首页 > 最新文献

Annals of Telecommunications最新文献

英文 中文
Large language models and unsupervised feature learning: implications for log analysis 大型语言模型和无监督特征学习:对日志分析的影响
IF 1.9 4区 计算机科学 Q3 TELECOMMUNICATIONS Pub Date : 2024-04-04 DOI: 10.1007/s12243-024-01028-2

Abstract

Log file analysis is increasingly being addressed through the use of large language models (LLM). LLM provides the mechanism for discovering embeddings for distinguishing between different behaviors present in log files. In this work, we are interested in discriminating between normal and anomalous behaviors via an unsupervised learning approach. To this end, firstly five recent LLM architectures are evaluated over six different log files. Then, further research is conducted to explicitly quantify the significance of performing self-supervised fine-tuning on the LLMs. Moreover, we show that the quality of an (unsupervised) feature map used to make the overall (normal/anomalous) predictions may also benefit from an AutoEncoder stage between LLM and feature map. Such an AutoEncoder provides significant reductions in the cost of training the feature map and typically improves the quality of the resulting predictions.

摘要 日志文件分析越来越多地通过使用大型语言模型(LLM)来解决。LLM 提供了发现嵌入的机制,以区分日志文件中存在的不同行为。在这项工作中,我们感兴趣的是通过无监督学习方法来区分正常行为和异常行为。为此,我们首先通过六种不同的日志文件对五种最新的 LLM 架构进行了评估。然后,我们进行了进一步的研究,以明确量化对 LLM 执行自监督微调的意义。此外,我们还表明,用于进行整体(正常/异常)预测的(无监督)特征图的质量也可能受益于 LLM 和特征图之间的自动编码器阶段。这样的自动编码器可以显著降低训练特征图的成本,通常还能提高预测结果的质量。
{"title":"Large language models and unsupervised feature learning: implications for log analysis","authors":"","doi":"10.1007/s12243-024-01028-2","DOIUrl":"https://doi.org/10.1007/s12243-024-01028-2","url":null,"abstract":"<h3>Abstract</h3> <p>Log file analysis is increasingly being addressed through the use of large language models (LLM). LLM provides the mechanism for discovering embeddings for distinguishing between different behaviors present in log files. In this work, we are interested in discriminating between normal and anomalous behaviors via an unsupervised learning approach. To this end, firstly five recent LLM architectures are evaluated over six different log files. Then, further research is conducted to explicitly quantify the significance of performing self-supervised fine-tuning on the LLMs. Moreover, we show that the quality of an (unsupervised) feature map used to make the overall (normal/anomalous) predictions may also benefit from an AutoEncoder stage between LLM and feature map. Such an AutoEncoder provides significant reductions in the cost of training the feature map and typically improves the quality of the resulting predictions.</p>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"93 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2024-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140573502","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
E-Watcher: insider threat monitoring and detection for enhanced security E-Watcher:内部威胁监控和检测,增强安全性
IF 1.9 4区 计算机科学 Q3 TELECOMMUNICATIONS Pub Date : 2024-04-04 DOI: 10.1007/s12243-024-01023-7
Zhiyuan Wei, Usman Rauf, Fadi Mohsen

Insider threats refer to harmful actions carried out by authorized users within an organization, posing the most damaging risks. The increasing number of these threats has revealed the inadequacy of traditional methods for detecting and mitigating insider threats. These existing approaches lack the ability to analyze activity-related information in detail, resulting in delayed detection of malicious intent. Additionally, current methods lack advancements in addressing noisy datasets or unknown scenarios, leading to under-fitting or over-fitting of the models. To address these, our paper presents a hybrid insider threat detection framework. We not only enhance prediction accuracy by incorporating a layer of statistical criteria on top of machine learning-based classification but also present optimal parameters to address over/under-fitting of models. We evaluate the performance of our framework using a real-life threat test dataset (CERT r4.2) and compare it to existing methods on the same dataset (Glasser and Lindauer 2013). Our initial evaluation demonstrates that our proposed framework achieves an accuracy of 98.48% in detecting insider threats, surpassing the performance of most of the existing methods. Additionally, our framework effectively handles potential bias and data imbalance issues that can arise in real-life scenarios.

内部威胁是指组织内部授权用户实施的有害行为,具有最大的破坏性风险。这些威胁的日益增多暴露了传统方法在检测和缓解内部威胁方面的不足。这些现有方法缺乏详细分析活动相关信息的能力,导致恶意意图的延迟检测。此外,目前的方法在处理嘈杂数据集或未知场景方面缺乏进步,导致模型拟合不足或拟合过度。为了解决这些问题,我们的论文提出了一种混合内部威胁检测框架。我们不仅通过在基于机器学习的分类之上加入一层统计标准来提高预测准确性,还提出了解决模型过拟合/欠拟合问题的最佳参数。我们使用现实生活中的威胁测试数据集(CERT r4.2)评估了我们框架的性能,并将其与相同数据集上的现有方法进行了比较(Glasser 和 Lindauer,2013 年)。初步评估表明,我们提出的框架在检测内部威胁方面达到了 98.48% 的准确率,超过了大多数现有方法。此外,我们的框架还能有效处理现实生活中可能出现的偏差和数据不平衡问题。
{"title":"E-Watcher: insider threat monitoring and detection for enhanced security","authors":"Zhiyuan Wei, Usman Rauf, Fadi Mohsen","doi":"10.1007/s12243-024-01023-7","DOIUrl":"https://doi.org/10.1007/s12243-024-01023-7","url":null,"abstract":"<p>Insider threats refer to harmful actions carried out by authorized users within an organization, posing the most damaging risks. The increasing number of these threats has revealed the inadequacy of traditional methods for detecting and mitigating insider threats. These existing approaches lack the ability to analyze activity-related information in detail, resulting in delayed detection of malicious intent. Additionally, current methods lack advancements in addressing noisy datasets or unknown scenarios, leading to under-fitting or over-fitting of the models. To address these, our paper presents a hybrid insider threat detection framework. We not only enhance prediction accuracy by incorporating a layer of statistical criteria on top of machine learning-based classification but also present optimal parameters to address over/under-fitting of models. We evaluate the performance of our framework using a real-life threat test dataset (CERT r4.2) and compare it to existing methods on the same dataset (Glasser and Lindauer 2013). Our initial evaluation demonstrates that our proposed framework achieves an accuracy of 98.48% in detecting insider threats, surpassing the performance of most of the existing methods. Additionally, our framework effectively handles potential bias and data imbalance issues that can arise in real-life scenarios.</p>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"2015 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2024-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140573836","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
ICIN 2023 special issue — Emergence of the data and intelligence networking across the edge-cloud continuum ICIN 2023 特刊 - 跨边缘-云连续体的数据和智能网络的出现
IF 1.8 4区 计算机科学 Q3 TELECOMMUNICATIONS Pub Date : 2024-04-02 DOI: 10.1007/s12243-024-01026-4
Marie-José Montpetit, Walter Cerroni
{"title":"ICIN 2023 special issue — Emergence of the data and intelligence networking across the edge-cloud continuum","authors":"Marie-José Montpetit,&nbsp;Walter Cerroni","doi":"10.1007/s12243-024-01026-4","DOIUrl":"10.1007/s12243-024-01026-4","url":null,"abstract":"","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"79 3-4","pages":"131 - 133"},"PeriodicalIF":1.8,"publicationDate":"2024-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140751719","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Generating practical adversarial examples against learning-based network intrusion detection systems 针对基于学习的网络入侵检测系统生成实用的对抗实例
IF 1.9 4区 计算机科学 Q3 TELECOMMUNICATIONS Pub Date : 2024-03-27 DOI: 10.1007/s12243-024-01021-9
Vivek Kumar, Kamal Kumar, Maheep Singh

There has been a significant development in the design of intrusion detection systems (IDS) by using deep learning (DL)/machine learning (ML) methods for detecting threats in a computer network. Unfortunately, these DL/ML-based IDS are vulnerable to adversarial examples, wherein a malicious data sample can be slightly perturbed to cause a misclassification by an IDS while retaining its malicious properties. Unlike image recognition domain, the network domain has certain constraints known as domain constraints which are multifarious interrelationships and dependencies between features. To be considered as practical and realizable, an adversary must ensure that the adversarial examples comply with domain constraints. Recently, generative models like GANs and VAEs have been extensively used for generating adversarial examples against IDS. However, majority of these techniques generate adversarial examples which do not satisfy all domain constraints. Also, current generative methods lack explicit restrictions on the amount of perturbation which a malicious data sample undergoes during the crafting of adversarial examples, leading to the potential generation of invalid data samples. To address these limitations, a solution is presented in this work which utilize a variational autoencoder to generate adversarial examples that not only result in misclassification by an IDS, but also satisfy domain constraints. Instead of perturbing the data samples itself, the adversarial examples are crafted by perturbing the latent space representation of the data sample. It allows the generation of adversarial examples under limited perturbation. This research has explored the novel applications of generative networks for generating constraint satisfying adversarial examples. The experimental results support the claims with an attack success rate of 64.8(%) against ML/DL-based IDS. The trained model can be integrated further into an operational IDS to strengthen its robustness against adversarial examples; however, this is out of scope of this work.

通过使用深度学习(DL)/机器学习(ML)方法检测计算机网络中的威胁,入侵检测系统(IDS)的设计有了长足的发展。遗憾的是,这些基于深度学习/机器学习的 IDS 容易受到恶意示例的影响,即恶意数据样本可能会受到轻微扰动,导致 IDS 错误分类,同时保留其恶意属性。与图像识别领域不同,网络领域有一些被称为 "领域约束 "的制约因素,这些制约因素是特征之间多种多样的相互关系和依赖关系。对抗者必须确保对抗示例符合领域约束条件,这样才能被认为是实用和可实现的。最近,GANs 和 VAEs 等生成模型被广泛用于生成对抗 IDS 的对抗示例。然而,大多数这些技术生成的对抗示例并不满足所有领域约束条件。此外,当前的生成方法对恶意数据样本在生成对抗示例过程中受到的扰动量缺乏明确的限制,从而导致可能生成无效的数据样本。为了解决这些局限性,本文提出了一种解决方案,即利用变异自动编码器生成不仅会导致 IDS 错误分类,而且还能满足领域约束条件的对抗示例。不对数据样本本身进行扰动,而是通过扰动数据样本的潜在空间表示来制作对抗示例。它允许在有限的扰动下生成对抗示例。这项研究探索了生成网络在生成满足约束条件的对抗示例方面的新应用。实验结果支持了上述说法,对基于 ML/DL 的 IDS 的攻击成功率为 64.8(%)。训练好的模型可以进一步集成到可运行的 IDS 中,以加强其对对抗性示例的鲁棒性;不过,这不在本研究的范围之内。
{"title":"Generating practical adversarial examples against learning-based network intrusion detection systems","authors":"Vivek Kumar, Kamal Kumar, Maheep Singh","doi":"10.1007/s12243-024-01021-9","DOIUrl":"https://doi.org/10.1007/s12243-024-01021-9","url":null,"abstract":"<p>There has been a significant development in the design of intrusion detection systems (IDS) by using deep learning (DL)/machine learning (ML) methods for detecting threats in a computer network. Unfortunately, these DL/ML-based IDS are vulnerable to adversarial examples, wherein a malicious data sample can be slightly perturbed to cause a misclassification by an IDS while retaining its malicious properties. Unlike image recognition domain, the network domain has certain constraints known as <i>domain constraints</i> which are multifarious interrelationships and dependencies between features. To be considered as practical and realizable, an adversary must ensure that the adversarial examples comply with domain constraints. Recently, generative models like GANs and VAEs have been extensively used for generating adversarial examples against IDS. However, majority of these techniques generate adversarial examples which do not satisfy all domain constraints. Also, current generative methods lack explicit restrictions on the amount of perturbation which a malicious data sample undergoes during the crafting of adversarial examples, leading to the potential generation of invalid data samples. To address these limitations, a solution is presented in this work which utilize a variational autoencoder to generate adversarial examples that not only result in misclassification by an IDS, but also satisfy domain constraints. Instead of perturbing the data samples itself, the adversarial examples are crafted by perturbing the latent space representation of the data sample. It allows the generation of adversarial examples under limited perturbation. This research has explored the novel applications of generative networks for generating constraint satisfying adversarial examples. The experimental results support the claims with an attack success rate of 64.8<span>(%)</span> against ML/DL-based IDS. The trained model can be integrated further into an operational IDS to strengthen its robustness against adversarial examples; however, this is out of scope of this work.</p>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"33 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2024-03-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140313957","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
AutoRoC-DBSCAN: automatic tuning of DBSCAN to detect malicious DNS tunnels AutoRoC-DBSCAN:自动调整 DBSCAN 以检测恶意 DNS 隧道
IF 1.9 4区 计算机科学 Q3 TELECOMMUNICATIONS Pub Date : 2024-03-22 DOI: 10.1007/s12243-024-01025-5
Thi Quynh Nguyen, Romain Laborde, Abdelmalek Benzekri, Arnaud Oglaza, Mehdi Mounsif

Modern attacks, such as advanced persistent threats, hide command-and-control channels inside authorized network traffic like DNS or DNS over HTTPS to infiltrate the local network and exfiltrate sensitive data. Detecting such malicious traffic using traditional techniques is cumbersome especially when the traffic encrypted like DNS over HTTPS. Unsupervised machine learning techniques, and more specifically density-based spatial clustering of applications with noise (DBSCAN), can achieve good results in detecting malicious DNS tunnels. However, DBSCAN requires manually tuning two hyperparameters, whose optimal values can differ depending on the dataset. In this article, we propose an improved algorithm called AutoRoC-DBSCAN that can automatically find the best hyperparameters. We evaluated and obtained good results on two different datasets: a dataset we created with malicious DNS tunnels and the CIRA-CIC-DoHBrw-2020 dataset with malicious DoH tunnels.

高级持续性威胁等现代攻击会在 DNS 或通过 HTTPS 的 DNS 等授权网络流量中隐藏命令和控制通道,以渗透本地网络并外泄敏感数据。使用传统技术检测此类恶意流量非常麻烦,尤其是像通过 HTTPS 的 DNS 这样的加密流量。无监督机器学习技术,特别是基于密度的带噪声应用空间聚类(DBSCAN),可以在检测恶意 DNS 隧道方面取得良好效果。然而,DBSCAN 需要手动调整两个超参数,而这两个参数的最佳值可能因数据集而异。在本文中,我们提出了一种名为 AutoRoC-DBSCAN 的改进算法,它可以自动找到最佳超参数。我们在两个不同的数据集上进行了评估,并取得了良好的结果:一个是我们用恶意 DNS 隧道创建的数据集,另一个是用恶意 DoH 隧道创建的 CIRA-CIC-DoHBrw-2020 数据集。
{"title":"AutoRoC-DBSCAN: automatic tuning of DBSCAN to detect malicious DNS tunnels","authors":"Thi Quynh Nguyen, Romain Laborde, Abdelmalek Benzekri, Arnaud Oglaza, Mehdi Mounsif","doi":"10.1007/s12243-024-01025-5","DOIUrl":"https://doi.org/10.1007/s12243-024-01025-5","url":null,"abstract":"<p>Modern attacks, such as advanced persistent threats, hide command-and-control channels inside authorized network traffic like DNS or DNS over HTTPS to infiltrate the local network and exfiltrate sensitive data. Detecting such malicious traffic using traditional techniques is cumbersome especially when the traffic encrypted like DNS over HTTPS. Unsupervised machine learning techniques, and more specifically density-based spatial clustering of applications with noise (DBSCAN), can achieve good results in detecting malicious DNS tunnels. However, DBSCAN requires manually tuning two hyperparameters, whose optimal values can differ depending on the dataset. In this article, we propose an improved algorithm called AutoRoC-DBSCAN that can automatically find the best hyperparameters. We evaluated and obtained good results on two different datasets: a dataset we created with malicious DNS tunnels and the CIRA-CIC-DoHBrw-2020 dataset with malicious DoH tunnels.</p>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"15 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2024-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140202859","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A deeper look at Ariadne: a privacy-preserving network layer protocol 深入了解阿里阿德涅:保护隐私的网络层协议
IF 1.9 4区 计算机科学 Q3 TELECOMMUNICATIONS Pub Date : 2024-03-13 DOI: 10.1007/s12243-024-01017-5
Antoine Fressancourt, Luigi Iannone, Mael Kerichard

We present a deeper analysis of Ariadne, a privacy-preserving network layer communication protocol that we introduced in Fressancourt and Iannone (2023). Ariadne uses a source routing approach to avoid relying on trusted third parties. In Ariadne, a source node willing to send anonymized network traffic to a destination uses a path consisting in nodes with which it has pre-shared symmetric keys. Temporary keys derived from those pre-shared keys are used to protect the communication’s privacy using onion routing techniques, ensuring session unlinkability for packets following the same path. Ariadne enhances previous approaches to preserve communication privacy by introducing two novelties. First, the source route is encoded in a fixed size, sequentially encrypted vector of routing information elements, in which the elements’ positions in the vector are pseudo-randomly permuted. Second, the temporary keys used to process the packets on the path are referenced using mutually known encrypted patterns. This avoids the use of an explicit key reference that could be used to de-anonymize the communications. This article enriches our previous presentation of Ariadne Fressancourt and Iannone (2023) with a set of formal proofs of its security properties. Besides, a performance evaluation of Ariadne’s Rust implementation is presented to assess the ability of our protocol to protect privacy at the network layer in real-world use cases.

我们在 Fressancourt 和 Iannone(2023 年)中介绍了一种保护隐私的网络层通信协议 Ariadne,并对其进行了深入分析。阿里阿德涅使用源路由方法来避免依赖可信第三方。在阿里阿德涅中,愿意向目的地发送匿名网络流量的源节点会使用一条由节点组成的路径,而这些节点之间有预先共享的对称密钥。利用洋葱路由技术,从这些预共享密钥衍生出的临时密钥可用于保护通信隐私,确保沿相同路径发送的数据包具有会话不可链接性。阿里阿德涅通过引入两个新功能,增强了以往保护通信隐私的方法。首先,源路由被编码为一个固定大小、按顺序加密的路由信息元素向量,其中元素在向量中的位置是伪随机排列的。其次,用于处理路径上数据包的临时密钥使用相互已知的加密模式进行引用。这就避免了使用明确的密钥参考,因为这种参考可能会被用来对通信进行去匿名化处理。这篇文章丰富了我们之前对阿里阿德涅的介绍,对其安全特性进行了一系列形式化证明。此外,本文还对阿里阿德涅的 Rust 实现进行了性能评估,以评估我们的协议在实际应用案例中保护网络层隐私的能力。
{"title":"A deeper look at Ariadne: a privacy-preserving network layer protocol","authors":"Antoine Fressancourt, Luigi Iannone, Mael Kerichard","doi":"10.1007/s12243-024-01017-5","DOIUrl":"https://doi.org/10.1007/s12243-024-01017-5","url":null,"abstract":"<p>We present a deeper analysis of Ariadne, a privacy-preserving network layer communication protocol that we introduced in Fressancourt and Iannone (2023). Ariadne uses a source routing approach to avoid relying on trusted third parties. In Ariadne, a source node willing to send anonymized network traffic to a destination uses a path consisting in nodes with which it has pre-shared symmetric keys. Temporary keys derived from those pre-shared keys are used to protect the communication’s privacy using onion routing techniques, ensuring <i>session unlinkability</i> for packets following the same path. Ariadne enhances previous approaches to preserve communication privacy by introducing two novelties. First, the source route is encoded in a fixed size, sequentially encrypted vector of routing information elements, in which the elements’ positions in the vector are pseudo-randomly permuted. Second, the temporary keys used to process the packets on the path are referenced using mutually known encrypted patterns. This avoids the use of an explicit key reference that could be used to de-anonymize the communications. This article enriches our previous presentation of Ariadne Fressancourt and Iannone (2023) with a set of formal proofs of its security properties. Besides, a performance evaluation of Ariadne’s Rust implementation is presented to assess the ability of our protocol to protect privacy at the network layer in real-world use cases.</p>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"24 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2024-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140116886","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Mirage: cyber deception against autonomous cyber attacks in emulation and simulation 幻影:在仿真和模拟中对抗自主网络攻击的网络欺骗行为
IF 1.9 4区 计算机科学 Q3 TELECOMMUNICATIONS Pub Date : 2024-03-13 DOI: 10.1007/s12243-024-01018-4
Michael Kouremetis, Dean Lawrence, Ron Alford, Zoe Cheuvront, David Davila, Benjamin Geyer, Trevor Haigh, Ethan Michalak, Rachel Murphy, Gianpaolo Russo

As the capabilities of cyber adversaries continue to evolve, now in parallel to the explosion of maturing and publicly-available artificial intelligence (AI) technologies, cyber defenders may reasonably wonder when cyber adversaries will begin to also field these AI technologies. In this regard, some promising (read: scary) areas of AI for cyber attack capabilities are search, automated planning, and reinforcement learning. As such, one possible defensive mechanism against future AI-enabled adversaries is that of cyber deception. To that end, in this work, we present and evaluate Mirage, an experimentation system demonstrated in both emulation and simulation forms that allows for the implementation and testing of novel cyber deceptions designed to counter cyber adversaries that use AI search and planning capabilities.

随着网络对手能力的不断发展,以及人工智能(AI)技术的不断成熟和公开,网络防御者有理由怀疑网络对手何时也会开始使用这些人工智能技术。在这方面,人工智能在网络攻击能力方面的一些有前途(读作:可怕)的领域是搜索、自动规划和强化学习。因此,针对未来人工智能对手的一种可能防御机制就是网络欺骗。为此,在这项工作中,我们介绍并评估了 Mirage,这是一个以仿真和模拟形式展示的实验系统,允许实施和测试新型网络欺骗,旨在对抗使用人工智能搜索和规划能力的网络对手。
{"title":"Mirage: cyber deception against autonomous cyber attacks in emulation and simulation","authors":"Michael Kouremetis, Dean Lawrence, Ron Alford, Zoe Cheuvront, David Davila, Benjamin Geyer, Trevor Haigh, Ethan Michalak, Rachel Murphy, Gianpaolo Russo","doi":"10.1007/s12243-024-01018-4","DOIUrl":"https://doi.org/10.1007/s12243-024-01018-4","url":null,"abstract":"<p>As the capabilities of cyber adversaries continue to evolve, now in parallel to the explosion of maturing and publicly-available artificial intelligence (AI) technologies, cyber defenders may reasonably wonder when cyber adversaries will begin to also field these AI technologies. In this regard, some promising (read: scary) areas of AI for cyber attack capabilities are search, automated planning, and reinforcement learning. As such, one possible defensive mechanism against future AI-enabled adversaries is that of cyber deception. To that end, in this work, we present and evaluate Mirage, an experimentation system demonstrated in both emulation and simulation forms that allows for the implementation and testing of novel cyber deceptions designed to counter cyber adversaries that use AI search and planning capabilities.</p>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"8 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2024-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140116917","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Efficient representation of disoccluded regions in 3D video coding 在 3D 视频编码中高效表示不包括的区域
IF 1.9 4区 计算机科学 Q3 TELECOMMUNICATIONS Pub Date : 2024-03-12 DOI: 10.1007/s12243-024-01019-3
Muhammad Shahid Farid, Badi uz Zaman Babar, Muhammad Hassan Khan

Three-dimensional (3D) video technology has gained immense admiration in recent times due to its numerous applications, particularly in the television and cinema industry. Three-dimensional television (3DTV) and free-viewpoint television (FTV) are two well-known applications that provide the end-user with a real-world and high-quality 3D display. In both applications, multiple views captured from different viewpoints are rendered simultaneously to offer depth sensation to the viewer. A large number of views are needed to enable FTV. However, transmitting this massive amount of data is challenging due to bandwidth limitations. Multiview video-plus-depth (MVD) is the most popular format where in addition to color images, corresponding depth information is also available which represents the scene geometry. The MVD format with the help of depth image-based rendering (DIBR) enables the generation of views at novel viewpoints. In this paper, we introduce a panorama-based representation of MVD data with an efficient keyframe-based disocclusions handling technique. The panorama view for a stereo pair with depth is constructed from the left view and the novel appearing region of the right view which is not visible from the left viewpoint. The disocclusions that appear in the right view when obtained from the DIBR of the left view are collected in a special frame named as keyframe. On the decoder side, the left view is available with a simple crop of panorama view. The right view is obtained through DIBR of the left view combined with the appearing region from the panorama view. The disocclusions in this warped view are filled from the keyframe. The panorama view with additional keyframes and the corresponding depth map are compressed using the standard HEVC codec. The experimental evaluations performed on standard MVD sequences showed that the proposed scheme achieves excellent video quality while saving considerable bit rate compared to HEVC simulcast.

近年来,三维(3D)视频技术因其众多的应用而备受推崇,尤其是在电视和电影行业。三维电视(3DTV)和自由视点电视(FTV)是两种著名的应用,可为终端用户提供真实世界的高质量三维显示。在这两种应用中,从不同视点捕捉的多个视图会同时渲染,为观众提供深度感。FTV 需要大量的视图。然而,由于带宽限制,传输这种海量数据具有挑战性。多视角视频加深度(MVD)是最流行的格式,除了彩色图像外,还提供相应的深度信息,以表示场景的几何形状。MVD 格式在基于深度图像的渲染(DIBR)的帮助下,可以生成新视角的视图。在本文中,我们介绍了一种基于全景的 MVD 数据表示方法,以及一种高效的基于关键帧的不连贯处理技术。有深度的立体对的全景视图是由左视图和右视图中从左视角看不到的新出现区域构建的。从左视图的 DIBR 中获得的右视图中出现的不包含物被收集到一个特殊的帧中,该帧被命名为关键帧。在解码器方面,左视图可通过简单的全景裁剪获得。右视图是通过左视图的 DIBR 和全景图中出现的区域结合获得的。该扭曲视图中的不连贯区域由关键帧填充。带有附加关键帧的全景图和相应的深度图使用标准的 HEVC 编解码器进行压缩。在标准 MVD 序列上进行的实验评估表明,与 HEVC 同步广播相比,所提出的方案在节省大量比特率的同时,还实现了出色的视频质量。
{"title":"Efficient representation of disoccluded regions in 3D video coding","authors":"Muhammad Shahid Farid, Badi uz Zaman Babar, Muhammad Hassan Khan","doi":"10.1007/s12243-024-01019-3","DOIUrl":"https://doi.org/10.1007/s12243-024-01019-3","url":null,"abstract":"<p>Three-dimensional (3D) video technology has gained immense admiration in recent times due to its numerous applications, particularly in the television and cinema industry. Three-dimensional television (3DTV) and free-viewpoint television (FTV) are two well-known applications that provide the end-user with a real-world and high-quality 3D display. In both applications, multiple views captured from different viewpoints are rendered simultaneously to offer depth sensation to the viewer. A large number of views are needed to enable FTV. However, transmitting this massive amount of data is challenging due to bandwidth limitations. Multiview video-plus-depth (MVD) is the most popular format where in addition to color images, corresponding depth information is also available which represents the scene geometry. The MVD format with the help of depth image-based rendering (DIBR) enables the generation of views at novel viewpoints. In this paper, we introduce a panorama-based representation of MVD data with an efficient keyframe-based disocclusions handling technique. The panorama view for a stereo pair with depth is constructed from the left view and the novel appearing region of the right view which is not visible from the left viewpoint. The disocclusions that appear in the right view when obtained from the DIBR of the left view are collected in a special frame named as keyframe. On the decoder side, the left view is available with a simple crop of panorama view. The right view is obtained through DIBR of the left view combined with the appearing region from the panorama view. The disocclusions in this warped view are filled from the keyframe. The panorama view with additional keyframes and the corresponding depth map are compressed using the standard HEVC codec. The experimental evaluations performed on standard MVD sequences showed that the proposed scheme achieves excellent video quality while saving considerable bit rate compared to HEVC simulcast.</p>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"4 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2024-03-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140116948","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Evaluating pending interest table performance under the collusive interest flooding attack in named data networks 评估命名数据网络中串通兴趣泛滥攻击下的待定兴趣表性能
IF 1.8 4区 计算机科学 Q3 TELECOMMUNICATIONS Pub Date : 2024-02-29 DOI: 10.1007/s12243-024-01016-6
Diego Canizio Lopes, André Nasserala, Ian Vilar Bastos, Igor Monteiro Moraes

In this article, we investigate the performance of the Pending Interest Table (PIT) of named data networking (NDN) routers in the presence of a collusive interest flooding attack (CIFA), which can overwhelm the PIT and cause delays in content retrieval. We simulate and evaluate the attack’s impact on the PIT occupancy rate and content retrieval delay. The results reveal that the CIFA is highly effective in compromising the performance of NDN routers, leading to high PIT occupancy rates, long content retrieval delays, and degraded overall network performance. The PIT occupancy rate can reach 95.83% during the attack, while the interest retrieval rate is less than 30%. The study highlights the need for effective countermeasures to mitigate the impact of such attacks.

在本文中,我们研究了命名数据网络(NDN)路由器的待定兴趣表(PIT)在串通兴趣泛洪攻击(CIFA)情况下的性能,串通兴趣泛洪攻击可能会淹没 PIT 并导致内容检索延迟。我们模拟并评估了攻击对 PIT 占用率和内容检索延迟的影响。结果表明,CIFA 能非常有效地损害 NDN 路由器的性能,导致 PIT 占用率高、内容检索延迟长以及整体网络性能下降。在攻击期间,PIT 占用率可达 95.83%,而兴趣检索率不到 30%。这项研究强调了采取有效对策以减轻此类攻击影响的必要性。
{"title":"Evaluating pending interest table performance under the collusive interest flooding attack in named data networks","authors":"Diego Canizio Lopes,&nbsp;André Nasserala,&nbsp;Ian Vilar Bastos,&nbsp;Igor Monteiro Moraes","doi":"10.1007/s12243-024-01016-6","DOIUrl":"10.1007/s12243-024-01016-6","url":null,"abstract":"<div><p>In this article, we investigate the performance of the Pending Interest Table (PIT) of named data networking (NDN) routers in the presence of a collusive interest flooding attack (CIFA), which can overwhelm the PIT and cause delays in content retrieval. We simulate and evaluate the attack’s impact on the PIT occupancy rate and content retrieval delay. The results reveal that the CIFA is highly effective in compromising the performance of NDN routers, leading to high PIT occupancy rates, long content retrieval delays, and degraded overall network performance. The PIT occupancy rate can reach 95.83% during the attack, while the interest retrieval rate is less than 30%. The study highlights the need for effective countermeasures to mitigate the impact of such attacks.</p></div>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"79 7-8","pages":"475 - 486"},"PeriodicalIF":1.8,"publicationDate":"2024-02-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140007618","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Orthogonal beamforming technique for massive MIMO systems 大规模多输入多输出系统的正交波束成形技术
IF 1.9 4区 计算机科学 Q3 TELECOMMUNICATIONS Pub Date : 2024-02-21 DOI: 10.1007/s12243-024-01013-9
Marwa Abdelfatah, Abdelhalim Zekry, Shaimaa ElSayed

Beamforming represents a pivotal technology in massive multiple-input multiple-output (MIMO) systems, as it facilitates the regulation of transmission and reception operations. Beamforming techniques’ categorization is based either on their hardware architecture or implementation strategy. This paper proposes an orthogonal beamforming technology founded on a specific implementation method that utilizes predetermined orthogonal beams to serve users. The suggested approach incorporates numerous orthogonal beams relying on a substantial number of antennas at the base station. The primary objective of this approach is to enhance the performance of massive MIMO systems by augmenting spectral efficiency and accommodating more users. The proposed beamforming approach is well suited for millimeter frequency bands. The purpose of this paper is to explore the suggested orthogonal beamforming technology. The concept of this approach is described at first and then followed by an evaluation of its efficacy for a single user through the allocation of orthogonal beams. The suggested approach is also examined in the context of multiuser systems, and the results are compared with the adaptive ZF beamforming technique. Furthermore, the paper presents solutions to the issues that may arise in multiuser systems, for example, ensuring that each orthogonal beam is assigned to only one user. The simulations conducted in this study demonstrate that the suggested approach outperforms the ZF technique in terms of both the spectral efficiency and the number of serviced users. Specifically, the suggested approach can enhance SE by approximately 40.6% over the ZF technique, and it can support up to double the number of users when compared to the ZF approach.

波束成形是大规模多输入多输出(MIMO)系统中的一项关键技术,因为它有助于调节传输和接收操作。波束成形技术的分类基于其硬件架构或实施策略。本文提出了一种正交波束成形技术,它基于一种特定的实施方法,利用预定的正交波束为用户提供服务。建议的方法依靠基站的大量天线整合了许多正交波束。这种方法的主要目的是通过提高频谱效率和容纳更多用户来增强大规模多输入多输出系统的性能。所提出的波束成形方法非常适合毫米频段。本文旨在探讨所建议的正交波束成形技术。首先介绍了这种方法的概念,然后评估了它通过分配正交波束对单个用户的功效。本文还结合多用户系统对建议的方法进行了研究,并将研究结果与自适应 ZF 波束成形技术进行了比较。此外,论文还针对多用户系统中可能出现的问题提出了解决方案,例如确保每个正交波束只分配给一个用户。本研究进行的仿真表明,建议的方法在频谱效率和服务用户数量方面都优于 ZF 技术。具体来说,与 ZF 技术相比,建议的方法可将 SE 提高约 40.6%,与 ZF 方法相比,它可支持多达两倍的用户数量。
{"title":"Orthogonal beamforming technique for massive MIMO systems","authors":"Marwa Abdelfatah, Abdelhalim Zekry, Shaimaa ElSayed","doi":"10.1007/s12243-024-01013-9","DOIUrl":"https://doi.org/10.1007/s12243-024-01013-9","url":null,"abstract":"<p>Beamforming represents a pivotal technology in massive multiple-input multiple-output (MIMO) systems, as it facilitates the regulation of transmission and reception operations. Beamforming techniques’ categorization is based either on their hardware architecture or implementation strategy. This paper proposes an orthogonal beamforming technology founded on a specific implementation method that utilizes predetermined orthogonal beams to serve users. The suggested approach incorporates numerous orthogonal beams relying on a substantial number of antennas at the base station. The primary objective of this approach is to enhance the performance of massive MIMO systems by augmenting spectral efficiency and accommodating more users. The proposed beamforming approach is well suited for millimeter frequency bands. The purpose of this paper is to explore the suggested orthogonal beamforming technology. The concept of this approach is described at first and then followed by an evaluation of its efficacy for a single user through the allocation of orthogonal beams. The suggested approach is also examined in the context of multiuser systems, and the results are compared with the adaptive ZF beamforming technique. Furthermore, the paper presents solutions to the issues that may arise in multiuser systems, for example, ensuring that each orthogonal beam is assigned to only one user. The simulations conducted in this study demonstrate that the suggested approach outperforms the ZF technique in terms of both the spectral efficiency and the number of serviced users. Specifically, the suggested approach can enhance SE by approximately 40.6% over the ZF technique, and it can support up to double the number of users when compared to the ZF approach.</p>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"105 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2024-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139920383","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
期刊
Annals of Telecommunications
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1