Shuaipeng Zhang

Bio: Shuaipeng Zhang is an academic researcher from East China Normal University. The author has contributed to research in topics: Computer science & Vehicular ad hoc network. The author has an hindex of 1, co-authored 2 publications receiving 3 citations.

Blockchain and Federated Learning for Collaborative Intrusion Detection in Vehicular Edge Computing

Abstract: The vehicular networks constructed by interconnected vehicles and transportation infrastructure are vulnerable to cyber-intrusions due to the expanded use of software and the introduction of wireless interfaces. Intrusion detection systems (IDSs) can be customized efficiently in response to this increased attack surface. There has been significant progress in detecting malicious attack traffic using machine learning approaches. However, existing IDSs require network devices with powerful computing capabilities to continuously train and update complex network models, which reduces the efficiency and defense capability of intrusion detection systems due to limited resources and untimely model updates. This work proposes a cooperative intrusion detection mechanism that offloads the training model to distributed edge devices (e.g., connected vehicles and roadside units (RSUs). Distributed federated-based approach reduces resource utilization of the central server while assuring security and privacy. To ensure the security of the aggregation model, blockchain is used for the storage and sharing of the training models. This work analyzes common attacks and shows that the proposed scheme achieves cooperative privacy-preservation for vehicles while reducing communication overhead and computation cost.

Cross-Department Collaborative Healthcare Process Model Discovery From Event Logs

Abstract: Healthcare plays an increasingly essential role in our daily life. Modern Hospital Information Systems (HISs) record and store detailed medical treatment process information for all patients as event logs. By taking event logs as input, process mining techniques have been widely applied to extract valuable insights to improve medical treatment processes and deliver better healthcare services. However, considering the complexity of collaborations among different medical departments, existing model discovery techniques cannot be applied directly. To handle this limitation, this paper proposes a novel approach to support the discovery of Cross-department Collaborative Healthcare Process (CCHP) models from medical event logs. Specifically, an extension of classical Petri Nets with message and resource attributes is first introduced to formalize CCHPs. Then, a novel discovery algorithm is proposed to discover Intra-department Healthcare Process (IHP) models. Next, collaboration patterns among medical departments are formalized and corresponding discovery algorithms are given on that basis. Finally, a global CCHP model is obtained by integrating all discovered collaboration patterns and IHP models. By using four public medical event logs, we quantitatively compare our approach with the state-of-the-art process mining techniques in terms of model quality, and our experimental results demonstrate that the proposed approach can discover more accurate healthcare process models. Note to Practitioners—The recorded medical event logs by HISs can be used to extract valuable insights for the analysis of healthcare processes. However, existing process model discovery techniques cannot be applied for the analysis directly due to the complex collaborations among different medical departments of a hospital. This paper introduces a novel approach for cross-department collaborative healthcare process model discovery from medical event logs. All proposed techniques are fully implemented and publicly available. Using four public medical event logs, we show the applicability and advantages of our approach against existing ones. The proposed techniques are applicable to the model discovery and behavior understanding of real-life operational healthcare processes.

Distributed Collaborative Anomaly Detection for Trusted Digital Twin Vehicular Edge Networks.

Abstract: The vehicular networks are vulnerable to cyber security attacks due to the vehicles’ large attack surface. Anomaly detection is an effective means to deal with this kind of attack. Due to the vehicle’s limited computation resources, the vehicular edge network (VEN) has been proposed provide additional computing power while meeting the demand of low latency. However, the time-space limitation of edge computing prevents the vehicle data from being fully utilized. To solve this problem, a digital twin vehicular edge networks (DITVEN) is proposed. The distributed trust evaluation is established based on the trust chain transitivity and aggregation for edge computing units and digital twins to ensure the credibility of digital twins. The local reachability density and outlier factor are introduced for the time awareness anomaly detection. The curl and divergence based elements are utilized to achieve the space awareness anomaly detection. The mutual trust evaluation and anomaly detection is implemented for performance analysis, which indicates that the proposed scheme is suitable for digital twin vehicular applications.

A Hybrid Genetic Service Mining Method Based on Trace Clustering Population

Abstract: SUMMARY Service mining aims to use process mining for the anal- ysis of services, making it possible to discover, analyze, and improve service processes. In the context of Web services, the recording of all kinds of events related to activities is possible, which can be used to extract new information of service processes. However, the distributed nature of the services tends to generate large-scale service event logs, which complicates the discovery and analysis of service processes. To solve this prob- lem, this research focus on the existing large-scale service event logs, a hybrid genetic service mining based on a trace clustering population method (HGSM) is proposed. By using trace clustering, the complex service system is divided into multiple functionally independent components, thereby simplifying the mining environment; And HGSM improves the mining ef-ficiency of the genetic mining algorithm from the aspects of initial pop- ulation quality improvement and genetic operation improvement, makes it better handle large service event logs. Experimental results demonstrate that compare with existing state-of-the-art mining methods, HGSM has better characteristics to handle large service event logs, in terms of both the mining e ffi ciency and model quality.

Federated Deep Learning for Zero-Day Botnet Attack Detection in IoT Edge Devices

Abstract: Deep Learning (DL) has been widely proposed for botnet attack detection in Internet of Things (IoT) networks. However, the traditional Centralized DL (CDL) method cannot be used to detect previously unknown (zero-day) botnet attack without breaching the data privacy rights of the users. In this paper, we propose Federated Deep Learning (FDL) method for zero-day botnet attack detection to avoid data privacy leakage in IoT edge devices. In this method, an optimal Deep Neural Network (DNN) architecture is employed for network traffic classification. A model parameter server remotely coordinates the independent training of the DNN models in multiple IoT edge devices, while Federated Averaging (FedAvg) algorithm is used to aggregate local model updates. A global DNN model is produced after a number of communication rounds between the model parameter server and the IoT edge devices. Zero-day botnet attack scenarios in IoT edge devices is simulated with the Bot-IoT and N-BaIoT data sets. Experiment results show that FDL model: (a) detects zero-day botnet attacks with high classification performance; (b) guarantees data privacy and security; (c) has low communication overhead (d) requires low memory space for the storage of training data; and (e) has low network latency. Therefore, FDL method outperformed CDL, Localized DL, and Distributed DL methods in this application scenario.

Federated Deep Learning for Zero-Day Botnet Attack Detection in IoT-Edge Devices

Abstract: Deep learning (DL) has been widely proposed for botnet attack detection in Internet of Things (IoT) networks. However, the traditional centralized DL (CDL) method cannot be used to detect the previously unknown (zero-day) botnet attack without breaching the data privacy rights of the users. In this article, we propose the federated DL (FDL) method for zero-day botnet attack detection to avoid data privacy leakage in IoT-edge devices. In this method, an optimal deep neural network (DNN) architecture is employed for network traffic classification. A model parameter server remotely coordinates the independent training of the DNN models in multiple IoT-edge devices, while the federated averaging (FedAvg) algorithm is used to aggregate local model updates. A global DNN model is produced after a number of communication rounds between the model parameter server and the IoT-edge devices. The zero-day botnet attack scenarios in IoT-edge devices is simulated with the Bot-IoT and N-BaIoT data sets. Experiment results show that the FDL model: 1) detects zero-day botnet attacks with high classification performance; 2) guarantees data privacy and security; 3) has low communication overhead; 4) requires low-memory space for the storage of training data; and 5) has low network latency. Therefore, the FDL method outperformed CDL, localized DL, and distributed DL methods in this application scenario.

Federated Intrusion Detection in Blockchain-Based Smart Transportation Systems

Abstract: With the integration of the Internet of Things (IoT) in the field of transportation, the Internet of Vehicles (IoV) turned to be a vital method for designing Smart Transportation Systems (STS). STS consist of various interconnected vehicles and transportation infrastructure exposed to cyber intrusion due to the broad usage of software and the initiation of wireless interfaces. This study proposes a federated deep learning-based intrusion detection framework (FED-IDS) to efficiently detect attacks by offloading the learning process from servers to distributed vehicular edge nodes. FED-IDS introduces a context-aware transformer network to learn spatial-temporal representations of vehicular traffic flows necessary for classifying different categories of attacks. Blockchain-managed federated training is presented to enable multiple edge nodes to offer secure, distributed, and reliable training without the need for centralized authority. In the blockchain, miners confirm the distributed local updates from participating vehicles to stop unreliable updates from being deposited on the blockchain. The experiments on two public datasets (i.e., Car-Hacking, TON_IoT) demonstrated the efficiency of FED-IDS against state-of-the-art approaches. It reveals the credibility of securing networks of intelligent transportation systems against cyber-attacks.

Demystifying In-Vehicle Intrusion Detection Systems: A Survey of Surveys and a Meta-Taxonomy

Abstract: Breaches in the cyberspace due to cyber-physical attacks can harm the physical space, and any type of vehicle is an alluring target for wrongdoers for an assortment of reasons. Especially, as the automobiles are becoming increasingly interconnected within the Cooperative Intelligent Transport System (C-ITS) realm and their level of automation elevates, the risk for cyberattacks augments along with the attack surface, thus inexorably rendering the risk of complacency and inaction sizable. Next to other defensive measures, intrusion detection systems (IDS) already comprise an inextricable component of modern automobiles in charge of detecting intrusions in the system while in operation. This work concentrates on in-vehicle IDS with the goal to deliver a fourfold comprehensive survey of surveys on this topic. First, we collect and analyze all existing in-vehicle IDS classifications and fuse them into a simpler, overarching one that can be used as a base for classifying any work in this area. Second, we gather and elaborate on the so-far available datasets which can be possibly used to train and evaluate an in-vehicle IDS. Third, we survey non-commercial simulators which may be utilized for creating a dataset or evaluating an IDS. The last contribution pertains to a thorough exposition of the future trends and challenges in this area. To our knowledge, this work provides the first wholemeal survey on in-vehicle IDS, and it is therefore anticipated to serve as a groundwork and point of reference for multiple stakeholders at varying levels.