Security and Privacy Frameworks for Access Control Big Data Systems

In the security and privacy fields, Access Control (AC) systems are viewed as the fundamental aspects of networking security mechanisms. Enforcing AC becomes even more challenging when researchers and data analysts have to analyze complex and distributed Big Data (BD) processing cluster frameworks, which are adopted to manage yottabyte of unstructured sensitive data. For instance, Big Data systems’ privacy and security restrictions are most likely to failure due to the malformed AC policy configurations. Furthermore, BD systems were initially developed toped to take care of some of the DB issues to address BD challenges and many of these dealt with the “three Vs” (Velocity, Volume, and Variety) attributes, without planning security consideration, which are considered to be patch work. Some of the BD “three Vs” characteristics, such as distributed computing, fragment, redundant data and node-to node communication, each with its own security challenges, complicate even more the applicability of AC in BD.
This paper gives an overview of the latest security and privacy challenges in BD AC systems. Furthermore, it analyzes and compares some of the latest AC research frameworks to reduce privacy and security issues in distributed BD systems, which very few enforce AC in a cost-effective and in a timely manner. Moreover, this work discusses some of the future research methodologies and improvements for BD AC systems. This study is valuable asset for Artificial Intelligence (AI) researchers, DB developers and DB analysts who need the latest AC security and privacy research perspective before using and/or improving a current BD AC framework.     

Lightweight Mobile Clients Privacy Protection Using Trusted Execution Environments for Blockchain

Nowadays, as lightweight mobile clients become more powerful and widely used, more and more information is stored on lightweight mobile clients, user sensitive data privacy protection has become an urgent concern and problem to be solved. There has been a corresponding rise of security solutions proposed by researchers, however, the current security mechanisms on lightweight mobile clients are proven to be fragile. Due to the fact that this research field is immature and still unexplored in-depth, with this paper, we aim to provide a structured and comprehensive study on privacy protection using trusted execution environment (TEE) for lightweight mobile clients. This paper presents a highly effective and secure lightweight mobile client privacy protection system that utilizes TEE to provide a new method for privacy protection. In particular, the prototype of Lightweight Mobile Clients Privacy Protection Using Trusted Execution Environments (LMCPTEE) is built using Intel software guard extensions (SGX) because SGX can guarantee the integrity, confidentiality, and authenticity of private data. By putting lightweight mobile client critical data on SGX, the security and privacy of client data can be greatly improved. We design the authentication mechanism and privacy protection strategy based on SGX to achieve hardware-enhanced data protection and make a trusted connection with the lightweight mobile clients, thus build the distributed trusted system architecture. The experiment demonstrates that without relying on the performance of the blockchain, the LMCPTEE is practical, feasible, low-performance overhead. It can guarantee the privacy and security of lightweight mobile client private data.     

A Distributed Intrusion Detection Model via Nondestructive Partitioning and Balanced Allocation for Big Data

There are two key issues in distributed intrusion detection system, that is, maintaining load balance of system and protecting data integrity. To address these issues, this paper proposes a new distributed intrusion detection model for big data based on nondestructive partitioning and balanced allocation. A data allocation strategy based on capacity and workload is introduced to achieve local load balance, and a dynamic load adjustment strategy is adopted to maintain global load balance of cluster. Moreover, data integrity is protected by using session reassemble and session partitioning. The simulation results show that the new model enjoys favorable advantages such as good load balance, higher detection rate and detection efficiency.     

大数据与数字孪生驱动的智慧校园集成设计研究

目的 为解决智慧城市集成化设计中仍存在数据孤岛与智慧决策的相关问题,因此设计了一套以智慧校园创新服务生态为导向的园区集成设计方案,为大数据与数字孪生驱动的智慧城市构建提供建设新思路。方法 研究通过建立智慧校园数据的标准信息模型,采用结构化数据为主的物联网传感器进行部署,并利用大数据与深度学习方法实现校园的智慧大脑,开发了基于Web 3D与数字孪生驱动的人机共融可视化平台,从可操作性角度制定了可执行、可落地的智慧校园设计。结果 从大数据特点切入对智慧校园的构建状况进行分析,建立智慧校园数据的标准化模型,设计了基于GRU-CNN深度学习智慧大脑的Web 3D与数字孪生驱动可视化平台。实验表明该系统具有数据可视化与智能决策功能,能提供给用户沉浸式、多维动态的人机共融交互体验。结论 利用大数据驱动的数字孪生可视化平台可以实现校区一体化运行,增强校园结构的智能化、高效化和人性化,提高使用效率。智慧校园集成平台设计同时可以推动现代化城市进一步完成数据互通互联、数据可视化、智慧服务管理新模式。为当前智慧城市的建设提供技术及理论参照。     

A Double-Compensation-Based Federated Learning Scheme for Data Privacy Protection in a Social IoT Scenario

Nowadays, smart wearable devices are used widely in the Social Internet of Things (IoT), which record human physiological data in real time. To protect the data privacy of smart devices, researchers pay more attention to federated learning. Although the data leakage problem is somewhat solved, a new challenge has emerged. Asynchronous federated learning shortens the convergence time, while it has time delay and data heterogeneity problems. Both of the two problems harm the accuracy. To overcome these issues, we propose an asynchronous federated learning scheme based on double compensation to solve the problem of time delay and data heterogeneity problems. The scheme improves the Delay Compensated Asynchronous Stochastic Gradient Descent (DC-ASGD) algorithm based on the second-order Taylor expansion as the delay compensation. It adds the FedProx operator to the objective function as the heterogeneity compensation. Besides, the proposed scheme motivates the federated learning process by adjusting the importance of the participants and the central server. We conduct multiple sets of experiments in both conventional and heterogeneous scenarios. The experimental results show that our scheme improves the accuracy by about 5% while keeping the complexity constant. We can find that our scheme converges more smoothly during training and adapts better in heterogeneous environments through numerical experiments. The proposed double-compensation-based federated learning scheme is highly accurate, flexible in terms of participants and smooth the training process. Hence it is deemed suitable for data privacy protection of smart wearable devices.     

A Distributed Approach of Big Data Mining for Financial Fraud Detection in a Supply Chain

Supply Chain Finance (SCF) is important for improving the effectiveness of supply chain capital operations and reducing the overall management cost of a supply chain. In recent years, with the deep integration of supply chain and Internet, Big Data, Artificial Intelligence, Internet of Things, Blockchain, etc., the efficiency of supply chain financial services can be greatly promoted through building more customized risk pricing models and conducting more rigorous investment decision-making processes. However, with the rapid development of new technologies, the SCF data has been massively increased and new financial fraud behaviors or patterns are becoming more covertly scattered among normal ones. The lack of enough capability to handle the big data volumes and mitigate the financial frauds may lead to huge losses in supply chains. In this article, a distributed approach of big data mining is proposed for financial fraud detection in a supply chain, which implements the distributed deep learning model of Convolutional Neural Network (CNN) on big data infrastructure of Apache Spark and Hadoop to speed up the processing of the large dataset in parallel and reduce the processing time significantly. By training and testing on the continually updated SCF dataset, the approach can intelligently and automatically classify the massive data samples and discover the fraudulent financing behaviors, so as to enhance the financial fraud detection with high precision and recall rates, and reduce the losses of frauds in a supply chain.     

An Abnormal Network Flow Feature Sequence Prediction Approach for DDoS Attacks Detection in Big Data Environment

Distributed denial-of-service (DDoS) is a rapidly growing problem with the fast development of the Internet. There are multitude DDoS detection approaches, however, three major problems about DDoS attack detection appear in the big data environment. Firstly, to shorten the respond time of the DDoS attack detector; secondly, to reduce the required compute resources; lastly, to achieve a high detection rate with low false alarm rate. In the paper, we propose an abnormal network flow feature sequence prediction approach which could fit to be used as a DDoS attack detector in the big data environment and solve aforementioned problems. We define a network flow abnormal index as PDRA with the percentage of old IP addresses, the increment of the new IP addresses, the ratio of new IP addresses to the old IP addresses and average accessing rate of each new IP address. We design an IP address database using sequential storage model which has a constant time complexity. The autoregressive integrated moving average (ARIMA) trending prediction module will be started if and only if the number of continuous PDRA sequence value, which all exceed an PDRA abnormal threshold (PAT), reaches a certain preset threshold. And then calculate the probability that is the percentage of forecasting PDRA sequence value which exceed the PAT. Finally we identify the DDoS attack based on the abnormal probability of the forecasting PDRA sequence. Both theorem and experiment show that the method we proposed can effectively reduce the compute resources consumption, identify DDoS attack at its initial stage with higher detection rate and lower false alarm rate.     

A Cryptographic-Based Approach for Electricity Theft Detection in Smart Grid

In order to strengthen their security issues, electrical companies devote particular efforts to developing and enhancing their fraud detection techniques that cope with the information and communication technologies integration in smart grid fields. Having been treated earlier by several researchers, various detection schemes adapted from attack models that benefit from the smart grid topologies weaknesses, aiming primarily to the identification of suspicious incoming hazards. Wireless meshes have been extensively used in smart grid communication architectures due to their facility, lightness of conception and low cost installation; however, the communicated packets are still exposed to be intercepted maliciously in order either to falsify pertinent information like the smart meter readings, or to inject false data instead, aiming at electricity theft during the communication phase. For this reason, this paper initiates a novel method based on RSA cryptographic algorithm to detect electricity fraud in smart grid. This new method consists of generating two different cryptograms of one electricity measurement before sending, after which the recipient is used to find the same value after decrypting the two cyphers in a normal case. Otherwise, a fraudulent manipulation could occur during the transmission stage. The presented method allows us to kill two birds with one stone. First, satisfactory outcomes are shown: the algorithm accuracy reaches 100%, from one hand, and the privacy is protected thanks to the cryptology concept on the other hand.     

A Differential Privacy Based (<i>k</i>-Ψ)-Anonymity Method for Trajectory Data Publishing

In recent years, mobile Internet technology and location based services have wide application. Application providers and users have accumulated huge amount of trajectory data. While publishing and analyzing user trajectory data have brought great convenience for people, the disclosure risks of user privacy caused by the trajectory data publishing are also becoming more and more prominent. Traditional k-anonymous trajectory data publishing technologies cannot effectively protect user privacy against attackers with strong background knowledge. For privacy preserving trajectory datapublishing, we propose a differential privacy based (k-Ψ)-anonymity method to defend against re-identification and probabilistic inference attack. The proposed method is divided into two phases: in the first phase, a dummy-based (k-Ψ)-anonymous trajectory data publishing algorithm is given, which improves (k-δ)-anonymity by considering changes of threshold δ on different road segments and constructing an adaptive threshold set Ψ that takes into account road network information. In the second phase, Laplace noise regarding distance of anonymous locations under differential privacy is used for trajectory perturbation of the anonymous trajectory dataset outputted by the first phase. Experiments on real road network dataset are performed and the results show that the proposed method improves the trajectory indistinguishability and achieves good data utility in condition of preserving user privacy.     

A Scalable Approach for Fraud Detection in Online E-Commerce Transactions with Big Data Analytics

With the rapid development of mobile Internet and finance technology, online e-commerce transactions have been increasing and expanding very fast, which globally brings a lot of convenience and availability to our life, but meanwhile, chances of committing frauds also come in all shapes and sizes. Moreover, fraud detection in online e-commerce transactions is not totally the same to that in the existing areas due to the massive amounts of data generated in e-commerce, which makes the fraudulent transactions more covertly scattered with genuine transactions than before. In this article, a novel scalable and comprehensive approach for fraud detection in online e-commerce transactions is proposed with majorly four logical modules, which uses big data analytics and machine learning algorithms to parallelize the processing of the data from a Chinese e-commerce company. Groups of experimental results show that the approach is more accurate and efficient to detect frauds in online e-commerce transactions and scalable for big data processing to obtain real-time property.     

Development and Application of Big Data Platform for Garlic Industry Chain

In order to effectively solve the problems which affect the stable and healthy development of garlic industry, such as the uncertainty of the planting scale and production data, the influence factors of price fluctuation is difficult to be accurately analyzed, the difficult to predict the trend of price change, the uncertainty of the market concentration, and the difficulty of the short-term price prediction etc. the big data platform of the garlic industry chain has been developed. Combined with a variety of data acquisition technology, the information collection of influencing factors for garlic industry chain is realized. Based on the construction of the big data technology platform, the real-time synchronous acquisition, efficient storage and analysis of the planting, market, storage, processing, export and logistics information in five provinces and seven counties are realized. The application of the big data platform for garlic industry chain has realized the accurate acquisition of garlic planting area, the price and trend of market circulation and the information of export information, analyzed the fluctuation regulation of garlic price, and also realized the short-term precision prediction of garlic price.     

Data Analytics and Machine Learning for Smart Process Manufacturing: Recent Advances and Perspectives in the Big Data Era

Safe, efficient, and sustainable operations and control are primary objectives in industrial manufacturing processes. State-of-the-art technologies heavily rely on human intervention, thereby showing apparent limitations in practice. The burgeoning era of big data is influencing the process industries tremendously, providing unprecedented opportunities to achieve smart manufacturing. This kind of manufacturing requires machines to not only be capable of relieving humans from intensive physical work, but also be effective in taking on intellectual labor and even producing innovations on their own. To attain this goal, data analytics and machine learning are indispensable. In this paper, we review recent advances in data analytics and machine learning applied to the monitoring, control, and optimization of industrial processes, paying particular attention to the interpretability and functionality of machine learning models. By analyzing the gap between practical requirements and the current research status, promising future research directions are identified.     

A Middleware for Polyglot Persistence and Data Portability of Big Data PaaS Cloud Applications

Vendor lock-in can occur at any layer of the cloud stack-Infrastructure, Platform, and Software-as-a-service. This paper covers the vendor lock-in issue at Platform as a Service (PaaS) level where applications can be created, deployed, and managed without worrying about the underlying infrastructure. These applications and their persisted data on one PaaS provider are not easy to port to another provider. To overcome this issue, we propose a middleware to abstract and make the database services as cloud-agnostic. The middleware supports several SQL and NoSQL data stores that can be hosted and ported among disparate PaaS providers. It facilitates the developers with data portability and data migration among relational and NoSQL-based cloud databases. NoSQL databases are fundamental to endure Big Data applications as they support the handling of an enormous volume of highly variable data while assuring fault tolerance, availability, and scalability. The implementation of the middleware depicts that using it alleviates the efforts of rewriting the application code while changing the backend database system. A working protocol of a migration tool has been developed using this middleware to facilitate the migration of the database (move existing data from a database on one cloud to a new database even on a different cloud). Although the middleware adds some overhead compared to the native code for the cloud services being used, the experimental evaluation on Twitter (a Big Data application) data set, proves this overhead is negligible.     

大数据时代小微印刷企业的发展策略研究

面对大数据引发的信息革命浪潮及国家文化产业大发展、大繁荣的新形势,我国传统小微印刷企业面临着严峻挑战与历史机遇.我国小微印刷企业普遍存在创新能力欠缺、产业结构不合理、盈利手段单一、抗风险能力较差及污染环境等诸多弊病,小微印刷业应顺应时代潮流,抓住历史机遇,加快由传统加工型产业向现代服务业转型的步伐.我国小微印刷企业可采取融入文化创意元素、丰富印刷文化内涵,对接互联网络平台、探索增值盈利模式,推行全数字化流程、发展绿色按需印刷等科学转型之道,以实现企业的转型升级.     

智慧养老领域隐式交互的应用现状及前景

目的对隐式人机交互在智慧养老领域的应用现状进行梳理,分析其特征及发展前景。方法综合梳理智慧养老交互设计研究现状,分析老年群体的生理心理特征及隐式交互理论基础,结合智慧养老领域典型场景中隐式交互的应用现状及相关课题展开讨论。结论总结出智慧养老领域隐式交互的应用特点,包括涉及较多关键性操作、长期监护及个人数据实时自动采集、第三方介入交互、系统平台建设和社会的参与。推断智慧养老领域隐式交互未来发展方向,即在以物联网、大数据、人工智能为依托的智慧养老领域,隐式交互是满足以人为本设计开发的核心部分,它可以通过生物感应、环境识别、数据挖掘、机器学习、协同共创等方式来实现。新技术应用与落地,数据库建设与共享,将是未来应用研究的关键和热点。     

A Differentially Private Data Aggregation Method Based on Worker Partition and Location Obfuscation for Mobile Crowdsensing

With the popularity of sensor-rich mobile devices, mobile crowdsensing (MCS) has emerged as an effective method for data collection and processing. However, MCS platform usually need workers’ precise locations for optimal task execution and collect sensing data from workers, which raises severe concerns of privacy leakage. Trying to preserve workers’ location and sensing data from the untrusted MCS platform, a differentially private data aggregation method based on worker partition and location obfuscation (DP-DAWL method) is proposed in the paper. DP-DAWL method firstly use an improved K-means algorithm to divide workers into groups and assign different privacy budget to the group according to group size (the number of workers). Then each worker’s location is obfuscated and his/her sensing data is perturbed by adding Laplace noise before uploading to the platform. In the stage of data aggregation, DP-DAWL method adopts an improved Kalman filter algorithm to filter out the added noise (including both added noise of sensing data and the system noise in the sensing process). Through using optimal estimation of noisy aggregated sensing data, the platform can finally gain better utility of aggregated data while preserving workers’ privacy. Extensive experiments on the synthetic datasets demonstrate the effectiveness of the proposed method.     

卫生经济学应用于慢性病防控决策的战略研究

为提高当前慢性病防控体系的效率,更好地遏制慢性病的流行,保护公众健康,2015年中国工程院设立了"卫生经济学应用于慢性病防控决策的战略研究"重大咨询项目。课题组调研发现,作为一种重要的卫生决策工具,卫生经济学在慢性病防控决策过程中尚处于初级应用阶段。对卫生经济学的重要性认识不足,对卫生经济学的方法的掌握和应用能力有限,制约了其在慢性病防控决策中的应用,因此建议建立多元主体参与的卫生经济学研究力量,加强卫生经济学应用于慢性病防控决策的大数据积累及应用研究,提出将卫生经济学应用于我国慢性病防控决策的战略框架。     

A Change-Point Approach for Phase-I Analysis in Multivariate Profile Monitoring and Diagnosis

Process monitoring and fault diagnosis using profile data remains an important and challenging problem in statistical process control (SPC). Although the analysis of profile data has been extensively studied in the SPC literature, the challenges associated with monitoring and diagnosis of multichannel (multiple) nonlinear profiles are yet to be addressed. Motivated by an application in multioperation forging processes, we propose a new modeling, monitoring, and diagnosis framework for phase-I analysis of multichannel profiles. The proposed framework is developed under the assumption that different profile channels have similar structure so that we can gain strength by borrowing information from all channels. The multidimensional functional principal component analysis is incorporated into change-point models to construct monitoring statistics. Simulation results show that the proposed approach has good performance in identifying change-points in various situations compared with some existing methods. The codes for implementing the proposed procedure are available in the supplementary material.