Visible to the public Biblio

Found 4059 results

Filters: Keyword is Resiliency  [Clear All Filters]
Taher, Bahaa Hussein, Wei, Lu Hong, Yassin, Ali A..  2018.  Flexible and Efficient Authentication of IoT Cloud Scheme Using Crypto Hash Function. Proceedings of the 2018 2Nd International Conference on Computer Science and Artificial Intelligence. :487–494.
The Internet of Things and cloud computing (IoT Cloud) have a wide resonance in the Internet and modern communication technology, which allows laptops, phones, sensors, embedded devices, and other things to connect and exchange information via the Internet. Therefore, IoT Cloud offers several facilities, such as resources, storage, sharing, exchange, and communication. However, IoT Cloud suffers from security problems, which are a vital issue in the information technology world. All embedded devices in IoT Cloud need to be supported by strong authentication and preservation of privacy data during information exchange via the IoT Cloud environment. Malicious attacks (such as replay, man-in-the-middle [MITM], and impersonation attacks) play the negative role of obtaining important information of devices. In this study, we propose a good scheme that overcomes the mentioned issues by resisting well-known attacks, such as MITM, insider, offline password guessing, dictionary, replay, and eavesdropping. Our work achieves device anonymity, forward secrecy, confidentiality, and mutual authentication. Security and performance analyses show that our proposed scheme is more efficient, flexible, and secure with respect to several known attacks compared with related schemes.
Gautier, Adam M., Andel, Todd R., Benton, Ryan.  2018.  On-Device Detection via Anomalous Environmental Factors. Proceedings of the 8th Software Security, Protection, and Reverse Engineering Workshop. :5:1–5:8.
Embedded Systems (ES) underlie society's critical cyberinfrastructure and comprise the vast majority of consumer electronics, making them a prized target for dangerous malware and hardware Trojans. Malicious intrusion into these systems present a threat to national security and economic stability as globalized supply chains and tight network integration make ES more susceptible to attack than ever. High-end ES like the Xilinx Zynq-7020 system on a chip are widely used in the field and provide a representative platform for investigating the methods of cybercriminals. This research suggests a novel anomaly detection framework that could be used to detect potential zero-day exploits, undiscovered rootkits, or even maliciously implanted hardware by leveraging the Zynq architecture and real-time device-level measurements of thermal side-channels. The results of an initial investigation showed different processor workloads produce distinct thermal fingerprints that are detectable by out-of-band, digital logic-based thermal sensors.
Georgiadis, Ioannis, Dossis, Michael, Kontogiannis, Sotirios.  2018.  Performance Evaluation on IoT Devices Secure Data Delivery Processes. Proceedings of the 22Nd Pan-Hellenic Conference on Informatics. :306–311.
This paper presents existing cryptographic technologies used by the IoT industry. Authors review security capabilities of existing IoT protocols such as LoRaWAN, IEE802.15.4, BLE and RF based. Authors also experiment with the cryptographic efficiency and energy consumption of existing cryptography algorithms, implemented on embedded systems. Authors evaluate the performance of 32bit single ARM cortex microprocessor, Atmel ATmega32u4 8-bit micro-controller and Parallella Xillix Zynq FPGA parallel co-processors. From the experimental results, authors signify the requirements of the next generation IoT security protocols and from their experimental results provide useful guidelines.
Carpent, Xavier, ElDefrawy, Karim, Rattanavipanon, Norrathep, Tsudik, Gene.  2018.  Temporal Consistency of Integrity-Ensuring Computations and Applications to Embedded Systems Security. Proceedings of the 2018 on Asia Conference on Computer and Communications Security. :313–327.
Assuring integrity of information (e.g., data and/or software) is usually accomplished by cryptographic means, such as hash functions or message authentication codes (MACs). Computing such integrity-ensuring functions can be time-consuming if the amount of input data is large and/or the computing platform is weak. At the same time, in real-time or safety-critical settings, it is often impractical or even undesirable to guarantee atomicity of computing a time-consuming integrity-ensuring function. Meanwhile, standard correctness and security definitions of such functions assume that input data (regardless of its size) remains consistent throughout computation. However, temporal consistency may be lost if another process interrupts execution of an integrity-ensuring function and modifies portions of input that either or both: (1) were already processed, or (2) were not processed yet. Lack of temporal consistency might yield an integrity result that is non-sensical or simply incorrect. Such subtleties and discrepancies between (implicit) assumptions in definitions and implementations can be a source of inconsistenceies, which might lead to vulnerabilities. In this paper, we systematically explore the notion of temporal consistency of cryptographic integrity-ensuring functions. We show that its lack in implementations of such functions can lead to inconsistent results and security violations in protocols and systems using them, e.g., remote attestation, remote updates and secure resets. We consider several mechanisms that guarantee temporal consistency of implementations of integrity-ensuring functions in embedded systems with a focus on remote attestation. We also assess performance of proposed mechanisms on two commodity hardware platforms: I.MX6-SabreLite and ODROID-XU4.
Gundabolu, S., Wang, X..  2018.  On-chip Data Security Against Untrustworthy Software and Hardware IPs in Embedded Systems. 2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). :644–649.
State-of-the-art system-on-chip (SoC) field programmable gate arrays (FPGAs) integrate hard powerful ARM processor cores and the reconfigurable logic fabric on a single chip in addition to many commonly needed high performance and high-bandwidth peripherals. The increasing reliance on untrustworthy third-party IP (3PIP) cores, including both hardware and software in FPGA-based embedded systems has made the latter increasingly vulnerable to security attacks. Detection of trojans in 3PIPs is extremely difficult to current static detection methods since there is no golden reference model for 3PIPs. Moreover, many FPGA-based embedded systems do not have the support of security services typically found in operating systems. In this paper, we present our run-time, low-cost, and low-latency hardware and software based solution for protecting data stored in on-chip memory blocks, which has attracted little research attention. The implemented memory protection design consists of a hierarchical top-down structure and controls memory access from software IPs running on the processor and hardware IPs running in the FPGA, based on a set of rules or access rights configurable at run time. Additionally, virtual addressing and encryption of data for each memory help protect confidentiality of data in case of a failure of the memory protection unit, making it hard for the attacker to gain access to the data stored in the memory. The design is implemented and tested on the Intel (Altera) DE1-SoC board featuring a SoC FPGA that integrates a dual-core ARM processor with reconfigurable logic and hundreds of memory blocks. The experimental results and case studies show that the protection model is successful in eliminating malicious IPs from the system without need for reconfiguration of the FPGA. It prevents unauthorized accesses from untrusted IPs, while arbitrating access from trusted IPs generating legal memory requests, without incurring a serious area or latency penalty.
Höfig, K., Klug, A..  2018.  SEnSE – An Architecture for a Safe and Secure Integration of Safety-Critical Embedded Systems. 2018 26th International Conference on Software, Telecommunications and Computer Networks (SoftCOM). :1–5.
Embedded systems that communicate with each other over the internet and build up a larger, loosely coupled (hardware) system with an unknown configuration at runtime is often referred to as a cyberphysical system. Many of these systems can become, due to its associated risks during their operation, safety critical. With increased complexity of such systems, the number of configurations can either be infinite or even unknown at design time. Hence, a certification at design time for such systems that documents a safe interaction for all possible configurations of all participants at runtime can become unfeasible. If such systems come together in a new configuration, a mechanism is required that can decide whether or not it is safe for them to interact. Such a mechanism can generally not be part of such systems for the sake of trust. Therefore, we present in the following sections the SEnSE device, short for Secure and Safe Embedded, that tackles these challenges and provides a secure and safe integration of safety-critical embedded systems.
Barrere, M., Hankin, C., Barboni, A., Zizzo, G., Boem, F., Maffeis, S., Parisini, T..  2018.  CPS-MT: A Real-Time Cyber-Physical System Monitoring Tool for Security Research. 2018 IEEE 24th International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA). :240–241.
Monitoring systems are essential to understand and control the behaviour of systems and networks. Cyber-physical systems (CPS) are particularly delicate under that perspective since they involve real-time constraints and physical phenomena that are not usually considered in common IT solutions. Therefore, there is a need for publicly available monitoring tools able to contemplate these aspects. In this poster/demo, we present our initiative, called CPS-MT, towards a versatile, real-time CPS monitoring tool, with a particular focus on security research. We first present its architecture and main components, followed by a MiniCPS-based case study. We also describe a performance analysis and preliminary results. During the demo, we will discuss CPS-MT's capabilities and limitations for security applications.
Li, J. H., Schafer, D., Whelihan, D., Lassini, S., Evancich, N., Kwak, K. J., Vai, M., Whitman, H..  2018.  Designing Secure and Resilient Embedded Avionics Systems. 2018 IEEE Cybersecurity Development (SecDev). :139–139.
Over the past decade, the reliance on Unmanned Aerial Systems (UAS) to carry out critical missions has grown drastically. With an increased reliance on UAS as mission assets and the dependency of UAS on cyber resources, cyber security of UAS must be improved by adopting sound security principles and relevant technologies from the computing community. On the other hand, the traditional avionics community, being aware of the importance of cyber security, is looking at new architecture and designs that can accommodate both the traditional safety oriented principles as well as the cyber security principles and techniques. It is with the effective and timely convergence of these domains that a holistic approach and co-design can meet the unique requirements of modern systems and operations. In this paper, authors from both the cyber security and avionics domains describe our joint effort and insights obtained during the course of designing secure and resilient embedded avionics systems.
Hajny, J., Dzurenda, P., Ricci, S., Malina, L., Vrba, K..  2018.  Performance Analysis of Pairing-Based Elliptic Curve Cryptography on Constrained Devices. 2018 10th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT). :1–5.
The paper deals with the implementation aspects of the bilinear pairing operation over an elliptic curve on constrained devices, such as smart cards, embedded devices, smart meters and similar devices. Although cryptographic constructions, such as group signatures, anonymous credentials or identity-based encryption schemes, often rely on the pairing operation, the implementation of such schemes into practical applications is not straightforward, in fact, it may become very difficult. In this paper, we show that the implementation is difficult not only due to the high computational complexity, but also due to the lack of cryptographic libraries and programming interfaces. In particular, we show how difficult it is to implement pairing-based schemes on constrained devices and show the performance of various libraries on different platforms. Furthermore, we show the performance estimates of fundamental cryptographic constructions, the group signatures. The purpose of this paper is to reduce the gap between the cryptographic designers and developers and give performance results that can be used for the estimation of the implementability and performance of novel, upcoming schemes.
Vagin, V. V., Butakova, N. G..  2019.  Mathematical Modeling of Group Authentication Based on Isogeny of Elliptic Curves. 2019 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus). :1780–1785.
In this paper, we consider ways of organizing group authentication, as well as the features of constructing the isogeny of elliptic curves. The work includes the study of isogeny graphs and their application in postquantum systems. A hierarchical group authentication scheme has been developed using transformations based on the search for isogeny of elliptic curves.
Omorog, C. D., Gerardo, B. D., Medina, R. P..  2018.  Enhanced pseudorandom number generator based on Blum-Blum-Shub and elliptic curves. 2018 IEEE Symposium on Computer Applications Industrial Electronics (ISCAIE). :269–274.
Blum-Blum-Shub (BBS) is a less complex pseudorandom number generator (PRNG) that requires very large modulus and a squaring operation for the generation of each bit, which makes it computationally heavy and slow. On the other hand, the concept of elliptic curve (EC) point operations has been extended to PRNGs that prove to have good randomness properties and reduced latency, but exhibit dependence on the secrecy of point P. Given these pros and cons, this paper proposes a new BBS-ECPRNG approach such that the modulus is the product of two elliptic curve points, both primes of length, and the number of bits extracted per iteration is by binary fraction. We evaluate the algorithm performance by generating 1000 distinct sequences of 106bits each. The results were analyzed based on the overall performance of the sequences using the NIST standard statistical test suite. The average performance of the sequences was observed to be above the minimum confidence level of 99.7 percent and successfully passed all the statistical properties of randomness tests.
Li, X., Kodera, Y., Uetake, Y., Kusaka, T., Nogami, Y..  2018.  A Consideration of an Efficient Arithmetic Over the Extension Field of Degree 3 for Elliptic Curve Pairing Cryptography. 2018 IEEE International Conference on Consumer Electronics-Taiwan (ICCE-TW). :1–2.
This paper presents an efficient arithmetic in extension field based on Cyclic Vector Multiplication Algorithm that reduces calculation costs over cubic extension for elliptic curve pairing cryptography. In addition, we evaluate the calculation costs compared to Karatsuba-based method.
Valenta, L., Sullivan, N., Sanso, A., Heninger, N..  2018.  In Search of CurveSwap: Measuring Elliptic Curve Implementations in the Wild. 2018 IEEE European Symposium on Security and Privacy (EuroS P). :384–398.
We survey elliptic curve implementations from several vantage points. We perform internet-wide scans for TLS on a large number of ports, as well as SSH and IPsec to measure elliptic curve support and implementation behaviors, and collect passive measurements of client curve support for TLS. We also perform active measurements to estimate server vulnerability to known attacks against elliptic curve implementations, including support for weak curves, invalid curve attacks, and curve twist attacks. We estimate that 1.53% of HTTPS hosts, 0.04% of SSH hosts, and 4.04% of IKEv2 hosts that support elliptic curves do not perform curve validity checks as specified in elliptic curve standards. We describe how such vulnerabilities could be used to construct an elliptic curve parameter downgrade attack called CurveSwap for TLS, and observe that there do not appear to be combinations of weak behaviors we examined enabling a feasible CurveSwap attack in the wild. We also analyze source code for elliptic curve implementations, and find that a number of libraries fail to perform point validation for JSON Web Encryption, and find a flaw in the Java and NSS multiplication algorithms.
Urbanik, David, Jao, David.  2018.  SoK: The Problem Landscape of SIDH. Proceedings of the 5th ACM on ASIA Public-Key Cryptography Workshop. :53–60.
The Supersingular Isogeny Diffie-Hellman protocol (SIDH) has recently been the subject of increased attention in the cryptography community. Conjecturally quantum-resistant, SIDH has the feature that it shares the same data flow as ordinary Diffie-Hellman: two parties exchange a pair of public keys, each generated from a private key, and combine them to form a shared secret. To create a potentially quantum-resistant scheme, SIDH depends on a new family of computational assumptions involving isogenies between supersingular elliptic curves which replace both the discrete logarithm problem and the computational and decisional Diffie-Hellman problems. As in the case of ordinary Diffie-Hellman, one is interested in knowing if these problems are related. In fact, more is true: there is a rich network of reductions between the isogeny problems securing the private keys of the participants in the SIDH protocol, the computational and decisional SIDH problems, and the problem of validating SIDH public keys. In this article we explain these relationships, which do not appear elsewhere in the literature, in hopes of providing a clearer picture of the SIDH problem landscape to the cryptography community at large.
Gu, Hongxiang, Potkonjak, Miodrag.  2018.  Efficient and Secure Group Key Management in IoT Using Multistage Interconnected PUF. Proceedings of the International Symposium on Low Power Electronics and Design. :8:1–8:6.
Secure group-oriented communication is crucial to a wide range of applications in Internet of Things (IoT). Security problems related to group-oriented communications in IoT-based applications placed in a privacy-sensitive environment have become a major concern along with the development of the technology. Unfortunately, many IoT devices are designed to be portable and light-weight; thus, their functionalities, including security modules, are heavily constrained by the limited energy resources (e.g., battery capacity). To address these problems, we propose a group key management scheme based on a novel physically unclonable function (PUF) design: multistage interconnected PUF (MIPUF) to secure group communications in an energy-constrained environment. Our design is capable of performing key management tasks such as key distribution, key storage and rekeying securely and efficiently. We show that our design is secure against multiple attack methods and our experimental results show that our design saves 47.33% of energy globally comparing to state-of-the-art Elliptic-curve cryptography (ECC)-based key management scheme on average.
Wu, Hsiao-Ling, Chang, Chin-Chen, Chen, Long-Sheng.  2018.  On the Security of a Secure Anonymous Authentication Protocol for Mobile Services on Elliptic Curve Cryptography. Proceedings of the 6th International Conference on Information Technology: IoT and Smart City. :88–91.
With the rapid development of mobile communication technologies, more and more mobile users use their mobile devices anywhere. Therefore, it is important to provide authentication process in three parties, i.e., a mobile user (MU), a home agent (HA), and a foreign agent (FA). In 2016, Reddy et al. proposed a secure and anonymous mobile authentication scheme. In their scheme, they first pointed out that Memon et al.'s scheme suffer from four secure issues, i.e., the impersonation attack, imperfect mutual authentication, unverifiable password changing phase, and the insider attack. Then, the authors proposed an improved scheme and claimed that their scheme can provide user anonymity and resist most famous attacks. Unfortunately, we have found that their scheme cannot resist known session-specific temporary information attack (KSTIA). In addition, when HA wants to charge MU fees for providing service, or, as FA and MU have argued, HA cannot find the real identity of MU. Finally, their scheme cannot achieve the mutual authentication and the session key agreement. Therefore, in this paper, we presented those weaknesses of Reddy et al.'s scheme.
Ramdani, Mohamed, Benmohammed, Mohamed, Benblidia, Nadjia.  2018.  Distributed Solution of Scalar Multiplication on Elliptic Curves over Fp for Resource-constrained Networks. Proceedings of the 2Nd International Conference on Future Networks and Distributed Systems. :63:1–63:6.
Elliptic curve cryptography (ECC) is an approach to public-key cryptography used for data protection to be unintelligible to any unauthorized device or entity. The encryption/decryption algorithm is publicly known and its security relies on the discrete logarithm problem. ECC is ideal for weak devices with small resources such as phones, smart cards, embedded systems and wireless sensor networks (WSN), largely deployed in different applications. The advantage of ECC is the shorter key length to provide same level of security than other cryptosystems like RSA. However, cryptographic computations such as the multiplication of an elliptic curve point by a scalar value are computationally expensive and involve point additions and doublings on elliptic curves over finite fields. Much works are done to optimize their costs. Based on the result of these works, including parallel processing, we propose two new efficient distributed algorithms to reduce the computations in resource-constrained networks having as feature the cooperative processing of data. Our results are conclusive and can provide up to 125% of reduction of consumed energy by each device in a data exchange operation.
Luo, Chao, Fei, Yunsi, Kaeli, David.  2018.  Effective Simple-power Analysis Attacks of Elliptic Curve Cryptography on Embedded Systems. Proceedings of the International Conference on Computer-Aided Design. :115:1–115:7.
Elliptic Curve Cryptography (ECC), initially proposed by Koblitz [17] and Miller [20], is a public-key cipher. Compared with other popular public-key ciphers (e.g., RSA), ECC features a shorter key length for the same level of security. For example, a 256-bit ECC cipher provides 128-bit security, equivalent to a 2048-bit RSA cipher [4]. Using smaller keys, ECC requires less memory for performing cryptographic operations. Embedded systems, especially given the proliferation of Internet-of-Things (IoT) devices and platforms, require efficient and low-power secure communications between edge devices and gateways/clouds. ECC has been widely adopted in IoT systems for authentication of communications, while RSA, which is much more costly to compute, remains the standard for desktops and servers.
Dong, Xiuze, Zhang, Li, Gao, Xianwei.  2018.  An Efficient FPGA Implementation of ECC Modular Inversion over F256. Proceedings of the 2Nd International Conference on Cryptography, Security and Privacy. :29–33.
Elliptic Curve Cryptography (ECC) provides high security levels with shorter keys than other public-key cryptosystems such as RSA. Usually modular inversion operation is a choke point in realizing the public-key cryptosystem. Based on the Extended Euclidean Algorithm, this work proposes an efficient FPGA implementation of ECC modular inversion over F256. According to this proposed algorithm, one modular inversion requires 320 clock cycles with a maximum clock frequency of 144.011MHz on a Xilinx Virtex-7 FPGA device which gives a computation time of 2.22μs. On the other words, our scenario can perform 450 thousand times division operations in one second approximately. Compared to other available literature, our scheme presented in this paper provides a high performance FPGA implementation of 256-bit modular inversion over F256. This makes the elliptic curve cryptography have important practical value in hardware implementation.
Konstantelos, I., Jamgotchian, G., Tindemans, S., Duchesne, P., Cole, S., Merckx, C., Strbac, G., Panciatici, P..  2018.  Implementation of a Massively Parallel Dynamic Security Assessment Platform for Large-Scale Grids. 2018 IEEE Power Energy Society General Meeting (PESGM). :1–1.
This paper presents a computational platform for dynamic security assessment (DSA) of large electricity grids, developed as part of the iTesla project. It leverages High Performance Computing (HPC) to analyze large power systems, with many scenarios and possible contingencies, thus paving the way for pan-European operational stability analysis. The results of the DSA are summarized by decision trees of 11 stability indicators. The platform's workflow and parallel implementation architecture is described in detail, including the way commercial tools are integrated into a plug-in architecture. A case study of the French grid is presented, with over 8000 scenarios and 1980 contingencies. Performance data of the case study (using 10,000 parallel cores) is analyzed, including task timings and data flows. Finally, the generated decision trees are compared with test data to quantify the functional performance of the DSA platform.
Hadj, M. A. El, Erradi, M., Khoumsi, A., Benkaouz, Y..  2018.  Validation and Correction of Large Security Policies: A Clustering and Access Log Based Approach. 2018 IEEE International Conference on Big Data (Big Data). :5330-5332.

In big data environments with big number of users and high volume of data, we need to manage the corresponding huge number of security policies. Due to the distributed management of these policies, they may contain several anomalies, such as conflicts and redundancies, which may lead to both safety and availability problems. The distributed systems guided by such security policies produce a huge number of access logs. Due to potential security breaches, the access logs may show the presence of non-allowed accesses. This may also be a consequence of conflicting rules in the security policies. In this paper, we present an ongoing work on developing an environment for verifying and correcting security policies. To make the approach efficient, an access log is used as input to determine suspicious parts of the policy that should be considered. The approach is also made efficient by clustering the policy and the access log and considering separately the obtained clusters. The clustering technique and the use of access log significantly reduces the complexity of the suggested approach, making it scalable for large amounts of data.

Chen, Ming-Hung, Ciou, Jyun-Yan, Chung, I-Hsin, Chou, Cheng-Fu.  2018.  FlexProtect: A SDN-Based DDoS Attack Protection Architecture for Multi-Tenant Data Centers. Proceedings of the International Conference on High Performance Computing in Asia-Pacific Region. :202-209.
With the recent advances in software-defined networking (SDN), the multi-tenant data centers provide more efficient and flexible cloud platform to their subscribers. However, as the number, scale, and diversity of distributed denial-of-service (DDoS) attack is dramatically escalated in recent years, the availability of those platforms is still under risk. We note that the state-of-art DDoS protection architectures did not fully utilize the potential of SDN and network function virtualization (NFV) to mitigate the impact of attack traffic on data center network. Therefore, in this paper, we exploit the flexibility of SDN and NFV to propose FlexProtect, a flexible distributed DDoS protection architecture for multi-tenant data centers. In FlexProtect, the detection virtual network functions (VNFs) are placed near the service provider and the defense VNFs are placed near the edge routers for effectively detection and avoid internal bandwidth consumption, respectively. Based on the architecture, we then propose FP-SYN, an anti-spoofing SYN flood protection mechanism. The emulation and simulation results with real-world data demonstrates that, compared with the traditional approach, the proposed architecture can significantly reduce 46% of the additional routing path and save 60% internal bandwidth consumption. Moreover, the proposed detection mechanism for anti-spoofing can achieve 98% accuracy.
Ando, Ruo.  2018.  Automated Reduction of Attack Surface Using Call Graph Enumeration. Proceedings of the 2018 2Nd International Conference on Management Engineering, Software Engineering and Service Sciences. :118-121.
There have been many research efforts on detecting vulnerability such as model checking and formal method. However, according to Rice's theorem, checking whether a program contains vulnerable code by static checking is undecidable in general. In this paper, we propose a method of attack surface reduction using enumeration of call graph. Proposal system is divided into two steps: enumerating edge E[Function Fi, Function Fi+1] and constructing call graph by recursive search of [E1, E2, En]. Proposed method enables us to find the sum of paths of which leaf node is vulnerable function VF. Also, root node RF of call graph is part of program which is open to attacker. Therefore, call graph [VF, RF] can be eliminated according the situation where the program is running. We apply proposal method to the real programs (Xen) and extracts the attack surface of CVE-2013-4371. These vulnerabilities are classified into two class: use-after-free and assertion failure. Also, numerical result is shown in searching attack surface of Xen with different search depth of constructing call graph.
Yu, Wenchao, Cheng, Wei, Aggarwal, Charu C., Zhang, Kai, Chen, Haifeng, Wang, Wei.  2018.  NetWalk: A Flexible Deep Embedding Approach for Anomaly Detection in Dynamic Networks. Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining. :2672-2681.
Massive and dynamic networks arise in many practical applications such as social media, security and public health. Given an evolutionary network, it is crucial to detect structural anomalies, such as vertices and edges whose "behaviors'' deviate from underlying majority of the network, in a real-time fashion. Recently, network embedding has proven a powerful tool in learning the low-dimensional representations of vertices in networks that can capture and preserve the network structure. However, most existing network embedding approaches are designed for static networks, and thus may not be perfectly suited for a dynamic environment in which the network representation has to be constantly updated. In this paper, we propose a novel approach, NetWalk, for anomaly detection in dynamic networks by learning network representations which can be updated dynamically as the network evolves. We first encode the vertices of the dynamic network to vector representations by clique embedding, which jointly minimizes the pairwise distance of vertex representations of each walk derived from the dynamic networks, and the deep autoencoder reconstruction error serving as a global regularization. The vector representations can be computed with constant space requirements using reservoir sampling. On the basis of the learned low-dimensional vertex representations, a clustering-based technique is employed to incrementally and dynamically detect network anomalies. Compared with existing approaches, NetWalk has several advantages: 1) the network embedding can be updated dynamically, 2) streaming network nodes and edges can be encoded efficiently with constant memory space usage, 3). flexible to be applied on different types of networks, and 4) network anomalies can be detected in real-time. Extensive experiments on four real datasets demonstrate the effectiveness of NetWalk.
Ren, W., Yardley, T., Nahrstedt, K..  2018.  EDMAND: Edge-Based Multi-Level Anomaly Detection for SCADA Networks. 2018 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm). :1-7.
Supervisory Control and Data Acquisition (SCADA) systems play a critical role in the operation of large-scale distributed industrial systems. There are many vulnerabilities in SCADA systems and inadvertent events or malicious attacks from outside as well as inside could lead to catastrophic consequences. Network-based intrusion detection is a preferred approach to provide security analysis for SCADA systems due to its less intrusive nature. Data in SCADA network traffic can be generally divided into transport, operation, and content levels. Most existing solutions only focus on monitoring and event detection of one or two levels of data, which is not enough to detect and reason about attacks in all three levels. In this paper, we develop a novel edge-based multi-level anomaly detection framework for SCADA networks named EDMAND. EDMAND monitors all three levels of network traffic data and applies appropriate anomaly detection methods based on the distinct characteristics of data. Alerts are generated, aggregated, prioritized before sent back to control centers. A prototype of the framework is built to evaluate the detection ability and time overhead of it.