Visible to the public Biblio

Found 111 results

Filters: Keyword is control systems  [Clear All Filters]
2020-09-04
Amoroso, E., Merritt, M..  1994.  Composing system integrity using I/O automata. Tenth Annual Computer Security Applications Conference. :34—43.
The I/O automata model of Lynch and Turtle (1987) is summarized and used to formalize several types of system integrity based on the control of transitions to invalid starts. Type-A integrity is exhibited by systems with no invalid initial states and that disallow transitions from valid reachable to invalid states. Type-B integrity is exhibited by systems that disallow externally-controlled transitions from valid reachable to invalid states, Type-C integrity is exhibited by systems that allow locally-controlled or externally-controlled transitions from reachable to invalid states. Strict-B integrity is exhibited by systems that are Type-B but not Type-A. Strict-C integrity is exhibited by systems that are Type-C but not Type-B. Basic results on the closure properties that hold under composition of systems exhibiting these types of integrity are presented in I/O automata-theoretic terms. Specifically, Type-A, Type-B, and Type-C integrity are shown to be composable, whereas Strict-B and Strict-C integrity are shown to not be generally composable. The integrity definitions and compositional results are illustrated using the familiar vending machine example specified as an I/O automaton and composed with a customer environment. The implications of the integrity definitions and compositional results on practical system design are discussed and a research plan for future work is outlined.
2020-08-07
Lou, Xin, Tran, Cuong, Yau, David K.Y., Tan, Rui, Ng, Hongwei, Fu, Tom Zhengjia, Winslett, Marianne.  2019.  Learning-Based Time Delay Attack Characterization for Cyber-Physical Systems. 2019 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm). :1—6.
The cyber-physical systems (CPSes) rely on computing and control techniques to achieve system safety and reliability. However, recent attacks show that these techniques are vulnerable once the cyber-attackers have bypassed air gaps. The attacks may cause service disruptions or even physical damages. This paper designs the built-in attack characterization scheme for one general type of cyber-attacks in CPS, which we call time delay attack, that delays the transmission of the system control commands. We use the recurrent neural networks in deep learning to estimate the delay values from the input trace. Specifically, to deal with the long time-sequence data, we design the deep learning model using stacked bidirectional long short-term memory (LSTM) units. The proposed approach is tested by using the data generated from a power plant control system. The results show that the LSTM-based deep learning approach can work well based on data traces from three sensor measurements, i.e., temperature, pressure, and power generation, in the power plant control system. Moreover, we show that the proposed approach outperforms the base approach based on k-nearest neighbors.
2020-07-24
Chen, Jun, Zhu, Huijun, Chen, Zhixin, Cai, Xiaobo, Yang, Linnan.  2019.  A Security Evaluation Model Based on Fuzzy Hierarchy Analysis for Industrial Cyber-Physical Control Systems. 2019 IEEE International Conference on Industrial Internet (ICII). :62—65.
With the increasing security threats to the information of Industrial Cyber-physical Control Systems, the quantitative assessment of security risk becomes an important basis of information security research. Based on fuzzy hierarchy analysis, this paper constructs the hierarchical model of industrial control system safety risk evaluation, and obtains the exact value of risk. Experimental results show that the proposed method can effectively quantify the control system risk, which provides a basis for industrial control system risk management decision.
2020-07-16
Khatamifard, S. Karen, Wang, Longfei, Das, Amitabh, Kose, Selcuk, Karpuzcu, Ulya R..  2019.  POWERT Channels: A Novel Class of Covert CommunicationExploiting Power Management Vulnerabilities. 2019 IEEE International Symposium on High Performance Computer Architecture (HPCA). :291—303.

To be able to meet demanding application performance requirements within a tight power budget, runtime power management must track hardware activity at a very fine granularity in both space and time. This gives rise to sophisticated power management algorithms, which need the underlying system to be both highly observable (to be able to sense changes in instantaneous power demand timely) and controllable (to be able to react to changes in instantaneous power demand timely). The end goal is allocating the power budget, which itself represents a very critical shared resource, in a fair way among active tasks of execution. Fundamentally, if not carefully managed, any system-wide shared resource can give rise to covert communication. Power budget does not represent an exception, particularly as systems are becoming more and more observable and controllable. In this paper, we demonstrate how power management vulnerabilities can enable covert communication over a previously unexplored, novel class of covert channels which we will refer to as POWERT channels. We also provide a comprehensive characterization of the POWERT channel capacity under various sharing and activity scenarios. Our analysis based on experiments on representative commercial systems reveal a peak channel capacity of 121.6 bits per second (bps).

Guirguis, Mina, Tahsini, Alireza, Siddique, Khan, Novoa, Clara, Moore, Justin, Julien, Christine, Dunstatter, Noah.  2018.  BLOC: A Game-Theoretic Approach to Orchestrate CPS against Cyber Attacks. 2018 IEEE Conference on Communications and Network Security (CNS). :1—9.

Securing Cyber-Physical Systems (CPS) against cyber-attacks is challenging due to the wide range of possible attacks - from stealthy ones that seek to manipulate/drop/delay control and measurement signals to malware that infects host machines that control the physical process. This has prompted the research community to address this problem through developing targeted methods that protect and check the run-time operation of the CPS. Since protecting signals and checking for errors result in performance penalties, they must be performed within the delay bounds dictated by the control loop. Due to the large number of potential checks that can be performed, coupled with various degrees of their effectiveness to detect a wide range of attacks, strategic assignment of these checks in the control loop is a critical endeavor. To that end, this paper presents a coherent runtime framework - which we coin BLOC - for orchestrating the CPS with check blocks to secure them against cyber attacks. BLOC capitalizes on game theoretical techniques to enable the defender to find an optimal randomized use of check blocks to secure the CPS while respecting the control-loop constraints. We develop a Stackelberg game model for stateless blocks and a Markov game model for stateful ones and derive optimal policies that minimize the worst-case damage from rational adversaries. We validate our models through extensive simulations as well as a real implementation for a HVAC system.

Xiao, Jiaping, Jiang, Jianchun.  2018.  Real-time Security Evaluation for Unmanned Aircraft Systems under Data-driven Attacks*. 2018 13th World Congress on Intelligent Control and Automation (WCICA). :842—847.

With rapid advances in the fields of the Internet of Things and autonomous systems, the network security of cyber-physical systems(CPS) becomes more and more important. This paper focuses on the real-time security evaluation for unmanned aircraft systems which are cyber-physical systems relying on information communication and control system to achieve autonomous decision making. Our problem formulation is motivated by scenarios involving autonomous unmanned aerial vehicles(UAVs) working continuously under data-driven attacks when in an open, uncertain, and even hostile environment. Firstly, we investigated the state estimation method in CPS integrated with data-driven attacks model, and then proposed a real-time security scoring algorithm to evaluate the security condition of unmanned aircraft systems under different threat patterns, considering the vulnerability of the systems and consequences brought by data attacks. Our simulation in a UAV illustrated the efficiency and reliability of the algorithm.

2020-07-03
El-Din Abd El-Raouf, Karim Alaa, Bahaa-Eldin, Ayman M., Sobh, Mohamed A..  2019.  Multipath Traffic Engineering for Software Defined Networking. 2019 14th International Conference on Computer Engineering and Systems (ICCES). :132—136.

ASA systems (firewall, IDS, IPS) are probable to become communication bottlenecks in networks with growing network bandwidths. To alleviate this issue, we suggest to use Application-aware mechanism based on Deep Packet Inspection (DPI) to bypass chosen traffic around firewalls. The services of Internet video sharing gained importance and expanded their share of the multimedia market. The Internet video should meet strict service quality (QoS) criteria to make the broadcasting of broadcast television a viable and comparable level of quality. However, since the Internet video relies on packet communication, it is subject to delays, transmission failures, loss of data and bandwidth restrictions that may have a catastrophic effect on the quality of multimedia.

2020-06-26
Chandra, K. Ramesh, Prudhvi Raj, B., Prasannakumar, G..  2019.  An Efficient Image Encryption Using Chaos Theory. 2019 International Conference on Intelligent Computing and Control Systems (ICCS). :1506—1510.

This paper presents the encryption of advanced pictures dependent on turmoil hypothesis. Two principal forms are incorporated into this method those are pixel rearranging and pixel substitution. Disorder hypothesis is a part of science concentrating on the conduct of dynamical frameworks that are profoundly touchy to beginning conditions. A little change influences the framework to carry on totally unique, little changes in the beginning position of a disorganized framework have a major effect inevitably. A key of 128-piece length is created utilizing mayhem hypothesis, and decoding should be possible by utilizing a similar key. The bit-XOR activity is executed between the unique picture and disorder succession x is known as pixel substitution. Pixel rearranging contains push savvy rearranging and section astute rearranging gives extra security to pictures. The proposed strategy for encryption gives greater security to pictures.

2020-06-15
ALshukri, Dawoud, R, Vidhya Lavanya, P, Sumesh E, Krishnan, Pooja.  2019.  Intelligent Border Security Intrusion Detection using IoT and Embedded systems. 2019 4th MEC International Conference on Big Data and Smart City (ICBDSC). :1–3.
Border areas are generally considered as places where great deal of violence, intrusion and cohesion between several parties happens. This often led to danger for the life of employees, soldiers and common man working or living in border areas. Further geographical conditions like mountains, snow, forest, deserts, harsh weather and water bodies often lead to difficult access and monitoring of border areas. Proposed system uses thermal imaging camera (FLIR) for detection of various objects and infiltrators. FLIR is assigned an IP address and connected through local network to the control center. Software code captures video and subsequently the intrusion detection. A motor controlled spotlight with infrared and laser gun is used to illuminate under various conditions at the site. System also integrates sound sensor to detect specific sounds and motion sensors to sense suspicious movements. Based on the decision, a buzzer and electric current through fence for further protection can be initiated. Sensors are be integrated through IoT for an efficient control of large border area and connectivity between sites.
2020-06-03
Duy, Phan The, Do Hoang, Hien, Thu Hien, Do Thi, Ba Khanh, Nguyen, Pham, Van-Hau.  2019.  SDNLog-Foren: Ensuring the Integrity and Tamper Resistance of Log Files for SDN Forensics using Blockchain. 2019 6th NAFOSTED Conference on Information and Computer Science (NICS). :416—421.

Despite bringing many benefits of global network configuration and control, Software Defined Networking (SDN) also presents potential challenges for both digital forensics and cybersecurity. In fact, there are various attacks targeting a range of vulnerabilities on vital elements of this paradigm such as controller, Northbound and Southbound interfaces. In addition to solutions of security enhancement, it is important to build mechanisms for digital forensics in SDN which provide the ability to investigate and evaluate the security of the whole network system. It should provide features of identifying, collecting and analyzing log files and detailed information about network devices and their traffic. However, upon penetrating a machine or device, hackers can edit, even delete log files to remove the evidences about their presence and actions in the system. In this case, securing log files with fine-grained access control in proper storage without any modification plays a crucial role in digital forensics and cybersecurity. This work proposes a blockchain-based approach to improve the security of log management in SDN for network forensics, called SDNLog-Foren. This model is also evaluated with different experiments to prove that it can help organizations keep sensitive log data of their network system in a secure way regardless of being compromised at some different components of SDN.

2020-05-15
Sharma, Dilli P., Cho, Jin-Hee, Moore, Terrence J., Nelson, Frederica F., Lim, Hyuk, Kim, Dong Seong.  2019.  Random Host and Service Multiplexing for Moving Target Defense in Software-Defined Networks. ICC 2019 - 2019 IEEE International Conference on Communications (ICC). :1—6.

Moving target defense (MTD) is a proactive defense mechanism of changing the attack surface to increase an attacker's confusion and/or uncertainty, which invalidates its intelligence gained through reconnaissance and/or network scanning attacks. In this work, we propose software-defined networking (SDN)-based MTD technique using the shuffling of IP addresses and port numbers aiming to obfuscate both network and transport layers' real identities of the host and the service for defending against the network reconnaissance and scanning attacks. We call our proposed MTD technique Random Host and Service Multiplexing, namely RHSM. RHSM allows each host to use random, multiple virtual IP addresses to be dynamically and periodically shuffled. In addition, it uses short-lived, multiple virtual port numbers for an active service running on the host. Our proposed RHSM is novel in that we employ multiplexing (or de-multiplexing) to dynamically change and remap from all the virtual IPs of the host to the real IP or the virtual ports of the services to the real port, respectively. Via extensive simulation experiments, we prove how effectively and efficiently RHSM outperforms a baseline counterpart (i.e., a static network without RHSM) in terms of the attack success probability and defense cost.

2020-05-08
Su, Yu, Wu, Jing, Long, Chengnian, Li, Shaoyuan.  2018.  Event-triggered Control for Networked Control Systems Under Replay Attacks. 2018 Chinese Automation Congress (CAC). :2636—2641.
With wide application of networked control systems(N CSs), NCSs security have encountered severe challenges. In this paper, we propose a robust event-triggered controller design method under replay attacks, and the control signal on the plant is updated only when the event-triggering condition is satisfied. We develop a general random replay attack model rather than predetermined specific patterns for the occurrences of replay attacks, which allows to obtain random states to replay. We show that the proposed event-triggered control (ETC) scheme, if well designed, can tolerate some consecutive replay attacks, without affecting the corresponding closed-loop system stability and performance. A numerical examples is finally given to illustrate the effectiveness of our method.
Ali, Yasir, Shen, Zhen, Zhu, Fenghua, Xiong, Gang, Chen, Shichao, Xia, Yuanqing, Wang, Fei-Yue.  2018.  Solutions Verification for Cloud-Based Networked Control System using Karush-Kuhn-Tucker Conditions. 2018 Chinese Automation Congress (CAC). :1385—1389.
The rapid development of the Cloud Computing Technologies (CCTs) has amended the conventional design of resource-constrained Network Control System (NCS) to the powerful and flexible design of Cloud-Based Networked Control System (CB-NCS) by relocating the processing part to the cloud server. This arrangement has produced many internets based exquisite applications. However, this new arrangement has also raised many network security challenges for the cloud-based control system related to cyber-physical part of the system. In the absence of robust verification methodology, an attacker can launch the modification attack in order to destabilize or take control of NCS. It is desirable that there shall be a solution authentication methodology used to verify whether the incoming solutions are coming from the cloud or not. This paper proposes a methodology used for the verification of the receiving solution to the local control system from the cloud using Karush-Kuhn-Tucker (KKT) conditions, which is then applied to actuator after verification and thus ensure the stability in case of modification attack.
Zhi-wen, Wang, Yang, Cheng.  2018.  Bandwidth Allocation Strategy of Networked Control System under Denial-of-Service Attack. 2018 4th Annual International Conference on Network and Information Systems for Computers (ICNISC). :49—55.
In this paper, security of networked control system (NCS) under denial of service (DoS) attack is considered. Different from the existing literatures from the perspective of control systems, this paper considers a novel method of dynamic allocation of network bandwidth for NCS under DoS attack. Firstly, time-constrained DoS attack and its impact on the communication channel of NCS are introduced. Secondly, details for the proposed dynamic bandwidth allocation structure are presented along with an implementation, which is a bandwidth allocation strategy based on error between current state and equilibrium state and available bandwidth. Finally, a numerical example is given to demonstrate the effectiveness of the proposed bandwidth allocation approach.
Yang, Zai-xin, Gao, Chen, Wang, Yun-min.  2018.  Security and Stability Control System Simulation Using RTDS. 2018 13th World Congress on Intelligent Control and Automation (WCICA). :1737—1740.
Analyzing performance of security and stability control system is of great importance for the safe and stable operation of the power grid. Digital dynamic experimental model is built by real time digital simulation (RTDS) in order to research security and stability system of Inner Mongolia in northern 500kV transmission channel. The whole process is closed-loop dynamic real-time simulation. According to power grid network testing technology standard, all kinds of stability control devices need to be tested in a comprehensive system. Focus on the following items: security and stability control strategy, tripping criterion as well as power system low frequency oscillations. Results of the trial indicated that the simulation test platform based on RTDS have the ability of detecting the safe and stable device. It can reflect the action behavior and control characteristics of the safe and stable device accurately. The device can be used in the case of low frequency oscillation of the system.
2020-05-04
Wang, Fang, Qi, Weimin, Qian, Tonghui.  2019.  A Dynamic Cybersecurity Protection Method based on Software-defined Networking for Industrial Control Systems. 2019 Chinese Automation Congress (CAC). :1831–1834.
In this paper, a dynamic cybersecurity protection method based on software-defined networking (SDN) is proposed, according to the protection requirement analysis for industrial control systems (ICSs). This method can execute security response measures by SDN, such as isolation, redirection etc., based on the real-time intrusion detection results, forming a detecting-responding closed-loop security control. In addition, moving target defense (MTD) concept is introduced to the protection for ICSs, where topology transformation and IP/port hopping are realized by SDN, which can confuse and deceive the attackers and prevent attacks at the beginning, protection ICSs in an active manner. The simulation results verify the feasibility of the proposed method.
Li, Mingxuan, Yang, Zhushi, He, Ling, Teng, Yangxin.  2019.  Research on Typical Model of Network Invasion and Attack in Power Industrial Control System. 2019 IEEE 4th Advanced Information Technology, Electronic and Automation Control Conference (IAEAC). 1:2070–2073.

Aiming at the operation characteristics of power industry control system, this paper deeply analyses the attack mechanism and characteristics of power industry control system intrusion. On the basis of classifying and sorting out the attack characteristics of power industrial control system, this paper also attaches importance to break the basic theory and consequential technologies of industrial control network space security, and constructs the network intrusion as well as attack model of power industrial control system to realize the precise characterization of attackers' attack behavior, which provides a theoretical model for the analysis and early warning of attack behavior analysis of power industrial control systems.

Karmakar, Kallol Krishna, Varadharajan, Vijay, Nepal, Surya, Tupakula, Uday.  2019.  SDN Enabled Secure IoT Architecture. 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). :581–585.
The Internet of Things (IoT) is increasingly being used in applications ranging from precision agriculture to critical national infrastructure by deploying a large number of resource-constrained devices in hostile environments. These devices are being exploited to launch attacks in cyber systems. As a result, security has become a significant concern in the design of IoT based applications. In this paper, we present a security architecture for IoT networks by leveraging the underlying features supported by Software Defined Networks (SDN). Our security architecture restricts network access to authenticated IoT devices. We use fine granular policies to secure the flows in the IoT network infrastructure and provide a lightweight protocol to authenticate IoT devices. Such an integrated security approach involving authentication of IoT devices and enabling authorized flows can help to protect IoT networks from malicious IoT devices and attacks.
2020-04-24
Tuttle, Michael, Wicker, Braden, Poshtan, Majid, Callenes, Joseph.  2019.  Algorithmic Approaches to Characterizing Power Flow Cyber-Attack Vulnerabilities. 2019 IEEE Power Energy Society Innovative Smart Grid Technologies Conference (ISGT). :1—5.
As power grid control systems become increasingly automated and distributed, security has become a significant design concern. Systems increasingly expose new avenues, at a variety of levels, for attackers to exploit and enable widespread disruptions and/or surveillance. Much prior work has explored the implications of attack models focused on false data injection at the front-end of the control system (i.e. during state estimation) [1]. Instead, in this paper we focus on characterizing the inherent cyber-attack vulnerabilities with power flow. Power flow (and power flow constraints) are at the core of many applications critical to operation of power grids (e.g. state estimation, economic dispatch, contingency analysis, etc.). We propose two algorithmic approaches for characterizing the vulnerability of buses within power grids to cyber-attacks. Specifically, we focus on measuring the instability of power flow to attacks which manifest as either voltage or power related errors. Our results show that attacks manifesting as voltage errors are an order of magnitude more likely to cause instability than attacks manifesting as power related errors (and 5x more likely for state estimation as compared to power flow).
Bellec, Q., le Claire, J.C., Benkhoris, M.F., Coulibaly, P..  2019.  Investigation of time delay effects on the current in a power converter regulated by Phase-Shift Self-Oscillating Current Controller. 2019 21st European Conference on Power Electronics and Applications (EPE '19 ECCE Europe). :P.1–P.10.

This paper deals with effects of current sensor bandwidth and time delays in a system controlled by a Phase-Shift Self-Oscillating Current Controller (PSSOCC). The robustness of this current controller has been proved in former works showing its good performances in a large range of applications including AC/DC and DC/AC converters, power factor correction, active filters, isolation amplifiers and motor control. As switching frequencies can be upper than 30kHz, time delays and bandwidth limitations cannot be neglected in comparison with former works on this robust current controller. Thus, several models are proposed in this paper to analyze system behaviours. Those models permit to find analytical expressions binding maximum oscillation frequency with time delay and/or additional filter parameters. Through current spectrums analysis, quality of analytical expressions is proved for each model presented in this work. An experimental approach shows that every element of the electronic board having a low-pass effect or delaying command signals need to be included in the model in order to have a perfect match between calculations, simulations and practical results.

Bettouche, Mohamed Amine, Le Claire, Jean-Claude, Ghedamsi, Kaci, Aouzellag, Djamal, Ahmed, Mourad Ait, Benkhoris, Mohamed Fouad.  2019.  A behavior analysis of Permanent Magnet Synchronous Generator - Vienna rectifier set for marine current energy conversion. 2019 IEEE 2nd International Conference on Renewable Energy and Power Engineering (REPE). :254—259.

This article is dedicated to the study of an innovative architecture for the conversion of renewable marine energy into electrical energy. It consists of a Permanent Magnet Synchronous Generator (PMSG) combined with a three-phase Vienna rectifier. This last converter is not reversible but has the advantage of minimizing the number of active switches. This improves the operational reliability of the chain, which is necessary in the context of marine energy exploitation where access to the installations is not easy. The study focuses on the behavior analysis of electrical chain conversion, and the study of phase and neutral current according to the conduction’s states of the switches of the Vienna rectifier is being investigated. Despite the high non-linearity of this architecture, this control is made possible through to the dynamic performance and control of the maximum switching frequency of the self-oscillating controller called the Phase-Shift Self-Oscillating Current Controller (PSSOCC).

2020-04-13
Phan, Trung V., Islam, Syed Tasnimul, Nguyen, Tri Gia, Bauschert, Thomas.  2019.  Q-DATA: Enhanced Traffic Flow Monitoring in Software-Defined Networks applying Q-learning. 2019 15th International Conference on Network and Service Management (CNSM). :1–9.
Software-Defined Networking (SDN) introduces a centralized network control and management by separating the data plane from the control plane which facilitates traffic flow monitoring, security analysis and policy formulation. However, it is challenging to choose a proper degree of traffic flow handling granularity while proactively protecting forwarding devices from getting overloaded. In this paper, we propose a novel traffic flow matching control framework called Q-DATA that applies reinforcement learning in order to enhance the traffic flow monitoring performance in SDN based networks and prevent traffic forwarding performance degradation. We first describe and analyse an SDN-based traffic flow matching control system that applies a reinforcement learning approach based on Q-learning algorithm in order to maximize the traffic flow granularity. It also considers the forwarding performance status of the SDN switches derived from a Support Vector Machine based algorithm. Next, we outline the Q-DATA framework that incorporates the optimal traffic flow matching policy derived from the traffic flow matching control system to efficiently provide the most detailed traffic flow information that other mechanisms require. Our novel approach is realized as a REST SDN application and evaluated in an SDN environment. Through comprehensive experiments, the results show that-compared to the default behavior of common SDN controllers and to our previous DATA mechanism-the new Q-DATA framework yields a remarkable improvement in terms of traffic forwarding performance degradation protection of SDN switches while still providing the most detailed traffic flow information on demand.
2020-03-23
Tejendra, D.S., Varunkumar, C.R., Sriram, S.L., Sumathy, V., Thejeshwari, C.K..  2019.  A Novel Approach to reduce Vulnerability on Router by Zero vulnerability Encrypted password in Router (ZERO) Mechanism. 2019 3rd International Conference on Computing and Communications Technologies (ICCCT). :163–167.
As technology is developing exponentially and the world is moving towards automation, the resources have to be transferred through the internet which requires routers to connect networks and forward bundles (information). Due to the vulnerability of routers the data and resources have been hacked. The vulnerability of routers is due to minimum authentication to the network shared, some technical attacks on routers, leaking of passwords to others, single passwords. Based on the study, the solution is to maximize authentication of the router by embedding an application that monitors the user entry based on MAC address of the device, the password is frequently changed and that encrypted password is sent to a user and notifies the admin about the changes. Thus, these routers provide high-level security to the forward data through the internet.
Rustgi, Pulkit, Fung, Carol.  2019.  Demo: DroidNet - An Android Permission Control Recommendation System Based on Crowdsourcing. 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). :737–738.
Mobile and web application security, particularly the areas of data privacy, has raised much concerns from the public in recent years. Most applications, or apps for short, are installed without disclosing full information to users and clearly stating what the application has access to, which often raises concern when users become aware of unnecessary information being collected. Unfortunately, most users have little to no technical expertise in regards to what permissions should be turned on and can only rely on their intuition and past experiences to make relatively uninformed decisions. To solve this problem, we developed DroidNet, which is a crowd-sourced Android recommendation tool and framework. DroidNet alleviates privacy concerns and presents users with high confidence permission control recommendations based on the decision from expert users who are using the same apps. This paper explains the general framework, principles, and model behind DroidNet while also providing an experimental setup design which shows the effectiveness and necessity for such a tool.
2020-03-18
Mei, Lei, Tong, Haojie, Liu, Tong, Tian, Ye.  2019.  PSA: An Architecture for Proactively Securing Protocol-Oblivious SDN Networks. 2019 IEEE 9th International Conference on Electronics Information and Emergency Communication (ICEIEC). :1–6.

Up to now, Software-defined network (SDN) has been developing for many years and various controller implementations have appeared. Most of these controllers contain the normal business logic as well as security defense function. This makes the business logic on the controller tightly coupled with the security function, which increases the burden of the controller and is not conducive to the evolution of the controller. To address this problem, we propose a proactive security framework PSA, which decouples the business logic and security function of the controller, and deploys the security function in the proactive security layer which lies between the data plane and the control plane, so as to provide a unified security defense framework for different controller implementations. Based on PSA, we design a security defense application for the data-to-control plane saturation attack, which overloads the infrastructure of SDN networks. We evaluate the prototype implementation of PSA in the software environments. The results show that PSA is effective with adding only minor overhead into the entire SDN infrastructure.