ABSTRACT. Confidential information firewalling with text classifiers is to recognize the text containing confidential information whose publication might pose a threat to national security, business trade, or personal life. Word embedding is a component of the detector and plays an important role. Existing word embeddings, e.g., Word2Vec, fail to learn a clear task classification boundary, i.e., the confidential polarities of words are opposite but the embedding vectors of the words are close to each other. We propose a confidentiality-oriented word embedding, CES2Vec, for confidential information detection. We embed confidentiality into semantics to catch both of them together, which can learn the word embedding with a clear task classification boundary. We use real-world data from WikiLeaks and conduct the comparison experiments of our CES2Vec and popular methods. The experimental results show that our proposed method is better than the previously reported methods in detecting confidential information.

ABSTRACT. The Internet of Things (IoT) is more and more present in fundamental aspects of our societies and personal life. Billions of objects now have access to the Internet. This networking capability allows for new beneficial services and applications. However, it is also the entry-point for a wide variety of cyber-attacks that target these devices. The security measures present in real IoT systems lag behind those of the standard Internet. Security is sometimes completely absent. Moving Target Defense (MTD) is a 10-year-old cyber-defense paradigm. It proposes to randomize components of a system. Reasonably, an attacker will have a higher cost attacking an MTD-version of a system compared with a static-version of it. Even if MTD has been successfully applied to standard systems, its deployment for IoT is still lacking. In this paper, we propose a generic MTD framework suitable for IoT systems: IANVS (pronounced Janus). Our framework has a modular design. Its components can be adapted according to the specific constraints and requirements of a particular IoT system. We use it to instantiate two concrete MTD strategies. One that targets the UDP port numbers (port-hopping), and another a CoAP resource URI. We implement our proposal on real hardware using Pycom LoPy4 nodes. We expose the nodes to a remote Denial-of-Service attack and evaluate the effectiveness of the IANVS-based port-hopping MTD proposal.

Video of Talk: https://www.youtube.com/watch?v=XKW0GRU4VRc

ABSTRACT. When working with joint collections of confidential data from multiple sources, e.g., in cloud-based multi-party computation scenarios, the ownership relation between data providers and their inputs itself is confidential information. Protecting data providers' privacy desires a function for secretly shuffling the data collection. We present the first efficient secure multi-party computation protocol for secret shuffling in scenarios with a central server. Based on a novel approach to random index distribution, our solution enables the randomization of the order of a sequence of encrypted data such that no observer can map between elements of the original sequence and the shuffled sequence with probability better than guessing. It allows for shuffling data encrypted under an additively homomorphic cryptosystem with constant round complexity and linear computational complexity. Being a general-purpose protocol, it is of relevance for a variety of practical use cases.

ABSTRACT. In the communication environment of smart homes, personal data, control messages, and sensitive data are transmitted through wireless sensor networks (WSNs). Therefore, to prevent an invasion of privacy, communication has to be encrypted, and the data have to be stored securely. In this paper, we propose a new secure privacy-preserving authentication scheme for smart homes. we propose the concept of non-interactive chaotic zero-knowledge (NCZIP) and use it for our scheme to resist ephemeral secrets leakage (ESL) impersonation attack, which assures that the adversary can extract the sensitive information stored in gateway note, and use it to impersonate as a legal user. In addition, the formal security analysis Random-or-real is used to prove that our scheme is secure against different known attacks. In the end, according to the experiment, our scheme has low computation and communication costs compare with other related schemes.

ABSTRACT. In a website fingerprinting attack, an eavesdropper analyses the traffic between the Tor user and entry node of the Tor network to infer which websites the user has visited. Some recent work apply deep learning algorithms, however, most of them do not fully exploit the packet timing information. In this work, we propose a novel website fingerprinting attack based on a two-channel Temporal Convolutional Networks model that extracts features from both the packet sequences and packet timing information. Our attack is proved to perform better compared to the state-of-the-art attacks. Experiment results also show that the timing information is very useful for classification. Furthermore, we collect our own traffic traces between client and entry node, and transform them into three extraction layers: TCP, TLS and Tor cell layer, and meanwhile record Tor's cell log at the entry node. The experimental results show that the data of the cell layer is the most divisible among the three layers. Based on the experimental results, we conclude that the adversary at the entry node has an advantage over the one who just listens to traffic between client and entry node.

ABSTRACT. Current IoT services include industry-oriented services, which often require objects to run more than one task. However, the exponential growth of objects in IoT poses the challenge of distributing and managing task allocation among objects. One of the main goals of task allocation is to improve the quality of information and maximize the tasks to be performed. Although there are approaches that optimize and manage the dynamics of nodes, not all consider the quality of information and the distributed allocation over the cluster service. This paper proposes a mechanism called CONTASKI for task allocation in IoT networks in order to distribute task tasks among objects. It relies on collaborative consensus strategies to allocate tasks and similarity capabilities to determine which objects can play in accomplishing those tasks. CONSTAKI was evaluated on NS-3 and achieved 100% efficiency of allocated tasksand, on average, more than 80% clusters performed tasks.

ABSTRACT. Nowadays, most Internet of Things (IoT) devices collect multiple features and produce multivariate time series. In an IoT application, the mining and classification of the collected data have become crucial tasks. Hybrid LSTM-fully convolutional networks (MLSTM-FCN) provide state-of-the-art classification results on multivariate time series benchmarks. This paper examines the use of the DenseNet architecture, originally proposed for computer vision applications, for the classification of multivariate time series. More precisely, this paper proposes a hybrid LSTM-DenseNet model that is able to achieve the performance of the state-of-the-art models and surpass them in many situations, based on the results obtained from various experiments on 15 benchmark datasets. Thus, this paper suggests the 1D DenseNet as a potential tool to be considered by machine learning engineers and data scientists for IoT time series classification task.

ABSTRACT. In this paper we propose new real time architectures for monitoring underwater oil and gas pipelines by using Underwater Wireless Sensor Network (UWSN). These new monitoring architectures combine a real time UWSN with nondestructive In Line Inspection (ILI) technology. Having a communication between UWSN and In Line Inspection tools adds a meaningful feature that allows the Underwater Wireless Sensor Network delivers the crucial information regarding pipeline failures in up to minutes. Currently, there is not an established communication system between Underwater Wireless/Wired Sensor Network and In Line Inspection Tools. Nowadays, the ILI tool has proven invaluable for inspecting extensive pipelines to detect the location and size of distinct failures. Therefore, pipeline’s owner inserts the ILI or smart pigs and wait until it arrives to its destination (a control station) and then they analyze its data. The size of gathered data is considered as a big data which requires amount of time to study the status of the pipeline. However, these proposed architectures will help in reducing the time of detecting the pipeline’s defects such as cracks, corrosions, welds, and pipeline’s wall thickness by improving data transfer from the pipeline to the processor to extract useful information and deliver it to the onshore main station. Hence, decreasing delays in default detection.

ABSTRACT. This paper proposes an adaptive sensing algorithm for long-term IoT applications. The objective is to satisfy data and temporal accuracy requirements while prolonging the lifetime of battery-powered devices with energy-hungry transmission modules. The algorithm is based on the Send-on-Delta (SoD) technique combined with a GM(1,1) prediction and considers a moving temporal window and outliers removal. Numerical results show the superiority of our algorithm with respect to a linear approximation. The effectiveness of the proposal is demonstrated in terms of adaptability, accuracy, and reduction of data transfer. This is of particular relevance for applications requiring long sensing periods and high sampling rate.

Talk in video 

http://people.irisa.fr/Tayeb.Lemlouma/iscc2020IoT/

ABSTRACT. Wireless power transfer based on charging unmanned aerial vehicles (CUAVs) is a promising method for enhancing the lifetime of wireless rechargeable sensor networks (WRSNs). However, how to deploy the CUAVs so that enhancing the charging efficiency is still a key issue. In this work, we formulate a CUAV deployment optimization problem (CUAVDOP) to jointly increase the number of the sensor nodes that within the charging scopes of CUAVs, improve the minimum charging efficiency in the network and reduce the motion energy consumptions of CUAVs. Moreover, the formulated CUAVDOP is analyzed and proofed as NP-hard. Then, we propose an improved firefly algorithm (IFA) to solve the formulated CUAVDOP. IFA introduces two improved items that are the attraction model and adaptive step size factor to enhance the performance of conventional firefly algorithm, so that making it more suitable for CUAVDOP. Simulation results demonstrate that the proposed algorithm is effective for the formulated joint optimization. Moreover, the performance of IFA is better than some other algorithms.

ABSTRACT. With the popularization of intelligent hardware, wireless sensor networks have led to mobile crowdsensing (MCS) systems, which provide solutions for large-scale and complex urban data collection. Task distribution is the most important part of intelligent hardware applications. MCS can improve the task distribution efficiency by accurately predicting the location of a perceived user for task distribution. This paper proposes a task location estimator based on a variable-order Markov time window sensing (TEMTWS) algorithm. This method is based on time window modeling, and the association between user tasks is established by sensing the historical track data of user execution tasks. First, the task execution frequency and task vector are calculated, and the organizer at each position is selected. To obtain more perceptual users, similarity estimation is performed on the users and organizers within the time window, and users with high relevance are grouped into the same cluster. An experiment is conducted with the Gowalla dataset to verify the algorithm. The results show that the proposed algorithm outperforms the standard Markov K-means algorithm and K means-GA algorithm in terms of the prediction accuracy.

ABSTRACT. In a world where Artificial Intelligence revolutionizes inference, prediction and decision-making tasks, Digital Twins emerge as game-changing tools. A case in point is the development and optimization of Cooperative Intelligent Transportation Systems (C-ITSs): a confluence of cyber-physical digital infrastructure and (semi)automated mobility. Herein we introduce Digital Twin for self-dRiving Intelligent VEhicles (DRIVE). The developed framework tackles shortcomings of traditional vehicular and network simulators. It provides a flexible, modular, and scalable implementation to ensure large-scale, city-wide experimentation with a moderate computational cost. The defining feature of our Digital Twin is a unique architecture allowing for submission of sequential queries, to which the Digital Twin provides instantaneous responses with the “state of the world”, and hence is an Oracle. With such bidirectional interaction with external intelligent agents and realistic mobility traces, DRIVE provides the environment for development, training and optimization of Machine Learning based C-ITS solutions.

ABSTRACT. In this paper, we address a fundamental problem in vehicular networks, which consists of sending messages from a source vehicle to a destination vehicle. This problem becomes even more complex in the absence of fixed infrastructure or any other controlling entity. Although there are some solutions in the literature to work around this problem, they can cause significant network overhead and generate an amount of redundant data. In this regard, we develop a routing protocol that considers individual vehicular mobility as a determining factor for routing decisions. Through simulations using realistic vehicular mobility trace, we have observed that our strategy considerably decreases network overhead and the number of hops between source and destination while maintaining similar values for delivery ratio and latency.

ABSTRACT. Multifunction Vehicle Bus (MVB) is a highly robust real-time field bus for rail vehicles. On MVB, periodic process data and sporadic message data are transmitted in the form of telegrams. The main focus of this paper is the development of heuristic scheduling algorithms for periodic telegrams on MVB. We first propose two heuristics that find the best location of individual telegrams in the MVB schedule based on different criteria. Then, we introduce a new swap operation that allows improving MVB schedules by exchanging the locations of telegrams. A comprehensive evaluation based on a large number of test cases shows that the proposed heuristics are able to find feasible and close-to-optimal MVB schedules with practical computation times. In particular, our heuristics clearly outperform an existing ILP formulation, that cannot find optimal or even feasible schedules in cases with large telegram sets.

ABSTRACT. Emergency services play an important role in the intelligent transportation systems based on mobile communication networks in smart cities, but the characteristics of Vehicular Ad-hoc Networks (VANETs), such as high mobility, intermittent connectivity, scalability and constant changes in network topology make this type of message dissemination a challenge. To improve emergency message dissemination between vehicles, we are proposing strategies that take advantage of the location, direction, speed, number of vehicles' neighbors and characteristics of the region of the city, so that the message reaches all vehicles in the shortest time with the lowest network overhead. To show the effectiveness of our strategies, we have been deployed a platform composed by SUMO, a vehicular network emulator and a connectivity aggregation tool. Our results with this platform show a delivery rate between 92% and 100% at various densities and vehicle speeds, for various zone sizes of relevance and range of the communication technology.

ABSTRACT. This paper presents a new blind spectrum sensing (SS) algorithm based on a machine learning model: the radial basis function support-vector machines (RBF-SVM). As features, the introduced approach uses statistical tests that are based on the eigenvalues of the received signals covariance matrix. Since the decision on the frequency resource occupancy is in fact an issue of labeling binary data, SVM is intended as a potential technique for SS paradigm. The flexibility of SVM for linearly non-separable and high dimensional data makes it a good candidate for our issue, particularly that we consider low signal to noise ratios (SNR). Computer simulations shows that the proposal outperforms classical non-cooperative SS algorithms.

ABSTRACT. Sleeping cell problem refers to the degradation or unavailability of network services without triggered alarm, which is one of the most critical issues in current mobile networks. This problem is generally not detectable by the operators but only revealed after users' complaints occur. Therefore, it leads to the degradations of network performance in the service provision in the long run. To address this problem, we introduce a cloud-based sleeping cell detection platform into radio access networks (RANs) to detect the sleeping cells and deal with them automatically. In the cloud RANs (C-RANs), we combine and improve different methods employed in the pioneering studies in this field, and creatively use labeled training data and ensemble learning method for improving the accuracy. Particularly, we utilize expert optimization experience for further improving the detection framework. To evaluate the proposed ensemble learning based sleeping cell detection framework, we use a time-series dataset of Key Performance Indicator (KPI) in a real-world network. Trace-driven evaluation results show that the proposed framework can achieve up to 14.38\% and 20.50\% improvements compared with two existing schemes, respectively.

ABSTRACT. Anomaly detection on attributed networks aims to differentiate rare nodes that are significantly different from the majority. It plays an important role in various practical scenarios, such as intrusion detection and fraud detection. However, existing graph-based methods mainly adopt shallow models, which cannot capture the highly non-linear interactions between nodes in an attribute network consisting of different information modalities. To tackle the above issues, in this paper, we propose a novel deep model named DeepAE for anomaly detection which (a) can capture the high non-linearity in both topological structure and nodal attributes through graph convolutional autoencoder, (b) fully exploits the intrinsic information of the network with the description of various proximities, (c) and preserve the differ- ences between anomalies and the majority by applying Laplacian sharpening. We perform anomaly detection by measuring the reconstruction errors of nodes. Experimental results on real- world datasets demonstrate that DeepAE outperforms the state- of-art baselines.

ABSTRACT. In the past decades, various approaches have been proposed to address the time series prediction problem, among which nonlinear autoregressive exogenous (NARX) models achieve great progresses in one-step time prediction. Although NARX models are capable of capturing long-term dependence of the time series data, the impact of associated attributes lacks enough attention. To cope with this issue, in this paper we propose a Multi-Attention algorithm based Recurrent Neural Network (RNN) to perform multivariate time series forecasting. In the first stage, given a raw multivariate time series segment, we obtain both relevant encoder hidden state and encoder hidden state of the associated attribute by employing input-attention and self-attention respectively. In the second stage, we use temporal-convolution-attention neural network to process the encoder hidden states and capture long-range temporal patterns. Finally, extensive empirical studies tested with four real world datasets (NASDAQ100, SML2010, Gas Sensor Array Temperature Modulation and Air Quality) demonstrate the effectiveness and robustness of our proposed approach.

ABSTRACT. Documents are constantly being processed within supply chains in various industries throughout the globe. Within those documents, often times the most important content is stored in tabular format. Therefore an automated technique for supply chain document processing is highly desired. Deep learning approaches show promise to deliver an end-to-end extraction model. However, it has been shown that tabular detection accuracy is not always correlated to tabular localization accuracy. Portions of the desired tabular information can easily be cropped out due to a lack of localization accuracy. In this paper, we propose a two stage convolutional neural network-based deep learning framework to improve tabular localization accuracy. We use pre-trained backbone network ResNet-50 and then apply transfer learning to fit our application. One of our main contributions is the introduction of the KL loss function into Faster-RCNN. Once the bounding box variances are output, we introduce a voting procedure with soft-non-maximum suppression (Soft-NMS) to improve localization performance. The proposed framework is trained and evaluated on public and private datasets that span from scientific documents to various electronic components. Our test results show that the precision of tabular detection can be improved by 1.2% while achieving the same recall as other state-of-the-art models on the public ICDAR2013 dataset. Furthermore, a large improvement in precision has been achieved at extremely high intersection over union (IoU) thresholds (i.e. 95%). Thus, 10% higher precision is achieved at 95% IoU for ICDAR2013. For another public dataset, namely ICDAR2017, 8.4% higher precision is achieved at 95% IoU .

ABSTRACT. In a quite short time after its envisioning, Information Centric Networking paradigm seems to be a standing reality: name-driven primitives have been defined to support networking functionalities and a few architectures have been implemented. In fact, a content consumer can now search for a data item by name and completely disregard its IP address. But the question to raise is: is this searching mechanism really information-centric or is it rather name-centric only? This paper defines the requirements enabling the transition to a paradigm for content exchange which is exclusively based on information. A running example, based on the Web of Data, has been illustrated to describe the key functionalities of the proposed approach. The envisioned solution grounds on a mechanism to embed content in names which, notably, is architecture-agnostic and can run on top of all existing ICN flavors designed so far. This mechanism supports a semantic-based retrieval of content, that returns a list of contents potentially satisfying the consumer, incrementing retrieval precision and recall. The enhancement in terms of recall comes at the cost of a communication overhead, which has been analytically modeled and estimated in this paper.

ABSTRACT. The availability of computing resources has significantly changed due to the growing adoption of the cloud computing paradigm. Aiming at potential advantages such as cost savings through the pay-per-use method and resource allocation in a scalable/elastic way, we witnessed consistent efforts to execute high-performance computing (HPC) applications in the cloud. Performance in this environment depends heavily upon two main system components: processing power and network interconnection. If, on the one hand, allocating more powerful hardware theoretically boosts performance, on the other hand, it increases the allocation cost. In this paper, we evaluated how the network interconnection impacts on performance and cost efficiency. Our experiments were carried out using NAS ParallelBenchmarks and Alya HPC application on Microsoft Azure public cloud provider, with three different cloud instances/network interconnections. The results revealed that through the use of the accelerated networking approach, which allows the instance to have a high-performance interconnect without additional charges, the performance of HPC applications can be significantly improved with a better cost efficiency.

ABSTRACT. Explosively increasing multimedia services and applications, e.g., automatic speech recognition (ASR), have aggravated the burden on the cloud server in mobile networks. To address the challenge, mobile edge computing has emerged for partially alleviating the workload of the cloud server and enhancing the quality of service of mobile users. In this paper, we aim to employ the technique of edge-cloud computing to accelerate the processing of ASR tasks generated by users in mobile networks. Particularly, we deploy a convolutional neural network based encoder in each edge server to extract features of the audio data. Based on some certain network constraints (i.e., user association and edge servers' storage/computing capacity), we propose a low-complexity and distributed iterative greedy method to address the formulated nonlinear mixed-integer nonconvex optimization problem. Simulation results demonstrate the effectiveness of the proposed scheme on reducing the total delay in the network.

ABSTRACT. The continuous growing and the heterogeneity of the Internet of Things devices is an increasing concern in Fog Computing, where the nodes tend to stay overloaded, what compromises the responses times. In response to this challenge, we propose an Architecture Model for Fog Computing and a new Priority Load Balancer that aims to increasing the fog nodes efficiency. Our research combines tasks information and dynamics computational load in order to reduce the response time of the Fog Computing. Results show that the proposed solution have the best response time when compared to scenario with direct and round-robin strategies. Experiments with three Fog Nodes types using three different Task sizes and three different quantities of requests for sensors show that our proposed load balancer was able to reduce the response time of high priority tasks by more than 56% compared to others balancers.

ABSTRACT. Many organizations and enterprises use cloud databases to store data to improve management efficiency and save costs. However, cloud service providers may hide the fact that data integrity has been compromised for protecting their business reputation. Thus, how to verify the data integrity of cloud database in an effective way is very important for data owner. Existing integrity verification methods usually require cloud service provider to develop additional interfaces which are hard to be actually deployed. In addition, they cannot effectively detect tampering and deletion of a small amount of data. This paper presents a novel probabilistic integrity verification scheme (called PIV4DB) to address above challenges. Different from traditional methods, PIV4DB efficiently verifies the data integrity of cloud database by randomly selecting part of groups of tuples instead of querying all the tuples. Experimental results demonstrated that with validating 0.5\% among 100k groups, PIV4DB could detect the corruption with 99\% probability when the integrity of 920 out of billions of tuples are compromised. In addition, PIV4DB dose not need extra cooperation with cloud service provider by just adding a new column of random numbers to the database and only using standard SQL statements to verify integrity.

ABSTRACT. With increasingly complex activities, scientific workflows are becoming more data-intensive. In this context, may require a collaborative, distributed or high performance (HPC) environment such as grids or clouds for their execution. Considering its extensibility feature, resources pool and pay-to-use, cloud computing environments have been increasingly adopted. Scientists are formulating their scientific experiments in a collaborative way, provisioning resources (software, hardware) and managing large volumes of data, based on cloud infrastructures. In data-driven collaborative scientific experiments, aspects such interoperability, privacy and trust in shared provenance data should be considered to allow the reproducibility of the results. In this paper, we present the BlockFlow architecture, which aims to bring trust to scientists of a scientific ecosystem platform (E-SECO) in the execution of their collaborative scientific experiments on cloud platforms.

ABSTRACT. As an essential task for network management and security, network traffic classification has attracted increasing attention in recent years. Traditional traffic classification methods achieve certain success in identifying specific application traffic but fail with un-predefined unknown classes. Existing unknown traffic discovery methods commonly pick out some unlabeled testing data as part of training data to train the classification models, which is not in line with the real-world open environments. In this paper, we propose a novel scheme named SEEN to achieve unknown traffic detection in network traffic classification. There are three crucial phases in the SEEN: unknown discovery, unknown clustering, and system update. In the first step, using a metric-based approach with siamese network, SEEN identifies unknown traffic as well as accurately classifies the traffic generated by pre-defined application classes. After discovery, unknown traffic is automatically clustered into more fine-grained categories in the unknown clustering step. In the system update step, inspired by low-shot learning, SEEN allows new classes to be added or unnecessary known classes to be deleted quickly without retraining from the sketch, which can complement the system’s knowledge. Experimental results exhibit that SEEN can achieve outstanding performances both on known and unknown traffic identification on two open real-world datasets, and the proposed scheme can address the problem of unknown traffic effectively.

ABSTRACT. To mitigate bufferbloat in the Internet, which is connected with frequent overfilling of large buffers in routers, IETF recommends application of active queue management methods for queues of packets. An important subclass of such methods exploits the dropping function. Namely, an arriving packet can be dropped randomly, with probability depending on the queue length upon its arrival. Several types of the dropping function have been proposed so far, including a linear one, doubly linear, exponential, quadratic, cubic, mixed and others. In most cases, however, the performance of the queue with a particular form of the dropping function was tested using a simulator, instead of real traffic and devices. Moreover, traffic scenarios were different in different studies. The purpose of this paper is to fill this gap. We present results of laboratory experiments with real traffic and devices. Firstly, all popular dropping function types were implemented in a device equipped with the DPDK technology for fast packet processing. Then, the performance of each dropping function was tested using a hardware traffic generator and a set of different traffic scenarios. In every run, several detailed performance characteristics were obtained. This allowed us to compare different aspects of the performance of different functions and single out their strong and weak points.

ABSTRACT. This paper deals with the computation of integrals of centred bivariate Gaussian densities over any domain defined as an angular sector of $\mathbb{R}^2$. Based on an accessible geometrical approach of the problem, we suggest to transform the double integral into a single one, leading to a tractable closed-form expression only involving trigonometric functions. This solution can also be seen as the angular cumulative distribution of bivariate centered Gaussian variables $(X,Y)$. We aim to provide a didactic approach of our results, and we validate them by comparing with those of the literature.

ABSTRACT. Network traffic plays a critical role in network planning and control. The researchers assume that traffic from Ethernet and other IP-related networks have a self-similar nature: high-variability and long-term correlations. Many studies try to model these characteristics for simulation and further optimization. One of the most straightforward approaches to model these characteristics is to consider ON/OFF sources (packet-train), where ON- and OFF-periods are i.i.d., generated with random heavy-tailed distributions. Using information theory quantifiers, in particular the Causality Complexity-Entropy Plane, we show that heavy-tailed distributions do not capture most of the network traffic dynamics. They only reproduce the stochastic dynamics of traffic, which accounts for one of the smallest parts of it. We conduct this study by observing the Abilene dataset, fitting the LogNormal and LogLogistic distributions, and evaluating them onto Causality Complexity-Entropy Plane in comparison with $1/f$-noise, which is one of the most observed long-term correlated noises in nature stochastic processes. Also, to enhance our illustrated results, we use the k-nearest-neighbors (kNN) to classify the real and generated traffic according to the results obtained.

ABSTRACT. The growing popularity of heterogeneous applications on the Internet, added to new information and communication technologies, has driven the exhaustion of the physical limitations of the Internet backbone. To overcome these limitations, emerged the Elastic optical networks with Space-Division Multiplexing is a promising solution to cope with the expected depletion of the capacity of single-core networks. This paper proposes an algorithm for routing, modulation, spectrum, and core allocation (RMSCA) problem. The proposed solution maps the links, slots, and cores on edge efficiently, improving resource allocation. Results show that the proposed algorithm decreases the blocking ratio by three orders of magnitude when compared with other RMSCA algorithms in the literature.

ABSTRACT. Anycast, as a network layer solution for providing faster and stabler services to end-users, is actively deployed on the Internet today. A common argument is that the underpinning routing system will automatically direct users to the closest site among the set of anycast sites. However, anycast path inflations are observed, where users are unexpectedly directed to a site farther away. In this paper, we study a specific kind of anycast path inflation called AS-level Anycast Path Inflation (AAPI). AAPI means, after the deployment of an anycast site in a different Autonomous System (AS), the number of ASes that traffic passes through is larger than that before, so that users may experience increased latencies or be exposed to higher inter-domain security risks. We discuss AAPI's causes, analyse its characteristics, and propose deployment guidance. In particular, we classify AAPI in two basic forms, i.e. Route Suppression (RS) and Route Promotion (RP), and present their various characteristics as well as their possible coupling. We propose Conflict Point (CP), a topological feature which represents the intrinsic conflict between routing policies and AS path length at these nodes, to further study the necessary and sufficient conditions for AAPI. And based on the properties of CP, we give some suggestions on anycast deployment strategy to avoid AAPI and verify them by simulation.

ABSTRACT. Difficult problems like the prediction of future behavior of a system are usually solved by using domain knowledge. This knowledge comes with a certain expense which can be monetary costs or efforts to generate it. We want to decrease this cost while using state of the art machine learning and prediction methods. Our aim is to replace the domain knowledge and create a black-box solution that offers automatic reasoning and accurate predictions.

Our guiding example is packet scheduling optimization in Vehicle to Vehicle (V2V) communication. As evaluation, we compare the prediction quality of a labour-intense whitebox approach with the presented fully automated blackbox approach.

ABSTRACT. Website Fingerprinting (WF) attack is an attack on encrypted web traffic. The attacker recognizes different websites through analyzing the flow-based features extracted from encrypted traffic. Despite many defenses have been developed, most methods have the disadvantages of high overhead or poor defense effectiveness. Specifically, the newest WF attack based on deep neural network defeats those defenses by learning the defense strategy. In this paper, we proposed WF-GAN, a WF defense based on Generative Adversarial Networks (GANs). Our approach automatically generates adversarial traffic feature by adversarial learning combing with a WF classifier. The experimental result shows that WF-GAN achieve 90\% success rate with 15\% overhead on any fractions of the source websites set, which outperforms than previous defense. In addition, we proposed a new defense level, targeted defense, which does not support by previous defense. The result shows that the targeted defense success rate of WF-GAN is over 90\% when the target websites set is two times than the source website set.

ABSTRACT. One of the main challenges for security systems is the detection of general vulnerability exploitation, especially when the exploit uses valid control flow. Detection and mitigation of memory corruption exploits have been thoroughly researched and applied through disabling the execution of instruction pages and randomizing the access space of vulnerable applications. However, advanced exploits already bypass these techniques, while other exploits abuse different vulnerabilities and are thus not mitigated by the current state of the art. Thus, the detection of anomalous behavior provides an exciting research direction, as the research in this field tries to describe what is the standard program execution, to then detect as anomalous any behavior that does not fit that description.

In this work, we compare two mechanisms that aim to detect general anomalies: SPADA and LAD. SPADA is an L-3 language mechanism that partitions phases and uses simple phase features to detect anomalies. LAD is a constrained L-1 language mechanism that applies complex clustering and machine learning models on specific functions to detect anomalies. In our experimental campaign with several real-world exploits, we show that SPADA's detection performs as well or better than LAD while being much simpler and easier to implement. We therefore show experimental evidence that further attests the highly efficient general attack detection of L-3 mechanisms.

ABSTRACT. A trusted network path is a desired property of the Internet. Previous works introduced new protocol headers based on source routing for source authentication and path verification. It is obvious that any extra protocol headers will increase the network burden, and network path privacy deserves attention, especially when we use source routing. The emergence of IPv6 Segment Routing (SRv6) may bring the opportunity to assemble trusted network paths with a lightweight header. In this paper, we propose SR-TPP, a novel mechanism based on SRv6 to support network path verification meanwhile hides both-end and path information. Different from existing works, SR-TPP extends SRv6 function instead of introducing a new protocol header to meet the requirement of path compliance. Path information is sequentially encoded into the segment list in SR-TPP so that path information is partially visible to each intermediate router. The distributed verification of SR-TPP also makes it easier to locate faults. Finally, the security analysis and evaluation show that SR-TPP can assemble private and trusted network paths with acceptable performance.

ABSTRACT. Machine learning is becoming a key component to automatically detect malware-infected hosts by analyzing network logs in a security operations center (SOC). However, machine learning usually requires a large amount of labeled training data, which is difficult to acquire since labels are manually set by professional security analysts. On the other hand, abundant unanalyzed logs are kept stored in daily operation and stay unlabeled even though they could compensate for the lack of existing labeled training data. This paper proposes SILU, a novel semi-supervised learning method, which fully leverages unlabeled data and enhances detection capability without increasing manually labeled data. SILU learns from combined labeled and unlabeled training data to automatically augment labeled training data and then generates a classifier through the screening process. Unlike most semi-supervised learning methods used in cyber security, which use test data as unlabeled training data, SILU does not require retraining when test data change since it can use different datasets for unlabeled training and test data. This helps SOC operation for practically suppressing detecting time. In addition, though SILU partially includes a supervised learning method, it does not require a specific supervised learning method. Therefore, SILU can be added on to any type of classifier of a supervised learning method. Moreover, SILU can suppress the deterioration of classification performance for test data through the screening process. We evaluated SILU using two types of real-world logs: proxy logs from a large enterprise and NetFlow from a large ISP. We demonstrated that by evaluating with different types of classifiers, SILU always improves detection capability for supervised learning methods. SILU also outperforms current semi-supervised methods. As a whole, SILU works as an add-on to existing supervised learning methods with little overhead and performs better than conventional supervised learning methods. Our evaluation also shows that using NetFlow from ISP as unlabeled training data works better than using only labeled proxy logs in the same enterprise. These results suggest that SILU can extend detection capability more when different organizations, e.g., SOCs and ISPs, collaborate and share unlabeled data.