared against existing models.The results prove that the proposed methodology attains 96%attack detection accuracy,84%localization accuracy,and 98%device authentication accuracy.
基金support of the Interdisciplinary Research Center for Intelligent Secure Systems(IRC-ISS)Internal Fund Grant#INSS2202.
文摘The use of the Internet of Things(IoT)is expanding at an unprecedented scale in many critical applications due to the ability to interconnect and utilize a plethora of wide range of devices.In critical infrastructure domains like oil and gas supply,intelligent transportation,power grids,and autonomous agriculture,it is essential to guarantee the confidentiality,integrity,and authenticity of data collected and exchanged.However,the limited resources coupled with the heterogeneity of IoT devices make it inefficient or sometimes infeasible to achieve secure data transmission using traditional cryptographic techniques.Consequently,designing a lightweight secure data transmission scheme is becoming essential.In this article,we propose lightweight secure data transmission(LSDT)scheme for IoT environments.LSDT consists of three phases and utilizes an effective combination of symmetric keys and the Elliptic Curve Menezes-Qu-Vanstone asymmetric key agreement protocol.We design the simulation environment and experiments to evaluate the performance of the LSDT scheme in terms of communication and computation costs.Security and performance analysis indicates that the LSDT scheme is secure,suitable for IoT applications,and performs better in comparison to other related security schemes.
文摘The increasing prevalence of Internet of Things(IoT)devices has introduced a new phase of connectivity in recent years and,concurrently,has opened the floodgates for growing cyber threats.Among the myriad of potential attacks,Denial of Service(DoS)attacks and Distributed Denial of Service(DDoS)attacks remain a dominant concern due to their capability to render services inoperable by overwhelming systems with an influx of traffic.As IoT devices often lack the inherent security measures found in more mature computing platforms,the need for robust DoS/DDoS detection systems tailored to IoT is paramount for the sustainable development of every domain that IoT serves.In this study,we investigate the effectiveness of three machine learning(ML)algorithms:extreme gradient boosting(XGB),multilayer perceptron(MLP)and random forest(RF),for the detection of IoTtargeted DoS/DDoS attacks and three feature engineering methods that have not been used in the existing stateof-the-art,and then employed the best performing algorithm to design a prototype of a novel real-time system towards detection of such DoS/DDoS attacks.The CICIoT2023 dataset was derived from the latest real-world IoT traffic,incorporates both benign and malicious network traffic patterns and after data preprocessing and feature engineering,the data was fed into our models for both training and validation,where findings suggest that while all threemodels exhibit commendable accuracy in detectingDoS/DDoS attacks,the use of particle swarmoptimization(PSO)for feature selection has made great improvements in the performance(accuracy,precsion recall and F1-score of 99.93%for XGB)of the ML models and their execution time(491.023 sceonds for XGB)compared to recursive feature elimination(RFE)and randomforest feature importance(RFI)methods.The proposed real-time system for DoS/DDoS attack detection entails the implementation of an platform capable of effectively processing and analyzing network traffic in real-time.This involvesemploying the best-performing ML algorithmfor detection and the integration of warning mechanisms.We believe this approach will significantly enhance the field of security research and continue to refine it based on future insights and developments.
文摘After an introduction to the implementation of supervisory computer control (SCC) through networks and the relevant security issues, this paper centers on the core of network security design: intelligent front-end processor (FEP), encryption/decryption method and authentication protocol. Some other system-specific security measures are also proposed. Although these are examples only, the techniques discussed can also be used in and provide reference for other remote control systems.
文摘Two significant issues in Internet-based networked control systems ( INCSs), transport performance of different protocols and security breach from Internet side, are investigated. First, for improving the performance of data transmission, user datagram protocol (UDP) is adopted as the main stand for controllers and plants using INCSs. Second, a dual-channel secure transmission scheme (DCSTS)based on data transmission characteristics of INCSs is proposed, in which a raw UDP channel and a secure TCP (transmission control protocol) connection making use of SSL/TLS (secure sockets layer/transport layer security) are included. Further, a networked control protocol (NCP) at application layer for supporting DCSTS between the controllers and plants in INCSs is designed, and it also aims at providing a universal communication mechanism for interoperability of devices among the networked control laboratories in Beijing Institute of Technology of China, Central South University of China and Tokyo University of Technology of Japan. By means of a networked single-degree-of-free- dom robot arm, an INCS under the new protocol and security environment is created. Compared with systems such as IPSec or SSL/TLS, which may cause more than 91% network throughput deduction, the new DCSTS protocol may yield results ten times better, being just 5.67%.
基金supported by the National Natural Science Foundation of China(61825104 and 91638204)the China Scholarship Council(CSC)+1 种基金the Natural Sciences and Engineering Research Council(NSERC)of CanadaUniversity Innovation Platform Project(2019921815KYPT009JC011)。
文摘Heterogeneous cellular networks(HCNs)are envisioned as a promising architecture to provide seamless wireless coverage and increase network capacity.However,the densified multi-tier network architecture introduces excessive intra-and cross-tier interference and makes HCNs vulnerable to eavesdropping attacks.In this article,a dynamic spectrum control(DSC)-assisted transmission scheme is proposed for HCNs to strengthen network security and increase the network capacity.Specifically,the proposed DSC-assisted transmission scheme leverages the idea of block cryptography to generate sequence families,which represent the transmission decisions,by performing iterative and orthogonal sequence transformations.Based on the sequence families,multiple users can dynamically occupy different frequency slots for data transmission simultaneously.In addition,the collision probability of the data transmission is analyzed,which results in closed-form expressions of the reliable transmission probability and the secrecy probability.Then,the upper and lower bounds of network capacity are further derived with given requirements on the reliable and secure transmission probabilities.Simulation results demonstrate that the proposed DSC-assisted scheme can outperform the benchmark scheme in terms of security performance.Finally,the impacts of key factors in the proposed DSC-assisted scheme on the network capacity and security are evaluated and discussed.
文摘According to the current problems of safety management processes in coalmine enterprises,we introduced barrel theory to coal mine safety management,constructedthe closed-loop structure of a coal mine safety management system,andpointed out that efficient safety management lies in three factors:safety quality of all ofthe staff in coal mine enterprises,weak links in security management systems,and cooperationamong departments.After conducting detailed analysis of these three factors,we proposed concrete ways of preventing and controlling potential safety hazards duringthe process of coal mine production.
文摘A lot of technologies can be used in home control subnet, but the hardware and software resources available for the home control subnet are limited. There are security problems easily seen. The paper gives the system-atic analysis of the structure and function of home control subnet based on the general model of home net-work. The paper has also analyzed two types of major equipment, namely sub-gateways and terminal equip-ment. The major networking technology used in home control subnet is summarized and concluded. In com-bination with relationship among home control subnet, home network, as well as the outside main network, the paper has systematically studied various safety problems related to home control gateways and the possi-ble solutions to those problems have been made.
基金supported by the Technical Project of the State Grid Corporation of China(research and demonstration application of key technology of energy storage cloud for mobile energy storage application of electric vehicles 5419-201971217a-0-0-00)。
文摘As part of the ongoing information revolution,smart power grid technology has become a key focus area for research into power systems.Intelligent electrical appliances are now an important component of power systems,providing a smart power grid with increased control,stability,and safety.Based on the secure communication requirements of cloud energy storage systems,this paper presents the design and development of a node controller for a cloud energy storage network.The function division and system deployment processes were carried out to ensure the security of the communication network used for the cloud energy storage system.Safety protection measures were proposed according to the demands of the communication network,allowing the system to run safely and stably.Finally,the effectiveness of the system was verified through a client-side distributed energy storage demonstration project in Suzhou,China.The system was observed to operate safely and stably,demonstrating good peak-clipping and valley filling effects,and improving the system load characteristics.
文摘Along with the deepening of the reform and opening-up policy and the entering of the WTO,international exchange of economy and culture has become more and more frequent,Internet has become an indispensable part of our life,its rapid development brings great convenience to us,and all of the computers will be connected by Internet in the 21 century,thus the meaning of information security has changed substantially.It not only changes from a general guarding to a common defence,but from a specific field to a public subject as well.However,the opening and sharing of the Internet resource,unefficient supervision as well as various virus make people's information and belongings being in an extremely dangerous environment.The fight between hackers and anti-hackers,destruction and anti-destruction has already affected the stable running of the network and users' legal right,caused great economy damages and it could also threat our country's security.So a right understanding and in-time measures should be paid special attention to.The thesis firstly expatiates the current state of the network security and its importance,and discusses some major factors and threats that affect the network security.And the thesis also introduce some catalogues of the security techniques,some relevant information and their major characters,besides that,I enumerate some popular and effective methods of protecting our network,including the widely used firewall,and the meticulous techniques such as security scan techniques and techniques of intrusion detection.Lastly,some protective measures are stated.
文摘The explicit rate flow control mechanisms for ABR service are used to sharethe available bandwidth of a bottleneck link fairly and reasonably among many competitive users andto maintain the buffer queue length of a bottleneck switch connected to the link at a desired levelin order to avoid and control congestion in ATM networks. However, designing effective flow controlmechanisms for the service is known to be difficult because of the variety of dynamic parametersinvolved such as available link bandwidth, burst of the traffic, the distances between ABR sourcesand switches. In this paper, we present a fuzzy explicit rate flow control mechanism for ABRservice. The mechanism has a simple structure and is robust in the sense that the mechanism'sstability is not sensitive to the change in the number of active virtual connections (VCs). Manysimulations show that this mechanism can not only effectively avoid network congestion, but alsoensure fair share of the bandwidth for all active VCs regardless of the number of hops theytraverse. Additionally, it has the advantages of fast convergence, low oscillation, and high linkbandwidth utilization.