The Internet of Healthcare Things(IoHT)marks a significant breakthrough in modern medicine by enabling a new era of healthcare services.IoHT supports real-time,continuous,and personalized monitoring of patients’healt...The Internet of Healthcare Things(IoHT)marks a significant breakthrough in modern medicine by enabling a new era of healthcare services.IoHT supports real-time,continuous,and personalized monitoring of patients’health conditions.However,the security of sensitive data exchanged within IoHT remains a major concern,as the widespread connectivity and wireless nature of these systems expose them to various vulnerabilities.Potential threats include unauthorized access,device compromise,data breaches,and data alteration,all of which may compromise the confidentiality and integrity of patient information.In this paper,we provide an in-depth security analysis of LAP-IoHT,an authentication scheme designed to ensure secure communication in Internet of Healthcare Things environments.This analysis reveals several vulnerabilities in the LAP-IoHT protocol,namely its inability to resist various attacks,including user impersonation and privileged insider threats.To address these issues,we introduce LSAP-IoHT,a secure and lightweight authentication protocol for the Internet of Healthcare Things(IoHT).This protocol leverages Elliptic Curve Cryptography(ECC),Physical Unclonable Functions(PUFs),and Three-Factor Authentication(3FA).Its security is validated through both informal analysis and formal verification using the Scyther tool and the Real-Or-Random(ROR)model.The results demonstrate strong resistance against man-in-the-middle(MITM)attacks,replay attacks,identity spoofing,stolen smart device attacks,and insider threats,while maintaining low computational and communication costs.展开更多
The Internet of Things (IoT) and edge-assisted networking infrastructures are capable of bringing data processing and accessibility services locally at the respective edge rather than at a centralized module. These in...The Internet of Things (IoT) and edge-assisted networking infrastructures are capable of bringing data processing and accessibility services locally at the respective edge rather than at a centralized module. These infrastructures are very effective in providing a fast response to the respective queries of the requesting modules, but their distributed nature has introduced other problems such as security and privacy. To address these problems, various security-assisted communication mechanisms have been developed to safeguard every active module, i.e., devices and edges, from every possible vulnerability in the IoT. However, these methodologies have neglected one of the critical issues, which is the prediction of fraudulent devices, i.e., adversaries, preferably as early as possible in the IoT. In this paper, a hybrid communication mechanism is presented where the Hidden Markov Model (HMM) predicts the legitimacy of the requesting device (both source and destination), and the Advanced Encryption Standard (AES) safeguards the reliability of the transmitted data over a shared communication medium, preferably through a secret shared key, i.e., , and timestamp information. A device becomes trusted if it has passed both evaluation levels, i.e., HMM and message decryption, within a stipulated time interval. The proposed hybrid, along with existing state-of-the-art approaches, has been simulated in the realistic environment of the IoT to verify the security measures. These evaluations were carried out in the presence of intruders capable of launching various attacks simultaneously, such as man-in-the-middle, device impersonations, and masquerading attacks. Moreover, the proposed approach has been proven to be more effective than existing state-of-the-art approaches due to its exceptional performance in communication, processing, and storage overheads, i.e., 13%, 19%, and 16%, respectively. Finally, the proposed hybrid approach is pruned against well-known security attacks in the IoT.展开更多
Message structure reconstruction is a critical task in protocol reverse engineering,aiming to recover protocol field structures without access to source code.It enables important applications in network security,inclu...Message structure reconstruction is a critical task in protocol reverse engineering,aiming to recover protocol field structures without access to source code.It enables important applications in network security,including malware analysis and protocol fuzzing.However,existing methods suffer from inaccurate field boundary delineation and lack hierarchical relationship recovery,resulting in imprecise and incomplete reconstructions.In this paper,we propose ProRE,a novel method for reconstructing protocol field structures based on program execution slice embedding.ProRE extracts code slices from protocol parsing at runtime,converts them into embedding vectors using a data flow-sensitive assembly language model,and performs hierarchical clustering to recover complete protocol field structures.Evaluation on two datasets containing 12 protocols shows that ProRE achieves an average F1 score of 0.85 and a cophenetic correlation coefficient of 0.189,improving by 19%and 0.126%respectively over state-of-the-art methods(including BinPRE,Tupni,Netlifter,and QwQ-32B-preview),demonstrating significant superiority in both accuracy and completeness of field structure recovery.Case studies further validate the effectiveness of ProRE in practical malware analysis scenarios.展开更多
Rwanda secured access to one of the world’s most lucrative agricultural markets this month when it finalised a trade protocol allowing fresh avocado exports to China,a deal that could fundamentally alter the trajecto...Rwanda secured access to one of the world’s most lucrative agricultural markets this month when it finalised a trade protocol allowing fresh avocado exports to China,a deal that could fundamentally alter the trajectory of the country’s trade.展开更多
Hyperpolarization of nuclear spins is crucial for advancing nuclear magnetic resonance and quantum information technologies,as nuclear spins typically exhibit extremely low polarization at room temperature due to thei...Hyperpolarization of nuclear spins is crucial for advancing nuclear magnetic resonance and quantum information technologies,as nuclear spins typically exhibit extremely low polarization at room temperature due to their small gyromagnetic ratios.A promising approach to achieving high nuclear spin polarization is transferring the polarization of electrons to nuclear spins.The nitrogen-vacancy(NV)center in diamond has emerged as a highly effective medium for this purpose,and various hyperpolarization protocols have been developed.Among these,the pulsed polarization(PulsePol)method has been extensively studied due to its robustness against static energy shifts of the electron spin.In this work,we present a novel polarization protocol and uncover a family of magic sequences for hyperpolarizing nuclear spins,with PulsePol emerging as a special case of our general approach.Notably,we demonstrate that some of these magic sequences exhibit significantly greater robustness compared to the PulsePol protocol in the presence of finite half𝜋pulse duration of the protocol,Rabi and detuning errors.This enhanced robustness positions our protocol as a more suitable candidate for hyper-polarizing nuclear spins species with large gyromagnetic ratios and also ensures better compatibility with high-efficiency readout techniques at high magnetic fields.Additionally,the generality of our protocol allows for its direct application to other solid-state quantum systems beyond the NV center.展开更多
Recently,Internet ofThings(IoT)has been increasingly integrated into the automotive sector,enabling the development of diverse applications such as the Internet of Vehicles(IoV)and intelligent connected vehicles.Lever...Recently,Internet ofThings(IoT)has been increasingly integrated into the automotive sector,enabling the development of diverse applications such as the Internet of Vehicles(IoV)and intelligent connected vehicles.Leveraging IoVtechnologies,operational data fromcore vehicle components can be collected and analyzed to construct fault diagnosis models,thereby enhancing vehicle safety.However,automakers often struggle to acquire sufficient fault data to support effective model training.To address this challenge,a robust and efficient federated learning method(REFL)is constructed for machinery fault diagnosis in collaborative IoV,which can organize multiple companies to collaboratively develop a comprehensive fault diagnosis model while keeping their data locally.In the REFL,the gradient-based adversary algorithm is first introduced to the fault diagnosis field to enhance the deep learning model robustness.Moreover,the adaptive gradient processing process is designed to improve the model training speed and ensure the model accuracy under unbalance data scenarios.The proposed REFL is evaluated on non-independent and identically distributed(non-IID)real-world machinery fault dataset.Experiment results demonstrate that the REFL can achieve better performance than traditional learning methods and are promising for real industrial fault diagnosis.展开更多
With more and more IoT terminals being deployed in various power grid business scenarios,terminal reliability has become a practical challenge that threatens the current security protection architecture.Most IoT termi...With more and more IoT terminals being deployed in various power grid business scenarios,terminal reliability has become a practical challenge that threatens the current security protection architecture.Most IoT terminals have security risks and vulnerabilities,and limited resources make it impossible to deploy costly security protection methods on the terminal.In order to cope with these problems,this paper proposes a lightweight trust evaluation model TCL,which combines three network models,TCN,CNN,and LSTM,with stronger feature extraction capability and can score the reliability of the device by periodically analyzing the traffic behavior and activity logs generated by the terminal device,and the trust evaluation of the terminal’s continuous behavior can be achieved by combining the scores of different periods.After experiments,it is proved that TCL can effectively use the traffic behaviors and activity logs of terminal devices for trust evaluation and achieves F1-score of 95.763,94.456,99.923,and 99.195 on HDFS,BGL,N-BaIoT,and KDD99 datasets,respectively,and the size of TCL is only 91KB,which can achieve similar or better performance than CNN-LSTM,RobustLog and other methods with less computational resources and storage space.展开更多
Vehicle Edge Computing(VEC)and Cloud Computing(CC)significantly enhance the processing efficiency of delay-sensitive and computation-intensive applications by offloading compute-intensive tasks from resource-constrain...Vehicle Edge Computing(VEC)and Cloud Computing(CC)significantly enhance the processing efficiency of delay-sensitive and computation-intensive applications by offloading compute-intensive tasks from resource-constrained onboard devices to nearby Roadside Unit(RSU),thereby achieving lower delay and energy consumption.However,due to the limited storage capacity and energy budget of RSUs,it is challenging to meet the demands of the highly dynamic Internet of Vehicles(IoV)environment.Therefore,determining reasonable service caching and computation offloading strategies is crucial.To address this,this paper proposes a joint service caching scheme for cloud-edge collaborative IoV computation offloading.By modeling the dynamic optimization problem using Markov Decision Processes(MDP),the scheme jointly optimizes task delay,energy consumption,load balancing,and privacy entropy to achieve better quality of service.Additionally,a dynamic adaptive multi-objective deep reinforcement learning algorithm is proposed.Each Double Deep Q-Network(DDQN)agent obtains rewards for different objectives based on distinct reward functions and dynamically updates the objective weights by learning the value changes between objectives using Radial Basis Function Networks(RBFN),thereby efficiently approximating the Pareto-optimal decisions for multiple objectives.Extensive experiments demonstrate that the proposed algorithm can better coordinate the three-tier computing resources of cloud,edge,and vehicles.Compared to existing algorithms,the proposed method reduces task delay and energy consumption by 10.64%and 5.1%,respectively.展开更多
The rapid expansion of the Internet of Things(IoT)and Edge Artificial Intelligence(AI)has redefined automation and connectivity acrossmodern networks.However,the heterogeneity and limited resources of IoT devices expo...The rapid expansion of the Internet of Things(IoT)and Edge Artificial Intelligence(AI)has redefined automation and connectivity acrossmodern networks.However,the heterogeneity and limited resources of IoT devices expose them to increasingly sophisticated and persistentmalware attacks.These adaptive and stealthy threats can evade conventional detection,establish remote control,propagate across devices,exfiltrate sensitive data,and compromise network integrity.This study presents a Software-Defined Internet of Things(SD-IoT)control-plane-based,AI-driven framework that integrates Gated Recurrent Units(GRU)and Long Short-TermMemory(LSTM)networks for efficient detection of evolving multi-vector,malware-driven botnet attacks.The proposed CUDA-enabled hybrid deep learning(DL)framework performs centralized real-time detection without adding computational overhead to IoT nodes.A feature selection strategy combining variable clustering,attribute evaluation,one-R attribute evaluation,correlation analysis,and principal component analysis(PCA)enhances detection accuracy and reduces complexity.The framework is rigorously evaluated using the N_BaIoT dataset under k-fold cross-validation.Experimental results achieve 99.96%detection accuracy,a false positive rate(FPR)of 0.0035%,and a detection latency of 0.18 ms,confirming its high efficiency and scalability.The findings demonstrate the framework’s potential as a robust and intelligent security solution for next-generation IoT ecosystems.展开更多
Internet of Vehicles(IoV)is an evolution of the Internet of Things(IoT)to improve the capabilities of vehicular ad-hoc networks(VANETs)in intelligence transport systems.The network topology in IoV paradigm is highly d...Internet of Vehicles(IoV)is an evolution of the Internet of Things(IoT)to improve the capabilities of vehicular ad-hoc networks(VANETs)in intelligence transport systems.The network topology in IoV paradigm is highly dynamic.Clustering is one of the promising solutions to maintain the route stability in the dynamic network.However,existing algorithms consume a considerable amount of time in the cluster head(CH)selection process.Thus,this study proposes a mobility aware dynamic clustering-based routing(MADCR)protocol in IoV to maximize the lifespan of networks and reduce the end-to-end delay of vehicles.The MADCR protocol consists of cluster formation and CH selection processes.A cluster is formed on the basis of Euclidean distance.The CH is then chosen using the mayfly optimization algorithm(MOA).The CH subsequently receives vehicle data and forwards such data to the Road Side Unit(RSU).The performance of the MADCR protocol is compared with that ofAnt Colony Optimization(ACO),Comprehensive Learning Particle Swarm Optimization(CLPSO),and Clustering Algorithm for Internet of Vehicles based on Dragonfly Optimizer(CAVDO).The proposed MADCR protocol decreases the end-toend delay by 5–80 ms and increases the packet delivery ratio by 5%–15%.展开更多
This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in d...This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in data networks has been increasing owing to the high cyber attacks and potential risks associated with networks spread over distant geographical locations. The MPLS networks ride on the public network backbone that is porous and highly susceptible to attacks and so the need for reliable security mechanisms to be part of the deployment plan. The evaluation criteria concentrated on Voice over Internet Protocol (VoIP) and Video conferencing with keen interest in jitter, end to end delivery and general data flow. This study used both structured questionnaire and observation methods. The structured questionnaire was administered to a group of 70 VPN users in a company. This provided the study with precise responses. The observation method was used in data simulations using OPNET Version 14.5 Simulation software. The results show that the IPSec features increase the size of data packets by approximately 9.98% translating into approximately 90.02% effectiveness. The tests showed that the performance metrics are all well within the recommended standards. The IPSec Based MPLS Virtual private network is more stable and secure than one without IPSec.展开更多
In order to incorporate smart elements into distribution networks at ITELCA laboratories in Bogotá-Colombia, a Machine-to-Machine-based solution has been developed. This solution aids in the process of low-cost e...In order to incorporate smart elements into distribution networks at ITELCA laboratories in Bogotá-Colombia, a Machine-to-Machine-based solution has been developed. This solution aids in the process of low-cost electrical fault location, which contributes to improving quality of service, particularly by shortening interruption time spans in mid-voltage grids. The implementation makes use of MQTT protocol with an intensive use of Internet of things (IoT) environment which guarantees the following properties within the automation process: Advanced reports and statistics, remote command execution on one or more units (groups of units), detailed monitoring of remote units and custom alarm mechanism and firmware upgrade on one or more units (groups of units). This kind of implementation is the first one in Colombia and it is able to automatically recover from an N-1 fault.展开更多
The Internet of Things (IoT) is a large-scale network of devices capable of sensing, data processing, and communicating with each other through different communication protocols. In today's technology ecosystem, I...The Internet of Things (IoT) is a large-scale network of devices capable of sensing, data processing, and communicating with each other through different communication protocols. In today's technology ecosystem, IoT interacts with many application areas such as smart city, smart building, security, traffic, remote monitoring, health, energy, disaster, agriculture, industry. The IoT network in these scenarios comprises tiny devices, gateways, and cloud platforms. An IoT network is able to keep these fundamental components in transmission under many conditions with lightweight communication protocols taking into account the limited hardware features (memory, processor, energy, etc.) of tiny devices. These lightweight communication protocols affect the network traffic, reliability, bandwidth, and energy consumption of the IoT application. Therefore, determining the most proper communication protocol for application developers emerges as an important engineering problem. This paper presents a straightforward overview of the lightweight communication protocols, technological advancements in application layer for the IoT ecosystem. The survey then analyzes various recent lightweight communication protocols and reviews their strengths and limitations. In addition, the paper explains the experimental comparison of Constrained Applications Protocol (CoAP), Message Queuing Telemetry (MQTT), and WebSocket protocols, more convenient for tiny IoT devices. Finally, we discuss future research directions of communication protocols for IoT.展开更多
Based on the analysis of the covert channel's working mechanism of the internet control message protocol (ICMP) in internet protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6), the ICMP covert cha...Based on the analysis of the covert channel's working mechanism of the internet control message protocol (ICMP) in internet protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6), the ICMP covert channd's algorithms of the IPv4 and IPv6 are presented, which enable automatic channeling upon IPv4/v6 nodes with non-IPv4-compatible address, and the key transmission is achieved by using this channel in the embedded Internet terminal. The result shows that the covert channel's algorithm, which we implemented if, set correct, the messages of this covert channel might go through the gateway and enter the local area network.展开更多
This study focuses on testing and quality measurement and analysis of VoIPv6 performance. A client, server codes were developed using FreeBSD. This is a step before analyzing the Architectures of VoIPv6 in the current...This study focuses on testing and quality measurement and analysis of VoIPv6 performance. A client, server codes were developed using FreeBSD. This is a step before analyzing the Architectures of VoIPv6 in the current internet in order for it to cope with IPv6 traffic transmission requirements in general and specifically voice traffic, which is being attracting the efforts of research, bodes currently. These tests were conducted in the application level without looking into the network level of the network. VoIPv6 performance tests were conducted in the current tunneled and native IPv6 aiming for better end-to-end VoIPv6 performance. The results obtained in this study were shown in deferent codec's for different bit rates in Kilo bits per second, which act as an indicator for the better performance of G.711 compared with the rest of the tested codes.展开更多
A novel Wireless Fidelity (WiFi) over fiber link and a wavelength assignment protocol are proposed to provide sufficient bandwidth and extensive coverage range for the various applications in the Internet of Things (I...A novel Wireless Fidelity (WiFi) over fiber link and a wavelength assignment protocol are proposed to provide sufficient bandwidth and extensive coverage range for the various applications in the Internet of Things (IoT).The performance of the WiFi over fiber-based wireless IoT network is evaluated in terms of error vector magnitude (EVM) and data throughput for both the up and down links between the WiFi central control system and remote radio units (RRUs).The experimental results illustrate the reliability of the fiber transmission of 64 Quadrature Amplitude Modulation (64QAM) WiFi signals by direct analog modulation.In order to efficiently utilize the wavelength resources,we also demonstrated the wavelength assignment protocol by employing optical switching configurations in Central Station (CS) to realize the wavelength switching,and the simulation results indicate the queuing size and the corresponding queue delay for different numbers of available wavelengths.展开更多
Internet voting protocols is the base of the Internet voting systems. In this paper a new practical Internet voting protocol is introduced. The proposed Internet voting protocol does not apply the strong physical assu...Internet voting protocols is the base of the Internet voting systems. In this paper a new practical Internet voting protocol is introduced. The proposed Internet voting protocol does not apply the strong physical assumptions and has the properties of privacy, completeness, soundness, fairness, invariableness, and universal verifiability, receipt-free and coercion-resistant. At the same time it solves some problems in other internet voting protocols and the verification progress of universal verifiability is simple and efficient.展开更多
As an essential function of encrypted Internet traffic analysis,encrypted traffic service classification can support both coarse-grained network service traffic management and security supervision.However,the traditio...As an essential function of encrypted Internet traffic analysis,encrypted traffic service classification can support both coarse-grained network service traffic management and security supervision.However,the traditional plaintext-based Deep Packet Inspection(DPI)method cannot be applied to such a classification.Moreover,machine learning-based existing methods encounter two problems during feature selection:complex feature overcost processing and Transport Layer Security(TLS)version discrepancy.In this paper,we consider differences between encryption network protocol stacks and propose a composite deep learning-based method in multiprotocol environments using a sliding multiple Protocol Data Unit(multiPDU)length sequence as features by fully utilizing the Markov property in a multiPDU length sequence and maintaining suitability with a TLS-1.3 environment.Control experiments show that both Length-Sensitive(LS)composite deep learning model using a capsule neural network and LS-long short time memory achieve satisfactory effectiveness in F1-score and performance.Owing to faster feature extraction,our method is suitable for actual network environments and superior to state-of-the-art methods.展开更多
Energy conservation is a significant task in the Internet of Things(IoT)because IoT involves highly resource-constrained devices.Clustering is an effective technique for saving energy by reducing duplicate data.In a c...Energy conservation is a significant task in the Internet of Things(IoT)because IoT involves highly resource-constrained devices.Clustering is an effective technique for saving energy by reducing duplicate data.In a clustering protocol,the selection of a cluster head(CH)plays a key role in prolonging the lifetime of a network.However,most cluster-based protocols,including routing protocols for low-power and lossy networks(RPLs),have used fuzzy logic and probabilistic approaches to select the CH node.Consequently,early battery depletion is produced near the sink.To overcome this issue,a lion optimization algorithm(LOA)for selecting CH in RPL is proposed in this study.LOA-RPL comprises three processes:cluster formation,CH selection,and route establishment.A cluster is formed using the Euclidean distance.CH selection is performed using LOA.Route establishment is implemented using residual energy information.An extensive simulation is conducted in the network simulator ns-3 on various parameters,such as network lifetime,power consumption,packet delivery ratio(PDR),and throughput.The performance of LOA-RPL is also compared with those of RPL,fuzzy rule-based energyefficient clustering and immune-inspired routing(FEEC-IIR),and the routing scheme for IoT that uses shuffled frog-leaping optimization algorithm(RISARPL).The performance evaluation metrics used in this study are network lifetime,power consumption,PDR,and throughput.The proposed LOARPL increases network lifetime by 20%and PDR by 5%–10%compared with RPL,FEEC-IIR,and RISA-RPL.LOA-RPL is also highly energy-efficient compared with other similar routing protocols.展开更多
The Internet Control Message Protocol(ICMP)covert tunnel refers to a network attack that encapsulates malicious data in the data part of the ICMP protocol for transmission.Its concealment is stronger and it is not eas...The Internet Control Message Protocol(ICMP)covert tunnel refers to a network attack that encapsulates malicious data in the data part of the ICMP protocol for transmission.Its concealment is stronger and it is not easy to be discovered.Most detection methods are detecting the existence of channels instead of clarifying specific attack intentions.In this paper,we propose an ICMP covert tunnel attack intent detection framework ICMPTend,which includes five steps:data collection,feature dictionary construction,data preprocessing,model construction,and attack intent prediction.ICMPTend can detect a variety of attack intentions,such as shell attacks,sensitive directory access,communication protocol traffic theft,filling tunnel reserved words,and other common network attacks.We extract features from five types of attack intent found in ICMP channels.We build a multi-dimensional dictionary of malicious features,including shell attacks,sensitive directory access,communication protocol traffic theft,filling tunnel reserved words,and other common network attack keywords.For the high-dimensional and independent characteristics of ICMP traffic,we use a support vector machine(SVM)as a multi-class classifier.The experimental results show that the average accuracy of ICMPTend is 92%,training ICMPTend only takes 55 s,and the prediction time is only 2 s,which can effectively identify the attack intention of ICMP.展开更多
文摘The Internet of Healthcare Things(IoHT)marks a significant breakthrough in modern medicine by enabling a new era of healthcare services.IoHT supports real-time,continuous,and personalized monitoring of patients’health conditions.However,the security of sensitive data exchanged within IoHT remains a major concern,as the widespread connectivity and wireless nature of these systems expose them to various vulnerabilities.Potential threats include unauthorized access,device compromise,data breaches,and data alteration,all of which may compromise the confidentiality and integrity of patient information.In this paper,we provide an in-depth security analysis of LAP-IoHT,an authentication scheme designed to ensure secure communication in Internet of Healthcare Things environments.This analysis reveals several vulnerabilities in the LAP-IoHT protocol,namely its inability to resist various attacks,including user impersonation and privileged insider threats.To address these issues,we introduce LSAP-IoHT,a secure and lightweight authentication protocol for the Internet of Healthcare Things(IoHT).This protocol leverages Elliptic Curve Cryptography(ECC),Physical Unclonable Functions(PUFs),and Three-Factor Authentication(3FA).Its security is validated through both informal analysis and formal verification using the Scyther tool and the Real-Or-Random(ROR)model.The results demonstrate strong resistance against man-in-the-middle(MITM)attacks,replay attacks,identity spoofing,stolen smart device attacks,and insider threats,while maintaining low computational and communication costs.
基金supported by the Deanship of Graduate Studies and Scientific Research at Qassim University via Grant No.(QU-APC-2025).
文摘The Internet of Things (IoT) and edge-assisted networking infrastructures are capable of bringing data processing and accessibility services locally at the respective edge rather than at a centralized module. These infrastructures are very effective in providing a fast response to the respective queries of the requesting modules, but their distributed nature has introduced other problems such as security and privacy. To address these problems, various security-assisted communication mechanisms have been developed to safeguard every active module, i.e., devices and edges, from every possible vulnerability in the IoT. However, these methodologies have neglected one of the critical issues, which is the prediction of fraudulent devices, i.e., adversaries, preferably as early as possible in the IoT. In this paper, a hybrid communication mechanism is presented where the Hidden Markov Model (HMM) predicts the legitimacy of the requesting device (both source and destination), and the Advanced Encryption Standard (AES) safeguards the reliability of the transmitted data over a shared communication medium, preferably through a secret shared key, i.e., , and timestamp information. A device becomes trusted if it has passed both evaluation levels, i.e., HMM and message decryption, within a stipulated time interval. The proposed hybrid, along with existing state-of-the-art approaches, has been simulated in the realistic environment of the IoT to verify the security measures. These evaluations were carried out in the presence of intruders capable of launching various attacks simultaneously, such as man-in-the-middle, device impersonations, and masquerading attacks. Moreover, the proposed approach has been proven to be more effective than existing state-of-the-art approaches due to its exceptional performance in communication, processing, and storage overheads, i.e., 13%, 19%, and 16%, respectively. Finally, the proposed hybrid approach is pruned against well-known security attacks in the IoT.
文摘Message structure reconstruction is a critical task in protocol reverse engineering,aiming to recover protocol field structures without access to source code.It enables important applications in network security,including malware analysis and protocol fuzzing.However,existing methods suffer from inaccurate field boundary delineation and lack hierarchical relationship recovery,resulting in imprecise and incomplete reconstructions.In this paper,we propose ProRE,a novel method for reconstructing protocol field structures based on program execution slice embedding.ProRE extracts code slices from protocol parsing at runtime,converts them into embedding vectors using a data flow-sensitive assembly language model,and performs hierarchical clustering to recover complete protocol field structures.Evaluation on two datasets containing 12 protocols shows that ProRE achieves an average F1 score of 0.85 and a cophenetic correlation coefficient of 0.189,improving by 19%and 0.126%respectively over state-of-the-art methods(including BinPRE,Tupni,Netlifter,and QwQ-32B-preview),demonstrating significant superiority in both accuracy and completeness of field structure recovery.Case studies further validate the effectiveness of ProRE in practical malware analysis scenarios.
文摘Rwanda secured access to one of the world’s most lucrative agricultural markets this month when it finalised a trade protocol allowing fresh avocado exports to China,a deal that could fundamentally alter the trajectory of the country’s trade.
基金supported by the National Natural Science Foundation of China (Grant Nos.12475012,62461160263 for P.W.,and 62276171 for H.L.)Quantum Science and Technology-National Science and Technology Major Project of China (Project No.2023ZD0300600 for P.W.)+3 种基金Guangdong Provincial Quantum Science Strategic Initiative (Grant Nos.GDZX240-3009 and GDZX2303005 for P.W.)Guangdong Basic and Applied Basic Research Foundation (Grant No.2024-A1515011938 for H.L.)Shenzhen Fundamental ResearchGeneral Project (Grant No.JCYJ20240813141503005 for H.L.)the Talents Introduction Foundation of Beijing Normal University (Grant No.310432106 for P.W.)。
文摘Hyperpolarization of nuclear spins is crucial for advancing nuclear magnetic resonance and quantum information technologies,as nuclear spins typically exhibit extremely low polarization at room temperature due to their small gyromagnetic ratios.A promising approach to achieving high nuclear spin polarization is transferring the polarization of electrons to nuclear spins.The nitrogen-vacancy(NV)center in diamond has emerged as a highly effective medium for this purpose,and various hyperpolarization protocols have been developed.Among these,the pulsed polarization(PulsePol)method has been extensively studied due to its robustness against static energy shifts of the electron spin.In this work,we present a novel polarization protocol and uncover a family of magic sequences for hyperpolarizing nuclear spins,with PulsePol emerging as a special case of our general approach.Notably,we demonstrate that some of these magic sequences exhibit significantly greater robustness compared to the PulsePol protocol in the presence of finite half𝜋pulse duration of the protocol,Rabi and detuning errors.This enhanced robustness positions our protocol as a more suitable candidate for hyper-polarizing nuclear spins species with large gyromagnetic ratios and also ensures better compatibility with high-efficiency readout techniques at high magnetic fields.Additionally,the generality of our protocol allows for its direct application to other solid-state quantum systems beyond the NV center.
基金supported in part by National key R&D projects(2024YFB4207203)National Natural Science Foundation of China(52401376)+3 种基金the Zhejiang Provincial Natural Science Foundation of China under Grant(No.LTGG24F030004)Hangzhou Key Scientific Research Plan Project(2024SZD1A24)“Pioneer”and“Leading Goose”R&DProgramof Zhejiang(2024C03254,2023C03154)Jiangxi Provincial Gan-Po Elite Support Program(Major Academic and Technical Leaders Cultivation Project,20243BCE51180).
文摘Recently,Internet ofThings(IoT)has been increasingly integrated into the automotive sector,enabling the development of diverse applications such as the Internet of Vehicles(IoV)and intelligent connected vehicles.Leveraging IoVtechnologies,operational data fromcore vehicle components can be collected and analyzed to construct fault diagnosis models,thereby enhancing vehicle safety.However,automakers often struggle to acquire sufficient fault data to support effective model training.To address this challenge,a robust and efficient federated learning method(REFL)is constructed for machinery fault diagnosis in collaborative IoV,which can organize multiple companies to collaboratively develop a comprehensive fault diagnosis model while keeping their data locally.In the REFL,the gradient-based adversary algorithm is first introduced to the fault diagnosis field to enhance the deep learning model robustness.Moreover,the adaptive gradient processing process is designed to improve the model training speed and ensure the model accuracy under unbalance data scenarios.The proposed REFL is evaluated on non-independent and identically distributed(non-IID)real-world machinery fault dataset.Experiment results demonstrate that the REFL can achieve better performance than traditional learning methods and are promising for real industrial fault diagnosis.
基金supported by National Key R&D Program of China(No.2022YFB3105101).
文摘With more and more IoT terminals being deployed in various power grid business scenarios,terminal reliability has become a practical challenge that threatens the current security protection architecture.Most IoT terminals have security risks and vulnerabilities,and limited resources make it impossible to deploy costly security protection methods on the terminal.In order to cope with these problems,this paper proposes a lightweight trust evaluation model TCL,which combines three network models,TCN,CNN,and LSTM,with stronger feature extraction capability and can score the reliability of the device by periodically analyzing the traffic behavior and activity logs generated by the terminal device,and the trust evaluation of the terminal’s continuous behavior can be achieved by combining the scores of different periods.After experiments,it is proved that TCL can effectively use the traffic behaviors and activity logs of terminal devices for trust evaluation and achieves F1-score of 95.763,94.456,99.923,and 99.195 on HDFS,BGL,N-BaIoT,and KDD99 datasets,respectively,and the size of TCL is only 91KB,which can achieve similar or better performance than CNN-LSTM,RobustLog and other methods with less computational resources and storage space.
基金supported by Key Science and Technology Program of Henan Province,China(Grant Nos.242102210147,242102210027)Fujian Province Young and Middle aged Teacher Education Research Project(Science and Technology Category)(No.JZ240101)(Corresponding author:Dong Yuan).
文摘Vehicle Edge Computing(VEC)and Cloud Computing(CC)significantly enhance the processing efficiency of delay-sensitive and computation-intensive applications by offloading compute-intensive tasks from resource-constrained onboard devices to nearby Roadside Unit(RSU),thereby achieving lower delay and energy consumption.However,due to the limited storage capacity and energy budget of RSUs,it is challenging to meet the demands of the highly dynamic Internet of Vehicles(IoV)environment.Therefore,determining reasonable service caching and computation offloading strategies is crucial.To address this,this paper proposes a joint service caching scheme for cloud-edge collaborative IoV computation offloading.By modeling the dynamic optimization problem using Markov Decision Processes(MDP),the scheme jointly optimizes task delay,energy consumption,load balancing,and privacy entropy to achieve better quality of service.Additionally,a dynamic adaptive multi-objective deep reinforcement learning algorithm is proposed.Each Double Deep Q-Network(DDQN)agent obtains rewards for different objectives based on distinct reward functions and dynamically updates the objective weights by learning the value changes between objectives using Radial Basis Function Networks(RBFN),thereby efficiently approximating the Pareto-optimal decisions for multiple objectives.Extensive experiments demonstrate that the proposed algorithm can better coordinate the three-tier computing resources of cloud,edge,and vehicles.Compared to existing algorithms,the proposed method reduces task delay and energy consumption by 10.64%and 5.1%,respectively.
基金supported by Princess Nourah bint Abdulrahman University Researchers Supporting ProjectNumber(PNURSP2025R97),PrincessNourah bint AbdulrahmanUniversity,Riyadh,Saudi Arabia.
文摘The rapid expansion of the Internet of Things(IoT)and Edge Artificial Intelligence(AI)has redefined automation and connectivity acrossmodern networks.However,the heterogeneity and limited resources of IoT devices expose them to increasingly sophisticated and persistentmalware attacks.These adaptive and stealthy threats can evade conventional detection,establish remote control,propagate across devices,exfiltrate sensitive data,and compromise network integrity.This study presents a Software-Defined Internet of Things(SD-IoT)control-plane-based,AI-driven framework that integrates Gated Recurrent Units(GRU)and Long Short-TermMemory(LSTM)networks for efficient detection of evolving multi-vector,malware-driven botnet attacks.The proposed CUDA-enabled hybrid deep learning(DL)framework performs centralized real-time detection without adding computational overhead to IoT nodes.A feature selection strategy combining variable clustering,attribute evaluation,one-R attribute evaluation,correlation analysis,and principal component analysis(PCA)enhances detection accuracy and reduces complexity.The framework is rigorously evaluated using the N_BaIoT dataset under k-fold cross-validation.Experimental results achieve 99.96%detection accuracy,a false positive rate(FPR)of 0.0035%,and a detection latency of 0.18 ms,confirming its high efficiency and scalability.The findings demonstrate the framework’s potential as a robust and intelligent security solution for next-generation IoT ecosystems.
基金This work was supported by National Natural Science Foundation of China(No.61821001)Science and Tech-nology Key Project of Guangdong Province,China(2019B010157001).
文摘Internet of Vehicles(IoV)is an evolution of the Internet of Things(IoT)to improve the capabilities of vehicular ad-hoc networks(VANETs)in intelligence transport systems.The network topology in IoV paradigm is highly dynamic.Clustering is one of the promising solutions to maintain the route stability in the dynamic network.However,existing algorithms consume a considerable amount of time in the cluster head(CH)selection process.Thus,this study proposes a mobility aware dynamic clustering-based routing(MADCR)protocol in IoV to maximize the lifespan of networks and reduce the end-to-end delay of vehicles.The MADCR protocol consists of cluster formation and CH selection processes.A cluster is formed on the basis of Euclidean distance.The CH is then chosen using the mayfly optimization algorithm(MOA).The CH subsequently receives vehicle data and forwards such data to the Road Side Unit(RSU).The performance of the MADCR protocol is compared with that ofAnt Colony Optimization(ACO),Comprehensive Learning Particle Swarm Optimization(CLPSO),and Clustering Algorithm for Internet of Vehicles based on Dragonfly Optimizer(CAVDO).The proposed MADCR protocol decreases the end-toend delay by 5–80 ms and increases the packet delivery ratio by 5%–15%.
文摘This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in data networks has been increasing owing to the high cyber attacks and potential risks associated with networks spread over distant geographical locations. The MPLS networks ride on the public network backbone that is porous and highly susceptible to attacks and so the need for reliable security mechanisms to be part of the deployment plan. The evaluation criteria concentrated on Voice over Internet Protocol (VoIP) and Video conferencing with keen interest in jitter, end to end delivery and general data flow. This study used both structured questionnaire and observation methods. The structured questionnaire was administered to a group of 70 VPN users in a company. This provided the study with precise responses. The observation method was used in data simulations using OPNET Version 14.5 Simulation software. The results show that the IPSec features increase the size of data packets by approximately 9.98% translating into approximately 90.02% effectiveness. The tests showed that the performance metrics are all well within the recommended standards. The IPSec Based MPLS Virtual private network is more stable and secure than one without IPSec.
文摘In order to incorporate smart elements into distribution networks at ITELCA laboratories in Bogotá-Colombia, a Machine-to-Machine-based solution has been developed. This solution aids in the process of low-cost electrical fault location, which contributes to improving quality of service, particularly by shortening interruption time spans in mid-voltage grids. The implementation makes use of MQTT protocol with an intensive use of Internet of things (IoT) environment which guarantees the following properties within the automation process: Advanced reports and statistics, remote command execution on one or more units (groups of units), detailed monitoring of remote units and custom alarm mechanism and firmware upgrade on one or more units (groups of units). This kind of implementation is the first one in Colombia and it is able to automatically recover from an N-1 fault.
文摘The Internet of Things (IoT) is a large-scale network of devices capable of sensing, data processing, and communicating with each other through different communication protocols. In today's technology ecosystem, IoT interacts with many application areas such as smart city, smart building, security, traffic, remote monitoring, health, energy, disaster, agriculture, industry. The IoT network in these scenarios comprises tiny devices, gateways, and cloud platforms. An IoT network is able to keep these fundamental components in transmission under many conditions with lightweight communication protocols taking into account the limited hardware features (memory, processor, energy, etc.) of tiny devices. These lightweight communication protocols affect the network traffic, reliability, bandwidth, and energy consumption of the IoT application. Therefore, determining the most proper communication protocol for application developers emerges as an important engineering problem. This paper presents a straightforward overview of the lightweight communication protocols, technological advancements in application layer for the IoT ecosystem. The survey then analyzes various recent lightweight communication protocols and reviews their strengths and limitations. In addition, the paper explains the experimental comparison of Constrained Applications Protocol (CoAP), Message Queuing Telemetry (MQTT), and WebSocket protocols, more convenient for tiny IoT devices. Finally, we discuss future research directions of communication protocols for IoT.
基金Supported by the National Natural Science Foun-dation of China (90104005 ,66973034)
文摘Based on the analysis of the covert channel's working mechanism of the internet control message protocol (ICMP) in internet protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6), the ICMP covert channd's algorithms of the IPv4 and IPv6 are presented, which enable automatic channeling upon IPv4/v6 nodes with non-IPv4-compatible address, and the key transmission is achieved by using this channel in the embedded Internet terminal. The result shows that the covert channel's algorithm, which we implemented if, set correct, the messages of this covert channel might go through the gateway and enter the local area network.
文摘This study focuses on testing and quality measurement and analysis of VoIPv6 performance. A client, server codes were developed using FreeBSD. This is a step before analyzing the Architectures of VoIPv6 in the current internet in order for it to cope with IPv6 traffic transmission requirements in general and specifically voice traffic, which is being attracting the efforts of research, bodes currently. These tests were conducted in the application level without looking into the network level of the network. VoIPv6 performance tests were conducted in the current tunneled and native IPv6 aiming for better end-to-end VoIPv6 performance. The results obtained in this study were shown in deferent codec's for different bit rates in Kilo bits per second, which act as an indicator for the better performance of G.711 compared with the rest of the tested codes.
基金supported by the National Natural Science Foundation of China (Nos.60702006,60736002,60837004,60736036,60932004and61001121)the MOST International Cooperation Program(No.2008DFA11670)+1 种基金the 111 Project(No.B07005)the project funded by State Key Laboratory of AOCSN,China
文摘A novel Wireless Fidelity (WiFi) over fiber link and a wavelength assignment protocol are proposed to provide sufficient bandwidth and extensive coverage range for the various applications in the Internet of Things (IoT).The performance of the WiFi over fiber-based wireless IoT network is evaluated in terms of error vector magnitude (EVM) and data throughput for both the up and down links between the WiFi central control system and remote radio units (RRUs).The experimental results illustrate the reliability of the fiber transmission of 64 Quadrature Amplitude Modulation (64QAM) WiFi signals by direct analog modulation.In order to efficiently utilize the wavelength resources,we also demonstrated the wavelength assignment protocol by employing optical switching configurations in Central Station (CS) to realize the wavelength switching,and the simulation results indicate the queuing size and the corresponding queue delay for different numbers of available wavelengths.
基金Supported by the National Natural Science Foundation of China (60373087,60473023)
文摘Internet voting protocols is the base of the Internet voting systems. In this paper a new practical Internet voting protocol is introduced. The proposed Internet voting protocol does not apply the strong physical assumptions and has the properties of privacy, completeness, soundness, fairness, invariableness, and universal verifiability, receipt-free and coercion-resistant. At the same time it solves some problems in other internet voting protocols and the verification progress of universal verifiability is simple and efficient.
基金supported by the General Program of the National Natural Science Foundation of China under Grant No.62172093the National Key R&D Program of China under Grant No.2018YFB1800602+1 种基金2019 Industrial Internet Innovation and Development Project,Ministry of Industry and Information Technology(MIIT)under Grant No.6709010003Ministry of Education-China Mobile Research Fund under Grant No.MCM20180506。
文摘As an essential function of encrypted Internet traffic analysis,encrypted traffic service classification can support both coarse-grained network service traffic management and security supervision.However,the traditional plaintext-based Deep Packet Inspection(DPI)method cannot be applied to such a classification.Moreover,machine learning-based existing methods encounter two problems during feature selection:complex feature overcost processing and Transport Layer Security(TLS)version discrepancy.In this paper,we consider differences between encryption network protocol stacks and propose a composite deep learning-based method in multiprotocol environments using a sliding multiple Protocol Data Unit(multiPDU)length sequence as features by fully utilizing the Markov property in a multiPDU length sequence and maintaining suitability with a TLS-1.3 environment.Control experiments show that both Length-Sensitive(LS)composite deep learning model using a capsule neural network and LS-long short time memory achieve satisfactory effectiveness in F1-score and performance.Owing to faster feature extraction,our method is suitable for actual network environments and superior to state-of-the-art methods.
基金This research was supported by X-mind Corps program of National Research Foundation of Korea(NRF)funded by the Ministry of Science,ICT(No.2019H1D8A1105622)the Soonchunhyang University Research Fund.
文摘Energy conservation is a significant task in the Internet of Things(IoT)because IoT involves highly resource-constrained devices.Clustering is an effective technique for saving energy by reducing duplicate data.In a clustering protocol,the selection of a cluster head(CH)plays a key role in prolonging the lifetime of a network.However,most cluster-based protocols,including routing protocols for low-power and lossy networks(RPLs),have used fuzzy logic and probabilistic approaches to select the CH node.Consequently,early battery depletion is produced near the sink.To overcome this issue,a lion optimization algorithm(LOA)for selecting CH in RPL is proposed in this study.LOA-RPL comprises three processes:cluster formation,CH selection,and route establishment.A cluster is formed using the Euclidean distance.CH selection is performed using LOA.Route establishment is implemented using residual energy information.An extensive simulation is conducted in the network simulator ns-3 on various parameters,such as network lifetime,power consumption,packet delivery ratio(PDR),and throughput.The performance of LOA-RPL is also compared with those of RPL,fuzzy rule-based energyefficient clustering and immune-inspired routing(FEEC-IIR),and the routing scheme for IoT that uses shuffled frog-leaping optimization algorithm(RISARPL).The performance evaluation metrics used in this study are network lifetime,power consumption,PDR,and throughput.The proposed LOARPL increases network lifetime by 20%and PDR by 5%–10%compared with RPL,FEEC-IIR,and RISA-RPL.LOA-RPL is also highly energy-efficient compared with other similar routing protocols.
基金This research was supported by National Natural Science Foundation of China(Grant Nos.61972048,62072051).
文摘The Internet Control Message Protocol(ICMP)covert tunnel refers to a network attack that encapsulates malicious data in the data part of the ICMP protocol for transmission.Its concealment is stronger and it is not easy to be discovered.Most detection methods are detecting the existence of channels instead of clarifying specific attack intentions.In this paper,we propose an ICMP covert tunnel attack intent detection framework ICMPTend,which includes five steps:data collection,feature dictionary construction,data preprocessing,model construction,and attack intent prediction.ICMPTend can detect a variety of attack intentions,such as shell attacks,sensitive directory access,communication protocol traffic theft,filling tunnel reserved words,and other common network attacks.We extract features from five types of attack intent found in ICMP channels.We build a multi-dimensional dictionary of malicious features,including shell attacks,sensitive directory access,communication protocol traffic theft,filling tunnel reserved words,and other common network attack keywords.For the high-dimensional and independent characteristics of ICMP traffic,we use a support vector machine(SVM)as a multi-class classifier.The experimental results show that the average accuracy of ICMPTend is 92%,training ICMPTend only takes 55 s,and the prediction time is only 2 s,which can effectively identify the attack intention of ICMP.
