IoT-Based Access Management Supported by AI and Blockchains

Internet-of-Things (IoT), Artificial Intelligence (AI), and Blockchains (BCs) are essential techniques that are heavily researched and investigated today. This work here specifies, implements, and evaluates an IoT architecture with integrated BC and AI functionality to manage access control based on facial detection and recognition by incorporating the most recent state-of-the-art techniques. The system developed uses IoT devices for video surveillance, AI for face recognition, and BCs for immutable permanent storage to provide excellent properties in terms of image quality, end-to-end delay, and energy efficiency

Artificial Intelligence-Enabled DDoS Detection for Blockchain-Based Smart Transport Systems

Publishe

Collective Perception: A Safety Perspective

Vehicle-to-everything (V2X) communication is seen as one of the main enabling technol-ogies for automated vehicles. Collective perception is especially promising, as it allows connected traffic participants to “see through the eyes of others” by sharing sensor-detected objects via V2X communication. Its benefit is typically assessed in terms of the increased object update rate, redun-dancy, and awareness. To determine the safety improvement thanks to collective perception, the authors introduce new metrics, which quantify the environmental risk awareness of the traffic par-ticipants. The performance of the V2X service is then analyzed with the help of the test platform TEPLITS, using real traffic traces from German highways, amounting to over 100 h of total driving time. The results in the considered scenarios clearly show that collective perception not only con-tributes to the accuracy and integrity of the vehicles’ environmental perception, but also that a V2X market penetration of at least 25% is necessary to increase traffic safety from a “risk of serious traffic accidents” to a “residual hypothetical risk of collisions without minor injuries” for traffic participants equipped with non-redundant 360° sensor systems. These results support the ongoing world-wide standardization efforts of the collective perception service

Improved Bidirectional GAN-Based Approach for Network Intrusion Detection Using One-Class Classifier

Existing generative adversarial networks (GANs), primarily used for creating fake image samples from natural images, demand a strong dependence (i.e., the training strategy of the generators and the discriminators require to be in sync) for the generators to produce as realistic fake samples that can “fool” the discriminators. We argue that this strong dependency required for GAN training on images does not necessarily work for GAN models for network intrusion detection tasks. This is because the network intrusion inputs have a simpler feature structure such as relatively low-dimension, discrete feature values, and smaller input size compared to the existing GAN-based anomaly detection tasks proposed on images. To address this issue, we propose a new Bidirectional GAN (Bi-GAN) model that is better equipped for network intrusion detection with reduced overheads involved in excessive training. In our proposed method, the training iteration of the generator (and accordingly the encoder) is increased separate from the training of the discriminator until it satisfies the condition associated with the cross-entropy loss. Our empirical results show that this proposed training strategy greatly improves the performance of both the generator and the discriminator even in the presence of imbalanced classes. In addition, our model offers a new construct of a one-class classifier using the trained encoder–discriminator. The one-class classifier detects anomalous network traffic based on binary classification results instead of calculating expensive and complex anomaly scores (or thresholds). Our experimental result illustrates that our proposed method is highly effective to be used in network intrusion detection tasks and outperforms other similar generative methods on two datasets: NSL-KDD and CIC-DDoS2019 datasets.Publishe

No Free Lunch - Characterizing the Performance of 6TiSCH When Using Different Physical Layers

International audienceLow-power wireless applications require different trade off points between latency, reliability ,data rate and power consumption. Given such a set of constraints, which physical layer should I beusing? We study this question in the context of 6TiSCH,a state-of-the-art recently standardized protocol stack developed for harsh industrial applications. Specifically,we augment OpenWSN, the reference 6TiSCHopen-source implementation,to support one of three physical layers from the IEEE802.15.4g standard FSK 868 MHz which offers long range, OFDM 868 MHz which offers high data rate,and O-QPSK 2.4GHz which offers more balanced performance. We run the resulting firmware on the42-mote Open Testbed deployed in an office environment, once for each physical layer. Performance results show that, indeed, no physical layer outperforms the other for all metrics. This article argues for combining the physical layers, rather than choosing one,in a generalized 6TiSCH architecture in which technology-agile radio chips (of which there are now many) are driven by a protocol stack which c hooses the most appropriate physical layer on a frame-by-frame basis

Enhancing SDN WISE with Slicing Over TSCH

[EN] IWSNs (Industrial Wireless Sensor Networks) have become the next step in the evolution of WSN (Wireless Sensor Networks) due to the nature and demands of modern industry. With this type of network, flexible and scalable architectures can be created that simultaneously support traffic sources with different characteristics. Due to the great diversity of application scenarios, there is a need to implement additional capabilities that can guarantee an adequate level of reliability and that can adapt to the dynamic behavior of the applications in use. The use of SDNs (Software Defined Networks) extends the possibilities of control over the network and enables its deployment at an industrial level. The signaling traffic exchanged between nodes and controller is heavy and must occupy the same channel as the data traffic. This difficulty can be overcome with the segmentation of the traffic into flows, and correct scheduling at the MAC (Medium Access Control) level, known as slices. This article proposes the integration in the SDN controller of a traffic manager, a routing process in charge of assigning different routes according to the different flows, as well as the introduction of the Time Slotted Channel Hopping (TSCH) Scheduler. In addition, the TSCH (Time Slotted Channel Hopping) is incorporated in the SDN-WISE framework (Software Defined Networking solution for Wireless Sensor Networks), and this protocol has been modified to send the TSCH schedule. These elements are jointly responsible for scheduling and segmenting the traffic that will be sent to the nodes through a single packet from the controller and its performance has been evaluated through simulation and a testbed. The results obtained show how flexibility, adaptability, and determinism increase thanks to the joint use of the routing process and the TSCH Scheduler, which makes it possible to create a slicing by flows, which have different quality of service requirements. This in turn helps guarantee their QoS characteristics, increase the PDR (Packet Delivery Ratio) for the flow with the highest priority, maintain the DMR (Deadline Miss Ratio), and increase the network lifetime.This work has been supported by the MCyU (Spanish Ministry of Science and Universities) under the project ATLAS (PGC2018-094151-B-I00), which is partially funded by AEI, FEDER and EU and has been possible thanks to the collaboration of the Instituto Tecnologico de Informatica (ITI) of Valencia.Orozco-Santos, F.; Sempere Paya, VM.; Albero Albero, T.; Silvestre-Blanes, J. (2021). Enhancing SDN WISE with Slicing Over TSCH. Sensors. 21(4):1-29. https://doi.org/10.3390/s21041075S12921

Wrapping trust for interoperability: A preliminary study of wrapped tokens

As known, blockchains are traditionally blind to the real world. This implies the reliance on third parties called oracles when extrinsic data is needed for smart contracts. However, reintroducing trust and single point of failure, oracles implementation is still controversial and debated. The blindness to the real world makes blockchains also unable to communicate with each other preventing any form of interoperability. An early approach to the interoperability issue is constituted by wrapped tokens, representing blockchain native tokens issued on a non-native blockchain. Similar to how oracles reintroduce trust, and single point of failure, the issuance of wrapped tokens involves third parties whose characteristics need to be considered when evaluating the advantages of crossing-chains. This paper provides an overview of the wrapped tokens and the main technologies implemented in their issuance. Advantages, as well as limitations, are also listed and discussed.Comment: 14 pages, 4 figures and 1 table. Oriented to a conferenc

QoS enabled heterogeneous BLE mesh networks

Bluetooth Low Energy (BLE) is a widely known short-range wireless technology used for various Internet of Things (IoT) applications. Recently, with the introduction of BLE mesh networks, this short-range barrier of BLE has been overcome. However, the added advantage of an extended range can come at the cost of a lower performance of these networks in terms of latency, throughput and reliability, as the core operation of BLE mesh is based on advertising and packet flooding. Hence, efficient management of the system is required to achieve a good performance of these networks and a smoother functioning in dense scenarios. As the number of configuration points in a standard mesh network is limited, this paper describes a novel set of standard compliant Quality of Service (QoS) extensions for BLE mesh networks. The resulting QoS features enable better traffic management in the mesh network, providing sufficient redundancy to achieve reliability whilst avoiding unnecessary packet flooding to reduce collisions, as well as the prioritization of certain traffic flows and the ability to control end-to-end latencies. The QoS-based system has been implemented and validated in a small-scale BLE mesh network and compared against a setup without any QoS support. The assessment in a small-scale test setup confirms that applying our QoS features can enhance these types of non-scheduled and random access networks in a significant way

Transferability of Intrusion Detection Systems Using Machine Learning between Networks

Intrusion detection systems (IDS) using machine learning is a next generation tool to strengthen the cyber security of networks. Such systems possess the potential to detect zero-day attacks, attacks that are unknown to researchers and are occurring for the first time in history. This thesis tackles novel ideas in this research domain and solves foreseeable issues of a practical deployment of such tool. The main issue addressed in this thesis are situations where an entity intends to implement an IDS using machine learning onto their network, but do not have attack data available from their own network to train the IDS. A solution is to train the IDS using attack data from other networks. However, there is a degree of uncertainty whether this is feasible as different networks use different applications and have different uses. Such IDS may not be able to adequately operate on a network when trained on data from an entirely different network. The proposed methodology in this research recommends the training set should combine attack data collected from other networks with benign traffic which originates from the network the IDS is to be implemented on. This method is compared with a training set which is completely composed of both attack and benign data from a completely different network. The best performing model implemented with both training sets demonstrated the feasibility of both scenarios. Both versions of that model achieved an F1 score of 0.82 and 0.81 respectively, and both versions detected roughly 70% of attacks and 99% of benign traffic. However, most IDSs trained on the former training set listed yielded the best results. The main benefit of training a model on target network benign data is to minimize false positive classifications. The average model witnessed a 113% boost in precision, compared to their counterparts trained on foreign network benign data. Another issue addressed in this thesis is the detection scope of attacks. The IDS scope of detection is limited to the attacks it is trained on. Using the proposed IDS training set, an intuitive feature selection scheme and classification threshold adjustment, this thesis improves the IDS scope of detection to detect attacks outside of its training data. Feature selection can manipulate an IDS to detect specific attacks not included in its training data. Using threshold tuning, the IDSs in this thesis detected up to 200% more attacks. Both issues and solutions are simulated and verified in two separate scenarios using neural networks and random forest