Defense Framework Research Articles

Auto encoder-based defense mechanism against popular adversarial attacks in deep learning.

Convolutional Neural Network (CNN)-based models are prone to adversarial attacks, which present a significant hurdle to their reliability and robustness. The vulnerability of CNN-based models may be exploited by attackers to launch cyber-attacks. An attacker typically adds small, carefully crafted perturbations to original medical images. When a CNN-based model receives the perturbed medical image as input, it misclassifies the image, even though the added perturbation is often imperceptible to the human eye. The emergence of such attacks has raised security concerns regarding the implementation of deep learning-based medical image classification systems within clinical environments. To address this issue, a reliable defense mechanism is required to detect adversarial attacks on medical images. This study will focus on the robust detection of pneumonia in chest X-ray images through CNN-based models. Various adversarial attacks and defense strategies will be evaluated and analyzed in the context of CNN-based pneumonia detection. From earlier studies, it has been observed that a single defense mechanism is usually not effective against more than one type of adversarial attack. Therefore, this study will propose a defense mechanism that is effective against multiple attack types. A reliable defense framework for pneumonia detection models will ensure secure clinical deployment, facilitating radiologists and doctors in their diagnosis and treatment planning. It can also save time and money by automating routine tasks. The proposed defense mechanism includes a convolutional autoencoder to denoise perturbed Fast Gradient Sign Method (FGSM) and Projected Gradient Descent (PGD) adversarial images, two state- of-the-art attacks carried out at five magnitudes, i.e., ε (epsilon) values. Two pre-trained models, VGG19 and VGG16, and our hybrid model of MobileNetV2 and DenseNet169, called Stack Model, have been used to compare their results. This study shows that the proposed defense mechanism outperforms state-of-the-art studies. The PGD attack using the VGG16 model shows a better attack success rate by reducing overall accuracy by up to 67%. The autoencoder improves accuracy by up to 16% against PGD attacks in both the VGG16 and VGG19 models.

Adaptive sensor attack detection and defense framework for autonomous vehicles based on density

The security of autonomous vehicles heavily depends on localization systems that integrate multiple sensors, which are vulnerable to sensor attacks and increase the risk of accidents. Given the diversity of sensor attacks and the dynamic changing of driving scenarios of autonomous vehicles, an adaptive and effective attack detection and defense framework faces a considerable challenge. This paper proposes a novel real-time adaptive attack detection and defense framework based on density, which can detect and identify attacked sensors and effectively recover data. We first develop a reinforcement learning multi-armed Bandit-based Density-Based Spatial Clustering of Applications with Noise (BDBSCAN) algorithm that selects hyperparameters adaptively. The Adaptive Extended Kalman Filter (AEKF) combines with the vehicle dynamic model on the localization system and extracts data features used for the BDBSCAN algorithm to monitor potential sensor attacks. If attack detection indicates possible system compromise, AEKF is further employed on localization sensors with anomalies identified through the BDBSCAN algorithm of the attacked sensors. To ensure precision and reliability, the data recovery incorporates a redundancy mechanism to apply a decision tree to select the optimal state estimation between AEKF and Extended Kalman Filter (EKF) to replace corrupted sensor data. To evaluate the effectiveness and adaptability of the proposed framework, we conducted 15,000 experiments using the real-world KITTI and V2V4Real datasets across various driving and sensor attack scenarios. The results demonstrate that our proposed framework achieves 100% accuracy and 0% false alarm rate in various driving scenarios for attack detection within 0.15 s, with a recovery time of 0.08 s.

A Survey of Security Strategies in Federated Learning: Defending Models, Data, and Privacy

Federated Learning (FL) has emerged as a transformative paradigm in machine learning, enabling decentralized model training across multiple devices while preserving data privacy. However, the decentralized nature of FL introduces significant security challenges, making it vulnerable to various attacks targeting models, data, and privacy. This survey provides a comprehensive overview of the defense strategies against these attacks, categorizing them into data and model defenses and privacy attacks. We explore pre-aggregation, in-aggregation, and post-aggregation defenses, highlighting their methodologies and effectiveness. Additionally, the survey delves into advanced techniques such as homomorphic encryption and differential privacy to safeguard sensitive information. The integration of blockchain technology for enhancing security in FL environments is also discussed, along with incentive mechanisms to promote active participation among clients. Through this detailed examination, the survey aims to inform and guide future research in developing robust defense frameworks for FL systems.

Adversarial Approaches to Deepfake Detection: A Theoretical Framework for Robust Defense

The rapid improvements in capabilities of neural networks and generative adversarial networks (GANs) has given rise to extremely sophisticated deepfake technologies. This has made it very difficult to reliably recognize fake digital content. It has enabled the creation of highly convincing synthetic media which can be used in malicious ways in this era of user generated information and social media. Existing deepfake detection techniques are effective against early iterations of deepfakes but get increasingly vulnerable to more sophisticated deepfakes and adversarial attacks. In this paper we explore a novel approach to deepfake detection which uses a framework to integrate adversarial training to improve the robustness and accuracy of deepfake detection models. By looking deeper into state of art adversarial machine learning, forensic analysis and deepfake detection techniques we will explore how adversarial training can improve the robustness of deep fake detection techniques against future threats. We will use perturbations which are adversarial examples designed specifically to deceive the deepfake detection algorithms. By training deepfake detection models with these perturbations we will create detection systems that can more accurately identify deepfakes. Our approach shows promise and avenues for future research in building resilience against deepfakes and applications in content moderation, security and combating synthetic media manipulation.

Risk‐Aware SDN Defense Framework Against Anti‐Honeypot Attacks Using Safe Reinforcement Learning

ABSTRACTThe development of multiple attack methods by external attackers in recent years poses a huge challenge to the security and efficient operation of software‐defined networks (SDN), which are the core of operational controllers and data storage. Therefore, it is critical to ensure that the normal process of network interaction between SDN servers and users is protected from external attacks. In this paper, we propose a risk‐aware SDN defense framework based on safe reinforcement learning (SRL) to counter multiple attack actions. Specifically, the defender uses SRL to maximize the utility by choosing to provide a honeypot service or pseudo‐honeypot service within predefined security constraints, while the external attacker maximizes the utility by choosing an anti‐honeypot attack or masquerade attack. To describe the system risk in detail, we introduce the risk level function to model the simultaneous dynamic attack and defense processes. Simulation results demonstrate that our proposed risk‐aware scheme improves the defense utility by 17.5% and 142.4% and reduces the system risk by 42.7% and 59.6% compared to the QLearning scheme and the Random scheme, respectively.

DEMAND AND SUPPLY OF LABOR RESOURCES IN THE DEFENSE FORCES UNDER THE INFLUENCE OF THE CONCEPT OF TOTAL DEFENSE

The concept of Total Defense necessitates the mobilization of all national resources, including labor, to ensure comprehensive national security. This study examines the demand and supply dynamics of labor resources within the defense forces under the Total Defense framework. It explores how Total Defense influences recruitment, training, and retention strategies in the defense sector, particularly in the context of the Georgian Defense Forces. The analysis delves into the factors driving the demand for military and civilian personnel, such as heightened security threats and technological advancements, and evaluates the supply side, considering demographics, labor market conditions, and societal attitudes towards military service. Explores examples of total defense concepts developed by various countries, while assessing supply-side demographics, labor market conditions, and public attitudes toward military service. The interplay between these factors is critical in shaping effective human resource strategies to maintain a robust and responsive defense force. This research aims to provide insights into optimizing labor resource management to support Total Defense objectives, thereby enhancing national resilience and security readiness. Keywords: Total Defense, Military Economy, National Security, Georgian Defense Forces, Resources, Recruitment, Deterrence, Resilience.

ANODYNE: Mitigating backdoor attacks in federated learning

Federated learning (FL) allows participants to jointly train a model without leaking their sensitive datasets. The server is designed to have no visibility into how these updates are generated for privacy protection. Despite its benefits, FL is vulnerable to backdoor attacks, in which the compromised participants upload malicious model updates so that the backdoored model will misbehave for the chosen subtask. Existing defenses against backdoor attacks cannot handle state-of-the-art backdoor attacks that insert the backdoor in all rounds. To address these issues, we propose ANODYNE, a defense framework that hierarchically filters and clips the local model updates to mitigate the effect of backdoor attacks. ANODYNE decomposes the high-dimensional gradients into low-dimensional sub-vectors to improve detection performance and avoid the curse of dimensionality. Meanwhile, ANODYNE computes four different sub-vector metrics from a spatial–temporal perspective to enhance the robustness of our method. Our evaluation of ANODYNE on three datasets and three models demonstrates that ANODYNE competes over existing defenses under backdoor attacks.

The Urgency of Stakeholder Cyberspace Collaboration to Support Indonesia’s National Defense

In today's interconnected digital world, stakeholder collaboration in cyberspace is crucial for national defense. Advances in information and communication technology have transformed daily life but also introduced complex cyber threats like cyber warfare, cybercrimes, and cyber terrorism, challenging security and stability. The objective of this study is to emphasize the importance of collaboration among diverse stakeholders in enhancing national defense against cyber threats. The methodology involves analyzing existing literature and case studies to understand the impact of collaboration on cybersecurity maturity and national defense strategies. The research findings, derived from SWOT and PESTLE analyses, have highlighted the strengths and weaknesses in collaboration, underscoring the significance of leveraging strengths and addressing weaknesses to establish a robust defense framework. To enhance national defense against cyber threats, a holistic approach is essential, combining political collaboration, economic partnerships, social awareness programs, technological advancements, legal harmonization, and environmental resilience strategies. Key recommendations include fostering regular communication among stakeholders, pooling resources for cybersecurity investments, promoting cybersecurity education, integrating advanced technologies like AI and IoT security solutions, and aligning legal frameworks across jurisdictions.

Categorical-Parallel Adversarial Defense for Perception Models on Single-Board Embedded Unmanned Vehicles

Significant advancements in robustness against input perturbations have been realized for deep neural networks (DNNs) through the application of adversarial training techniques. However, implementing these methods for perception tasks in unmanned vehicles, such as object detection and semantic segmentation, particularly on real-time single-board computing devices, encounters two primary challenges: the time-intensive nature of training large-scale models and performance degradation due to weight quantization in real-time deployments. To address these challenges, we propose Ca-PAT, an efficient and effective adversarial training framework designed to mitigate perturbations. Ca-PAT represents a novel approach by integrating quantization effects into adversarial defense strategies specifically for unmanned vehicle perception models on single-board computing platforms. Notably, Ca-PAT introduces an innovative categorical-parallel adversarial training mechanism for efficient defense in large-scale models, coupled with an alternate-direction optimization framework to minimize the adverse impacts of weight quantization. We conducted extensive experiments on various perception tasks using the Imagenet-te dataset and data collected from physical unmanned vehicle platforms. The results demonstrate that the Ca-PAT defense framework significantly outperforms state-of-the-art baselines, achieving substantial improvements in robustness across a range of perturbation scenarios.

Adaptive unified defense framework for tackling adversarial audio attacks

Adversarial attacks aimed at subverting recognition systems have laid bare significant security vulnerabilities inherent in deep neural networks. In the automatic speech recognition (ASR) domain, prevailing defense mechanisms have primarily centered on pre-processing procedures to mitigate adversarial threats stemming from such attacks. However, despite their initial success, these methods have shown surprising vulnerabilities when confronted with robust and adaptive adversarial attacks. This paper proposes an adaptive unified defense framework tailored to address the challenges posed by robust audio adversarial examples. The framework comprises two pivotal components: (1) a unified pre-processing mechanism is designed to disrupt the continuity and transferability of adversarial attacks. Its objective is to thwart the consistent operation of adversarial examples across different systems or conditions, thereby enhancing the robustness of the defense. (2) an adaptive ASR transcription method is proposed to further bolster our defense strategy. Empirical experiments conducted using two benchmark audio datasets within a state-of-the-art ASR system affirm the effectiveness of our adaptive defense framework. It achieves an impressive 100% accuracy rate against representative audio attacks and consistently outperforms other state-of-the-art defense techniques, achieving an accuracy rate of 98.5% even when faced with various challenging adaptive adversarial attacks.

2TierEdge-Defense: a cascaded defense framework with rule-based LSTM for NCIFA in NDN

ABSTRACT Non-Collusive Interest Flooding Attacks (NCIFA) disrupt Named Data Networks' (NDNs) seamless communication and content distribution through QoS degradation. This work proposes 2TierEdge-Defense: a framework based on Long Short Term Memory (LSTM) to detect NCIFA in NDN at the edge content routers. The framework has been evaluated on large-scale Rocketfuel topologies for AT&T Internet Service Provider. The 2TierEdge-Defense framework consists of attack detection and mitigation modules with detection at edge router and their interfaces. During offline training and evaluation, the 2TierEdge-Defense framework can detect NCIFA with 0.92 (F1-score) and 0.84 (F1-score) at edge routers and their interfaces, respectively, with cascaded F1-score of 0.9872. Upon detection, the mitigation strategy in the 2TierEdge-Defense framework can improve the QoS metrics as quickly as in 0.45 seconds with an overall F1 score as high as 0.9872. The 2TierEdge-Defense is evaluated for scalability topology scenarios to ensure better performance when deployed on NDN content routers with a cascaded miss rate of 0.1 and a false alarm rate of 0.07.

A machine learning-enhanced endpoint detection and response framework for fast and proactive defense against advanced cyber attacks

A machine learning-enhanced endpoint detection and response framework for fast and proactive defense against advanced cyber attacks

ERT-EDR: Online defense framework for TCP-targeted LDoS attacks in SDN

The Low-rate denial of service (LDoS) attack is a variant of denial of service (DoS) attack that exploits low overhead to render target services unreachable for legitimate users. Unlike legacy networks, software-defined networking (SDN) separates the behavior of controlling and forwarding, providing excellent programmability to achieve real-time defense against LDoS attacks. Leveraging the potential of SDN’s programmability, we propose a real-time anomaly defense framework tailored for SDN, named ERT-EDR. This framework is capable of detecting and mitigating TCP-targeted LDoS Attacks and comprises three modules: (1) The Information Collection Module. It periodically samples the traffic statistics for analysis. (2) The LDoS Attack Detection Module. It combines six features of traffic statistics and utilizes the Extremely Randomized Trees (ERT) algorithm to detect. (3) LDoS Attack Mitigation Module. It locates attacked ports with the Edit Distance on Real sequence (EDR) algorithm and installs flow table entries to filter attack traffic.Extensive experiments are conducted under various background traffic scenarios to validate the effectiveness and scalability of ERT-EDR. The results demonstrate that ERT-EDR can effectively detect TCP-targeted LDoS attacks with 96.4667% accuracy and 96.4977% F1score. Furthermore, it accurately identifies the attacked port and successfully mitigates attacks.

CyberSentinel: A Transparent Defense Framework for Malware Detection in High-Stakes Operational Environments.

Malware classification is a crucial step in defending against potential malware attacks. Despite the significance of a robust malware classifier, existing approaches reveal notable limitations in achieving high performance in malware classification. This study focuses on image-based malware detection, where malware binaries are transformed into visual representations to leverage image classification techniques. We propose a two-branch deep network designed to capture salient features from these malware images. The proposed network integrates faster asymmetric spatial attention to refine the extracted features of its backbone. Additionally, it incorporates an auxiliary feature branch to learn missing information about malware images. The feasibility of the proposed method has been thoroughly examined and compared with state-of-the-art deep learning-based classification methods. The experimental results demonstrate that the proposed method can surpass its counterparts across various evaluation metrics.

Role of the private sector within Latvia’s strategic defence documents: Dimensions of psychological resilience and strategic communication

The comprehensive defence framework introduced in 2019 in Latvia has the potential to accelerate the implementation of national defence priorities, thus strengthening Latvia as one of NATO’s external border states. In a time of geopolitical turbulence and increasing hybrid threats, a whole-of-society approach is required and work in ever-new directions. As dimensions of psychological resilience and strategic communication are becoming an important part of the defence studies debate, the study focuses on the role of the private sector within Latvia’s strategic defence documents and aims to investigate where these dimensions are situated and how they have evolved in the strategic landscape. To study the role and evolution of the private sector within Latvia’s strategic defence documents, quantitative content analysis and qualitative text analysis were used for in-depth analysis of the documents. The study finds that the role of the private sector in the strategic defence documents has generally increased over the years and there has not been a significant change regarding private sector involvement in dimensions of psychological resilience and strategic communication. The long-term pattern indicates that dimensions of psychological resilience and strategic communication appear rare in strategic documents, suggesting that the private sector is not seen as a significant actor in achieving defence goals. Meanwhile, in more practical dimensions,an upward trend towards strengthening ties and sharing responsibilities is identified. The study therefore opens up a discussion regarding the need for a more institutionalised framework for psychological and strategic communication dimensions in order to achieve the strategic goals of comprehensive defence.

ODFa${}^{2}$: Overall Defense Framework Against Cyber-Attacks on Intelligent Connected Vehicles

ODFa${}^{2}$: Overall Defense Framework Against Cyber-Attacks on Intelligent Connected Vehicles

Comparing environmental impacts of deep-seabed and land-based mining: A defensible framework.

The crises of climate change and biodiversity loss are interlinked and must be addressed jointly. A proposed solution for reducing reliance on fossil fuels, and thus mitigating climate change, is the transition from conventional combustion-engine to electric vehicles. This transition currently requires additional mineral resources, such as nickel and cobalt used in car batteries, presently obtained from land-based mines. Most options to meet this demand are associated with some biodiversity loss. One proposal is to mine the deep seabed, a vast, relatively pristine and mostly unexplored region of our planet. Few comparisons of environmental impacts of solely expanding land-based mining versus extending mining to the deep seabed for the additional resources exist and for biodiversity only qualitative. Here, we present a framework that facilitates a holistic comparison of relative ecosystem impacts by mining, using empirical data from relevant environmental metrics. This framework (Environmental Impact Wheel) includes a suite of physicochemical and biological components, rather than a few selected metrics, surrogates, or proxies. It is modified from the "recovery wheel" presented in the International Standards for the Practice of Ecological Restoration to address impacts rather than recovery. The wheel includes six attributes (physical condition, community composition, structural diversity, ecosystem function, external exchanges and absence of threats). Each has 3-5 sub attributes, in turn measured with several indicators. The framework includes five steps: (1) identifying geographic scope; (2) identifying relevant spatiotemporal scales; (3) selecting relevant indicators for each sub-attribute; (4) aggregating changes in indicators to scores; and (5) generating Environmental Impact Wheels for targeted comparisons. To move forward comparisons of land-based with deep seabed mining, thresholds of the indicators that reflect the range in severity of environmental impacts are needed. Indicators should be based on clearly articulated environmental goals, with objectives and targets that are specific, measurable, achievable, relevant, and time bound.

Molecular basis of Gabija anti-phage supramolecular assemblies.

As one of the most prevalent anti-phage defense systems in prokaryotes, Gabija consists of a Gabija protein A (GajA) and a Gabija protein B (GajB). The assembly and function of the Gabija system remain unclear. Here we present cryo-EM structures of Bacillus cereus GajA and GajAB complex, revealing tetrameric and octameric assemblies, respectively. In the center of the complex, GajA assembles into a tetramer, which recruits two sets of GajB dimer at opposite sides of the complex, resulting in a 4:4 GajAB supramolecular complex for anti-phage defense. Further biochemical analysis showed that GajA alone is sufficient to cut double-stranded DNA and plasmid DNA, which can be inhibited by ATP. Unexpectedly, the GajAB displays enhanced activity for plasmid DNA, suggesting a role of substrate selection by GajB. Together, our study defines a framework for understanding anti-phage immune defense by the GajAB complex.

MaskArmor: Confidence masking-based defense mechanism for GNN against MIA

Graph neural networks (GNNs) have demonstrated remarkable performance in diverse graph-related tasks, including node classification, graph classification, link prediction, etc. Previous research has indicated that GNNs are vulnerable to membership inference attacks (MIA). These attacks enable malevolent parties to deduce whether the data points are part of the training set by identifying the output distribution, giving rise to noteworthy privacy apprehensions, especially when the graph contains sensitive data. There have been some studies to defend against graph MIA so far, but they have issues like high computational cost and decreased model accuracy. In this paper, we introduce a novel defense framework called MaskArmor, designed to bolster the privacy and security of GNNs against MIA. The MaskArmor framework encompasses four distinct masking strategies: AdjMask, DTMask, ATMask, and SigMask. These strategies leverage message-passing mechanisms, distillation temperature, hybrid masking, and the Sigmoid function, respectively. The MaskArmor framework effectively obscures the distribution of the model on both the training and non-training samples, rendering it challenging for attackers to ascertain whether particular samples have undergone training. Additionally, MaskArmor sustains the model's precision with negligible computational overhead. Our experiments are implemented across seven benchmark datasets and four GNN networks against shadow-based and threshold-based MIAs, showcasing that MaskArmor substantially heightens GNNs' resilience against MIA while simultaneously preserving accuracy on the initial tasks. It also demonstrates adeptness in countering threshold-based MIA through strategies like AdjMask and ATMask. Exhaustive experimental results substantiate that MaskArmor outperforms alternative existing approaches, maintaining effectiveness and applicability across diverse datasets and attack scenarios.

CyberDefender: an integrated intelligent defense framework for digital-twin-based industrial cyber-physical systems

CyberDefender: an integrated intelligent defense framework for digital-twin-based industrial cyber-physical systems