Jie Chen,Ai-dong Xu,Hong Wen,Wen-jie Liu,Yi-xin Jiang,Peng Li,Yu-shan Li

DOI: https://doi.org/10.12783/dteees/icepe2019/28962

2019-01-01

DEStech Transactions on Environment Energy and Earth Science

Abstract:The edge computing performs data processing at the proximity of data collecting nodes, which makes the edge computing devices also face a series of malicious attacking, such as clone node attack, Sybil node attack and so on. However, such malicious attacks are hard to identify by the traditional security measures because the illegal nodes capture the keys of the legal nodes. In order to solve the above problems, a channel information approached malicious node recognition method based on intelligent algorithm for the edge computing is proposed. The novel algorithm is feasible and the recognition accuracy meets the requirements.

Peng Jiang,Hongyi Wu,Cong Wang,Chunsheng Xin

DOI: https://doi.org/10.1109/ICC.2018.8422830

2018-01-01

Abstract:Identity-based attacks such as MAC spoofing are common in wireless networks. The recently developed virtualization technologies bring a new type of MAC spoofing attack, virtual MAC spoofing. This makes it even more challenging to detect such attacks, especially in a tight environment with spatial similarities. In this paper, we design, implement and evaluate a system to effectively detect virtual MAC spoofing attacks via deep learning. A deep convolutional neural network is constructed to extract physical features from CSI obtained from packet transmissions, to detect virtual MAC spoofing attacks. An important merit of the proposed detection system is that this system can distinguish two devices even at the same location, which was not well addressed by previous approaches. Our extensive experimental results demonstrate the effectiveness of the system with an average detection accuracy of 95%, even when devices are co-located.

Tao Zhao,Xiaoyu Ji,Wenyuan Xu,Aidong Xu,Yixin Jiang,Yang Cao

DOI: https://doi.org/10.1109/ei247390.2019.9061849

2019-01-01

Abstract:With the increase of power terminal devices and IoT devices which are accessed to the power grid, their security issues are becoming more and more important. While the microgrid controllers are served as the central core of the entire microgrid, the attacks on microgrid controllers and other power end devices have been launched in recent years. It's obvious that the current safety protection measures for power end devices are insufficient. However, microgrid controllers cannot be protected by traditional intrusion detection systems or anti-virus software. Motivated by these concerns, this paper proposes a non-intrusive malicious code security monitoring scheme based on a power side channel. The core idea is to measure the power consumption data of the microgrid controller, to extract the power consumption feature, and to identify the abnormality sample through CWRNN neural network to determine whether the microgrid controller is attacked or not. The advantage of this method is that it can effectively detect unknown attacks without modifying the original software system. What's more, the method is evaluated in the experimental test, and the detection accuracy can reach to 92%.

Run-Fa Liao,Hong Wen,Jinsong Wu,Fei Pan,Aidong Xu,Huanhuan Song,Feiyi Xie,Yixin Jiang,Minggui Cao

DOI: https://doi.org/10.1109/access.2019.2934122

IF: 3.9

2019-01-01

IEEE Access

Abstract:In this paper, we investigate the security threats in mobile edge computing (MEC) of Internet of things, and propose a deep-learning (DL)-based physical (PHY) layer authentication scheme which exploits channel state information (CSI) to enhance the security of MEC system via detecting spoofing attacks in wireless networks. Moreover, three gradient descent algorithms are adopted to accelerate the training of deep neural networks, which enables smaller computation overheads and lower energy consumptions. In addition, the maximum likelihood function of multi-user authentication method is derived, which explains why cross entropy is chosen as the loss function. The vectorization cost function is also derived. The mini batch scheme and ℓ 2 regularization are adopted to improve training accuracy and avoid over-fitting, respectively. Moreover, the simulation and experimental results show that the DL-based PHY-layer authentication approaches can distinguish multiple legitimate edge nodes from malicious nodes and attacker by CSIs, effectively. Our proposed method supports a better performance compared with the traditional hypothesis test based method.

Yanli Shao,Yang Lu,Dan Wei,Jinglong Fang,Feiwei Qin,Bin Chen

DOI: https://doi.org/10.1155/2022/3301718

2022-07-08

Wireless Communications and Mobile Computing

Abstract:Edge computing is a feasible solution for effectively collecting and processing data in industrial Internet of Things (IIoT) systems, and edge security is an important guarantee for edge computing. Fast and accurate classification of malicious code in the whole lift cycle of edge computing is of great significance, which can effectively prevent malicious code from attacking wireless sensor networks and ensure the stable and secure transmission of data in smart devices. Considering that there is a large amount of code reuse in the same malicious code family, making their visual feature similar, many studies use visualization technology to assist malicious code classification. However, traditional malicious code visual classification schemes have the problems such as single image source, weak ability of deep-level feature extraction, and lack of attention to key image details. Therefore, an innovative malicious code visual classification method based on a deep residual network and hybrid attention mechanism for edge security is proposed in this study. Firstly, the malicious code visualization scheme integrates the bytecode file and assembly file of the malware and converts them into a four-channel RGBA image to fully represent malicious code feature information without increasing the computational complexity. Secondly, a hybrid attention mechanism is introduced into the deep residual network to construct an effective classification model, which extracts image texture features of malicious code from two dimensions of the channel and spatial to improve the classification performance. Finally, the experimental results on the BIG2015 and Malimg datasets show that the proposed scheme is feasible and effective and can be widely applied used in various malicious code classification issues, and the classification accuracy rate is relatively higher than the existing better-performing malicious code classification methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Congqi Shen,Geyang Xiao,Shaofeng Yao,Boyang Zhou,Zhongxia Pan,Hong Zhang

DOI: https://doi.org/10.1109/spac53836.2021.9539933

2021-01-01

Abstract:Current Industrial Internet faces serious threats where attackers propagate malicious flows, resulting in communication failures in the Industrial Internet. In this work, we propose a practical and novel method to detect malicious traffic attack in real time with high accuracy. Our primary idea is to capture network flow, extract adequate network flow features, construct a long short-term memory (LSTM) based deep learning model, and identify the property of the corresponding network flow. Whether the network suffers attack or not is then determined according to the detection results. The corresponding prototype is also implemented in the Industrial Internet which is equipped with Software Defined Networking (SDN). Experimental results validate that the proposed method is effective in defending against malicious traffic attack in real-world network.

Wenjuan Lian,Guoqing Nie,Yanyan Kang,Bin Jia,Yang Zhang

DOI: https://doi.org/10.23919/jcc.2022.02.014

2022-02-01

China Communications

Abstract:In recent years, with the increase in the price of cryptocurrencies, the number of malicious cryptomining software has increased significantly. With their powerful spreading ability, cryptomining malware can unknowingly occupy our resources, harm our interests, and damage more legitimate assets. However, although current traditional rule-based malware detection methods have a low false alarm rate, they have a relatively low detection rate when faced with a large volume of emerging malware. Even though common machine learning-based or deep learning-based methods have certain ability to learn and detect unknown malware, the characteristics they learn are single and independent, and cannot be learned adaptively. Aiming at the above problems, we propose a deep learning model with multi-input of multi-modal features, which can simultaneously accept digital features and image features on different dimensions. The model in turn includes parallel learning of three sub-models and ensemble learning of another specific sub-model. The four sub-models can be processed in parallel on different devices and can be further applied to edge computing environments. The model can adaptively learn multi-modal features and output prediction results. The detection rate of our model is as high as 97.01% and the false alarm rate is only 0.63%. The experimental results prove the advantage and effectiveness of the proposed method.

telecommunications

Wenxin Lei,Aidong Xu,Haojie Lin,Wenjing Hou,Yunan Zhang,Yixin Jiang,Zhongqi Mao,Hong Wen

DOI: https://doi.org/10.1088/1742-6596/1646/1/012131

2020-01-01

Journal of Physics Conference Series

Abstract:Abstract With the continuous deployment of smart grids, various new smart technologies applied to the power grids have emerged, and the security boundaries of the power systems have gradually blurred, so that the power security protection measures urgently need to be updated. Aiming at the smart micro-grid system based on edge computing, this paper introduces a non-intrusive load monitoring (NILM) method, combined with the advantages of edge computing, and designs an online detection mechanism for malicious activities of terminal devices. This method is dedicated to achieving device-level security assurance.

Aidong Xu,Tengyue Zhang,Qicong Yang,Yixin Jiang,Yunan Zhang

DOI: https://doi.org/10.1088/1755-1315/693/1/012007

2021-01-01

IOP Conference Series Earth and Environmental Science

Abstract:With the emergence of various low-latency application scenarios in the Internet of things (IoT), edge computing provides a series of low-latency computing modes such as real-time data processing and real-time decision-making, supports multiple terminals, and solves the problems of the existing cloud computing architecture. This paper proposes a channel fingerprint data packet authentication method based on edge computing cooperation. The edge server and smart terminal perform cooperative computing, make full use of the computing power of the smart terminal, reasonably allocate the amount of computing tasks, and effectively realize lightweight data packet authentication. The task running time is shortened and the authentication efficiency is improved.

S. Arockia Jayadhas,S. Emalda Roslin,W. Florin

DOI: https://doi.org/10.1007/s11082-023-05659-y

IF: 3

2023-12-03

Optical and Quantum Electronics

Abstract:Wireless sensor networks (WMSNs) are becoming increasingly popular in many fields, from academia to transportation, environmental monitoring, wildlife preservation, and military espionage. Therefore, examining potential threats, power consumption, vulnerability recognition, and systemic vulnerability characteristics is essential to develop a reliable information security approach for WSNs. As a result, it is becoming increasingly crucial for the technical community to conduct intrusion recognition method evaluations. Since this is the case, using deep learning techniques in creating intrusion identification and mitigation systems for wireless multimedia sensor networks is essential. This article examines how well different machine learning and deep learning algorithms perform in attack identification systems. Testing the efficacy of different methods on the WMSN-DS database through experimentation is essential. In this work, we combine the power of a Convolutional Neural Network classifier with a Random Forest. To accomplish this, a Convolutional Neural Network with a Random Forest Classifier is used. The intrusion detection system (IDS) is a crucial technique proposed in this study for WMSN. To address this issue, the current study proposal uses deep Learning with a Random Forest classifier to detect and prevent attacks and to promote efficient forwarding in WMSNs. Multiple WMSN assaults have been investigated, and the results of these investigations have been critically evaluated.

engineering, electrical & electronic,optics,quantum science & technology

Xiaoheng Deng,Xinjun Pei,Shengwei Tian,Lan Zhang

DOI: https://doi.org/10.1109/tii.2022.3216818

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:The advent of 5G brought new opportunities to leapfrog beyond current industrial Internet of Things (IoT). However, the ever growing IoT has also attracted adversaries to develop new malware attacks against various IoT applications. Although deep learning-based methods are expected to combat the sophisticated malwares by exploring the latent attack patterns, such detection can be hardly supported by battery-powered end devices, like Andriod-based smartphones. Edge computing enables near-real-time analysis of IoT data by migrating AI-enabled computation-intensive tasks from resource-constrained IoT devices to nearby edge servers, However, due to varying channel conditions and the demanding latency requirements of malware detection, it is challenging to coordinate the computing task offloading among multiple users. By leveraging the computation capacity and the proximity benefits of edge computing, we propose a hierarchical security framework for IoT malware detection. Considering the complexity of AI-enabled malware detection task, we provide a delay-aware computational offloading strategy with minimum delay. Specifically, we construct a coordinated representation learning model, named by Two Stream Attention-Caps (TSA-Caps) to capture the latent behavioral patterns of evolving malware attacks. Experimental results show that our system consistently outperforms the state-of-the-art systems in detection performance on four benchmark datasets.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Subhash Mondal,Subinoy Mukherjee,Suharta Banerjee

DOI: https://doi.org/10.1007/978-981-16-4435-1_30

2021-08-03

Abstract:Internet of Things is the most promising technology that is trying to transform the way in which we live and is expected to seamlessly get integrated into our environment. However, securing the IoT devices from attacks is the prime concern for researchers today. Securing IoT systems from malicious attacks is the most challenging task as attacks like DoS or DDoS are distributed in nature. In this paper we have proposed an architecture based on ML that will identify the malicious nodes which in turn will provide pre-authentication and access control, thus preventing unauthorized access of IoT resources. We have mainly emphasized on the trade-off between time, memory, and accuracy of ML algorithms for achieving better performance.

Naila Mukhtar,Ali Mehrabi,Yinan Kong,Ashiq Anjum

DOI: https://doi.org/10.1002/cpe.6764

2021-12-07

Concurrency and Computation: Practice and Experience

Abstract:The processing of locally harvested data at the physically accessible edge devices opens a new avenue of security threats for edge enhanced analytics. Cryptographic algorithms are used to secure the data being processed on the edge device. However, the implementation weakness of the algorithms on the edge devices can lead to side‐channel attack vulnerability, which is exacerbated with the application of machine‐learning techniques. This research proposes a deep learning‐based system integrated at the edge device to identify the side‐channel leakages. To design such a deep learning‐based system, one of the challenges is formulating the suitable attack model for the underlying target algorithm. Based on the previous findings, three machine learning‐based side‐channel attack models are curated and investigated for the edge device security evaluations. As a test case, the standard elliptic‐curve cryptographic algorithm is selected. Moreover, quantitative analysis is provided for the best attack model selection using standard machine‐learning evaluation metrics. A comparative analysis is performed on the raw unaligned data samples and reduced feature‐engineered samples using edge enhanced security analytics. The investigation concludes that the vulnerable algorithm implementation can lead to the secret key recovery from the edge device, with 96% accuracy, using a neural‐network‐based algorithm to analyse side‐channel attacks.

Hong Wen,Xiaochun Zhang,Lei Cai,Jie Tang,Xiping Zhu,Yixin Jiang,Xiaobin Guo

DOI: https://doi.org/10.1109/cns.2013.6682737

2013-01-01

Abstract:In this paper, we introduce a novel malicious nodes detection scheme in the smart meter system by the channel responses between nodes. By extraction the channel information of the different nodes and comparison them, the rough position of the nodes can be distinguished. When we detect the nodes located in the different position along with one ID or several nodes with different ID located in the same position, the malicious node attacks happened. The proposed schemes aim at achieving fast detection and minimizing the data transmission cost by taking advantage of temporal and spatial uniqueness in physical layer channel responses.

Trong-Minh Hoang,Trang-Linh Le Thi,Nguyen Minh Quy

DOI: https://doi.org/10.12720/jait.14.1.153-159

2023-01-01

Journal of Advances in Information Technology

Abstract:To meet the growing number and variety of IoT devices in 5G and 6G network environments, the development of edge computing technology is a powerful strategy for offloading processes in data servers by processing at the network and nearby the user. Besides its benefits, several challenges related to decentralized operations for improving performance or security tasks have been identified. A new research direction for distributed operating solutions has emerged from these issues, leading to applying Distributed Machine Learning (DML) techniques for edge computing. It takes advantage of the capacity of edge devices to handle increased data volumes, reduce connection bottlenecks, and enhance data privacy. The designs of DML architectures have to use optimized algorithms (e.g., high accuracy and rapid convergence) and effectively use hardware resources to overcome large-scale problems. However, the trade-off between accuracy and data set volume is always the biggest challenge for practical scenarios. Hence, this paper proposes a novel attack detection model based on the DML technique to detect attacks at network edge devices. A modified voting algorithm is applied to core logic operation between sever and workers in a partition learning fashion. The results of numerical simulations on the UNSW-NB15 dataset have proved that our proposed model is suitable for edge computing and gives better attack detection results than other state of the art solutions.

English Else

Minh T. Hoang,Nhan V. Nguyen,Thu A. Pham,Tra T. Nguyen,Tuan M. Dang,Hoang N. Nguyen

DOI: https://doi.org/10.15837/ijccc.2024.5.6767

IF: 2.635

2024-09-02

International Journal of Computers Communications & Control

Abstract:Edge computing is essential for 6G mobile networks for improving reliability, reducing data rates and latency, and enhancing mobile connectivity. Edge computing is also meant to meet the increasing demands of the Internet of Things (IoT)/ Internet of Everything (IoE). In these approaches, IIoT systems necessitate precision, reliability, and scalability, while vulnerabilities in IIoT systems may lead to financial losses and safety hazards. To tackle this, Edge AI/ML-based IDSs provide adaptability and robustness for IIoT security challenges. These solutions improve security levels, threat detection rates, and response times. However, main issues such as limited resources and the accuracy of attack detection rate are challenged nowadays. In this paper, we present contributions in proposing an intrusion detection system (IDS) for edge devices deploying a lightweight deep neural network to detect IIoT attacks. We present performance analysis of the typical dimensionality reduction methods and balancing data features of the Edge-IIoT dataset to get higher performance metrics than other state-of-the-art studies.

computer science, information systems,automation & control systems

Maoli Wang,Bowen Zhang,Xiaodong Zang,Kang Wang,Xu Ma

DOI: https://doi.org/10.3390/math11183951

IF: 2.4

2023-09-18

Mathematics

Abstract:The proliferation of smart devices in the 5G era of industrial IoT (IIoT) produces significant traffic data, some of which is encrypted malicious traffic, creating a significant problem for malicious traffic detection. Malicious traffic classification is one of the most efficient techniques for detecting malicious traffic. Although it is a labor-intensive and time-consuming process to gather large labeled datasets, the majority of prior studies on the classification of malicious traffic use supervised learning approaches and provide decent classification results when a substantial quantity of labeled data is available. This paper proposes a semi-supervised learning approach for classifying malicious IIoT traffic. The approach utilizes the encoder–decoder model framework to classify the traffic, even with a limited amount of labeled data available. We sample and normalize the data during the data-processing stage. In the semi-supervised model-building stage, we first pre-train a model on a large unlabeled dataset. Subsequently, we transfer the learned weights to a new model, which is then retrained using a small labeled dataset. We also offer an edge intelligence model that considers aspects such as computation latency, transmission latency, and privacy protection to improve the model's performance. To achieve the lowest total latency and to reduce the risk of privacy leakage, we first create latency and privacy-protection models for each local, edge, and cloud. Then, we optimize the total latency and overall privacy level. In the study of IIoT malicious traffic classification, experimental results demonstrate that our method reduces the model training and classification time with 97.55% accuracy; moreover, our approach boosts the privacy-protection factor.

mathematics

Wenxin Lei,Wenjing Hou,Aidong Xu,Yixin Jiang,Hong Wen,Yunan Zhang

DOI: https://doi.org/10.1145/3448734.3450781

2021-01-01

Abstract:Edge computing is now widely applied in industrial IoT to enable fast response and resolution of services for end-user applications in the interconnected world of things. However, edge computing devices are highly vulnerable to attacks due to their proximity to ends with large amounts of private user information and rich digital assets. The purpose of this paper is to propose a situational awareness approach for edge computing devices to protect the security of edge devices. An example is implemented, and the results show that the situational awareness model can accurately detect the attacks encountered by edge devices.

Shenqiang Wang,Zhaowei Liu,Haiyang Wang,Jianping Wang

DOI: https://doi.org/10.1186/s13677-023-00466-y

2023-06-16

Journal of Cloud Computing

Abstract:The rapid development of blockchain technology has garnered increasing attention, particularly in the field of edge computing. It has become a significant subject of research in this area due to its ability to protect the privacy of data. Despite the advantages that blockchain technology offers, there are also security threats that must be addressed. Attackers may manipulate certain nodes in the blockchain network, which can result in tampering with transaction records or other malicious activities. Moreover, the creation of a large number of false nodes can be utilized to gain control and manipulate transaction records of the blockchain network, which can compromise the reliability and security of edge computing. This paper proposes a blockchain node detection method named that provides a more secure, credible, and reliable solution to address these challenges. In order to achieve , a transaction dataset that is evenly distributed in both space and time was collected. The transaction dataset is constructed as a transaction graph, where nodes represent accounts and edges describe transactions. BP neural network is used to extract account features, and a random walk strategy based on transaction time, type, and amount is used to extract transaction features. The obtained account features and transaction features are fused to obtain account representation. Finally, the obtained node representation is fed into different classifiers to identify malicious nodes.

Xueying Han,Song Liu,Junrong Liu,Bo Jiang,Zhigang Lu,Baoxu Liu

DOI: https://doi.org/10.1109/tifs.2024.3426304

IF: 7.231

2024-07-20

IEEE Transactions on Information Forensics and Security

Abstract:Malicious traffic detection in the real world faces the challenge of dealing with a diverse mix of known, unknown, and variant malicious traffic, requiring methods that are accurate, generalizable, and reliable for identifying both known and emerging threats. However, existing methods are unable to fully meet these requirements. Supervised methods can accurately detect known malicious traffic, but their performance declines significantly when encountering unknown attacks. Additionally, the misclassification is usually silent, leading to doubts about the reliability and practicality. Unsupervised methods can deal with unknown attacks, but their high false positive rate and inability to utilize the knowledge of existing attack data constitute obvious shortcomings. To overcome these limitations, we propose ECNet, an end-to-end robust malicious network traffic detection method. Particularly, ECNet incorporates multi-view features, including content and pattern features, and employs a gated-based feature fusion approach, providing an efficient and robust representation. Moreover, ECNet introduces a confidence mechanism and combines category probability and confidence values during training and detection; therefore, it can accurately detect both known and unknown malicious traffic while ensuring the credibility of results. To validate the performance of ECNet, we conduct comprehensive experiments on six reorganized datasets and compare ECNet with seven state-of-the-art methods. The results demonstrate that ECNet outperforms others, particularly showing significant improvements in detecting unknown attacks, with up to a 14.15% increase in F1 compared to the best-performing method.

computer science, theory & methods,engineering, electrical & electronic