The IoT's vulnerability to network attacks has motivated the design of intrusion detection schemes (IDS) using Machine Learning (ML), with a low computational cost for online detection but intensive offline learning. Such IDS can have high attack detection accuracy and are easily installed on servers that communicate with IoT devices. However, they are seldom evaluated in realistic operational conditions where IDS processing may be held up by the system overload created by attacks. Thus we first present an experimental study of UDP Flood Attacks on a Local Area Network Test-Bed, where the first line of defence is an accurate IDS using an Auto-Associative Dense Random Neural Network. The experiments reveal that during severe attacks, the packet and protocol management software overloads the multi-core server, and paralyses IDS detection. We therefore propose and experimentally evaluate an IDS design where decisions are made from a very small number of incoming packets, so that attacking traffic is dropped within milli-seconds after an attack begins and the paralysing effect of congestion is avoided.
相關內容
Networking:IFIP International Conferences on Networking。
Explanation:國際網絡會議。
Publisher:IFIP。
SIT:
This article aims to study intrusion attacks and then develop a novel cyberattack detection framework for blockchain networks. Specifically, we first design and implement a blockchain network in our laboratory. This blockchain network will serve two purposes, i.e., to generate the real traffic data (including both normal data and attack data) for our learning models and implement real-time experiments to evaluate the performance of our proposed intrusion detection framework. To the best of our knowledge, this is the first dataset that is synthesized in a laboratory for cyberattacks in a blockchain network. We then propose a novel collaborative learning model that allows efficient deployment in the blockchain network to detect attacks. The main idea of the proposed learning model is to enable blockchain nodes to actively collect data, share the knowledge learned from its data, and then exchange the knowledge with other blockchain nodes in the network. In this way, we can not only leverage the knowledge from all the nodes in the network but also do not need to gather all raw data for training at a centralized node like conventional centralized learning solutions. Such a framework can also avoid the risk of exposing local data's privacy as well as the excessive network overhead/congestion. Both intensive simulations and real-time experiments clearly show that our proposed collaborative learning-based intrusion detection framework can achieve an accuracy of up to 97.7% in detecting attacks.
It is known that first-order logic with some counting extensions can be efficiently evaluated on graph classes with bounded expansion, where depth-$r$ minors have constant density. More precisely, the formulas are $\exists x_1 ... x_k \#y \varphi(x_1,...,x_k, y)>N$, where $\varphi$ is an FO-formula. If $\varphi$ is quantifier-free, we can extend this result to nowhere dense graph classes with an almost linear FPT run time. Lifting this result further to slightly more general graph classes, namely almost nowhere dense classes, where the size of depth-$r$ clique minors is subpolynomial, is impossible unless FPT=W[1]. On the other hand, in almost nowhere dense classes we can approximate such counting formulas with a small additive error. Note those counting formulas are contained in FOC({<}) but not FOC1(P). In particular, it follows that partial covering problems, such as partial dominating set, have fixed parameter algorithms on nowhere dense graph classes with almost linear running time.
The automatic detection of hate speech online is an active research area in NLP. Most of the studies to date are based on social media datasets that contribute to the creation of hate speech detection models trained on them. However, data creation processes contain their own biases, and models inherently learn from these dataset-specific biases. In this paper, we perform a large-scale cross-dataset comparison where we fine-tune language models on different hate speech detection datasets. This analysis shows how some datasets are more generalisable than others when used as training data. Crucially, our experiments show how combining hate speech detection datasets can contribute to the development of robust hate speech detection models. This robustness holds even when controlling by data size and compared with the best individual datasets.
Recently, $(\beta,\gamma)$-Chebyshev functions, as well as the corresponding zeros, have been introduced as a generalization of classical Chebyshev polynomials of the first kind and related roots. They consist of a family of orthogonal functions on a subset of $[-1,1]$, which indeed satisfies a three-term recurrence formula. In this paper we present further properties, which are proven to comply with various results about classical orthogonal polynomials. In addition, we prove a conjecture concerning the Lebesgue constant's behavior related to the roots of $(\beta,\gamma)$-Chebyshev functions in the corresponding orthogonality interval.
Machine learning (ML) models are vulnerable to membership inference attacks (MIAs), which determine whether a given input is used for training the target model. While there have been many efforts to mitigate MIAs, they often suffer from limited privacy protection, large accuracy drop, and/or requiring additional data that may be difficult to acquire. This work proposes a defense technique, HAMP that can achieve both strong membership privacy and high accuracy, without requiring extra data. To mitigate MIAs in different forms, we observe that they can be unified as they all exploit the ML model's overconfidence in predicting training samples through different proxies. This motivates our design to enforce less confident prediction by the model, hence forcing the model to behave similarly on the training and testing samples. HAMP consists of a novel training framework with high-entropy soft labels and an entropy-based regularizer to constrain the model's prediction while still achieving high accuracy. To further reduce privacy risk, HAMP uniformly modifies all the prediction outputs to become low-confidence outputs while preserving the accuracy, which effectively obscures the differences between the prediction on members and non-members. We conduct extensive evaluation on five benchmark datasets, and show that HAMP provides consistently high accuracy and strong membership privacy. Our comparison with seven state-of-the-art defenses shows that HAMP achieves a superior privacy-utility trade off than those techniques.
With the popularity of Non-Fungible Tokens (NFTs), NFTs have become a new target of phishing attacks, posing a significant threat to the NFT trading ecosystem. There has been growing anecdotal evidence that new means of NFT phishing attacks have emerged in Ethereum ecosystem. Most of the existing research focus on detecting phishing scam accounts for native cryptocurrency on the blockchain, but there is a lack of research in the area of phishing attacks of emerging NFTs. Although a few studies have recently started to focus on the analysis and detection of NFT phishing attacks, NFT phishing attack means are diverse and little has been done to understand these various types of NFT phishing attacks. To the best of our knowledge, we are the first to conduct case retrospective analysis and measurement study of real-world historical NFT phishing attacks on Ethereum. By manually analyzing the existing scams reported by Chainabuse, we classify NFT phishing attacks into four patterns. For each pattern, we further investigate the tricks and working principles of them. Based on 469 NFT phishing accounts collected up until October 2022 from multiple channels, we perform a measurement study of on-chain transaction data crawled from Etherscan to characterizing NFT phishing scams by analyzing the modus operandi and preferences of NFT phishing scammers, as well as economic impacts and whereabouts of stolen NFTs. We classify NFT phishing transactions into one of the four patterns by log parsing and transaction record parsing. We find these phishing accounts stole 19,514 NFTs for a total profit of 8,858.431 ETH (around 18.57 million dollars). We also observe that scammers remain highly active in the last two years and favor certain categories and series of NFTs, accompanied with signs of gang theft.
Shared spaces aim to reduce the dominance of motor vehicles by promoting pedestrian and cyclist activity and minimizing segregation between road users. Despite the intended scope to improve the safety of vulnerable road users, only few works in the literature focused on before after safety evaluations, mainly analyzing changes in users trajectories and speeds, traffic volumes, and conflict counts, which, while useful, cannot univocally quantify road safety. Here, we propose a more advanced methodology, based on surrogate measures of safety and Extreme Value Theory, to assess road safety before and after the implementation of a shared space. The aim is to produce a crash risk estimation in different scenarios, obtaining a quantitative and comprehensive indicator, useful to practitioners for evaluating the safety of urban design solutions. A real world case study illustrates the proposed procedure. Video data were collected on two separate days, before and after a shared space implementation, and were semiautomatically processed to extract road users trajectories. Analysis of traffic volumes, trajectories, speeds and yield ratios allowed to understand the spatial behavior of road users in the two scenarios. Traffic conflicts, identified with an innovative surrogate measure of safety called time to avoided collision point, TTAC, were then used to estimate a Lomax distribution, and therefore to model the probabilistic relationship between conflicts and crashes, eventually retrieving a crash risk estimate. Results show that the analyzed shared space was able to significantly reduce the risk of crashes, and these findings are consistent with the observed changes in users speed and spatial behavior. The analyzed case study and its limitations were useful in highlighting the methodology main features and suggesting practical prescriptions for practitioners.
Connected vehicles are threatened by cyber-attacks as in-vehicle networks technologically approach (mobile) LANs with several wireless interconnects to the outside world. Malware that infiltrates a car today faces potential victims of constrained, barely shielded Electronic Control Units (ECUs). Many ECUs perform critical driving functions, which stresses the need for hardening security and resilience of in-vehicle networks in a multifaceted way. Future vehicles will comprise Ethernet backbones that differentiate services via Time-Sensitive Networking (TSN). The well-known vehicular control flows will follow predefined schedules and TSN traffic classifications. In this paper, we exploit this traffic classification to build a network anomaly detection system. We show how filters and policies of TSN can identify misbehaving traffic and thereby serve as distributed guards on the data link layer. On this lowest possible layer, our approach derives a highly efficient network protection directly from TSN. We classify link layer anomalies and micro-benchmark the detection accuracy in each class. Based on a topology derived from a real-world car and its traffic definitions we evaluate the detection system in realistic macro-benchmarks based on recorded attack traces. Our results show that the detection accuracy depends on how exact the specifications of in-vehicle communication are configured. Most notably for a fully specified communication matrix, our anomaly detection remains free of false-positive alarms, which is a significant benefit for implementing automated countermeasures in future vehicles.
Entity resolution (ER) is the process of identifying records that refer to the same entities within one or across multiple databases. Numerous techniques have been developed to tackle ER challenges over the years, with recent emphasis placed on machine and deep learning methods for the matching phase. However, the quality of the benchmark datasets typically used in the experimental evaluations of learning-based matching algorithms has not been examined in the literature. To cover this gap, we propose four different approaches to assessing the difficulty and appropriateness of 13 established datasets: two theoretical approaches, which involve new measures of linearity and existing measures of complexity, and two practical approaches: the difference between the best non-linear and linear matchers, as well as the difference between the best learning-based matcher and the perfect oracle. Our analysis demonstrates that most of the popular datasets pose rather easy classification tasks. As a result, they are not suitable for properly evaluating learning-based matching algorithms. To address this issue, we propose a new methodology for yielding benchmark datasets. We put it into practice by creating four new matching tasks, and we verify that these new benchmarks are more challenging and therefore more suitable for further advancements in the field.
Command, Control, Communication, and Intelligence (C3I) system is a kind of system-of-system that integrates computing machines, sensors, and communication networks. C3I systems are increasingly used in critical civil and military operations for achieving information superiority, assurance, and operational efficacy. C3I systems are no exception to the traditional systems facing widespread cyber-threats. However, the sensitive nature of the application domain (e.g., military operations) of C3I systems makes their security a critical concern. For instance, a cyber-attack on military installations can have detrimental impacts on national security. Therefore, in this paper, we review the state-of-the-art on the security of C3I systems. In particular, this paper aims to identify the security vulnerabilities, attack vectors, and countermeasures for C3I systems. We used the well-known systematic literature review method to select and review 77 studies on the security of C3I systems. Our review enabled us to identify 27 vulnerabilities, 22 attack vectors, and 62 countermeasures for C3I systems. This review has also revealed several areas for future research and identified key lessons with regards to C3I systems' security.
小貼士
登錄享
相關主題
注冊地址: 北京市海淀區羊坊店路18號2幢3層301-191