Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888892
Peter T. Breuer
A signal-level open-source hardware definition for a superscalar processor delivering high-speed ‘encrypted computing’ has been tested. This ‘KPU’ processor provides general purpose Turing-complete computation with encrypted inputs, outputs and intermediate results in registers and memory, and its objective is mathematically provable security for the user against eavesdropping and tampering by the administrator, at near contemporaneous computing speeds. User code runs encrypted while administrator code runs unencrypted. The administrator can programmatically see and modify user data, but it is in encrypted form and the key is not available to the administrator. No barrier other than encryption is intended in this system, simplifying analysis. This paper summarizes the current architecture and performance and outlines the stochastic theory that provides a form of the classic semantic security property.
{"title":"High Speed Encrypted Computing: Stochastic Confusion and Lies in a Secret Computer","authors":"Peter T. Breuer","doi":"10.1109/DSC54232.2022.9888892","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888892","url":null,"abstract":"A signal-level open-source hardware definition for a superscalar processor delivering high-speed ‘encrypted computing’ has been tested. This ‘KPU’ processor provides general purpose Turing-complete computation with encrypted inputs, outputs and intermediate results in registers and memory, and its objective is mathematically provable security for the user against eavesdropping and tampering by the administrator, at near contemporaneous computing speeds. User code runs encrypted while administrator code runs unencrypted. The administrator can programmatically see and modify user data, but it is in encrypted form and the key is not available to the administrator. No barrier other than encryption is intended in this system, simplifying analysis. This paper summarizes the current architecture and performance and outlines the stochastic theory that provides a form of the classic semantic security property.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130136769","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888860
I. Chowdhury, Deepayan Bhowmik
Exponential rise of Internet increases the risk of cyber attack related incidents which are generally caused by wide spread frequency of new malware generation. Different types of malware families have complex, dynamic behaviours and characteristics which can cause a novel and targeted attack in a cyber-system. Existence of large volume of malware types with frequent new additions hinders cyber resilience effort. To address the gap, we propose a new ontology driven framework that captures recent malware behaviours. According to code structure malware can be divided into three categories: basic, polymorphic and metamorphic. Packing or code obfuscation is also a technique adopted by the malware developers to make the code unreadable and avoid detection. Given that ontology techniques are useful to express the domain knowledge meaningfully, this paper aims to develop an ontology for dynamic analysis of malware behaviour and to capture metamorphic and polymorphic malware behaviour. This will be helpful to understand malicious behaviour exhibited by new generation malware samples and changes in their code structure. The proposed framework includes 14 malware families with their sub-families and 3 types of malware code-structure with their individuals. With a focus on malware behaviour the proposed ontology depicts the relations among malware families and malware code-structures with their respective behaviour.
{"title":"Capturing Malware Behaviour with Ontology-based Knowledge Graphs","authors":"I. Chowdhury, Deepayan Bhowmik","doi":"10.1109/DSC54232.2022.9888860","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888860","url":null,"abstract":"Exponential rise of Internet increases the risk of cyber attack related incidents which are generally caused by wide spread frequency of new malware generation. Different types of malware families have complex, dynamic behaviours and characteristics which can cause a novel and targeted attack in a cyber-system. Existence of large volume of malware types with frequent new additions hinders cyber resilience effort. To address the gap, we propose a new ontology driven framework that captures recent malware behaviours. According to code structure malware can be divided into three categories: basic, polymorphic and metamorphic. Packing or code obfuscation is also a technique adopted by the malware developers to make the code unreadable and avoid detection. Given that ontology techniques are useful to express the domain knowledge meaningfully, this paper aims to develop an ontology for dynamic analysis of malware behaviour and to capture metamorphic and polymorphic malware behaviour. This will be helpful to understand malicious behaviour exhibited by new generation malware samples and changes in their code structure. The proposed framework includes 14 malware families with their sub-families and 3 types of malware code-structure with their individuals. With a focus on malware behaviour the proposed ontology depicts the relations among malware families and malware code-structures with their respective behaviour.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"78 1-2","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121012488","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888903
Abel O. Gomez Rivera, Evan M. White, Jaime C. Acosta, Deepak K. Tosh
Military networks consist of heterogeneous devices that provide soldiers with real-time terrain and mission intel-ligence. The development of next-generation Software Defined Networks (SDN)-enabled devices is enabling the modernization of traditional military networks. Commonly, traditional military networks take the trustworthiness of devices for granted. How-ever, the recent modernization of military networks introduces cyber attacks such as data and identity spoofing attacks. Hence, it is crucial to ensure the trustworthiness of network traffic to ensure the mission's outcome. This work proposes a Continuous Behavior-based Authentication (CBA) protocol that integrates network traffic analysis techniques to provide robust and efficient network management flow by separating data and control planes in SDN-enabled military networks. The evaluation of the CBA protocol aimed to measure the efficiency of the proposed protocol in realistic military networks. Furthermore, we analyze the overall network overhead of the CBA protocol and its accuracy to detect rogue network traffic data from field devices.
{"title":"Enabling Device Trustworthiness for SDN-Enabled Internet -of- Battlefield Things","authors":"Abel O. Gomez Rivera, Evan M. White, Jaime C. Acosta, Deepak K. Tosh","doi":"10.1109/DSC54232.2022.9888903","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888903","url":null,"abstract":"Military networks consist of heterogeneous devices that provide soldiers with real-time terrain and mission intel-ligence. The development of next-generation Software Defined Networks (SDN)-enabled devices is enabling the modernization of traditional military networks. Commonly, traditional military networks take the trustworthiness of devices for granted. How-ever, the recent modernization of military networks introduces cyber attacks such as data and identity spoofing attacks. Hence, it is crucial to ensure the trustworthiness of network traffic to ensure the mission's outcome. This work proposes a Continuous Behavior-based Authentication (CBA) protocol that integrates network traffic analysis techniques to provide robust and efficient network management flow by separating data and control planes in SDN-enabled military networks. The evaluation of the CBA protocol aimed to measure the efficiency of the proposed protocol in realistic military networks. Furthermore, we analyze the overall network overhead of the CBA protocol and its accuracy to detect rogue network traffic data from field devices.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124657455","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888886
Chun-I Fan, Yen-Lin Lai, Cheng-Han Shie
The increasing sophistication of network attacks and the inability of traditional defensive techniques such as firewalls or weak passwords against them have led researchers to propose network intrusion detection systems. Many network intrusion detection systems using machine learning techniques have been proposed, but the detection performance of some systems can be further improved. In addition, many systems adopted multiple machine learning classifiers to cooperate in generating detection results, but the individual classifiers in the system are often difficult to operate independently, limiting the flexibility of the system. This paper presents a Clustering-Based Network Intrusion Detection System, which applies the concept of clustering to detect network attacks by using the K-Nearest Neighbor algorithm for the initial detection of network attack types, and the Decision Tree algorithm specializes in detecting specific types of attacks. This improves the detection performance of the system and maintains the usability of an individual classifier.
{"title":"Clustering-Based Network Intrusion Detection System","authors":"Chun-I Fan, Yen-Lin Lai, Cheng-Han Shie","doi":"10.1109/DSC54232.2022.9888886","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888886","url":null,"abstract":"The increasing sophistication of network attacks and the inability of traditional defensive techniques such as firewalls or weak passwords against them have led researchers to propose network intrusion detection systems. Many network intrusion detection systems using machine learning techniques have been proposed, but the detection performance of some systems can be further improved. In addition, many systems adopted multiple machine learning classifiers to cooperate in generating detection results, but the individual classifiers in the system are often difficult to operate independently, limiting the flexibility of the system. This paper presents a Clustering-Based Network Intrusion Detection System, which applies the concept of clustering to detect network attacks by using the K-Nearest Neighbor algorithm for the initial detection of network attack types, and the Decision Tree algorithm specializes in detecting specific types of attacks. This improves the detection performance of the system and maintains the usability of an individual classifier.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127128402","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888822
Shao-Fu Chen, Yu-Sung Wu
The Linux system has become an indispensable component of today's Internet services, network backbones, and IoT devices. The Linux kernel is primarily implemented in the C language for efficiency, creating opportunities for memory bugs and synchronization bugs. We introduce the use of the Rust programming language in kernel development, where the safety features of the Rust language are leveraged to prevent the introduction of memory bugs or synchronization bugs when writing kernel code. We showcase the key steps in developing a Linux kernel module in Rust and discuss how the memory bugs and synchronization bugs are prevented. The evaluation demonstrates that the performance overhead of the Rust kernel modules is on par with the C kernel modules.
{"title":"Linux Kernel Module Development with Rust","authors":"Shao-Fu Chen, Yu-Sung Wu","doi":"10.1109/DSC54232.2022.9888822","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888822","url":null,"abstract":"The Linux system has become an indispensable component of today's Internet services, network backbones, and IoT devices. The Linux kernel is primarily implemented in the C language for efficiency, creating opportunities for memory bugs and synchronization bugs. We introduce the use of the Rust programming language in kernel development, where the safety features of the Rust language are leveraged to prevent the introduction of memory bugs or synchronization bugs when writing kernel code. We showcase the key steps in developing a Linux kernel module in Rust and discuss how the memory bugs and synchronization bugs are prevented. The evaluation demonstrates that the performance overhead of the Rust kernel modules is on par with the C kernel modules.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129033963","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888937
A. Scholey, P. B. Zadeh
The National Society for the Prevention of Cruelty to Children (NSPCC) and the Internet Watch Foundation (IWF) report a growing number of child sexual abuse material within the UK, substantiated by the National Crime Agency (NCA). This paper will investigate the increasing burden, and time-consuming task placed upon police forces, by the required regular examination of digital devices, belonging to sentenced peadophiles and individuals, bound by a Sexual Harm Prevention Order (SHPO). By examining some of the motivations behind offenders and their desire to habitually offend, and by using the most common traits amongst them, indicators of suspicious behaviour will emerge. In this paper, a proof-of-concept digital forensic investigation toolkit is proposed to assist Public Protection Officers (PPO) in the analysis of digital devices belonging to these individuals. The proposed Live Suspicious Activity Toolkit (LiSA - T) will enable a time-efficient, up to date assessment of any suspicious activity and behaviour on a Windows 10 computer. By using specific modules that can be turned on and off, updated and have unique preferences assigned to them, LiSA-T will evaluate and then report the findings, assisting the PPO with an informed decision as to involve the Digital Forensic Unit (DFU), to further examine a device in a more in-depth forensic manner. The test results, demonstrated that the proposed LiSA- T techniques, showed low computational cost to successfully detect the targeted evidential artifacts for the defined suspicious activity.
{"title":"A Digital Forensics Live Suspicious Activity Toolkit To Assist Investigators With Sexual Harm Prevention Order Monitoring","authors":"A. Scholey, P. B. Zadeh","doi":"10.1109/DSC54232.2022.9888937","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888937","url":null,"abstract":"The National Society for the Prevention of Cruelty to Children (NSPCC) and the Internet Watch Foundation (IWF) report a growing number of child sexual abuse material within the UK, substantiated by the National Crime Agency (NCA). This paper will investigate the increasing burden, and time-consuming task placed upon police forces, by the required regular examination of digital devices, belonging to sentenced peadophiles and individuals, bound by a Sexual Harm Prevention Order (SHPO). By examining some of the motivations behind offenders and their desire to habitually offend, and by using the most common traits amongst them, indicators of suspicious behaviour will emerge. In this paper, a proof-of-concept digital forensic investigation toolkit is proposed to assist Public Protection Officers (PPO) in the analysis of digital devices belonging to these individuals. The proposed Live Suspicious Activity Toolkit (LiSA - T) will enable a time-efficient, up to date assessment of any suspicious activity and behaviour on a Windows 10 computer. By using specific modules that can be turned on and off, updated and have unique preferences assigned to them, LiSA-T will evaluate and then report the findings, assisting the PPO with an informed decision as to involve the Digital Forensic Unit (DFU), to further examine a device in a more in-depth forensic manner. The test results, demonstrated that the proposed LiSA- T techniques, showed low computational cost to successfully detect the targeted evidential artifacts for the defined suspicious activity.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"134 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124568254","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888863
Bowen Zhao, Yingjiu Li, Ximeng Liu, HweeHwa Pang, R. Deng
Person Re-IDentification (Re-ID) is a critical technology to identify a target person from captured person images by surveillance cameras. However, person Re-ID has triggered great concerns of personal image privacy. Although the law (e.g., GDPR) has stipulated person images are personal private data, there is no an efficient solution to tackle the image privacy concern for person Re-ID. To this end, we propose FREED, the first system solution for privacy-preserving person Re-ID, which supports the state-of-the-art person Re-ID operations on encrypted feature vectors of person images. To handle the encryption of feature vectors effectively and enable person Re-ID operations on encrypted feature vectors efficiently, FREED develops a suite of batch secure computing protocols based on a twin-server architecture and the threshold Paillier cryptosystem. We demonstrate our secure computing protocols are more efficient than existing protocols and FREED achieves a precision equal to the state-of-the-art plaintext method.
{"title":"FREED: An Efficient Privacy-Preserving Solution for Person Re-IDentification","authors":"Bowen Zhao, Yingjiu Li, Ximeng Liu, HweeHwa Pang, R. Deng","doi":"10.1109/DSC54232.2022.9888863","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888863","url":null,"abstract":"Person Re-IDentification (Re-ID) is a critical technology to identify a target person from captured person images by surveillance cameras. However, person Re-ID has triggered great concerns of personal image privacy. Although the law (e.g., GDPR) has stipulated person images are personal private data, there is no an efficient solution to tackle the image privacy concern for person Re-ID. To this end, we propose FREED, the first system solution for privacy-preserving person Re-ID, which supports the state-of-the-art person Re-ID operations on encrypted feature vectors of person images. To handle the encryption of feature vectors effectively and enable person Re-ID operations on encrypted feature vectors efficiently, FREED develops a suite of batch secure computing protocols based on a twin-server architecture and the threshold Paillier cryptosystem. We demonstrate our secure computing protocols are more efficient than existing protocols and FREED achieves a precision equal to the state-of-the-art plaintext method.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125484559","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888891
M. Varkey, Jacob John, S. UmadeviK.
Industrial Control Systems (ICS) are not secure by design–with recent developments requiring them to connect to the Internet, they tend to be highly vulnerable. Additionally, attacks on critical infrastructures such as power grids and nuclear plants can cause significant damage and loss of lives. Since such attacks tend to generate anomalies in the systems, an efficient way of attack detection is to monitor the systems and identify anomalies in real-time. An automated anomaly detection tool is introduced in this paper. Additionally, the functioning of the systems is viewed as Finite State Automata. Specific sensor measurements are used to determine permissible transitions, and statistical measures such as the Interquartile Range are used to determine acceptable boundaries for the remaining sensor measurements provided by the system. Deviations from the boundaries or permissible transitions are considered as anomalies. An additional feature is the provision of a finite state automata diagram that provides the operational constraints of a system, given a set of regulated input. This tool showed a high anomaly detection rate when tested with three types of ICS. The concepts are also benchmarked against a state-of-the-art anomaly detection algorithm called Isolation Forest, and the results are provided.
{"title":"Automated Anomaly Detection Tool for Industrial Control System","authors":"M. Varkey, Jacob John, S. UmadeviK.","doi":"10.1109/DSC54232.2022.9888891","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888891","url":null,"abstract":"Industrial Control Systems (ICS) are not secure by design–with recent developments requiring them to connect to the Internet, they tend to be highly vulnerable. Additionally, attacks on critical infrastructures such as power grids and nuclear plants can cause significant damage and loss of lives. Since such attacks tend to generate anomalies in the systems, an efficient way of attack detection is to monitor the systems and identify anomalies in real-time. An automated anomaly detection tool is introduced in this paper. Additionally, the functioning of the systems is viewed as Finite State Automata. Specific sensor measurements are used to determine permissible transitions, and statistical measures such as the Interquartile Range are used to determine acceptable boundaries for the remaining sensor measurements provided by the system. Deviations from the boundaries or permissible transitions are considered as anomalies. An additional feature is the provision of a finite state automata diagram that provides the operational constraints of a system, given a set of regulated input. This tool showed a high anomaly detection rate when tested with three types of ICS. The concepts are also benchmarked against a state-of-the-art anomaly detection algorithm called Isolation Forest, and the results are provided.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122262522","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888874
Zijie Huang, Yulei Wu
Anomaly detection techniques in the Industrial Internet of Things (IIoT) are driving traditional industries towards an unprecedented level of efficiency, productivity and performance. They are typically developed based on supervised and unsupervised machine learning models. However, some machine learning models are facing “black box” problems, namely the rationale behind the algorithm is not understandable. Recently, several models on explainable anomaly detection have emerged. The “black box” problems have been studied by using such models. But few works focus on applications in the IIoT field, and there is no related review of explainable anomaly detection techniques. In this survey, we provide an overview of explainable anomaly detection techniques in IIoT. We propose a new taxonomy to classify the state-of-the-art explainable anomaly detection techniques into two categories, namely intrinsic based explainable anomaly detection and explainer based explainable anomaly detection. We further discuss the applications of explainable anomaly detection across various IIoT fields. Finally, we suggest future study options in this rapidly expanding subject.
{"title":"A Survey on Explainable Anomaly Detection for Industrial Internet of Things","authors":"Zijie Huang, Yulei Wu","doi":"10.1109/DSC54232.2022.9888874","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888874","url":null,"abstract":"Anomaly detection techniques in the Industrial Internet of Things (IIoT) are driving traditional industries towards an unprecedented level of efficiency, productivity and performance. They are typically developed based on supervised and unsupervised machine learning models. However, some machine learning models are facing “black box” problems, namely the rationale behind the algorithm is not understandable. Recently, several models on explainable anomaly detection have emerged. The “black box” problems have been studied by using such models. But few works focus on applications in the IIoT field, and there is no related review of explainable anomaly detection techniques. In this survey, we provide an overview of explainable anomaly detection techniques in IIoT. We propose a new taxonomy to classify the state-of-the-art explainable anomaly detection techniques into two categories, namely intrinsic based explainable anomaly detection and explainer based explainable anomaly detection. We further discuss the applications of explainable anomaly detection across various IIoT fields. Finally, we suggest future study options in this rapidly expanding subject.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114688480","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888828
Changgang Zheng, Chen Zhen, Haiyong Xie, Shufan Yang
Reinforcement Learning (RL) is one of the most popular methods for solving complex sequential decision-making problems. Deep RL needs careful sensing of the environment, selecting algorithms as well as hyper-parameters via soft agents, and simultaneously predicting which best actions should be. The RL computing paradigm is progressively becoming a popular solution in numerous fields. However, many deployment decisions, such as security of distributed computing, the defence system of network communication and algorithms details such as frequency of batch updating and the number of time steps, are typically not treated as an integrated system. This makes it difficult to have appropriate vulnerability management when applying deep RL in real life problems. For these reasons, we propose a framework that allows users to focus on the algorithm of reasoning, trust, and explainability in accordance with human perception, followed by exploring potential threats, especially adversarial attacks and countermeasures.
{"title":"Towards Secure Multi-Agent Deep Reinforcement Learning: Adversarial Attacks and Countermeasures","authors":"Changgang Zheng, Chen Zhen, Haiyong Xie, Shufan Yang","doi":"10.1109/DSC54232.2022.9888828","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888828","url":null,"abstract":"Reinforcement Learning (RL) is one of the most popular methods for solving complex sequential decision-making problems. Deep RL needs careful sensing of the environment, selecting algorithms as well as hyper-parameters via soft agents, and simultaneously predicting which best actions should be. The RL computing paradigm is progressively becoming a popular solution in numerous fields. However, many deployment decisions, such as security of distributed computing, the defence system of network communication and algorithms details such as frequency of batch updating and the number of time steps, are typically not treated as an integrated system. This makes it difficult to have appropriate vulnerability management when applying deep RL in real life problems. For these reasons, we propose a framework that allows users to focus on the algorithm of reasoning, trust, and explainability in accordance with human perception, followed by exploring potential threats, especially adversarial attacks and countermeasures.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129694905","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: