Evaluating intrusion sensitivity allocation with supervised learning in collaborative intrusion detectionLi, Wenjuan; Tian, Fei; Li, Jin; Xiang, Yang
doi: 10.1002/cpe.5957pmid: N/A
Network intrusions are a big security threat to current computer networks. For protection, collaborative intrusion detection networks (CIDNs) are developed attempting to reach better detection performance than a single detector, by allowing a set of detectors to switch data or information with each other. However, there is a need to implement suitable trust management schemes, with the aim to safeguard such distributed detection networks against insider threats. In the literature, previous studies have indicated that the notion of intrusion sensitivity can be used to enhance the effectiveness of trust management, by highlighting the feedback from expert nodes. In addition, machine learning can be used to assign the value of intrusion sensitivity automatically. In this work, we evaluate the performance of typical supervised learning classifiers in allocating the value of intrusion sensitivity, and figure out some limitations under different data sets. Then we investigate the impact of intrusion sensitivity in a real network environment under adversarial conditions. The results demonstrate that a wrongly assigned sensitivity value may greatly degrade the detection effectiveness of insider attacks. There is a significant need to choose a suitable classifier in allocating the value of intrusion sensitivity in practice.
Threshold identity authentication signature: Impersonation prevention in social network servicesChen, Zhanwen
; Chen, Jiageng; Meng, Weizhi
doi: 10.1002/cpe.5787pmid: N/A
While the social network services (SNS) have dominate the ways that people communicate with each other on the Internet, identity impersonation remains to be a serious issue that needs to be solved due to the anonymity in the cyber network. Currently, the potential solution to the problem relies heavily on the administration from the central server, which requires intensive workload of the identity management. In this article, we propose a threshold identity authentication signature scheme to solve the impersonation problem from the protocol layer rather than software design in the traditional upper level. In our scheme, with the help of some authenticated accounts, trusted relationship can be shared in a group to other unauthenticated accounts, which largely decrease the workload of authenticating all the accounts. Users are given the ability to verify other accounts' identity information by their signatures. Then, we establish three security goals to prevent the malicious adversary to launch the impersonation attack on a group. We claim that our scheme is suitable for the SNS scenario since the procedure of generating a signature to prove the identity requires little computation cost, it is user‐friendly especially on the lightweight devices such as mobile devices and so
on.
Trustworthy blockchain‐based medical Internet of thing for minimal invasive surgery training simulatorTai, Yonghang; Wang, Yinjia; Wang, Zhifeng; Li, Feiyan; Wei, Lei; Pan, Lei; Zhang, Jun; Shi, Junsheng
doi: 10.1002/cpe.5816pmid: N/A
Realistic modeling of mechanical behavior of soft tissue has been recognized as an essential part for medical Internet of thing for minimal invasive surgery (MIS) training simulator. Therefore, the blockchain‐based constitutive model is crucial for mechanical response of soft tissue modeling. In this article, based on the Ogden second order model, a novel hyperplastic model was presented to describe the stress‐stretch relationship in the MIS training system. To validate this theoretical model, two experimental techniques (uniaxial compression and uniaxial tensile) were conducted to obtain data related to stress‐strain in the blockchain system, which plays an important role in investigating the mechanical behavior of soft tissue. Our results show that the new model has a satisfied coincidence of the experimental data than other existing models. Furthermore, the viscoelastic properties of soft tissue were investigated and a viscoelastic model based on three‐parameter was utilized to interpret the viscoelastic behavior of the soft tissue. The contributions of this article include several biomechanical tests that were performed to investigate the soft tissue hyperelastic and viscoelastic properties in the MIS system, and theoretical guidance for simulating soft tissue mechanical behavior in the blockchain‐based simulation system.
A k‐nearest neighbor query method based on trust and location privacy protectionGuo, Liangmin
; Zhu, Ying; Yang, Hao; Luo, Yonglong; Sun, Liping; Zheng, Xiaoyao
doi: 10.1002/cpe.5766pmid: N/A
Spatial query is an important supporting technology in the Internet of Things (IoT) and location‐based services (LBS). The k‐nearest neighbor query is widely used for spatial queries. However, user location privacy may be leaked in the query. In addition, some users are malicious or uncooperative. With the objective of overcoming these problems, a k‐nearest neighbor query method based on trust and location privacy protection is proposed. First, we employ a new K‐anonymity method based on cooperation to protect a query user's location privacy. In this method, the query user constructs an anonymous group by introducing a trust mechanism to incentivize cooperation among users. Then, according to the different radii of the selection area set by the query user, agent users with higher reputation values who send query requests for the query user are selected. Finally, the agent users obtain the query results from the LBS server and forward them to the query user, and the query user screens the results according to his or her real location. The experiments show that our method can effectively stimulate users to cooperate, better exclude malicious users, and improve the accuracy of the query results while protecting the privacy of the query
user.
Searchable encryption scheme for multiple cloud storage using double‐layer blockchainFu, Shaojing
; Zhang, Chao; Ao, Weijun
doi: 10.1002/cpe.5860pmid: N/A
With the emergence of cloud storage security, how to ensure the security of cloud storage has become a research focus. The typical searchable encryption model consists of a single cloud service provider and has some unsolvable drawbacks. In this article, a new searchable encryption scheme in multi‐cloud was proposed based on blockchain. We first define a system model in multiple clouds and combine multiple cloud service providers to store data through a consortium chain. Then we store the encrypted documents and indexes in The Interplanetary File System (IPFS) and store the hash value and IPFS address of the documents in the blockchain. Our scheme can provide outsourced encrypted data retrieval based on multiple keywords, as well as verification schemes for the integrity of retrieved files. The theoretical analysis and experiments on real‐world data show the security and high performance of our scheme.
Modular‐based secret image sharing in Internet of Things: A global progressive‐enabled approachZhang, Lina; Zheng, Xiangqin; Yu, Keping; Li, Wenjuan; Wang, Tao; Dang, Xuan; Yang, Bo
doi: 10.1002/cpe.6000pmid: N/A
Due to the continuous development and progress of information technology, the Internet has also entered the era of big data based on the Internet of Things (IoT). How to protect the security of data stored and transmitted in the IoT is one of the urgent problems to be solved. This article focuses on the security issues of storage and transmission of image data in the IoT. Secret image sharing (SIS) is a kind of image protection mechanism by dividing an image into n shares, and different shares are given to different participants separately for preservation. Only when the number of shares reaches the threshold can the original image be recovered. From the perspective of image reconstruction mode, there are two types of SIS schemes: one is the traditional (k, n) threshold scheme, which provides an all‐or‐nothing reconstruction mode, the other is the progressive scheme, which can gradually restore the original image. In this article, a novel (k, k2) progressive secret image sharing based on modular operations is proposed, this method can divide the important images stored in the IoT into many parts and then transmit them to people in different places. It takes the whole as a unit in terms of the progressive recovery form. When the share reaches the threshold, certain blocks of the original image can be seen. As the share increases, the image will be clearer. When all shares participate in the reconstruction together, the original image can be restored without loss. Compared with other schemes, our scheme has the same smoothness, shadow size and satisfies the security, and is fine‐grained progressive.
Research and application of intrusion detection method based on hierarchical featuresXie, Xin
; Jiang, Xunyi; Wang, Weiru; Wang, Bin; Wan, Tiancheng; Tang, Wenliang; Wang, Xianmin
doi: 10.1002/cpe.5799pmid: N/A
Intrusion detection is essential to prevent damage to computer systems. However, in recent years, with the development of the network, many complex attack types have appeared, and it has become increasingly difficult to obtain high detection rates and low false alarm rates. In addition, traditional heavily hand‐crafted evaluation datasets for network intrusion detection have not been practical. This article proposes an intrusion detection method based on hierarchical feature learning, which can automatically learn traffic features. The method first learns the byte‐level features of network traffic through one‐dimensional convolutional neural networks and then learns session‐level features using stacked denoising autoencoder. The experiment analyzed the model structure and compared it with other methods. Experiments prove that the method in this article has high accuracy and low false alarm
rate.
Location privacy preservation through kernel transformationZhang, Lefeng; Song, Guanghua; Zhu, Danyang; Ren, Wei; Xiong, Ping
doi: 10.1002/cpe.6014pmid: N/A
The frequent data leak scandals of recent years indicate that service providers who hold personal data may not be reliable as they claim. We assert that sensitive user information must be sanitized locally before it is sent to service providers if it is to be protected. The LPPK privacy‐preserving framework presented in this article is a local sanitization scheme, for location‐based services (LBSs). It applies a fog‐computing structure in which a private map is generated by the LBS server with kernel transformation for each user. A fog device then provides location services for each user according to the private map. Without colluding, neither the LBS server nor the fog device can deduce a user's real location. Experiments conducted on real‐world data sets demonstrate that LPPK delivers sufficient query accuracy at a level significantly higher than existing approaches while preserving location privacy.
A blockchain‐based traceable group loan systemLi, Jinjiang
; Zheng, Zhihua; Li, Zhi; Niu, Ziyu; Qin, Hong; Wang, Hao
doi: 10.1002/cpe.5741pmid: N/A
Difficulties in financing and low utilization of funds are main financial problems that plague the development of small and medium‐sized enterprises. The key to solving this problem lies in opening up the social data circulation between enterprises. It is a good solution for enterprises with frequent data interactions to form groups. Using group loans, the borrowing enterprises could solve the funding difficulties and the loan enterprises could improve the utilization rate of funds. In this article, we construct a group loan system based on blockchain technology, which can promote the free flow of funds among enterprises in the group. We combine the blockchain with the trusted execution environment to realize the automatic determination of loan conditions and realize the automatic execution of smart contracts. We also use the linkable group signature technology to ensure the traceability of loan users while protecting the anonymity. In addition, we use homomorphic encryption technology to make the statement confidential and computable.