Xiaojiang Du

Wenti Yang, Naiyu Wang, Zhitao Guan et al.

The concept of federated learning (FL) was first proposed by Google in 2016. Thereafter, FL has been widely studied for the feasibility of application in various fields due to its potential to make full use of data without compromising the privacy. However, limited by the capacity of wireless data transmission, the employment of federated learning on mobile devices has been making slow progress in practical. The development and commercialization of the 5th generation (5G) mobile networks has shed some light on this. In this paper, we analyze the challenges of existing federated learning schemes for mobile devices and propose a novel cross-device federated learning framework, which utilizes the anonymous communication technology and ring signature to protect the privacy of participants while reducing the computation overhead of mobile devices participating in FL. In addition, our scheme implements a contribution-based incentive mechanism to encourage mobile users to participate in FL. We also give a case study of autonomous driving. Finally, we present the performance evaluation of the proposed scheme and discuss some open issues in federated learning.

Xiao Tang, Sicong Liu, Xiaojiang Du et al.

Massive random access of devices in the emerging Open Radio Access Network (O-RAN) brings great challenge to the access control and management. Exploiting the bursting nature of the access requests, sparse active user detection (SAUD) is an efficient enabler towards efficient access management, but the sparsity might be deteriorated in case of uncoordinated massive access requests. To dynamically preserve the sparsity of access requests, a reinforcement-learning (RL)-assisted scheme of closed-loop access control utilizing the access class barring technique is proposed, where the RL policy is determined through continuous interaction between the RL agent, i.e., a next generation node base (gNB), and the environment. The proposed scheme can be implemented by the near-real-time RAN intelligent controller (near-RT RIC) in O-RAN, supporting rapid switching between heterogeneous vertical applications, such as mMTC and uRLLC services. Moreover, a data-driven scheme of deep-RL-assisted SAUD is proposed to resolve highly complex environments with continuous and high-dimensional state and action spaces, where a replay buffer is applied for automatic large-scale data collection. An actor-critic framework is formulated to incorporate the strategy-learning modules into the near-RT RIC. Simulation results show that the proposed schemes can achieve superior performance in both access efficiency and user detection accuracy over the benchmark scheme for different heterogeneous services with massive access requests.

Jialiang Dong, Zhitao Guan, Longfei Wu et al.

The wide use of black-box models in natural language processing brings great challenges to the understanding of the decision basis, the trustworthiness of the prediction results, and the improvement of the model performance. The words in text samples have properties that reflect their semantics and contextual information, such as the part of speech, the position, etc. These properties may have certain relationships with the word saliency, which is of great help for studying the explainability of the model predictions. In this paper, we explore the relationships between the word saliency and the word properties. According to the analysis results, we further establish a mapping model, Seq2Saliency, from the words in a text sample and their properties to the saliency values based on the idea of sequence tagging. In addition, we establish a new dataset called PrSalM, which contains each word in the text samples, the word properties, and the word saliency values. The experimental evaluations are conducted to analyze the saliency of words with different properties. The effectiveness of the Seq2Saliency model is verified.

Jiayi Zhang, Chenxin Sun, Yue Gu et al.

The gaming industry has experienced substantial growth, but cheating in online games poses a significant threat to the integrity of the gaming experience. Cheating, particularly in first-person shooter (FPS) games, can lead to substantial losses for the game industry. Existing anti-cheat solutions have limitations, such as client-side hardware constraints, security risks, server-side unreliable methods, and both-sides suffer from a lack of comprehensive real-world datasets. To address these limitations, the paper proposes HAWK, a server-side FPS anti-cheat framework for the popular game CS:GO. HAWK utilizes machine learning techniques to mimic human experts' identification process, leverages novel multi-view features, and it is equipped with a well-defined workflow. The authors evaluate HAWK with the first large and real-world datasets containing multiple cheat types and cheating sophistication, and it exhibits promising efficiency and acceptable overheads, shorter ban times compared to the in-use anti-cheat, a significant reduction in manual labor, and the ability to capture cheaters who evaded official inspections.

Zixun Xiong, Gaoyi Wu, Lingfeng Yao et al.

Communication topology is a critical factor in the utility and safety of LLM-based multi-agent systems (LLM-MAS), making it a high-value intellectual property (IP) whose confidentiality remains insufficiently studied. % Existing topology inference attempts rely on impractical assumptions, including control over the administrative agent and direct identity queries via jailbreaks, which are easily defeated by basic keyword-based defenses. As a result, prior analyses fail to capture the real-world threat of such attacks. % To bridge this realism gap, we propose \textit{WebWeaver}, an attack framework that infers the complete LLM-MAS topology by compromising only a single arbitrary agent instead of the administrative agent. % Unlike prior approaches, WebWeaver relies solely on agent contexts rather than agent IDs, enabling significantly stealthier inference. % WebWeaver further introduces a new covert jailbreak-based mechanism and a novel fully jailbreak-free diffusion design to handle cases where jailbreaks fail. % Additionally, we address a key challenge in diffusion-based inference by proposing a masking strategy that preserves known topology during diffusion, with theoretical guarantees of correctness. % Extensive experiments show that WebWeaver substantially outperforms state-of-the-art (SOTA) baselines, achieving about 60\% higher inference accuracy under active defenses with negligible overhead.

Zixun Xiong, Gaoyi Wu, Qingyang Yu et al.

Given the high cost of large language model (LLM) training from scratch, safeguarding LLM intellectual property (IP) has become increasingly crucial. As the standard paradigm for IP ownership verification, LLM fingerprinting thus plays a vital role in addressing this challenge. Existing LLM fingerprinting methods verify ownership by extracting or injecting model-specific features. However, they overlook potential attacks during the verification process, leaving them ineffective when the model thief fully controls the LLM's inference process. In such settings, attackers may share prompt-response pairs to enable fingerprint unlearning or manipulate outputs to evade exact-match verification. We propose iSeal, the first fingerprinting method designed for reliable verification when the model thief controls the suspected LLM in an end-to-end manner. It injects unique features into both the model and an external module, reinforced by an error-correction mechanism and a similarity-based verification strategy. These components are resistant to verification-time attacks, including collusion-based fingerprint unlearning and response manipulation, backed by both theoretical analysis and empirical results. iSeal achieves 100 percent Fingerprint Success Rate (FSR) on 12 LLMs against more than 10 attacks, while baselines fail under unlearning and response manipulations.

Yue Wang, Qizhou Wang, Feng Liu et al.

Large language model (LLM) unlearning has demonstrated its essential role in removing privacy and copyright-related responses, crucial for their legal and safe applications. However, the pursuit of complete unlearning often comes with substantial costs due to its compromises in their general functionality, leading to a notorious trade-off between unlearning and retention. It motivates this paper to explore enhanced unlearning schemes that can mitigate this trade-off. Specifically, we propose Gradient Rectified Unlearning (GRU), an improved framework that regulates the directions of gradient updates during the unlearning procedure such that their side impacts on other, unrelated responses can be minimized. GRU is easy and general to implement, demonstrating practical effectiveness across a variety of well-established unlearning benchmarks.

Danial Abshari, Peiran Shi, Chenglong Fu et al.

Cyber-Physical Systems (CPS) are vulnerable to cyber-physical attacks that violate physical laws. While invariant-based anomaly detection is effective, existing methods are limited: data-driven approaches lack semantic context, and physics-based models require extensive manual work. We propose INVARLLM, a hybrid framework that uses large language models (LLMs) to extract semantic information from CPS documentation and generate physical invariants, then validates these against real system data using a PCMCI+-inspired K-means method. This approach combines LLM semantic understanding with empirical validation to ensure both interpretability and reliability. We evaluate INVARLLM on SWaT and WADI datasets, achieving 100% precision in anomaly detection with no false alarms, outperforming all existing methods. Our results demonstrate that integrating LLM-derived semantics with statistical validation provides a scalable and dependable solution for CPS security.

Chenxu Jiang, Chenglong Fu, Zhenyu Zhao et al.

Smart home IoT systems and devices are susceptible to attacks and malfunctions. As a result, users' concerns about their security and safety issues arise along with the prevalence of smart home deployments. In a smart home, various anomalies (such as fire or flooding) could happen, due to cyber attacks, device malfunctions, or human mistakes. These concerns motivate researchers to propose various anomaly detection approaches. Existing works on smart home anomaly detection focus on checking the sequence of IoT devices' events but leave out the temporal information of events. This limitation prevents them to detect anomalies that cause delay rather than missing/injecting events. To fill this gap, in this paper, we propose a novel anomaly detection method that takes the inter-event intervals into consideration. We propose an innovative metric to quantify the temporal similarity between two event sequences. We design a mechanism to learn the temporal patterns of event sequences of common daily activities. Delay-caused anomalies are detected by comparing the sequence with the learned patterns. We collect device events from a real-world testbed for training and testing. The experiment results show that our proposed method achieves accuracies of 93%, 88%, 89% for three daily activities.

Haotian Chi, Qiang Zeng, Xiaojiang Du et al.

Internet of Things (IoT) platforms enable users to deploy home automation applications. Meanwhile, privacy issues arise as large amounts of sensitive device data flow out to IoT platforms. Most of the data flowing out to a platform actually do not trigger automation actions, while homeowners currently have no control once devices are bound to the platform. We present PFirewall, a customizable data-flow control system to enhance the privacy of IoT platform users. PFirewall automatically generates data-minimization policies, which only disclose minimum amount of data to fulfill automation. In addition, PFirewall provides interfaces for homeowners to customize individual privacy preferences by defining user-specified policies. To enforce these policies, PFirewall transparently intervenes and mediates the communication between IoT devices and the platform, without modifying the platform, IoT devices, or hub. Evaluation results on four real-world testbeds show that PFirewall reduces IoT data sent to the platform by 97% without impairing home automation, and effectively mitigates user-activity inference/tracking attacks and other privacy risks.

Meng Shen, Hao Yu, Liehuang Zhu et al.

Deep neural networks (DNNs) have been increasingly used in face recognition (FR) systems. Recent studies, however, show that DNNs are vulnerable to adversarial examples, which can potentially mislead the FR systems using DNNs in the physical world. Existing attacks on these systems either generate perturbations working merely in the digital world, or rely on customized equipments to generate perturbations and are not robust in varying physical environments. In this paper, we propose FaceAdv, a physical-world attack that crafts adversarial stickers to deceive FR systems. It mainly consists of a sticker generator and a transformer, where the former can craft several stickers with different shapes and the latter transformer aims to digitally attach stickers to human faces and provide feedbacks to the generator to improve the effectiveness of stickers. We conduct extensive experiments to evaluate the effectiveness of FaceAdv on attacking 3 typical FR systems (i.e., ArcFace, CosFace and FaceNet). The results show that compared with a state-of-the-art attack, FaceAdv can significantly improve success rate of both dodging and impersonating attacks. We also conduct comprehensive evaluations to demonstrate the robustness of FaceAdv.

Liehuang Zhu, Xiangyun Tang, Meng Shen et al.

To develop Smart City, the growing popularity of Machine Learning (ML) that appreciates high-quality training datasets generated from diverse IoT devices raises natural questions about the privacy guarantees that can be provided in such settings. Privacy-preserving ML training in an aggregation scenario enables a model demander to securely train ML models with the sensitive IoT data gathered from personal IoT devices. Existing solutions are generally server-aided, cannot deal with the collusion threat between the servers or between the servers and data owners, and do not match the delicate environments of IoT. We propose a privacy-preserving ML training framework named Heda that consists of a library of building blocks based on partial homomorphic encryption (PHE) enabling constructing multiple privacy-preserving ML training protocols for the aggregation scenario without the assistance of untrusted servers and defending the security under collusion situations. Rigorous security analysis demonstrates the proposed protocols can protect the privacy of each participant in the honest-but-curious model and defend the security under most collusion situations. Extensive experiments validate the efficiency of Heda which achieves the privacy-preserving ML training without losing the model accuracy.

Chenglong Fu, Qiang Zeng, Xiaojiang Du

The booming Internet of Things (IoT) market has drawn tremendous interest from cyber attackers. The centralized cloud-based IoT service architecture has serious limitations in terms of security, availability, and scalability, and is subject to single points of failure (SPOF). Recently, accommodating IoT services on blockchains has become a trend for better security, privacy, and reliability. However, blockchain's shortcomings of high cost, low throughput, and long latency make it unsuitable for IoT applications. In this paper, we take a retrospection of existing blockchain-based IoT solutions and propose a framework for efficient blockchain and IoT integration. Following the framework, we design a novel blockchain-assisted decentralized IoT remote accessing system, RS-IoT, which has the advantage of defending IoT devices against zero-day attacks without relying on any trusted third-party. By introducing incentives and penalties enforced by smart contracts, our work enables "an economic approach" to thwarting the majority of attackers who aim to achieve monetary gains. Our work presents an example of how blockchain can be used to ensure the fairness of service trading in a decentralized environment and punish misbehaviors objectively. We show the security of RS-IoT via detailed security analyses. Finally, we demonstrate its scalability, efficiency, and usability through a proof-of-concept implementation on the Ethereum testnet blockchain.

Haotian Chi, Qiang Zeng, Xiaojiang Du et al.

Emerging Internet of Thing (IoT) platforms provide a convenient solution for integrating heterogeneous IoT devices and deploying home automation applications. However, serious privacy threats arise as device data now flow out to the IoT platforms, which may be subject to various attacks. We observe two privacy-unfriendly practices in emerging home automation systems: first, the majority of data flowed to the platform are superfluous in the sense that they do not trigger any home automation; second, home owners currently have nearly zero control over their data. We present PFirewall, a customizable data-flow control system to enhance user privacy. PFirewall analyzes the automation apps to extract their semantics, which are automatically transformed into data-minimization policies; these policies only send minimized data flows to the platform for app execution, such that the ability of attackers to infer user privacy is significantly impaired. In addition, PFirewall provides capabilities and interfaces for users to define and enforce customizable policies based on individual privacy preferences. PFirewall adopts an elegant man-in-the-middle design, transparently executing data minimization and user-defined policies to process raw data flows and mediating the processed data between IoT devices and the platform (via the hub), without requiring modifications of the platform or IoT devices. We implement PFirewall to work with two popular platforms: SmartThings and openHAB, and set up two real-world testbeds to evaluate its performance. The evaluation results show that PFirewall is very effective: it reduces IoT data sent to the platform by 97% and enforces user defined policies successfully.

Xu Kang, Bin Song, Jie Guo et al.

In recent years, with the development of the marine industry, navigation environment becomes more complicated. Some artificial intelligence technologies, such as computer vision, can recognize, track and count the sailing ships to ensure the maritime security and facilitates the management for Smart Ocean System. Aiming at the scaling problem and boundary effect problem of traditional correlation filtering methods, we propose a self-selective correlation filtering method based on box regression (BRCF). The proposed method mainly include: 1) A self-selective model with negative samples mining method which effectively reduces the boundary effect in strengthening the classification ability of classifier at the same time; 2) A bounding box regression method combined with a key points matching method for the scale prediction, leading to a fast and efficient calculation. The experimental results show that the proposed method can effectively deal with the problem of ship size changes and background interference. The success rates and precisions were higher than Discriminative Scale Space Tracking (DSST) by over 8 percentage points on the marine traffic dataset of our laboratory. In terms of processing speed, the proposed method is higher than DSST by nearly 22 Frames Per Second (FPS).

Naiyu Wang, Xiao Zhou, Xin Lu et al.

With the rapid growth of renewable energy resources, the energy trading began to shift from centralized to distributed manner. Blockchain, as a distributed public ledger technology, has been widely adopted to design new energy trading schemes. However, there are many challenging issues for blockchain-based energy trading, i.e., low efficiency, high transaction cost, security & privacy issues. To tackle with the above challenges, many solutions have been proposed. In this survey, the blockchain-based energy trading in electrical power system is thoroughly investigated. Firstly, the challenges in blockchain-based energy trading are identified. Then, the existing energy trading schemes are studied and classified into three categories based on their main focus: energy transaction, consensus mechanism, and system optimization. And each category is presented in detail. Although existing schemes can meet the specific energy trading requirements, there are still many unsolved problems. Finally, the discussion and future directions are given.

Dongyang Zhan, Huhua Li, Lin Ye et al.

Monitoring kernel object modification of virtual machine is widely used by virtual-machine-introspection-based security monitors to protect virtual machines in cloud computing, such as monitoring dentry objects to intercept file operations, etc. However, most of the current virtual machine monitors, such as KVM and Xen, only support page-level monitoring, because the Intel EPT technology can only monitor page privilege. If the out-of-virtual-machine security tools want to monitor some kernel objects, they need to intercept the operation of the whole memory page. Since there are some other objects stored in the monitored pages, the modification of them will also trigger the monitor. Therefore, page-level memory monitor usually introduces overhead to related kernel services of the target virtual machine. In this paper, we propose a low-overhead kernel object monitoring approach to reduce the overhead caused by page-level monitor. The core idea is to migrate the target kernel objects to a protected memory area and then to monitor the corresponding new memory pages. Since the new pages only contain the kernel objects to be monitored, other kernel objects will not trigger our monitor. Therefore, our monitor will not introduce runtime overhead to the related kernel service. The experimental results show that our system can monitor target kernel objects effectively only with very low overhead.

Yinghua Li, Bin Song, Jie Guo et al.

Recently, the Magnetic Resonance Imaging (MRI) images have limited and unsatisfactory resolutions due to various constraints such as physical, technological and economic considerations. Super-resolution techniques can obtain high-resolution MRI images. The traditional methods obtained the resolution enhancement of brain MRI by interpolations, affecting the accuracy of the following diagnose process. The requirement for brain image quality is fast increasing. In this paper, we propose an image super-resolution (SR) method based on overcomplete dictionaries and inherent similarity of an image to recover the high-resolution (HR) image from a single low-resolution (LR) image. We explore the nonlocal similarity of the image to tentatively search for similar blocks in the whole image and present a joint reconstruction method based on compressive sensing (CS) and similarity constraints. The sparsity and self-similarity of the image blocks are taken as the constraints. The proposed method is summarized in the following steps. First, a dictionary classification method based on the measurement domain is presented. The image blocks are classified into smooth, texture and edge parts by analyzing their features in the measurement domain. Then, the corresponding dictionaries are trained using the classified image blocks. Equally important, in the reconstruction part, we use the CS reconstruction method to recover the HR brain MRI image, considering both nonlocal similarity and the sparsity of an image as the constraints. This method performs better both visually and quantitatively than some existing methods.

Shengjun Wei, Hao Zhong, Chun Shan et al.

To build a secure communications software, Vulnerability Prediction Models (VPMs) are used to predict vulnerable software modules in the software system before software security testing. At present many software security metrics have been proposed to design a VPM. In this paper, we predict vulnerable classes in a software system by establishing the system's weighted software network. The metrics are obtained from the nodes' attributes in the weighted software network. We design and implement a crawler tool to collect all public security vulnerabilities in Mozilla Firefox. Based on these data, the prediction model is trained and tested. The results show that the VPM based on weighted software network has a good performance in accuracy, precision, and recall. Compared to other studies, it shows that the performance of prediction has been improved greatly in Pr and Re.

Sijia Chen, Bin Song, Xiaojiang Du et al.

Deep Models, typically Deep neural networks, have millions of parameters, analyze medical data accurately, yet in a time-consuming method. However, energy cost effectiveness and computational efficiency are important for prerequisites developing and deploying mobile-enabled devices, the mainstream trend in connected healthcare.

Junmei Lv, Bin Song, Jie Guo et al.

Nowadays, the recommendation systems are applied in the fields of e-commerce, video websites, social networking sites, etc., which bring great convenience to people's daily lives. The types of the information are diversified and abundant in recommendation systems, therefore the proportion of unstructured multimodal data like text, image and video is increasing. However, due to the representation gap between different modalities, it is intractable to effectively use unstructured multimodal data to improve the efficiency of recommendation systems. In this paper, we propose an end-to-end Multimodal Interest-Related Item Similarity model (Multimodal IRIS) to provide recommendations based on multimodal data source. Specifically, the Multimodal IRIS model consists of three modules, i.e., multimodal feature learning module, the Interest-Related Network (IRN) module and item similarity recommendation module. The multimodal feature learning module adds knowledge sharing unit among different modalities. Then IRN learn the interest relevance between target item and different historical items respectively. At last, the multimodal data feature learning, IRN and item similarity recommendation modules are unified into an integrated system to achieve performance enhancements and to accommodate the addition or absence of different modal data. Extensive experiments on real-world datasets show that, by dealing with the multimodal data which people may pay more attention to when selecting items, the proposed Multimodal IRIS significantly improves accuracy and interpretability on top-N recommendation task over the state-of-the-art methods.

Zhihong Tian, Xiangsong Gao, Shen Su et al.

Conducting reputation management is very important for Internet of vehicles. However, most of the existing researches evaluate the effectiveness of their schemes with settled attacking behaviors in their simulation which cannot represent the scenarios in reality. In this paper, we propose to consider dynamical and diversity attacking strategies in the simulation of reputation management scheme evaluation. To that end, we apply evolutionary game theory to model the evolution process of malicious users' attacking strategies, and discuss the methodology of the evaluation simulations. We further apply our evaluation method to a reputation management scheme with multiple utility functions, and discuss the evaluation results. The results indicate that our evaluation method is able to depict the evolving process of the dynamic attacking strategies in a vehicular network, and the final state of the simulation could be used to quantify the protection effectiveness of the reputation management scheme.

Chuan Zhang, Liehuang Zhu, Chang Xu et al.

The explosive growth of vehicle amount has given rise to a series of traffic problems, such as traffic congestion, road safety, and fuel waste. Collecting vehicles' speed information is an effective way to monitor the traffic condition and avoid vehicles being congested, which however may bring threats to vehicles' location and trajectory privacy. Motivated by the fact that traffic monitoring does not need to know each individual vehicle's speed and the average speed would be sufficient, we propose a privacy-preserving traffic monitoring (PPTM) scheme to aggregate vehicles' speeds at different locations. In PPTM, the roadside unit (RSU) collects vehicles' speed information at multiple road segments, and further cooperates with a service provider to calculate the average speed information for every road segment. To preserve vehicles' privacy, both homomorphic Paillier cryptosystem and super-increasing sequence are adopted. A comprehensive security analysis indicates that the proposed PPTM can preserve vehicles' identities, speeds, locations, and trajectories privacy from being disclosed. In addition, extensive simulations are conducted to validate the effectiveness and efficiency of the proposed PPTM scheme.

Dongliang Xu, Bailing Wang, XiaoJiang Du et al.

A verification code is an automated test method used to distinguish between humans and computers. Humans can easily identify verification codes, whereas machines cannot. With the development of convolutional neural networks, automatically recognizing a verification code is now possible for machines. However, the advantages of convolutional neural networks depend on the data used by the training classifier, particularly the size of the training set. Therefore, identifying a verification code using a convolutional neural network is difficult when training data are insufficient. This study proposes an active and deep learning strategy to obtain new training data on a special verification code set without manual intervention. A feature learning model for a scene with less training data is presented in this work, and the verification code is identified by the designed convolutional neural network. Experiments show that the method can considerably improve the recognition accuracy of a neural network when the amount of initial training data is small.

Zhihong Tian, Wei Shi, Yuhang Wang et al.

Edge computing is providing higher class intelligent service and computing capabilities at the edge of the network. The aim is to ease the backhaul impacts and offer an improved user experience, however, the edge artificial intelligence exacerbates the security of the cloud computing environment due to the dissociation of data, access control and service stages. In order to prevent users from using the edge-cloud computing environment to carry out lateral movement attacks, we proposed a method named CloudSEC meaning real time lateral movement detection based on evidence reasoning network for the edge-cloud environment. The concept of vulnerability correlation is introduced. Based on the vulnerability knowledge and environmental information of the network system, the evidence reasoning network is constructed, and the lateral movement reasoning ability provided by the evidence reasoning network is used. CloudSEC realizes the reconfiguration of the efficient real-time attack process. The experiment shows that the results are complete and credible.

Chuan Zhang, Liehuang Zhu, Chang Xu et al.

The recent proliferation of smart devices has given rise to ubiquitous computing, an emerging computing paradigm which allows anytime & anywhere computing possible. In such a ubiquitous computing environment, customers release different computing or sensing tasks, and people, also known as data processors, participate in these tasks and get paid for providing their idle computing and communication resources. Thus, how to select an appropriate and reliable customer while not disclosing processors' privacy has become an interesting problem. In this article, we present a trust-based and privacy-preserving customer selection scheme in ubiquitous computing, called TPCS, to enable potential processors select the customers with good reputation. The basic concept of TPCS is that each data processor holds a trust value, and the reputation score of the customer is calculated based on processors' trust values and feedbacks via a truth discovery process. To preserve processors' privacy, pseudonyms and Paillier cryptosystem are applied to conceal each processor's real identity. In addition, three authentication protocols are designed to ensure that only the valid data processors (i.e., the processors registering in the system, holding the truthful trust values, and joining the computing tasks) can pass the authentication. A comprehensive security analysis is conducted to prove that our proposed TPCS scheme is secure and can defend against several sophisticated attacks. Moreover, extensive simulations are conducted to demonstrate the correctness and effectiveness of the proposed scheme.

Xiaolei Liu, Xiaojiang Du, Xiaosong Zhang et al.

Many IoT(Internet of Things) systems run Android systems or Android-like systems. With the continuous development of machine learning algorithms, the learning-based Android malware detection system for IoT devices has gradually increased. However, these learning-based detection models are often vulnerable to adversarial samples. An automated testing framework is needed to help these learning-based malware detection systems for IoT devices perform security analysis. The current methods of generating adversarial samples mostly require training parameters of models and most of the methods are aimed at image data. To solve this problem, we propose a \textbf{t}esting framework for \textbf{l}earning-based \textbf{A}ndroid \textbf{m}alware \textbf{d}etection systems(TLAMD) for IoT Devices. The key challenge is how to construct a suitable fitness function to generate an effective adversarial sample without affecting the features of the application. By introducing genetic algorithms and some technical improvements, our test framework can generate adversarial samples for the IoT Android Application with a success rate of nearly 100\% and can perform black-box testing on the system.

Caidan Zhao, Mingxian Shi, MinMin Huang et al.

With the development of artificial intelligence and self-driving, vehicular ad-hoc network (VANET) has become an irreplaceable part of the Intelligent Transportation Systems (ITSs). However, the traditional network of the ground cannot meet the requirements of transmission, processing, and storage among vehicles. Under this circumstance, integrating space and air nodes into the whole network can provide comprehensive traffic information and reduce the transmission delay. The high mobility and low latency in the Space-Air-Ground Integrated Network (SAGIN) put forward higher requirements for security issues such as identity authentication, privacy protection, and data security. This paper simplifies the Blockchain and proposes an identity authentication and privacy protection scheme based on the Hashchain in the SAGIN. The scheme focuses on the characteristics of the wireless signal to identify and authenticate the nodes. The verification and backup of the records on the block are implemented with the distributed streaming platform, Kafka algorithm, instead of the consensus. Furthermore, this paper analyzes the security of this scheme. Afterward, the experimental results reveal the delay brought by the scheme using the simulation of SUMO, OMNeT++, and Veins.

Jingwei Liu, Ailian Ren, Lihuan Zhang et al.

Today, Internet of Things (IoT) technology is being increasingly popular which is applied in a wide range of industry sectors such as healthcare, transportation and some critical infrastructures. With the widespread applications of IoT technology, people's lives have changed dramatically. Due to its capabilities of sensitive data-aware, information collection, communication and processing, it raises security and privacy concerns. Moreover, a malicious attacker may impersonate a legitimate user, which may cause security threat and violation privacy. In allusion to the above problems, we propose a novel and lightweight anonymous authentication and key agreement scheme for heterogeneous IoT, which is innovatively designed to shift between the public key infrastructure (PKI) and certificateless cryptography (CLC) environment. The proposed scheme not only achieves secure communication among the legal authorized users, but also possesses more attributes with user anonymity, non-repudiation and key agreement fairness. Through the security analysis, it is proved that the proposed scheme can resist replay attacks and denial of service (DOS) attacks. Finally, the performance evaluation demonstrates that our scheme is more lightweight and innovative.

Xi Hang Cao, Xiaojiang Du, E. Paul Ratazzi

Internet of Things (IoT) is ubiquitous because of its broad applications and the advance in communication technologies. The capabilities of IoT also enable its important role in homeland security and tactical missions, including Reconnaissance, Intelligence, Surveillance, and Target Acquisition (RISTA). IoT security becomes the most critical issue before its extensive use in military operations. While the majority of research focuses on smart IoT devices, treatments for legacy dumb network-ready devices are lacking; moreover, IoT devices deployed in a hostile environment are often required to be dumb due to the strict hardware constraints, making them highly vulnerable to cyber attacks. To mitigate the problem, we propose a light-weight authentication scheme for dumb IoT devices, in a case study of the UAV-sensor collaborative RISTA missions. Our scheme utilizes the covert channels in the physical layer for authentications and does not request conventional key deployments, key generations which may cause security risks and large overhead that a dumb sensor cannot afford. Our scheme operates on the physical layer, and thus it is highly portable and generalizable to most commercial and military communication protocols. We demonstrate the viability of our scheme by building a prototype system and conducting experiments to emulate the behaviors of UAVs and sensors in real scenarios.

Zhitao Guan, Zefang Lv, Xiaojiang Du et al.

The emergence and rapid development of the Internet of Medical Things (IoMT), an application of the Internet of Things into the medical and healthcare systems, have brought many changes and challenges to modern medical and healthcare systems. Particularly, machine learning technology can be used to process the data involved in IoMT for medical analysis and disease diagnosis. However, in this process, the disclosure of personal privacy information must receive considerable attentions especially for sensitive medical data. Cluster analysis is an important technique for medical analysis and disease diagnosis. To enable privacy-preserving cluster analysis in IoMT, this paper proposed an Efficient Differentially Private Data Clustering scheme (EDPDCS) based on MapReduce framework. In EDPDCS, we optimize the allocation of privacy budgets and the selection of initial centroids to improve the accuracy of differentially private K-means clustering algorithm. Specifically, the number of iterations of the K-means algorithm is set to a fixed value according to the total privacy budget and the minimal privacy budget of each iteration. In addition, an improved initial centroids selection method is proposed to increase the accuracy and efficiency of the clustering algorithm. Finally, we prove that the proposed EDPDCS can improve the accuracy of the differentially private k-means algorithm by comparing the Normalized Intra-Cluster Variance (NICV) produced by our algorithm on two datasets with two other algorithms.

Qiang Zeng, Golam Kayas, Emil Mohammed et al.

Exploitation of heap vulnerabilities has been on the rise, leading to many devastating attacks. Conventional heap patch generation is a lengthy procedure, requiring intensive manual efforts. Worse, fresh patches tend to harm system dependability, hence deterring users from deploying them. We propose a heap patching system that simultaneously has the following prominent advantages: (1) generating patches without manual efforts; (2) installing patches without altering the code (so called code-less patching); (3) handling various heap vulnerability types; (4) imposing a very low overhead; and (5) no dependency on specific heap allocators. As a separate contribution, we propose targeted calling context encoding, which is a suite of algorithms for optimizing calling context encoding, an important technique with applications in many areas. The system properly combines heavyweight offline attack analysis with lightweight online defense generation, and provides a new countermeasure against heap attacks. The evaluation shows that the system is effective and efficient.

Xiangyun Tang, Liehuang Zhu, Meng Shen et al.

Machine learning (ML) classifiers are invaluable building blocks that have been used in many fields. High quality training dataset collected from multiple data providers is essential to train accurate classifiers. However, it raises concern about data privacy due to potential leakage of sensitive information in training dataset. Existing studies have proposed many solutions to privacy-preserving training of ML classifiers, but it remains a challenging task to strike a balance among accuracy, computational efficiency, and security. In this paper, we propose Heda, an efficient privacypreserving scheme for training ML classifiers. By combining homomorphic cryptosystem (HC) with differential privacy (DP), Heda obtains the tradeoffs between efficiency and accuracy, and enables flexible switch among different tradeoffs by parameter tuning. In order to make such combination efficient and feasible, we present novel designs based on both HC and DP: A library of building blocks based on partially HC are proposed to construct complex training algorithms without introducing a trusted thirdparty or computational relaxation; A set of theoretical methods are proposed to determine appropriate privacy budget and to reduce sensitivity. Security analysis demonstrates that our solution can construct complex ML training algorithm securely. Extensive experimental results show the effectiveness and efficiency of the proposed scheme.

Jingwei Liu, Lihuan Zhang, Rong Sun et al.

With the emerging of mobile communication technologies, we are entering the fifth generation mobile communication system (5G) era. Various application scenarios will arise in the 5G era to meet the different service requirements. Different 5G network slicings may deploy different public key cryptosystems. The security issues among the heterogeneous systems should be considered. In order to ensure the secure communications between 5G network slicings, in different public cryptosystems, we propose two heterogeneous signcryption schemes which can achieve mutual communications between the Public Key Infrastructure (PKI) and the CertificateLess public key Cryptography (CLC) environment. We prove that our schemes have the INDistinguishability against Adaptive Chosen Ciphertext Attack (IND-CCA2) under the Computational Diffie-Hellman Problem (CDHP) and the Existential UnForgeability against adaptive Chosen Message Attack (EUF-CMA) under the Discrete Logarithm Problem (DLP) in the random oracle model. We also set up two heterogeneous cryptosystems on Raspberry Pi to simulate the interprocess communication between different public key environments. Furthermore, we quantify and analyze the performance of each scheme. Compared with the existing schemes, our schemes have greater efficiency and security.

Jingwei Liu, Qingqing Li, Huijuan Cao et al.

Along with the development of vehicular sensors and wireless communication technology, Internet of Vehicles (IoV) is emerging that can improve traffic efficiency and provide a comfortable driving environment. However, there is still a challenge how to ensure the survivability of IoV. Fortunately, this goal can be achieved by quickly verifying real-time monitoring data to avoid network failure. Aggregate signature is an efficient approach to realize quick data verification quickly. In this paper, we propose a monitoring data batch verification scheme based on an improved certificateless aggregate signature for IoV, named MDBV. The size of aggregated verification message is remain roughly constant even as the increasing number of vehicles in MDBV. Additionally, MDBV is proved to be secure in the random oracle model assuming the intractability of the computational Diffie-Hellman problem. In consideration of the network survivability and performance, the proposed MDBV can decrease the computation overhead and is more suitable for IoV.

Jingwei Liu, Jinping Han, Longfei Wu et al.

Along with the miniaturization of various types of sensors, a mass of intelligent terminals are gaining stronger sensing capability, which raises a deeper perception and better prospect of Internet of Things (IoT). With big sensing data, IoT provides lots of convenient services for the monitoring and management of smart cities and people's daily lives. However, there are still many security challenges influencing the further development of IoT, one of which is how to quickly verify the big data obtained from IoT terminals. Aggregate signature is an efficient approach to perform big data authentication. It can effectively reduce the computation and communication overheads. In this paper, utilizing these features, we construct a verifiable data aggregation scheme for Internet of Things, named VDAS, based on an improved certificateless aggregate signature algorithm. In VDAS, the length of the aggregated authentication message is independent of the number of IoT terminals. Then, we prove that VDAS is existentially unforgeable under adaptive chosen message attacks assuming that the computational Diffie-Hellman problem is hard. Additionally, the proposed VDAS achieves a better trade-off on the computation overheads between the resource-constrained IoT terminals and the data center.

Jingwei Liu, Fanghui Cai, Longfei Wu et al.

As a popular application, mobile crowd sensing systems aim at providing more convenient service via the swarm intelligence. With the popularity of sensor-embedded smart phones and intelligent wearable devices, mobile crowd sensing is becoming an efficient way to obtain various types of sensing data from individuals, which will make people's life more convenient. However, mobile crowd sensing systems today are facing a critical challenge, namely the privacy leakage of the sensitive information and valuable data, which can raise grave concerns among the participants. To address this issue, we propose an enhanced secure certificateless privacy-preserving verifiable data authentication scheme for mobile crowd sensing, named EPDA. The proposed scheme provides unconditional anonymous data authentication service for mobile crowd sensing, by deploying an improved certificateless ring signature as the cryptogram essential, in which the big sensing data should be signed by one of legitimate members in a specific group and could be verified without exposing the actual identity of the participant. The formal security proof demonstrates that EPDA is secure against existential forgery under adaptive chosen message and identity attacks in random oracle model. Finally, extensive simulations are conducted. The results show that the proposed EPDA efficiently decreases computational cost and time consumption in the sensing data authentication process.

Jingwei Liu, Qin Hu, Chaoya Li et al.

Vehicular Ad Hoc Networks (VANETs) are attractive scenarios that can improve the traffic situation and provide convenient services for drivers and passengers via vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication. However, there are still many security challenges in the traffic information transmission, especially in the intense traffic case. For ensuring the privacy of users and traceability of vehicles, we propose a traceable concurrent data anonymous transmission scheme for heterogeneous VANETs. The scheme is based on certificateless aggregate signcryption, so it supports batch verification. Moreover, conditional anonymity is also achieved due to the involving of the pseudo-ID technique. Furthermore, it is a pairing-free scheme for the merit of multi-trapdoor hash functions. As a result, the total computation overhead is greatly reduced.

Jingwei Liu, Huifang Tang, Chaoya Li et al.

In recent years, cloud storage technology has been widely used in many fields such as education, business, medical and more because of its convenience and low cost. With the widespread applications of cloud storage technology, data access control methods become more and more important in cloud-based network. The ciphertext policy attribute-based encryption (CP-ABE) scheme is very suitable for access control of data in cloud storage. However, in many practical scenarios, all attributes of a user cannot be managed by one authority, so many multi-authority CP-ABE schemes have emerged. Moreover, cloud servers are usually semi-trusted, which may leak user information. Aiming at the above problems, we propose a fine-grained access control scheme with versatility for cloud storage based on multi-authority CP-ABE, named vFAC. The proposed vFAC has the features of large universe, no key escrow problem, online/offline mechanism, hidden policy, verifiability and user revocation. Finally, we demonstrate vFAC is static security under the random oracle model. Through the comparison of several existing schemes in terms of features, computational overhead and storage cost, we can draw a conclusion that vFAC is more comprehensive and scalable.

Jingwei Liu, Qingqing Li, Rong Sun et al.

Internet of Vehicles (IoV) is an intelligent application of IoT in smart transportation, which can make intelligent decisions for passengers. It has drawn extensive attention to improve traffic safety and efficiency and create a more comfortable driving and riding environment. Vehicular cloud computing is a variant of mobile cloud computing, which can process local information quickly. The cooperation of the Internet and vehicular cloud can make the communication more efficient in IoV. In this paper, we mainly focus on the secure communication between vehicles and roadside units. We first propose a new certificateless short signature scheme (CLSS) and prove the unforgeability of it in random oracle model. Then, by combining CLSS and a regional management strategy we design an efficient anonymous mutual quick authentication scheme for IoV. Additionally, the quantitative performance analysis shows that the proposed scheme achieves higher efficiency in terms of interaction between vehicles and roadside units compared with other existing schemes.

Jingwei Liu, Xiaolu Li, Rong Sun et al.

Along with the development of wireless communication technology, a mass of mobile devices are gaining stronger sensing capability, which brings a novel paradigm to light: participatory sensing networks (PSNs). PSNs can greatly reduce the cost of wireless sensor networks, and hence are becoming an efficient way to obtain abundant sensing data from surrounding environment. Therefore, PSNs would lead to significant improvement in various fields, including cognitive communication. However, the large-scale deployment of participatory sensing applications is hindered by the lack of incentive mechanism, security and privacy concerns. It is still an ongoing issue to address all three aspects simultaneously in PSNs. In this paper, we construct an efficient privacy-preserving incentive scheme without trusted third party (TTP) for PSNs to motivate user-participation. This scheme allows each participant to earn credits by contributing data privately. Using blind and partially blind signatures, the proposed scheme is proved to be secure for privacy and incentive. Additionally, the performance evaluation in terms of computation and storage indicates that the proposed scheme has higher efficiency.

Jingwei Liu, Xiaolu Li, Lin Ye et al.

Electronic medical record (EMR) is a crucial form of healthcare data, currently drawing a lot of attention. Sharing health data is considered to be a critical approach to improve the quality of healthcare service and reduce medical costs. However, EMRs are fragmented across decentralized hospitals, which hinders data sharing and puts patients' privacy at risks. To address these issues, we propose a blockchain based privacy-preserving data sharing for EMRs, called BPDS. In BPDS, the original EMRs are stored securely in the cloud and the indexes are reserved in a tamper-proof consortium blockchain. By this means, the risk of the medical data leakage could be greatly reduced, and at the same time, the indexes in blockchain ensure that the EMRs can not be modified arbitrarily. Secure data sharing can be accomplished automatically according to the predefined access permissions of patients through the smart contracts of blockchain. Besides, the joint-design of the CP-ABE-based access control mechanism and the content extraction signature scheme provides strong privacy preservation in data sharing. Security analysis shows that BPDS is a secure and effective way to realize data sharing for EMRs.

Yue Zhang, Fang Tian, Bin Song et al.

Internet of vehicles is a promising area related to D2D communication and internet of things. We present a novel perspective for vehicular communications, social vehicle swarms, to study and analyze socially aware internet of vehicles with the assistance of an agent-based model intended to reveal hidden patterns behind superficial data. After discussing its components, namely its agents, environments, and rules, we introduce supportive technology and methods, deep reinforcement learning, privacy preserving data mining and sub-cloud computing, in order to detect the most significant and interesting information for each individual effectively, which is the key desire. Finally, several relevant research topics and challenges are discussed.

Yue Zhang, Bin Song, Xiaojiang Du et al.

Vehicle location prediction or vehicle tracking is a significant topic within connected vehicles. This task, however, is difficult if only a single modal data is available, probably causing bias and impeding the accuracy. With the development of sensor networks in connected vehicles, multimodal data are becoming accessible. Therefore, we propose a framework for vehicle tracking with multimodal data fusion. Specifically, we fuse the results of two modalities, images and velocity, in our vehicle-tracking task. Images, being processed in the module of vehicle detection, provide direct information about the features of vehicles, whereas velocity estimation can further evaluate the possible location of the target vehicles, which reduces the number of features being compared, and decreases the time consumption and computational cost. Vehicle detection is designed with a color-faster R-CNN, which takes both the shape and color of the vehicles into consideration. Meanwhile, velocity estimation is through the Kalman filter, which is a classical method for tracking. Finally, a multimodal data fusion method is applied to integrate these outcomes so that vehicle-tracking tasks can be achieved. Experimental results suggest the efficiency of our methods, which can track vehicles using a series of surveillance cameras in urban areas.

Xu Kang, Bin Song, Jie Guo et al.

Vehicle tracking task plays an important role on the internet of vehicles and intelligent transportation system. Beyond the traditional GPS sensor, the image sensor can capture different kinds of vehicles, analyze their driving situation and can interact with them. Aiming at the problem that the traditional convolutional neural network is vulnerable to background interference, this paper proposes vehicle tracking method based on human attention mechanism for self-selection of deep features with an inter-channel fully connected layer. It mainly includes the following contents: 1) A fully convolutional neural network fused attention mechanism with the selection of the deep features for convolution. 2) A separation method for template and semantic background region to separate target vehicles from the background in the initial frame adaptively. 3) A two-stage method for model training using our traffic dataset. The experimental results show that the proposed method improves the tracking accuracy without an increase in tracking time. Meanwhile, it strengthens the robustness of algorithm under the condition of the complex background region. The success rate of the proposed method in overall traffic datasets is higher than Siamese network by about 10 percent, and the overall precision is higher than Siamese network by 8 percent.

Yong Yu, Yannan Li, Xiaojiang Du et al.

Information-Centric Networks (ICN) are promising alternatives to current Internet architecture since the Internet struggles with a number of issues such as scalability, mobility and security. ICN offers a number of potential benefits including reduced congestion and enhanced delivery performance by employing content caching, simpler network configurations and stronger security for the content. Named Data Networking (NDN), an instance of the ICN, enables content delivery instead of host-centric approaches by naming data rather than the host. In order to make NDN practical in the real world, the challenging issues of content security need to be addressed. In this article, we examine the architecture, content security as well as possible solutions to these issues of NDN, with a special focus on content integrity and provenance. We propose a variety of digital signature schemes to achieve the data integrity and origin authentication in NDN for various applications, which include cost-effective signatures, privacy-preserving signatures, network coding signatures, and post-quantum signatures. We also present the speed-up techniques in generating signatures and verifying signatures such as pre-computation, batch verification and server-aided verification to reduce the computational cost of the producers and receivers in NDN. A number of certificate-free trust management approaches and possible adoptions in NDN are investigated.

Yong Yu, Yujie Ding, Yanqi Zhao et al.

Currently, the number of Internet of Thing (IoT) devices making up the IoT is more than 11 billion and this number has been continuously increasing. The prevalence of these devices leads to an emerging IoT business model called Device-as-a-service(DaaS), which enables sensor devices to collect data disseminated to all interested devices. The devices sharing data with other devices could receive some financial reward such as Bitcoin. However, side-channel attacks, which aim to exploit some information leaked from the IoT devices during data trade execution, are possible since most of the IoT devices are vulnerable to be hacked or compromised. Thus, it is challenging to securely realize data trading in IoT environment due to the information leakage such as leaking the private key for signing a Bitcoin transaction in Bitcoin system. In this paper, we propose LRCoin, a kind of leakage-resilient cryptocurrency based on bitcoin in which the signature algorithm used for authenticating bitcoin transactions is leakage-resilient. LRCoin is suitable for the scenarios where information leakage is inevitable such as IoT applications. Our core contribution is proposing an efficient bilinear-based continual-leakage-resilient ECDSA signature. We prove the proposed signature algorithm is unforgeable against adaptively chosen messages attack in the generic bilinear group model under the continual leakage setting. Both the theoretical analysis and the implementation demonstrate the practicability of the proposed scheme.

Zhitao Guan, Tingting Yang, Xiaojiang Du et al.

Recently, with the support of mobile cloud computing, a large number of health related data collected from various body sensor networks can be managed efficiently. However, to ensure data security and data privacy in cloud-integrated body sensor networks is an important and challenging issue. In this paper, we present a novel secure access control mechanism Mask Certificate Attribute Based Encryption for cloud integrated body sensor networks. A specific signature is designed to mask the plaintext, then the masked data can be securely outsourced to cloud severs. An authorization certificate composing of the signature and related privilege items is constructed that is used to grant privileges to data receivers. To ensure security, a unique value is chosen to mask the certificate for each data receiver. The analysis shows that the proposed scheme has less computational cost and storage cost compared with other popular models.

Jing Li, Zhitao Guan, Xiaojiang Du et al.

With the support of cloud computing, large quantities of data collected from various WSN applications can be managed efficiently. However, maintaining data security and efficiency of data processing in cloud-WSN (C-WSN) are important and challenging issues. In this paper, we present an efficient data outsourcing scheme based on CP-ABE, which can not only guarantee secure data access, but also reduce overall data processing time. In our proposed scheme, a large file is divided into several data blocks by data owner (DO) firstly. Then, the data blocks are encrypted and transferred to the cloud server in parallel. For data receiver (DR), data decryption and data transmission is also processed in parallel. In addition, data integrity can be checked by DR without any master key components. The security analysis shows that the proposed scheme can meet the security requirement of C-WSN. By performance evaluation, it shows that our scheme can dramatically improve data processing efficiency compared to the traditional CP-ABE method.

Xueyan Liu, Zhitao Guan, Xiaojiang Du et al.

Nowadays, a large amount of user privacy-sensitive data is outsourced to the cloud server in ciphertext, which is provided by the data owners and can be accessed by authorized data users. When accessing data, the user should be assigned with the access permission according to his identities or attributes. In addition, the search capabilities in encrypted outsourced data is expected to be enhanced, i.e., the search results can better pre-sent user's intentions. To address the above issues, ESAS, an Efficient Semantic and Authorized Search scheme over encrypt-ed outsourced data, is proposed. In ESAS, by integrating PRSCG (the privacy-preserving ranked search based on con-ceptual graph) and CP-ABE (ciphertext policy attribute-based encryption), semantic search with file-level fine-grained access authorization can be realized. In addition, search authorization can be done in an offline manner, which can improve search efficiency and reduce the response time. The security analysis indicate that the proposed ESAS meets security requirement.