The RPL(IPv6 Routing Protocol for Low-Power and Lossy Networks)protocol is essential for efficient communi-cation within the Internet of Things(IoT)ecosystem.Despite its significance,RPL’s susceptibility to attacks r...The RPL(IPv6 Routing Protocol for Low-Power and Lossy Networks)protocol is essential for efficient communi-cation within the Internet of Things(IoT)ecosystem.Despite its significance,RPL’s susceptibility to attacks remains a concern.This paper presents a comprehensive simulation-based analysis of the RPL protocol’s vulnerability to the decreased rank attack in both static andmobilenetwork environments.We employ the Random Direction Mobility Model(RDM)for mobile scenarios within the Cooja simulator.Our systematic evaluation focuses on critical performance metrics,including Packet Delivery Ratio(PDR),Average End to End Delay(AE2ED),throughput,Expected Transmission Count(ETX),and Average Power Consumption(APC).Our findings illuminate the disruptive impact of this attack on the routing hierarchy,resulting in decreased PDR and throughput,increased AE2ED,ETX,and APC.These results underscore the urgent need for robust security measures to protect RPL-based IoT networks.Furthermore,our study emphasizes the exacerbated impact of the attack in mobile scenarios,highlighting the evolving security requirements of IoT networks.展开更多
Cloud computing involves remote server deployments with public net-work infrastructures that allow clients to access computational resources.Virtual Machines(VMs)are supplied on requests and launched without interacti...Cloud computing involves remote server deployments with public net-work infrastructures that allow clients to access computational resources.Virtual Machines(VMs)are supplied on requests and launched without interactions from service providers.Intruders can target these servers and establish malicious con-nections on VMs for carrying out attacks on other clustered VMs.The existing system has issues with execution time and false-positive rates.Hence,the overall system performance is degraded considerably.The proposed approach is designed to eliminate Cross-VM side attacks and VM escape and hide the server’s position so that the opponent cannot track the target server beyond a certain point.Every request is passed from source to destination via one broadcast domain to confuse the opponent and avoid them from tracking the server’s position.Allocation of SECURITY Resources accepts a safety game in a simple format as input andfinds the best coverage vector for the opponent using a Stackelberg Equilibrium(SSE)technique.A Mixed Integer Linear Programming(MILP)framework is used in the algorithm.The VM challenge is reduced by afirewall-based controlling mechanism combining behavior-based detection and signature-based virus detection.The pro-posed method is focused on detecting malware attacks effectively and providing better security for the VMs.Finally,the experimental results indicate that the pro-posed security method is efficient.It consumes minimum execution time,better false positive rate,accuracy,and memory usage than the conventional approach.展开更多
Optical cryptanalysis is essential to the further investigation of more secure optical cryptosystems.Learning-based at-tack of optical encryption eliminates the need for the retrieval of random phase keys of optical e...Optical cryptanalysis is essential to the further investigation of more secure optical cryptosystems.Learning-based at-tack of optical encryption eliminates the need for the retrieval of random phase keys of optical encryption systems but it is limited for practical applications since it requires a large set of plaintext-ciphertext pairs for the cryptosystem to be at-tacked.Here,we propose a two-step deep learning strategy for ciphertext-only attack(COA)on the classical double ran-dom phase encryption(DRPE).Specifically,we construct a virtual DRPE system to gather the training data.Besides,we divide the inverse problem in COA into two more specific inverse problems and employ two deep neural networks(DNNs)to respectively learn the removal of speckle noise in the autocorrelation domain and the de-correlation operation to retrieve the plaintext image.With these two trained DNNs at hand,we show that the plaintext can be predicted in real-time from an unknown ciphertext alone.The proposed learning-based COA method dispenses with not only the retrieval of random phase keys but also the invasive data acquisition of plaintext-ciphertext pairs in the DPRE system.Numerical simulations and optical experiments demonstrate the feasibility and effectiveness of the proposed learning-based COA method.展开更多
The principle of ptychography is applied in known plain text attack on the double random phase encoding (DRPE) system. We find that with several pairs of plain texts and cipher texts, the model of attack on DRPE can...The principle of ptychography is applied in known plain text attack on the double random phase encoding (DRPE) system. We find that with several pairs of plain texts and cipher texts, the model of attack on DRPE can be converted to the model of ptyehographical imaging. Owing to the inherent merits of the ptyehographical imaging, the DRPE system can be breached totally in a fast and nearly perfect way, which is unavailable for currently existing attack methods. Further, since the decryption keys can be seen as an object to be imaged from the perspective of imaging, the ptychographical technique may be a kind of new direction to further analysis of the security of other encryption systems based on double random keys.展开更多
To address the problems of network congestion and spectrum resources shortage in multi-user large-scale scenarios,this paper proposes a twice random access OFDMA-NOMA-RA protocol combining the advantages of orthogonal...To address the problems of network congestion and spectrum resources shortage in multi-user large-scale scenarios,this paper proposes a twice random access OFDMA-NOMA-RA protocol combining the advantages of orthogonal frequency division multiple access(OFDMA)and non-orthogonal multiple access(NOMA).The idea of this protocol is that OFMDA is used to divide the entire frequency field into multiple orthogonal resource units(RUs),and NOMA is used on each RU to enable more users to access the channel and improve spectrum efficiency.Based on the protocol designed in this paper,in the case of imperfect successive interference cancellation(SIC),the probability of successful competition subchannels and the outage probability are derived for two scenarios:Users occupy the subchannel individually and users share the subchannel.Moreover,when two users share the channel,the decoding order of the users and the corresponding probabilities are considered.Then,the system throughput is obtained.To achieve better outage performance in the system,the optimal power allocation algorithm is proposed in this paper,which enables the optimal power allocation strategy to be obtained.Numerical results show that the larger the imperfect SIC coefficient,the worse the outage performance of weak users.Compared with pure OFDMA and NOMA,OFDMA-NOMA-RA always maintains an advantage when the imperfect SIC coefficient is less than a specific value.展开更多
We introduce a novel model for robustness of complex with a tunable attack information parameter. The random failure and intentional attack known are the two extreme cases of our model. Based on the model, we study th...We introduce a novel model for robustness of complex with a tunable attack information parameter. The random failure and intentional attack known are the two extreme cases of our model. Based on the model, we study the robustness of complex networks under random information and preferential information, respectively. Using the generating function method, we derive the exact value of the critical removal fraction of nodes for the disintegration of networks and the size of the giant component. We show that hiding just a small fraction of nodes randomly can prevent a scale-free network from collapsing and detecting just a small fraction of nodes preferentially can destroy a scale-free network.展开更多
We propose a framework for designing randomized stream ciphers with enhanced security. The key attribute of this framework is using of nonlinear bijective mappings or keyless hash functions for random coding. We inves...We propose a framework for designing randomized stream ciphers with enhanced security. The key attribute of this framework is using of nonlinear bijective mappings or keyless hash functions for random coding. We investigate the computational security of the proposed ciphers against chosen-plaintext-chosen-initialization-vector attacks and show that it is based on the hardness of solving some systems of random nonlinear Boolean equations. We also provide guidelines for choosing components to design randomizers for specified ciphers.展开更多
In defense-in-depth,humans have always been the weakest link in cybersecurity.However,unlike common threats,social engineering poses vulnerabilities not directly quantifiable in penetration testing.Most skilled social...In defense-in-depth,humans have always been the weakest link in cybersecurity.However,unlike common threats,social engineering poses vulnerabilities not directly quantifiable in penetration testing.Most skilled social engineers trick users into giving up information voluntarily through attacks like phishing and adware.Social Engineering(SE)in social media is structurally similar to regular posts but contains malicious intrinsic meaning within the sentence semantic.In this paper,a novel SE model is trained using a Recurrent Neural Network Long Short Term Memory(RNN-LSTM)to identify well-disguised SE threats in social media posts.We use a custom dataset crawled from hundreds of corporate and personal Facebook posts.First,the social engineering attack detection pipeline(SEAD)is designed to filter out social posts with malicious intents using domain heuristics.Next,each social media post is tokenized into sentences and then analyzed with a sentiment analyzer before being labelled as an anomaly or normal training data.Then,we train an RNN-LSTM model to detect five types of social engineering attacks that potentially contain signs of information gathering.The experimental result showed that the Social Engineering Attack(SEA)model achieves 0.84 in classification precision and 0.81 in recall compared to the ground truth labeled by network experts.The experimental results showed that the semantics and linguistics similarities are an effective indicator for early detection of SEA.展开更多
针对网联车队列系统易受到干扰和拒绝服务(Denial of service, DoS)攻击问题,提出一种外部干扰和随机DoS攻击作用下的网联车安全H∞队列控制方法.首先,采用马尔科夫随机过程,将网联车随机DoS攻击特性建模为一个随机通信拓扑切换模型,据...针对网联车队列系统易受到干扰和拒绝服务(Denial of service, DoS)攻击问题,提出一种外部干扰和随机DoS攻击作用下的网联车安全H∞队列控制方法.首先,采用马尔科夫随机过程,将网联车随机DoS攻击特性建模为一个随机通信拓扑切换模型,据此设计网联车安全队列控制协议.然后,采用线性矩阵不等式(Linear matrix inequality, LMI)技术计算安全队列控制器参数,并应用Lyapunov-Krasovskii稳定性理论,建立在外部扰动和随机DoS攻击下队列系统稳定性充分条件.在此基础上,分析得到该队列闭环系统的弦稳定性充分条件.最后,通过7辆车组成的队列系统对比仿真实验,验证该方法的优越性.展开更多
当前对抗训练(AT)及其变体被证明是防御对抗攻击的最有效方法,但生成对抗样本的过程需要庞大的计算资源,导致模型训练效率低、可行性不强;快速AT(Fast-AT)使用单步对抗攻击代替多步对抗攻击加速训练过程,但模型鲁棒性远低于多步AT方法...当前对抗训练(AT)及其变体被证明是防御对抗攻击的最有效方法,但生成对抗样本的过程需要庞大的计算资源,导致模型训练效率低、可行性不强;快速AT(Fast-AT)使用单步对抗攻击代替多步对抗攻击加速训练过程,但模型鲁棒性远低于多步AT方法且容易发生灾难性过拟合(CO)。针对这些问题,提出一种基于随机噪声和自适应步长的Fast-AT方法。首先,在生成对抗样本的每次迭代中,通过对原始输入图像添加随机噪声增强数据;其次,累积训练过程中每个对抗样本的梯度,并根据梯度信息自适应地调整对抗样本的扰动步长;最后,根据步长和梯度进行对抗攻击,生成对抗样本用于模型训练。在CIFAR-10、CIFAR-100数据集上进行多种对抗攻击,相较于N-FGSM(Noise Fast Gradient Sign Method),所提方法在鲁棒准确率上取得了至少0.35个百分点的提升。实验结果表明,所提方法能避免Fast-AT中的CO问题,提高深度学习模型的鲁棒性。展开更多
文摘The RPL(IPv6 Routing Protocol for Low-Power and Lossy Networks)protocol is essential for efficient communi-cation within the Internet of Things(IoT)ecosystem.Despite its significance,RPL’s susceptibility to attacks remains a concern.This paper presents a comprehensive simulation-based analysis of the RPL protocol’s vulnerability to the decreased rank attack in both static andmobilenetwork environments.We employ the Random Direction Mobility Model(RDM)for mobile scenarios within the Cooja simulator.Our systematic evaluation focuses on critical performance metrics,including Packet Delivery Ratio(PDR),Average End to End Delay(AE2ED),throughput,Expected Transmission Count(ETX),and Average Power Consumption(APC).Our findings illuminate the disruptive impact of this attack on the routing hierarchy,resulting in decreased PDR and throughput,increased AE2ED,ETX,and APC.These results underscore the urgent need for robust security measures to protect RPL-based IoT networks.Furthermore,our study emphasizes the exacerbated impact of the attack in mobile scenarios,highlighting the evolving security requirements of IoT networks.
文摘Cloud computing involves remote server deployments with public net-work infrastructures that allow clients to access computational resources.Virtual Machines(VMs)are supplied on requests and launched without interactions from service providers.Intruders can target these servers and establish malicious con-nections on VMs for carrying out attacks on other clustered VMs.The existing system has issues with execution time and false-positive rates.Hence,the overall system performance is degraded considerably.The proposed approach is designed to eliminate Cross-VM side attacks and VM escape and hide the server’s position so that the opponent cannot track the target server beyond a certain point.Every request is passed from source to destination via one broadcast domain to confuse the opponent and avoid them from tracking the server’s position.Allocation of SECURITY Resources accepts a safety game in a simple format as input andfinds the best coverage vector for the opponent using a Stackelberg Equilibrium(SSE)technique.A Mixed Integer Linear Programming(MILP)framework is used in the algorithm.The VM challenge is reduced by afirewall-based controlling mechanism combining behavior-based detection and signature-based virus detection.The pro-posed method is focused on detecting malware attacks effectively and providing better security for the VMs.Finally,the experimental results indicate that the pro-posed security method is efficient.It consumes minimum execution time,better false positive rate,accuracy,and memory usage than the conventional approach.
基金financial supports from the National Natural Science Foundation of China(NSFC)(62061136005,61705141,61805152,61875129,61701321)Sino-German Research Collaboration Group(GZ 1391)+2 种基金the Mobility program(M-0044)sponsored by the Sino-German CenterChinese Academy of Sciences(QYZDB-SSW-JSC002)Science and Technology Innovation Commission of Shenzhen(JCYJ20170817095047279)。
文摘Optical cryptanalysis is essential to the further investigation of more secure optical cryptosystems.Learning-based at-tack of optical encryption eliminates the need for the retrieval of random phase keys of optical encryption systems but it is limited for practical applications since it requires a large set of plaintext-ciphertext pairs for the cryptosystem to be at-tacked.Here,we propose a two-step deep learning strategy for ciphertext-only attack(COA)on the classical double ran-dom phase encryption(DRPE).Specifically,we construct a virtual DRPE system to gather the training data.Besides,we divide the inverse problem in COA into two more specific inverse problems and employ two deep neural networks(DNNs)to respectively learn the removal of speckle noise in the autocorrelation domain and the de-correlation operation to retrieve the plaintext image.With these two trained DNNs at hand,we show that the plaintext can be predicted in real-time from an unknown ciphertext alone.The proposed learning-based COA method dispenses with not only the retrieval of random phase keys but also the invasive data acquisition of plaintext-ciphertext pairs in the DPRE system.Numerical simulations and optical experiments demonstrate the feasibility and effectiveness of the proposed learning-based COA method.
基金Supported by the National Natural Science Foundation of China under Grant Nos 61575197 and 61307018the K.C.Wong Education Foundation,the President Fund of University of Chinese Academy of Sciencesthe Fusion Funds of Research and Education of Chinese Academy of Sciences
文摘The principle of ptychography is applied in known plain text attack on the double random phase encoding (DRPE) system. We find that with several pairs of plain texts and cipher texts, the model of attack on DRPE can be converted to the model of ptyehographical imaging. Owing to the inherent merits of the ptyehographical imaging, the DRPE system can be breached totally in a fast and nearly perfect way, which is unavailable for currently existing attack methods. Further, since the decryption keys can be seen as an object to be imaged from the perspective of imaging, the ptychographical technique may be a kind of new direction to further analysis of the security of other encryption systems based on double random keys.
基金funded in part by the National Natural Science Foundation of China under Grant 61663024in part by the Hongliu First Class Discipline Development Project of Lanzhou University of Technology(25-225305).
文摘To address the problems of network congestion and spectrum resources shortage in multi-user large-scale scenarios,this paper proposes a twice random access OFDMA-NOMA-RA protocol combining the advantages of orthogonal frequency division multiple access(OFDMA)and non-orthogonal multiple access(NOMA).The idea of this protocol is that OFMDA is used to divide the entire frequency field into multiple orthogonal resource units(RUs),and NOMA is used on each RU to enable more users to access the channel and improve spectrum efficiency.Based on the protocol designed in this paper,in the case of imperfect successive interference cancellation(SIC),the probability of successful competition subchannels and the outage probability are derived for two scenarios:Users occupy the subchannel individually and users share the subchannel.Moreover,when two users share the channel,the decoding order of the users and the corresponding probabilities are considered.Then,the system throughput is obtained.To achieve better outage performance in the system,the optimal power allocation algorithm is proposed in this paper,which enables the optimal power allocation strategy to be obtained.Numerical results show that the larger the imperfect SIC coefficient,the worse the outage performance of weak users.Compared with pure OFDMA and NOMA,OFDMA-NOMA-RA always maintains an advantage when the imperfect SIC coefficient is less than a specific value.
基金Supported by the National Natural Science Foundation of China under Grant No 70501032.
文摘We introduce a novel model for robustness of complex with a tunable attack information parameter. The random failure and intentional attack known are the two extreme cases of our model. Based on the model, we study the robustness of complex networks under random information and preferential information, respectively. Using the generating function method, we derive the exact value of the critical removal fraction of nodes for the disintegration of networks and the size of the giant component. We show that hiding just a small fraction of nodes randomly can prevent a scale-free network from collapsing and detecting just a small fraction of nodes preferentially can destroy a scale-free network.
文摘We propose a framework for designing randomized stream ciphers with enhanced security. The key attribute of this framework is using of nonlinear bijective mappings or keyless hash functions for random coding. We investigate the computational security of the proposed ciphers against chosen-plaintext-chosen-initialization-vector attacks and show that it is based on the hardness of solving some systems of random nonlinear Boolean equations. We also provide guidelines for choosing components to design randomizers for specified ciphers.
基金The authors acknowledge the funding support ofFRGS/1/2021/ICT07/UTAR/02/3 and IPSR/RMC/UTARRF/2020-C2/G01 for this study.
文摘In defense-in-depth,humans have always been the weakest link in cybersecurity.However,unlike common threats,social engineering poses vulnerabilities not directly quantifiable in penetration testing.Most skilled social engineers trick users into giving up information voluntarily through attacks like phishing and adware.Social Engineering(SE)in social media is structurally similar to regular posts but contains malicious intrinsic meaning within the sentence semantic.In this paper,a novel SE model is trained using a Recurrent Neural Network Long Short Term Memory(RNN-LSTM)to identify well-disguised SE threats in social media posts.We use a custom dataset crawled from hundreds of corporate and personal Facebook posts.First,the social engineering attack detection pipeline(SEAD)is designed to filter out social posts with malicious intents using domain heuristics.Next,each social media post is tokenized into sentences and then analyzed with a sentiment analyzer before being labelled as an anomaly or normal training data.Then,we train an RNN-LSTM model to detect five types of social engineering attacks that potentially contain signs of information gathering.The experimental result showed that the Social Engineering Attack(SEA)model achieves 0.84 in classification precision and 0.81 in recall compared to the ground truth labeled by network experts.The experimental results showed that the semantics and linguistics similarities are an effective indicator for early detection of SEA.
文摘当前对抗训练(AT)及其变体被证明是防御对抗攻击的最有效方法,但生成对抗样本的过程需要庞大的计算资源,导致模型训练效率低、可行性不强;快速AT(Fast-AT)使用单步对抗攻击代替多步对抗攻击加速训练过程,但模型鲁棒性远低于多步AT方法且容易发生灾难性过拟合(CO)。针对这些问题,提出一种基于随机噪声和自适应步长的Fast-AT方法。首先,在生成对抗样本的每次迭代中,通过对原始输入图像添加随机噪声增强数据;其次,累积训练过程中每个对抗样本的梯度,并根据梯度信息自适应地调整对抗样本的扰动步长;最后,根据步长和梯度进行对抗攻击,生成对抗样本用于模型训练。在CIFAR-10、CIFAR-100数据集上进行多种对抗攻击,相较于N-FGSM(Noise Fast Gradient Sign Method),所提方法在鲁棒准确率上取得了至少0.35个百分点的提升。实验结果表明,所提方法能避免Fast-AT中的CO问题,提高深度学习模型的鲁棒性。
