首页 > 最新文献

Annals of Telecommunications最新文献

英文 中文
Performance evaluation of DFT/DCT/DST-based SC-FDMA systems in the presence of CFOs for wireless images transmission 存在 CFO 时基于 DFT/DCT/DST 的 SC-FDMA 系统在无线图像传输中的性能评估
IF 1.9 4区 计算机科学 Q2 Engineering Pub Date : 2024-04-11 DOI: 10.1007/s12243-024-01020-w
Khaled A. M. Al Soufy, Faisal S. Al-Kamali, Claude D’Amours, Nagi H. N. Al-Ashwal, Farhan M. Nashwan, Mohamed A. Swillam

Single carrier frequency division multiple access (SC-FDMA) has become increasingly popular in broadband data transmission systems due to its many advantages. One of the main advantages is the lower peak-to-average power ratio (PAPR), which significantly benefits the mobile terminal station in terms of transmit power efficiency. However, SC-FDMA is susceptible to carrier frequency offsets (CFOs) which affect the orthogonality between subcarriers and cause inter-carrier interference (ICI) and multiple access interference (MAI). In this paper, we analyze and evaluate the performance of SC-FDMA in the presence of CFOs for wireless image transmission with different basis functions, different subcarrier mapping techniques, and different modulation schemes over vehicular A and SUI3 channel models. This study focuses on evaluating the performance of SC-FDMA using wireless image transmission. The evaluation is conducted based on two performance metrics, namely peak signal-to-noise ratio (PSNR) and mean square error (MSE). Specifically, we consider the following three cases: the no CFOs case, the case when CFOs are present but without compensation, and the case when CFOs are present and CFO compensation is used. The CFO compensation technique used in this work is the joint mean minimum squared error (JMMSE) method. The results showed that JMMSE with DFT can provide better performance in the presence of CFOs compared to DCT and DST. Additionally, the choice of interleaved subcarrier mapping technique provides better performance compared to localized subcarrier mapping. Furthermore, the impact of the modulation scheme and the channel model on system performance is also evaluated, with the results showing that QPSK is more robust to CFOs compared to 16QAM modulation and the performance is better transmitting over the SU13 model rather than the vehicular A channel model. Simulation results demonstrate the effectiveness of JMMSE combined with DFT and interleaved subcarrier mapping in mitigating the effects of CFOs and multipath channels, especially with the SUI3 channel model and QPSK modulation.

单载波频分多址(SC-FDMA)因其诸多优势,在宽带数据传输系统中越来越受欢迎。其主要优势之一是峰均功率比(PAPR)较低,这大大提高了移动终端站的发射功率效率。然而,SC-FDMA 容易受到载波频率偏移(CFO)的影响,从而影响子载波之间的正交性,造成载波间干扰(ICI)和多路访问干扰(MAI)。在本文中,我们分析并评估了 SC-FDMA 在存在 CFO 的情况下,在车辆 A 和 SUI3 信道模型上使用不同的基函数、不同的子载波映射技术和不同的调制方案进行无线图像传输时的性能。本研究的重点是利用无线图像传输评估 SC-FDMA 的性能。评估基于两个性能指标,即峰值信噪比(PSNR)和均方误差(MSE)。具体来说,我们考虑了以下三种情况:没有 CFO 的情况、有 CFO 但没有补偿的情况以及有 CFO 并使用 CFO 补偿的情况。本研究采用的 CFO 补偿技术是联合平均最小平方误差法(JMMSE)。结果表明,与 DCT 和 DST 相比,采用 DFT 的 JMMSE 在出现 CFO 时能提供更好的性能。此外,与局部子载波映射相比,选择交错子载波映射技术能提供更好的性能。此外,还评估了调制方案和信道模型对系统性能的影响,结果表明,与 16QAM 调制相比,QPSK 对 CFO 的鲁棒性更强,在 SU13 模型而不是车辆 A 信道模型上传输性能更好。仿真结果表明,JMMSE 与 DFT 和交错子载波映射相结合,能有效减轻 CFO 和多径信道的影响,尤其是在 SUI3 信道模型和 QPSK 调制情况下。
{"title":"Performance evaluation of DFT/DCT/DST-based SC-FDMA systems in the presence of CFOs for wireless images transmission","authors":"Khaled A. M. Al Soufy, Faisal S. Al-Kamali, Claude D’Amours, Nagi H. N. Al-Ashwal, Farhan M. Nashwan, Mohamed A. Swillam","doi":"10.1007/s12243-024-01020-w","DOIUrl":"https://doi.org/10.1007/s12243-024-01020-w","url":null,"abstract":"<p>Single carrier frequency division multiple access (SC-FDMA) has become increasingly popular in broadband data transmission systems due to its many advantages. One of the main advantages is the lower peak-to-average power ratio (PAPR), which significantly benefits the mobile terminal station in terms of transmit power efficiency. However, SC-FDMA is susceptible to carrier frequency offsets (CFOs) which affect the orthogonality between subcarriers and cause inter-carrier interference (ICI) and multiple access interference (MAI). In this paper, we analyze and evaluate the performance of SC-FDMA in the presence of CFOs for wireless image transmission with different basis functions, different subcarrier mapping techniques, and different modulation schemes over vehicular A and SUI3 channel models. This study focuses on evaluating the performance of SC-FDMA using wireless image transmission. The evaluation is conducted based on two performance metrics, namely peak signal-to-noise ratio (PSNR) and mean square error (MSE). Specifically, we consider the following three cases: the no CFOs case, the case when CFOs are present but without compensation, and the case when CFOs are present and CFO compensation is used. The CFO compensation technique used in this work is the joint mean minimum squared error (JMMSE) method. The results showed that JMMSE with DFT can provide better performance in the presence of CFOs compared to DCT and DST. Additionally, the choice of interleaved subcarrier mapping technique provides better performance compared to localized subcarrier mapping. Furthermore, the impact of the modulation scheme and the channel model on system performance is also evaluated, with the results showing that QPSK is more robust to CFOs compared to 16QAM modulation and the performance is better transmitting over the SU13 model rather than the vehicular A channel model. Simulation results demonstrate the effectiveness of JMMSE combined with DFT and interleaved subcarrier mapping in mitigating the effects of CFOs and multipath channels, especially with the SUI3 channel model and QPSK modulation.</p>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2024-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140573491","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Guarding 6G use cases: a deep dive into AI/ML threats in All-Senses meeting 保护 6G 用例:在全感知会议上深入探讨 AI/ML 威胁
IF 1.8 4区 计算机科学 Q3 TELECOMMUNICATIONS Pub Date : 2024-04-05 DOI: 10.1007/s12243-024-01031-7
Leyli Karaçay, Zakaria Laaroussi, Sonika ujjwal, Elif Ustundag Soykan

With the recent advances in 5G and 6G communications and the increasing need for immersive interactions due to pandemic, new use cases such as All-Senses meeting are emerging. To realize these use cases, numerous sensors, actuators, and virtual reality devices are used. Additionally, artificial intelligence (AI) and machine learning (ML) including generative AI can be used to analyze large amount of data generated by 6G networks and devices to enable new applications and services. While AI/ML technologies are evolving, they do not have the same level of security as well-known information technology components. So, AI/ML threats and their impacts can be overlooked. On the other hand, due to inherent characteristics of AI/ML components and design of AI/ML pipeline, AI/ML services can be a target for sophisticated attacks. In order to provide a holistic security view, the effect of AI/ML components should be investigated, threats should be identified, and countermeasures should be planned. Therefore, in this study, which is an extended version of our recent study (Karaçay et al. 2023), we shed the light on the use of AI/ML services including generative large language model scenarios in All-Senses meeting use case and their security aspects by carrying out a threat modeling using the STRIDE framework and attack tree methodology. Additionally, we point out some countermeasures for identified threats.

随着 5G 和 6G 通信技术的不断进步,以及大流行病对沉浸式交互的需求日益增长,全感知会议等新的用例正在出现。为实现这些用例,需要使用大量传感器、执行器和虚拟现实设备。此外,人工智能(AI)和机器学习(ML)(包括生成式人工智能)可用于分析 6G 网络和设备产生的大量数据,从而实现新的应用和服务。虽然人工智能/ML 技术在不断发展,但它们并不具备与众所周知的信息技术组件相同的安全级别。因此,AI/ML 威胁及其影响可能会被忽视。另一方面,由于 AI/ML 组件的固有特性和 AI/ML 管道的设计,AI/ML 服务可能成为复杂攻击的目标。为了提供一个全面的安全视角,应调查 AI/ML 组件的影响、识别威胁并规划应对措施。因此,本研究是我们最近研究(Karaçay et al. 2023)的扩展版本,通过使用 STRIDE 框架和攻击树方法进行威胁建模,我们揭示了全感知会议用例中人工智能/ML 服务(包括生成式大型语言模型场景)的使用及其安全方面。此外,我们还指出了针对已识别威胁的一些应对措施。
{"title":"Guarding 6G use cases: a deep dive into AI/ML threats in All-Senses meeting","authors":"Leyli Karaçay,&nbsp;Zakaria Laaroussi,&nbsp;Sonika ujjwal,&nbsp;Elif Ustundag Soykan","doi":"10.1007/s12243-024-01031-7","DOIUrl":"10.1007/s12243-024-01031-7","url":null,"abstract":"<div><p>With the recent advances in 5G and 6G communications and the increasing need for immersive interactions due to pandemic, new use cases such as All-Senses meeting are emerging. To realize these use cases, numerous sensors, actuators, and virtual reality devices are used. Additionally, artificial intelligence (AI) and machine learning (ML) including generative AI can be used to analyze large amount of data generated by 6G networks and devices to enable new applications and services. While AI/ML technologies are evolving, they do not have the same level of security as well-known information technology components. So, AI/ML threats and their impacts can be overlooked. On the other hand, due to inherent characteristics of AI/ML components and design of AI/ML pipeline, AI/ML services can be a target for sophisticated attacks. In order to provide a holistic security view, the effect of AI/ML components should be investigated, threats should be identified, and countermeasures should be planned. Therefore, in this study, which is an extended version of our recent study (Karaçay et al. 2023), we shed the light on the use of AI/ML services including generative large language model scenarios in All-Senses meeting use case and their security aspects by carrying out a threat modeling using the STRIDE framework and attack tree methodology. Additionally, we point out some countermeasures for identified threats.</p></div>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":null,"pages":null},"PeriodicalIF":1.8,"publicationDate":"2024-04-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140573503","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
The use of statistical features for low-rate denial-of-service attack detection 利用统计特征检测低速率拒绝服务攻击
IF 1.8 4区 计算机科学 Q3 TELECOMMUNICATIONS Pub Date : 2024-04-05 DOI: 10.1007/s12243-024-01027-3
Ramin Fuladi, Tuncer Baykas, Emin Anarim

Low-rate denial-of-service (LDoS) attacks can significantly reduce network performance. These attacks involve sending periodic high-intensity pulse data flows, sharing similar harmful effects with traditional DoS attacks. However, LDoS attacks have different attack modes, making detection particularly challenging. The high level of concealment associated with LDoS attacks makes them extremely difficult to identify using traditional DoS detection methods. In this paper, we explore the potential of using statistical features for LDoS attack detection. Our results demonstrate the promising performance of statistical features in detecting these attacks. Furthermore, through ANOVA, mutual information, RFE, and SHAP analysis, we find that entropy and L-moment-based features play a crucial role in LDoS attack detection. These findings provide valuable insights into utilizing statistical features enhancing network security, thereby improving the overall resilience and stability of networks against various types of attacks.

低速率拒绝服务(LDoS)攻击可显著降低网络性能。这些攻击涉及发送周期性高强度脉冲数据流,与传统的 DoS 攻击具有类似的有害影响。然而,LDoS 攻击具有不同的攻击模式,这使得检测特别具有挑战性。LDoS 攻击具有高度隐蔽性,因此使用传统的 DoS 检测方法极难识别。在本文中,我们探讨了使用统计特征进行 LDoS 攻击检测的潜力。我们的研究结果表明,统计特征在检测这些攻击方面具有良好的性能。此外,通过方差分析、互信息、RFE 和 SHAP 分析,我们发现基于熵和 L-moment 的特征在 LDoS 攻击检测中发挥了关键作用。这些发现为利用统计特征增强网络安全提供了宝贵的见解,从而提高了网络抵御各类攻击的整体弹性和稳定性。
{"title":"The use of statistical features for low-rate denial-of-service attack detection","authors":"Ramin Fuladi,&nbsp;Tuncer Baykas,&nbsp;Emin Anarim","doi":"10.1007/s12243-024-01027-3","DOIUrl":"10.1007/s12243-024-01027-3","url":null,"abstract":"<div><p>Low-rate denial-of-service (LDoS) attacks can significantly reduce network performance. These attacks involve sending periodic high-intensity pulse data flows, sharing similar harmful effects with traditional DoS attacks. However, LDoS attacks have different attack modes, making detection particularly challenging. The high level of concealment associated with LDoS attacks makes them extremely difficult to identify using traditional DoS detection methods. In this paper, we explore the potential of using statistical features for LDoS attack detection. Our results demonstrate the promising performance of statistical features in detecting these attacks. Furthermore, through ANOVA, mutual information, RFE, and SHAP analysis, we find that entropy and L-moment-based features play a crucial role in LDoS attack detection. These findings provide valuable insights into utilizing statistical features enhancing network security, thereby improving the overall resilience and stability of networks against various types of attacks.</p></div>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":null,"pages":null},"PeriodicalIF":1.8,"publicationDate":"2024-04-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140573612","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A survey of public datasets for O-RAN: fostering the development of machine learning models O-RAN 公共数据集调查:促进机器学习模型的开发
IF 1.8 4区 计算机科学 Q3 TELECOMMUNICATIONS Pub Date : 2024-04-05 DOI: 10.1007/s12243-024-01029-1
Rodrigo S. Couto, Pedro Cruz, Roberto G. Pacheco, Vivian Maria S. Souza, Miguel Elias M. Campista, Luís Henrique M. K. Costa

The O-RAN architecture allows for unprecedented flexibility in Radio Access Networks (RANs). O-RAN’s components designed to control RANs, such as RAN Intelligent Controllers (RICs), places intelligence at the center of the management and orchestration of 5 G/6 G cellular networks. RICs run applications based on machine learning models, which require massive RAN data for training. Nonetheless, building testbeds to collect these data is challenging since RANs use expensive hardware and operate under a licensed spectrum, usually not available for the academy. Even though producing RAN datasets is challenging, some research groups have already made their data available. In this paper, we survey the primary public datasets available online that are considered in O-RAN papers. We identify the main characteristics and purpose of each dataset, contributing with a complement to their documentation. Also, we empirically showcase the viability of using publicly available datasets for machine learning applications within the O-RAN domain, such as spectrum and traffic classification.

O-RAN 架构使无线接入网 (RAN) 具有前所未有的灵活性。O-RAN 设计用于控制 RAN 的组件(如 RAN 智能控制器 (RIC))将智能置于 5 G/6 G 蜂窝网络管理和协调的中心。RIC 运行基于机器学习模型的应用,这需要大量的 RAN 数据进行训练。然而,由于 RAN 使用昂贵的硬件并在许可频谱下运行,通常不向学术界开放,因此构建测试平台以收集这些数据具有挑战性。尽管制作 RAN 数据集具有挑战性,但一些研究小组已经提供了他们的数据。在本文中,我们调查了 O-RAN 论文中考虑的可在线获取的主要公共数据集。我们确定了每个数据集的主要特点和目的,并对其文档进行了补充。此外,我们还实证展示了将公开数据集用于 O-RAN 领域机器学习应用(如频谱和流量分类)的可行性。
{"title":"A survey of public datasets for O-RAN: fostering the development of machine learning models","authors":"Rodrigo S. Couto,&nbsp;Pedro Cruz,&nbsp;Roberto G. Pacheco,&nbsp;Vivian Maria S. Souza,&nbsp;Miguel Elias M. Campista,&nbsp;Luís Henrique M. K. Costa","doi":"10.1007/s12243-024-01029-1","DOIUrl":"10.1007/s12243-024-01029-1","url":null,"abstract":"<div><p>The O-RAN architecture allows for unprecedented flexibility in Radio Access Networks (RANs). O-RAN’s components designed to control RANs, such as RAN Intelligent Controllers (RICs), places intelligence at the center of the management and orchestration of 5 G/6 G cellular networks. RICs run applications based on machine learning models, which require massive RAN data for training. Nonetheless, building testbeds to collect these data is challenging since RANs use expensive hardware and operate under a licensed spectrum, usually not available for the academy. Even though producing RAN datasets is challenging, some research groups have already made their data available. In this paper, we survey the primary public datasets available online that are considered in O-RAN papers. We identify the main characteristics and purpose of each dataset, contributing with a complement to their documentation. Also, we empirically showcase the viability of using publicly available datasets for machine learning applications within the O-RAN domain, such as spectrum and traffic classification.</p></div>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":null,"pages":null},"PeriodicalIF":1.8,"publicationDate":"2024-04-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140573489","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
NestedChain: “Blockchain-inside-a-Blockchain” new generation prototype 嵌套链:"区块链中的区块链 "新一代原型
IF 1.9 4区 计算机科学 Q2 Engineering Pub Date : 2024-04-04 DOI: 10.1007/s12243-024-01030-8

Abstract

New developments of blockchain designs, for both research and commercial environments, focus on improving security and energy consumption. Indeed, these implementations are based on managing a single type of information linked to a single blockchain. In this paper, we propose a new design called NestedChain. This proposal creates a system that allows two completely different types of information to be held in the same physical structure, enabling the creation of a blockchain within a blockchain. The new blockchain design can be implemented in various environments where it is necessary to have two different and parallel sets of information in the same network infrastructure. This new conception of blockchain offers a new way to understand the limitations of existing implementations and suggests how the evolution of the blockchain environment could be enhanced.

摘要 针对研究和商业环境的区块链设计的新发展侧重于提高安全性和能耗。事实上,这些实现方式都是基于管理与单一区块链链接的单一类型信息。在本文中,我们提出了一种名为嵌套链(NestedChain)的新设计。该提案创建了一个系统,允许在相同的物理结构中保存两种完全不同类型的信息,从而在区块链中创建区块链。新的区块链设计可以在各种环境中实施,在这些环境中,需要在同一网络基础设施中拥有两套不同的并行信息。这种新的区块链概念为理解现有实施方案的局限性提供了一种新方法,并为如何加强区块链环境的发展提出了建议。
{"title":"NestedChain: “Blockchain-inside-a-Blockchain” new generation prototype","authors":"","doi":"10.1007/s12243-024-01030-8","DOIUrl":"https://doi.org/10.1007/s12243-024-01030-8","url":null,"abstract":"<h3>Abstract</h3> <p>New developments of blockchain designs, for both research and commercial environments, focus on improving security and energy consumption. Indeed, these implementations are based on managing a single type of information linked to a single blockchain. In this paper, we propose a new design called NestedChain. This proposal creates a system that allows two completely different types of information to be held in the same physical structure, enabling the creation of a blockchain within a blockchain. The new blockchain design can be implemented in various environments where it is necessary to have two different and parallel sets of information in the same network infrastructure. This new conception of blockchain offers a new way to understand the limitations of existing implementations and suggests how the evolution of the blockchain environment could be enhanced.</p>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2024-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140573616","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Large language models and unsupervised feature learning: implications for log analysis 大型语言模型和无监督特征学习:对日志分析的影响
IF 1.9 4区 计算机科学 Q2 Engineering Pub Date : 2024-04-04 DOI: 10.1007/s12243-024-01028-2

Abstract

Log file analysis is increasingly being addressed through the use of large language models (LLM). LLM provides the mechanism for discovering embeddings for distinguishing between different behaviors present in log files. In this work, we are interested in discriminating between normal and anomalous behaviors via an unsupervised learning approach. To this end, firstly five recent LLM architectures are evaluated over six different log files. Then, further research is conducted to explicitly quantify the significance of performing self-supervised fine-tuning on the LLMs. Moreover, we show that the quality of an (unsupervised) feature map used to make the overall (normal/anomalous) predictions may also benefit from an AutoEncoder stage between LLM and feature map. Such an AutoEncoder provides significant reductions in the cost of training the feature map and typically improves the quality of the resulting predictions.

摘要 日志文件分析越来越多地通过使用大型语言模型(LLM)来解决。LLM 提供了发现嵌入的机制,以区分日志文件中存在的不同行为。在这项工作中,我们感兴趣的是通过无监督学习方法来区分正常行为和异常行为。为此,我们首先通过六种不同的日志文件对五种最新的 LLM 架构进行了评估。然后,我们进行了进一步的研究,以明确量化对 LLM 执行自监督微调的意义。此外,我们还表明,用于进行整体(正常/异常)预测的(无监督)特征图的质量也可能受益于 LLM 和特征图之间的自动编码器阶段。这样的自动编码器可以显著降低训练特征图的成本,通常还能提高预测结果的质量。
{"title":"Large language models and unsupervised feature learning: implications for log analysis","authors":"","doi":"10.1007/s12243-024-01028-2","DOIUrl":"https://doi.org/10.1007/s12243-024-01028-2","url":null,"abstract":"<h3>Abstract</h3> <p>Log file analysis is increasingly being addressed through the use of large language models (LLM). LLM provides the mechanism for discovering embeddings for distinguishing between different behaviors present in log files. In this work, we are interested in discriminating between normal and anomalous behaviors via an unsupervised learning approach. To this end, firstly five recent LLM architectures are evaluated over six different log files. Then, further research is conducted to explicitly quantify the significance of performing self-supervised fine-tuning on the LLMs. Moreover, we show that the quality of an (unsupervised) feature map used to make the overall (normal/anomalous) predictions may also benefit from an AutoEncoder stage between LLM and feature map. Such an AutoEncoder provides significant reductions in the cost of training the feature map and typically improves the quality of the resulting predictions.</p>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2024-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140573502","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
E-Watcher: insider threat monitoring and detection for enhanced security E-Watcher:内部威胁监控和检测,增强安全性
IF 1.9 4区 计算机科学 Q2 Engineering Pub Date : 2024-04-04 DOI: 10.1007/s12243-024-01023-7
Zhiyuan Wei, Usman Rauf, Fadi Mohsen

Insider threats refer to harmful actions carried out by authorized users within an organization, posing the most damaging risks. The increasing number of these threats has revealed the inadequacy of traditional methods for detecting and mitigating insider threats. These existing approaches lack the ability to analyze activity-related information in detail, resulting in delayed detection of malicious intent. Additionally, current methods lack advancements in addressing noisy datasets or unknown scenarios, leading to under-fitting or over-fitting of the models. To address these, our paper presents a hybrid insider threat detection framework. We not only enhance prediction accuracy by incorporating a layer of statistical criteria on top of machine learning-based classification but also present optimal parameters to address over/under-fitting of models. We evaluate the performance of our framework using a real-life threat test dataset (CERT r4.2) and compare it to existing methods on the same dataset (Glasser and Lindauer 2013). Our initial evaluation demonstrates that our proposed framework achieves an accuracy of 98.48% in detecting insider threats, surpassing the performance of most of the existing methods. Additionally, our framework effectively handles potential bias and data imbalance issues that can arise in real-life scenarios.

内部威胁是指组织内部授权用户实施的有害行为,具有最大的破坏性风险。这些威胁的日益增多暴露了传统方法在检测和缓解内部威胁方面的不足。这些现有方法缺乏详细分析活动相关信息的能力,导致恶意意图的延迟检测。此外,目前的方法在处理嘈杂数据集或未知场景方面缺乏进步,导致模型拟合不足或拟合过度。为了解决这些问题,我们的论文提出了一种混合内部威胁检测框架。我们不仅通过在基于机器学习的分类之上加入一层统计标准来提高预测准确性,还提出了解决模型过拟合/欠拟合问题的最佳参数。我们使用现实生活中的威胁测试数据集(CERT r4.2)评估了我们框架的性能,并将其与相同数据集上的现有方法进行了比较(Glasser 和 Lindauer,2013 年)。初步评估表明,我们提出的框架在检测内部威胁方面达到了 98.48% 的准确率,超过了大多数现有方法。此外,我们的框架还能有效处理现实生活中可能出现的偏差和数据不平衡问题。
{"title":"E-Watcher: insider threat monitoring and detection for enhanced security","authors":"Zhiyuan Wei, Usman Rauf, Fadi Mohsen","doi":"10.1007/s12243-024-01023-7","DOIUrl":"https://doi.org/10.1007/s12243-024-01023-7","url":null,"abstract":"<p>Insider threats refer to harmful actions carried out by authorized users within an organization, posing the most damaging risks. The increasing number of these threats has revealed the inadequacy of traditional methods for detecting and mitigating insider threats. These existing approaches lack the ability to analyze activity-related information in detail, resulting in delayed detection of malicious intent. Additionally, current methods lack advancements in addressing noisy datasets or unknown scenarios, leading to under-fitting or over-fitting of the models. To address these, our paper presents a hybrid insider threat detection framework. We not only enhance prediction accuracy by incorporating a layer of statistical criteria on top of machine learning-based classification but also present optimal parameters to address over/under-fitting of models. We evaluate the performance of our framework using a real-life threat test dataset (CERT r4.2) and compare it to existing methods on the same dataset (Glasser and Lindauer 2013). Our initial evaluation demonstrates that our proposed framework achieves an accuracy of 98.48% in detecting insider threats, surpassing the performance of most of the existing methods. Additionally, our framework effectively handles potential bias and data imbalance issues that can arise in real-life scenarios.</p>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2024-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140573836","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
ICIN 2023 special issue — Emergence of the data and intelligence networking across the edge-cloud continuum ICIN 2023 特刊 - 跨边缘-云连续体的数据和智能网络的出现
IF 1.8 4区 计算机科学 Q3 TELECOMMUNICATIONS Pub Date : 2024-04-02 DOI: 10.1007/s12243-024-01026-4
Marie-José Montpetit, Walter Cerroni
{"title":"ICIN 2023 special issue — Emergence of the data and intelligence networking across the edge-cloud continuum","authors":"Marie-José Montpetit,&nbsp;Walter Cerroni","doi":"10.1007/s12243-024-01026-4","DOIUrl":"10.1007/s12243-024-01026-4","url":null,"abstract":"","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":null,"pages":null},"PeriodicalIF":1.8,"publicationDate":"2024-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140751719","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Generating practical adversarial examples against learning-based network intrusion detection systems 针对基于学习的网络入侵检测系统生成实用的对抗实例
IF 1.9 4区 计算机科学 Q2 Engineering Pub Date : 2024-03-27 DOI: 10.1007/s12243-024-01021-9
Vivek Kumar, Kamal Kumar, Maheep Singh

There has been a significant development in the design of intrusion detection systems (IDS) by using deep learning (DL)/machine learning (ML) methods for detecting threats in a computer network. Unfortunately, these DL/ML-based IDS are vulnerable to adversarial examples, wherein a malicious data sample can be slightly perturbed to cause a misclassification by an IDS while retaining its malicious properties. Unlike image recognition domain, the network domain has certain constraints known as domain constraints which are multifarious interrelationships and dependencies between features. To be considered as practical and realizable, an adversary must ensure that the adversarial examples comply with domain constraints. Recently, generative models like GANs and VAEs have been extensively used for generating adversarial examples against IDS. However, majority of these techniques generate adversarial examples which do not satisfy all domain constraints. Also, current generative methods lack explicit restrictions on the amount of perturbation which a malicious data sample undergoes during the crafting of adversarial examples, leading to the potential generation of invalid data samples. To address these limitations, a solution is presented in this work which utilize a variational autoencoder to generate adversarial examples that not only result in misclassification by an IDS, but also satisfy domain constraints. Instead of perturbing the data samples itself, the adversarial examples are crafted by perturbing the latent space representation of the data sample. It allows the generation of adversarial examples under limited perturbation. This research has explored the novel applications of generative networks for generating constraint satisfying adversarial examples. The experimental results support the claims with an attack success rate of 64.8(%) against ML/DL-based IDS. The trained model can be integrated further into an operational IDS to strengthen its robustness against adversarial examples; however, this is out of scope of this work.

通过使用深度学习(DL)/机器学习(ML)方法检测计算机网络中的威胁,入侵检测系统(IDS)的设计有了长足的发展。遗憾的是,这些基于深度学习/机器学习的 IDS 容易受到恶意示例的影响,即恶意数据样本可能会受到轻微扰动,导致 IDS 错误分类,同时保留其恶意属性。与图像识别领域不同,网络领域有一些被称为 "领域约束 "的制约因素,这些制约因素是特征之间多种多样的相互关系和依赖关系。对抗者必须确保对抗示例符合领域约束条件,这样才能被认为是实用和可实现的。最近,GANs 和 VAEs 等生成模型被广泛用于生成对抗 IDS 的对抗示例。然而,大多数这些技术生成的对抗示例并不满足所有领域约束条件。此外,当前的生成方法对恶意数据样本在生成对抗示例过程中受到的扰动量缺乏明确的限制,从而导致可能生成无效的数据样本。为了解决这些局限性,本文提出了一种解决方案,即利用变异自动编码器生成不仅会导致 IDS 错误分类,而且还能满足领域约束条件的对抗示例。不对数据样本本身进行扰动,而是通过扰动数据样本的潜在空间表示来制作对抗示例。它允许在有限的扰动下生成对抗示例。这项研究探索了生成网络在生成满足约束条件的对抗示例方面的新应用。实验结果支持了上述说法,对基于 ML/DL 的 IDS 的攻击成功率为 64.8(%)。训练好的模型可以进一步集成到可运行的 IDS 中,以加强其对对抗性示例的鲁棒性;不过,这不在本研究的范围之内。
{"title":"Generating practical adversarial examples against learning-based network intrusion detection systems","authors":"Vivek Kumar, Kamal Kumar, Maheep Singh","doi":"10.1007/s12243-024-01021-9","DOIUrl":"https://doi.org/10.1007/s12243-024-01021-9","url":null,"abstract":"<p>There has been a significant development in the design of intrusion detection systems (IDS) by using deep learning (DL)/machine learning (ML) methods for detecting threats in a computer network. Unfortunately, these DL/ML-based IDS are vulnerable to adversarial examples, wherein a malicious data sample can be slightly perturbed to cause a misclassification by an IDS while retaining its malicious properties. Unlike image recognition domain, the network domain has certain constraints known as <i>domain constraints</i> which are multifarious interrelationships and dependencies between features. To be considered as practical and realizable, an adversary must ensure that the adversarial examples comply with domain constraints. Recently, generative models like GANs and VAEs have been extensively used for generating adversarial examples against IDS. However, majority of these techniques generate adversarial examples which do not satisfy all domain constraints. Also, current generative methods lack explicit restrictions on the amount of perturbation which a malicious data sample undergoes during the crafting of adversarial examples, leading to the potential generation of invalid data samples. To address these limitations, a solution is presented in this work which utilize a variational autoencoder to generate adversarial examples that not only result in misclassification by an IDS, but also satisfy domain constraints. Instead of perturbing the data samples itself, the adversarial examples are crafted by perturbing the latent space representation of the data sample. It allows the generation of adversarial examples under limited perturbation. This research has explored the novel applications of generative networks for generating constraint satisfying adversarial examples. The experimental results support the claims with an attack success rate of 64.8<span>(%)</span> against ML/DL-based IDS. The trained model can be integrated further into an operational IDS to strengthen its robustness against adversarial examples; however, this is out of scope of this work.</p>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2024-03-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140313957","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
AutoRoC-DBSCAN: automatic tuning of DBSCAN to detect malicious DNS tunnels AutoRoC-DBSCAN:自动调整 DBSCAN 以检测恶意 DNS 隧道
IF 1.9 4区 计算机科学 Q2 Engineering Pub Date : 2024-03-22 DOI: 10.1007/s12243-024-01025-5
Thi Quynh Nguyen, Romain Laborde, Abdelmalek Benzekri, Arnaud Oglaza, Mehdi Mounsif

Modern attacks, such as advanced persistent threats, hide command-and-control channels inside authorized network traffic like DNS or DNS over HTTPS to infiltrate the local network and exfiltrate sensitive data. Detecting such malicious traffic using traditional techniques is cumbersome especially when the traffic encrypted like DNS over HTTPS. Unsupervised machine learning techniques, and more specifically density-based spatial clustering of applications with noise (DBSCAN), can achieve good results in detecting malicious DNS tunnels. However, DBSCAN requires manually tuning two hyperparameters, whose optimal values can differ depending on the dataset. In this article, we propose an improved algorithm called AutoRoC-DBSCAN that can automatically find the best hyperparameters. We evaluated and obtained good results on two different datasets: a dataset we created with malicious DNS tunnels and the CIRA-CIC-DoHBrw-2020 dataset with malicious DoH tunnels.

高级持续性威胁等现代攻击会在 DNS 或通过 HTTPS 的 DNS 等授权网络流量中隐藏命令和控制通道,以渗透本地网络并外泄敏感数据。使用传统技术检测此类恶意流量非常麻烦,尤其是像通过 HTTPS 的 DNS 这样的加密流量。无监督机器学习技术,特别是基于密度的带噪声应用空间聚类(DBSCAN),可以在检测恶意 DNS 隧道方面取得良好效果。然而,DBSCAN 需要手动调整两个超参数,而这两个参数的最佳值可能因数据集而异。在本文中,我们提出了一种名为 AutoRoC-DBSCAN 的改进算法,它可以自动找到最佳超参数。我们在两个不同的数据集上进行了评估,并取得了良好的结果:一个是我们用恶意 DNS 隧道创建的数据集,另一个是用恶意 DoH 隧道创建的 CIRA-CIC-DoHBrw-2020 数据集。
{"title":"AutoRoC-DBSCAN: automatic tuning of DBSCAN to detect malicious DNS tunnels","authors":"Thi Quynh Nguyen, Romain Laborde, Abdelmalek Benzekri, Arnaud Oglaza, Mehdi Mounsif","doi":"10.1007/s12243-024-01025-5","DOIUrl":"https://doi.org/10.1007/s12243-024-01025-5","url":null,"abstract":"<p>Modern attacks, such as advanced persistent threats, hide command-and-control channels inside authorized network traffic like DNS or DNS over HTTPS to infiltrate the local network and exfiltrate sensitive data. Detecting such malicious traffic using traditional techniques is cumbersome especially when the traffic encrypted like DNS over HTTPS. Unsupervised machine learning techniques, and more specifically density-based spatial clustering of applications with noise (DBSCAN), can achieve good results in detecting malicious DNS tunnels. However, DBSCAN requires manually tuning two hyperparameters, whose optimal values can differ depending on the dataset. In this article, we propose an improved algorithm called AutoRoC-DBSCAN that can automatically find the best hyperparameters. We evaluated and obtained good results on two different datasets: a dataset we created with malicious DNS tunnels and the CIRA-CIC-DoHBrw-2020 dataset with malicious DoH tunnels.</p>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2024-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140202859","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
期刊
Annals of Telecommunications
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1