Visible to the public Biblio

Filters: Author is Zhang, H.  [Clear All Filters]
Zhang, H., Ma, J., Wang, Y., Pei, Q..  2009.  An Active Defense Model and Framework of Insider Threats Detection and Sense. 2009 Fifth International Conference on Information Assurance and Security. 1:258—261.
Insider attacks is a well-known problem acknowledged as a threat as early as 1980s. The threat is attributed to legitimate users who take advantage of familiarity with the computational environment and abuse their privileges, can easily cause significant damage or losses. In this paper, we present an active defense model and framework of insider threat detection and sense. Firstly, we describe the hierarchical framework which deal with insider threat from several aspects, and subsequently, show a hierarchy-mapping based insider threats model, the kernel of the threats detection, sense and prediction. The experiments show that the model and framework could sense the insider threat in real-time effectively.
Liu, G., Quan, W., Cheng, N., Lu, N., Zhang, H., Shen, X..  2020.  P4NIS: Improving network immunity against eavesdropping with programmable data planes. IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). :91—96.

Due to improving computational capacity of supercomputers, transmitting encrypted packets via one single network path is vulnerable to brute-force attacks. The versatile attackers secretly eavesdrop all the packets, classify packets into different streams, performs an exhaustive search for the decryption key, and extract sensitive personal information from the streams. However, new Internet Protocol (IP) brings great opportunities and challenges for preventing eavesdropping attacks. In this paper, we propose a Programming Protocol-independent Packet Processors (P4) based Network Immune Scheme (P4NIS) against the eavesdropping attacks. Specifically, P4NIS is equipped with three lines of defense to improve the network immunity. The first line is promiscuous forwarding by splitting all the traffic packets in different network paths disorderly. Complementally, the second line encrypts transmission port fields of the packets using diverse encryption algorithms. The encryption could distribute traffic packets from one stream into different streams, and disturb eavesdroppers to classify them correctly. Besides, P4NIS inherits the advantages from the existing encryption-based countermeasures which is the third line of defense. Using a paradigm of programmable data planes-P4, we implement P4NIS and evaluate its performances. Experimental results show that P4NIS can increase difficulties of eavesdropping significantly, and increase transmission throughput by 31.7% compared with state-of-the-art mechanisms.

Kennard, M., Zhang, H., Akimoto, Y., Hirokawa, M., Suzuki, K..  2020.  Effects of Visual Biofeedback on Competition Performance Using an Immersive Mixed Reality System. 2020 IEEE International Conference on Systems, Man, and Cybernetics (SMC). :3793—3798.

This paper investigates the effects of real time visual biofeedback for improving sports performance using a large scale immersive mixed reality system in which users are able to play a simulated game of curling. The users slide custom curling stones across the floor onto a projected target whose size is dictated by the user’s stress-related physiological measure; heart rate (HR). The higher HR the player has, the smaller the target will be, and vice-versa. In the experiment participants were asked to compete in three different conditions: baseline, with and without the proposed biofeedback. The results show that when providing a visual representation of the player’s HR or "choking" in competition, it helped the player understand their condition and improve competition performance (P-value of 0.0391).

Zhang, H., Liu, H., Liang, J., Li, T., Geng, L., Liu, Y., Chen, S..  2020.  Defense Against Advanced Persistent Threats: Optimal Network Security Hardening Using Multi-stage Maze Network Game. 2020 IEEE Symposium on Computers and Communications (ISCC). :1—6.

Advanced Persistent Threat (APT) is a stealthy, continuous and sophisticated method of network attacks, which can cause serious privacy leakage and millions of dollars losses. In this paper, we introduce a new game-theoretic framework of the interaction between a defender who uses limited Security Resources(SRs) to harden network and an attacker who adopts a multi-stage plan to attack the network. The game model is derived from Stackelberg games called a Multi-stage Maze Network Game (M2NG) in which the characteristics of APT are fully considered. The possible plans of the attacker are compactly represented using attack graphs(AGs), but the compact representation of the attacker's strategies presents a computational challenge and reaching the Nash Equilibrium(NE) is NP-hard. We present a method that first translates AGs into Markov Decision Process(MDP) and then achieves the optimal SRs allocation using the policy hill-climbing(PHC) algorithm. Finally, we present an empirical evaluation of the model and analyze the scalability and sensitivity of the algorithm. Simulation results exhibit that our proposed reinforcement learning-based SRs allocation is feasible and efficient.

Zhang, H., Zhang, D., Chen, H., Xu, J..  2020.  Improving Efficiency of Pseudonym Revocation in VANET Using Cuckoo Filter. 2020 IEEE 20th International Conference on Communication Technology (ICCT). :763–769.
In VANETs, pseudonyms are often used to replace the identity of vehicles in communication. When vehicles drive out of the network or misbehave, their pseudonym certificates need to be revoked by the certificate authority (CA). The certificate revocation lists (CRLs) are usually used to store the revoked certificates before their expiration. However, using CRLs would incur additional storage, communication and computation overhead. Some existing schemes have proposed to use Bloom Filter to compress the original CRLs, but they are unable to delete the expired certificates and introduce the false positive problem. In this paper, we propose an improved pseudonym certificates revocation scheme, using Cuckoo Filter for compression to reduce the impact of these problems. In order to optimize deletion efficiency, we propose the concept of Certificate Expiration List (CEL) which can be implemented with priority queue. The experimental results show that our scheme can effectively reduce the storage and communication overhead of pseudonym certificates revocation, while retaining moderately low false positive rates. In addition, our scheme can also greatly improve the lookup performance on CRLs, and reduce the revocation operation costs by allowing deletion.
Geng, J., Yu, B., Shen, C., Zhang, H., Liu, Z., Wan, P., Chen, Z..  2019.  Modeling Digital Low-Dropout Regulator with a Multiple Sampling Frequency Circuit Technology. 2019 IEEE 13th International Conference on Anti-counterfeiting, Security, and Identification (ASID). :207—210.

The digital low dropout regulators are widely used because it can operate at low supply voltage. In the digital low drop-out regulators, the high sampling frequency circuit has a short setup time, but it will produce overshoot, and then the output can be stabilized; although the low sampling frequency circuit output can be directly stabilized, the setup time is too long. This paper proposes a two sampling frequency circuit model, which aims to include the high and low sampling frequencies in the same circuit. By controlling the sampling frequency of the circuit under different conditions, this allows the circuit to combine the advantages of the circuit operating at different sampling frequencies. This shortens the circuit setup time and the stabilization time at the same time.

Yu, C., Quan, W., Cheng, N., Chen, S., Zhang, H..  2019.  Coupled or Uncoupled? Multi-path TCP Congestion Control for High-Speed Railway Networks 2019 IEEE/CIC International Conference on Communications in China (ICCC). :612—617.

With the development of modern High-Speed Railway (HSR) and mobile communication systems, network operators have a strong demand to provide high-quality on-board Internet services for HSR passengers. Multi-path TCP (MPTCP) provides a potential solution to aggregate available network bandwidth, greatly overcoming throughout degradation and severe jitter using single transmission path during the high-speed train moving. However, the choose of MPTCP algorithms, i.e., Coupled or Uncoupled, has a great impact on the performance. In this paper, we investigate this interesting issue in the practical datasets along multiple HSR lines. Particularly, we collect the first-hand network datasets and analyze the characteristics and category of traffic flows. Based on this statistics, we measure and analyze the transmission performance for both mice flows and elephant ones with different MPTCP congestion control algorithms in HSR scenarios. The simulation results show that, by comparing with the coupled MPTCP algorithms, i.e., Fully Coupled and LIA, the uncoupled EWTCP algorithm provides more stable throughput and balances congestion window distribution, more suitable for the HSR scenario for elephant flows. This work provides significant reference for the development of on-board devices in HSR network systems.

Zhang, H., Liu, H., Deng, L., Wang, P., Rong, X., Li, Y., Li, B., Wang, H..  2018.  Leader Recognition and Tracking for Quadruped Robots. 2018 IEEE International Conference on Information and Automation (ICIA). :1438—1443.

To meet the high requirement of human-machine interaction, quadruped robots with human recognition and tracking capability are studied in this paper. We first introduce a marker recognition system which uses multi-thread laser scanner and retro-reflective markers to distinguish the robot's leader and other objects. When the robot follows leader autonomously, the variant A* algorithm which having obstacle grids extended virtually (EA*) is used to plan the path. But if robots need to track and follow the leader's path as closely as possible, it will trust that the path which leader have traveled is safe enough and uses the incremental form of EA* algorithm (IEA*) to reproduce the trajectory. The simulation and experiment results illustrate the feasibility and effectiveness of the proposed algorithms.

Liu, B., He, L., Zhang, H., Sfarra, S., Fernandes, H., Perilli, S., Ren, J..  2019.  Research on stress detection technology of long-distance pipeline applying non-magnetic saturation. IET Science, Measurement Technology. 13:168–174.

In order to study the stress detection method on long-distance oil and gas pipeline, the distribution characteristics of the surface remanence signals in the stress concentration regions must be known. They were studied by using the magnetic domain model in the non-magnetic saturation state. The finite element method was used herein with the aim to analyse the static and mechanical characteristics of a ferromagnetic specimen. The variation law of remanence signal in stress concentration regions was simulated. The results show that a residue signal in the stress concentration region exists. In addition, a one-to-one correspondence in the non-magnetic saturation environment is evident. In the case of magnetic saturation, the remanence signal of the stress concentration region is covered and the signal cannot be recognised.

Wang, J., Zhang, X., Zhang, H., Lin, H., Tode, H., Pan, M., Han, Z..  2018.  Data-Driven Optimization for Utility Providers with Differential Privacy of Users' Energy Profile. 2018 IEEE Global Communications Conference (GLOBECOM). :1–6.

Smart meters migrate conventional electricity grid into digitally enabled Smart Grid (SG), which is more reliable and efficient. Fine-grained energy consumption data collected by smart meters helps utility providers accurately predict users' demands and significantly reduce power generation cost, while it imposes severe privacy risks on consumers and may discourage them from using those “espionage meters". To enjoy the benefits of smart meter measured data without compromising the users' privacy, in this paper, we try to integrate distributed differential privacy (DDP) techniques into data-driven optimization, and propose a novel scheme that not only minimizes the cost for utility providers but also preserves the DDP of users' energy profiles. Briefly, we add differential private noises to the users' energy consumption data before the smart meters send it to the utility provider. Due to the uncertainty of the users' demand distribution, the utility provider aggregates a given set of historical users' differentially private data, estimates the users' demands, and formulates the data- driven cost minimization based on the collected noisy data. We also develop algorithms for feasible solutions, and verify the effectiveness of the proposed scheme through simulations using the simulated energy consumption data generated from the utility company's real data analysis.

Zhang, H., Chen, L., Liu, Q..  2018.  Digital Forensic Analysis of Instant Messaging Applications on Android Smartphones. 2018 International Conference on Computing, Networking and Communications (ICNC). :647–651.

In this paper, we discuss the digital forensic procedure and techniques for analyzing the local artifacts from four popular Instant Messaging applications in Android. As part of our findings, the user chat messages details and contacts were investigated for each application. By using two smartphones with different brands and the latest Android operating systems as experimental objects, we conducted digital investigations in a forensically sound manner. We summarize our findings regarding the different Instant Messaging chat modes and the corresponding encryption status of artifacts for each of the four applications. Our findings can be helpful to many mobile forensic investigations. Additionally, these findings may present values to Android system developers, Android mobile app developers, mobile security researchers as well as mobile users.

Wang, Y., Ren, Z., Zhang, H., Hou, X., Xiao, Y..  2018.  “Combat Cloud-Fog” Network Architecture for Internet of Battlefield Things and Load Balancing Technology. 2018 IEEE International Conference on Smart Internet of Things (SmartIoT). :263–268.

Recently, the armed forces want to bring the Internet of Things technology to improve the effectiveness of military operations in battlefield. So the Internet of Battlefield Things (IoBT) has entered our view. And due to the high processing latency and low reliability of the “combat cloud” network for IoBT in the battlefield environment, in this paper , a novel “combat cloud-fog” network architecture for IoBT is proposed. The novel architecture adds a fog computing layer which consists of edge network equipment close to the users in the “combat-cloud” network to reduce latency and enhance reliability. Meanwhile, since the computing capability of the fog equipment are weak, it is necessary to implement distributed computing in the “combat cloud-fog” architecture. Therefore, the distributed computing load balancing problem of the fog computing layer is researched. Moreover, a distributed generalized diffusion strategy is proposed to decrease latency and enhance the stability and survivability of the “combat cloud-fog” network system. The simulation result indicates that the load balancing strategy based on generalized diffusion algorithm could decrease the task response latency and support the efficient processing of battlefield information effectively, which is suitable for the “combat cloud- fog” network architecture.

Zhang, H., Lou, F., Fu, Y., Tian, Z..  2017.  A Conditional Probability Computation Method for Vulnerability Exploitation Based on CVSS. 2017 IEEE Second International Conference on Data Science in Cyberspace (DSC). :238–241.
Computing the probability of vulnerability exploitation in Bayesian attack graphs (BAGs) is a key process for the network security assessment. The conditional probability of vulnerability exploitation could be obtained from the exploitability of the NIST's Common Vulnerability Scoring System (CVSS). However, the method which N. Poolsappasit et al. proposed for computing conditional probability could be used only in the CVSS metric version v2.0, and can't be used in other two versions. In this paper, we present two methods for computing the conditional probability based on CVSS's other two metric versions, version 1.0 and version 3.0, respectively. Based on the CVSS, the conditional probability computation of vulnerability exploitation is complete by combining the method of N. Poolsappasit et al.
Zhang, H., Lin, Y., Xiao, J..  2017.  An innovative analying method for the scale of distribution system security region. 2017 IEEE Power Energy Society General Meeting. :1–5.

Distribution system security region (DSSR) has been widely used to analyze the distribution system operation security. This paper innovatively defines the scale of DSSR, namely the number of boundary constraints and variables of all operational constraints, analyzes and puts forward the corresponding evaluation method. Firstly, the influence of the number of security boundary constraints and variables on the scale of DSSR is analyzed. The factors that mainly influence the scale are found, such as the number of transformers, feeders, as well as sectionalizing switches, and feeder contacts modes between transformers. Secondly, a matrix representing the relations among transformers in distribution system is defined to reflect the characteristics of network's structure, while an algorithm of the scale of DSSR based on transformers connection relationship matrix is proposed, which avoids the trouble of listing security region constraints. Finally, the proposed method is applied in a test system to confirm the effectiveness of the concepts and methods. It provides the necessary foundation for DSSR theory as well as safety analysis.

Sun, S., Zhang, H., Du, Y..  2017.  The electromagnetic leakage analysis based on arithmetic operation of FPGA. 2017 IEEE 5th International Symposium on Electromagnetic Compatibility (EMC-Beijing). :1–5.

The chips in working state have electromagnetic energy leakage problem. We offer a method to analyze the problem of electromagnetic leakage when the chip is running. We execute a sequence of addition and subtraction arithmetic instructions on FPGA chip, then we use the near-field probe to capture the chip leakage of electromagnetic signals. The electromagnetic signal is collected for analysis and processing, the parts of addition and subtraction are classified and identified by SVM. In this paper, for the problem of electromagnetic leakage, six sets of data were collected for analysis and processing. Good results were obtained by using this method.

Du, Y., Zhang, H..  2017.  Estimating the eavesdropping distance for radiated emission and conducted emission from information technology equipment. 2017 IEEE 5th International Symposium on Electromagnetic Compatibility (EMC-Beijing). :1–7.

The display image on the visual display unit (VDU) can be retrieved from the radiated and conducted emission at some distance with no trace. In this paper, the maximum eavesdropping distance for the unintentional radiation and conduction electromagnetic (EM) signals which contain information has been estimated in theory by considering some realistic parameters. Firstly, the maximum eavesdropping distance for the unintentional EM radiation is estimated based on the reception capacity of a log-periodic antenna which connects to a receiver, the experiment data, the attenuation in free-space and the additional attenuation in the propagation path. And then, based on a multi-conductor transmission model and some experiment results, the maximum eavesdropping distance for the conducted emission is theoretically derived. The estimating results demonstrated that the ITE equipment may also exist threat of the information leakage even if it has met the current EMC requirements.

Zhang, H., Wang, J., Chang, J..  2017.  A Multi-Level Security Access Control Framework for Cross-Domain Networks. 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC). 2:316–319.

The increasing demand for secure interactions between network domains brings in new challenges to access control technologies. In this paper we design an access control framework which provides a multilevel mapping method between hierarchical access control structures for achieving multilevel security protection in cross-domain networks. Hierarchical access control structures ensure rigorous multilevel security in intra domains. And the mapping method based on subject attributes is proposed to determine the subject's security level in its target domain. Experimental results we obtained from simulations are also reported in this paper to verify the effectiveness of the proposed access control model.

Cao, C., Zhang, H., Lu, T., Gulliver, T. A..  2017.  An improved cooperative jamming strategy for PHY security in a multi-hop communications system. 2017 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (PACRIM). :1–4.
In this paper, an improved cooperative jamming (CJ) strategy is developed for physical layer (PHY) security in a multi-hop wireless communication system which employs beamforming in the last hop. Users are assigned to independent groups based on the merger-and-split rule in a coalition game. The secrecy capacity for a valid coalition is a non-convex optimization problem which cannot easily be solved. Therefore, restrictions are added to transform this into a convex problem, and this is solved to obtain a suboptimal closed-form solution for the secrecy capacity. Simulation results are presented which show that the proposed strategy outperforms other methods such as non-cooperation, relay cooperation, and previous CJ approaches in terms of the secrecy capacity. Further, it is shown that the proposed multi-hop solution is suitable for long distance communication systems.
Meng, X., Zhao, Z., Li, R., Zhang, H..  2017.  An intelligent honeynet architecture based on software defined security. 2017 9th International Conference on Wireless Communications and Signal Processing (WCSP). :1–6.
Honeynet is deployed to trap attackers and learn their behavior patterns and motivations. Conventional honeynet is implemented by dedicated hardware and software. It suffers from inflexibility, high CAPEX and OPEX. There have been several virtualized honeynet architectures to solve those problems. But they lack a standard operating environment and common architecture for dynamic scheduling and adaptive resource allocation. Software Defined Security (SDS) framework has a centralized control mechanism and intelligent decision making ability for different security functions. In this paper, we present a new intelligent honeynet architecture based on SDS framework. It implements security functions over Network Function Virtualization Infrastructure (NFVI). Under uniform and intelligent control, security functional modules can be dynamically deployed and collaborated to complete different tasks. It migrates resources according to the workloads of each honeypot and power off unused modules. Simulation results show that intelligent honeynet has a better performance in conserving resources and reducing energy consumption. The new architecture can fit the needs of future honeynet development and deployment.
Yu, F., Chen, L., Zhang, H..  2016.  Virtual TPM Dynamic Trust Extension Suitable for Frequent Migrations. 2016 IEEE Trustcom/BigDataSE/ISPA. :57–65.

This paper has presented an approach of vTPM (virtual Trusted Platform Module) Dynamic Trust Extension (DTE) to satisfy the requirements of frequent migrations. With DTE, vTPM is a delegation of the capability of signing attestation data from the underlying pTPM (physical TPM), with one valid time token issued by an Authentication Server (AS). DTE maintains a strong association between vTPM and its underlying pTPM, and has clear distinguishability between vTPM and pTPM because of the different security strength of the two types of TPM. In DTE, there is no need for vTPM to re-acquire Identity Key (IK) certificate(s) after migration, and pTPM can have a trust revocation in real time. Furthermore, DTE can provide forward security. Seen from the performance measurements of its prototype, DTE is feasible.

Yan, Y., Bao, W., Zhang, H., Liu, B., Xin, L..  2015.  Study of the disturbance propagation in the discrete model of power networks. 2015 5th International Conference on Electric Utility Deregulation and Restructuring and Power Technologies (DRPT). :2436–2441.

The study of the characteristics of disturbance propagation in the interconnected power networks is of great importance to control the spreading of disturbance and improve the security level of power systems. In this paper, the characteristics of disturbance propagation in a one-dimensional chained power network are studied from the electromechanical wave point of view. The electromechanical wave equation is built based on the discrete inertia model of power networks. The wave transfer function which can describe the variations of amplitude and the phase is derived. Then, the propagation characteristics of different frequency disturbances are analyzed. The corner frequency of the discrete inertia model is proposed. Furthermore, the frequency dispersion and local oscillation are considered and their relationships with the corner frequency are revealed as well. Computer simulations for a 50 generators chained network are carried out to verify the propagation characteristics of disturbances with different frequencies.

Ma, T., Zhang, H., Qian, J., Liu, S., Zhang, X., Ma, X..  2015.  The Design of Brand Cosmetics Anti-counterfeiting System Based on RFID Technology. 2015 International Conference on Network and Information Systems for Computers. :184–189.

The digital authentication security technology is widely used in the current brand cosmetics as key anti-counterfeiting technology, yet this technology is prone to "false security", "hard security" and "non-security" phenomena. This paper researches the current cosmetics brand distribution channels and sales methods also analyses the cosmetics brands' demand for RFID technology anti-counterfeiting security system, then proposes a security system based on RFID technology for brand cosmetics. The system is based on a typical distributed RFID tracking and tracing system which is the most widely used system-EPC system. This security system based on RFID technology for brand cosmetics in the paper is a visual information management system for luxury cosmetics brand. It can determine the source of the product timely and effectively, track and trace products' logistics information and prevent fake goods and gray goods getting into the normal supply chain channels.