Distributed Denial-of-Service(DDoS)attacks pose severe threats to Industrial Control Networks(ICNs),where service disruption can cause significant economic losses and operational risks.Existing signature-based methods...Distributed Denial-of-Service(DDoS)attacks pose severe threats to Industrial Control Networks(ICNs),where service disruption can cause significant economic losses and operational risks.Existing signature-based methods are ineffective against novel attacks,and traditional machine learning models struggle to capture the complex temporal dependencies and dynamic traffic patterns inherent in ICN environments.To address these challenges,this study proposes a deep feature-driven hybrid framework that integrates Transformer,BiLSTM,and KNN to achieve accurate and robust DDoS detection.The Transformer component extracts global temporal dependencies from network traffic flows,while BiLSTM captures fine-grained sequential dynamics.The learned embeddings are then classified using an instance-based KNN layer,enhancing decision boundary precision.This cascaded architecture balances feature abstraction and locality preservation,improving both generalization and robustness.The proposed approach was evaluated on a newly collected real-time ICN traffic dataset and further validated using the public CIC-IDS2017 and Edge-IIoT datasets to demonstrate generalization.Comprehensive metrics including accuracy,precision,recall,F1-score,ROC-AUC,PR-AUC,false positive rate(FPR),and detection latency were employed.Results show that the hybrid framework achieves 98.42%accuracy with an ROC-AUC of 0.992 and FPR below 1%,outperforming baseline machine learning and deep learning models.Robustness experiments under Gaussian noise perturbations confirmed stable performance with less than 2%accuracy degradation.Moreover,detection latency remained below 2.1 ms per sample,indicating suitability for real-time ICS deployment.In summary,the proposed hybrid temporal learning and instance-based classification model offers a scalable and effective solution for DDoS detection in industrial control environments.By combining global contextual modeling,sequential learning,and instance-based refinement,the framework demonstrates strong adaptability across datasets and resilience against noise,providing practical utility for safeguarding critical infrastructure.展开更多
Distributed Denial of Service(DDoS)attacks are one of the severe threats to network infrastructure,sometimes bypassing traditional diagnosis algorithms because of their evolving complexity.PresentMachine Learning(ML)t...Distributed Denial of Service(DDoS)attacks are one of the severe threats to network infrastructure,sometimes bypassing traditional diagnosis algorithms because of their evolving complexity.PresentMachine Learning(ML)techniques for DDoS attack diagnosis normally apply network traffic statistical features such as packet sizes and inter-arrival times.However,such techniques sometimes fail to capture complicated relations among various traffic flows.In this paper,we present a new multi-scale ensemble strategy given the Graph Neural Networks(GNNs)for improving DDoS detection.Our technique divides traffic into macro-and micro-level elements,letting various GNN models to get the two corase-scale anomalies and subtle,stealthy attack models.Through modeling network traffic as graph-structured data,GNNs efficiently learn intricate relations among network entities.The proposed ensemble learning algorithm combines the results of several GNNs to improve generalization,robustness,and scalability.Extensive experiments on three benchmark datasets—UNSW-NB15,CICIDS2017,and CICDDoS2019—show that our approach outperforms traditional machine learning and deep learning models in detecting both high-rate and low-rate(stealthy)DDoS attacks,with significant improvements in accuracy and recall.These findings demonstrate the suggested method’s applicability and robustness for real-world implementation in contexts where several DDoS patterns coexist.展开更多
The increased connectivity and reliance on digital technologies have exposed smart transportation systems to various cyber threats,making intrusion detection a critical aspect of ensuring their secure operation.Tradit...The increased connectivity and reliance on digital technologies have exposed smart transportation systems to various cyber threats,making intrusion detection a critical aspect of ensuring their secure operation.Traditional intrusion detection systems have limitations in terms of centralized architecture,lack of transparency,and vulnerability to single points of failure.This is where the integration of blockchain technology with signature-based intrusion detection can provide a robust and decentralized solution for securing smart transportation systems.This study tackles the issue of database manipulation attacks in smart transportation networks by proposing a signaturebased intrusion detection system.The introduced signature facilitates accurate detection and systematic classification of attacks,enabling categorization according to their severity levels within the transportation infrastructure.Through comparative analysis,the research demonstrates that the blockchain-based IDS outperforms traditional approaches in terms of security,resilience,and data integrity.展开更多
The advent of quantum computing poses a significant challenge to traditional cryptographic protocols,particularly those used in SecureMultiparty Computation(MPC),a fundamental cryptographic primitive for privacypreser...The advent of quantum computing poses a significant challenge to traditional cryptographic protocols,particularly those used in SecureMultiparty Computation(MPC),a fundamental cryptographic primitive for privacypreserving computation.Classical MPC relies on cryptographic techniques such as homomorphic encryption,secret sharing,and oblivious transfer,which may become vulnerable in the post-quantum era due to the computational power of quantum adversaries.This study presents a review of 140 peer-reviewed articles published between 2000 and 2025 that used different databases like MDPI,IEEE Explore,Springer,and Elsevier,examining the applications,types,and security issues with the solution of Quantum computing in different fields.This review explores the impact of quantum computing on MPC security,assesses emerging quantum-resistant MPC protocols,and examines hybrid classicalquantum approaches aimed at mitigating quantum threats.We analyze the role of Quantum Key Distribution(QKD),post-quantum cryptography(PQC),and quantum homomorphic encryption in securing multiparty computations.Additionally,we discuss the challenges of scalability,computational efficiency,and practical deployment of quantumsecure MPC frameworks in real-world applications such as privacy-preserving AI,secure blockchain transactions,and confidential data analysis.This review provides insights into the future research directions and open challenges in ensuring secure,scalable,and quantum-resistant multiparty computation.展开更多
With the growing complexity and decentralization of network systems,the attack surface has expanded,which has led to greater concerns over network threats.In this context,artificial intelligence(AI)-based network intr...With the growing complexity and decentralization of network systems,the attack surface has expanded,which has led to greater concerns over network threats.In this context,artificial intelligence(AI)-based network intrusion detection systems(NIDS)have been extensively studied,and recent efforts have shifted toward integrating distributed learning to enable intelligent and scalable detection mechanisms.However,most existing works focus on individual distributed learning frameworks,and there is a lack of systematic evaluations that compare different algorithms under consistent conditions.In this paper,we present a comprehensive evaluation of representative distributed learning frameworks—Federated Learning(FL),Split Learning(SL),hybrid collaborative learning(SFL),and fully distributed learning—in the context of AI-driven NIDS.Using recent benchmark intrusion detection datasets,a unified model backbone,and controlled distributed scenarios,we assess these frameworks across multiple criteria,including detection performance,communication cost,computational efficiency,and convergence behavior.Our findings highlight distinct trade-offs among the distributed learning frameworks,demonstrating that the optimal choice depends strongly on systemconstraints such as bandwidth availability,node resources,and data distribution.This work provides the first holistic analysis of distributed learning approaches for AI-driven NIDS and offers practical guidelines for designing secure and efficient intrusion detection systems in decentralized environments.展开更多
To provide a high-security guaran- tee to network coding and lower the comput- ing complexity induced by signature scheme, we take full advantage of homomorphic prop- erty to build lattice signature schemes and sec- u...To provide a high-security guaran- tee to network coding and lower the comput- ing complexity induced by signature scheme, we take full advantage of homomorphic prop- erty to build lattice signature schemes and sec- ure network coding algorithms. Firstly, by means of the distance between the message and its sig- nature in a lattice, we propose a Distance-bas- ed Secure Network Coding (DSNC) algorithm and stipulate its security to a new hard problem Fixed Length Vector Problem (FLVP), which is harder than Shortest Vector Problem (SVP) on lattices. Secondly, considering the bound- ary on the distance between the message and its signature, we further propose an efficient Bo- undary-based Secure Network Coding (BSNC) algorithm to reduce the computing complexity induced by square calculation in DSNC. Sim- ulation results and security analysis show that the proposed signature schemes have stronger unforgeability due to the natural property of lattices than traditional Rivest-Shamir-Adleman (RSA)-based signature scheme. DSNC algo- rithm is more secure and BSNC algorithm greatly reduces the time cost on computation.展开更多
Over the past few years,rapid advancements in the internet and communication technologies have led to increasingly intricate and diverse networking systems.As a result,greater intelligence is necessary to effectively ...Over the past few years,rapid advancements in the internet and communication technologies have led to increasingly intricate and diverse networking systems.As a result,greater intelligence is necessary to effectively manage,optimize,and maintain these systems.Due to their distributed nature,machine learning models are challenging to deploy in traditional networks.However,Software-Defined Networking(SDN)presents an opportunity to integrate intelligence into networks by offering a programmable architecture that separates data and control planes.SDN provides a centralized network view and allows for dynamic updates of flow rules and softwarebased traffic analysis.While the programmable nature of SDN makes it easier to deploy machine learning techniques,the centralized control logic also makes it vulnerable to cyberattacks.To address these issues,recent research has focused on developing powerful machine-learning methods for detecting and mitigating attacks in SDN environments.This paper highlighted the countermeasures for cyberattacks on SDN and how current machine learningbased solutions can overcome these emerging issues.We also discuss the pros and cons of using machine learning algorithms for detecting and mitigating these attacks.Finally,we highlighted research issues,gaps,and challenges in developing machine learning-based solutions to secure the SDN controller,to help the research and network community to develop more robust and reliable solutions.展开更多
In this paper, a security protocol for the advanced metering infrastructure (AMI) in smart grid is proposed. Through the AMI, customers and the service provider achieve two-way communication. Real-time monitoring an...In this paper, a security protocol for the advanced metering infrastructure (AMI) in smart grid is proposed. Through the AMI, customers and the service provider achieve two-way communication. Real-time monitoring and demand response can be applied because of the information exchanged. Since the information contains much privacy of the customer, and the control messages need to be authenticated, security needs to be ensured for the communication in the AM1. Due to the complicated network structure of the AMI, the asymmetric communications, and various security requirements, existing security protocols for other networks can hardly be applied into the AMI directly. Therefore, a security protocol specifically for the AMI to meet the security requirements is proposed. Our proposed security protocol includes initial authentication, secure uplink data aggregation, secure downlink data transmission, and domain secrets update. Compared with existing researches in related areas, our proposed security protocol takes the asymmetric communications of the AMI and various security requirements in smart grid into consideration.展开更多
Under the assumption that the wiretapper can get at most r(r < n) independent messages, Cai et al. showed that any rate n multicast code can be modified to another secure network code with transmitting rate n- r by...Under the assumption that the wiretapper can get at most r(r < n) independent messages, Cai et al. showed that any rate n multicast code can be modified to another secure network code with transmitting rate n- r by a properly chosen matrix Q^(-1). They also gave the construction for searching such an n × n nonsingular matrix Q. In this paper, we find that their method implies an efficient construction of Q. That is to say, Q can be taken as a special block lower triangular matrix with diagonal subblocks being the(n- r) ×(n- r)and r × r identity matrices, respectively. Moreover, complexity analysis is made to show the efficiency of the specific construction.展开更多
The growing incidence of cyberattacks necessitates a robust and effective Intrusion Detection Systems(IDS)for enhanced network security.While conventional IDSs can be unsuitable for detecting different and emerging at...The growing incidence of cyberattacks necessitates a robust and effective Intrusion Detection Systems(IDS)for enhanced network security.While conventional IDSs can be unsuitable for detecting different and emerging attacks,there is a demand for better techniques to improve detection reliability.This study introduces a new method,the Deep Adaptive Multi-Layer Attention Network(DAMLAN),to boost the result of intrusion detection on network data.Due to its multi-scale attention mechanisms and graph features,DAMLAN aims to address both known and unknown intrusions.The real-world NSL-KDD dataset,a popular choice among IDS researchers,is used to assess the proposed model.There are 67,343 normal samples and 58,630 intrusion attacks in the training set,12,833 normal samples,and 9711 intrusion attacks in the test set.Thus,the proposed DAMLAN method is more effective than the standard models due to the consideration of patterns by the attention layers.The experimental performance of the proposed model demonstrates that it achieves 99.26%training accuracy and 90.68%testing accuracy,with precision reaching 98.54%on the training set and 96.64%on the testing set.The recall and F1 scores again support the model with training set values of 99.90%and 99.21%and testing set values of 86.65%and 91.37%.These results provide a strong basis for the claims made regarding the model’s potential to identify intrusion attacks and affirm its relatively strong overall performance,irrespective of type.Future work would employ more attempts to extend the scalability and applicability of DAMLAN for real-time use in intrusion detection systems.展开更多
Given the grave local and international network security landscape,a national strategic level analysis indicates that the modernization and advancement within the Industry 4.0 era are closely correlated with overall c...Given the grave local and international network security landscape,a national strategic level analysis indicates that the modernization and advancement within the Industry 4.0 era are closely correlated with overall competitive strength.Consequently,China proposed a strategy for the integration of industrialization and informatization,optimizing and adjusting its industrial structure to swiftly achieve transformation and upgrading in the Industry 4.0 era,thereby enhancing the sophistication of intelligent industrial control systems.The distributed control system in a nuclear power plant functions as an industrial control system,overseeing the operational status of the physical process.Its ability to ensure safe and reliable operation is directly linked to nuclear safety and the cybersecurity of the facility.The management of network security in distributed control systems(DCS)is crucial for achieving this objective.Due to the varying network settings and parameters of the DCS implemented in each nuclear power plant,the network security status of the system sometimes diverges from expectations.During system operation,it will undoubtedly encounter network security issues.Consequently,nuclear power plants utilize the technical criteria outlined in GB/T 22239 to formulate a network security management program aimed at enhancing the operational security of DCS within these facilities.This study utilizes existing network security regulations and standards as a reference to analyze the network security control standards based on the nuclear power plant’s control system.It delineates the fundamental requirements for network security management,facilitating integration with the entire life cycle of the research,development,and application of the nuclear power plant’s distributed control system,thereby establishing a network security management methodology that satisfies the control requirements of the nuclear power plant.Initially,it presents DCS and network security management,outlines current domestic and international network security legislation and standards,and specifies the standards pertinent to the administration of DCS in nuclear power plants.Secondly,the design of network security management for DCS is executed in conjunction with the specific context of nuclear power plants.This encompasses the deployment of network security apparatus,validation of the network security management strategy,and optimization adjustments.Consequently,recommendations beneficial to the network security management of nuclear power plants are compiled,aimed at establishing a management system and incorporating the concept of full life cycle management,which is predicated on system requirements,system design,and both software and hardware considerations.Conversely,it presents the notion of comprehensive life cycle management and suggests network security management strategies encompassing system requirements,system architecture,detailed hardware and software design and implementation,procurement,internal system integration,system validation and acceptance testing,system installation,operational maintenance,system modifications,and decommissioning.We will consistently enhance the performance and functionality of DCS in nuclear power plants,establish a safe and secure operational environment,and thereby facilitate the implementation of DCS in nuclear facilities while ensuring robust network security in the future.展开更多
The 5G-R network is on the verge of entering the construction stage.Given that the dedicated network for railways is closely linked to train operation safety,there are extremely high requirements for network security....The 5G-R network is on the verge of entering the construction stage.Given that the dedicated network for railways is closely linked to train operation safety,there are extremely high requirements for network security.As a result,there is an urgent need to conduct research on 5G-R network security.To comprehensively enhance the end-to-end security protection of the 5G-R network,this study summarized the security requirements of the GSM-R network,analyzed the security risks and requirements faced by the 5G-R network,and proposed an overall 5G-R network security architecture.The security technical schemes were detailed from various aspects:5G-R infrastructure security,terminal access security,networking security,operation and maintenance security,data security,and network boundary security.Additionally,the study proposed leveraging the 5G-R security situation awareness system to achieve a comprehensive upgrade from basic security technologies to endogenous security capabilities within the 5G-R system.展开更多
This study introduces an innovative hybrid approach that integrates deep learning with blockchain technology to improve cybersecurity,focusing on network intrusion detection systems(NIDS).The main goal is to overcome ...This study introduces an innovative hybrid approach that integrates deep learning with blockchain technology to improve cybersecurity,focusing on network intrusion detection systems(NIDS).The main goal is to overcome the shortcomings of conventional intrusion detection techniques by developing amore flexible and robust security architecture.We use seven unique machine learning models to improve detection skills,emphasizing data quality,traceability,and transparency,facilitated by a blockchain layer that safeguards against datamodification and ensures auditability.Our technique employs the Synthetic Minority Oversampling Technique(SMOTE)to equilibrate the dataset,therefore mitigating prevalent class imbalance difficulties in intrusion detection.The model selection procedure determined that Random Forest was the most successful model,with a notable detection accuracy of 97%.This substantially surpasses conventional methods and enhances the system’s capacity to identify both established and novel threats with exceptional accuracy.To optimize feature selection and maximize performance,we use Extreme Gradient Boosting(XGBoost),which improves the significance of chosen features while reducing the danger of overfitting.Our study indicates that the integrated use of machine learning for pattern identification,multi-factor authentication(MFA)for access security,and blockchain for data validation constitutes a thorough and sustainable cybersecurity solution.This architecture not only increases security but also lowers the need for regular human monitoring,significantly cutting energy consumption connected with cybersecurity infrastructure.The research finds that this integrated strategy provides a realistic road for increasing network security,addressing real-world cyber threats,and promoting eco-friendly practices in IT security.展开更多
The rapid growth of Internet of things devices and the emergence of rapidly evolving network threats have made traditional security assessment methods inadequate.Federated learning offers a promising solution to exped...The rapid growth of Internet of things devices and the emergence of rapidly evolving network threats have made traditional security assessment methods inadequate.Federated learning offers a promising solution to expedite the training of security assessment models.However,ensuring the trustworthiness and robustness of federated learning under multi-party collaboration scenarios remains a challenge.To address these issues,this study proposes a shard aggregation network structure and a malicious node detection mechanism,along with improvements to the federated learning training process.First,we extract the data features of the participants by using spectral clustering methods combined with a Gaussian kernel function.Then,we introduce a multi-objective decision-making approach that combines data distribution consistency,consensus communication overhead,and consensus result reliability in order to determine the final network sharing scheme.Finally,by integrating the federated learning aggregation process with the malicious node detection mechanism,we improve the traditional decentralized learning process.Our proposed ShardFed algorithm outperforms conventional classification algorithms and state-of-the-art machine learning methods like FedProx and FedCurv in convergence speed,robustness against data interference,and adaptability across multiple scenarios.Experimental results demonstrate that the proposed approach improves model accuracy by up to 2.33%under non-independent and identically distributed data conditions,maintains higher performance with malicious nodes containing poisoned data ratios of 20%–50%,and significantly enhances model resistance to low-quality data.展开更多
A robust ecological security network(ESN)is essential for ensuring regional ecological security,improving fragile ecological conditions,and promoting sustainable development.Climate change and land use/cover change(LU...A robust ecological security network(ESN)is essential for ensuring regional ecological security,improving fragile ecological conditions,and promoting sustainable development.Climate change and land use/cover change(LUCC)influence the structure and connectivity of the ESN by impacting ecosystem services(ESs).Previous studies primarily focused on the overall effects of LUCC on ESN changes,but they largely overlooked the effects of detailed LUCC transitions.In this study,we evaluated changes in the structure and connectivity of the ESN in the Songnen Plain(SNP),Northeast China,over the past 30 yr(1990s-2020s)using circuit theory and graph theory.We further explored the effects of climate change,LUCC,and detailed LUCC transformations on ESN changes through factorial control experiments.Results revealed a 24.86%decrease in ecological sources and a 27.06%decrease in ecological corridors,accompanied by a decline in ESN connectivity from the 1990s to the 2010s.Conversely,from the 2010s to the 2020s,ecological sources increased by 14.71%and ecological corridors increased by 25.71%due to ecological projects such as returning farmland to wetlands,resulting in an overall increase in ESN connectivity.The changes in ESN structure were primarily attributed to LUCC effects,followed by climate change effects and their interactions.In contrast,the changes in connectivity were significantly affected by climate change,followed by interactive effects and LUCC.Through detailed examination of LUCC transformation effects,we further found that the changes in ESN structure were primarily attributed to wetland loss,followed by deforestation and urban expansion.Meanwhile,the changes in ESN connectivity were mainly due to the effects of wetland loss,urban expansion and deforestation.Notably,the adverse effects of wetland loss partly offset climate change benefits on ESN.Our study offers valuable insights for developing future land management policies and implementing ecological projects,aimed at maintaining a stable ESN and ensuring sustainable human development.展开更多
This paper proposes a model-based control framework for vehicle platooning systems with secondorder nonlinear dynamics operating over switching signed networks,time-varying delays,and deception attacks.The study inclu...This paper proposes a model-based control framework for vehicle platooning systems with secondorder nonlinear dynamics operating over switching signed networks,time-varying delays,and deception attacks.The study includes two configurations:a leaderless structure using Finite-Time Non-Singular Terminal Bipartite Consensus(FNTBC)and Fixed-Time Bipartite Consensus(FXTBC),and a leader—follower structure ensuring structural balance and robustness against deceptive signals.In the leaderless model,a bipartite controller based on impulsive control theory,gauge transformation,and Markovian switching Lyapunov functions ensures mean-square stability and coordination under deception attacks and communication delays.The FNTBC achieves finite-time convergence depending on initial conditions,while the FXTBC guarantees fixed-time convergence independent of them,providing adaptability to different operating states.In the leader—follower case,a discontinuous impulsive control law synchronizes all followers with the leader despite deceptive attacks and switching topologies,maintaining robust coordination through nonlinear corrective mechanisms.To validate the approach,simulations are conducted on systems of five and seventeen vehicles in both leaderless and leader—follower configurations.The results demonstrate that the proposed framework achieves rapid consensus,strong robustness,and high resistance to deception attacks,offering a secure and scalable model-based control solution for modern vehicular communication networks.展开更多
In order to manage all kinds of network security devices and software systems efficiently, and make them collaborate with each other, the model for an open network security management platform is presented. The feasib...In order to manage all kinds of network security devices and software systems efficiently, and make them collaborate with each other, the model for an open network security management platform is presented. The feasibility and key implementing technology of the model are expatiated. A prototype system is implemented to validate it.展开更多
The key exchange is a fundamental building block in the cryptography. Several provable security models for the key exchange protocol are proposed. To determine the exact properties required by the protocols, a single ...The key exchange is a fundamental building block in the cryptography. Several provable security models for the key exchange protocol are proposed. To determine the exact properties required by the protocols, a single unified security model is essential, The eCK , eCK and CK models are examined and the result is proved that the eCK' model is the strongest provable security model for the key exchange. The relative security strength among these models is analyzed. To support the implication or non-implication relations among these models, the formal proofs and the counter-examples are given.展开更多
The increasing interconnection of modern industrial control systems(ICSs)with the Internet has enhanced operational efficiency,but alsomade these systemsmore vulnerable to cyberattacks.This heightened exposure has dri...The increasing interconnection of modern industrial control systems(ICSs)with the Internet has enhanced operational efficiency,but alsomade these systemsmore vulnerable to cyberattacks.This heightened exposure has driven a growing need for robust ICS security measures.Among the key defences,intrusion detection technology is critical in identifying threats to ICS networks.This paper provides an overview of the distinctive characteristics of ICS network security,highlighting standard attack methods.It then examines various intrusion detection methods,including those based on misuse detection,anomaly detection,machine learning,and specialised requirements.This paper concludes by exploring future directions for developing intrusion detection systems to advance research and ensure the continued security and reliability of ICS operations.展开更多
Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHS...Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHSAS is developed for national backbone network,large network operators,large enterprises and other large-scale network.This paper describes its architecture and key technologies:Network Security Oriented Total Factor Information Collection and High-Dimensional Vector Space Analysis,Knowledge Representation and Management of Super Large-Scale Network Security,Multi-Level,Multi-Granularity and Multi-Dimensional Network Security Index Construction Method,Multi-Mode and Multi-Granularity Network Security Situation Prediction Technology,and so on.The performance tests show that YHSAS has high real-time performance and accuracy in security situation analysis and trend prediction.The system meets the demands of analysis and prediction for large-scale network security situation.展开更多
基金supported by the Extral High Voltage Power Transmission Company,China Southern Power Grid Co.,Ltd.
文摘Distributed Denial-of-Service(DDoS)attacks pose severe threats to Industrial Control Networks(ICNs),where service disruption can cause significant economic losses and operational risks.Existing signature-based methods are ineffective against novel attacks,and traditional machine learning models struggle to capture the complex temporal dependencies and dynamic traffic patterns inherent in ICN environments.To address these challenges,this study proposes a deep feature-driven hybrid framework that integrates Transformer,BiLSTM,and KNN to achieve accurate and robust DDoS detection.The Transformer component extracts global temporal dependencies from network traffic flows,while BiLSTM captures fine-grained sequential dynamics.The learned embeddings are then classified using an instance-based KNN layer,enhancing decision boundary precision.This cascaded architecture balances feature abstraction and locality preservation,improving both generalization and robustness.The proposed approach was evaluated on a newly collected real-time ICN traffic dataset and further validated using the public CIC-IDS2017 and Edge-IIoT datasets to demonstrate generalization.Comprehensive metrics including accuracy,precision,recall,F1-score,ROC-AUC,PR-AUC,false positive rate(FPR),and detection latency were employed.Results show that the hybrid framework achieves 98.42%accuracy with an ROC-AUC of 0.992 and FPR below 1%,outperforming baseline machine learning and deep learning models.Robustness experiments under Gaussian noise perturbations confirmed stable performance with less than 2%accuracy degradation.Moreover,detection latency remained below 2.1 ms per sample,indicating suitability for real-time ICS deployment.In summary,the proposed hybrid temporal learning and instance-based classification model offers a scalable and effective solution for DDoS detection in industrial control environments.By combining global contextual modeling,sequential learning,and instance-based refinement,the framework demonstrates strong adaptability across datasets and resilience against noise,providing practical utility for safeguarding critical infrastructure.
文摘Distributed Denial of Service(DDoS)attacks are one of the severe threats to network infrastructure,sometimes bypassing traditional diagnosis algorithms because of their evolving complexity.PresentMachine Learning(ML)techniques for DDoS attack diagnosis normally apply network traffic statistical features such as packet sizes and inter-arrival times.However,such techniques sometimes fail to capture complicated relations among various traffic flows.In this paper,we present a new multi-scale ensemble strategy given the Graph Neural Networks(GNNs)for improving DDoS detection.Our technique divides traffic into macro-and micro-level elements,letting various GNN models to get the two corase-scale anomalies and subtle,stealthy attack models.Through modeling network traffic as graph-structured data,GNNs efficiently learn intricate relations among network entities.The proposed ensemble learning algorithm combines the results of several GNNs to improve generalization,robustness,and scalability.Extensive experiments on three benchmark datasets—UNSW-NB15,CICIDS2017,and CICDDoS2019—show that our approach outperforms traditional machine learning and deep learning models in detecting both high-rate and low-rate(stealthy)DDoS attacks,with significant improvements in accuracy and recall.These findings demonstrate the suggested method’s applicability and robustness for real-world implementation in contexts where several DDoS patterns coexist.
基金supported by the National Research Foundation(NRF),Republic of Korea,under project BK21 FOUR(4299990213939).
文摘The increased connectivity and reliance on digital technologies have exposed smart transportation systems to various cyber threats,making intrusion detection a critical aspect of ensuring their secure operation.Traditional intrusion detection systems have limitations in terms of centralized architecture,lack of transparency,and vulnerability to single points of failure.This is where the integration of blockchain technology with signature-based intrusion detection can provide a robust and decentralized solution for securing smart transportation systems.This study tackles the issue of database manipulation attacks in smart transportation networks by proposing a signaturebased intrusion detection system.The introduced signature facilitates accurate detection and systematic classification of attacks,enabling categorization according to their severity levels within the transportation infrastructure.Through comparative analysis,the research demonstrates that the blockchain-based IDS outperforms traditional approaches in terms of security,resilience,and data integrity.
文摘The advent of quantum computing poses a significant challenge to traditional cryptographic protocols,particularly those used in SecureMultiparty Computation(MPC),a fundamental cryptographic primitive for privacypreserving computation.Classical MPC relies on cryptographic techniques such as homomorphic encryption,secret sharing,and oblivious transfer,which may become vulnerable in the post-quantum era due to the computational power of quantum adversaries.This study presents a review of 140 peer-reviewed articles published between 2000 and 2025 that used different databases like MDPI,IEEE Explore,Springer,and Elsevier,examining the applications,types,and security issues with the solution of Quantum computing in different fields.This review explores the impact of quantum computing on MPC security,assesses emerging quantum-resistant MPC protocols,and examines hybrid classicalquantum approaches aimed at mitigating quantum threats.We analyze the role of Quantum Key Distribution(QKD),post-quantum cryptography(PQC),and quantum homomorphic encryption in securing multiparty computations.Additionally,we discuss the challenges of scalability,computational efficiency,and practical deployment of quantumsecure MPC frameworks in real-world applications such as privacy-preserving AI,secure blockchain transactions,and confidential data analysis.This review provides insights into the future research directions and open challenges in ensuring secure,scalable,and quantum-resistant multiparty computation.
基金supported by the Research year project of the KongjuNational University in 2025 and the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.RS-2024-00444170,Research and International Collaboration on Trust Model-Based Intelligent Incident Response Technologies in 6G Open Network Environment).
文摘With the growing complexity and decentralization of network systems,the attack surface has expanded,which has led to greater concerns over network threats.In this context,artificial intelligence(AI)-based network intrusion detection systems(NIDS)have been extensively studied,and recent efforts have shifted toward integrating distributed learning to enable intelligent and scalable detection mechanisms.However,most existing works focus on individual distributed learning frameworks,and there is a lack of systematic evaluations that compare different algorithms under consistent conditions.In this paper,we present a comprehensive evaluation of representative distributed learning frameworks—Federated Learning(FL),Split Learning(SL),hybrid collaborative learning(SFL),and fully distributed learning—in the context of AI-driven NIDS.Using recent benchmark intrusion detection datasets,a unified model backbone,and controlled distributed scenarios,we assess these frameworks across multiple criteria,including detection performance,communication cost,computational efficiency,and convergence behavior.Our findings highlight distinct trade-offs among the distributed learning frameworks,demonstrating that the optimal choice depends strongly on systemconstraints such as bandwidth availability,node resources,and data distribution.This work provides the first holistic analysis of distributed learning approaches for AI-driven NIDS and offers practical guidelines for designing secure and efficient intrusion detection systems in decentralized environments.
基金ACKNOWLEDGEMENT This work was partially supported by the National Basic Research Program of China under Grant No. 2012CB315905 the National Natural Sci- ence Foundation of China under Grants No. 61272501, No. 61173154, No. 61370190 and the Beijing Natural Science Foundation under Grant No. 4132056.
文摘To provide a high-security guaran- tee to network coding and lower the comput- ing complexity induced by signature scheme, we take full advantage of homomorphic prop- erty to build lattice signature schemes and sec- ure network coding algorithms. Firstly, by means of the distance between the message and its sig- nature in a lattice, we propose a Distance-bas- ed Secure Network Coding (DSNC) algorithm and stipulate its security to a new hard problem Fixed Length Vector Problem (FLVP), which is harder than Shortest Vector Problem (SVP) on lattices. Secondly, considering the bound- ary on the distance between the message and its signature, we further propose an efficient Bo- undary-based Secure Network Coding (BSNC) algorithm to reduce the computing complexity induced by square calculation in DSNC. Sim- ulation results and security analysis show that the proposed signature schemes have stronger unforgeability due to the natural property of lattices than traditional Rivest-Shamir-Adleman (RSA)-based signature scheme. DSNC algo- rithm is more secure and BSNC algorithm greatly reduces the time cost on computation.
文摘Over the past few years,rapid advancements in the internet and communication technologies have led to increasingly intricate and diverse networking systems.As a result,greater intelligence is necessary to effectively manage,optimize,and maintain these systems.Due to their distributed nature,machine learning models are challenging to deploy in traditional networks.However,Software-Defined Networking(SDN)presents an opportunity to integrate intelligence into networks by offering a programmable architecture that separates data and control planes.SDN provides a centralized network view and allows for dynamic updates of flow rules and softwarebased traffic analysis.While the programmable nature of SDN makes it easier to deploy machine learning techniques,the centralized control logic also makes it vulnerable to cyberattacks.To address these issues,recent research has focused on developing powerful machine-learning methods for detecting and mitigating attacks in SDN environments.This paper highlighted the countermeasures for cyberattacks on SDN and how current machine learningbased solutions can overcome these emerging issues.We also discuss the pros and cons of using machine learning algorithms for detecting and mitigating these attacks.Finally,we highlighted research issues,gaps,and challenges in developing machine learning-based solutions to secure the SDN controller,to help the research and network community to develop more robust and reliable solutions.
基金supported by the National Science Fourdation under Grant No.CNS-1423408
文摘In this paper, a security protocol for the advanced metering infrastructure (AMI) in smart grid is proposed. Through the AMI, customers and the service provider achieve two-way communication. Real-time monitoring and demand response can be applied because of the information exchanged. Since the information contains much privacy of the customer, and the control messages need to be authenticated, security needs to be ensured for the communication in the AM1. Due to the complicated network structure of the AMI, the asymmetric communications, and various security requirements, existing security protocols for other networks can hardly be applied into the AMI directly. Therefore, a security protocol specifically for the AMI to meet the security requirements is proposed. Our proposed security protocol includes initial authentication, secure uplink data aggregation, secure downlink data transmission, and domain secrets update. Compared with existing researches in related areas, our proposed security protocol takes the asymmetric communications of the AMI and various security requirements in smart grid into consideration.
基金Supported by the National Natural Science Foundation of China(61201253)
文摘Under the assumption that the wiretapper can get at most r(r < n) independent messages, Cai et al. showed that any rate n multicast code can be modified to another secure network code with transmitting rate n- r by a properly chosen matrix Q^(-1). They also gave the construction for searching such an n × n nonsingular matrix Q. In this paper, we find that their method implies an efficient construction of Q. That is to say, Q can be taken as a special block lower triangular matrix with diagonal subblocks being the(n- r) ×(n- r)and r × r identity matrices, respectively. Moreover, complexity analysis is made to show the efficiency of the specific construction.
基金Nourah bint Abdulrahman University for funding this project through the Researchers Supporting Project(PNURSP2025R319)Riyadh,Saudi Arabia and Prince Sultan University for covering the article processing charges(APC)associated with this publication.Special acknowledgement to Automated Systems&Soft Computing Lab(ASSCL),Prince Sultan University,Riyadh,Saudi Arabia.
文摘The growing incidence of cyberattacks necessitates a robust and effective Intrusion Detection Systems(IDS)for enhanced network security.While conventional IDSs can be unsuitable for detecting different and emerging attacks,there is a demand for better techniques to improve detection reliability.This study introduces a new method,the Deep Adaptive Multi-Layer Attention Network(DAMLAN),to boost the result of intrusion detection on network data.Due to its multi-scale attention mechanisms and graph features,DAMLAN aims to address both known and unknown intrusions.The real-world NSL-KDD dataset,a popular choice among IDS researchers,is used to assess the proposed model.There are 67,343 normal samples and 58,630 intrusion attacks in the training set,12,833 normal samples,and 9711 intrusion attacks in the test set.Thus,the proposed DAMLAN method is more effective than the standard models due to the consideration of patterns by the attention layers.The experimental performance of the proposed model demonstrates that it achieves 99.26%training accuracy and 90.68%testing accuracy,with precision reaching 98.54%on the training set and 96.64%on the testing set.The recall and F1 scores again support the model with training set values of 99.90%and 99.21%and testing set values of 86.65%and 91.37%.These results provide a strong basis for the claims made regarding the model’s potential to identify intrusion attacks and affirm its relatively strong overall performance,irrespective of type.Future work would employ more attempts to extend the scalability and applicability of DAMLAN for real-time use in intrusion detection systems.
文摘Given the grave local and international network security landscape,a national strategic level analysis indicates that the modernization and advancement within the Industry 4.0 era are closely correlated with overall competitive strength.Consequently,China proposed a strategy for the integration of industrialization and informatization,optimizing and adjusting its industrial structure to swiftly achieve transformation and upgrading in the Industry 4.0 era,thereby enhancing the sophistication of intelligent industrial control systems.The distributed control system in a nuclear power plant functions as an industrial control system,overseeing the operational status of the physical process.Its ability to ensure safe and reliable operation is directly linked to nuclear safety and the cybersecurity of the facility.The management of network security in distributed control systems(DCS)is crucial for achieving this objective.Due to the varying network settings and parameters of the DCS implemented in each nuclear power plant,the network security status of the system sometimes diverges from expectations.During system operation,it will undoubtedly encounter network security issues.Consequently,nuclear power plants utilize the technical criteria outlined in GB/T 22239 to formulate a network security management program aimed at enhancing the operational security of DCS within these facilities.This study utilizes existing network security regulations and standards as a reference to analyze the network security control standards based on the nuclear power plant’s control system.It delineates the fundamental requirements for network security management,facilitating integration with the entire life cycle of the research,development,and application of the nuclear power plant’s distributed control system,thereby establishing a network security management methodology that satisfies the control requirements of the nuclear power plant.Initially,it presents DCS and network security management,outlines current domestic and international network security legislation and standards,and specifies the standards pertinent to the administration of DCS in nuclear power plants.Secondly,the design of network security management for DCS is executed in conjunction with the specific context of nuclear power plants.This encompasses the deployment of network security apparatus,validation of the network security management strategy,and optimization adjustments.Consequently,recommendations beneficial to the network security management of nuclear power plants are compiled,aimed at establishing a management system and incorporating the concept of full life cycle management,which is predicated on system requirements,system design,and both software and hardware considerations.Conversely,it presents the notion of comprehensive life cycle management and suggests network security management strategies encompassing system requirements,system architecture,detailed hardware and software design and implementation,procurement,internal system integration,system validation and acceptance testing,system installation,operational maintenance,system modifications,and decommissioning.We will consistently enhance the performance and functionality of DCS in nuclear power plants,establish a safe and secure operational environment,and thereby facilitate the implementation of DCS in nuclear facilities while ensuring robust network security in the future.
文摘The 5G-R network is on the verge of entering the construction stage.Given that the dedicated network for railways is closely linked to train operation safety,there are extremely high requirements for network security.As a result,there is an urgent need to conduct research on 5G-R network security.To comprehensively enhance the end-to-end security protection of the 5G-R network,this study summarized the security requirements of the GSM-R network,analyzed the security risks and requirements faced by the 5G-R network,and proposed an overall 5G-R network security architecture.The security technical schemes were detailed from various aspects:5G-R infrastructure security,terminal access security,networking security,operation and maintenance security,data security,and network boundary security.Additionally,the study proposed leveraging the 5G-R security situation awareness system to achieve a comprehensive upgrade from basic security technologies to endogenous security capabilities within the 5G-R system.
文摘This study introduces an innovative hybrid approach that integrates deep learning with blockchain technology to improve cybersecurity,focusing on network intrusion detection systems(NIDS).The main goal is to overcome the shortcomings of conventional intrusion detection techniques by developing amore flexible and robust security architecture.We use seven unique machine learning models to improve detection skills,emphasizing data quality,traceability,and transparency,facilitated by a blockchain layer that safeguards against datamodification and ensures auditability.Our technique employs the Synthetic Minority Oversampling Technique(SMOTE)to equilibrate the dataset,therefore mitigating prevalent class imbalance difficulties in intrusion detection.The model selection procedure determined that Random Forest was the most successful model,with a notable detection accuracy of 97%.This substantially surpasses conventional methods and enhances the system’s capacity to identify both established and novel threats with exceptional accuracy.To optimize feature selection and maximize performance,we use Extreme Gradient Boosting(XGBoost),which improves the significance of chosen features while reducing the danger of overfitting.Our study indicates that the integrated use of machine learning for pattern identification,multi-factor authentication(MFA)for access security,and blockchain for data validation constitutes a thorough and sustainable cybersecurity solution.This architecture not only increases security but also lowers the need for regular human monitoring,significantly cutting energy consumption connected with cybersecurity infrastructure.The research finds that this integrated strategy provides a realistic road for increasing network security,addressing real-world cyber threats,and promoting eco-friendly practices in IT security.
基金supported by State Grid Hebei Electric Power Co.,Ltd.Science and Technology Project,Research on Security Protection of Power Services Carried by 4G/5G Networks(Grant No.KJ2024-127).
文摘The rapid growth of Internet of things devices and the emergence of rapidly evolving network threats have made traditional security assessment methods inadequate.Federated learning offers a promising solution to expedite the training of security assessment models.However,ensuring the trustworthiness and robustness of federated learning under multi-party collaboration scenarios remains a challenge.To address these issues,this study proposes a shard aggregation network structure and a malicious node detection mechanism,along with improvements to the federated learning training process.First,we extract the data features of the participants by using spectral clustering methods combined with a Gaussian kernel function.Then,we introduce a multi-objective decision-making approach that combines data distribution consistency,consensus communication overhead,and consensus result reliability in order to determine the final network sharing scheme.Finally,by integrating the federated learning aggregation process with the malicious node detection mechanism,we improve the traditional decentralized learning process.Our proposed ShardFed algorithm outperforms conventional classification algorithms and state-of-the-art machine learning methods like FedProx and FedCurv in convergence speed,robustness against data interference,and adaptability across multiple scenarios.Experimental results demonstrate that the proposed approach improves model accuracy by up to 2.33%under non-independent and identically distributed data conditions,maintains higher performance with malicious nodes containing poisoned data ratios of 20%–50%,and significantly enhances model resistance to low-quality data.
基金Under the auspices of National Key Research and Development Program of China(No.2022YFF1300904)the National Natural Science Foundation of China(No.42271119,42371075,42471127)+1 种基金Youth Innovation Promotion Association,Chinese Academy of Sciences(No.2023238)Jilin Province Science and Technology Development Plan Project(No.20230203001SF)。
文摘A robust ecological security network(ESN)is essential for ensuring regional ecological security,improving fragile ecological conditions,and promoting sustainable development.Climate change and land use/cover change(LUCC)influence the structure and connectivity of the ESN by impacting ecosystem services(ESs).Previous studies primarily focused on the overall effects of LUCC on ESN changes,but they largely overlooked the effects of detailed LUCC transitions.In this study,we evaluated changes in the structure and connectivity of the ESN in the Songnen Plain(SNP),Northeast China,over the past 30 yr(1990s-2020s)using circuit theory and graph theory.We further explored the effects of climate change,LUCC,and detailed LUCC transformations on ESN changes through factorial control experiments.Results revealed a 24.86%decrease in ecological sources and a 27.06%decrease in ecological corridors,accompanied by a decline in ESN connectivity from the 1990s to the 2010s.Conversely,from the 2010s to the 2020s,ecological sources increased by 14.71%and ecological corridors increased by 25.71%due to ecological projects such as returning farmland to wetlands,resulting in an overall increase in ESN connectivity.The changes in ESN structure were primarily attributed to LUCC effects,followed by climate change effects and their interactions.In contrast,the changes in connectivity were significantly affected by climate change,followed by interactive effects and LUCC.Through detailed examination of LUCC transformation effects,we further found that the changes in ESN structure were primarily attributed to wetland loss,followed by deforestation and urban expansion.Meanwhile,the changes in ESN connectivity were mainly due to the effects of wetland loss,urban expansion and deforestation.Notably,the adverse effects of wetland loss partly offset climate change benefits on ESN.Our study offers valuable insights for developing future land management policies and implementing ecological projects,aimed at maintaining a stable ESN and ensuring sustainable human development.
基金Deanship of Research and Graduate Studies at King Khalid University for funding this work through Large Research Project under grant number RGP.2/103/46”Deanship of Scientific Research at Northern Border University,Arar,Saudi Arabia for funding this research work through project number“NBU-FFR-2025-871-15”funding from Prince Sattam bin Abdulaziz University project number(PSAU/2025/R/1447).
文摘This paper proposes a model-based control framework for vehicle platooning systems with secondorder nonlinear dynamics operating over switching signed networks,time-varying delays,and deception attacks.The study includes two configurations:a leaderless structure using Finite-Time Non-Singular Terminal Bipartite Consensus(FNTBC)and Fixed-Time Bipartite Consensus(FXTBC),and a leader—follower structure ensuring structural balance and robustness against deceptive signals.In the leaderless model,a bipartite controller based on impulsive control theory,gauge transformation,and Markovian switching Lyapunov functions ensures mean-square stability and coordination under deception attacks and communication delays.The FNTBC achieves finite-time convergence depending on initial conditions,while the FXTBC guarantees fixed-time convergence independent of them,providing adaptability to different operating states.In the leader—follower case,a discontinuous impulsive control law synchronizes all followers with the leader despite deceptive attacks and switching topologies,maintaining robust coordination through nonlinear corrective mechanisms.To validate the approach,simulations are conducted on systems of five and seventeen vehicles in both leaderless and leader—follower configurations.The results demonstrate that the proposed framework achieves rapid consensus,strong robustness,and high resistance to deception attacks,offering a secure and scalable model-based control solution for modern vehicular communication networks.
文摘In order to manage all kinds of network security devices and software systems efficiently, and make them collaborate with each other, the model for an open network security management platform is presented. The feasibility and key implementing technology of the model are expatiated. A prototype system is implemented to validate it.
基金Supported by the National High Technology Research and Development Program of China("863"Program)(2006AA706103)~~
文摘The key exchange is a fundamental building block in the cryptography. Several provable security models for the key exchange protocol are proposed. To determine the exact properties required by the protocols, a single unified security model is essential, The eCK , eCK and CK models are examined and the result is proved that the eCK' model is the strongest provable security model for the key exchange. The relative security strength among these models is analyzed. To support the implication or non-implication relations among these models, the formal proofs and the counter-examples are given.
文摘The increasing interconnection of modern industrial control systems(ICSs)with the Internet has enhanced operational efficiency,but alsomade these systemsmore vulnerable to cyberattacks.This heightened exposure has driven a growing need for robust ICS security measures.Among the key defences,intrusion detection technology is critical in identifying threats to ICS networks.This paper provides an overview of the distinctive characteristics of ICS network security,highlighting standard attack methods.It then examines various intrusion detection methods,including those based on misuse detection,anomaly detection,machine learning,and specialised requirements.This paper concludes by exploring future directions for developing intrusion detection systems to advance research and ensure the continued security and reliability of ICS operations.
基金This work is funded by the National Natural Science Foundation of China under Grant U1636215the National key research and development plan under Grant Nos.2018YFB0803504,2016YFB0800303.
文摘Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHSAS is developed for national backbone network,large network operators,large enterprises and other large-scale network.This paper describes its architecture and key technologies:Network Security Oriented Total Factor Information Collection and High-Dimensional Vector Space Analysis,Knowledge Representation and Management of Super Large-Scale Network Security,Multi-Level,Multi-Granularity and Multi-Dimensional Network Security Index Construction Method,Multi-Mode and Multi-Granularity Network Security Situation Prediction Technology,and so on.The performance tests show that YHSAS has high real-time performance and accuracy in security situation analysis and trend prediction.The system meets the demands of analysis and prediction for large-scale network security situation.
