Visible to the public Biblio

Found 461 results

Filters: First Letter Of Last Name is D  [Clear All Filters]
A B C [D] E F G H I J K L M N O P Q R S T U V W X Y Z   [Show ALL]
D
del Pino, Rafael, Lyubashevsky, Vadim, Seiler, Gregor.  2018.  Lattice-Based Group Signatures and Zero-Knowledge Proofs of Automorphism Stability. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :574–591.

We present a group signature scheme, based on the hardness of lattice problems, whose outputs are more than an order of magnitude smaller than the currently most efficient schemes in the literature. Since lattice-based schemes are also usually non-trivial to efficiently implement, we additionally provide the first experimental implementation of lattice-based group signatures demonstrating that our construction is indeed practical – all operations take less than half a second on a standard laptop. A key component of our construction is a new zero-knowledge proof system for proving that a committed value belongs to a particular set of small size. The sets for which our proofs are applicable are exactly those that contain elements that remain stable under Galois automorphisms of the underlying cyclotomic number field of our lattice-based protocol. We believe that these proofs will find applications in other settings as well. The motivation of the new zero-knowledge proof in our construction is to allow the efficient use of the selectively-secure signature scheme (i.e. a signature scheme in which the adversary declares the forgery message before seeing the public key) of Agrawal et al. (Eurocrypt 2010) in constructions of lattice-based group signatures and other privacy protocols. For selectively-secure schemes to be meaningfully converted to standard signature schemes, it is crucial that the size of the message space is not too large. Using our zero-knowledge proofs, we can strategically pick small sets for which we can provide efficient zero-knowledge proofs of membership.

Del Rosso, A., Liang Min, Chaoyang Jing.  2014.  High performance computation tools for real-time security assessment. PES General Meeting | Conference Exposition, 2014 IEEE. :1-1.

This paper presents an overview of the research project “High-Performance Hybrid Simulation/Measurement-Based Tools for Proactive Operator Decision-Support”, performed under the auspices of the U.S. Department of Energy grant DE-OE0000628. The objective of this project is to develop software tools to provide enhanced real-time situational awareness to support the decision making and system control actions of transmission operators. The integrated tool will combine high-performance dynamic simulation with synchrophasor measurement data to assess in real time system dynamic performance and operation security risk. The project includes: (i) The development of high-performance dynamic simulation software; (ii) the development of new computationally effective measurement-based tools to estimate operating margins of a power system in real time using measurement data from synchrophasors and SCADA; (iii) the development a hybrid framework integrating measurement-based and simulation-based approaches, and (iv) the use of cutting-edge visualization technology to display various system quantities and to visually process the results of the hybrid measurement-base/simulation-based security-assessment tool. Parallelization and high performance computing are utilized to enable ultrafast transient stability analysis that can be used in a real-time environment to quickly perform “what-if” simulations involving system dynamics phenomena. EPRI's Extended Transient Midterm Simulation Program (ETMSP) is modified and enhanced for this work. The contingency analysis is scaled for large-scale contingency analysis using MPI-based parallelization. Simulations of thousands of contingencies on a high performance computing machine are performed, and results show that parallelization over contingencies with MPI provides good scalability and computational gains. Different ways to reduce the I/O bottleneck have been also exprored. Thread-parallelization of the sparse linear solve is explored also through use of the SuperLU_MT library. Based on performance profiling results for the implicit method, the majority of CPU time is spent on the integration steps. Hence, in order to further improve the ETMSP performance, a variable time step control scheme for the original trapezoidal integration method has been developed and implemented. The Adams-Bashforth-Moulton predictor-corrector method was introduced and designed for ETMSP. Test results show superior performance with this method.

Del Rosso, A., Liang Min, Chaoyang Jing.  2014.  High performance computation tools for real-time security assessment. PES General Meeting | Conference Exposition, 2014 IEEE. :1-1.

This paper presents an overview of the research project “High-Performance Hybrid Simulation/Measurement-Based Tools for Proactive Operator Decision-Support”, performed under the auspices of the U.S. Department of Energy grant DE-OE0000628. The objective of this project is to develop software tools to provide enhanced real-time situational awareness to support the decision making and system control actions of transmission operators. The integrated tool will combine high-performance dynamic simulation with synchrophasor measurement data to assess in real time system dynamic performance and operation security risk. The project includes: (i) The development of high-performance dynamic simulation software; (ii) the development of new computationally effective measurement-based tools to estimate operating margins of a power system in real time using measurement data from synchrophasors and SCADA; (iii) the development a hybrid framework integrating measurement-based and simulation-based approaches, and (iv) the use of cutting-edge visualization technology to display various system quantities and to visually process the results of the hybrid measurement-base/simulation-based security-assessment tool. Parallelization and high performance computing are utilized to enable ultrafast transient stability analysis that can be used in a real-time environment to quickly perform “what-if” simulations involving system dynamics phenomena. EPRI's Extended Transient Midterm Simulation Program (ETMSP) is modified and enhanced for this work. The contingency analysis is scaled for large-scale contingency analysis using MPI-based parallelization. Simulations of thousands of contingencies on a high performance computing machine are performed, and results show that parallelization over contingencies with MPI provides good scalability and computational gains. Different ways to reduce the I/O bottleneck have been also exprored. Thread-parallelization of the sparse linear solve is explored also through use of the SuperLU_MT library. Based on performance profiling results for the implicit method, the majority of CPU time is spent on the integration steps. Hence, in order to further improve the ETMSP performance, a variable time step control scheme for the original trapezoidal integration method has been developed and implemented. The Adams-Bashforth-Moulton predictor-corrector method was introduced and designed for ETMSP. Test results show superior performance with this method.
 

Delaune, S., Kremer, S., Robin, L..  2017.  Formal Verification of Protocols Based on Short Authenticated Strings. 2017 IEEE 30th Computer Security Foundations Symposium (CSF). :130–143.

Modern security protocols may involve humans in order to compare or copy short strings between different devices. Multi-factor authentication protocols, such as Google 2-factor or 3D-secure are typical examples of such protocols. However, such short strings may be subject to brute force attacks. In this paper we propose a symbolic model which includes attacker capabilities for both guessing short strings, and producing collisions when short strings result from an application of weak hash functions. We propose a new decision procedure for analysing (a bounded number of sessions of) protocols that rely on short strings. The procedure has been integrated in the AKISS tool and tested on protocols from the ISO/IEC 9798-6:2010 standard.

Delic, Kemal A..  2016.  On Resilience of IoT Systems: The Internet of Things (Ubiquity Symposium). Ubiquity. 2016:1:1–1:7.

At the very high level of abstraction, the Internet of Things (IoT) can be modeled as the hyper-scale, hyper-complex cyber-physical system. Study of resilience of IoT systems is the first step towards engineering of the future IoT eco-systems. Exploration of this domain is highly promising avenue for many aspiring Ph.D. and M.Sc. students.

Deliu, I., Leichter, C., Franke, K..  2018.  Collecting Cyber Threat Intelligence from Hacker Forums via a Two-Stage, Hybrid Process Using Support Vector Machines and Latent Dirichlet Allocation. 2018 IEEE International Conference on Big Data (Big Data). :5008-5013.

Traditional security controls, such as firewalls, anti-virus and IDS, are ill-equipped to help IT security and response teams keep pace with the rapid evolution of the cyber threat landscape. Cyber Threat Intelligence (CTI) can help remediate this problem by exploiting non-traditional information sources, such as hacker forums and "dark-web" social platforms. Security and response teams can use the collected intelligence to identify emerging threats. Unfortunately, when manual analysis is used to extract CTI from non-traditional sources, it is a time consuming, error-prone and resource intensive process. We address these issues by using a hybrid Machine Learning model that automatically searches through hacker forum posts, identifies the posts that are most relevant to cyber security and then clusters the relevant posts into estimations of the topics that the hackers are discussing. The first (identification) stage uses Support Vector Machines and the second (clustering) stage uses Latent Dirichlet Allocation. We tested our model, using data from an actual hacker forum, to automatically extract information about various threats such as leaked credentials, malicious proxy servers, malware that evades AV detection, etc. The results demonstrate our method is an effective means for quickly extracting relevant and actionable intelligence that can be integrated with traditional security controls to increase their effectiveness.

Deliu, I., Leichter, C., Franke, K..  2017.  Extracting Cyber Threat Intelligence from Hacker Forums: Support Vector Machines versus Convolutional Neural Networks. 2017 IEEE International Conference on Big Data (Big Data). :3648–3656.

Hacker forums and other social platforms may contain vital information about cyber security threats. But using manual analysis to extract relevant threat information from these sources is a time consuming and error-prone process that requires a significant allocation of resources. In this paper, we explore the potential of Machine Learning methods to rapidly sift through hacker forums for relevant threat intelligence. Utilizing text data from a real hacker forum, we compared the text classification performance of Convolutional Neural Network methods against more traditional Machine Learning approaches. We found that traditional machine learning methods, such as Support Vector Machines, can yield high levels of performance that are on par with Convolutional Neural Network algorithms.

Dem'yanov, D. N..  2017.  Analytical synthesis of reduced order observer for estimation of the bilinear dynamic system state. 2017 International Conference on Industrial Engineering, Applications and Manufacturing (ICIEAM). :1–5.

The problem of analytical synthesis of the reduced order state observer for the bilinear dynamic system with scalar input and vector output has been considered. Formulas for calculation of the matrix coefficients of the nonlinear observer with estimation error asymptotically approaching zero have been obtained. Two modifications of observer dynamic equation have been proposed: the first one requires differentiation of an output signal and the second one does not. Based on the matrix canonization technology, the solvability conditions for the synthesis problem and analytical expressions for an acceptable set of solutions have been received. A precise step-by-step algorithm for calculating the observer coefficients has been offered. An example of the practical use of the developed algorithm has been given.

DeMarinis, Nicholas, Fonseca, Rodrigo.  2017.  Toward Usable Network Traffic Policies for IoT Devices in Consumer Networks. Proceedings of the 2017 Workshop on Internet of Things Security and Privacy. :43–48.

The Internet of Things (IoT) revolution has brought millions of small, low-cost, connected devices into our homes, cities, infrastructure, and more. However, these devices are often plagued by security vulnerabilities that pose threats to user privacy or can threaten the Internet architecture as a whole. Home networks can be particularly vulnerable to these threats as they typically have no network administrator and often contain unpatched or otherwise vulnerable devices. In this paper, we argue that the unique security challenges of home networks require a new network-layer architecture to both protect against external threats and mitigate attacks from compromised devices. We present initial findings based on traffic analysis from a small-scale IoT testbed toward identifying predictable patterns in IoT traffic that may allow construction of a policy-based framework to restrict malicious traffic. Based on our observations, we discuss key features for the design of this architecture to promote future developments in network-layer security in smart home networks.

Demchenko, Y., Canh Ngo, De Laat, C., Lee, C..  2014.  Federated Access Control in Heterogeneous Intercloud Environment: Basic Models and Architecture Patterns. Cloud Engineering (IC2E), 2014 IEEE International Conference on. :439-445.

This paper presents on-going research to define the basic models and architecture patterns for federated access control in heterogeneous (multi-provider) multi-cloud and inter-cloud environment. The proposed research contributes to the further definition of Intercloud Federation Framework (ICFF) which is a part of the general Intercloud Architecture Framework (ICAF) proposed by authors in earlier works. ICFF attempts to address the interoperability and integration issues in provisioning on-demand multi-provider multi-domain heterogeneous cloud infrastructure services. The paper describes the major inter-cloud federation scenarios that in general involve two types of federations: customer-side federation that includes federation between cloud based services and customer campus or enterprise infrastructure, and provider-side federation that is created by a group of cloud providers to outsource or broker their resources when provisioning services to customers. The proposed federated access control model uses Federated Identity Management (FIDM) model that can be also supported by the trusted third party entities such as Cloud Service Broker (CSB) and/or trust broker to establish dynamic trust relations between entities without previously existing trust. The research analyses different federated identity management scenarios, defines the basic architecture patterns and the main components of the distributed federated multi-domain Authentication and Authorisation infrastructure.

Demertzis, Ioannis, Papamanthou, Charalampos.  2017.  Fast Searchable Encryption With Tunable Locality. Proceedings of the 2017 ACM International Conference on Management of Data. :1053–1067.
Searchable encryption (SE) allows a client to outsource a dataset to an untrusted server while enabling the server to answer keyword queries in a private manner. SE can be used as a building block to support more expressive private queries such as range/point and boolean queries, while providing formal security guarantees. To scale SE to big data using external memory, new schemes with small locality have been proposed, where locality is defined as the number of non-continuous reads that the server makes for each query. Previous space-efficient SE schemes achieve optimal locality by increasing the read efficiency-the number of additional memory locations (false positives) that the server reads per result item. This can hurt practical performance. In this work, we design, formally prove secure, and evaluate the first SE scheme with tunable locality and linear space. Our first scheme has optimal locality and outperforms existing approaches (that have a slightly different leakage profile) by up to 2.5 orders of magnitude in terms of read efficiency, for all practical database sizes. Another version of our construction with the same leakage as previous works can be tuned to have bounded locality, optimal read efficiency and up to 60x more efficient end-to-end search time. We demonstrate that our schemes work fast in in-memory as well, leading to search time savings of up to 1 order of magnitude when compared to the most practical in-memory SE schemes. Finally, our construction can be tuned to achieve trade-offs between space, read efficiency, locality, parallelism and communication overhead.
Demertzis, Ioannis, Papadopoulos, Stavros, Papapetrou, Odysseas, Deligiannakis, Antonios, Garofalakis, Minos.  2016.  Practical Private Range Search Revisited. Proceedings of the 2016 International Conference on Management of Data. :185–198.

We consider a data owner that outsources its dataset to an untrusted server. The owner wishes to enable the server to answer range queries on a single attribute, without compromising the privacy of the data and the queries. There are several schemes on "practical" private range search (mainly in Databases venues) that attempt to strike a trade-off between efficiency and security. Nevertheless, these methods either lack provable security guarantees, or permit unacceptable privacy leakages. In this paper, we take an interdisciplinary approach, which combines the rigor of Security formulations and proofs with efficient Data Management techniques. We construct a wide set of novel schemes with realistic security/performance trade-offs, adopting the notion of Searchable Symmetric Encryption (SSE) primarily proposed for keyword search. We reduce range search to multi-keyword search using range covering techniques with tree-like indexes. We demonstrate that, given any secure SSE scheme, the challenge boils down to (i) formulating leakages that arise from the index structure, and (ii) minimizing false positives incurred by some schemes under heavy data skew. We analytically detail the superiority of our proposals over prior work and experimentally confirm their practicality.

Demetriou, Soteris, Zhang, Nan, Lee, Yeonjoon, Wang, XiaoFeng, Gunter, Carl A., Zhou, Xiaoyong, Grace, Michael.  2017.  HanGuard: SDN-driven Protection of Smart Home WiFi Devices from Malicious Mobile Apps. Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks. :122–133.
A new development of smart-home systems is to use mobile apps to control IoT devices across a Home Area Network (HAN). As verified in our study, those systems tend to rely on the Wi-Fi router to authenticate other devices. This treatment exposes them to the attack from malicious apps, particularly those running on authorized phones, which the router does not have information to control. Mitigating this threat cannot solely rely on IoT manufacturers, which may need to change the hardware on the devices to support encryption, increasing the cost of the device, or software developers who we need to trust to implement security correctly. In this work, we present a new technique to control the communication between the IoT devices and their apps in a unified, backward-compatible way. Our approach, called HanGuard, does not require any changes to the IoT devices themselves, the IoT apps or the OS of the participating phones. HanGuard uses an SDN-like approach to offer fine-grained protection: each phone runs a non-system userspace Monitor app to identify the party that attempts to access the protected IoT device and inform the router through a control plane of its access decision; the router enforces the decision on the data plane after verifying whether the phone should be allowed to talk to the device. We implemented our design over both Android and iOS (\textbackslashtextgreater 95% of mobile OS market share) and a popular router. Our study shows that HanGuard is both efficient and effective in practice.
Demir, Kubilay, Suri, Neeraj.  2017.  Towards DDoS Attack Resilient Wide Area Monitoring Systems. Proceedings of the 12th International Conference on Availability, Reliability and Security. :99:1–99:7.

The traditional physical power grid is evolving into a cyber-physical Smart Grid (SG) that links the cyber communication and computational elements with the physical control functions to dynamically integrate varied and geographically distributed energy producers/consumers. In the SG, the cyber elements of Wide Area Measurement Systems (WAMS) are deployed to provide the critical monitoring of the state of power transmission and distribution to accomplish real-time control of the grid. Unfortunately, the increasing adoption of such computing/communication cyber-technologies essential to providing the SG operations also opens the risk of the SG being vulnerable to cyberattacks. In particular, attacks such as Denial-of-Service (DoS) and Distributed DoS (DDoS) are of primary concern for WAMS where such attacks can compromise its safety-critical accuracy and responsiveness characteristics. To prevent DoS/DDoS attacks at the transport and application layer from affecting the WAMS operations, we propose a proactive and robust extension of the Multipath-TCP (MPTCP) transportation protocol that mitigates such attacks by using a novel stream hopping MPTCP mechanism, termed as MPTCP-H. The proposed MPTCP-H hides the open port numbers of the connection from an attacker by renewing (over time) the subflows over new port numbers without perturbing the WAMS data traffic. Our results demonstrate MPTCP-H to be both effective and efficient (for reduced latency and congestion), and also applicable to the communication frameworks of other similar Critical Infrastructures.

Demir, Mehmet özgÜn, Alp Topal, Ozan, Dartmann, Guido, Schmeink, Anke, Ascheid, Gerd, Kurt, GüneŞ, Pusane, Ali Emre.  2019.  Using Perfect Codes in Relay Aided Networks: A Security Analysis. 2019 International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). :1—6.

Cyber-physical systems (CPS) are state-of-the-art communication environments that offer various applications with distinct requirements. However, security in CPS is a nonnegotiable concept, since without a proper security mechanism the applications of CPS may risk human lives, the privacy of individuals, and system operations. In this paper, we focus on PHY-layer security approaches in CPS to prevent passive eavesdropping attacks, and we propose an integration of physical layer operations to enhance security. Thanks to the McEliece cryptosystem, error injection is firstly applied to information bits, which are encoded with the forward error correction (FEC) schemes. Golay and Hamming codes are selected as FEC schemes to satisfy power and computational efficiency. Then obtained codewords are transmitted across reliable intermediate relays to the legitimate receiver. As a performance metric, the decoding frame error rate of the eavesdropper is analytically obtained for the fragmentary existence of significant noise between relays and Eve. The simulation results validate the analytical calculations, and the obtained results show that the number of low-quality channels and the selected FEC scheme affects the performance of the proposed model.

Demir, Mehmet özgÜn, Kurty, GÜne Karabulut, Dartmannz, Guido, Ascheidx, Gerd, Pusane, Ali Emre.  2018.  Security Analysis of Forward Error Correction Codes in Relay Aided Networks. 2018 Global Information Infrastructure and Networking Symposium (GIIS). :1–5.

Network security and data confidentiality of transmitted information are among the non-functional requirements of industrial wireless sensor networks (IWSNs) in addition to latency, reliability and energy efficiency requirements. Physical layer security techniques are promising solutions to assist cryptographic methods in the presence of an eavesdropper in IWSN setups. In this paper, we propose a physical layer security scheme, which is based on both insertion of an random error vector to forward error correction (FEC) codewords and transmission over decentralized relay nodes. Reed-Solomon and Golay codes are selected as FEC coding schemes and the security performance of the proposed model is evaluated with the aid of decoding error probability of an eavesdropper. The results show that security level is highly based on the location of the eavesdropper and secure communication can be achieved when some of channels between eavesdropper and relay nodes are significantly noisier.

Demirci, S., Sagiroglu, S..  2018.  Software-Defined Networking for Improving Security in Smart Grid Systems. 2018 7th International Conference on Renewable Energy Research and Applications (ICRERA). :1021–1026.

This paper presents a review on how to benefit from software-defined networking (SDN) to enhance smart grid security. For this purpose, the attacks threatening traditional smart grid systems are classified according to availability, integrity, and confidentiality, which are the main cyber-security objectives. The traditional smart grid architecture is redefined with SDN and a conceptual model for SDN-based smart grid systems is proposed. SDN based solutions to the mentioned security threats are also classified and evaluated. Our conclusions suggest that SDN helps to improve smart grid security by providing real-time monitoring, programmability, wide-area security management, fast recovery from failures, distributed security and smart decision making based on big data analytics.

Demirol, D., Das, R., Tuna, G..  2017.  An android application to secure text messages. 2017 International Artificial Intelligence and Data Processing Symposium (IDAP). :1–6.

For mobile phone users, short message service (SMS) is the most commonly used text-based communication type on mobile devices. Users can interact with other users and services via SMS. For example, users can send private messages, use information services, apply for a job advertisement, conduct bank transactions, and so on. Users should be very careful when using SMS. During the sending of SMS, the message content should be aware that it can be captured and act accordingly. Based on these findings, the elderly, called as “Silent Generation” which represents 70 years or older adults, are text messaging much more than they did in the past. Therefore, they need solutions which are both simple and secure enough if there is a need to send sensitive information via SMS. In this study, we propose and develop an android application to secure text messages. The application has a simple and easy-to-use graphical user interface but provides significant security.

Demjaha, A., Caulfield, T., Sasse, M. Angela, Pym, D..  2019.  2 Fast 2 Secure: A Case Study of Post-Breach Security Changes. 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :192—201.
A security breach often makes companies react by changing their attitude and approach to security within the organization. This paper presents an in-depth case study of post-breach security changes made by a company and the consequences of those changes. We employ the principles of participatory action research and humble inquiry to conduct a long-term study with employee interviews while embedded in the organization's security division. Despite an extremely high level of financial investment in security, and consistent attention and involvement from the board, the interviews indicate a significant level of friction between employees and security. In the main themes that emerged from our data analysis, a number of factors shed light on the friction: fear of another breach leading to zero risk appetite, impossible security controls making non-compliance a norm, security theatre underminining the purpose of security policies, employees often trading-off security with productivity, and as such being treated as children in detention rather than employees trying to finish their paid jobs. This paper shows that post-breach security changes can be complex and sometimes risky due to emotions often being involved. Without an approach considerate of how humans and security interact, even with high financial investment, attempts to change an organization's security behaviour may be ineffective.
Demkiv, L., Lozynskyy, A., Lozynskyy, O., Demkiv, I..  2017.  A new approach to dynamical system's fuzzy controller synthesis: Application of the unstable subsystem. 2017 International Conference on Modern Electrical and Energy Systems (MEES). :84–87.

A general approach to the synthesis of the conditionally unstable fuzzy controller is introduced in this paper. This approach allows tuning the output signal of the system for both fast and smooth transient. Fuzzy logic allows combining the properties of several strategies of system tuning dependent on the state of the system. The utilization of instability allows achieving faster transient when the error of the system output is beyond the predefined value. Later the system roots are smoothly moved to the left-hand side of the complex s-plane due to the change of the membership function values. The results of the proposed approaches are compared with the results obtained using traditional methods of controller synthesis.

Demoulin, Henri Maxime, Vaidya, Tavish, Pedisich, Isaac, DiMaiolo, Bob, Qian, Jingyu, Shah, Chirag, Zhang, Yuankai, Chen, Ang, Haeberlen, Andreas, Loo, Boon Thau et al..  2018.  DeDoS: Defusing DoS with Dispersion Oriented Software. Proceedings of the 34th Annual Computer Security Applications Conference. :712-722.

This paper presents DeDoS, a novel platform for mitigating asymmetric DoS attacks. These attacks are particularly challenging since even attackers with limited resources can exhaust the resources of well-provisioned servers. DeDoS offers a framework to deploy code in a highly modular fashion. If part of the application stack is experiencing a DoS attack, DeDoS can massively replicate only the affected component, potentially across many machines. This allows scaling of the impacted resource separately from the rest of the application stack, so that resources can be precisely added where needed to combat the attack. Our evaluation results show that DeDoS incurs reasonable overheads in normal operations, and that it significantly outperforms standard replication techniques when defending against a range of asymmetric attacks.

den Hartog, Jerry, Zannone, Nicola.  2016.  A Policy Framework for Data Fusion and Derived Data Control. Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control. :47–57.

Recent years have seen an exponential growth of the collection and processing of data from heterogeneous sources for a variety of purposes. Several methods and techniques have been proposed to transform and fuse data into "useful" information. However, the security aspects concerning the fusion of sensitive data are often overlooked. This paper investigates the problem of data fusion and derived data control. In particular, we identify the requirements for regulating the fusion process and eliciting restrictions on the access and usage of derived data. Based on these requirements, we propose an attribute-based policy framework to control the fusion of data from different information sources and under the control of different authorities. The framework comprises two types of policies: access control policies, which define the authorizations governing the resources used in the fusion process, and fusion policies, which define constraints on allowed fusion processes. We also discuss how such policies can be obtained for derived data.

Deng, C., Qiao, H..  2016.  Network security intrusion detection system based on incremental improved convolutional neural network model. 2016 International Conference on Communication and Electronics Systems (ICCES). :1–5.

With the popularization and development of network knowledge, network intruders are increasing, and the attack mode has been updated. Intrusion detection technology is a kind of active defense technology, which can extract the key information from the network system, and quickly judge and protect the internal or external network intrusion. Intrusion detection is a kind of active security technology, which provides real-time protection for internal attacks, external attacks and misuse, and it plays an important role in ensuring network security. However, with the diversification of intrusion technology, the traditional intrusion detection system cannot meet the requirements of the current network security. Therefore, the implementation of intrusion detection needs diversifying. In this context, we apply neural network technology to the network intrusion detection system to solve the problem. In this paper, on the basis of intrusion detection method, we analyze the development history and the present situation of intrusion detection technology, and summarize the intrusion detection system overview and architecture. The neural network intrusion detection is divided into data acquisition, data analysis, pretreatment, intrusion behavior detection and testing.

Deng, Dong, Tao, Yufei, Li, Guoliang.  2018.  Overlap Set Similarity Joins with Theoretical Guarantees. Proceedings of the 2018 International Conference on Management of Data. :905-920.
This paper studies the set similarity join problem with overlap constraints which, given two collections of sets and a constant c, finds all the set pairs in the datasets that share at least c common elements. This is a fundamental operation in many fields, such as information retrieval, data mining, and machine learning. The time complexity of all existing methods is O(n2) where n is the total size of all the sets. In this paper, we present a size-aware algorithm with the time complexity of O(n2-over 1 c k1 over 2c)=o(n2)+O(k), where k is the number of results. The size-aware algorithm divides all the sets into small and large ones based on their sizes and processes them separately. We can use existing methods to process the large sets and focus on the small sets in this paper. We develop several optimization heuristics for the small sets to improve the practical performance significantly. As the size boundary between the small sets and the large sets is crucial to the efficiency, we propose an effective size boundary selection algorithm to judiciously choose an appropriate size boundary, which works very well in practice. Experimental results on real-world datasets show that our methods achieve high performance and outperform the state-of-the-art approaches by up to an order of magnitude.
Deng, H., Xie, H., Ma, W., Mao, Z., Zhou, C..  2017.  Double-bit quantization and weighting for nearest neighbor search. 2017 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). :1717–1721.

Binary embedding is an effective way for nearest neighbor (NN) search as binary code is storage efficient and fast to compute. It tries to convert real-value signatures into binary codes while preserving similarity of the original data. However, it greatly decreases the discriminability of original signatures due to the huge loss of information. In this paper, we propose a novel method double-bit quantization and weighting (DBQW) to solve the problem by mapping each dimension to double-bit binary code and assigning different weights according to their spatial relationship. The proposed method is applicable to a wide variety of embedding techniques, such as SH, PCA-ITQ and PCA-RR. Experimental comparisons on two datasets show that DBQW for NN search can achieve remarkable improvements in query accuracy compared to original binary embedding methods.