Yang Xin

Bio: Yang Xin is an academic researcher from Beijing University of Posts and Telecommunications. The author has contributed to research in topics: Computer science & Intrusion detection system. The author has an hindex of 10, co-authored 54 publications receiving 632 citations. Previous affiliations of Yang Xin include Huawei & Guizhou University.

Machine Learning and Deep Learning Methods for Cybersecurity

Abstract: With the development of the Internet, cyber-attacks are changing rapidly and the cyber security situation is not optimistic. This survey report describes key literature surveys on machine learning (ML) and deep learning (DL) methods for network analysis of intrusion detection and provides a brief tutorial description of each ML/DL method. Papers representing each method were indexed, read, and summarized based on their temporal or thermal correlations. Because data are so important in ML/DL methods, we describe some of the commonly used network datasets used in ML/DL, discuss the challenges of using ML/DL for cybersecurity and provide suggestions for research directions.

Multimodal Feature-Level Fusion for Biometrics Identification System on IoMT Platform

Abstract: Biometric systems have been actively emerging in various industries in the past few years and continue to provide higher-security features for access control systems. Many types of unimodal biometric systems have been developed. However, these systems are only capable of providing low- to mid-range security features. Thus, for higher-security features, the combination of two or more unimodal biometrics (multiple modalities) is required. In this paper, we propose a multimodal biometric system for person recognition using face, fingerprint, and finger vein images. Addressing this problem, we propose an efficient matching algorithm that is based on secondary calculation of the Fisher vector and uses three biometric modalities: face, fingerprint, and finger vein. The three modalities are combined and fusion is performed at the feature level. Furthermore, based on the method of feature fusion, the paper studies the fake feature which appears in the practical scene. The liveness detection is append to the system, detect the picture is real or fake based on DCT, then remove the fake picture to reduce the influence of accuracy rate, and increase the robust of system. The experimental results showed that the designed framework can achieve an excellent recognition rate and provide higher security than a unimodal biometric-based system, which are very important for a IoMT platform.

A Secure and Efficient Data Integrity Verification Scheme for Cloud-IoT Based on Short Signature

Abstract: The Internet of Things (IoT) is also known as the Internet of everything. As an important part of the new generation of intelligent information technology, the IoT has attracted the attention both of researchers and engineers all over the world. Considering the limited capacity of smart products, the IoT mainly uses cloud computing to expand computing and storage resources. The massive data collected by the sensor are stored in the cloud storage server, also the cloud vulnerability will directly threaten the security and reliability of the IoT. In order to ensure data integrity and availability in the cloud and IoT storage system, users need to verify the integrity of remote data. However, the existing remote data integrity verification schemes are mostly based on the RSA and BLS signature mechanisms. The RSA-based scheme has too much computational overhead. The BLS signature-based scheme needs to adopt a specific hash function, and the batch signature efficiency in the big data environment is low. Therefore, for the computational overhead and signature efficiency issues of these two signature mechanisms, we propose a scheme of data integrity verification based on a short signature algorithm (ZSS signature), which supports privacy protection and public auditing by introducing a trusted third party (TPA). The computational overhead is effectively reduced by reducing hash function overhead in the signature process. Under the assumption of CDH difficult problem, it can resist adaptive chosen-message attacks. The analysis shows that the scheme has a higher efficiency and safety.

Intrusion Detection Based on State Context and Hierarchical Trust in Wireless Sensor Networks

Abstract: Security problems have become obstacles in the practical application of wireless sensor networks (WSNs), and intrusion detection is the second line of defense. In this paper, an intrusion detection based on dynamic state context and hierarchical trust in WSNs is proposed, which is flexible and suitable for constantly changing WSNs characterized by changes in the perceptual environment, transitions of states of nodes, and variations in trust value. A multidimensional two-tier hierarchical trust mechanism in the level of sensor nodes (SNs) and cluster heads (CHs) considering interactive trust, honesty trust, and content trust is put forward, which combines direct evaluation and feedback-based evaluation in the fixed hop range. This means that the trust of SNs is evaluated by CHs, and the trust of CHs is evaluated by neighbor CHs and BS; in this way, the complexity of evaluation is reduced without evaluations by all other CHs in networks. Meanwhile, the intrusion detection mechanism based on a self-adaptive dynamic trust threshold is described, which improves the flexibility and applicability and is suitable for cluster-based WSNs. The experiment simulation and evaluation indicate that the mechanism we proposed outperforms the existing typical system in malicious detection and resource overhead.

An Intrusion Action-Based IDS Alert Correlation Analysis and Prediction Framework

Abstract: Since the rapid development of the internet, the emergence of network intrusion has become the focus of studies for scholars and security enterprises. As an important device for detecting and analyzing malicious behaviors in networks, IDS (Intrusion Detection Systems) is widely deployed in enterprises, organizations and plays a very important role in cyberspace security. The massive log data produced by IDS not only contains information about intrusion behaviors but also contains potential intrusion patterns. Through normalizing, correlating, and modeling data, we can obtain the patterns of different intrusion scenarios. Based on the previous works in the area of alert correlation and analyzing, this paper proposed a framework named IACF (Intrusion Action Based Correlation Framework), which improved the process of alert aggregating, action extraction, and scenario discovery, and applied a novel method for extracting intrusion sessions based on temporal metrics. The proposed framework utilized a new grouping method for raw alerts based on the concept of intrinsic strong correlations, rather than the conventional time windows and hyper alerts. For discovering high stable correlations between actions, redundant actions and action link modes are removed from sessions by a pruning algorithm to reduce the impact of false positives, finally, a correlation graph is constructed by fusing the pruned sessions, based on the correlation graph, a prediction method for the future attack is proposed. The experiment result shows that the framework is efficient in alert correlation and intrusion scenario construction.

Machine learning

Abstract: Machine Learning is the study of methods for programming computers to learn. Computers are applied to a wide range of tasks, and for most of these it is relatively easy for programmers to design and implement the necessary software. However, there are many tasks for which this is difficult or impossible. These can be divided into four general categories. First, there are problems for which there exist no human experts. For example, in modern automated manufacturing facilities, there is a need to predict machine failures before they occur by analyzing sensor readings. Because the machines are new, there are no human experts who can be interviewed by a programmer to provide the knowledge necessary to build a computer system. A machine learning system can study recorded data and subsequent machine failures and learn prediction rules. Second, there are problems where human experts exist, but where they are unable to explain their expertise. This is the case in many perceptual tasks, such as speech recognition, hand-writing recognition, and natural language understanding. Virtually all humans exhibit expert-level abilities on these tasks, but none of them can describe the detailed steps that they follow as they perform them. Fortunately, humans can provide machines with examples of the inputs and correct outputs for these tasks, so machine learning algorithms can learn to map the inputs to the outputs. Third, there are problems where phenomena are changing rapidly. In finance, for example, people would like to predict the future behavior of the stock market, of consumer purchases, or of exchange rates. These behaviors change frequently, so that even if a programmer could construct a good predictive computer program, it would need to be rewritten frequently. A learning program can relieve the programmer of this burden by constantly modifying and tuning a set of learned prediction rules. Fourth, there are applications that need to be customized for each computer user separately. Consider, for example, a program to filter unwanted electronic mail messages. Different users will need different filters. It is unreasonable to expect each user to program his or her own rules, and it is infeasible to provide every user with a software engineer to keep the rules up-to-date. A machine learning system can learn which mail messages the user rejects and maintain the filtering rules automatically. Machine learning addresses many of the same research questions as the fields of statistics, data mining, and psychology, but with differences of emphasis. Statistics focuses on understanding the phenomena that have generated the data, often with the goal of testing different hypotheses about those phenomena. Data mining seeks to find patterns in the data that are understandable by people. Psychological studies of human learning aspire to understand the mechanisms underlying the various learning behaviors exhibited by people (concept learning, skill acquisition, strategy change, etc.).

PORs: Proofs of Retrievability for Large Files

Abstract: In this paper, we define and explore proofs of retrievability (PORs). A POR scheme enables an archive or back-up service (prover) to produce a concise proof that a user (verifier) can retrieve a target file F, that is, that the archive retains and reliably transmits file data sufficient for the user to recover F in its entirety.A POR may be viewed as a kind of cryptographic proof of knowledge (POK), but one specially designed to handle a large file (or bitstring) F. We explore POR protocols here in which the communication costs, number of memory accesses for the prover, and storage requirements of the user (verifier) are small parameters essentially independent of the length of F. In addition to proposing new, practical POR constructions, we explore implementation considerations and optimizations that bear on previously explored, related schemes.In a POR, unlike a POK, neither the prover nor the verifier need actually have knowledge of F. PORs give rise to a new and unusual security definition whose formulation is another contribution of our work.We view PORs as an important tool for semi-trusted online archives. Existing cryptographic techniques help users ensure the privacy and integrity of files they retrieve. It is also natural, however, for users to want to verify that archives do not delete or modify files prior to retrieval. The goal of a POR is to accomplish these checks without users having to download the files themselves. A POR can also provide quality-of-service guarantees, i.e., show that a file is retrievable within a certain time bound.

Applications of Deep Reinforcement Learning in Communications and Networking: A Survey

Abstract: This paper presents a comprehensive literature review on applications of deep reinforcement learning (DRL) in communications and networking. Modern networks, e.g., Internet of Things (IoT) and unmanned aerial vehicle (UAV) networks, become more decentralized and autonomous. In such networks, network entities need to make decisions locally to maximize the network performance under uncertainty of network environment. Reinforcement learning has been efficiently used to enable the network entities to obtain the optimal policy including, e.g., decisions or actions, given their states when the state and action spaces are small. However, in complex and large-scale networks, the state and action spaces are usually large, and the reinforcement learning may not be able to find the optimal policy in reasonable time. Therefore, DRL, a combination of reinforcement learning with deep learning, has been developed to overcome the shortcomings. In this survey, we first give a tutorial of DRL from fundamental concepts to advanced models. Then, we review DRL approaches proposed to address emerging issues in communications and networking. The issues include dynamic network access, data rate control, wireless caching, data offloading, network security, and connectivity preservation which are all important to next generation networks, such as 5G and beyond. Furthermore, we present applications of DRL for traffic routing, resource sharing, and data collection. Finally, we highlight important challenges, open issues, and future research directions of applying DRL.