A system design for surveillance systems protecting critical infrastructures

Critical infrastructures are attractive targets for attacks by intruders with different hostile aims. Modern information and sensor technology provides abilities to detect such attacks. The objective of this work is to outline a system design for surveillance systems aimed at protection of critical infrastructures, with the focus on early threat detection at the perimeter of critical infrastructures. The outline of the system design is based on an assessment of stakeholder needs. The needs were identified from interviews with domain experts and system operators. The system design of the surveillance system and the user requirements in terms of capabilities were then determined. The result consists of the system design for surveillance systems, comprising the systems capabilities, the systems structure, and the systems process. The outcome of the work will have an impact on the implementation of the surveillance systems with respect to the sensors utilized, the sensor data algorithms and the fusion techniques.     

Survivability: protecting your critical systems

Society is increasingly dependent upon large-scale, distributed systems that operate in unbounded network environments. Survivability helps ensure that such systems deliver essential services and maintain essential properties in the face of attacks, failures, and accidents     

基于MEC的移动网络直播视频分发机制研究

将互动直播部署在边缘计算环境中,可以在网络边缘对直播视频进行转码和传输,通过用户附近的边缘服务器提供低延迟的直播服务. 然而,在多边缘服务器、多用户场景下存在着直播用户分配问题,导致直播用户体验质量(quality of experience, QoE)无法得到保证. 为了提高直播用户QoE,需要根据用户的个性化需求合理地分配服务器资源. 首先分析真实数据集,发现大多数用户处于多基站重叠覆盖区域内,并且不同用户的互动需求存在差异;然后根据互动直播的特点提出一种适用于边缘计算场景的用户QoE模型,该模型综合考虑了直播用户的视频质量和互动体验;最后设计一种高效的直播用户分配算法,优化了多边缘服务器重叠覆盖区域内的直播用户QoE. 仿真实验表明,所提出的用户分配策略可为用户提供高码率和低延迟的直播视频,同时能有效降低边缘服务器切换次数和码率抖动,使直播用户QoE相较于其他策略提升超过19%.

     

An efficient steganographic approach for protecting communication in the Internet of Things (IoT) critical infrastructures

ABSTRACT

With the manifestation of the Internet of Things (IoT) and fog computing, the quantity of edge devices is escalating exponentially all over the world, providing better services to the end user with the help of existing and upcoming communication infrastructures. All of these devices are producing and communicating a huge amount of data and control information around this open IoT environment. A large amount of this information contains personal and important information for the user as well as for the organization. The number of attack vectors for malicious users is high due to the openness, distributed nature, and lack of control over the whole IoT environment. For building the IoT as an effective service platform, end users need to trust the system. For this reason, security and privacy of information in the IoT is a great concern in critical infrastructures such as the smart home, smart city, smart healthcare, smart industry, etc. In this article, we propose three information hiding techniques for protecting communication in critical IoT infrastructure with the help of steganography, where RGB images are used as carriers for the information. We hide the information in the deeper layer of the image channels with minimum distortion in the least significant bit (lsb) to be used as indication of data. We analyze our technique both mathematically and experimentally. Mathematically, we show that the adversary cannot predict the actual information by analysis. The proposed approach achieved better imperceptibility and capacity than the various existing techniques along with better resistance to steganalysis attacks such as histogram analysis and RS analysis, as proven experimentally.     

A SCADA testbed for investigating cyber security vulnerabilities in critical infrastructures

Supervisory Control and Data Acquisition (SCADA) systems are widely used in critical infrastructures such as water distribution networks, electricity generation and distribution plants, oil refineries, nuclear plants, and public transportation systems. However, the increased use of standard protocols and interconnectivity has exposed SCADA systems for potential cyber-attacks. In recent years, the cyber-security of SCADA systems has become a hot issue for governments, industrial sectors and academic community. Recently some security solutions have been proposed to secure SCADA systems. However, due to the critical nature of SCADA systems, evaluation of such proposed solutions on real system is im-practical. In this paper, we proposed an easily scalable and reconfigurable virtual SCADA security testbed, which can be used for developing and evaluating SCADA specific security solutions. With Distributed Denial of Service (DDoS) and false data injection attack scenarios, we demonstrated how attackers could disrupt the normal operation of SCADA systems. Experimental results show that, the pro-posed testbed can be effectively used for cyber security assessment and vulner-ability investigation on SCADA systems. One of the outcomes of this work is a labeled dataset, which can be used by researchers in the area of SCADA security.     

Multi-agent deep reinforcement learning: a survey

The advances in reinforcement learning have recorded sublime success in various domains. Although the multi-agent domain has been overshadowed by its single-agent counterpart during this progress, multi-agent reinforcement learning gains rapid traction, and the latest accomplishments address problems with real-world complexity. This article provides an overview of the current developments in the field of multi-agent deep reinforcement learning. We focus primarily on literature from recent years that combines deep reinforcement learning methods with a multi-agent scenario. To survey the works that constitute the contemporary landscape, the main contents are divided into three parts. First, we analyze the structure of training schemes that are applied to train multiple agents. Second, we consider the emergent patterns of agent behavior in cooperative, competitive and mixed scenarios. Third, we systematically enumerate challenges that exclusively arise in the multi-agent domain and review methods that are leveraged to cope with these challenges. To conclude this survey, we discuss advances, identify trends, and outline possible directions for future work in this research area.

     

Metaheuristics for protecting critical components in a service system: A computational study

Deliberate sabotages and terrorist attacks are major threats to the safety of modern societies. These attacks often target at important infrastructures such as energy production and transmission systems, food and water supply networks, telecommunications networks, transportation networks, etc. In such systems, some components are critical as their malfunction may adversely affect the operations of the whole systems. This research examines several models based on the median problem for identifying these components in a service system. In addition to the existing exact solution methods, we propose meta-heuristics to tackle this computationally hard problem. Our hybrid approach combines the strengths of both meta-heuristics and exact solution methods. The experiment shows that the combination of solution methods significantly cut down the computational requirement for finding the critical components in a service network for protection.     

Multi-agent based middleware for protecting privacy in IPTV content recommender services

This work presents our efforts to design an agent based middleware that enables the end-users to use IPTV content recommender services without revealing their sensitive preference data to the service provider or any third party involved in this process. The proposed middleware (called AMPR) preserves users’ privacy when using the recommender service and permits private sharing of data among different users in the network. The proposed solution relies on a distributed multi-agent architecture involving local agents running on the end-user set up box to implement a two stage concealment process based on user role in order to conceal the local preference data of end-users when they decide to participate in recommendation process. Moreover, AMPR allows the end-users to use P3P policies exchange language (APPEL) for specifying their privacy preferences for the data extracted from their profiles, while the recommender service uses platform for privacy preferences (P3P) policies for specifying their data usage practices. AMPR executes the first stage locally at the end user side but the second stage is done at remote nodes that can be donated by multiple non-colluding end users that we will call super-peers Elmisery and Botvich (2011a, b, c); or third parties mash-up service Elmisery A, Botvich (2011a, b). Participants submit their locally obfuscated profiles anonymously to their local super-peer who collect and mix these preference data from multiple participants. The super-peer invokes AMPR to perform global perturbation process on the aggregated preference data to ensure a complete concealment of user’s profiles. Then, it anonymously submits these aggregated profiles to a third party content recommender service to generate referrals without breaching participants’ privacy. In this paper, we also provide an IPTV network scenario and experimentation results. Our results and analysis shows that our two-stage concealment process not only protect the users’ privacy, but also can maintain the recommendation accuracy     

Multi-agent systems support for Community-Based Learning

Electronic distributed learning that overlooks the physical and geographic status of learners has become a reality. Moreover, its quality has been considerably improved by utilizing recent advances in web-based technology. Various electronic learning support systems such as Internet-based tutorials and Virtual Universities have appeared in different forms and reflect advances in technology. However, there remains a huge barrier to support the shareable and collaborative learning available through virtual communities. Our solution to these problems was to develop an educational middleware, called the Community-Based Learning (CoBL) framework whose goal is to: (a) adapt to the diverse requirements of learners; (b) support shareable and collaborative learning; and (c) be capable of facilitating distributed learning over the Internet. The CoBL framework is based on: (1) agents to manage individual learners and communities of learners; (2) a shared data model for integrating heterogeneous communities; and (3) a component-oriented development approach. We have implemented the CoBL prototype system and used it for community-based learning.     

ECB4CI: an enhanced cancelable biometric system for securing critical infrastructures

Physical access control is an indispensable component of a critical infrastructure. Traditional password-based methods for access control used in the critical infrastructure security systems have limitations. With the advance of new biometric recognition technologies, security control for critical infrastructures can be improved by the use of biometrics. In this paper, we propose an enhanced cancelable biometric system, which contains two layers, a core layer and an expendable layer, to provide reliable access control for critical infrastructures. The core layer applies random projection-based non-invertible transformation to the fingerprint feature set, so as to provide template protection and revocability. The expendable layer is used to protect the transformation key, which is the main weakness contributing to attacks via record multiplicity. This improvement enhances the overall system security, and undoubtedly, this extra security is an advantage over the existing cancelable biometric systems.     

Assessing critical functional and non-functional requirements for web-based procurement systems: a comprehensive survey

World Wide Web (WWW)-based electronic commerce has emerged as a mean to conduct business transactions that were previously handled through traditional interorganizational systems, phone, fax, on-site visits, or mail. Today, electronic procurement (e-procurement) accounts for most of the volume and value of the business transactions conducted over the Internet. As of yet, however, little or no research has assessed the functional and non-functional requirements sought for the WWW-based systems used to support the procurement process. This paper, presents findings of a survey of 133 corporate buyers from about 130 companies on the use of readily available web-based systems for business-to-business transactions and the requirements perceived to be critical to the effective support of supply chain operations.     

Evidence management for compliance of critical systems with safety standards: A survey on the state of practice

ContextDemonstrating compliance of critical systems with safety standards involves providing convincing evidence that the requirements of a standard are adequately met. For large systems, practitioners need to be able to effectively collect, structure, and assess substantial quantities of evidence.ObjectiveThis paper aims to provide insights into how practitioners deal with safety evidence management for critical computer-based systems. The information currently available about how this activity is performed in the industry is very limited.MethodWe conducted a survey to determine practitioners’ perspectives and practices on safety evidence management. A total of 52 practitioners from 15 countries and 11 application domains responded to the survey. The respondents indicated the types of information used as safety evidence, how evidence is structured and assessed, how evidence evolution is addressed, and what challenges are faced in relation to provision of safety evidence.ResultsOur results indicate that (1) V&V artefacts, requirements specifications, and design specifications are the most frequently used safety evidence types, (2) evidence completeness checking and impact analysis are mostly performed manually at the moment, (3) text-based techniques are used more frequently than graphical notations for evidence structuring, (4) checklists and expert judgement are frequently used for evidence assessment, and (5) significant research effort has been spent on techniques that have seen little adoption in the industry. The main contributions of the survey are to provide an overall and up-to-date understanding of how the industry addresses safety evidence management, and to identify gaps in the state of the art.ConclusionWe conclude that (1) V&V plays a major role in safety assurance, (2) the industry will clearly benefit from more tool support for collecting and manipulating safety evidence, and (3) future research on safety evidence management needs to place more emphasis on industrial applications.     

Planning virtual infrastructures for time critical applications with multiple deadline constraints

Executing time critical applications within cloud environments while satisfying execution deadlines and response time requirements is challenging due to the difficulty of securing guaranteed performance from the underlying virtual infrastructure. Cost-effective solutions for hosting such applications in the Cloud require careful selection of cloud resources and efficient scheduling of individual tasks. Existing solutions for provisioning infrastructures for time constrained applications are typically based on a single global deadline. Many time critical applications however have multiple internal time constraints when responding to new input. In this paper we propose a cloud infrastructure planning algorithm that accounts for multiple overlapping internal deadlines on sets of tasks within an application workflow. In order to better compare with existing work, we adapted the IC-PCP algorithm and then compared it with our own algorithm using a large set of workflows generated at different scales with different execution profiles and deadlines. Our results show that the proposed algorithm can satisfy all overlapping deadline constraints where possible given the resources available, and do so with consistently lower host cost in comparison with IC-PCP.     

Context based object categorization: A critical survey

The goal of object categorization is to locate and identify instances of an object category within an image. Recognizing an object in an image is difficult when images include occlusion, poor quality, noise or background clutter, and this task becomes even more challenging when many objects are present in the same scene. Several models for object categorization use appearance and context information from objects to improve recognition accuracy. Appearance information, based on visual cues, can successfully identify object classes up to a certain extent. Context information, based on the interaction among objects in the scene or global scene statistics, can help successfully disambiguate appearance inputs in recognition tasks. In this work we address the problem of incorporating different types of contextual information for robust object categorization in computer vision. We review different ways of using contextual information in the field of object categorization, considering the most common levels of extraction of context and the different levels of contextual interactions. We also examine common machine learning models that integrate context information into object recognition frameworks and discuss scalability, optimizations and possible future approaches.     

Image database systems: A survey

In this paper the state of image database (IDB) systems which have been developed in the past few years is reviewed. We point out the essential problems in IDB design rather than classify the existing or proposed systems into an unestablished framework. After giving a general overview, the approaches to IDB and the elements of IDB systems are discussed. Finally, several representative IDB systems are presented.     

Robot control systems: A survey

Robot manipulators have attracted considerable interest from researchers both in universities and industry during recent years. This interest covers a broad spectrum from task planning, robot language and artificial intelligence to mechanics, sensing and control. This survey paper addresses the area of robot position control and attempts to give an overview of the basic problems involved and some existing solutions.     

Probabilistic systems coalgebraically: A survey

We survey the work on both discrete and continuous-space probabilistic systems as coalgebras, starting with how probabilistic systems are modeled as coalgebras and followed by a discussion of their bisimilarity and behavioral equivalence, mentioning results that follow from the coalgebraic treatment of probabilistic systems. It is interesting to note that, for different reasons, for both discrete and continuous probabilistic systems it may be more convenient to work with behavioral equivalence than with bisimilarity.