Pub Date : 2023-11-01DOI: 10.1109/tdsc.2023.3234599
Yipeng Zhou, Xuezheng Liu, Yao Fu, Di Wu, Jessie Hui Wang, Shui Yu
Federated learning (FL) empowers distributed clients to collaboratively train a shared machine learning model through exchanging parameter information. Despite the fact that FL can protect clients’ raw data, malicious users can still crack original data with disclosed parameters. To amend this flaw, differential privacy (DP) is incorporated into FL clients to disturb original parameters, which however can significantly impair the accuracy of the trained model. In this work, we study an imperative question which has been vastly overlooked by existing works: what are the optimal numbers of queries and replies in FL with DP so that the final model accuracy is maximized. In FL, the parameter server (PS) needs to query participating clients for multiple global iterations to complete training. Each client responds a query from the PS by conducting a local iteration. We consider FL that will uniformly and randomly select participating clients to conduct local iterations with the FedSGD algorithm. Our work investigates how many times the PS should query clients and how many times each client should reply the PS by incorporating two most extensively used DP mechanisms (i.e., the Laplace mechanism and Gaussian mechanisms). Through conducting convergence rate analysis, we can determine the optimal numbers of queries and replies in FL with DP so that the final model accuracy can be maximized. Finally, extensive experiments are conducted with publicly available datasets: MNIST and FEMNIST, to verify our analysis and the results demonstrate that properly setting the numbers of queries and replies can significantly improve the final model accuracy in FL with DP.
{"title":"Optimizing the Numbers of Queries and Replies in Convex Federated Learning with Differential Privacy","authors":"Yipeng Zhou, Xuezheng Liu, Yao Fu, Di Wu, Jessie Hui Wang, Shui Yu","doi":"10.1109/tdsc.2023.3234599","DOIUrl":"https://doi.org/10.1109/tdsc.2023.3234599","url":null,"abstract":"Federated learning (FL) empowers distributed clients to collaboratively train a shared machine learning model through exchanging parameter information. Despite the fact that FL can protect clients’ raw data, malicious users can still crack original data with disclosed parameters. To amend this flaw, differential privacy (DP) is incorporated into FL clients to disturb original parameters, which however can significantly impair the accuracy of the trained model. In this work, we study an imperative question which has been vastly overlooked by existing works: what are the optimal numbers of queries and replies in FL with DP so that the final model accuracy is maximized. In FL, the parameter server (PS) needs to query participating clients for multiple global iterations to complete training. Each client responds a query from the PS by conducting a local iteration. We consider FL that will uniformly and randomly select participating clients to conduct local iterations with the FedSGD algorithm. Our work investigates how many times the PS should query clients and how many times each client should reply the PS by incorporating two most extensively used DP mechanisms (i.e., the Laplace mechanism and Gaussian mechanisms). Through conducting convergence rate analysis, we can determine the optimal numbers of queries and replies in FL with DP so that the final model accuracy can be maximized. Finally, extensive experiments are conducted with publicly available datasets: MNIST and FEMNIST, to verify our analysis and the results demonstrate that properly setting the numbers of queries and replies can significantly improve the final model accuracy in FL with DP.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"1 1","pages":"4823-4837"},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62409328","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-01DOI: 10.1109/tdsc.2023.3243907
Hansong Du, Jiu-fen Liu, X. Luo, Yi Zhang
As the ultimate goal of steganalysis, secret message extraction plays a decisive role in obtaining secret communication evidence and cracking down on criminal activities. For STC (Syndrome-Trellis Codes)-based adaptive steganography, existing pioneering work on secret message extraction: the method based on run test under plaintext embedding may misjudge incorrect stego key as correct stego key, resulting in the failure of extraction. To avoid such a situation, this manuscript proposed a secret message extraction method based on optimal hypothesis test with 100% accuracy under plaintext embedding. First, it is proved that there is a probability distribution difference between the sub-sequence extracted by correct and incorrect stego key. Then, based on the difference, an optimal hypothesis test model is designed to recover the correct stego key. Finally, given the probability of type I and II errors, the sample size and threshold in the hypothesis test are derived. Classic adaptive steganography such as HUGO (Highly Undetectable Steganography) and J-UNIWARD (JPEG Universal Wavelet Relative Distortion) have been conducted experiment, showing that the proposed method can extract message with 100% accuracy and 44 bits sample size, which verifies the correctness of the theorem and the effectiveness of the method.
{"title":"Extraction Method of Secret Message Based on Optimal Hypothesis Test","authors":"Hansong Du, Jiu-fen Liu, X. Luo, Yi Zhang","doi":"10.1109/tdsc.2023.3243907","DOIUrl":"https://doi.org/10.1109/tdsc.2023.3243907","url":null,"abstract":"As the ultimate goal of steganalysis, secret message extraction plays a decisive role in obtaining secret communication evidence and cracking down on criminal activities. For STC (Syndrome-Trellis Codes)-based adaptive steganography, existing pioneering work on secret message extraction: the method based on run test under plaintext embedding may misjudge incorrect stego key as correct stego key, resulting in the failure of extraction. To avoid such a situation, this manuscript proposed a secret message extraction method based on optimal hypothesis test with 100% accuracy under plaintext embedding. First, it is proved that there is a probability distribution difference between the sub-sequence extracted by correct and incorrect stego key. Then, based on the difference, an optimal hypothesis test model is designed to recover the correct stego key. Finally, given the probability of type I and II errors, the sample size and threshold in the hypothesis test are derived. Classic adaptive steganography such as HUGO (Highly Undetectable Steganography) and J-UNIWARD (JPEG Universal Wavelet Relative Distortion) have been conducted experiment, showing that the proposed method can extract message with 100% accuracy and 44 bits sample size, which verifies the correctness of the theorem and the effectiveness of the method.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"1 1","pages":"5265-5277"},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62410968","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The limitations of the professional knowledge and cognitive capabilities of both attackers and defenders mean that moving target attack-defense conflicts are not completely rational, which makes it difficult to select optimal moving target defense strategies difficult for use in real-world attack-defense scenarios. Starting from the imperfect rationality of both attack-defense, we construct a Wright-Fisher process-based moving target defense strategy evolution model called WF-MTD. In our method, we introduce rationality parameters to describe the strategy learning capabilities of both the attacker and the defender. By solving for the evolutionarily stable equilibrium, we develop a method for selecting the optimal defense strategy for moving targets and describe the evolution trajectories of the attack-defense strategies. Our experimental results in our example of a typical network information system show that WF-MTD selects appropriate MTD strategies in different states along different attack paths, with good effectiveness and broad applicability. In addition, compared with no hopping strategy, fixed periodic route hopping strategy, and random periodic route hopping strategy, the route hopping strategy based on WF-MTD increase defense payoffs by 58.7%, 27.6%, and 24.6%, respectively.
{"title":"WF-MTD: Evolutionary Decision Method for Moving Target Defense Based on Wright-Fisher Process","authors":"Jinglei Tan, Hui Jin, Hao Hu, Ruiqin Hu, Hongqi Zhang, Hengwei Zhang","doi":"10.1109/tdsc.2022.3232537","DOIUrl":"https://doi.org/10.1109/tdsc.2022.3232537","url":null,"abstract":"The limitations of the professional knowledge and cognitive capabilities of both attackers and defenders mean that moving target attack-defense conflicts are not completely rational, which makes it difficult to select optimal moving target defense strategies difficult for use in real-world attack-defense scenarios. Starting from the imperfect rationality of both attack-defense, we construct a Wright-Fisher process-based moving target defense strategy evolution model called WF-MTD. In our method, we introduce rationality parameters to describe the strategy learning capabilities of both the attacker and the defender. By solving for the evolutionarily stable equilibrium, we develop a method for selecting the optimal defense strategy for moving targets and describe the evolution trajectories of the attack-defense strategies. Our experimental results in our example of a typical network information system show that WF-MTD selects appropriate MTD strategies in different states along different attack paths, with good effectiveness and broad applicability. In addition, compared with no hopping strategy, fixed periodic route hopping strategy, and random periodic route hopping strategy, the route hopping strategy based on WF-MTD increase defense payoffs by 58.7%, 27.6%, and 24.6%, respectively.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"1 1","pages":"4719-4732"},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62407844","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-01DOI: 10.1109/tdsc.2023.3235951
Siwon Huh, Myungkyu Shim, Jihwan Lee, Simon S. Woo, Hyoungshick Kim, Hojoon Lee
Decentralized Identity (DID) is emerging as a new digital identity management scheme that promises users complete control of their personal data and identification without central authority involvement. The World Wide Web Consortium (W3C) has drafted the DID standard and provided reference implementations. We conduct a security analysis of the W3C DID standard and the reference universal resolver implementation, focusing on user privacy in the DID resolving process. The universal resolver is the key component in the architecture that processes DID requests and DID document retrievals. Our analysis demonstrates that privacy issues can arise due to the imprudent design of the universal resolver. Furthermore, we found that side-channels in the DID document caching schemes of real-world DID services can entail privacy concerns. Motivated by our security analysis, we present a novel DID resolving design, called Oblivira, to enable obliviously DID resolving. Oblivira is a secure resolving agent with a small footprint that enforces the universal resolver to resolve requests without knowing their content. We also propose a privacy-preserving DID document caching scheme that eliminates side-channels. Our evaluation results show that Oblivira only incurs approximately 2.6% of overhead on average with different resolver settings (3, 6, and 12 threads).
{"title":"DID We Miss Anything?: Towards Privacy-Preserving Decentralized ID Architecture","authors":"Siwon Huh, Myungkyu Shim, Jihwan Lee, Simon S. Woo, Hyoungshick Kim, Hojoon Lee","doi":"10.1109/tdsc.2023.3235951","DOIUrl":"https://doi.org/10.1109/tdsc.2023.3235951","url":null,"abstract":"Decentralized Identity (DID) is emerging as a new digital identity management scheme that promises users complete control of their personal data and identification without central authority involvement. The World Wide Web Consortium (W3C) has drafted the DID standard and provided reference implementations. We conduct a security analysis of the W3C DID standard and the reference universal resolver implementation, focusing on user privacy in the DID resolving process. The universal resolver is the key component in the architecture that processes DID requests and DID document retrievals. Our analysis demonstrates that privacy issues can arise due to the imprudent design of the universal resolver. Furthermore, we found that side-channels in the DID document caching schemes of real-world DID services can entail privacy concerns. Motivated by our security analysis, we present a novel DID resolving design, called Oblivira, to enable obliviously DID resolving. Oblivira is a secure resolving agent with a small footprint that enforces the universal resolver to resolve requests without knowing their content. We also propose a privacy-preserving DID document caching scheme that eliminates side-channels. Our evaluation results show that Oblivira only incurs approximately 2.6% of overhead on average with different resolver settings (3, 6, and 12 threads).","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"1 1","pages":"4881-4898"},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62409905","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-01DOI: 10.1109/tdsc.2023.3234355
Zhuo Ma, Xinjing Liu, Yang Liu, Ximeng Liu, Zhan Qin, Kui Ren
Recently, model stealing attacks are widely studied but most of them are focused on stealing a single non-discrete model, e.g., neural networks. For ensemble models, these attacks are either non-executable or suffer from intolerant performance degradation due to the complex model structure (multiple sub-models) and the discreteness possessed by the sub-model (e.g., decision trees). To overcome the bottleneck, this paper proposes a divide-and-conquer strategy called DivTheft to formulate the model stealing attack to common ensemble models by combining active learning (AL). Specifically, based on the boosting learning concept, we divide a hard ensemble model stealing task into multiple simpler ones about single sub-model stealing. Then, we adopt AL to conquer the data-free sub-model stealing task. During the process, the current AL algorithm easily causes the stolen model to be biased because of ignoring the past useful memories. Thus, DivTheft involves a newly designed uncertainty sampling scheme to filter reusable samples from the previously used ones. Experiments show that compared with the prior work, DivTheft can save almost 50% queries while ensuring a competitive agreement rate to the victim model.
{"title":"DivTheft: An Ensemble Model Stealing Attack by Divide-and-Conquer","authors":"Zhuo Ma, Xinjing Liu, Yang Liu, Ximeng Liu, Zhan Qin, Kui Ren","doi":"10.1109/tdsc.2023.3234355","DOIUrl":"https://doi.org/10.1109/tdsc.2023.3234355","url":null,"abstract":"Recently, model stealing attacks are widely studied but most of them are focused on stealing a single non-discrete model, e.g., neural networks. For ensemble models, these attacks are either non-executable or suffer from intolerant performance degradation due to the complex model structure (multiple sub-models) and the discreteness possessed by the sub-model (e.g., decision trees). To overcome the bottleneck, this paper proposes a divide-and-conquer strategy called DivTheft to formulate the model stealing attack to common ensemble models by combining active learning (AL). Specifically, based on the boosting learning concept, we divide a hard ensemble model stealing task into multiple simpler ones about single sub-model stealing. Then, we adopt AL to conquer the data-free sub-model stealing task. During the process, the current AL algorithm easily causes the stolen model to be biased because of ignoring the past useful memories. Thus, DivTheft involves a newly designed uncertainty sampling scheme to filter reusable samples from the previously used ones. Experiments show that compared with the prior work, DivTheft can save almost 50% queries while ensuring a competitive agreement rate to the victim model.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"1 1","pages":"4810-4822"},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62409454","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Natural forking is tantamount to the “black swan” event in blockchain since it emerges unexpectedly with a small probability, and may incur low resource utilization and costly economic loss. The ongoing literature analyzes natural forking mainly from the macroscopic perspective, which is insufficient to further understand this phenomenon since it roots in the instantaneous difference between block creation and propagation microscopically. Hence, in this article, we fill this gap by leveraging the large deviation theory to conduct the first micro study of natural forking, aiming to reveal its inherent mechanism substantially. Our work is featured by 1) conceptual innovation. We creatively abstract the blockchain overlay network as a “service system”. This allows us to investigate natural forking from the perspective of “supply and demand”. Based on this, we can identify the competitive dynamics of blockchain and construct a queuing model to characterize natural forking; 2) progressiveness. We scrutinize the natural forking probability as well as its decay rate via a three-step scheme from simple to complex, which are the single-source i.i.d. scheme, the single-source non-i.i.d. scheme, and the many-source non-i.i.d. scheme. By doing so, we can answer when and how fast should we take actions and what actions should we take against natural forking. Our valuable findings can not only put forward decisive guidelines theoretically from the top level, but also engineer optimal countermeasures operationally on a practical level to thwart natural forking.
{"title":"Black Swan in Blockchain: Micro Analysis of Natural Forking","authors":"Hongwei Shi, Shengling Wang, Qin Hu, Xiuzhen Cheng","doi":"10.1109/tdsc.2022.3219443","DOIUrl":"https://doi.org/10.1109/tdsc.2022.3219443","url":null,"abstract":"Natural forking is tantamount to the “black swan” event in blockchain since it emerges unexpectedly with a small probability, and may incur low resource utilization and costly economic loss. The ongoing literature analyzes natural forking mainly from the macroscopic perspective, which is insufficient to further understand this phenomenon since it roots in the instantaneous difference between block creation and propagation microscopically. Hence, in this article, we fill this gap by leveraging the large deviation theory to conduct the first micro study of natural forking, aiming to reveal its inherent mechanism substantially. Our work is featured by 1) conceptual innovation. We creatively abstract the blockchain overlay network as a “service system”. This allows us to investigate natural forking from the perspective of “supply and demand”. Based on this, we can identify the competitive dynamics of blockchain and construct a queuing model to characterize natural forking; 2) progressiveness. We scrutinize the natural forking probability as well as its decay rate via a three-step scheme from simple to complex, which are the single-source i.i.d. scheme, the single-source non-i.i.d. scheme, and the many-source non-i.i.d. scheme. By doing so, we can answer when and how fast should we take actions and what actions should we take against natural forking. Our valuable findings can not only put forward decisive guidelines theoretically from the top level, but also engineer optimal countermeasures operationally on a practical level to thwart natural forking.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"1 1","pages":"4443-4454"},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62406471","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-01DOI: 10.1109/tdsc.2022.3227650
Kai Zhang, Xiwen Wang, Jianting Ning, M. Wen, Rongxing Lu
Secure cloud search services provide a cost-effective way for resource-constrained clients to search encrypted files in the cloud, where data owners can customize search authorization. Despite providing fine-grained authorization, traditional attribute-based keyword search (ABKS) solutions generally support single keyword search. Towards expressive queries over encrypted data, multi-client searchable symmetric encryption (MC-SSE) was introduced. However, current search authorizations of existing MC-SSEs: (i) cannot support dynamic updating; (ii) are (semi-)black-box implementations of attribute-based encryption; (iii) incur significant cost during system initialization and file encryption. To address these limitations, we present AasBirch, an MC-SSE system with fast fine-grained authorization that supports adaptable authorization switching from one policy to any other one. AasBirch achieves constant-size storage and lightweight time cost for system initialization, file encryption and file searching. We conduct extensive experiments based on Enron dataset in real cloud environment. Compared to state-of-the-art MC-SSE with fine-grained authorization, AasBirch achieves 30$sim 200times$∼200× smaller public parameter and secret key size, with the assumed least frequent keyword in a query ($s$s-term) as 21. Moreover, it runs 10$sim 20times$∼20× faster for file encryption and $>20times$>20× faster for file searching. In addition, AasBirch outperforms 80,000× (resp. 7,850×) faster with $s$s-term=1 (resp. =21), as compared to classic dynamic ABKS system.
{"title":"Multi-Client Boolean File Retrieval with Adaptable Authorization Switching for Secure Cloud Search Services","authors":"Kai Zhang, Xiwen Wang, Jianting Ning, M. Wen, Rongxing Lu","doi":"10.1109/tdsc.2022.3227650","DOIUrl":"https://doi.org/10.1109/tdsc.2022.3227650","url":null,"abstract":"Secure cloud search services provide a cost-effective way for resource-constrained clients to search encrypted files in the cloud, where data owners can customize search authorization. Despite providing fine-grained authorization, traditional attribute-based keyword search (ABKS) solutions generally support single keyword search. Towards expressive queries over encrypted data, multi-client searchable symmetric encryption (MC-SSE) was introduced. However, current search authorizations of existing MC-SSEs: (i) cannot support dynamic updating; (ii) are (semi-)black-box implementations of attribute-based encryption; (iii) incur significant cost during system initialization and file encryption. To address these limitations, we present AasBirch, an MC-SSE system with fast fine-grained authorization that supports adaptable authorization switching from one policy to any other one. AasBirch achieves constant-size storage and lightweight time cost for system initialization, file encryption and file searching. We conduct extensive experiments based on Enron dataset in real cloud environment. Compared to state-of-the-art MC-SSE with fine-grained authorization, AasBirch achieves 30<inline-formula><tex-math notation=\"LaTeX\">$sim 200times$</tex-math><alternatives><mml:math><mml:mrow><mml:mo>∼</mml:mo><mml:mn>200</mml:mn><mml:mo>×</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"wen-ieq1-3227650.gif\"/></alternatives></inline-formula> smaller public parameter and secret key size, with the assumed least frequent keyword in a query (<inline-formula><tex-math notation=\"LaTeX\">$s$</tex-math><alternatives><mml:math><mml:mi>s</mml:mi></mml:math><inline-graphic xlink:href=\"wen-ieq2-3227650.gif\"/></alternatives></inline-formula>-term) as 21. Moreover, it runs 10<inline-formula><tex-math notation=\"LaTeX\">$sim 20times$</tex-math><alternatives><mml:math><mml:mrow><mml:mo>∼</mml:mo><mml:mn>20</mml:mn><mml:mo>×</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"wen-ieq3-3227650.gif\"/></alternatives></inline-formula> faster for file encryption and <inline-formula><tex-math notation=\"LaTeX\">$>20times$</tex-math><alternatives><mml:math><mml:mrow><mml:mo>></mml:mo><mml:mn>20</mml:mn><mml:mo>×</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"wen-ieq4-3227650.gif\"/></alternatives></inline-formula> faster for file searching. In addition, AasBirch outperforms 80,000× (resp. 7,850×) faster with <inline-formula><tex-math notation=\"LaTeX\">$s$</tex-math><alternatives><mml:math><mml:mi>s</mml:mi></mml:math><inline-graphic xlink:href=\"wen-ieq5-3227650.gif\"/></alternatives></inline-formula>-term=1 (resp. =21), as compared to classic dynamic ABKS system.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"1 1","pages":"4621-4636"},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62406821","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Recent research has shown that deep neural networks are vulnerable to backdoor attacks. A carefully-designed backdoor trigger will mislead the victim model to misclassify any sample with the trigger to the target label. Nevertheless, existing works usually utilize visible triggers, such as a white square at the corner of the image, which are easily detected by human inspections. Current efforts on developing invisible triggers yield low attack success in the physical domain. In this paper, we propose Kaleidoscope, an RGB (red, green, and blue) filter-based backdoor attack method, which utilizes RGB filter operations as the backdoor trigger. To enhance the attack success rate, we design a novel model-dependent filter trigger generation algorithm. We also introduce two constraints in the loss function to make the backdoored samples more natural and less distorted. Extensive experiments on CIFAR-10, CIFAR-100, ImageNette, and VGG-Flower have demonstrated that RGB filter-processed samples not only achieve high attack success rate but also are unnoticeable to humans. It is shown that Kaleidoscope can reach an attack success rate of more than 84% in the physical world under different lighting intensities and shooting angles. Kaleidoscope is also shown to be robust to state-of-the-art backdoor defenses, such as spectral signature, STRIP, and MNTD.
{"title":"Kaleidoscope: Physical Backdoor Attacks against Deep Neural Networks with RGB Filters","authors":"Xueluan Gong, Ziyao Wang, Yanjiao Chen, Meng Xue, Qianqian Wang, Chao Shen","doi":"10.1109/tdsc.2023.3239225","DOIUrl":"https://doi.org/10.1109/tdsc.2023.3239225","url":null,"abstract":"Recent research has shown that deep neural networks are vulnerable to backdoor attacks. A carefully-designed backdoor trigger will mislead the victim model to misclassify any sample with the trigger to the target label. Nevertheless, existing works usually utilize visible triggers, such as a white square at the corner of the image, which are easily detected by human inspections. Current efforts on developing invisible triggers yield low attack success in the physical domain. In this paper, we propose Kaleidoscope, an RGB (red, green, and blue) filter-based backdoor attack method, which utilizes RGB filter operations as the backdoor trigger. To enhance the attack success rate, we design a novel model-dependent filter trigger generation algorithm. We also introduce two constraints in the loss function to make the backdoored samples more natural and less distorted. Extensive experiments on CIFAR-10, CIFAR-100, ImageNette, and VGG-Flower have demonstrated that RGB filter-processed samples not only achieve high attack success rate but also are unnoticeable to humans. It is shown that Kaleidoscope can reach an attack success rate of more than 84% in the physical world under different lighting intensities and shooting angles. Kaleidoscope is also shown to be robust to state-of-the-art backdoor defenses, such as spectral signature, STRIP, and MNTD.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"1 1","pages":"4993-5004"},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62410406","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-01DOI: 10.1109/tdsc.2022.3233915
Yicheng Pan, Meng Ma, Xinrui Jiang, Ping Wang
Today many web applications in the cloud (apps) are built based on microservices. However, as the anomaly propagates in a highly dynamic and complex way, troubleshooting them becomes full of challenges. Existing diagnostic methods are mostly designed based on monitoring metrics retrieved from the microservice system kernel. Therefore, application owners and even site reliability engineers (SREs) cannot effectively resort to those methods when the microservice systems lack such a comprehensive monitoring infrastructure. In this article, we develop DyCause, a crowdsourcing solution to the asymmetric diagnostic information problem. Our solution collects the operational status of kernel services collaboratively from the user space and initiates diagnosis on demand. Without the requirement of any architectural or functional infrastructure, it is both fast and lightweight to deploy DyCause in a microservice system. In order to discover the fine-grained dynamic causalities between services during the anomaly, we also design an efficient algorithm based on statistical analysis. Based on this algorithm, we can also analyze the anomaly propagation paths within the microservice system and generate a better interpretable diagnosis. In our evaluation, we test DyCause in a controlled simulation environment and a real-world cloud system. Our results have shown that DyCause has the best accuracy and efficiency among several state-of-the-art methods and is more robust in terms of parameters.
{"title":"DyCause: Crowdsourcing to Diagnose Microservice Kernel Failure","authors":"Yicheng Pan, Meng Ma, Xinrui Jiang, Ping Wang","doi":"10.1109/tdsc.2022.3233915","DOIUrl":"https://doi.org/10.1109/tdsc.2022.3233915","url":null,"abstract":"Today many web applications in the cloud (apps) are built based on microservices. However, as the anomaly propagates in a highly dynamic and complex way, troubleshooting them becomes full of challenges. Existing diagnostic methods are mostly designed based on monitoring metrics retrieved from the microservice system kernel. Therefore, application owners and even site reliability engineers (SREs) cannot effectively resort to those methods when the microservice systems lack such a comprehensive monitoring infrastructure. In this article, we develop DyCause, a crowdsourcing solution to the asymmetric diagnostic information problem. Our solution collects the operational status of kernel services collaboratively from the user space and initiates diagnosis on demand. Without the requirement of any architectural or functional infrastructure, it is both fast and lightweight to deploy DyCause in a microservice system. In order to discover the fine-grained dynamic causalities between services during the anomaly, we also design an efficient algorithm based on statistical analysis. Based on this algorithm, we can also analyze the anomaly propagation paths within the microservice system and generate a better interpretable diagnosis. In our evaluation, we test DyCause in a controlled simulation environment and a real-world cloud system. Our results have shown that DyCause has the best accuracy and efficiency among several state-of-the-art methods and is more robust in terms of parameters.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"1 1","pages":"4763-4777"},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62409303","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-01DOI: 10.1109/TDSC.2022.3216297
Safwa Ameer, James O. Benson, R. Sandhu
Smart homes are interconnected homes in which a wide variety of digital devices with limited resources communicate with multiple users and among themselves using multiple protocols. The deployment of resource-limited devices and the use of a wide range of technologies expand the attack surface and position the smart home as a target for many potential security threats. Access control is among the top security challenges in smart home IoT. Several access control models have been developed or adapted for IoT in general, with a few specifically designed for the smart home IoT domain. Most of these models are built on the role-based access control (RBAC) model or the attribute-based access control (ABAC) model. However, recently some researchers demonstrated that the need arises for a hybrid model combining ABAC and RBAC, thereby incorporating the benefits of both models to better meet IoT access control challenges in general and smart homes requirements in particular. In this paper, we used two approaches to develop two different hybrid models for smart home IoT. We followed a role-centric approach and an attribute-centric approach to develop HyBAC$_{RC}$RC and HyBAC$_{AC}$AC, respectively. We formally define these models and illustrate their features through a use case scenario demonstration. We further provide a proof-of-concept implementation for each model in Amazon Web Services (AWS) IoT platform. Finally, we conduct a theoretical comparison between the two models proposed in this paper in addition to the EGRBAC model (RBAC model for smart home IoT) and HABAC model (ABAC model for smart home IoT), which were previously developed to meet smart homes’ challenges.
{"title":"Hybrid Approaches (ABAC and RBAC) Toward Secure Access Control in Smart Home IoT","authors":"Safwa Ameer, James O. Benson, R. Sandhu","doi":"10.1109/TDSC.2022.3216297","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3216297","url":null,"abstract":"Smart homes are interconnected homes in which a wide variety of digital devices with limited resources communicate with multiple users and among themselves using multiple protocols. The deployment of resource-limited devices and the use of a wide range of technologies expand the attack surface and position the smart home as a target for many potential security threats. Access control is among the top security challenges in smart home IoT. Several access control models have been developed or adapted for IoT in general, with a few specifically designed for the smart home IoT domain. Most of these models are built on the role-based access control (RBAC) model or the attribute-based access control (ABAC) model. However, recently some researchers demonstrated that the need arises for a hybrid model combining ABAC and RBAC, thereby incorporating the benefits of both models to better meet IoT access control challenges in general and smart homes requirements in particular. In this paper, we used two approaches to develop two different hybrid models for smart home IoT. We followed a role-centric approach and an attribute-centric approach to develop HyBAC<inline-formula><tex-math notation=\"LaTeX\">$_{RC}$</tex-math><alternatives><mml:math><mml:msub><mml:mrow/><mml:mrow><mml:mi>R</mml:mi><mml:mi>C</mml:mi></mml:mrow></mml:msub></mml:math><inline-graphic xlink:href=\"ameer-ieq1-3216297.gif\"/></alternatives></inline-formula> and HyBAC<inline-formula><tex-math notation=\"LaTeX\">$_{AC}$</tex-math><alternatives><mml:math><mml:msub><mml:mrow/><mml:mrow><mml:mi>A</mml:mi><mml:mi>C</mml:mi></mml:mrow></mml:msub></mml:math><inline-graphic xlink:href=\"ameer-ieq2-3216297.gif\"/></alternatives></inline-formula>, respectively. We formally define these models and illustrate their features through a use case scenario demonstration. We further provide a proof-of-concept implementation for each model in Amazon Web Services (AWS) IoT platform. Finally, we conduct a theoretical comparison between the two models proposed in this paper in addition to the EGRBAC model (RBAC model for smart home IoT) and HABAC model (ABAC model for smart home IoT), which were previously developed to meet smart homes’ challenges.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4032-4051"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48562703","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}