Unmanned aerial vehicles(UAVs) are widely used in commercial activities due to their low cost and high efficiency. However, many unscrupulous activities have taken advantage of the open nature of civil navigation mess...Unmanned aerial vehicles(UAVs) are widely used in commercial activities due to their low cost and high efficiency. However, many unscrupulous activities have taken advantage of the open nature of civil navigation messages to implement Global Navigation Satellite System(GNSS) spoofing attacks on UAVs, resulting in major security risks for UAVs. In order to cope with spoofing attacks, a navigation message authentication(NMA) scheme has been proposed to protect navigation messages. However, the mainstream NMA schemes have defects of a single authentication process and large time overhead. Furthermore,these schemes depend on digital certificates to update the key. In the event that the UAV is disconnected from the certificate authority, it will be unable to update the key in an appropriate manner, which will consequently affect subsequent authentication.To solve the above problems, this paper proposes a hybrid authentication scheme based on BeiDou-Ⅲ navigation system(BDS-Ⅲ), which combines Navigation Message Authentication(NMA) and timed efficient stream losstolerant authentication(TESLA) to achieve a triple authentication of signatures, TESLA keys, and message authentication code(MAC). Then, the SM2 signature algorithm is modified to reduce the authentication time overhead. Finally, the stability of the key update process is enhanced by storing the public key in the navigation message and broadcasting it by satellite. Experimental verification shows that the proposed scheme can effectively resist replay attacks and generative spoofing attacks, while guaranteeing the security.The authentication error rate of the proposed scheme can meet the demand of less than 10^(−3) when it is lower than the average carrier-to-noise ratio of 7dBHz. The time between authentications(TBA) is 15.11 seconds.The unpredictable symbol rate(USR) is 16.8% which is a better performance compared with same kind of scheme.展开更多
The rapid progression of the Internet of Things(IoT)technology enables its application across various sectors.However,IoT devices typically acquire inadequate computing power and user interfaces,making them susceptibl...The rapid progression of the Internet of Things(IoT)technology enables its application across various sectors.However,IoT devices typically acquire inadequate computing power and user interfaces,making them susceptible to security threats.One significant risk to cloud networks is Distributed Denial-of-Service(DoS)attacks,where attackers aim to overcome a target system with excessive data and requests.Among these,low-rate DoS(LR-DoS)attacks present a particular challenge to detection.By sending bursts of attacks at irregular intervals,LR-DoS significantly degrades the targeted system’s Quality of Service(QoS).The low-rate nature of these attacks confuses their detection,as they frequently trigger congestion control mechanisms,leading to significant instability in IoT systems.Therefore,to detect the LR-DoS attack,an innovative deep-learning model has been developed for this research work.The standard dataset is utilized to collect the required data.Further,the deep feature extraction process is executed using the Residual Autoencoder with Sparse Attention(ResAE-SA),which helps derive the significant feature required for detection.Ultimately,the Adaptive Dense Recurrent Neural Network(ADRNN)is implemented to detect LR-DoS effectively.To enhance the detection process,the parameters present in the ADRNN are optimized using the Renovated Random Attribute-based Fennec Fox Optimization(RRA-FFA).The proposed optimization reduces the False Discovery Rate and False Positive Rate,maximizing the Matthews Correlation Coefficient from 23,70.8,76.2,84.28 in Dataset 1 and 70.28,73.8,74.1,82.6 in Dataset 2 on EPC-ADRNN,DPO-ADRNN,GTO-ADRNN,FFA-ADRNN respectively to 95.8 on Dataset 1 and 91.7 on Dataset 2 in proposed model.At batch size 4,the accuracy of the designed RRA-FFA-ADRNN model progressed by 9.2%to GTO-ADRNN,11.6%to EFC-ADRNN,10.9%to DPO-ADRNN,and 4%to FFA-ADRNN for Dataset 1.The accuracy of the proposed RRA-FFA-ADRNN is boosted by 12.9%,9.09%,11.6%,and 10.9%over FFCNN,SVM,RNN,and DRNN,using Dataset 2,showing a better improvement in accuracy with that of the proposed RRA-FFA-ADRNN model with 95.7%using Dataset 1 and 94.1%with Dataset 2,which is better than the existing baseline models.展开更多
The low-intensity attack flows used by Crossfire attacks are hard to distinguish from legitimate flows.Traditional methods to identify the malicious flows in Crossfire attacks are rerouting,which is based on statistic...The low-intensity attack flows used by Crossfire attacks are hard to distinguish from legitimate flows.Traditional methods to identify the malicious flows in Crossfire attacks are rerouting,which is based on statistics.In these existing mechanisms,the identification of malicious flows depends on the IP address.However,the IP address is easy to be changed by attacks.Comparedwith the IP address,the certificate ismore challenging to be tampered with or forged.Moreover,the traffic trend in the network is towards encryption.The certificates are popularly utilized by IoT devices for authentication in encryption protocols.DTLShps proposed a new way to verify certificates for resource-constrained IoT devices by using the SDN controller.Based on DTLShps,the SDN controller can collect statistics on certificates.In this paper,we proposeCertrust,a framework based on the trust of certificates,tomitigate the Crossfire attack by using SDN for IoT.Our goal is threefold.First,the trust model is built based on the Bayesian trust system with the statistics on the participation of certificates in each Crossfire attack.Moreover,the forgetting curve is utilized instead of the traditional decay method in the Bayesian trust system for achieving a moderate decay rate.Second,for detecting the Crossfire attack accurately,a method based on graph connectivity is proposed.Third,several trust-based routing principles are proposed tomitigate the Crossfire attack.These principles can also encourage users to use certificates in communication.The performance evaluation shows that Certrust is more effective in mitigating the Crossfire attack than the traditional rerouting schemes.Moreover,our trust model has a more appropriate decay rate than the traditional methods.展开更多
Software Defined Networking(SDN) provides a flexible and convenient way to support fine-grained traffic-engineering(TE). Besides, SDN also provides better Quality of Experience(QoE) for customers. However, the policy ...Software Defined Networking(SDN) provides a flexible and convenient way to support fine-grained traffic-engineering(TE). Besides, SDN also provides better Quality of Experience(QoE) for customers. However, the policy of the evolution from legacy networks to the SDNs overemphasizes the controllability of the network or TE while ignoring the customers' benefit. Standing in the customers' position, we propose an optimization scheme, named as Optimal Migration Schedule based on Customers' Benefit(OMSB), to produce an optimized migration schedule and maximize the benefit of customers. Not only the quality and quantity of paths availed by migration, but also the number of flows from the customers that can use these multi-paths are taken into consideration for the scheduling. We compare the OMSB with other six migration schemes in terms of the benefit of customers. Our results suggest that the sequence of the migration plays a vital role for customers, especially in the early stages of the network migration to the SDN.展开更多
基金supported in part by the Fundamental Research Funds for the Central Universities under Grant 3072025HY0802the National Natural Science Foundation of China under Grant 62071148Qatar National Library
文摘Unmanned aerial vehicles(UAVs) are widely used in commercial activities due to their low cost and high efficiency. However, many unscrupulous activities have taken advantage of the open nature of civil navigation messages to implement Global Navigation Satellite System(GNSS) spoofing attacks on UAVs, resulting in major security risks for UAVs. In order to cope with spoofing attacks, a navigation message authentication(NMA) scheme has been proposed to protect navigation messages. However, the mainstream NMA schemes have defects of a single authentication process and large time overhead. Furthermore,these schemes depend on digital certificates to update the key. In the event that the UAV is disconnected from the certificate authority, it will be unable to update the key in an appropriate manner, which will consequently affect subsequent authentication.To solve the above problems, this paper proposes a hybrid authentication scheme based on BeiDou-Ⅲ navigation system(BDS-Ⅲ), which combines Navigation Message Authentication(NMA) and timed efficient stream losstolerant authentication(TESLA) to achieve a triple authentication of signatures, TESLA keys, and message authentication code(MAC). Then, the SM2 signature algorithm is modified to reduce the authentication time overhead. Finally, the stability of the key update process is enhanced by storing the public key in the navigation message and broadcasting it by satellite. Experimental verification shows that the proposed scheme can effectively resist replay attacks and generative spoofing attacks, while guaranteeing the security.The authentication error rate of the proposed scheme can meet the demand of less than 10^(−3) when it is lower than the average carrier-to-noise ratio of 7dBHz. The time between authentications(TBA) is 15.11 seconds.The unpredictable symbol rate(USR) is 16.8% which is a better performance compared with same kind of scheme.
基金funded by the Ministry of Higher Education Malaysia,Fundamental Research Grant Scheme(FRGS),FRGS/1/2024/ICT07/UPNM/02/1.
文摘The rapid progression of the Internet of Things(IoT)technology enables its application across various sectors.However,IoT devices typically acquire inadequate computing power and user interfaces,making them susceptible to security threats.One significant risk to cloud networks is Distributed Denial-of-Service(DoS)attacks,where attackers aim to overcome a target system with excessive data and requests.Among these,low-rate DoS(LR-DoS)attacks present a particular challenge to detection.By sending bursts of attacks at irregular intervals,LR-DoS significantly degrades the targeted system’s Quality of Service(QoS).The low-rate nature of these attacks confuses their detection,as they frequently trigger congestion control mechanisms,leading to significant instability in IoT systems.Therefore,to detect the LR-DoS attack,an innovative deep-learning model has been developed for this research work.The standard dataset is utilized to collect the required data.Further,the deep feature extraction process is executed using the Residual Autoencoder with Sparse Attention(ResAE-SA),which helps derive the significant feature required for detection.Ultimately,the Adaptive Dense Recurrent Neural Network(ADRNN)is implemented to detect LR-DoS effectively.To enhance the detection process,the parameters present in the ADRNN are optimized using the Renovated Random Attribute-based Fennec Fox Optimization(RRA-FFA).The proposed optimization reduces the False Discovery Rate and False Positive Rate,maximizing the Matthews Correlation Coefficient from 23,70.8,76.2,84.28 in Dataset 1 and 70.28,73.8,74.1,82.6 in Dataset 2 on EPC-ADRNN,DPO-ADRNN,GTO-ADRNN,FFA-ADRNN respectively to 95.8 on Dataset 1 and 91.7 on Dataset 2 in proposed model.At batch size 4,the accuracy of the designed RRA-FFA-ADRNN model progressed by 9.2%to GTO-ADRNN,11.6%to EFC-ADRNN,10.9%to DPO-ADRNN,and 4%to FFA-ADRNN for Dataset 1.The accuracy of the proposed RRA-FFA-ADRNN is boosted by 12.9%,9.09%,11.6%,and 10.9%over FFCNN,SVM,RNN,and DRNN,using Dataset 2,showing a better improvement in accuracy with that of the proposed RRA-FFA-ADRNN model with 95.7%using Dataset 1 and 94.1%with Dataset 2,which is better than the existing baseline models.
基金supported by Joint Funds of the National Natural Science Foundation of China and Xinjiang under Project U1603261.
文摘The low-intensity attack flows used by Crossfire attacks are hard to distinguish from legitimate flows.Traditional methods to identify the malicious flows in Crossfire attacks are rerouting,which is based on statistics.In these existing mechanisms,the identification of malicious flows depends on the IP address.However,the IP address is easy to be changed by attacks.Comparedwith the IP address,the certificate ismore challenging to be tampered with or forged.Moreover,the traffic trend in the network is towards encryption.The certificates are popularly utilized by IoT devices for authentication in encryption protocols.DTLShps proposed a new way to verify certificates for resource-constrained IoT devices by using the SDN controller.Based on DTLShps,the SDN controller can collect statistics on certificates.In this paper,we proposeCertrust,a framework based on the trust of certificates,tomitigate the Crossfire attack by using SDN for IoT.Our goal is threefold.First,the trust model is built based on the Bayesian trust system with the statistics on the participation of certificates in each Crossfire attack.Moreover,the forgetting curve is utilized instead of the traditional decay method in the Bayesian trust system for achieving a moderate decay rate.Second,for detecting the Crossfire attack accurately,a method based on graph connectivity is proposed.Third,several trust-based routing principles are proposed tomitigate the Crossfire attack.These principles can also encourage users to use certificates in communication.The performance evaluation shows that Certrust is more effective in mitigating the Crossfire attack than the traditional rerouting schemes.Moreover,our trust model has a more appropriate decay rate than the traditional methods.
基金supported by Joint Funds of National Natural Science Foundation of China and Xinjiang under code U1603261the Research Fund of Ministry of Education-China Mobile under Grant No. MCM20160304the Fundamental Research Funds for the Central Universities
文摘Software Defined Networking(SDN) provides a flexible and convenient way to support fine-grained traffic-engineering(TE). Besides, SDN also provides better Quality of Experience(QoE) for customers. However, the policy of the evolution from legacy networks to the SDNs overemphasizes the controllability of the network or TE while ignoring the customers' benefit. Standing in the customers' position, we propose an optimization scheme, named as Optimal Migration Schedule based on Customers' Benefit(OMSB), to produce an optimized migration schedule and maximize the benefit of customers. Not only the quality and quantity of paths availed by migration, but also the number of flows from the customers that can use these multi-paths are taken into consideration for the scheduling. We compare the OMSB with other six migration schemes in terms of the benefit of customers. Our results suggest that the sequence of the migration plays a vital role for customers, especially in the early stages of the network migration to the SDN.
