Vulnerabilities of Unattended Face Verification Systems to Facial Components-based Presentation Attacks: An Empirical Study

As face presentation attacks (PAs) are realistic threats for unattended face verification systems, face presentation attack detection (PAD) has been intensively investigated in past years, and the recent advances in face PAD have significantly reduced the success rate of such attacks. In this article, an empirical study on a novel and effective face impostor PA is made. In the proposed PA, a facial artifact is created by using the most vulnerable facial components, which are optimally selected based on the vulnerability analysis of different facial components to impostor PAs. An attacker can launch a face PA by presenting a facial artifact on his or her own real face. With a collected PA database containing various types of artifacts and presentation attack instruments (PAIs), the experimental results and analysis show that the proposed PA poses a more serious threat to face verification and PAD systems compared with the print, replay, and mask PAs. Moreover, the generalization ability of the proposed PA and the vulnerability analysis with regard to commercial systems are also investigated by evaluating unknown face verification and real-world PAD systems. It provides a new paradigm for the study of face PAs.

Secured and Privacy-Based IDS for Healthcare Systems on E-Medical Data Using Machine Learning Approach

Existing methods use static path identifiers, making it easy for attackers to conduct DDoS flooding attacks. Create a system using Dynamic Secure aware Routing by Machine Learning (DAR-ML) to solve healthcare data. A DoS detection system by ML algorithm is proposed in this paper. First, to access the user to see the authorized process. Next, after the user registration, users can compare path information through correlation factors between nodes. Then, choose the device that will automatically activate and decrypt the data key. The DAR-ML is traced back to all healthcare data in the end module. In the next module, the users and admin can describe the results. These are the outcomes of using the network to make it easy. Through a time interval of 21.19% of data traffic, the findings demonstrate an attack detection accuracy of over 98.19%, with high precision and a probability of false alarm.

Detection and Mitigation of Sensor and CAN Bus Attacks in Vehicle Anti-Lock Braking Systems

For a modern vehicle, if the sensor in a vehicle anti-lock braking system (ABS) or controller area network (CAN) bus is attacked during a brake process, the vehicle will lose driving direction control and the driver’s life will be highly threatened. However, current methods for detecting attacks are not sufficiently accurate, and no method can provide attack mitigation. To ensure vehicle ABS security, we propose an attack detection method to accurately detect both sensor attack (SA) and CAN bus attack in a vehicle ABS, and an attack mitigation strategy to mitigate their negative effects on the vehicle ABS. In our attack detection method, we build a vehicle state space equation that considers the real-time road friction coefficient to predict vehicle states (i.e., wheel speed and longitudinal brake force) with their previous values. Based on sets of historical measured vehicle states, we develop a search algorithm to find out attack changes (vehicle state changes because of attack) by minimizing errors between the predicted vehicle states and the measured vehicle states. In our attack mitigation strategy, attack changes are subtracted from the measured vehicle states to generate correct vehicle states for a vehicle ABS. We conducted the first real SA experiments to show how a magnet affects sensor readings. Our simulation results demonstrate that our attack detection method can detect SA and CAN bus attack more accurately compared with existing methods, and also that our attack mitigation strategy almost eliminates the attack’s effects on a vehicle ABS.

Research and development automatically generate detection rules for IDS based on machine learning technology

Abstract—Nowadays, there have been many signature-based intrusion detection systems deployed and widely used. These systems are capable of detecting known attacks with low false alarm rates, fast detection times, and little system resource requirements. However, these systems are less effective against new attacks that are not included in the ruleset. In addition, recent studies provide a new approach to the problem of detecting unknown types of network attacks based on machine learning and deep learning. However, this new approach requires a lot of resources, processing time and has a high false alarm rate. Therefore, it is necessary to find a solution that combines the advantages of the two approaches above in the problem of detecting network attacks. In this paper, the authors present a method to automatically generate network attack detection rules for the IDS system based on the results of training machine learning models. Through testing, the author proves that the system that automatically generates network attack detection rules for IDS based on machine learning meets the requirements of increasing the ability to detect new types of attacks, ensuring automatic effective updates of new signs of network attacks. Tóm tắt—Ngày nay, đã có nhiều hệ thống phát hiện xâm nhập dựa trên chữ ký được triển khai và sử dụng rộng rãi. Các hệ thống này có khả năng phát hiện các cuộc tấn công đã biết với tỷ lệ báo động giả thấp, thời gian phát hiện nhanh và yêu cầu ít tài nguyên hệ thống. Tuy nhiên, các hệ thống này kém hiệu quả khi chống lại các cuộc tấn công mới không có trong tập luật. Các nghiên cứu gần đây cung cấp một cách tiếp cận mới cho vấn đề phát hiện các kiểu tấn công mạng mới dựa trên học máy và học sâu. Tuy nhiên, cách tiếp cận này đòi hỏi nhiều tài nguyên, thời gian xử lý. Vì vậy, cần tìm ra giải pháp kết hợp ưu điểm của hai cách tiếp cận trên trong bài toán phát hiện tấn công mạng. Trong bài báo này, nhóm tác giả trình bày phương pháp tự động sinh luật phát hiện tấn công mạng cho hệ thống phát hiện xâm nhập dựa trên kết quả huấn luyện mô hình học máy. Qua thử nghiệm, tác giả chứng minh rằng phương pháp này đáp ứng yêu cầu tăng khả năng phát hiện chính xác các kiểu tấn công mới, đảm bảo tự động cập nhật hiệu quả các dấu hiệu tấn công mạng mới vào tập luật.

A Multifractal Analysis and Machine Learning Based Intrusion Detection System with an Application in a UAS/RADAR System

The rapid development of Internet of Things (IoT) technology, together with mobile network technology, has created a never-before-seen world of interconnection, evoking research on how to make it vaster, faster, and safer. To support the ongoing fight against the malicious misuse of networks, in this paper we propose a novel algorithm called AMDES (unmanned aerial system multifractal analysis intrusion detection system) for spoofing attack detection. This novel algorithm is based on both wavelet leader multifractal analysis (WLM) and machine learning (ML) principles. In earlier research on unmanned aerial systems (UAS), intrusion detection systems (IDS) based on multifractal (MF) spectral analysis have been used to provide accurate MF spectrum estimations of network traffic. Such an estimation is then used to detect and characterize flooding anomalies that can be observed in an unmanned aerial vehicle (UAV) network. However, the previous contributions have lacked the consideration of other types of network intrusions commonly observed in UAS networks, such as the man in the middle attack (MITM). In this work, this promising methodology has been accommodated to detect a spoofing attack within a UAS. This methodology highlights a robust approach in terms of false positive performance in detecting intrusions in a UAS location reporting system.

The usage of power system multi-model forecasting aided state estimation for cyber attack detection

THE PURPOSE. Smart electrical grids involve extensive use of information infrastructure. Such an aggregate cyber-physical system can be subject to cyber attacks. One of the ways to counter cyberattacks is state estimation. State Estimation is used to identify the present power system operating state and eliminating metering errors and corrupted data. In particular, when a real measurement is replaced by a false one by a malefactor or a failure in the functioning of communication channels occurs, it is possible to detect false data and restore them. However, there is a class of cyberattacks, so-called False Data Injection Attack, aimed at distorting the results of the state estimation. The aim of the research was to develop a state estimation algorithm, which is able to work in the presence of cyber-attack with high accuracy.METHODS. The authors propose a Multi-Model Forecasting-Aided State Estimation method based on multi-model discrete tracking parameter estimation by the Kalman filter. The multimodal state estimator consisted of three single state estimators, which produced single estimates using different forecasting models. In this paper only linear forecasting models were considered, such as autoregression model, vector autoregression model and Holt’s exponen tial smoothing. When we obtained the multi-model estimate as the weighted sum of the single-model estimates. Cyberattack detection was implemented through innovative and residual analysis. The analysis of the proposed algorithm performance was carried out by simulation modeling using the example of a IEEE 30-bus system in Matlab.RESULTS. The paper describes an false data injection cyber attack and its specific impact on power system state estimation. A Multi - Model Forecasting-Aided State Estimation algorithm has been developed, which allows detecting cyber attacks and recovering corrupted data. Simulation of the algorithm has been carried out and its efficiency has been proved.CONCLUSION. The results showed the cyber attack detection rate of 100%. The Multi-Model Forecasting-Aided State Estimation is an protective measure against the impact of cyber attacks on power system.