Computer Science Review最新文献

The emergence of ubiquitous computing and different disruptive technologies caused magnificent development in information and communication technology. Likewise, cybercriminals are also carefully considering different newer ways of attacks. Protecting the confidentiality, integrity, and authentication of sensitive information is the day’s major challenge. Secret sharing is a method that allows a trusted authority (the dealer) to distribute a secret or a number of secrets among some target participants with the intention that certain predetermined groups of participants can collaborate to recover the secret or secrets. Any other group formed by the participants cannot do so. Threshold secret sharing (TSS) is a particular form of secret sharing. It permits any group consisting of at least a specific number (called the threshold) of participants to reconstruct the secret or secrets. However, any group with fewer than the specified number of participants is forbidden to do so. It provides tolerance against single point of failure (SPOF), which has attracted a large number of researchers to contribute in this field. It has the potential to be implemented in numerous practical and secure applications. In this paper, we present a comprehensive survey of a variety of existing threshold secret sharing schemes. We have identified various aspects of developing secure and efficient secret sharing schemes. We have also highlighted some of the applications based on secret sharing. Finally, the open challenges and future research directions in the field of secret sharing are identified and discussed.

The continuous increase of IoT applications leads to a vast amount of data that needs to be transmitted, stored, and processed. Many IoT applications rely on the Cloud infrastructure to handle these specific application demands. However, the integration of IoT and Cloud poses challenges such as network delays, throughput, energy consumption, reliability, etc. Therefore, a new computing concept is required to support emerging IoT applications. These new concepts include fog computing, edge computing, mobile edge computing, mobile cloud computing, and cloudlets. They use various approaches to distribute resources, processes, and services among IoT system architecture layers. The challenge is to decide which offloading system is the best for a specific use case that emphasizes the IoT system modeling issue. In this paper, a model for the formal description of IoT systems is presented. In addition, an analytical evaluation method was proposed to design these systems using the corresponding architecture, technologies, protocols, and integration model to optimize performance. The proposed approach facilitates and simplifies the selection of the corresponding model for the system architecture. This approach enables an efficient method for performance optimization based on offloading processes (load balancing). Also, this paper provides some insights into specific emerging issues and ideas to be addressed by future research.

We survey the state-of-the-art on model-based formalisms for safety and security joint analysis, where safety refers to the absence of unintended failures, and security to absence of malicious attacks. We conduct a thorough literature review and – as a result – we consider fourteen model-based formalisms and compare them with respect to several criteria: (1) Modeling capabilities and Expressiveness: which phenomena can be expressed in these formalisms? To which extent can they capture safety-security interactions? (2) Analytical capabilities: which analysis types are supported? (3) Practical applicability: to what extent have the formalisms been used to analyze small or larger case studies? Furthermore, (1) we present more precise definitions for safety-security dependencies in tree-like formalisms; (2) we showcase the potential of each formalism by modeling the same toy example from the literature and (3) we present our findings and reflect on possible ways to narrow highlighted gaps. In summary, our key findings are the following: (1) the majority of approaches combine tree-like formal models; (2) the exact nature of safety-security interaction is still ill-understood and (3) diverse formalisms can capture different interactions; (4) analyzed formalisms merge modeling constructs from existing safety- and security-specific formalisms, without introducing ad hoc constructs to model safety-security interactions, or (5) metrics to analyze trade offs. Moreover, (6) large case studies representing safety-security interactions are still missing.

The world of connected devices has been attributed to applications that relied upon multitude of devices to acquire and distribute data over extremely diverse networks. This caused a plethora of potential threats. In the field of IT security, the concept of digital baits, or honeypots, which are typically network components (computer systems, access points, or switches) launched to be interrogated, savaged, and impacted, is currently popular as it allows scientists to comprehend further on assault patterns and behavior. Combining the inherent modularity with the administration enabled by the container makes security management simple and permits dispersed deployments, resulting in a very dynamic system. This study delivers several contributions in this regard. First, it comprehends the patterns, methods, and malware types that container honeypots deal with thus examining new developments in existing honeypot research to fill gaps in knowledge about the honeypot technology. A broad range of independently initiated and jointly conducted container honeypot strategies and studies that encompass various methodologies is surveyed. Second, using numerous use cases that aid scientific research, we address and investigate a number of challenges pertaining to container honeypots, such as identification problems, honeypot security issues, and dependability issues. Furthermore, based on our extensive honeypot research, we developed VIKRANT, a containerized research honeypot which assists researchers as well as enthusiasts in generating real-time flow data for threat intelligence. The configured approach was monitored resulting in several data points that allowed relevant conclusions about the malevolent users’ activities.

In recent years, unmanned aerial vehicles (UAVs) have been used to extend the Internet of things (IoT) framework owing to their vast applications, monitoring and surveillance capability, ubiquity, and mobility. To support IoT requirements, UAVs must be capable of aggregating, processing, and transmitting data in real-time basis. As not only the number of IoT devices but also the amount of data to be collected is increased, data aggregation is of great importance. Recently, the UAV can also function as a mobile edge computing server in association with aerial data aggregation. This paper is the first to survey the various aspects and techniques of UAV-based aerial data aggregation for IoT networks. After addressing key design issues, we review the existing data aggregation techniques along with possible future direction. They are then compared with each other in terms of major operational features, performance characteristics, advantages, and limitations. Open issues and research challenges are also discussed with possible solution approaches.

In the last decade, there has been a significant surge of interest in machine learning, primarily driven by advancements in deep learning (DL). DL has emerged as a powerful solution to address various challenges in numerous fields, including remote sensing (RS). Graph Deep Learning (GDL), a sub-field of DL, has recently gained increasing attention in the RS community. Tasks in RS requiring detailed information about the relationships between image/scene features are particularly well-suited for GDL. This study examines the notion of GDL and its recent developments in RS-related fields. An extensive survey of the current state-of-the-art in GDL is presented in this paper, with a specific emphasis on five established graph learning techniques: Graph Convolutional Networks (GCNs), Graph Attention Networks (GATs), Graph Recurrent Neural Networks (GRNNs), Graph Auto-encoders (GAEs), and Graph Generative Adversarial Networks (GGANs). A taxonomy is proposed based on the input data type (dynamic or static) or task being considered. Several promising research directions for GDL in RS are suggested in this paper to foster productive collaborations between the two domains. To the best of our knowledge, this study is the first to provide a comprehensive review that focuses on graph deep learning in remote sensing.

Federated learning (FL) is a kind of distributed machine learning framework, where the global model is generated on the centralized aggregation server based on the parameters of local models, addressing concerns about privacy leakage caused by the collection of local training data. With the growing computational and communication capacities of edge and IoT devices, applying FL on heterogeneous devices to train machine learning models is becoming a prevailing trend. Nonetheless, the synchronous aggregation strategy in the classic FL paradigm, particularly on heterogeneous devices, encounters limitations in resource utilization due to the need to wait for slow devices before aggregation in each training round. Furthermore, the uneven distribution of data across devices (i.e. data heterogeneity) in real-world scenarios adversely impacts the accuracy of the global model. Consequently, many asynchronous FL (AFL) approaches have been introduced across various application contexts to enhance efficiency, performance, privacy, and security. This survey comprehensively analyzes and summarizes existing AFL variations using a novel classification scheme, including device heterogeneity, data heterogeneity, privacy, and security on heterogeneous devices, as well as applications on heterogeneous devices. Finally, this survey reveals rising challenges and presents potentially promising research directions in this under-investigated domain.

Mobile crowdsensing (MCS) is an emerging data-driven paradigm that leverages the collective intelligence of the crowd, their mobility, and the crowd-companioned smart mobile devices embedded with powerful sensors to acquire information from the physical environment for crowd intelligence extraction and human-centric service delivery. However, existing MCS systems operate in a centralized manner, giving rise to several challenges, including privacy, security, incentives, and dependence on a central service provider. Blockchain is a novel application paradigm that incorporates point-to-point transmission, consensus mechanisms, cryptography, intelligent contracts, distributed data storage, and other computing technologies, creating a shift from the current centralized paradigm to a decentralized paradigm. Nonetheless, the convergence of MCS and blockchains necessitates addressing numerous fundamental challenges arising from their merger. This paper examines the major issues facing MCS systems and blockchain’s potential role in addressing them. We present the MCS-blockchain integrated deployment strategies, architectural designs, and core blockchain technology principles that contribute significantly to the performance of blockchain-based MCS applications. Additionally, the advancement of blockchain technology and its impact on MCS system security and performance requirements are investigated. Finally, we highlight current research gaps and future research opportunities that may inspire the deployment of novel blockchain-based MCS systems.

In response to various privacy risks, researchers and practitioners have been exploring different paradigms that can leverage the increased computational capabilities of consumer devices to train machine learning (ML) models in a distributed fashion without requiring the uploading of the training data from individual devices to central facilities. For this purpose, federated learning (FL) was proposed as a technique that can learn a global machine model at a central master node by the aggregation of models trained locally using private data. However, organizations may be reluctant to train models locally and to share these local ML models due to the required computational resources for model training at their end and due to privacy risks that may result from adversaries inverting these models to infer information about the private training data. Incentive mechanisms have been proposed to motivate end users to participate in collaborative training of ML models (using their local data) in return for certain rewards. However, the design of an optimal incentive mechanism for FL is challenging due to its distributed nature and the fact that the central server has no access to clients’ hyperparameters information and the amount/quality data used for training, which makes the task of determining the reward based on the contribution of individual clients in FL environment difficult. Even though several incentive mechanisms have been proposed for FL, a thorough up-to-date systematic review is missing and this paper fills this gap. To the best of our knowledge, this paper is the first systematic review that comprehensively enlists the design principles required for implementing these incentive mechanisms and then categorizes various incentive mechanisms according to their design principles. In addition, we also provide a comprehensive overview of security challenges associated with incentive-driven FL. Finally, we highlight the limitations and pitfalls of these incentive schemes and elaborate upon open-research issues that require further research attention.

The proliferation of information and communication technologies in enterprises enables them to develop new business models and enhance their operational and commercial activities. Nevertheless, this practice also introduces new cybersecurity risks and vulnerabilities. This may not be an issue for large organizations with the resources and mature cybersecurity programs in place; the situation with small and medium-sized enterprises (SMEs) is different since they often lack the resources, expertise, and incentives to prioritize cybersecurity. In such cases, cybersecurity awareness can be a critical component of cyberdefense. However, research studies dealing with cybersecurity awareness or related domains exclusively for SMEs are rare, indicating a pressing need for research addressing the cybersecurity awareness requirements of SMEs.

Prior to that, though, it is crucial to identify which aspects of cybersecurity awareness require further research in order to adapt or conform to the needs of SMEs. In this study, we conducted a systematic literature review that focused on cybersecurity awareness, prioritizing those performed with a particular focus on SMEs. The study seeks to analyze and evaluate such studies primarily to determine knowledge and research gaps in the cybersecurity awareness field for SMEs, thus providing a direction for future research.