Proactive Defense for Internet-of-things: Moving Target Defense With Cyberdeception

Resource constrained Internet-of-Things (IoT) devices are highly likely to be compromised by attackers, because strong security protections may not be suitable to be deployed. This requires an alternative approach to protect vulnerable components in IoT networks. In this article, we propose an integrated defense technique to achieve intrusion prevention by leveraging cyberdeception (i.e., a decoy system) and moving target defense (i.e., network topology shuffling). We evaluate the effectiveness and efficiency of our proposed technique analytically based on a graphical security model in a software-defined networking (SDN)-based IoT network. We develop four strategies (i.e., fixed/random and adaptive/hybrid) to address “when” to perform network topology shuffling and three strategies (i.e., genetic algorithm/decoy attack path-based optimization/random) to address “how” to perform network topology shuffling on a decoy-populated IoT network, and we analyze which strategy can best achieve a system goal, such as prolonging the system lifetime, maximizing deception effectiveness, maximizing service availability, or minimizing defense cost. We demonstrated that a software-defined IoT network running our intrusion prevention technique at the optimal parameter setting prolongs system lifetime, increases attack complexity of compromising critical nodes, and maintains superior service availability compared with a counterpart IoT network without running our intrusion prevention technique. Further, when given a single goal or a multi-objective goal (e.g., maximizing the system lifetime and service availability while minimizing the defense cost) as input, the best combination of “when” and “how” strategies is identified for executing our proposed technique under which the specified goal can be best achieved.

Performance evaluation and comparison study of adaptive MANET service location and discovery protocols for highly dynamic environments

A critical requirement in Mobile Ad Hoc Networks (MANETs) is its ability to automatically discover existing services as well as their locations. Several solutions have been proposed in various communication domains which could be classified into two categories: (1) directory based, and (2) directory-less. The former is efficient but suffers from the amount of control messages being exchanged to maintain all directories in an agile environment. However, the latter approach attempts to reduce the amount of control messages to update directories, by simply sending broadcast messages to discover services; which is also a non-desirable approach in MANETs. This research work builds on top of our prior work (Nazeeruddin et al. in IFIP/IEEE international conference on management of multimedia networks and services, Springer, Berlin, 2006)) where we introduced a new efficient protocol for service discovery in MANETs (MSLD); a lightweight, robust, scalable, and flexible protocol which supports node heterogeneity and dynamically adapts to network changes while not flooding the network with extra protocol messages—a major challenge in today’s network environments, such as Internet of Things (IoT). Extensive simulations study was conducted on MSLD to: (1) initially evaluate its performance in terms of latency, service availability, and overhead messages, then (2) compare its performance to Dir-Based, Dir-less, and PDP protocols under various network conditions. For most performance metrics, simulation results show that MSLD outperforms Dir-Based, Dir-less, and PDP by either matching or achieving high service availability, low service discovery latency, and considerably less communication overhead.

The performance of tramway service from the users' viewpoint: A comparative analysis between two Moroccan cities

The Moroccan government has recently promoted sustainable public transport projects such as tramway services namely in the two largest cities of country, Casablanca and Rabat-Salé. Since its launch, the tramway service is in-creasingly present in citizens' daily lives in both cities. To maintain its attractiveness, operators and transport authori-ties should examine the performance of tramway service from user’s point of view. That is, an in-depth understanding of how passengers perceive service quality and what make them satisfied. The purpose of this study is to compare the performance of tramway service in the two cities based on the opinions of a sample size of 613 and 435 individuals in each city. The outcome of this peer comparison allows to determine the strengths and weaknesses of provided service and identify priorities for improvement in each city. Regarding the methodology, we adopted a two-step approach to achieve our research purpose. The first stage intends to compare users' perceptions regarding Service Quality Attrib-utes (SQAs) and overall satisfaction and to identify any significant differences between the two cities. To this end, we applied, in the first stage, a student t-test of two independent samples. The second stage employs an ordered probit regression model to identify the most important SQA; i.e., which most influence the overall satisfaction, and improve-ments priorities for the current service tramway. The results showed that, in average, passengers found service quality as good and are satisfied with tramway service in both cities. Tram vehicles’ is the best appreciated service attribute in both cities while Comfort in Rabat-Salé and Lines’ connectivity in Casablanca are the least appreciated. Moreover, the service performance of Rabat-Salé tramway exceeds that of Casablanca tramway in terms of service Availability, ser-vice Reliability, Fares level, Tram vehicle, Drivers’ competence, Lines’ connectivity, and overall satisfaction. On the other hand, we found that among top six important attributes, Reliability and Administrators should be prioritized for improvement in Casablanca; and staff, Lines, Comfort, and Administrators in Rabat-Salé. Results showed that im-provements in all these service aspects would increase significantly overall user’s satisfaction.

An Experimental Implementation of a Resilient Graphic Rendering Cluster

In this paper, we describe the challenge of developing a web front that will give an interactive and relatively immediate result without the overhead of complex grid scheduling, in the sense of the grid’s lack of interactivity and need for certificates that users simply do not own. In particular, the local system of issuing grid certificates is somewhat limited to a narrower community compared to that which we wanted to reach in order to popularize the grid, and our desired level of service availability exceeded the use of the cluster for grid purposes. Therefore, we have developed an interactive, scalable web front and back-end animation rendering frame dispatcher to access our cluster’s rendering power with low latency, low overhead and low performance penalty added to the cost of Persistence of Vision Ray rendering. The system is designed to survive temporary or catastrophic failures such as temporary power loss, load shedding, malfunction of rendering server cluster or client hardware, whether through an automatic or a manual restart, as long as the hardware that keeps the previous work and periodically dumped state of the automata is preserved.

Protection against Failure of Machine Learning-based QoT Prediction

Machine learning (ML)-based methods are widely explored to predict the quality of transmission (QoT) of a lightpath, which is expected to reduce optical signal to noise ratio (OSNR) margin reserved for the lightpath and therefore improve the spectrum efficiency of an optical network. However, many studies conducting this prediction are often based on synthetic datasets or datasets obtained from laboratory. As such, these datasets may not be amply representative to cover the entire status space of a real optical network, which is often exposed in harsh environment. There are risks of failure when using these ML-based QoT prediction models. It is necessary to develop a mechanism that can guarantee the reliability of a lightpath service even if the prediction models fail. For this, we propose to take advantage of the conventional network protection techniques that are popularly implemented in an optical network and reuse their protection resources to also protect against such a type of failure. Based on the two representative protection techniques, i.e., 1+1 dedicated path protection and shared backup path protection (SBPP), the performance of the proposed protection mechanism is evaluated by reserving different margins for the working and protection lightpaths. For 1+1 path protection, we find that the proposed mechanism can achieve a zero design-margin (D-margin) for a working lightpath thereby significantly improving network spectrum efficiency, while not scarifying the availability of lightpath services. For SBPP, we find that an optimal D-margin should be identified to balance the spectrum efficiency and service availability, and although not significant, the proposed mechanism can save an up to 0.5-dB D-margin for a working lightpath, while guaranteeing the service availability.

Protection against Failure of Machine Learning-based QoT Prediction

Machine learning (ML)-based methods are widely explored to predict the quality of transmission (QoT) of a lightpath, which is expected to reduce optical signal to noise ratio (OSNR) margin reserved for the lightpath and therefore improve the spectrum efficiency of an optical network. However, many studies conducting this prediction are often based on synthetic datasets or datasets obtained from laboratory. As such, these datasets may not be amply representative to cover the entire status space of a real optical network, which is often exposed in harsh environment. There are risks of failure when using these ML-based QoT prediction models. It is necessary to develop a mechanism that can guarantee the reliability of a lightpath service even if the prediction models fail. For this, we propose to take advantage of the conventional network protection techniques that are popularly implemented in an optical network and reuse their protection resources to also protect against such a type of failure. Based on the two representative protection techniques, i.e., 1+1 dedicated path protection and shared backup path protection (SBPP), the performance of the proposed protection mechanism is evaluated by reserving different margins for the working and protection lightpaths. For 1+1 path protection, we find that the proposed mechanism can achieve a zero design-margin (D-margin) for a working lightpath thereby significantly improving network spectrum efficiency, while not scarifying the availability of lightpath services. For SBPP, we find that an optimal D-margin should be identified to balance the spectrum efficiency and service availability, and although not significant, the proposed mechanism can save an up to 0.5-dB D-margin for a working lightpath, while guaranteeing the service availability.

Methodology of adjusting the strategy of technical systems maintenance and repair according to the results of their operation

In the publication the authors solve the problem of forming the optimal volume of control actions to maintain the technical systems (TS) service availability. To achieve the desired result the analysis of the TS as a service object was carried out. As a result of the analysis the system elements with a level of reliability below the required level are assigned to a separate group for which the maintenance modes are formed later, their actual state being taken into account. Namely, the decision is made what work on these elements can perform and what forces and means of the technical support system will be required for their operation. To form a list of necessary operations, the functional scheme analysis of the TS considered is carried out, during the analysis the functional as well as degradation characteristics of the system elements are determined as well as the significance (weight) of each element in the system. The analysis of the functional scheme of the TS is performed by using the functional-topological method.

Efficient Intrusion Detection System for SDN Orchestrated Internet of Things

Internet of Things (IoT) can simply be defined as an extension of the current Internet system. It extends the human to human interconnection and intercommunication scenario of the Internet by including things, to bring anytime, anywhere, and anything communication. A discipline in networking evolving in parallel with IoT is Software Defined Networking (SDN). It is an important technology that is aimed to solve the different problems existing in the traditional network systems. It provides a new convenient home to address the different challenges existing in different network-based systems including IoT. One important security challenge prevailing in such SDN-based IoT (SDIoT) systems is guarantying service availability. The ever-increasing denial of service (DoS) attacks are responsible for such service denials. A centralized signature-based intrusion detection system (IDS) is proposed and developed in this work. Random Forest (RF) classifier is used for training the model. A very popular and recent benchmark dataset, CICIDS2017, has been used for training and validating the machine learning (ML) models. An accuracy result of 99.968% has been achieved by using only 12 features on Wednesday’s release of the dataset. This result is higher than the achieved accuracy results of related works considering the original CICIDS2017 dataset. A maximum cross-validated accuracy result of 99.713% has been achieved on the same release of the dataset. These developed models meet the basic requirement of a supervised IDS system developed for smart environments and can effectively be used in different IoT service scenarios.

Pseudorange Bias Analysis and Preliminary Service Performance Evaluation of BDSBAS

To satisfy the demands of civil aviation organizations and other users of satellite navigation systems for high-precision and high-integrity service performance, many countries and regions have established satellite-based augmentation systems (SBAS) referring to the Radio Technical Commission for Aeronautics (RTCA) service standards and agreements. The BeiDou SBAS (BDSBAS) provides both single-frequency service, which augments Global Positioning System (GPS) L1 C/A signal, and dual-frequency multi-constellation (DFMC) service, which augments BeiDou Navigation Satellite System (BDS) B1C and B2a dual frequency signals presently, meeting the requirements of the RTCA DO-229D protocol and the SBAS L5 DFMC protocol requirements, respectively. As one of the main error sources, the pseudorange bias errors of BDSBAS monitoring receivers were estimated and their effect on the performance of the BDSBAS service was analyzed. Based on the user algorithms of SBAS differential corrections and integrity information, the service accuracy, integrity, and availability of the BDSBAS were evaluated using real observation data. The results show that the maximum of monitoring receiver pseudorange bias errors between L1P and L1P/L2P can reach 1.57 m, which become the most important errors affecting the performance of the BDSBAS service. In addition, the results show that the pseudorange bias of GPS BlockIII is the smallest, while that of GPS BlockIIR is the largest. Compared with the positioning accuracy of the open service of the core constellation, the positioning accuracy of the BDSBAS service can be improved by approximately 47% and 36% for the RTCA service and DFMC service, respectively. For RTCA services, the protection limit (PL) calculated with the integrity information can 100% envelop the positioning error (PE) and no integrity risk event is detected. The service availability of BDSBAS for APV-I approach is approximately 98.8%, which is mainly affected by the availability of ionospheric grid corrections in the service marginal area. For DFMC service, the integrity risk is not detected either. The service availability for CAT-I approach is 100%. Improving the availability of ionospheric grid corrections is one of the important factors to improve service performance of BDSBAS RTCA service.