In all walks of life in the Internet age, with the popularization and penetration of information technology, various network security problems emerge one after another. In order to give full play to the advantages of ...In all walks of life in the Internet age, with the popularization and penetration of information technology, various network security problems emerge one after another. In order to give full play to the advantages of big data and promote its further application, it is necessary to establish a network security platform on the basis of ensuring the security of big data technology, so as to improve the work efficiency of big data network security analysis. This paper firstly analyzes the advantages of big data technology in network security, then puts forward the application of big data technology in network security analysis, and finally discusses the establishment of network security platform of big data technology.展开更多
Technological advances in computer science and their application in our daily life allow us to improve our understanding of problems and solve them effectively.A system design to detect people with fever and determine...Technological advances in computer science and their application in our daily life allow us to improve our understanding of problems and solve them effectively.A system design to detect people with fever and determine highrisk areas using infrared thermography and big data is presented.In order to detect people with fever,face detection algorithms of Viola-Jones and Kanade-Lucas are investigated,and comparison between them is presented using a training set of 406 thermal images and a test set of 2072 thermal images.Thermography analysis is performed on detected faces to obtain the temperature level on Celsius scale.With this information a sample database is created.To perform big data experimental analysis,Power Bi tool is used to determine the high-risk area.The experimental results show that Viola-Jones algorithm has a higher performance recognizing faces of thermal images than KanadeLucas,having a high detection rate,less false-positives rate and false-negatives rate.展开更多
Lately,the Internet of Things(IoT)application requires millions of structured and unstructured data since it has numerous problems,such as data organization,production,and capturing.To address these shortcomings,big d...Lately,the Internet of Things(IoT)application requires millions of structured and unstructured data since it has numerous problems,such as data organization,production,and capturing.To address these shortcomings,big data analytics is the most superior technology that has to be adapted.Even though big data and IoT could make human life more convenient,those benefits come at the expense of security.To manage these kinds of threats,the intrusion detection system has been extensively applied to identify malicious network traffic,particularly once the preventive technique fails at the level of endpoint IoT devices.As cyberattacks targeting IoT have gradually become stealthy and more sophisticated,intrusion detection systems(IDS)must continually emerge to manage evolving security threats.This study devises Big Data Analytics with the Internet of Things Assisted Intrusion Detection using Modified Buffalo Optimization Algorithm with Deep Learning(IDMBOA-DL)algorithm.In the presented IDMBOA-DL model,the Hadoop MapReduce tool is exploited for managing big data.The MBOA algorithm is applied to derive an optimal subset of features from picking an optimum set of feature subsets.Finally,the sine cosine algorithm(SCA)with convolutional autoencoder(CAE)mechanism is utilized to recognize and classify the intrusions in the IoT network.A wide range of simulations was conducted to demonstrate the enhanced results of the IDMBOA-DL algorithm.The comparison outcomes emphasized the better performance of the IDMBOA-DL model over other approaches.展开更多
Water quality monitoring is a process of evaluating water quality, including monitoring and measuring the trend, concentration and water body change of various pollutants. The organization and implementation of import...Water quality monitoring is a process of evaluating water quality, including monitoring and measuring the trend, concentration and water body change of various pollutants. The organization and implementation of important water quality monitoring will provide representative, accurate, comparable and complete data for governments at all levels, timely feedback the monitoring results to relevant ministries and commissions, and provide scientific and theoretical basis for governments at all levels to make water pollution prevention and control decisions.展开更多
As cyber attacks increase in volume and complexity,it becomes more and more difficult for existing analytical tools to detect previously unseen malware.This paper proposes a cooperative framework to leverage the robus...As cyber attacks increase in volume and complexity,it becomes more and more difficult for existing analytical tools to detect previously unseen malware.This paper proposes a cooperative framework to leverage the robustness of big data analytics and the power of ensemble learning techniques to detect the abnormal behavior.In addition to this proposal,we implement a large scale network abnormal traffic behavior detection system performed by the framework.The proposed model detects the abnormal behavior from large scale network traffic data using a combination of a balanced decomposition algorithm and an ensemble SVM.First,the collected dataset is divided into k subsets based on the similarity between patterns using a parallel map reduce k-means algorithm.Then,patterns are randomly selected from each cluster and balanced training sub datasets are formed.Next,the subsets are fed into the mappers to build an SVM model.The construction of the ensemble is achieved in the reduce phase.The proposed structure closely delivers a high accuracy as the number of iterations increases.Experimental results show a promising gain in detection rate and false alarm compared with other existing models.展开更多
Accurate state estimation is critical to wide-area situational awareness of smart grid.However,recent research found that power system state estimators are vulnerable to a new type of cyber-attack,called false data in...Accurate state estimation is critical to wide-area situational awareness of smart grid.However,recent research found that power system state estimators are vulnerable to a new type of cyber-attack,called false data injection attack(FDIA).In order to ensure the security of power system operation and control,a hybrid FDIA detection mechanism utilizing temporal correlation is proposed.The proposed mechanism combines Variational Mode Decomposition(VMD)technology and machine learning.For the purpose of identifying the features of FDIA,VMD is used to decompose the system state time series into an ensemble of components with different frequencies.Furthermore,due to the lack of online model updating ability in a traditional extreme learning machine,an OS-extreme learning machine(OSELM)which has sequential learning ability is used as a detector for identifying FDIA.The proposed detection mechanism is evaluated on the IEEE-14 bus system using real load data from an independent system operator in New York.Apart from detection accuracy,the impact of attack intensity and environment noise on the performance of the proposed method are tested.The simulation results demonstrate the efficiency and robustness of our method.展开更多
Air pollution is a major issue related to national economy and people's livelihood.At present,the researches on air pollution mostly focus on the pollutant emissions in a specific industry or region as a whole,and...Air pollution is a major issue related to national economy and people's livelihood.At present,the researches on air pollution mostly focus on the pollutant emissions in a specific industry or region as a whole,and is a lack of attention to enterprise pollutant emissions from the micro level.Limited by the amount and time granularity of data from enterprises,enterprise pollutant emissions are stll understudied.Driven by big data of air pollution emissions of industrial enterprises monitored in Beijing-Tianjin-Hebei,the data mining of enterprises pollution emissions is carried out in the paper,including the association analysis between different features based on grey association,the association mining between different data based on association rule and the outlier detection based on clustering.The results show that:(1)The industries affecting NOx and SO2 mainly are electric power,heat production and supply industry,metal smelting and processing industries in Beijing-Tianjin-Hebei;(2)These districts nearby Hengshui and Shijiazhuang city in Hebei province form strong association rules;(3)The industrial enterprises in Beijing-Tianjin-Hebei are divided into six clusters,of which three categories belong to outliers with excessive emissions of total vOCs,PM and NH3 respectively.展开更多
Detecting cyber-attacks undoubtedly has become a big data problem. This paper presents a tutorial on data mining based cyber-attack detection. First,a data driven defence framework is presented in terms of cyber secur...Detecting cyber-attacks undoubtedly has become a big data problem. This paper presents a tutorial on data mining based cyber-attack detection. First,a data driven defence framework is presented in terms of cyber security situational awareness. Then, the process of data mining based cyber-attack detection is discussed. Next,a multi-loop learning architecture is presented for data mining based cyber-attack detection. Finally,common data mining techniques for cyber-attack detection are discussed.展开更多
Aiming at the industry cyber-physical system(ICPS)where Denial-of-Service(DoS)attacks and actuator failure coexist,the integrated security control problem of ICPS under multi-objective constraints was studied.First,fr...Aiming at the industry cyber-physical system(ICPS)where Denial-of-Service(DoS)attacks and actuator failure coexist,the integrated security control problem of ICPS under multi-objective constraints was studied.First,from the perspective of the defender,according to the differential impact of the system under DoS attacks of different energies,the DoS attacks energy grading detection standard was formulated,and the ICPS comprehensive security control framework was constructed.Secondly,a security transmission strategy based on event triggering was designed.Under the DoS attack energy classification detection mechanism,for large-energy attacks,the method based on time series analysis was considered to predict and compensate for lost data.Therefore,on the basis of passive and elastic response to small energy attacks,the active defense capability against DoS attacks was increased.Then by introducing the conecomplement linearization algorithm,the calculation methods of the state and fault estimation observer and the integrated safety controller were deduced,the goal of DoS attack active and passive hybrid intrusion tolerance and actuator failure active fault tolerance were realized.Finally,a simulation example of a four-capacity water tank system was given to verify the validity of the obtained conclusions.展开更多
The emerging of false data injection attacks(FDIAs)can fool the traditional detection methods by injecting false data,which has brought huge risks to the security of smart grids.For this reason,a resilient active defe...The emerging of false data injection attacks(FDIAs)can fool the traditional detection methods by injecting false data,which has brought huge risks to the security of smart grids.For this reason,a resilient active defense control scheme based on interval observer detection is proposed in this paper to protect smart grids.The proposed active defense highlights the integration of detection and defense against FDIAs in smart girds.First,a dynamic physical grid model under FDIAs is modeled,in which model uncertainty and parameter uncertainty are taken into account.Then,an interval observer-based detection method against FDIAs is proposed,where a detection criteria using interval residual is put forward.Corresponding to the detection results,the resilient defense controller is triggered to defense the FDIAs if the system states are affected by FDIAs.Linear matrix inequality(LMI)approach is applied to design the resilient controller with H_(∞)performance.The system with the resilient defense controller can be robust to FDIAs and the gain of the resilient controller has a certain gain margin.Our active resilient defense approach can be built in real time and show accurate and quick respond to the injected FDIAs.The effectiveness of the proposed defense scheme is verified by the simulation results on an IEEE 30-bus grid system.展开更多
In recent years,we have witnessed a surge in mobile devices such as smartphones,tablets,smart watches,etc.,most of which are based on the Android operating system.However,because these Android-based mobile devices are...In recent years,we have witnessed a surge in mobile devices such as smartphones,tablets,smart watches,etc.,most of which are based on the Android operating system.However,because these Android-based mobile devices are becoming increasingly popular,they are now the primary target of mobile malware,which could lead to both privacy leakage and property loss.To address the rapidly deteriorating security issues caused by mobile malware,various research efforts have been made to develop novel and effective detection mechanisms to identify and combat them.Nevertheless,in order to avoid being caught by these malware detection mechanisms,malware authors are inclined to initiate adversarial example attacks by tampering with mobile applications.In this paper,several types of adversarial example attacks are investigated and a feasible approach is proposed to fight against them.First,we look at adversarial example attacks on the Android system and prior solutions that have been proposed to address these attacks.Then,we specifically focus on the data poisoning attack and evasion attack models,which may mutate various application features,such as API calls,permissions and the class label,to produce adversarial examples.Then,we propose and design a malware detection approach that is resistant to adversarial examples.To observe and investigate how the malware detection system is influenced by the adversarial example attacks,we conduct experiments on some real Android application datasets which are composed of both malware and benign applications.Experimental results clearly indicate that the performance of Android malware detection is severely degraded when facing adversarial example attacks.展开更多
Machine Learning(ML)systems often involve a re-training process to make better predictions and classifications.This re-training process creates a loophole and poses a security threat for ML systems.Adversaries leverag...Machine Learning(ML)systems often involve a re-training process to make better predictions and classifications.This re-training process creates a loophole and poses a security threat for ML systems.Adversaries leverage this loophole and design data poisoning attacks against ML systems.Data poisoning attacks are a type of attack in which an adversary manipulates the training dataset to degrade the ML system’s performance.Data poisoning attacks are challenging to detect,and even more difficult to respond to,particularly in the Internet of Things(IoT)environment.To address this problem,we proposed DISTINIT,the first proactive data poisoning attack detection framework using distancemeasures.We found that Jaccard Distance(JD)can be used in the DISTINIT(among other distance measures)and we finally improved the JD to attain an Optimized JD(OJD)with lower time and space complexity.Our security analysis shows that the DISTINIT is secure against data poisoning attacks by considering key features of adversarial attacks.We conclude that the proposed OJD-based DISTINIT is effective and efficient against data poisoning attacks where in-time detection is critical for IoT applications with large volumes of streaming data.展开更多
In this paper, our previous work on Principal Component Analysis (PCA) based fault detection method is extended to the dynamic monitoring and detection of loss-of-main in power systems using wide-area synchrophasor me...In this paper, our previous work on Principal Component Analysis (PCA) based fault detection method is extended to the dynamic monitoring and detection of loss-of-main in power systems using wide-area synchrophasor measurements. In the previous work, a static PCA model was built and verified to be capable of detecting and extracting system faulty events;however the false alarm rate is high. To address this problem, this paper uses a well-known ‘time lag shift’ method to include dynamic behavior of the PCA model based on the synchronized measurements from Phasor Measurement Units (PMU), which is named as the Dynamic Principal Component Analysis (DPCA). Compared with the static PCA approach as well as the traditional passive mechanisms of loss-of-main detection, the proposed DPCA procedure describes how the synchrophasors are linearly auto- and cross-correlated, based on conducting the singular value decomposition on the augmented time lagged synchrophasor matrix. Similar to the static PCA method, two statistics, namely T2 and Q with confidence limits are calculated to form intuitive charts for engineers or operators to monitor the loss-of-main situation in real time. The effectiveness of the proposed methodology is evaluated on the loss-of-main monitoring of a real system, where the historic data are recorded from PMUs installed in several locations in the UK/Ireland power system.展开更多
This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends t...This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].展开更多
The Cloud Computing Environment(CCE)developed for using the dynamic cloud is the ability of software and services likely to grow with any business.It has transformed the methodology for storing the enterprise data,acc...The Cloud Computing Environment(CCE)developed for using the dynamic cloud is the ability of software and services likely to grow with any business.It has transformed the methodology for storing the enterprise data,accessing the data,and Data Sharing(DS).Big data frame a constant way of uploading and sharing the cloud data in a hierarchical architecture with different kinds of separate privileges to access the data.With the requirement of vast volumes of storage area in the CCEs,capturing a secured data access framework is an important issue.This paper proposes an Improved Secure Identification-based Multilevel Structure of Data Sharing(ISIMSDS)to hold the DS of big data in CCEs.The complex file partitioning technique is proposed to verify the access privilege context for sharing data in complex CCEs.An access control Encryption Method(EM)is used to improve the encryption.The Complexity is measured to increase the authentication standard.The active attack is protected using this ISIMSDS methodology.Our proposed ISIMSDS method assists in diminishing the Complexity whenever the user’s population is increasing rapidly.The security analysis proves that the proposed ISIMSDS methodology is more secure against the chosen-PlainText(PT)attack and provides more efficient computation and storage space than the related methods.The performance of the proposed ISIMSDS methodology provides more efficiency in communication costs such as encryption,decryption,and retrieval of the data.展开更多
Federated learning effectively protects data privacy by training models on local devices and only sharing model updates.However,its distributed nature also makes the system vulnerable to malicious client attacks,such ...Federated learning effectively protects data privacy by training models on local devices and only sharing model updates.However,its distributed nature also makes the system vulnerable to malicious client attacks,such as data poisoning,model tampering and backdoor attacks,especially being more concealed in the Non-Independent and Identically Distributed(Non-IID)data environment.To address the above-mentioned security challenges,this paper proposes a federated learning security detection method based on linear combinatorial rank analysis.This method achieves anomaly detection by transforming the model parameter transmission process into the transmission of encoded vectors over a finite field and analyzing the rank variation of the encoded matrix.Different from the traditional methods,this method does not rely on the Independent and Identically Distributed(IID)data assumption and can adapt to the complex data distribution in the Non-IID environment.At the same time,a dynamic coding adjustment mechanism is introduced,which can adaptively balance security and system efficiency according to the client resources and system security status.In addition,this paper also designs a full-link protection scheme to ensure that the entire process from parameter generation,encoding calculation to upload is effectively guaranteed in terms of security and integrity.The results show that the detection rates of Linear Combinatorial Rank Analysis(LCRA)in the scenarios of data poisoning,model tampering and backdoor attack reach 96.2%,94.8%and 95.6%respectively,and the false alarm rate is lower than 4.1%.Meanwhile,the high accuracy rates of the model on CIFAR-10 and MNIST(85.3%and 97.8%respectively)are maintained.It outperforms existing robust aggregation and differential privacy methods.展开更多
Due to the widespread use of the internet and smart devices,various attacks like intrusion,zero-day,Malware,and security breaches are a constant threat to any organization’s network infrastructure.Thus,a Network Intr...Due to the widespread use of the internet and smart devices,various attacks like intrusion,zero-day,Malware,and security breaches are a constant threat to any organization’s network infrastructure.Thus,a Network Intrusion Detection System(NIDS)is required to detect attacks in network traffic.This paper proposes a new hybrid method for intrusion detection and attack categorization.The proposed approach comprises three steps to address high false and low false-negative rates for intrusion detection and attack categorization.In the first step,the dataset is preprocessed through the data transformation technique and min-max method.Secondly,the random forest recursive feature elimination method is applied to identify optimal features that positively impact the model’s performance.Next,we use various Support Vector Machine(SVM)types to detect intrusion and the Adaptive Neuro-Fuzzy System(ANFIS)to categorize probe,U2R,R2U,and DDOS attacks.The validation of the proposed method is calculated through Fine Gaussian SVM(FGSVM),which is 99.3%for the binary class.Mean Square Error(MSE)is reported as 0.084964 for training data,0.0855203 for testing,and 0.084964 to validate multiclass categorization.展开更多
The security of Federated Learning(FL)/Distributed Machine Learning(DML)is gravely threatened by data poisoning attacks,which destroy the usability of the model by contaminating training samples,so such attacks are ca...The security of Federated Learning(FL)/Distributed Machine Learning(DML)is gravely threatened by data poisoning attacks,which destroy the usability of the model by contaminating training samples,so such attacks are called causative availability indiscriminate attacks.Facing the problem that existing data sanitization methods are hard to apply to real-time applications due to their tedious process and heavy computations,we propose a new supervised batch detection method for poison,which can fleetly sanitize the training dataset before the local model training.We design a training dataset generation method that helps to enhance accuracy and uses data complexity features to train a detection model,which will be used in an efficient batch hierarchical detection process.Our model stockpiles knowledge about poison,which can be expanded by retraining to adapt to new attacks.Being neither attack-specific nor scenario-specific,our method is applicable to FL/DML or other online or offline scenarios.展开更多
文摘In all walks of life in the Internet age, with the popularization and penetration of information technology, various network security problems emerge one after another. In order to give full play to the advantages of big data and promote its further application, it is necessary to establish a network security platform on the basis of ensuring the security of big data technology, so as to improve the work efficiency of big data network security analysis. This paper firstly analyzes the advantages of big data technology in network security, then puts forward the application of big data technology in network security analysis, and finally discusses the establishment of network security platform of big data technology.
文摘Technological advances in computer science and their application in our daily life allow us to improve our understanding of problems and solve them effectively.A system design to detect people with fever and determine highrisk areas using infrared thermography and big data is presented.In order to detect people with fever,face detection algorithms of Viola-Jones and Kanade-Lucas are investigated,and comparison between them is presented using a training set of 406 thermal images and a test set of 2072 thermal images.Thermography analysis is performed on detected faces to obtain the temperature level on Celsius scale.With this information a sample database is created.To perform big data experimental analysis,Power Bi tool is used to determine the high-risk area.The experimental results show that Viola-Jones algorithm has a higher performance recognizing faces of thermal images than KanadeLucas,having a high detection rate,less false-positives rate and false-negatives rate.
文摘Lately,the Internet of Things(IoT)application requires millions of structured and unstructured data since it has numerous problems,such as data organization,production,and capturing.To address these shortcomings,big data analytics is the most superior technology that has to be adapted.Even though big data and IoT could make human life more convenient,those benefits come at the expense of security.To manage these kinds of threats,the intrusion detection system has been extensively applied to identify malicious network traffic,particularly once the preventive technique fails at the level of endpoint IoT devices.As cyberattacks targeting IoT have gradually become stealthy and more sophisticated,intrusion detection systems(IDS)must continually emerge to manage evolving security threats.This study devises Big Data Analytics with the Internet of Things Assisted Intrusion Detection using Modified Buffalo Optimization Algorithm with Deep Learning(IDMBOA-DL)algorithm.In the presented IDMBOA-DL model,the Hadoop MapReduce tool is exploited for managing big data.The MBOA algorithm is applied to derive an optimal subset of features from picking an optimum set of feature subsets.Finally,the sine cosine algorithm(SCA)with convolutional autoencoder(CAE)mechanism is utilized to recognize and classify the intrusions in the IoT network.A wide range of simulations was conducted to demonstrate the enhanced results of the IDMBOA-DL algorithm.The comparison outcomes emphasized the better performance of the IDMBOA-DL model over other approaches.
文摘Water quality monitoring is a process of evaluating water quality, including monitoring and measuring the trend, concentration and water body change of various pollutants. The organization and implementation of important water quality monitoring will provide representative, accurate, comparable and complete data for governments at all levels, timely feedback the monitoring results to relevant ministries and commissions, and provide scientific and theoretical basis for governments at all levels to make water pollution prevention and control decisions.
文摘As cyber attacks increase in volume and complexity,it becomes more and more difficult for existing analytical tools to detect previously unseen malware.This paper proposes a cooperative framework to leverage the robustness of big data analytics and the power of ensemble learning techniques to detect the abnormal behavior.In addition to this proposal,we implement a large scale network abnormal traffic behavior detection system performed by the framework.The proposed model detects the abnormal behavior from large scale network traffic data using a combination of a balanced decomposition algorithm and an ensemble SVM.First,the collected dataset is divided into k subsets based on the similarity between patterns using a parallel map reduce k-means algorithm.Then,patterns are randomly selected from each cluster and balanced training sub datasets are formed.Next,the subsets are fed into the mappers to build an SVM model.The construction of the ensemble is achieved in the reduce phase.The proposed structure closely delivers a high accuracy as the number of iterations increases.Experimental results show a promising gain in detection rate and false alarm compared with other existing models.
基金supported by the National Natural Science Foundation of China under Grants.61573300,61833008Natural Science Foundation of Jiangsu Province under Grant.BK20171445Key R&D Program of Jiangsu Province under Grant.BE2016184.
文摘Accurate state estimation is critical to wide-area situational awareness of smart grid.However,recent research found that power system state estimators are vulnerable to a new type of cyber-attack,called false data injection attack(FDIA).In order to ensure the security of power system operation and control,a hybrid FDIA detection mechanism utilizing temporal correlation is proposed.The proposed mechanism combines Variational Mode Decomposition(VMD)technology and machine learning.For the purpose of identifying the features of FDIA,VMD is used to decompose the system state time series into an ensemble of components with different frequencies.Furthermore,due to the lack of online model updating ability in a traditional extreme learning machine,an OS-extreme learning machine(OSELM)which has sequential learning ability is used as a detector for identifying FDIA.The proposed detection mechanism is evaluated on the IEEE-14 bus system using real load data from an independent system operator in New York.Apart from detection accuracy,the impact of attack intensity and environment noise on the performance of the proposed method are tested.The simulation results demonstrate the efficiency and robustness of our method.
基金supported by the National Natural Science Foundation of China[grant number 72271033]the Beijing Municipal Education Commission and Beijing Natural Science Foundation[grant number KZ202110017025]the National Undergraduate Innovation and Entrepreneurship Plan Project(2022J00244).
文摘Air pollution is a major issue related to national economy and people's livelihood.At present,the researches on air pollution mostly focus on the pollutant emissions in a specific industry or region as a whole,and is a lack of attention to enterprise pollutant emissions from the micro level.Limited by the amount and time granularity of data from enterprises,enterprise pollutant emissions are stll understudied.Driven by big data of air pollution emissions of industrial enterprises monitored in Beijing-Tianjin-Hebei,the data mining of enterprises pollution emissions is carried out in the paper,including the association analysis between different features based on grey association,the association mining between different data based on association rule and the outlier detection based on clustering.The results show that:(1)The industries affecting NOx and SO2 mainly are electric power,heat production and supply industry,metal smelting and processing industries in Beijing-Tianjin-Hebei;(2)These districts nearby Hengshui and Shijiazhuang city in Hebei province form strong association rules;(3)The industrial enterprises in Beijing-Tianjin-Hebei are divided into six clusters,of which three categories belong to outliers with excessive emissions of total vOCs,PM and NH3 respectively.
文摘Detecting cyber-attacks undoubtedly has become a big data problem. This paper presents a tutorial on data mining based cyber-attack detection. First,a data driven defence framework is presented in terms of cyber security situational awareness. Then, the process of data mining based cyber-attack detection is discussed. Next,a multi-loop learning architecture is presented for data mining based cyber-attack detection. Finally,common data mining techniques for cyber-attack detection are discussed.
基金supported by Gansu Higher Education Innovation Fund Project(No.2023B-439)。
文摘Aiming at the industry cyber-physical system(ICPS)where Denial-of-Service(DoS)attacks and actuator failure coexist,the integrated security control problem of ICPS under multi-objective constraints was studied.First,from the perspective of the defender,according to the differential impact of the system under DoS attacks of different energies,the DoS attacks energy grading detection standard was formulated,and the ICPS comprehensive security control framework was constructed.Secondly,a security transmission strategy based on event triggering was designed.Under the DoS attack energy classification detection mechanism,for large-energy attacks,the method based on time series analysis was considered to predict and compensate for lost data.Therefore,on the basis of passive and elastic response to small energy attacks,the active defense capability against DoS attacks was increased.Then by introducing the conecomplement linearization algorithm,the calculation methods of the state and fault estimation observer and the integrated safety controller were deduced,the goal of DoS attack active and passive hybrid intrusion tolerance and actuator failure active fault tolerance were realized.Finally,a simulation example of a four-capacity water tank system was given to verify the validity of the obtained conclusions.
基金supported by the National Nature Science Foundation of China(Nos.62103357,62203376)the Science and Technology Plan of Hebei Education Department(No.QN2021139)+1 种基金the Nature Science Foundation of Hebei Province(Nos.F2021203043,F2022203074)the Open Research Fund of Jiangsu Collaborative Innovation Center for Smart Distribution Network,Nanjing Institute of Technology(No.XTCX202203).
文摘The emerging of false data injection attacks(FDIAs)can fool the traditional detection methods by injecting false data,which has brought huge risks to the security of smart grids.For this reason,a resilient active defense control scheme based on interval observer detection is proposed in this paper to protect smart grids.The proposed active defense highlights the integration of detection and defense against FDIAs in smart girds.First,a dynamic physical grid model under FDIAs is modeled,in which model uncertainty and parameter uncertainty are taken into account.Then,an interval observer-based detection method against FDIAs is proposed,where a detection criteria using interval residual is put forward.Corresponding to the detection results,the resilient defense controller is triggered to defense the FDIAs if the system states are affected by FDIAs.Linear matrix inequality(LMI)approach is applied to design the resilient controller with H_(∞)performance.The system with the resilient defense controller can be robust to FDIAs and the gain of the resilient controller has a certain gain margin.Our active resilient defense approach can be built in real time and show accurate and quick respond to the injected FDIAs.The effectiveness of the proposed defense scheme is verified by the simulation results on an IEEE 30-bus grid system.
文摘In recent years,we have witnessed a surge in mobile devices such as smartphones,tablets,smart watches,etc.,most of which are based on the Android operating system.However,because these Android-based mobile devices are becoming increasingly popular,they are now the primary target of mobile malware,which could lead to both privacy leakage and property loss.To address the rapidly deteriorating security issues caused by mobile malware,various research efforts have been made to develop novel and effective detection mechanisms to identify and combat them.Nevertheless,in order to avoid being caught by these malware detection mechanisms,malware authors are inclined to initiate adversarial example attacks by tampering with mobile applications.In this paper,several types of adversarial example attacks are investigated and a feasible approach is proposed to fight against them.First,we look at adversarial example attacks on the Android system and prior solutions that have been proposed to address these attacks.Then,we specifically focus on the data poisoning attack and evasion attack models,which may mutate various application features,such as API calls,permissions and the class label,to produce adversarial examples.Then,we propose and design a malware detection approach that is resistant to adversarial examples.To observe and investigate how the malware detection system is influenced by the adversarial example attacks,we conduct experiments on some real Android application datasets which are composed of both malware and benign applications.Experimental results clearly indicate that the performance of Android malware detection is severely degraded when facing adversarial example attacks.
基金This work was supported by a National Research Foundation of Korea(NRF)grant funded by the Korea Government(MSIT)under Grant 2020R1A2B5B01002145.
文摘Machine Learning(ML)systems often involve a re-training process to make better predictions and classifications.This re-training process creates a loophole and poses a security threat for ML systems.Adversaries leverage this loophole and design data poisoning attacks against ML systems.Data poisoning attacks are a type of attack in which an adversary manipulates the training dataset to degrade the ML system’s performance.Data poisoning attacks are challenging to detect,and even more difficult to respond to,particularly in the Internet of Things(IoT)environment.To address this problem,we proposed DISTINIT,the first proactive data poisoning attack detection framework using distancemeasures.We found that Jaccard Distance(JD)can be used in the DISTINIT(among other distance measures)and we finally improved the JD to attain an Optimized JD(OJD)with lower time and space complexity.Our security analysis shows that the DISTINIT is secure against data poisoning attacks by considering key features of adversarial attacks.We conclude that the proposed OJD-based DISTINIT is effective and efficient against data poisoning attacks where in-time detection is critical for IoT applications with large volumes of streaming data.
文摘In this paper, our previous work on Principal Component Analysis (PCA) based fault detection method is extended to the dynamic monitoring and detection of loss-of-main in power systems using wide-area synchrophasor measurements. In the previous work, a static PCA model was built and verified to be capable of detecting and extracting system faulty events;however the false alarm rate is high. To address this problem, this paper uses a well-known ‘time lag shift’ method to include dynamic behavior of the PCA model based on the synchronized measurements from Phasor Measurement Units (PMU), which is named as the Dynamic Principal Component Analysis (DPCA). Compared with the static PCA approach as well as the traditional passive mechanisms of loss-of-main detection, the proposed DPCA procedure describes how the synchrophasors are linearly auto- and cross-correlated, based on conducting the singular value decomposition on the augmented time lagged synchrophasor matrix. Similar to the static PCA method, two statistics, namely T2 and Q with confidence limits are calculated to form intuitive charts for engineers or operators to monitor the loss-of-main situation in real time. The effectiveness of the proposed methodology is evaluated on the loss-of-main monitoring of a real system, where the historic data are recorded from PMUs installed in several locations in the UK/Ireland power system.
文摘This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].
文摘The Cloud Computing Environment(CCE)developed for using the dynamic cloud is the ability of software and services likely to grow with any business.It has transformed the methodology for storing the enterprise data,accessing the data,and Data Sharing(DS).Big data frame a constant way of uploading and sharing the cloud data in a hierarchical architecture with different kinds of separate privileges to access the data.With the requirement of vast volumes of storage area in the CCEs,capturing a secured data access framework is an important issue.This paper proposes an Improved Secure Identification-based Multilevel Structure of Data Sharing(ISIMSDS)to hold the DS of big data in CCEs.The complex file partitioning technique is proposed to verify the access privilege context for sharing data in complex CCEs.An access control Encryption Method(EM)is used to improve the encryption.The Complexity is measured to increase the authentication standard.The active attack is protected using this ISIMSDS methodology.Our proposed ISIMSDS method assists in diminishing the Complexity whenever the user’s population is increasing rapidly.The security analysis proves that the proposed ISIMSDS methodology is more secure against the chosen-PlainText(PT)attack and provides more efficient computation and storage space than the related methods.The performance of the proposed ISIMSDS methodology provides more efficiency in communication costs such as encryption,decryption,and retrieval of the data.
文摘Federated learning effectively protects data privacy by training models on local devices and only sharing model updates.However,its distributed nature also makes the system vulnerable to malicious client attacks,such as data poisoning,model tampering and backdoor attacks,especially being more concealed in the Non-Independent and Identically Distributed(Non-IID)data environment.To address the above-mentioned security challenges,this paper proposes a federated learning security detection method based on linear combinatorial rank analysis.This method achieves anomaly detection by transforming the model parameter transmission process into the transmission of encoded vectors over a finite field and analyzing the rank variation of the encoded matrix.Different from the traditional methods,this method does not rely on the Independent and Identically Distributed(IID)data assumption and can adapt to the complex data distribution in the Non-IID environment.At the same time,a dynamic coding adjustment mechanism is introduced,which can adaptively balance security and system efficiency according to the client resources and system security status.In addition,this paper also designs a full-link protection scheme to ensure that the entire process from parameter generation,encoding calculation to upload is effectively guaranteed in terms of security and integrity.The results show that the detection rates of Linear Combinatorial Rank Analysis(LCRA)in the scenarios of data poisoning,model tampering and backdoor attack reach 96.2%,94.8%and 95.6%respectively,and the false alarm rate is lower than 4.1%.Meanwhile,the high accuracy rates of the model on CIFAR-10 and MNIST(85.3%and 97.8%respectively)are maintained.It outperforms existing robust aggregation and differential privacy methods.
基金The authors would like to thank the Deanship of Scientific Research at Prince Sattam bin Abdul-Aziz University,Saudi Arabia.
文摘Due to the widespread use of the internet and smart devices,various attacks like intrusion,zero-day,Malware,and security breaches are a constant threat to any organization’s network infrastructure.Thus,a Network Intrusion Detection System(NIDS)is required to detect attacks in network traffic.This paper proposes a new hybrid method for intrusion detection and attack categorization.The proposed approach comprises three steps to address high false and low false-negative rates for intrusion detection and attack categorization.In the first step,the dataset is preprocessed through the data transformation technique and min-max method.Secondly,the random forest recursive feature elimination method is applied to identify optimal features that positively impact the model’s performance.Next,we use various Support Vector Machine(SVM)types to detect intrusion and the Adaptive Neuro-Fuzzy System(ANFIS)to categorize probe,U2R,R2U,and DDOS attacks.The validation of the proposed method is calculated through Fine Gaussian SVM(FGSVM),which is 99.3%for the binary class.Mean Square Error(MSE)is reported as 0.084964 for training data,0.0855203 for testing,and 0.084964 to validate multiclass categorization.
基金supported in part by the“Pioneer”and“Leading Goose”R&D Program of Zhejiang(Grant No.2022C03174)the National Natural Science Foundation of China(No.92067103)+4 种基金the Key Research and Development Program of Shaanxi,China(No.2021ZDLGY06-02)the Natural Science Foundation of Shaanxi Province(No.2019ZDLGY12-02)the Shaanxi Innovation Team Project(No.2018TD-007)the Xi'an Science and technology Innovation Plan(No.201809168CX9JC10)the Fundamental Research Funds for the Central Universities(No.YJS2212)and National 111 Program of China B16037.
文摘The security of Federated Learning(FL)/Distributed Machine Learning(DML)is gravely threatened by data poisoning attacks,which destroy the usability of the model by contaminating training samples,so such attacks are called causative availability indiscriminate attacks.Facing the problem that existing data sanitization methods are hard to apply to real-time applications due to their tedious process and heavy computations,we propose a new supervised batch detection method for poison,which can fleetly sanitize the training dataset before the local model training.We design a training dataset generation method that helps to enhance accuracy and uses data complexity features to train a detection model,which will be used in an efficient batch hierarchical detection process.Our model stockpiles knowledge about poison,which can be expanded by retraining to adapt to new attacks.Being neither attack-specific nor scenario-specific,our method is applicable to FL/DML or other online or offline scenarios.
