Investigating the influence of special on-off attacks on challenge-based collaborative intrusion detection networks

Intrusions are becoming more complicated with the recent development of adversarial techniques. To boost the detection accuracy of a separate intrusion detector, the collaborative intrusion detection network (CIDN) has thus been developed by allowing intrusion detection system (IDS) nodes to exchange data with each other. Insider attacks are a great threat for such types of collaborative networks, where an attacker has the authorized access within the network. In literature, a challenge-based trust mechanism is effective at identifying malicious nodes by sending challenges. However, such mechanisms are heavily dependent on two assumptions, which would cause CIDNs to be vulnerable to advanced insider attacks in practice. In this work, we investigate the influence of advanced on–off attacks on challenge-based CIDNs, which can respond truthfully to one IDS node but behave maliciously to another IDS node. To evaluate the attack performance, we have conducted two experiments under a simulated and a real CIDN environment. The obtained results demonstrate that our designed attack is able to compromise the robustness of challenge-based CIDNs in practice; that is, some malicious nodes can behave untruthfully without a timely detection

When Intrusion Detection Meets Blockchain Technology: A Review

With the purpose of identifying cyber threats and possible incidents, intrusion detection systems (IDSs) are widely deployed in various computer networks. In order to enhance the detection capability of a single IDS, collaborative intrusion detection networks (or collaborative IDSs) have been developed, which allow IDS nodes to exchange data with each other. However, data and trust management still remain two challenges for current detection architectures, which may degrade the effectiveness of such detection systems. In recent years, blockchain technology has shown its adaptability in many fields, such as supply chain management, international payment, interbanking, and so on. As blockchain can protect the integrity of data storage and ensure process transparency, it has a potential to be applied to intrusion detection domain. Motivated by this, this paper provides a review regarding the intersection of IDSs and blockchains. In particular, we introduce the background of intrusion detection and blockchain, discuss the applicability of blockchain to intrusion detection, and identify open challenges in this direction

Generalized bioinspired approach to a daytime radiative cooling "skin"

Energy-saving cooling materials with strong operability are desirable towards sustainable thermal management. Inspired by the cooperative thermo-optical effect in fur of polar bear, we develop a flexible and reusable cooling skin via laminating a polydimethylsiloxane film with a highly-scattering polyethylene aerogel. Owing to its high porosity of 97.9% and tailored pore size of 3.8 +- 1.4 micrometers, superior solar reflectance of 0.96 and high transparency to irradiated thermal energy of 0.8 can be achieved at a thickness of 2.7 mm. Combined with low thermal conductivity of 0.032 W/m/K of the aerogel, the cooling skin exerts midday sub-ambient temperature drops of 5-6 degrees in a metropolitan environment, with an estimated limit of 14 degrees under ideal service conditions. We envision that this generalized bilayer approach will construct a bridge from night-time to daytime radiative cooling and pave the way for economical, scalable, flexible and reusable cooling materials.Comment: 15 pages, 4 figures, of which another version has been accepted by ACS ami but not published ye

Biomimetic Polymer Film with Brilliant Brightness Using a One‐Step Water Vapor–Induced Phase Separation Method

The scales of the white Cyphochilus beetles are endowed with unusual whiteness arising from the exceptional scattering efficiency of their disordered ultrastructure optimized through millions of years of evolution. Here, a simple, one‐step method based on water vapor–induced phase separation is developed to prepare thin polystyrene films with similar microstructure and comparable optical performance. A typical biomimetic 3.5 µm PS film exhibits a diffuse reflectance of 61% at 500 nm wavelength, which translates into a transport mean free path below 1 µm. A complete optical characterization through Monte Carlo simulations reveals how such a scattering performance arises from the scattering coefficient and scattering anisotropy, whose interplay provides insight into the morphological properties of the material. The potential of bright‐white coatings as smart sensors or wearable devices is highlighted using a treated 3.5 µm film as a real‐time sensor for human exhalation

A sentence-based image search engine

Nowadays people are more interested in searching the relevant images directly through search engines like Google, Yahoo or Bing, these image search engines have dedicated extensive research effort to the problem of keyword-based image retrieval. However, the most widely used keyword-based image search engine Google is reported to have a precision of only 39%. And all of these systems have limitation in creating sentence-based queries for images. This thesis studies a practical image search scenario, where many people feel annoyed by using only keywords to find images for their ideas of speech or presentation through trial and error. This thesis proposes and realizes a sentence-based image search engine (SISE) that offers the option of querying images by sentence. Users can naturally create sentence-based queries simply by inputting one or several sentences to retrieve a list of images that match their ideas well. The SISE relies on automatic concept detection and tagging techniques to provide support for searching visual content using sentence-based queries. The SISE gathered thousands of input sentences from TED talk, covering many areas like science, economy, politics, education and so on. The comprehensive evaluation of this system was focused on usability (perceived image usefulness) aspect. The final comprehensive precision has been reached 60.7%. The SISE is found to be able to retrieve matching images for a wide variety of topics, across different areas, and provide subjectively more useful results than keyword-based image search engines --Abstract, page iii

Design and evaluation of advanced collusion attacks on collaborative intrusion detection networks in practice

Joint 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016, Tianjin, China, 23-26 August 2016To encourage collaboration among single intrusion detection systems (IDSs), collaborative intrusion detection networks (CIDNs) have been developed that enable different IDS nodes to communicate information with each other. This distributed network infrastructure aims to improve the detection performance of a single IDS, but may suffer from various insider attacks like collusion attacks, where several malicious nodes can collaborate to perform adversary actions. To defend against insider threats, challenge-based trust mechanisms have been proposed in the literature and proven to be robust against collusion attacks. However, we identify that such mechanisms depend heavily on an assumption of malicious nodes, which is not likely to be realistic and may lead to a weak threat model in practical scenarios. In this paper, we analyze the robustness of challenge-based CIDNs in real-world applications and present an advanced collusion attack, called random poisoning attack, which derives from the existing attacks. In the evaluation, we investigate the attack performance in both simulated and real CIDN environments. Experimental results demonstrate that our attack can enables a malicious node to send untruthful information without decreasing its trust value at large. Our research attempts to stimulate more research in designing more robust CIDN framework in practice.Department of Computing2016-2017 > Academic research: refereed > Refereed conference paperbcw

Overview of the 2021 Edition of the Workshop on Very Large Internet of Things (VLIoT 2021)

The Very Large Internet of Things (VLIoT) workshop aims at discussing the solutions of problems arising especially for large-scale Internet-of-Things (IoT) configurations. After online conferences and workshops are becoming the normal mode for running scientific events, after continuously monitoring the global COVID-19 pandemic this year with falling incidence rates in the last times due to vaccination successes, the workshop changes the format the first time to a hybrid event. This ensures that still problems are overcome like travel restrictions, but offers face-to-face discussions among those going to the local event. A hybrid format has still chances like an increased number of participants, less travel burdens and saving budget, but offers the possibility for going to the local event already for a large portion of the participants. Hence we received many high-quality submissions, from which we accepted 9 to be introduced in this editorial

can-sleuth : Sleuthing out the capabilities, limitations, and performance impacts of automotive intrusion detection datasets

Modern automobiles are made up of networks of computers, one of which is the inherently insecure Controller Area Network (CAN). Over the years, automotive security has been enhanced by secure gateways and new protocols such as automotive Ethernet, but the CAN protocol has remained the weak link. Automotive researchers have been exploring intrusion detection systems (IDSs) as a potential solution to the problem of CAN bus insecurity. To build and evaluate an IDS, however, researchers need adequate training and testing data. In this paper, we analyze and compare the following automotive intrusion detection datasets: (1) HCRL Car Hacking, (2) HCRL Survival Analysis, (3) can-train-and-test-v1.5, (4) UNIMORE Bus-Off, (5) UNIMORE DAGA, and (6) UNIMORE Ventus. The two HCRL datasets are well-established in the literature, whereas can-train-and-test-v1.5 is a promising new dataset—and the three UNIMORE datasets lie somewhere in between. In our evaluation, we pit sixteen machine learning IDSs against each dataset and analyze the results. In addition, we conduct a feature evaluation of can-train-and-test-v1.5, and we investigate the impact of train-test interdependence in the three UNIMORE datasets. We find that, when pitted against the five comparison datasets, can-train-and-test-v1.5 paints a clearer picture of an IDS’s true capabilities; in fact, can-train-and-test-v1.5’s testing scenarios can reveal when an IDS has overfitted to a particular vehicle type—unlike the UNIMORE datasets. Furthermore, unlike the HCRL datasets, can-train-and-test-v1.5 provides more than enough data to train a complex machine learning model—an order of magnitude more—reducing the risk of underfitting. Moreover, can-train-and-test-v1.5 maintains ample differentiation power; the standard deviation of the models’ F1-scores was 0.2392 (excluding suppress attacks), whereas the standard deviations for the remaining datasets—HCRL Car Hacking, HCRL Survival Analysis, UNIMORE Bus-Off, UNIMORE DAGA, and UNIMORE Ventus—were 0.2254, 0.2333, 0.1824, 0.2121, and 0.2100 (excluding suppress attacks), respectively

Decentralized Threshold Signatures with Dynamically Private Accountability

Threshold signatures are a fundamental cryptographic primitive used in many practical applications. As proposed by Boneh and Komlo (CRYPTO'22), TAPS is a threshold signature that is a hybrid of privacy and accountability. It enables a combiner to combine t signature shares while revealing nothing about the threshold t or signing quorum to the public and asks a tracer to track a signature to the quorum that generates it. However, TAPS has three disadvantages: it 1) structures upon a centralized model, 2) assumes that both combiner and tracer are honest, and 3) leaves the tracing unnotarized and static. In this work, we introduce Decentralized, Threshold, dynamically Accountable and Private Signature (DeTAPS) that provides decentralized combining and tracing, enhanced privacy against untrusted combiners (tracers), and notarized and dynamic tracing. Specifically, we adopt Dynamic Threshold Public-Key Encryption (DTPKE) to dynamically notarize the tracing process, design non-interactive zero knowledge proofs to achieve public verifiability of notaries, and utilize the Key-Aggregate Searchable Encryption to bridge TAPS and DTPKE so as to awaken the notaries securely and efficiently. In addition, we formalize the definitions and security requirements for DeTAPS. Then we present a generic construction and formally prove its security and privacy. To evaluate the performance, we build a prototype based on SGX2 and Ethereum