Computer Science Review最新文献

The world of connected devices has been attributed to applications that relied upon multitude of devices to acquire and distribute data over extremely diverse networks. This caused a plethora of potential threats. In the field of IT security, the concept of digital baits, or honeypots, which are typically network components (computer systems, access points, or switches) launched to be interrogated, savaged, and impacted, is currently popular as it allows scientists to comprehend further on assault patterns and behavior. Combining the inherent modularity with the administration enabled by the container makes security management simple and permits dispersed deployments, resulting in a very dynamic system. This study delivers several contributions in this regard. First, it comprehends the patterns, methods, and malware types that container honeypots deal with thus examining new developments in existing honeypot research to fill gaps in knowledge about the honeypot technology. A broad range of independently initiated and jointly conducted container honeypot strategies and studies that encompass various methodologies is surveyed. Second, using numerous use cases that aid scientific research, we address and investigate a number of challenges pertaining to container honeypots, such as identification problems, honeypot security issues, and dependability issues. Furthermore, based on our extensive honeypot research, we developed VIKRANT, a containerized research honeypot which assists researchers as well as enthusiasts in generating real-time flow data for threat intelligence. The configured approach was monitored resulting in several data points that allowed relevant conclusions about the malevolent users’ activities.

In recent years, unmanned aerial vehicles (UAVs) have been used to extend the Internet of things (IoT) framework owing to their vast applications, monitoring and surveillance capability, ubiquity, and mobility. To support IoT requirements, UAVs must be capable of aggregating, processing, and transmitting data in real-time basis. As not only the number of IoT devices but also the amount of data to be collected is increased, data aggregation is of great importance. Recently, the UAV can also function as a mobile edge computing server in association with aerial data aggregation. This paper is the first to survey the various aspects and techniques of UAV-based aerial data aggregation for IoT networks. After addressing key design issues, we review the existing data aggregation techniques along with possible future direction. They are then compared with each other in terms of major operational features, performance characteristics, advantages, and limitations. Open issues and research challenges are also discussed with possible solution approaches.

In the last decade, there has been a significant surge of interest in machine learning, primarily driven by advancements in deep learning (DL). DL has emerged as a powerful solution to address various challenges in numerous fields, including remote sensing (RS). Graph Deep Learning (GDL), a sub-field of DL, has recently gained increasing attention in the RS community. Tasks in RS requiring detailed information about the relationships between image/scene features are particularly well-suited for GDL. This study examines the notion of GDL and its recent developments in RS-related fields. An extensive survey of the current state-of-the-art in GDL is presented in this paper, with a specific emphasis on five established graph learning techniques: Graph Convolutional Networks (GCNs), Graph Attention Networks (GATs), Graph Recurrent Neural Networks (GRNNs), Graph Auto-encoders (GAEs), and Graph Generative Adversarial Networks (GGANs). A taxonomy is proposed based on the input data type (dynamic or static) or task being considered. Several promising research directions for GDL in RS are suggested in this paper to foster productive collaborations between the two domains. To the best of our knowledge, this study is the first to provide a comprehensive review that focuses on graph deep learning in remote sensing.

Federated learning (FL) is a kind of distributed machine learning framework, where the global model is generated on the centralized aggregation server based on the parameters of local models, addressing concerns about privacy leakage caused by the collection of local training data. With the growing computational and communication capacities of edge and IoT devices, applying FL on heterogeneous devices to train machine learning models is becoming a prevailing trend. Nonetheless, the synchronous aggregation strategy in the classic FL paradigm, particularly on heterogeneous devices, encounters limitations in resource utilization due to the need to wait for slow devices before aggregation in each training round. Furthermore, the uneven distribution of data across devices (i.e. data heterogeneity) in real-world scenarios adversely impacts the accuracy of the global model. Consequently, many asynchronous FL (AFL) approaches have been introduced across various application contexts to enhance efficiency, performance, privacy, and security. This survey comprehensively analyzes and summarizes existing AFL variations using a novel classification scheme, including device heterogeneity, data heterogeneity, privacy, and security on heterogeneous devices, as well as applications on heterogeneous devices. Finally, this survey reveals rising challenges and presents potentially promising research directions in this under-investigated domain.

Mobile crowdsensing (MCS) is an emerging data-driven paradigm that leverages the collective intelligence of the crowd, their mobility, and the crowd-companioned smart mobile devices embedded with powerful sensors to acquire information from the physical environment for crowd intelligence extraction and human-centric service delivery. However, existing MCS systems operate in a centralized manner, giving rise to several challenges, including privacy, security, incentives, and dependence on a central service provider. Blockchain is a novel application paradigm that incorporates point-to-point transmission, consensus mechanisms, cryptography, intelligent contracts, distributed data storage, and other computing technologies, creating a shift from the current centralized paradigm to a decentralized paradigm. Nonetheless, the convergence of MCS and blockchains necessitates addressing numerous fundamental challenges arising from their merger. This paper examines the major issues facing MCS systems and blockchain’s potential role in addressing them. We present the MCS-blockchain integrated deployment strategies, architectural designs, and core blockchain technology principles that contribute significantly to the performance of blockchain-based MCS applications. Additionally, the advancement of blockchain technology and its impact on MCS system security and performance requirements are investigated. Finally, we highlight current research gaps and future research opportunities that may inspire the deployment of novel blockchain-based MCS systems.

In response to various privacy risks, researchers and practitioners have been exploring different paradigms that can leverage the increased computational capabilities of consumer devices to train machine learning (ML) models in a distributed fashion without requiring the uploading of the training data from individual devices to central facilities. For this purpose, federated learning (FL) was proposed as a technique that can learn a global machine model at a central master node by the aggregation of models trained locally using private data. However, organizations may be reluctant to train models locally and to share these local ML models due to the required computational resources for model training at their end and due to privacy risks that may result from adversaries inverting these models to infer information about the private training data. Incentive mechanisms have been proposed to motivate end users to participate in collaborative training of ML models (using their local data) in return for certain rewards. However, the design of an optimal incentive mechanism for FL is challenging due to its distributed nature and the fact that the central server has no access to clients’ hyperparameters information and the amount/quality data used for training, which makes the task of determining the reward based on the contribution of individual clients in FL environment difficult. Even though several incentive mechanisms have been proposed for FL, a thorough up-to-date systematic review is missing and this paper fills this gap. To the best of our knowledge, this paper is the first systematic review that comprehensively enlists the design principles required for implementing these incentive mechanisms and then categorizes various incentive mechanisms according to their design principles. In addition, we also provide a comprehensive overview of security challenges associated with incentive-driven FL. Finally, we highlight the limitations and pitfalls of these incentive schemes and elaborate upon open-research issues that require further research attention.

The proliferation of information and communication technologies in enterprises enables them to develop new business models and enhance their operational and commercial activities. Nevertheless, this practice also introduces new cybersecurity risks and vulnerabilities. This may not be an issue for large organizations with the resources and mature cybersecurity programs in place; the situation with small and medium-sized enterprises (SMEs) is different since they often lack the resources, expertise, and incentives to prioritize cybersecurity. In such cases, cybersecurity awareness can be a critical component of cyberdefense. However, research studies dealing with cybersecurity awareness or related domains exclusively for SMEs are rare, indicating a pressing need for research addressing the cybersecurity awareness requirements of SMEs.

Prior to that, though, it is crucial to identify which aspects of cybersecurity awareness require further research in order to adapt or conform to the needs of SMEs. In this study, we conducted a systematic literature review that focused on cybersecurity awareness, prioritizing those performed with a particular focus on SMEs. The study seeks to analyze and evaluate such studies primarily to determine knowledge and research gaps in the cybersecurity awareness field for SMEs, thus providing a direction for future research.

The Internet of Things (IoT) is a smart, internet-connected, and omnipresent network. Healthcare is one of the most critical sectors that could benefit from IoT technology. In the medical sphere, the rise of the IoT transforms traditional healthcare services by encouraging technological, social, and economic factors. This study rigorously analyzes various aspects of the Internet of Healthcare Things (IoHT), such as networking terminology, enabling communication technologies, services, applications, implementation issues, research challenges, and security-related concerns. Communication techniques under licensed and unlicensed spectra are extensively investigated and compared on various identified parameters for short- and long-range connectivity. The aforementioned aspects thoroughly review the operational and implementation roles of enabling technology. Following a rigorous analysis, multiple research issues and challenges are identified and discussed, along with recommendations to address them. After that, several IoHT services and applications are highlighted and reviewed with a comparative analysis regarding enabling technologies. Additionally, essential security and privacy concerns, along with probable threats and attacks related to the Internet of Healthcare Things, are mentioned in this work. Finally, this paper also emphasizes the future directions of the IoHT domain.

Runtime Verification can be defined as a collection of formal methods for studying the dynamic evaluation of execution traces against formal specifications. Aside from creating a monitor from specifications and building algorithms for the evaluation of the trace, the process of gathering events and making them available for the monitor and the communication between the system under analysis and the monitor are critical and important steps in the runtime verification process. In many situations and for a variety of reasons, the event trace could be incomplete or could contain imprecise events. When a missing or ambiguous event is detected, the monitor may be unable to deliver a sound verdict. In this survey, we review the literature dealing with the problem of monitoring with incomplete traces. We list the different causes of uncertainty that have been identified, and analyze their effect on the monitoring process. We identify and compare the different methods that have been proposed to perform monitoring on such traces, highlighting the advantages and drawbacks of each method.

The accelerated growth of networking technologies highlights the importance of Authentication and Access Control (AAC) as protection against associated attacks. Controlling access to resources, facilitating resource sharing, and managing user mobility are some of the notable capabilities provided by AAC methods. Centralized methods are the most common deployment architectures, that can be threatened by several attacks at their central points. Emerging Distributed Ledger Technology (DLT) has attracted significant interest in the AAA community. The distributed nature of DLT and its immutability can bring unprecedented opportunities to resolve many of the challenges of conventional systems. We survey the state-of-the-art in deploying authentication and access control approaches via DLT for several networking use cases. More precisely, we explore DLT applications in (1) Authentication; (2) Access Control; and (3) Comprehensive AAC solutions. First, we present the challenges of centralized solutions and discuss the capability of DLT for their resolution. Then, we propose a taxonomy to categorize the existing methods. Analysis, comparison, and discussion on the advantages and disadvantages of these methods have been provided regarding different parameters such as DLT types, AAC approaches, security, reliability, scalability, etc. While DLT provides various benefits, several challenges remain for the migration to DLT-based AAC. In light of these general limitations, we propose some future directions, targeting the current lacunae and future needs.