Machine Learning-Based Detection for Cyber Security Attacks on Connected and Autonomous Vehicles

Connected and Autonomous Vehicle (CAV)-related initiatives have become some of the fastest expanding in recent years, and have started to affect the daily lives of people. More and more companies and research organizations have announced their initiatives, and some have started CAV road trials. Governments around the world have also introduced policies to support and accelerate the deployments of CAVs. Along these, issues such as CAV cyber security have become predominant, forming an essential part of the complications of CAV deployment. There is, however, no universally agreed upon or recognized framework for CAV cyber security. In this paper, following the UK CAV cyber security principles, we propose a UML (Unified Modeling Language)-based CAV cyber security framework, and based on which we classify the potential vulnerabilities of CAV systems. With this framework, a new CAV communication cyber-attack data set (named CAV-KDD) is generated based on the widely tested benchmark data set KDD99. This data set focuses on the communication-based CAV cyber-attacks. Two classification models are developed, using two machine learning algorithms, namely Decision Tree and Naive Bayes, based on the CAV-KDD training data set. The accuracy, precision and runtime of these two models when identifying each type of communication-based attacks are compared and analysed. It is found that the Decision Tree model requires a shorter runtime, and is more appropriate for CAV communication attack detection

Distributed System Fuzzing

Grey-box fuzzing is the lightweight approach of choice for finding bugs in sequential programs. It provides a balance between efficiency and effectiveness by conducting a biased random search over the domain of program inputs using a feedback function from observed test executions. For distributed system testing, however, the state-of-practice is represented today by only black-box tools that do not attempt to infer and exploit any knowledge of the system's past behaviours to guide the search for bugs. In this work, we present Mallory: the first framework for grey-box fuzz-testing of distributed systems. Unlike popular black-box distributed system fuzzers, such as Jepsen, that search for bugs by randomly injecting network partitions and node faults or by following human-defined schedules, Mallory is adaptive. It exercises a novel metric to learn how to maximize the number of observed system behaviors by choosing different sequences of faults, thus increasing the likelihood of finding new bugs. The key enablers for our approach are the new ideas of timeline-driven testing and timeline abstraction that provide the feedback function guiding a biased random search for failures. Mallory dynamically constructs Lamport timelines of the system behaviour, abstracts these timelines into happens-before summaries, and introduces faults guided by its real-time observation of the summaries. We have evaluated Mallory on a diverse set of widely-used industrial distributed systems. Compared to the start-of-the-art black-box fuzzer Jepsen, Mallory explores more behaviours and takes less time to find bugs. Mallory discovered 22 zero-day bugs (of which 18 were confirmed by developers), including 10 new vulnerabilities, in rigorously-tested distributed systems such as Braft, Dqlite, and Redis. 6 new CVEs have been assigned

GPS/GLONASS carrier phase elevation-dependent stochastic modelling estimation and its application in bridge monitoring

The Global Positioning System (GPS) based monitoring technology has been recognised as an essential tool in the long-span bridge health monitoring throughout the world in recent years. However, the high observation noise is still a big problem that limits the high precision displacement extraction and vibration response detection. To solve this problem, GPS double-difference model and many other specific function models have been developed to eliminate systematic errors e.g. unmodeled atmospheric delays, multipath effect and hardware delays. However, relatively less attention has been given to the noise reduction in the deformation monitoring area. In this paper, we first proposed a new carrier phase elevation-dependent precision estimation method with Geometry-Free (GF) and Melbourne-Wü bbena (MW) linear combinations, which is appropriate to regardless of Code Division Multiple Access (CDMA) system (GPS) or Frequency Division Multiple Access (FDMA) system (GLONASS). Then, the method is used to estimate the receiver internal noise and the realistic GNSS stochastic model with a group of zero-baselines and short-baselines (served for the GNSS and Earth Observation for Structural Health Monitoring of Bridges (GeoSHM) project), and to demonstrate their impacts on the positioning. At last, the contribution of integration of GPS and GLONASS is introduced to see the performance of noise reduction with multi-GNSS. The results show that the higher level receiver internal noise in cost effective receivers has less influences on the short-baseline data processing. The high noise effects introduced by the low elevation satellite and the geometry variation caused by rising and dropping satellites, can be reduced by 10–20% with the refined carrier phase elevation-dependent stochastic model. Furthermore, based on observations from GPS and GLONASS with the refined stochastic model, the noise can be reduced by 30–40%, and the spurious signals in the real-life bridge displacements tend to be completely eliminated

Linear-time Temporal Logic guided Greybox Fuzzing

Software model checking is a verification technique which is widely used for checking temporal properties of software systems. Even though it is a property verification technique, its common usage in practice is in "bug finding", that is, finding violations of temporal properties. Motivated by this observation and leveraging the recent progress in fuzzing, we build a greybox fuzzing framework to find violations of Linear-time Temporal Logic (LTL) properties. Our framework takes as input a sequential program written in C/C++, and an LTL property. It finds violations, or counterexample traces, of the LTL property in stateful software systems; however, it does not achieve verification. Our work substantially extends directed greybox fuzzing to witness arbitrarily complex event orderings. We note that existing directed greybox fuzzing approaches are limited to witnessing reaching a location or witnessing simple event orderings like use-after-free. At the same time, compared to model checkers, our approach finds the counterexamples faster, thereby finding more counterexamples within a given time budget. Our LTL-Fuzzer tool, built on top of the AFL fuzzer, is shown to be effective in detecting bugs in well-known protocol implementations, such as OpenSSL and Telnet. We use LTL-Fuzzer to reproduce known vulnerabilities (CVEs), to find 15 zero-day bugs by checking properties extracted from RFCs (for which 10 CVEs have been assigned), and to find violations of both safety as well as liveness properties in real-world protocol implementations. Our work represents a practical advance over software model checkers -- while simultaneously representing a conceptual advance over existing greybox fuzzers. Our work thus provides a starting point for understanding the unexplored synergies between software model checking and greybox fuzzing.Comment: To appear in International Conference on Software Engineering (ICSE) 202

SSRESF: Sensitivity-aware Single-particle Radiation Effects Simulation Framework in SoC Platforms based on SVM Algorithm

The ever-expanding scale of integrated circuits has brought about a significant rise in the design risks associated with radiation-resistant integrated circuit chips. Traditional single-particle experimental methods, with their iterative design approach, are increasingly ill-suited for the challenges posed by large-scale integrated circuits. In response, this article introduces a novel sensitivity-aware single-particle radiation effects simulation framework tailored for System-on-Chip platforms. Based on SVM algorithm we have implemented fast finding and classification of sensitive circuit nodes. Additionally, the methodology automates soft error analysis across the entire software stack. The study includes practical experiments focusing on RISC-V architecture, encompassing core components, buses, and memory systems. It culminates in the establishment of databases for Single Event Upsets (SEU) and Single Event Transients (SET), showcasing the practical efficacy of the proposed methodology in addressing radiation-induced challenges at the scale of contemporary integrated circuits. Experimental results have shown up to 12.78X speed-up on the basis of achieving 94.58% accuracy.Comment: Accepted to the 61th ACM/IEEE Design Automation conference (DAC 2024

Reliable dynamic monitoring of bridges with integrated GPS and BeiDou

In recent years, global positioning system (GPS) has been widely used for the measurement of deflections of bridges. However, due to multipath and satellite signal obstructions caused by towers, cables, and passing vehicles, the reliability of deformation monitoring with GPS is still a problem. Recent research with respect to multi–global navigation satellite system (multi-GNSS) technology, though, has enhanced satellite visibility and availability for positioning, navigation, and timing (PNT) for users. Its benefits involving application in bridge monitoring are still rarely studied. In this paper, we propose a composite strategy where integrated GPS and BeiDou navigation satellite system (BDS) dual-frequency, carrier-phase data processing is carried out to improve the reliability of bridge monitoring with GNSS measurements. In addition, signal-to-noise ratio (SNR)–based stochastic model and postfit residual editing strategies are utilized to enhance the reliability further. In a group of fixed-point experiments, improvements of 20–30% in precision were achieved with the integrated GPS and BDS compared to GPS-only results. Based on the real GPS and BDS measurements collected on the Baishazhou Yangtze River Bridge in China, we assessed the performance of the proposed method. In the vibration experiment, no apparent effects on natural frequency identification were found by introducing BDS into the solution in an ideal observation environment. However, the combined GPS and BDS results seemed to be much more promising, with lower background noise. Meanwhile, the integrated GPS and BDS data processing with postfit residual editing and SNR-based stochastic model strategies effectively managed satellite signal obstruction and the influence of multipath effect to attain reliable dynamic deformation-monitoring information for bridges

USED: Universal Speaker Extraction and Diarization

Speaker extraction and diarization are two crucial enabling techniques for speech applications. Speaker extraction aims to extract a target speaker's voice from a multi-talk mixture, while speaker diarization demarcates speech segments by speaker, identifying `who spoke when'. The previous studies have typically treated the two tasks independently. However, the two tasks share a similar objective, that is to disentangle the speakers in the spectral domain for the former but in the temporal domain for the latter. It is logical to believe that the speaker turns obtained from speaker diarization can benefit speaker extraction, while the extracted speech offers more accurate speaker turns than the mixture speech. In this paper, we propose a unified framework called Universal Speaker Extraction and Diarization (USED). We extend the existing speaker extraction model to simultaneously extract the waveforms of all speakers. We also employ a scenario-aware differentiated loss function to address the problem of sparsely overlapped speech in real-world conversations. We show that the USED model significantly outperforms the baselines for both speaker extraction and diarization tasks, in both highly overlapped and sparsely overlapped scenarios. Audio samples are available at https://ajyy.github.io/demo/USED/.Comment: Submitted to ICASSP 202

Pass-by-Pass Ambiguity Resolution in Single GPS Receiver PPP Using Observations for Two Sequential Days: An Exploratory Study

“Pass-by-pass” or “track-to-track” ambiguity resolution removes Global Navigation Satellite System (GNSS) satellite hardware delays between adjacent undifferenced (UD) ambiguities, which is often applied in precise orbit determination (POD) for Low Earth Orbit (LEO) satellites to improve the accuracy of orbits. In this study, we carried out an exploratory study to use the “pass-by-pass” ambiguity resolution by differencing the undifferenced ambiguity candidates for two adjacent passes in sidereal days for a single Global Positioning System (GPS) receiver static Precise Point Positioning (PPP). Using the GPS observations from 132 globally distributed reference stations of International GPS Service (IGS), we find that 99.08% wide-lane (WL) and 97.83% narrow-lane (NL) double-difference ambiguities formed by the “pass-by-pass” method for all stations can be fixed to their nearest integers within absolute fractional residuals of 0.2 cycles. These proportions are higher than the corresponding values of network solution with multiple receivers with 97.39% and 91.20%, respectively. About 97% to 98% of ambiguities can be fixed finally on average. The comparison of the estimated station coordinates with the IGS weekly solutions reveals that the Root Mean Square (RMS) in East and North directions are 2-4 mm and is about 6 mm in the Up direction. For hourly data, it is found that the mean positioning accuracy improvement can achieve to about 10% after ambiguity resolution. From a dam deformation monitoring application, it shows that the fixing rate of WL and NL ambiguity can be closed to 100% and higher than 90%, respectively. The time series generated by PPP are also in agreement with the short baseline solutions

Southward key pathways of radioactive materials from the Fukushima Daiichi Nuclear Power Plant

This study examines the interannual and seasonal variations in the distribution of radioactive materials released from the Fukushima Daiichi Nuclear Power Plant (FDNPP) accident in the surface layer of the Kuroshio Extension (KE). Focusing on the contrasting flow conditions in 2015 (southward) and 2021 (northward) – significant oscillatory phases of the KE’s mean flow axis – the research analyzes the impact of seasonal variations on particle transport pathways. The findings reveal distinct seasonal patterns: summer releases primarily follow the eastward KE movement, while winter releases exhibit a southward trajectory. The study further quantifies the transport timescales, demonstrating that particles can reach the Luzon Strait within 10 months, subsequently diverging northward along the Kuroshio and northwestward along the Kuroshio Branch Current, potentially entering the South China Sea within 13 months. This research contributes valuable insights into the seasonal dynamics governing the dispersion and transport of Fukushima-derived radioisotopes in the surface ocean, highlighting the crucial role of the KE in influencing their trajectories

I4U System Description for NIST SRE'20 CTS Challenge

This manuscript describes the I4U submission to the 2020 NIST Speaker Recognition Evaluation (SRE'20) Conversational Telephone Speech (CTS) Challenge. The I4U's submission was resulted from active collaboration among researchers across eight research teams - I$^2$R (Singapore), UEF (Finland), VALPT (Italy, Spain), NEC (Japan), THUEE (China), LIA (France), NUS (Singapore), INRIA (France) and TJU (China). The submission was based on the fusion of top performing sub-systems and sub-fusion systems contributed by individual teams. Efforts have been spent on the use of common development and validation sets, submission schedule and milestone, minimizing inconsistency in trial list and score file format across sites.Comment: SRE 2021, NIST Speaker Recognition Evaluation Workshop, CTS Speaker Recognition Challenge, 14-12 December 202