Spatiotemporal patterns and predictability of cyberattacks

A relatively unexplored issue in cybersecurity science and engineering is whether there exist intrinsic patterns of cyberattacks. Conventional wisdom favors absence of such patterns due to the overwhelming complexity of the modern cyberspace. Surprisingly, through a detailed analysis of an extensive data set that records the time-dependent frequencies of attacks over a relatively wide range of consecutive IP addresses, we successfully uncover intrinsic spatiotemporal patterns underlying cyberattacks, where the term "spatio" refers to the IP address space. In particular, we focus on analyzing {\em macroscopic} properties of the attack traffic flows and identify two main patterns with distinct spatiotemporal characteristics: deterministic and stochastic. Strikingly, there are very few sets of major attackers committing almost all the attacks, since their attack "fingerprints" and target selection scheme can be unequivocally identified according to the very limited number of unique spatiotemporal characteristics, each of which only exists on a consecutive IP region and differs significantly from the others. We utilize a number of quantitative measures, including the flux-fluctuation law, the Markov state transition probability matrix, and predictability measures, to characterize the attack patterns in a comprehensive manner. A general finding is that the attack patterns possess high degrees of predictability, potentially paving the way to anticipating and, consequently, mitigating or even preventing large-scale cyberattacks using macroscopic approaches

Spatiotemporal Patterns and Predictability of Cyberattacks

Y.C.L. was supported by Air Force Office of Scientific Research (AFOSR) under grant no. FA9550-10-1-0083 and Army Research Office (ARO) under grant no. W911NF-14-1-0504. S.X. was supported by Army Research Office (ARO) under grant no. W911NF-13-1-0141. The funders had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript.Peer reviewedPublisher PD

Spatial-Temporal Deep Embedding for Vehicle Trajectory Reconstruction from High-Angle Video

Spatial-temporal Map (STMap)-based methods have shown great potential to process high-angle videos for vehicle trajectory reconstruction, which can meet the needs of various data-driven modeling and imitation learning applications. In this paper, we developed Spatial-Temporal Deep Embedding (STDE) model that imposes parity constraints at both pixel and instance levels to generate instance-aware embeddings for vehicle stripe segmentation on STMap. At pixel level, each pixel was encoded with its 8-neighbor pixels at different ranges, and this encoding is subsequently used to guide a neural network to learn the embedding mechanism. At the instance level, a discriminative loss function is designed to pull pixels belonging to the same instance closer and separate the mean value of different instances far apart in the embedding space. The output of the spatial-temporal affinity is then optimized by the mutex-watershed algorithm to obtain final clustering results. Based on segmentation metrics, our model outperformed five other baselines that have been used for STMap processing and shows robustness under the influence of shadows, static noises, and overlapping. The designed model is applied to process all public NGSIM US-101 videos to generate complete vehicle trajectories, indicating a good scalability and adaptability. Last but not least, the strengths of the scanline method with STDE and future directions were discussed. Code, STMap dataset and video trajectory are made publicly available in the online repository. GitHub Link: shorturl.at/jklT0

Trajectory Privacy Preservation and Lightweight Blockchain Techniques for Mobility-Centric IoT

Various research efforts have been undertaken to solve the problem of trajectory privacy preservation in the Internet of Things (IoT) of resource-constrained mobile devices. Most attempts at resolving the problem have focused on the centralized model of IoT, which either impose high delay or fail against a privacy-invading attack with long-term trajectory observation. These proposed solutions also fail to guarantee location privacy for trajectories with both geo-tagged and non-geo-tagged data, since they are designed for geo-tagged trajectories only. While a few blockchain-based techniques have been suggested for preserving trajectory privacy in decentralized model of IoT, they require large storage capacity on resource-constrained devices and can only provide conditional privacy when a set of authorities governs the blockchain. This dissertation addresses these challenges to develop efficient trajectory privacy-preservation and lightweight blockchain techniques for mobility-centric IoT. We develop a pruning-based technique by quantifying the relationship between trajectory privacy and delay for real-time geo-tagged queries. This technique yields higher trajectory privacy with a reduced delay than contemporary techniques while preventing a long-term observation attack. We extend our study with the consideration of the presence of non-geo-tagged data in a trajectory. We design an attack model to show the spatiotemporal correlation between the geo-tagged and non-geo-tagged data which undermines the privacy guarantee of existing techniques. In response, we propose a methodology that considers the spatial distribution of the data in trajectory privacy-preservation and improves existing solutions, in privacy and usability. With respect to blockchain, we design and implement one of the first blockchain storage management techniques utilizing the mobility of the devices. This technique reduces the required storage space of a blockchain and makes it lightweight for resource-constrained mobile devices. To address the trajectory privacy challenges in an authority-based blockchain under the short-range communication constraints of the devices, we introduce a silence-based one of the first technique to establish a balance between trajectory privacy and blockchain utility. The designed trajectory privacy- preservation techniques we established are light- weight and do not require an intermediary to guarantee trajectory privacy, thereby providing practical and efficient solution for different mobility-centric IoT, such as mobile crowdsensing and Internet of Vehicles

Doctor of Philosophy

dissertationWildfire is a common hazard in the western U.S. that can cause significant loss of life and property. When a fire approaches a community and becomes a threat to the residents, emergency managers need to take into account both fire behavior and the expected response of the threatened population to warnings before they issue protective action recommendations to the residents at risk. In wildfire evacuation practices, incident commanders use prominent geographic features (e.g., rivers, roads, and ridgelines) as trigger points, such that when a fire crosses a feature, the selected protective action recommendation will be issued to the residents at risk. This dissertation examines the dynamics of evacuation timing by coupling wildfire spread modeling, trigger modeling, reverse geocoding, and traffic simulation to model wildfire evacuation as a coupled human-environmental system. This dissertation is composed of three manuscripts. In the first manuscript, wildfire simulation and household-level trigger modeling are coupled to stage evacuation warnings. This work presents a bottom-up approach to constructing evacuation warning zones and is characterized by fine-grain, data-driven spatial modeling. The results in this work will help improve our understanding and representation of the spatiotemporal dynamics in wildfire evacuation timing and warnings. The second manuscript integrates trigger modeling and reverse geocoding to extract and select prominent geographic features along the boundary of a trigger buffer. A case study using a global gazetteer GeoNames demonstrates the potential value of the proposed method in facilitating communications in real-world evacuation practice. This work also sheds light on using reverse geocoding in other environmental modeling applications. The third manuscript explores the spatiotemporal dynamics behind evacuation timing by coupling fire and traffic simulation models. The proposed method sets wildfire evacuation triggers based on the estimated evacuation times using agent-based traffic simulation and could be potentially used in evacuation planning. In summary, this dissertation enriches existing trigger modeling approaches by coupling fire simulation, reverse geocoding, and traffic simulation. A framework for modeling wildfire evacuation as a coupled human-environmental system using triggers is proposed. Moreover, this dissertation also attempts to advocate and promote open science in wildfire evacuation modeling by using open data and software tools in different phases of modeling and simulation

Doctor of Philosophy

dissertationWildfire is a common hazard in the western U.S. that can cause significant loss of life and property. When a fire approaches a community and becomes a threat to the residents, emergency managers need to take into account both fire behavior and the expected response of the threatened population to warnings before they issue protective action recommendations to the residents at risk. In wildfire evacuation practices, incident commanders use prominent geographic features (e.g., rivers, roads, and ridgelines) as trigger points, such that when a fire crosses a feature, the selected protective action recommendation will be issued to the residents at risk. This dissertation examines the dynamics of evacuation timing by coupling wildfire spread modeling, trigger modeling, reverse geocoding, and traffic simulation to model wildfire evacuation as a coupled human-environmental system. This dissertation is composed of three manuscripts. In the first manuscript, wildfire simulation and household-level trigger modeling are coupled to stage evacuation warnings. This work presents a bottom-up approach to constructing evacuation warning zones and is characterized by fine-grain, data-driven spatial modeling. The results in this work will help improve our understanding and representation of the spatiotemporal dynamics in wildfire evacuation timing and warnings. The second manuscript integrates trigger modeling and reverse geocoding to extract and select prominent geographic features along the boundary of a trigger buffer. A case study using a global gazetteer GeoNames demonstrates the potential value of the proposed method in facilitating communications in real-world evacuation practice. This work also sheds light on using reverse geocoding in other environmental modeling applications. The third manuscript explores the spatiotemporal dynamics behind evacuation timing by coupling fire and traffic simulation models. The proposed method sets wildfire evacuation triggers based on the estimated evacuation times using agent-based traffic simulation and could be potentially used in evacuation planning. In summary, this dissertation enriches existing trigger modeling approaches by coupling fire simulation, reverse geocoding, and traffic simulation. A framework for modeling wildfire evacuation as a coupled human-environmental system using triggers is proposed. Moreover, this dissertation also attempts to advocate and promote open science in wildfire evacuation modeling by using open data and software tools in different phases of modeling and simulation

Video Quality Prediction for Video over Wireless Access Networks (UMTS and WLAN)

Transmission of video content over wireless access networks (in particular, Wireless Local Area Networks (WLAN) and Third Generation Universal Mobile Telecommunication System (3G UMTS)) is growing exponentially and gaining popularity, and is predicted to expose new revenue streams for mobile network operators. However, the success of these video applications over wireless access networks very much depend on meeting the user’s Quality of Service (QoS) requirements. Thus, it is highly desirable to be able to predict and, if appropriate, to control video quality to meet user’s QoS requirements. Video quality is affected by distortions caused by the encoder and the wireless access network. The impact of these distortions is content dependent, but this feature has not been widely used in existing video quality prediction models. The main aim of the project is the development of novel and efficient models for video quality prediction in a non-intrusive way for low bitrate and resolution videos and to demonstrate their application in QoS-driven adaptation schemes for mobile video streaming applications. This led to five main contributions of the thesis as follows:(1) A thorough understanding of the relationships between video quality, wireless access network (UMTS and WLAN) parameters (e.g. packet/block loss, mean burst length and link bandwidth), encoder parameters (e.g. sender bitrate, frame rate) and content type is provided. An understanding of the relationships and interactions between them and their impact on video quality is important as it provides a basis for the development of non-intrusive video quality prediction models.(2) A new content classification method was proposed based on statistical tools as content type was found to be the most important parameter. (3) Efficient regression-based and artificial neural network-based learning models were developed for video quality prediction over WLAN and UMTS access networks. The models are light weight (can be implemented in real time monitoring), provide a measure for user perceived quality, without time consuming subjective tests. The models have potential applications in several other areas, including QoS control and optimization in network planning and content provisioning for network/service providers.(4) The applications of the proposed regression-based models were investigated in (i) optimization of content provisioning and network resource utilization and (ii) A new fuzzy sender bitrate adaptation scheme was presented at the sender side over WLAN and UMTS access networks. (5) Finally, Internet-based subjective tests that captured distortions caused by the encoder and the wireless access network for different types of contents were designed. The database of subjective results has been made available to research community as there is a lack of subjective video quality assessment databases.Partially sponsored by EU FP7 ADAMANTIUM Project (EU Contract 214751

Doctor of Philosophy

dissertationData-driven analytics has been successfully utilized in many experience-oriented areas, such as education, business, and medicine. With the profusion of traffic-related data from Internet of Things and development of data mining techniques, data-driven analytics is becoming increasingly popular in the transportation industry. The objective of this research is to explore the application of data-driven analytics in transportation research to improve the traffic management and operations. Three problems in the respective areas of transportation planning, traffic operation, and maintenance management have been addressed in this research, including exploring the impact of dynamic ridesharing system in a multimodal network, quantifying non-recurrent congestion impact on freeway corridors, and developing infrastructure sampling method for efficient maintenance activities. First, the impact of dynamic ridesharing in a multimodal network is studied with agent-based modeling. The competing mechanism between dynamic ridesharing system and public transit is analyzed. The model simulates the interaction between travelers and the environment and emulates travelers' decision making process with the presence of competing modes. The model is applicable to networks with varying demographics. Second, a systematic approach is proposed to quantify Incident-Induced Delay on freeway corridors. There are two particular highlights in the study of non-recurrent congestion quantification: secondary incident identification and K-Nearest Neighbor pattern matching. The proposed methodology is easily transferable to any traffic operation system that has access to sensor data at a corridor level. Lastly, a high-dimensional clustering-based stratified sampling method is developed for infrastructure sampling. The stratification process consists of two components: current condition estimation and high-dimensional cluster analysis. High-dimensional cluster analysis employs Locality-Sensitive Hashing algorithm and spectral sampling. The proposed method is a potentially useful tool for agencies to effectively conduct infrastructure inspection and can be easily adopted for choosing samples containing multiple features. These three examples showcase the application of data-driven analytics in transportation research, which can potentially transform the traffic management mindset into a model of data-driven, sensing, and smart urban systems. The analytic

Does Twinning Vehicular Networks Enhance Their Performance in Dense Areas?

This paper investigates the potential of Digital Twins (DTs) to enhance network performance in densely populated urban areas, specifically focusing on vehicular networks. The study comprises two phases. In Phase I, we utilize traffic data and AI clustering to identify critical locations, particularly in crowded urban areas with high accident rates. In Phase II, we evaluate the advantages of twinning vehicular networks through three deployment scenarios: edge-based twin, cloud-based twin, and hybrid-based twin. Our analysis demonstrates that twinning significantly reduces network delays, with virtual twins outperforming physical networks. Virtual twins maintain low delays even with increased vehicle density, such as 15.05 seconds for 300 vehicles. Moreover, they exhibit faster computational speeds, with cloud-based twins being 1.7 times faster than edge twins in certain scenarios. These findings provide insights for efficient vehicular communication and underscore the potential of virtual twins in enhancing vehicular networks in crowded areas while emphasizing the importance of considering real-world factors when making deployment decisions.Comment: 6 pages, 8 figures, 2tables, conference pape