A Mean Convolutional Layer for Intrusion Detection SystemRead the full article
Security and Communication Networks provides a prestigious forum for the R&D community in academia and industry working at the interdisciplinary nexus of next generation communications technologies for security implementations in all network layers.
Security and Communication Networks maintains an Editorial Board of practicing researchers from around the world, to ensure manuscripts are handled by editors who are experts in the field of study.
Latest ArticlesMore articles
High-Performance Routing Emulation Technologies Based on a Cloud Platform
Currently, the emergence of edge computing provides low-latency and high-efficiency computing for the Internet of Things (IoT). However, new architectures, protocols, and security technologies of edge computing need to be verified and evaluated before use. Since network emulation based on a cloud platform has advantages in scalability and fidelity, it can provide an effective network environment for verifying and evaluating new edge computing technologies. Therefore, we propose a high-performance emulation technology supporting the routing protocol based on a cloud platform. First, we take OpenStack as a basic network environment. To improve the performance and scalability of routing emulation, we then design the routing emulation architecture according to the software-defined network (SDN) and design the cluster scheduling mechanism. Finally, the design of the Open Shortest Path First (OSPF) protocol can support communication with physical routers. Through extensive experiments, we demonstrate that this technology not only can provide a realistic OSPF protocol but also has obvious advantages in the overhead and performance of routing nodes compared with those of other network emulation technologies. Furthermore, the realization of the controller cluster improves the scalability in the emulation scale.
Research on Selection Method of Privacy Parameter
Budget factor is an important factor to measure the intensity of differential privacy, and its allocation scheme has a great impact on privacy protection. This paper studies the selection of the parameter in several cases of differential privacy. Firstly, this paper proposes a differential privacy protection parameter configuration method based on fault tolerance interval and analyzes the adversaryʼs fault tolerance under different noise distribution location parameters and scale parameters. Secondly, this paper proposes an algorithm to optimize the application scenarios of multiquery, studies the location parameters and scale parameters in detail, and proposes a differential privacy mechanism to solve the multiuser query scenarios. Thirdly, this paper proposes the differential privacy parameter selection methods based on the single attack and repeated attacks and calculates the upper bound of the parameter based on the sensitivity , the length of the fault tolerance interval , and the success probability as long as the fault tolerance interval. Finally, we have carried out a variety of simulation experiments to verify our research scheme and give the corresponding analysis results.
An Intelligent Real-Time Traffic Control Based on Mobile Edge Computing for Individual Private Environment
The existence of Mobile Edge Computing (MEC) provides a novel and great opportunity to enhance user quality of service (QoS) by enabling local communication. The 5th generation (5G) communication is consisting of massive connectivity at the Radio Access Network (RAN), where the tremendous user traffic will be generated and sent to fronthaul and backhaul gateways, respectively. Since fronthaul and backhaul gateways are commonly installed by using optical networks, the bottleneck network will occur when the incoming traffic exceeds the capacity of the gateways. To meet the requirement of real-time communication in terms of ultralow latency (ULL), these aforementioned issues have to be solved. In this paper, we proposed an intelligent real-time traffic control based on MEC to handle user traffic at both gateways. The method sliced the user traffic into four communication classes, including conversation, streaming, interactive, and background communication. And MEC server has been integrated into the gateway for caching the sliced traffic. Subsequently, the MEC server can handle each user traffic slice based on its QoS requirements. The evaluation results showed that the proposed scheme enhances the QoS and can outperform on the conventional approach in terms of delays, jitters, and throughputs. Based on the simulated results, the proposed scheme is suitable for improving time-sensitive communication including IoT sensor’s data. The simulation results are validated through computer software simulation.
A Secure Communication Scheme Based on Equivalent Interference Channel Assisted by Physical Layer Secret Keys
Due to the channel estimation error, most of the physical layer secret key generation schemes need information reconciliation to correct error key bits, resulting in reduced efficiency. To solve the problem, this work proposes a novel secure communication scheme based on a equivalent interference channel. Different keys generated from imperfect channel state information are directly applied to signal scrambling and descrambling, which is equivalent to the process of a signal passing through an interference channel. Legitimate communication parties can reduce interference with the help of similar keys and channel coding without sending additional signals, while the eavesdropper channel is deteriorated due to the spatial decorrelation. For this kind of schemes, we first establish a discrete memoryless broadcast channel model to derive the expressions of bit error rate (BER), channel capacity, and security capacity for performance analysis. Simulation results verify the derivations that the proposed scheme achieves secure communication with a correlated eavesdropping channel and has a higher upper bound of transmission rate. Furthermore, we design a new metric to evaluate the efficiency and the result shows that the proposed scheme has superior performance on error reconciliation efficiency, despite its slight increase in BER.
A Hybrid Cyber Defense Mechanism to Mitigate the Persistent Scan and Foothold Attack
As the prerequisite for the attacker to invade the target network, Persistent Scan and Foothold Attack (PSFA) is becoming progressively more subtle and complex. Even worse, the static and predictable characteristics of traditional systems provide an asymmetric advantage for attackers in launching the PSFA. To reverse this asymmetric advantage and resist the PSFA, two new defense ideas, called moving target defense (MTD) and deception-based cyber defense (DCD), have been suggested to provide the proactive selectable measures to complement traditional defense. However, MTD is unable to defeat the sophisticated attacker with fingerprint tracking ability. Meanwhile, DCD is easy to be marked by the attacker, which will result in a great waste of defense resources and poor defense effectiveness. To address this shortcoming, we propose the hybrid cyber defense mechanism that combines the address mutation (belonging to MTD) and fingerprint camouflage (belonging to DCD) strategies. More specifically, we first introduce and formalize the attacker model of PSFA based on the cyber kill chain. Afterwards, the traffic direction technology is designed to realize the coordination between the strategy of address mutation and the strategy of fingerprint camouflage. Furthermore, we construct the fine-grained quantitative modeling of the attacker’s behaviors through an in-depth observation of actual network confrontation. Based on this, a dynamic defense strategy generation algorithm is presented to maximize the effectiveness of our hybrid mechanism. Finally, the experimental results show that our hybrid mechanism can greatly improve the time required for a successful attack and achieve a better defense effect than the single strategy.
Attribute-Based User Revocable Data Integrity Audit for Internet-of-Things Devices in Cloud Storage
Mobile crowdsensing (MCS) is a sensing paradigm exploiting the capabilities of mobile devices (Internet-of-Things devices, smartphones, etc.) to gather large volume of data. MCS has been widely used in cloud storage environment. However, MCS often faces the challenge of data integrity and user revocation issues. To solve these challenges, this paper uses attribute-based revocable signature mechanisms to construct a data integrity auditing scheme for IoT devices in the cloud storage environment. Users use attribute private keys to generate attribute signatures, and limit the user’s permission to use shared data through access policy control. Only when the user attribute is included in the global attribute set, and the attribute threshold is not less than the specified number, the user can use the attribute key for the data to generate a valid signature that can be authenticated under the control of the signature strategy. At the same time, the group manager (GM) can send secret information to a third-party auditor (TPA) to track the creator of the signature, to withdraw the user’s access to data when the business changes, and realize the safe revocation of user group membership. Formal security analysis and experimental results show that the proposed data-auditing solution is suitable for IoT devices in the cloud storage environment with respect to security and performance.