Multi-domain Environment Research Articles

SecDefender: Detecting low-quality models in multidomain federated learning systems

Federated learning (FL) is an innovative distributed learning paradigm that permits multiple parties to train models collaboratively while protecting individual privacy. However, it encounters security challenges, making it vulnerable to several adversarial attacks and leading to compromising model performance. Existing research on FL poisoning attacks and defense techniques tends to be application-specific, primarily emphasizing attack capabilities. However, it fails to consider inherent vulnerabilities in FL and the impact of attack intensity. To our knowledge, no existing work has delved into these issues within a multi-domain FL environment. This paper addresses these concerns by investigating the consequences of targeted label-flipping attacks within FL systems and comprehensively examining the effects of the attacks in single-label, double-label, and triple-label scenarios with different levels of poisoning intensities. Additionally, we investigate the influence of a temporal label-flipping attack, where we study the impact of adversaries available only for specific federated training rounds. Moreover, we propose a novel server-based defense mechanism called SecDefender to detect low-quality models in both IID and non-IID settings of multi-domain environments. Our approach is rigorously evaluated against state-of-the-art alternatives using six benchmark datasets: CIC-Darknet2020, Fashion-MNIST, FEDMNIST, GTSR, HAR, and MNIST. Extensive experiments demonstrate that our proposed SecDefender significantly enhances its performance by over 65% in terms of source class recall, maintaining a low attack success rate. Consequently, there is a 1 to 2% enhancement in global model accuracy compared to existing approaches.

Military Command In Multi-Domain Environment

Abstract The practice of military command roots in the past. There were always trends to follow the footsteps of the great captains of earlier eras such as Alexander the Great, Caius Julius Caesar or Napoleon Bonaparte. With the birth of the modern scientific method historians and theorists tried to identify the essence of good leadership and the personal requirements of being a good leader. In the 18th century the notion of coup d’oeil and of the military genius were considered the key to success on the battlefield. The military education traditionally focused on the development of leadership skills, but the skills and practices being taught were drawn from experiences of previous military engagements and exercises. In periods of peace command experience stagnates or even deteriorates due to lack of combat experience, meaning that the command practices lose their touch with the realities of the present. This article argues that the growing complexity of the operational environment requires the alteration of the existing command practices and military education agenda to create leaders capable of achieving the desired successes in future wars. In our view a highly digitalized multi-domain command post requires a certain kind of leaders that beside tactical and operational proficiency must have a skill to efficiently apply the available high-tech assets, the digital coup d’oeil.

Mission Command in Multi-Domain Operations

Abstract The world is constantly changing and so are the requirements for conducting military operations imposed by the complexity of today’s operational environment. This paper addresses the appropriateness of mission command for multi-domain operations, a transformative concept in NATO that aims to orchestrate military activities across all physical environments, integrated with nonmilitary ones. Mission command is crucial in a multi-domain environment where there are no sanctuaries of safe areas. Advanced technologies have increased battlefield transparency and enabled adversaries to threaten critical infrastructure. Building trust, fostering relationships and promoting shared understanding are essential elements for successful employment of mission command in multi-domain operations.

Specific emitter identification based on ensemble domain adversarial neural network in multi-domain environments

Specific emitter identification is pivotal in both military and civilian sectors for discerning the unique hardware distinctions inherent to various launchers, it can be used to implement security in wireless communications. Recently, a large number of deep learning-based methods for specific emitter identification have been proposed, achieving good performance. However, these methods are trained based on a large amount of data and the data are independently and identically distributed. In actual complex environments, it is very difficult to obtain reliable labeled data. Aiming at the problems of difficulty in data collection and annotation, and the large difference in distribution between training data and test data, a method for individual radiation source identification based on ensemble domain adversarial neural network was proposed. Specifically, a domain adversarial neural network is designed and a Transformer encoder module is added to make the features obey Gaussian distribution and achieve better feature alignment. Ensemble classifiers are then used to enhance the generalization and reliability of the model. In addition, three real and complex migration environments, Alpine–Montane Channel, Plain-Hillock Channel, and Urban-Dense Channel, were constructed, and experiments were conducted on WiFi dataset. The simulation results show that the proposed method exhibits superior performance compared to the other six methods, with an accuracy improvement of about 3%.

Wavefield boundary interactions in a multi-domain environment—Experimental results

Acoustic and seismic signals may be generated and received in land, air, and water domains within a multi-domain environment such as a littoral (nearshore) zone. As the energy moves between domains, the waves undergo complex transformations at the media boundaries. Separate consideration of each physical domain (land, air, water) leads to an incomplete understanding of the full cross-domain wavefield, leading to significant challenges in interpreting signals and creation of accurate models that realistically couple multiple domains. To address this knowledge gap, a team at the US Army Engineer Research and Development Center constructed a simplified, uniform levee to enable the measurement of signals that had passed through undisturbed boundaries. Sensor types were medium-specific, with microphones in the air, hydrophones in the water, and accelerometers in the soil. Using electric bridge wire detonators (EBW’s), impulsive signals were generated in each medium type and measured on sensors in all three media. This presentation begins with an overview of the experimental design, discusses the medium-specific measurement results, and concludes with a discussion of joint multi-domain data analysis results. Approved for public release: distribution is unlimited.

Bi-channel hybrid GAN attention based anomaly detection system for multi-domain SDN environment

Software-Defined Networking (SDN) is a strategy that leads the network via software by separating its control plane from the underlying forwarding plane. In support of a global digital network, multi-domain SDN architecture emerges as a viable solution. However, the complex and ever-evolving nature of network threats in a multi-domain environment presents a significant security challenge for controllers in detecting abnormalities. Moreover, multi-domain anomaly detection poses a daunting problem due to the need to process vast amounts of data from diverse domains. Deep learning models have gained popularity for extracting high-level feature representations from massive datasets. In this work, a novel deep neural network architecture, supervised learning based LD-BiHGA (Low Dimensional Bi-channel Hybrid GAN Attention) system is designed to learn class-specific features for accurate anomaly detection. Two asymmetric GANs are employed for learning the normal and abnormal network flows separately. Then, to extract more relevant features, a bi-channel attention mechanism is added. This is the first study to introduce an innovative hybrid architecture that merges bi-channel hybrid GANs with attention models for the purpose of anomaly detection in a multi-domain SDN environment that effectively handles real-time unbalanced data. The suggested architecture demonstrates its effectiveness on three benchmark datasets, achieving an average accuracy improvement of 7.225% on balanced datasets and 3.335% on imbalanced datasets compared to previous intrusion detection system (IDS) architectures in the literature.

Blockchain-based access control architecture for multi-domain environments

Numerous users from diverse domains access information and perform various operations in multi-domain environments. These users have complex permissions that increase the risk of identity falsification, unauthorized access, and privacy breaches during cross-domain interactions. Consequently, implementing an access control architecture to prevent users from engaging in illicit activities is imperative. This paper proposes a novel blockchain-based access control architecture for multi-domain environments. By integrating the multi-domain environment within a federated chain, the architecture utilizes Decentralized Identifiers (DIDs) for user identification and relies on public/secret key pairs for operational execution. Verifiable credentials are used to authorize permissions and release resources, thereby ensuring authentication and preventing tampering and forgery. In addition, the architecture automates the authorization and access control processes through smart contracts, thereby eliminating human intervention. Finally, we performed a simulation evaluation of the architecture. The most time-consuming process had a runtime of 1074 ms, primarily attributed to interactions with the blockchain. Concurrent testing revealed that with a concurrency level of 2000 demonstrated that the response times for read and write operations were maintained within 1000 ms and 4600 ms, respectively. In terms of storage efficiency, except for user registration, which incurred two gas charges, all the other processes required only one charge.

Promoting Safety, Security, Awareness and Productivity in Port Plants

This paper focuses on the combined use of eXtended Reality and Simulation to improve awareness and confidence in Container Terminal Operations by tailoring a Simulation Systems. Experimentation is proposed as example of the benefits achievable by training virtually operators in this context. The complexity of Port Operations creates a quite dangerous environment where the highly competitive business sector push to increase speed of operations and flows. In additions Port Terminals involve many actors that have to work and interoperate within a multi domain environment, outdoor all around the clock along the year in an almost all- weather context. Ports are growing getting encapsulated within major city that over time turn to be megacities creating additional challenges especially in terms of Safety and Security that require to operate with high performance in a safe framework. The automation obviously is crucial to further increase operations, therefore up to know the human component is still quite critical for many ancillary activities as well as often on main and secondary ones due to the flexibility and reliability required. This aspect could suggest a big potential for Industry 4.0 and its future evolution in this field as well as a continuous struggling with the very conservative mentality of Shipping and Maritime Operations relying in Systems able to operate in the previous mentioned conditions. Indeed, Training and Education are crucial to face these challenges and make it possible to introduce new technologies, policies and approaches in the very strategic field of Port Activities. The authors propose an experimentation carried out to demonstrate the potential to move training and education on virtual interactive solutions based on MS2G paradigm (Modeling, interoperable Simulation and Serious Games) by tailoring a Simulation System on specific criticalities

Data Dissemination and Policy Enforcement in Multi-Level Secure Multi-Domain Environments

Data Dissemination and Policy Enforcement in Multi-Level Secure Multi-Domain Environments

Data dissemination and policy enforcement in multi-level secure multi-domain environments

Data dissemination and policy enforcement in multi-level secure multi-domain environments

Ensuring secure interoperation of access control in a multidomain environment

Interoperation can combine multiple resources and domains, thus it has been widely used in many practical industrial applications, such as distributed database systems. However, the merger of local access control policies in such systems may lead to security violations with regard to access control. For instance, a person can potentially have access (indirectly) to another one's file or data in the interoperation to which s/he should be denied access in the individual system. Therefore, it is critical to deal with such issues in a multidomain environment. Nevertheless, a real-world interoperation contains a large number of entities and access. This imposes a challenge to find the maximum secure interoperation in terms of direct data sharing among individual systems. To overcome this difficulty, we propose an integer linear programming-based approach which can find the maximum secure interoperation in a computationally efficient way. Experimental results are given to demonstrate the efficacy of our approach.

MODELING AN INDUSTRIAL ROBOTIC MANIPULATOR IN THE ELECTROMECHANICAL DOMAIN

In this work, a prototype of a robotic manipulator is developed and its dynamic analysis is per- formed. The system under study was analyzed in a multi-domain environment using two MATLAB tool- boxes, that is, Simscape Multibody and Simscape Electrical. By doing so, an accurate electromechanical model was constructed in this paper. Subsequently, a nonlinear controller was designed for the trajectory tracking of the end effector of the robotic manipulator. The control architecture employed in this work is a Proportional-Derivative (PD) control scheme, which is widely used in industrial applications. The nu- merical results presented in the paper demonstrate the effectiveness of the methodology followed in this investigation.

Blockchain for Network Service Orchestration: Trust and Adoption in Multi-Domain Environments

In the coming years, blockchain technologies will be used in a variety of industries, including telecommunications. In this article, due to strict governance of telecommunication infrastructure, we propose a blockchain supported architecture, based on a permissioned distributed ledger (PDL) scheme, for a network management and orchestration platform. The main goal is to create a trusted environment for multiple-stakeholders, such as Cloud Service Providers (CSPs), a Mobile Network Operator (MNO), Vertical Service Providers (SPs), Legal and Regulation Authorities, and Responsible Ministry so that the life cycle of automated vertical network services (e.g., instantiation, scaling, termination, and migration/reallocation) can be managed securely and transparently in a multi-cloud and multi-domain environment. The proposed approach is also validated with an experimental Industry 4.0 scenario using the Quorum blockchain network (BCN) to measure various performance metrics (e.g., number of transactions and blocks, and time to write) of various service orchestrator (SO)-related instantiation metrics. At the end of the article, we present the main discussions on the evaluation results and existing standardization efforts for the convergence of BCN, Management and Orchestration (MANO), and network services for a given telecommunication infrastructure.

Robust and lightweight symmetric key exchange algorithm for next-generation IoE

The Internet of Everything (IoE) is a multi-domain environment where millions of people and smart devices are connected and communicate with each other. IoE demands security services in terms of data or entity authentication, data confidentiality, data integrity, data or services availability, and non-repudiation. There are multiple security protocols that work with secret keys to provide security services. The key exchange or key distribution between two parties over the insecure network is the main challenge. Researchers introduced several state-of-the-art symmetric or asymmetric key exchange algorithms such as RSA, ECC, DH, ECDH, and Curve25519. Asymmetric algorithms are considered heavyweight in terms of computation and communication costs while symmetric key exchange algorithms are considered lightweight. Symmetric key exchange algorithms do not provide authentication services. As a result, the algorithms are exposed to a man-in-the-middle attack. In this research paper, we propose a lightweight and robust symmetric key exchange algorithm for smart devices which have short computational processing power. Furthermore, we implement our proposed algorithm on the Linux-based Ubuntu virtual operating systems by using system programming in C/C++. In addition, we prove the robustness of our proposed algorithm with the help of informal and formal security analysis through the AVISPA tool. Finally, we compare our proposed algorithm with existing algorithms in terms of computation cost, communication overhead, and security features. The comparison results with existing state-of-the-art key exchange algorithms show that our proposed key exchange algorithm is more suitable for smart devices.

Performance Evaluation of Topologies for Multi-Domain Software-Defined Networking

Software-defined networking (SDN) is widely used in multiple types of data center networks, and these distributed data center networks can be integrated into a multi-domain SDN by utilizing multiple controllers. However, the network topology of each control domain of SDN will affect the performance of the multi-domain network, so performance evaluation is required before the deployment of the multi-domain SDN. Besides, there is a high cost to build real multi-domain SDN networks with different topologies, so it is necessary to use simulation testing methods to evaluate the topological performance of the multi-domain SDN network. As there is a lack of existing methods to construct a multi-domain SDN simulation network for the tool to evaluate the topological performance automatically, this paper proposes an automated multi-domain SDN topology performance evaluation framework, which supports multiple types of SDN network topologies in cooperating to construct a multi-domain SDN network. The framework integrates existing single-domain SDN simulation tools with network performance testing tools to realize automated performance evaluation of multi-domain SDN network topologies. We designed and implemented a Mininet-based simulation tool that can connect multiple controllers and run user-specified topologies in multiple SDN control domains to build and test multi-domain SDN networks faster. Then, we used the tool to perform performance tests on various data center network topologies in single-domain and multi-domain SDN simulation environments. Test results show that Space Shuffle has the most stable performance in a single-domain environment, and Fat-tree has the best performance in a multi-domain environment. Also, this tool has the characteristics of simplicity and stability, which can meet the needs of multi-domain SDN topology performance evaluation.

Data Dissemination and Policy Enforcement in Multi-Level Secure Multi-Domain Environments

Data Dissemination and Policy Enforcement in Multi-Level Secure Multi-Domain Environments

Janus: Hierarchical Multi-Blockchain-Based Access Control (HMBAC) for Multi-Authority and Multi-Domain Environments

Although there are several access control systems in the literature for flexible policy management in multi-authority and multi-domain environments, achieving interoperability and scalability, without relying on strong trust assumptions, is still an open challenge. We present HMBAC, a distributed fine-grained access control model for shared and dynamic multi-authority and multi-domain environments, along with Janus, a practical system for HMBAC policy enforcement. The proposed HMBAC model supports: (a) dynamic trust management between different authorities; (b) flexible access control policy enforcement, defined at the domain and cross-domain level; (c) a global source of truth for all entities, supported by an immutable, audit-friendly mechanism. Janus implements the HMBAC model and relies on the effective fusion of two core components. First, a Hierarchical Multi-Blockchain architecture that acts as a single access point that cannot be bypassed by users or authorities. Second, a Multi-Authority Attribute-Based Encryption protocol that supports flexible shared multi-owner encryption, where attribute keys from different authorities are combined to decrypt data distributedly stored in different authorities. Our approach was implemented using Hyperledger Fabric as the underlying blockchain, with the system components placed in Kubernetes Docker container pods. We experimentally validated the effectiveness and efficiency of Janus, while fully reproducible artifacts of both our implementation and our measurements are provided.

Role-Based Access Control Model for Inter-System Cross-Domain in Multi-Domain Environment

Information service platforms or management information systems of various institutions or sectors of enterprises are gradually interconnected to form a multi-domain environment. A multi-domain environment is convenient for managers to supervise and manage systems, and for users to access data across domains and systems. However, given the complex multi-domain environment and many users, the traditional or enhanced role-based access control (RBAC) model still faces some challenges. It is necessary to address issues such as role naming conflicts, platform–domain management conflicts, inter-domain management conflicts, and cross-domain sharing difficulties. For the above problems, a role-based access control model for inter-system cross-domain in multi-domain environment (RBAC-IC) is proposed. This paper formally defines the model, divides roles into abstract roles and specific roles, and designs the operating process of the access control model. The model has four characteristics: support role name repetition, platform–domain isolation management, inter-domain isolation management, and fine-grained cross-domain sharing. By establishing security violation formulas for security analysis, it is finally shown that RBAC-IC can operate safely.

MOSAIC: A Structured Multidisciplinary Analysis for Managing the Integration of Inter-Organizational Changes

Sociotechnical systems like railways are becoming increasingly complex as numerous changes are constantly being integrated to improve or maintain desired performances. A crucial aspect enabling this integration is to define the scope of the changes, referred to as the system of interest. This can be challenging for engineering managers due to mounting system complexity caused by: an inter-organizational environment, a multitude of diverse stakeholders, the multidomain environment, and an increasing number of interdependencies. By employing Design Science Research, this study proposes an analysis that supports engineering managers in managing sociotechnical and inter-organizational change integration (MOSAIC) by facilitating a structured, multidisciplinary assessment of system impacts and interdependencies. The design was evaluated by applying it to an inter-organizational project in the Dutch railway system. The findings show that with MOSAIC, a system of interest can be collectively defined using the proposed process and a multidisciplinary and inter-organizational group of experts, creating mutual understanding. MOSAIC can further aid engineering managers in front-end project planning.

Reliable PUF-based mutual authentication protocol for UAVs towards multi-domain environment

With the widespread application of unmanned aerial vehicles (UAVs), the discussion about the various security and privacy issues of UAVs have never stopped. Physical Unclonable Function (PUF) is inherently unclonable and tamper-proof, many authentication and key agreement protocols based on PUF for UAVs have been proposed in the past. But they can only be suitable for mutual authentication between a single ground station and multiple UAVs. Not only does this centralized authentication method have a single point of failure, but also cannot adapt to the increasing demand for UAV authentication in multi-domain settings. In this paper, we propose a novel lightweight mutual authentication scheme based on PUF which is resistant to well-known attacks such as node tampering attacks, and cloning attacks, etc. Furthermore, we realized cross-domain authentication for UAVs, ensuring secure and efficient communication for UAVs in different domains. We have demonstrated the correctness of our scheme in detail, and carried out experimental analysis. The results show that our scheme is sufficiently secure and effective, and is suitable for UAVs in a multi-domain environment.