The rapid advancement of IT technology has enabled the quick discovery,sharing and collection of quality information,but has also increased cyberattacks at a fast pace at the same time.There exists no means to block t...The rapid advancement of IT technology has enabled the quick discovery,sharing and collection of quality information,but has also increased cyberattacks at a fast pace at the same time.There exists no means to block these cyberattacks completely,and all security policies need to consider the possibility of external attacks.Therefore,it is crucial to reduce external attacks through preventative measures.In general,since routers located in the upper part of a firewall can hardly be protected by security systems,they are exposed to numerous unblocked cyberattacks.Routers block unnecessary services and accept necessary ones while taking appropriate measures to reduce vulnerability,block unauthorized access,and generate relevant logs.Most logs created through unauthorized access are caused by SSH brute-force attacks,and therefore IP data of the attack can be collected through the logs.This paper proposes a model to detect SSH brute-force attacks through their logs,collect their IP address,and control access from that IP address.In this paper,we present a model that extracts and fragments the specific data required from the packets of collected routers in order to detect indiscriminate SSH input attacks.To do so,the model multiplies a user’s access records in each packet by weights and adds them to the blacklist according to a final calculated result value.In addition,the model can specify the internal IP of an attack attempt and defend against the first 29 destination IP addresses attempting the attack.展开更多
This paper presents a computationally efficient real-time trajectory planning framework for typical unmanned combat aerial vehicle (UCAV) performing autonomous air-to-surface (A/S) attack. It combines the benefits...This paper presents a computationally efficient real-time trajectory planning framework for typical unmanned combat aerial vehicle (UCAV) performing autonomous air-to-surface (A/S) attack. It combines the benefits of inverse dynamics optimization method and receding horizon optimal control technique. Firstly, the ground attack trajectory planning problem is mathematically formulated as a receding horizon optimal control problem (RHC-OCP). In particular, an approximate elliptic launch acceptable region (LAR) model is proposed to model the critical weapon delivery constraints. Secondly, a planning algorithm based on inverse dynamics optimization, which has high computational efficiency and good convergence properties, is developed to solve the RHCOCP in real-time. Thirdly, in order to improve robustness and adaptivity in a dynamic and uncer- tain environment, a two-degree-of-freedom (2-DOF) receding horizon control architecture is introduced and a regular real-time update strategy is proposed as well, and the real-time feedback can be achieved and the not-converged situations can be handled. Finally, numerical simulations demon- strate the efficiency of this framework, and the results also show that the presented technique is well suited for real-time implementation in dynamic and uncertain environment.展开更多
This paper provides a calculating method which can be used in calculation of the kill probability attack area for every AAM. At first, attack area of AAM and kill probability of every characteristic point are obtained...This paper provides a calculating method which can be used in calculation of the kill probability attack area for every AAM. At first, attack area of AAM and kill probability of every characteristic point are obtained by combining trajectory calculation with kill probability calculation. Then, coordinates of a fire point relative to standard kill probability value in terms of standardization method are found. At last, equivalent kill probability curve equations are formulated by means of curve fitting method.展开更多
To improve the attack detection capability of content centric network(CCN),we propose a detection method of interest flooding attack(IFA)making use of the feature of self-similarity of traffic and the information entr...To improve the attack detection capability of content centric network(CCN),we propose a detection method of interest flooding attack(IFA)making use of the feature of self-similarity of traffic and the information entropy of content name of interest packet.On the one hand,taking advantage of the characteristics of self-similarity is very sensitive to traffic changes,calculating the Hurst index of the traffic,to identify initial IFA attacks.On the other hand,according to the randomness of user requests,calculating the information entropy of content name of the interest packets,to detect the severity of the IFA attack,is.Finally,based on the above two aspects,we use the bilateral detection method based on non-parametric CUSUM algorithm to judge the possible attack behavior in CCN.The experimental results show that flooding attack detection method proposed for CCN can not only detect the attack behavior at the early stage of attack in CCN,but also is more accurate and effective than other methods.展开更多
Cloud computing(CC)is an advanced technology that provides access to predictive resources and data sharing.The cloud environment represents the right type regarding cloud usage model ownership,size,and rights to acces...Cloud computing(CC)is an advanced technology that provides access to predictive resources and data sharing.The cloud environment represents the right type regarding cloud usage model ownership,size,and rights to access.It introduces the scope and nature of cloud computing.In recent times,all processes are fed into the system for which consumer data and cache size are required.One of the most security issues in the cloud environment is Distributed Denial of Ser-vice(DDoS)attacks,responsible for cloud server overloading.This proposed sys-tem ID3(Iterative Dichotomiser 3)Maximum Multifactor Dimensionality Posteriori Method(ID3-MMDP)is used to overcome the drawback and a rela-tively simple way to execute and for the detection of(DDoS)attack.First,the pro-posed ID3-MMDP method calls for the resources of the cloud platform and then implements the attack detection technology based on information entropy to detect DDoS attacks.Since because the entropy value can show the discrete or aggregated characteristics of the current data set,it can be used for the detection of abnormal dataflow,User-uploaded data,ID3-MMDP system checks and read risk measurement and processing,bug ratingfile size changes,orfile name changes and changes in the format design of the data size entropy value.Unique properties can be used whenever the program approaches any data error to detect abnormal data services.Finally,the experiment also verifies the DDoS attack detection capability algorithm.展开更多
This paper considers the problem of generating a flight trajectory for a single fixed-wing unmanned combat aerial vehicle (UCAV) performing an air-to-surface multi-target attack (A/SMTA) mission using satellite-gu...This paper considers the problem of generating a flight trajectory for a single fixed-wing unmanned combat aerial vehicle (UCAV) performing an air-to-surface multi-target attack (A/SMTA) mission using satellite-guided bombs. First, this problem is formulated as a variant of the traveling salesman problem (TSP), called the dynamic-constrained TSP with neighborhoods (DCT- SPN). Then, a hierarchical hybrid approach, which partitions the planning algorithm into a roadmap planning layer and an optimal control layer, is proposed to solve the DCTSPN. In the roadmap planning layer, a novel algorithm based on an updatable proba- bilistic roadmap (PRM) is presented, which operates by randomly sampling a finite set of vehicle states from continuous state space in order to reduce the complicated trajectory planning problem to planning on a finite directed graph. In the optimal control layer, a collision-free state-to-state trajectory planner based on the Gauss pseudospectral method is developed, which can generate both dynamically feasible and optimal flight trajectories. The entire process of solving a DCTSPN consists of two phases. First, in the offline preprocessing phase, the algorithm constructs a PRM, and then converts the original problem into a standard asymmet- ric TSP (ATSP). Second, in the online querying phase, the costs of directed edges in PRM are updated first, and a fast heuristic searching algorithm is then used to solve the ATSP. Numerical experiments indicate that the algorithm proposed in this paper can generate both feasible and near-optimal solutions quickly for online purposes.展开更多
Underground mine fire always exists since the mining activity was practiced.It poses a severe safety hazard to the mine workers and may also cause a tremendous economic loss to the mines.Methods for controlling and ex...Underground mine fire always exists since the mining activity was practiced.It poses a severe safety hazard to the mine workers and may also cause a tremendous economic loss to the mines.Methods for controlling and extinguishing fires in underground mine have long been studied and there have been significant improvements.In order to know clearly about the firefighting technology used,this paper summarizes most of the underground mine firefighting methods used in the United States the past 150 years.This paper describes not only the accepted firefighting theories,but also the technologies,both direct and indirect attacking,in accordance to regulations or codes,with special attention is given to the indirect attack method and its related technologies.Further research needed is also briefly discussed at the end of this paper.展开更多
Federated Learning(FL),a burgeoning technology,has received increasing attention due to its privacy protection capability.However,the base algorithm FedAvg is vulnerable when it suffers from so-called backdoor attacks...Federated Learning(FL),a burgeoning technology,has received increasing attention due to its privacy protection capability.However,the base algorithm FedAvg is vulnerable when it suffers from so-called backdoor attacks.Former researchers proposed several robust aggregation methods.Unfortunately,due to the hidden characteristic of backdoor attacks,many of these aggregation methods are unable to defend against backdoor attacks.What's more,the attackers recently have proposed some hiding methods that further improve backdoor attacks'stealthiness,making all the existing robust aggregation methods fail.To tackle the threat of backdoor attacks,we propose a new aggregation method,X-raying Models with A Matrix(XMAM),to reveal the malicious local model updates submitted by the backdoor attackers.Since we observe that the output of the Softmax layer exhibits distinguishable patterns between malicious and benign updates,unlike the existing aggregation algorithms,we focus on the Softmax layer's output in which the backdoor attackers are difficult to hide their malicious behavior.Specifically,like medical X-ray examinations,we investigate the collected local model updates by using a matrix as an input to get their Softmax layer's outputs.Then,we preclude updates whose outputs are abnormal by clustering.Without any training dataset in the server,the extensive evaluations show that our XMAM can effectively distinguish malicious local model updates from benign ones.For instance,when other methods fail to defend against the backdoor attacks at no more than 20%malicious clients,our method can tolerate 45%malicious clients in the black-box mode and about 30%in Projected Gradient Descent(PGD)mode.Besides,under adaptive attacks,the results demonstrate that XMAM can still complete the global model training task even when there are 40%malicious clients.Finally,we analyze our method's screening complexity and compare the real screening time with other methods.The results show that XMAM is about 10–10000 times faster than the existing methods.展开更多
This paper analyzes the influence of the global positionong system(GPS)spoofing attack(GSA)on phasor measurement units(PMU)measurements.We propose a detection method based on improved Capsule Neural Network(CapsNet)to...This paper analyzes the influence of the global positionong system(GPS)spoofing attack(GSA)on phasor measurement units(PMU)measurements.We propose a detection method based on improved Capsule Neural Network(CapsNet)to handle this attack.In the improved CapsNet,the gated recurrent unit(GRU)is added to the front of the full connection layer of the CapsNet.The improved CapsNet trains and updates the network parameters according to the historical measurements of the smart grid.The detection method uses different structures to extract the temporal and spatial features of the measurements simultaneously,which can accurately distinguish the attacked data from the normal data,to improve the detection accuracy.Finally,simulation experiments are carried out on IEEE 14-,IEEE 118-bus systems.The experimental results show that compared with other detection methods,our method is proved to be more efficient.展开更多
Three kinds of vulnerabilities that may exist in some of current virtualization-based security monitoring systems were proposed: page mapping problem,lack of overall protection,and inherent limitations. Aiming at the...Three kinds of vulnerabilities that may exist in some of current virtualization-based security monitoring systems were proposed: page mapping problem,lack of overall protection,and inherent limitations. Aiming at these vulnerabilities,relative attack methods were presented in detail. Our experiments show that the attack methods,such as page mapping attack,data attack,and non-behavior detection attack,can attack simulated or original security monitors successfully. Defenders,who need to effectively strengthen their security monitors,can get an inspiration from these attack methods and find some appropriate solutions.展开更多
A numerical investigation of the structure of the vortical flowfield over delta wings at high angles of attack in longitudinal and with small sideslip angle is presented. Three-dimensional Navier-Stokes numerical simu...A numerical investigation of the structure of the vortical flowfield over delta wings at high angles of attack in longitudinal and with small sideslip angle is presented. Three-dimensional Navier-Stokes numerical simulations were carried out to predict the complex leeward-side flowfield characteristics that are dominated by the effect of the breakdown of the leading-edge vortices. The methods that analyze the flowfield structure quantitatively were given by using flowfield data from the computational results. In the region before the vortex breakdown, the vortex axes are approximated as being straight line. As the angle of attack increases, the vortex axes are closer to the root chord, and farther away from the wing surface. Along the vortex axes, as the adverse pressure gradients occur, the axial velocity decreases, that is, A is negativee, so the vortex is unstable, and it is possible to breakdown. The occurrence of the breakdown results in the instability of lateral motion for a delta wing, and the lateral moment diverges after a small perturbation occurs at high angles of attack. However, after a critical angle of attack is reached the vortices breakdown completely at the wing apex, and the instability resulting from the vortex breakdown disappears.展开更多
In Industrial Control Systems (ICS), security issues are getting more and more attention. The number of hacking attacks per year is endless, and the attacks on industrial control systems are numerous. Programmable Log...In Industrial Control Systems (ICS), security issues are getting more and more attention. The number of hacking attacks per year is endless, and the attacks on industrial control systems are numerous. Programmable Logic Controller (PLC) is one of the main controllers of industrial processes. Since the industrial control system network is isolated from the external network, many people think that PLC is a safety device. However, virus attacks in recent years, such as Stuxnet, have confirmed the erroneousness of this idea. In this paper, we use the vulnerability of Siemens PLC to carry out a series of attacks, such as S7-200, S7-300, S7-400, S7-1200 and so on. We read the data from the PLC output and then rewrite the data and write it to the PLC. We tamper with the writing of data to achieve communication chaos. When we attack the primary station, all slave devices connected to the primary station will be in a state of communication confusion. The attack methods of us can cause delay or even loss of data in the communications from the Phasor Data Concentrator (PMU) to the data concentrator. The most important thing is that our attack method generates small traffic and short attack time, which is difficult to be identified by traditional detection methods.展开更多
This article discusses improvements in a puzzle authentication method that adopts the interface of the Puzzle and Dragons game [1] and is tolerant against video-recording attacks. A problem that the conventional puzzl...This article discusses improvements in a puzzle authentication method that adopts the interface of the Puzzle and Dragons game [1] and is tolerant against video-recording attacks. A problem that the conventional puzzle authentication methods face is that they are time consuming and have low success rate in authentication. We evaluated improvements of the interface to verify the usability of the improved system. The results suggested that the usability in terms of operation time and authentication success rate attained a level that was comparable with other leading methods in the field.展开更多
Based on the structure of the side channel attacks (SCAs) to RSA cryptosystem can resist the fault attack and combine with the randomization method for the message and secret exponent, a new implementation scheme of...Based on the structure of the side channel attacks (SCAs) to RSA cryptosystem can resist the fault attack and combine with the randomization method for the message and secret exponent, a new implementation scheme of CRT-based (the Chinese remained theorem) RSA is proposed. The proposed scheme can prevent simple power analysis (SPA), differential power analysis (DPA) and time attack, and is compatible with the existing RSA-CRT cryptosystem as well. In addition, an improvement for resisting fault attack is proposed, which can reduce extra computation time.展开更多
Recently,machine learning algorithms have been used in the detection and classification of network attacks.The performance of the algorithms has been evaluated by using benchmark network intrusion datasets such as DAR...Recently,machine learning algorithms have been used in the detection and classification of network attacks.The performance of the algorithms has been evaluated by using benchmark network intrusion datasets such as DARPA98,KDD’99,NSL-KDD,UNSW-NB15,and Caida DDoS.However,these datasets have two major challenges:imbalanced data and highdimensional data.Obtaining high accuracy for all attack types in the dataset allows for high accuracy in imbalanced datasets.On the other hand,having a large number of features increases the runtime load on the algorithms.A novel model is proposed in this paper to overcome these two concerns.The number of features in the model,which has been tested at CICIDS2017,is initially optimized by using genetic algorithms.This optimum feature set has been used to classify network attacks with six well-known classifiers according to high f1-score and g-mean value in minimumtime.Afterwards,amulti-layer perceptron based ensemble learning approach has been applied to improve the models’overall performance.The experimental results showthat the suggested model is acceptable for feature selection as well as classifying network attacks in an imbalanced dataset,with a high f1-score(0.91)and g-mean(0.99)value.Furthermore,it has outperformed base classifier models and voting procedures.展开更多
Aiming at the industry cyber-physical system(ICPS)where Denial-of-Service(DoS)attacks and actuator failure coexist,the integrated security control problem of ICPS under multi-objective constraints was studied.First,fr...Aiming at the industry cyber-physical system(ICPS)where Denial-of-Service(DoS)attacks and actuator failure coexist,the integrated security control problem of ICPS under multi-objective constraints was studied.First,from the perspective of the defender,according to the differential impact of the system under DoS attacks of different energies,the DoS attacks energy grading detection standard was formulated,and the ICPS comprehensive security control framework was constructed.Secondly,a security transmission strategy based on event triggering was designed.Under the DoS attack energy classification detection mechanism,for large-energy attacks,the method based on time series analysis was considered to predict and compensate for lost data.Therefore,on the basis of passive and elastic response to small energy attacks,the active defense capability against DoS attacks was increased.Then by introducing the conecomplement linearization algorithm,the calculation methods of the state and fault estimation observer and the integrated safety controller were deduced,the goal of DoS attack active and passive hybrid intrusion tolerance and actuator failure active fault tolerance were realized.Finally,a simulation example of a four-capacity water tank system was given to verify the validity of the obtained conclusions.展开更多
Cloud computing involves remote server deployments with public net-work infrastructures that allow clients to access computational resources.Virtual Machines(VMs)are supplied on requests and launched without interacti...Cloud computing involves remote server deployments with public net-work infrastructures that allow clients to access computational resources.Virtual Machines(VMs)are supplied on requests and launched without interactions from service providers.Intruders can target these servers and establish malicious con-nections on VMs for carrying out attacks on other clustered VMs.The existing system has issues with execution time and false-positive rates.Hence,the overall system performance is degraded considerably.The proposed approach is designed to eliminate Cross-VM side attacks and VM escape and hide the server’s position so that the opponent cannot track the target server beyond a certain point.Every request is passed from source to destination via one broadcast domain to confuse the opponent and avoid them from tracking the server’s position.Allocation of SECURITY Resources accepts a safety game in a simple format as input andfinds the best coverage vector for the opponent using a Stackelberg Equilibrium(SSE)technique.A Mixed Integer Linear Programming(MILP)framework is used in the algorithm.The VM challenge is reduced by afirewall-based controlling mechanism combining behavior-based detection and signature-based virus detection.The pro-posed method is focused on detecting malware attacks effectively and providing better security for the VMs.Finally,the experimental results indicate that the pro-posed security method is efficient.It consumes minimum execution time,better false positive rate,accuracy,and memory usage than the conventional approach.展开更多
The use of machine learning algorithms to identify characteristics in Distributed Denial of Service (DDoS) attacks has emerged as a powerful approach in cybersecurity. DDoS attacks, which aim to overwhelm a network or...The use of machine learning algorithms to identify characteristics in Distributed Denial of Service (DDoS) attacks has emerged as a powerful approach in cybersecurity. DDoS attacks, which aim to overwhelm a network or service with a flood of malicious traffic, pose significant threats to online systems. Traditional methods of detection and mitigation often struggle to keep pace with the evolving nature of these attacks. Machine learning, with its ability to analyze vast amounts of data and recognize patterns, offers a robust solution to this challenge. The aim of the paper is to demonstrate the application of ensemble ML algorithms, namely the K-Means and the KNN, for a dual clustering mechanism when used with PySpark to collect 99% accurate data. The algorithms, when used together, identify distinctive features of DDoS attacks that prove a very accurate reflection of reality, so they are a good combination for this aim. Impressively, having preprocessed the data, both algorithms with the PySpark foundation enabled the achievement of 99% accuracy when tuned on the features of a DDoS big dataset. The semi-supervised dataset tabulates traffic anomalies in terms of packet size distribution in correlation to Flow Duration. By training the K-Means Clustering and then applying the KNN to the dataset, the algorithms learn to evaluate the character of activity to a greater degree by displaying density with ease. The study evaluates the effectiveness of the K-Means Clustering with the KNN as ensemble algorithms that adapt very well in detecting complex patterns. Ultimately, cross-reaching environmental results indicate that ML-based approaches significantly improve detection rates compared to traditional methods. Furthermore, ensemble learning methods, which combine two plus multiple models to improve prediction accuracy, show greatness in handling the complexity and variability of big data sets especially when implemented by PySpark. The findings suggest that the enhancement of accuracy derives from newer software that’s designed to reflect reality. However, challenges remain in the deployment of these systems, including the need for large, high-quality datasets and the potential for adversarial attacks that attempt to deceive the ML models. Future research should continue to improve the robustness and efficiency of combining algorithms, as well as integrate them with existing security frameworks to provide comprehensive protection against DDoS attacks and other areas. The dataset was originally created by the University of New Brunswick to analyze DDoS data. The dataset itself was based on logs of the university’s servers, which found various DoS attacks throughout the publicly available period to totally generate 80 attributes with a 6.40GB size. In this dataset, the label and binary column become a very important portion of the final classification. In the last column, this means the normal traffic would be differentiated by the attack traffic. Further analysis is then ripe for investigation. Finally, malicious traffic alert software, as an example, should be trained on packet influx to Flow Duration dependence, which creates a mathematical scope for averages to enact. In achieving such high accuracy, the project acts as an illustration (referenced in the form of excerpts from my Google Colab account) of many attempts to tune. Cybersecurity advocates for more work on the character of brute-force attack traffic and normal traffic features overall since most of our investments as humans are digitally based in work, recreational, and social environments.展开更多
Deep learning model is vulnerable to adversarial examples in the task of image classification. In this paper, a cluster-based method for defending against adversarial examples is proposed. Each adversarial example bef...Deep learning model is vulnerable to adversarial examples in the task of image classification. In this paper, a cluster-based method for defending against adversarial examples is proposed. Each adversarial example before attacking a classifier is reconstructed by a clustering algorithm according to the pixel values. The MNIST database of handwritten digits was used to assess the defence performance of the method under the fast gradient sign method (FGSM) and the DeepFool algorithm. The defence model proposed is simple and the trained classifier does not need to be retrained.展开更多
基金supported by the Ministry of Education of the Republic of Korea and the National Research Foundation of Korea(NRF-2019S1A5C2A04083374).
文摘The rapid advancement of IT technology has enabled the quick discovery,sharing and collection of quality information,but has also increased cyberattacks at a fast pace at the same time.There exists no means to block these cyberattacks completely,and all security policies need to consider the possibility of external attacks.Therefore,it is crucial to reduce external attacks through preventative measures.In general,since routers located in the upper part of a firewall can hardly be protected by security systems,they are exposed to numerous unblocked cyberattacks.Routers block unnecessary services and accept necessary ones while taking appropriate measures to reduce vulnerability,block unauthorized access,and generate relevant logs.Most logs created through unauthorized access are caused by SSH brute-force attacks,and therefore IP data of the attack can be collected through the logs.This paper proposes a model to detect SSH brute-force attacks through their logs,collect their IP address,and control access from that IP address.In this paper,we present a model that extracts and fragments the specific data required from the packets of collected routers in order to detect indiscriminate SSH input attacks.To do so,the model multiplies a user’s access records in each packet by weights and adds them to the blacklist according to a final calculated result value.In addition,the model can specify the internal IP of an attack attempt and defend against the first 29 destination IP addresses attempting the attack.
基金supported by the National Defense Foundation of China(No.403060103)
文摘This paper presents a computationally efficient real-time trajectory planning framework for typical unmanned combat aerial vehicle (UCAV) performing autonomous air-to-surface (A/S) attack. It combines the benefits of inverse dynamics optimization method and receding horizon optimal control technique. Firstly, the ground attack trajectory planning problem is mathematically formulated as a receding horizon optimal control problem (RHC-OCP). In particular, an approximate elliptic launch acceptable region (LAR) model is proposed to model the critical weapon delivery constraints. Secondly, a planning algorithm based on inverse dynamics optimization, which has high computational efficiency and good convergence properties, is developed to solve the RHCOCP in real-time. Thirdly, in order to improve robustness and adaptivity in a dynamic and uncer- tain environment, a two-degree-of-freedom (2-DOF) receding horizon control architecture is introduced and a regular real-time update strategy is proposed as well, and the real-time feedback can be achieved and the not-converged situations can be handled. Finally, numerical simulations demon- strate the efficiency of this framework, and the results also show that the presented technique is well suited for real-time implementation in dynamic and uncertain environment.
文摘This paper provides a calculating method which can be used in calculation of the kill probability attack area for every AAM. At first, attack area of AAM and kill probability of every characteristic point are obtained by combining trajectory calculation with kill probability calculation. Then, coordinates of a fire point relative to standard kill probability value in terms of standardization method are found. At last, equivalent kill probability curve equations are formulated by means of curve fitting method.
基金This work was supported by the National Natural Science Foundation of China No.61672101the Beijing Key Laboratory of Internet Culture and Digital Dissemination Research(ICDDXN004)Key Lab of Information Network Security,Ministry of Public Security,No.C18601.
文摘To improve the attack detection capability of content centric network(CCN),we propose a detection method of interest flooding attack(IFA)making use of the feature of self-similarity of traffic and the information entropy of content name of interest packet.On the one hand,taking advantage of the characteristics of self-similarity is very sensitive to traffic changes,calculating the Hurst index of the traffic,to identify initial IFA attacks.On the other hand,according to the randomness of user requests,calculating the information entropy of content name of the interest packets,to detect the severity of the IFA attack,is.Finally,based on the above two aspects,we use the bilateral detection method based on non-parametric CUSUM algorithm to judge the possible attack behavior in CCN.The experimental results show that flooding attack detection method proposed for CCN can not only detect the attack behavior at the early stage of attack in CCN,but also is more accurate and effective than other methods.
文摘Cloud computing(CC)is an advanced technology that provides access to predictive resources and data sharing.The cloud environment represents the right type regarding cloud usage model ownership,size,and rights to access.It introduces the scope and nature of cloud computing.In recent times,all processes are fed into the system for which consumer data and cache size are required.One of the most security issues in the cloud environment is Distributed Denial of Ser-vice(DDoS)attacks,responsible for cloud server overloading.This proposed sys-tem ID3(Iterative Dichotomiser 3)Maximum Multifactor Dimensionality Posteriori Method(ID3-MMDP)is used to overcome the drawback and a rela-tively simple way to execute and for the detection of(DDoS)attack.First,the pro-posed ID3-MMDP method calls for the resources of the cloud platform and then implements the attack detection technology based on information entropy to detect DDoS attacks.Since because the entropy value can show the discrete or aggregated characteristics of the current data set,it can be used for the detection of abnormal dataflow,User-uploaded data,ID3-MMDP system checks and read risk measurement and processing,bug ratingfile size changes,orfile name changes and changes in the format design of the data size entropy value.Unique properties can be used whenever the program approaches any data error to detect abnormal data services.Finally,the experiment also verifies the DDoS attack detection capability algorithm.
文摘This paper considers the problem of generating a flight trajectory for a single fixed-wing unmanned combat aerial vehicle (UCAV) performing an air-to-surface multi-target attack (A/SMTA) mission using satellite-guided bombs. First, this problem is formulated as a variant of the traveling salesman problem (TSP), called the dynamic-constrained TSP with neighborhoods (DCT- SPN). Then, a hierarchical hybrid approach, which partitions the planning algorithm into a roadmap planning layer and an optimal control layer, is proposed to solve the DCTSPN. In the roadmap planning layer, a novel algorithm based on an updatable proba- bilistic roadmap (PRM) is presented, which operates by randomly sampling a finite set of vehicle states from continuous state space in order to reduce the complicated trajectory planning problem to planning on a finite directed graph. In the optimal control layer, a collision-free state-to-state trajectory planner based on the Gauss pseudospectral method is developed, which can generate both dynamically feasible and optimal flight trajectories. The entire process of solving a DCTSPN consists of two phases. First, in the offline preprocessing phase, the algorithm constructs a PRM, and then converts the original problem into a standard asymmet- ric TSP (ATSP). Second, in the online querying phase, the costs of directed edges in PRM are updated first, and a fast heuristic searching algorithm is then used to solve the ATSP. Numerical experiments indicate that the algorithm proposed in this paper can generate both feasible and near-optimal solutions quickly for online purposes.
文摘Underground mine fire always exists since the mining activity was practiced.It poses a severe safety hazard to the mine workers and may also cause a tremendous economic loss to the mines.Methods for controlling and extinguishing fires in underground mine have long been studied and there have been significant improvements.In order to know clearly about the firefighting technology used,this paper summarizes most of the underground mine firefighting methods used in the United States the past 150 years.This paper describes not only the accepted firefighting theories,but also the technologies,both direct and indirect attacking,in accordance to regulations or codes,with special attention is given to the indirect attack method and its related technologies.Further research needed is also briefly discussed at the end of this paper.
基金Supported by the Fundamental Research Funds for the Central Universities(328202204)。
文摘Federated Learning(FL),a burgeoning technology,has received increasing attention due to its privacy protection capability.However,the base algorithm FedAvg is vulnerable when it suffers from so-called backdoor attacks.Former researchers proposed several robust aggregation methods.Unfortunately,due to the hidden characteristic of backdoor attacks,many of these aggregation methods are unable to defend against backdoor attacks.What's more,the attackers recently have proposed some hiding methods that further improve backdoor attacks'stealthiness,making all the existing robust aggregation methods fail.To tackle the threat of backdoor attacks,we propose a new aggregation method,X-raying Models with A Matrix(XMAM),to reveal the malicious local model updates submitted by the backdoor attackers.Since we observe that the output of the Softmax layer exhibits distinguishable patterns between malicious and benign updates,unlike the existing aggregation algorithms,we focus on the Softmax layer's output in which the backdoor attackers are difficult to hide their malicious behavior.Specifically,like medical X-ray examinations,we investigate the collected local model updates by using a matrix as an input to get their Softmax layer's outputs.Then,we preclude updates whose outputs are abnormal by clustering.Without any training dataset in the server,the extensive evaluations show that our XMAM can effectively distinguish malicious local model updates from benign ones.For instance,when other methods fail to defend against the backdoor attacks at no more than 20%malicious clients,our method can tolerate 45%malicious clients in the black-box mode and about 30%in Projected Gradient Descent(PGD)mode.Besides,under adaptive attacks,the results demonstrate that XMAM can still complete the global model training task even when there are 40%malicious clients.Finally,we analyze our method's screening complexity and compare the real screening time with other methods.The results show that XMAM is about 10–10000 times faster than the existing methods.
文摘This paper analyzes the influence of the global positionong system(GPS)spoofing attack(GSA)on phasor measurement units(PMU)measurements.We propose a detection method based on improved Capsule Neural Network(CapsNet)to handle this attack.In the improved CapsNet,the gated recurrent unit(GRU)is added to the front of the full connection layer of the CapsNet.The improved CapsNet trains and updates the network parameters according to the historical measurements of the smart grid.The detection method uses different structures to extract the temporal and spatial features of the measurements simultaneously,which can accurately distinguish the attacked data from the normal data,to improve the detection accuracy.Finally,simulation experiments are carried out on IEEE 14-,IEEE 118-bus systems.The experimental results show that compared with other detection methods,our method is proved to be more efficient.
基金Supported by National 242 Plan Project(2005C48)the Technology Innovation Programme Major Projects of Beijing Institute of Technology(2011CX01015)
文摘Three kinds of vulnerabilities that may exist in some of current virtualization-based security monitoring systems were proposed: page mapping problem,lack of overall protection,and inherent limitations. Aiming at these vulnerabilities,relative attack methods were presented in detail. Our experiments show that the attack methods,such as page mapping attack,data attack,and non-behavior detection attack,can attack simulated or original security monitors successfully. Defenders,who need to effectively strengthen their security monitors,can get an inspiration from these attack methods and find some appropriate solutions.
基金Project supported by the Foundation of Aeronautical Science (No.99A53001)
文摘A numerical investigation of the structure of the vortical flowfield over delta wings at high angles of attack in longitudinal and with small sideslip angle is presented. Three-dimensional Navier-Stokes numerical simulations were carried out to predict the complex leeward-side flowfield characteristics that are dominated by the effect of the breakdown of the leading-edge vortices. The methods that analyze the flowfield structure quantitatively were given by using flowfield data from the computational results. In the region before the vortex breakdown, the vortex axes are approximated as being straight line. As the angle of attack increases, the vortex axes are closer to the root chord, and farther away from the wing surface. Along the vortex axes, as the adverse pressure gradients occur, the axial velocity decreases, that is, A is negativee, so the vortex is unstable, and it is possible to breakdown. The occurrence of the breakdown results in the instability of lateral motion for a delta wing, and the lateral moment diverges after a small perturbation occurs at high angles of attack. However, after a critical angle of attack is reached the vortices breakdown completely at the wing apex, and the instability resulting from the vortex breakdown disappears.
文摘In Industrial Control Systems (ICS), security issues are getting more and more attention. The number of hacking attacks per year is endless, and the attacks on industrial control systems are numerous. Programmable Logic Controller (PLC) is one of the main controllers of industrial processes. Since the industrial control system network is isolated from the external network, many people think that PLC is a safety device. However, virus attacks in recent years, such as Stuxnet, have confirmed the erroneousness of this idea. In this paper, we use the vulnerability of Siemens PLC to carry out a series of attacks, such as S7-200, S7-300, S7-400, S7-1200 and so on. We read the data from the PLC output and then rewrite the data and write it to the PLC. We tamper with the writing of data to achieve communication chaos. When we attack the primary station, all slave devices connected to the primary station will be in a state of communication confusion. The attack methods of us can cause delay or even loss of data in the communications from the Phasor Data Concentrator (PMU) to the data concentrator. The most important thing is that our attack method generates small traffic and short attack time, which is difficult to be identified by traditional detection methods.
文摘This article discusses improvements in a puzzle authentication method that adopts the interface of the Puzzle and Dragons game [1] and is tolerant against video-recording attacks. A problem that the conventional puzzle authentication methods face is that they are time consuming and have low success rate in authentication. We evaluated improvements of the interface to verify the usability of the improved system. The results suggested that the usability in terms of operation time and authentication success rate attained a level that was comparable with other leading methods in the field.
基金Project supported by the National Natural Science Foundation of China (Grant No.60573031)the Foundation of the National Laboratory for Modern Communications (Grant No.51436060205JW0305)
文摘Based on the structure of the side channel attacks (SCAs) to RSA cryptosystem can resist the fault attack and combine with the randomization method for the message and secret exponent, a new implementation scheme of CRT-based (the Chinese remained theorem) RSA is proposed. The proposed scheme can prevent simple power analysis (SPA), differential power analysis (DPA) and time attack, and is compatible with the existing RSA-CRT cryptosystem as well. In addition, an improvement for resisting fault attack is proposed, which can reduce extra computation time.
文摘Recently,machine learning algorithms have been used in the detection and classification of network attacks.The performance of the algorithms has been evaluated by using benchmark network intrusion datasets such as DARPA98,KDD’99,NSL-KDD,UNSW-NB15,and Caida DDoS.However,these datasets have two major challenges:imbalanced data and highdimensional data.Obtaining high accuracy for all attack types in the dataset allows for high accuracy in imbalanced datasets.On the other hand,having a large number of features increases the runtime load on the algorithms.A novel model is proposed in this paper to overcome these two concerns.The number of features in the model,which has been tested at CICIDS2017,is initially optimized by using genetic algorithms.This optimum feature set has been used to classify network attacks with six well-known classifiers according to high f1-score and g-mean value in minimumtime.Afterwards,amulti-layer perceptron based ensemble learning approach has been applied to improve the models’overall performance.The experimental results showthat the suggested model is acceptable for feature selection as well as classifying network attacks in an imbalanced dataset,with a high f1-score(0.91)and g-mean(0.99)value.Furthermore,it has outperformed base classifier models and voting procedures.
基金supported by Gansu Higher Education Innovation Fund Project(No.2023B-439)。
文摘Aiming at the industry cyber-physical system(ICPS)where Denial-of-Service(DoS)attacks and actuator failure coexist,the integrated security control problem of ICPS under multi-objective constraints was studied.First,from the perspective of the defender,according to the differential impact of the system under DoS attacks of different energies,the DoS attacks energy grading detection standard was formulated,and the ICPS comprehensive security control framework was constructed.Secondly,a security transmission strategy based on event triggering was designed.Under the DoS attack energy classification detection mechanism,for large-energy attacks,the method based on time series analysis was considered to predict and compensate for lost data.Therefore,on the basis of passive and elastic response to small energy attacks,the active defense capability against DoS attacks was increased.Then by introducing the conecomplement linearization algorithm,the calculation methods of the state and fault estimation observer and the integrated safety controller were deduced,the goal of DoS attack active and passive hybrid intrusion tolerance and actuator failure active fault tolerance were realized.Finally,a simulation example of a four-capacity water tank system was given to verify the validity of the obtained conclusions.
文摘Cloud computing involves remote server deployments with public net-work infrastructures that allow clients to access computational resources.Virtual Machines(VMs)are supplied on requests and launched without interactions from service providers.Intruders can target these servers and establish malicious con-nections on VMs for carrying out attacks on other clustered VMs.The existing system has issues with execution time and false-positive rates.Hence,the overall system performance is degraded considerably.The proposed approach is designed to eliminate Cross-VM side attacks and VM escape and hide the server’s position so that the opponent cannot track the target server beyond a certain point.Every request is passed from source to destination via one broadcast domain to confuse the opponent and avoid them from tracking the server’s position.Allocation of SECURITY Resources accepts a safety game in a simple format as input andfinds the best coverage vector for the opponent using a Stackelberg Equilibrium(SSE)technique.A Mixed Integer Linear Programming(MILP)framework is used in the algorithm.The VM challenge is reduced by afirewall-based controlling mechanism combining behavior-based detection and signature-based virus detection.The pro-posed method is focused on detecting malware attacks effectively and providing better security for the VMs.Finally,the experimental results indicate that the pro-posed security method is efficient.It consumes minimum execution time,better false positive rate,accuracy,and memory usage than the conventional approach.
文摘The use of machine learning algorithms to identify characteristics in Distributed Denial of Service (DDoS) attacks has emerged as a powerful approach in cybersecurity. DDoS attacks, which aim to overwhelm a network or service with a flood of malicious traffic, pose significant threats to online systems. Traditional methods of detection and mitigation often struggle to keep pace with the evolving nature of these attacks. Machine learning, with its ability to analyze vast amounts of data and recognize patterns, offers a robust solution to this challenge. The aim of the paper is to demonstrate the application of ensemble ML algorithms, namely the K-Means and the KNN, for a dual clustering mechanism when used with PySpark to collect 99% accurate data. The algorithms, when used together, identify distinctive features of DDoS attacks that prove a very accurate reflection of reality, so they are a good combination for this aim. Impressively, having preprocessed the data, both algorithms with the PySpark foundation enabled the achievement of 99% accuracy when tuned on the features of a DDoS big dataset. The semi-supervised dataset tabulates traffic anomalies in terms of packet size distribution in correlation to Flow Duration. By training the K-Means Clustering and then applying the KNN to the dataset, the algorithms learn to evaluate the character of activity to a greater degree by displaying density with ease. The study evaluates the effectiveness of the K-Means Clustering with the KNN as ensemble algorithms that adapt very well in detecting complex patterns. Ultimately, cross-reaching environmental results indicate that ML-based approaches significantly improve detection rates compared to traditional methods. Furthermore, ensemble learning methods, which combine two plus multiple models to improve prediction accuracy, show greatness in handling the complexity and variability of big data sets especially when implemented by PySpark. The findings suggest that the enhancement of accuracy derives from newer software that’s designed to reflect reality. However, challenges remain in the deployment of these systems, including the need for large, high-quality datasets and the potential for adversarial attacks that attempt to deceive the ML models. Future research should continue to improve the robustness and efficiency of combining algorithms, as well as integrate them with existing security frameworks to provide comprehensive protection against DDoS attacks and other areas. The dataset was originally created by the University of New Brunswick to analyze DDoS data. The dataset itself was based on logs of the university’s servers, which found various DoS attacks throughout the publicly available period to totally generate 80 attributes with a 6.40GB size. In this dataset, the label and binary column become a very important portion of the final classification. In the last column, this means the normal traffic would be differentiated by the attack traffic. Further analysis is then ripe for investigation. Finally, malicious traffic alert software, as an example, should be trained on packet influx to Flow Duration dependence, which creates a mathematical scope for averages to enact. In achieving such high accuracy, the project acts as an illustration (referenced in the form of excerpts from my Google Colab account) of many attempts to tune. Cybersecurity advocates for more work on the character of brute-force attack traffic and normal traffic features overall since most of our investments as humans are digitally based in work, recreational, and social environments.
基金the National NSF of China (61602125, 61772150, 61862011, 61862012)the China Postdoctoral Science Foundation (2018M633041)+5 种基金the NSF of Guangxi (2016GXNSFBA380153, 2017GXNSFAA198192, 2018GXNSFAA138116, 2018-GXNSFAA281232, 2018GXNSFDA281054)the Guangxi Science and Technology Plan Project (AD18281065)the Guangxi Key R&D Program (AB17195025)the Guangxi Key Laboratory of Cryptography and Information Security (GCIS201625, GCIS201704)the National Cryptography Development Fund of China (MMJJ20170217)the research start-up grants of Dongguan University of Technology, and the Postgraduate Education Innovation Project of Guilin University of Electronic Technology (2018YJCX51, 2019YCXS052).
文摘Deep learning model is vulnerable to adversarial examples in the task of image classification. In this paper, a cluster-based method for defending against adversarial examples is proposed. Each adversarial example before attacking a classifier is reconstructed by a clustering algorithm according to the pixel values. The MNIST database of handwritten digits was used to assess the defence performance of the method under the fast gradient sign method (FGSM) and the DeepFool algorithm. The defence model proposed is simple and the trained classifier does not need to be retrained.
