Reverse Attacks Research Articles

Event-Triggered Reverse Attacks on Remote State Estimation

Security issues in cyber-physical systems have attracted increasing attention in recent years. In this paper, a security problem in a remote estimation application is considered, where an attacker tries to degrade estimation performance via malicious attacks. In our scenario, a smart sensor transmits its innovation to a remote estimator with a residue-based false data detector. Instead of assuming that the attacker launches a consecutive man-in-the-middle attack, we consider the case with intermittent attacks. Reverse attack is a simple attack strategy, which enables an attacker to change signs of the innovation sequences. Therefore, owing to the above reasons, an event-triggered reverse attack strategy is proposed to degrade system performance. First, the stealthiness of the event-triggered linear deception attack strategy is studied. Then, the evolution of the estimation error covariance is computed and the reverse attack is proven to be the optimal linear deception attack. We demonstrate that our event-triggered reverse attack is more destructive than a random reverse attack. Furthermore, a convex optimization problem is established to design event-triggered parameters. Comparisons of attack strategies are provided in a numerical example to validate the superiority of the reverse attack.

EPPDA: An Efficient Privacy-Preserving Data Aggregation Federated Learning Scheme

Federated learning (FL) is a kind of privacy-aware machine learning, in which the machine learning models are trained on the users side and then the model updates are transmitted to the server for aggregating. As the data owners need not upload their data, FL is a privacy-persevering machine learning model. However, FL is weak as it suffers from a reverse attack, in which an adversary can get users data by analyzing the user uploaded model. Motivated by this, in this paper, based on the secret sharing, we design EPPDA, an efficient privacy-preserving data aggregation mechanism for FL, to resist the reverse attack, which can aggregate users trained models secretly without leaking the users model. Moreover, EPPDA has efficient fault tolerance [1] for the user disconnection. Even if a large number of users are disconnected when the protocol runs, EPPDA will execute normally. Analysis shows that the EPPDA can provide a sum of locally trained models to the server without leaking any single users model. Moreover, adversary can not get any non-public information from the communication channel. Efficiency verification proves that the EPPDA not only protects users privacy but also needs fewer computing and communication resources.

Blockchain-Enabled Federated Learning Data Protection Aggregation Scheme With Differential Privacy and Homomorphic Encryption in IIoT

With rapid growth in data volume generated from different industrial devices in IoT, the protection for sensitive and private data in data sharing has become crucial. At present, federated learning for data security has arisen, and it can solve the security concerns on data sharing by model sharing on Internet of mutual distrust. However, the hackers still launch attack aiming at the security vulnerabilities (e.g., model extraction attack and model reverse attack) in federated learning. In this article, to address the above problems, we first design an application model of blockchain-enabled federated learning in Industrial Internet of Things (IIoT), and formulate our data protection aggregation scheme based on the above model. Then, we give the distributed K-means clustering based on differential privacy and homomorphic encryption, and the distributed random forest with differential privacy and the distributed AdaBoost with homomorphic encryption methods, which enable multiple data protection in data sharing and model sharing. Finally, we integrate the methods with blockchain and federated learning, and provide the complete security analysis. Extensive experimental results show that our aggregation scheme and working mechanism have the better performance in the selected indicators.

Inversion Attacks against CNN Models Based on Timing Attack

Model confidentiality attacks on convolutional neural networks (CNN) are becoming more and more common. At present, model reverse attack is an important means of model confidentiality attacks, but all of these attacks require strong attack ability, meanwhile, the success rates of these attacks are low. We study the time leakage of CNN running on the SoC (system on-chip) system and propose a reverse method based on side-channel attack. It uses the SDK tool-profiler to collect the time leakage of different networks of various CNNs. According to the linear relationship between time leakage, calculation, and memory usage parameters, we take the profiling attack to establish a mapping library of time and the different networks. After that, the smallest difference between the measured time of unknown models and the theoretical time in the mapping library is considered to be the real parameters of the unknown models. Finally, we can reverse other layers even the entire model. Based on the experiments, the reverse success rate of common convolutional layers is above 78.5%, and the reverse success rates of different CNNs (such as AlexNet, ConvNet, LeNet, etc.) are all above 67.67%. Moreover, the results show that the success rate of our method is 10% higher than the traditional methods on average. In the adversarial sample attack, the success rate reached 97%.

Privacy-preserving Byzantine-robust federated learning

Robustness of federated learning has become one of the major concerns since some Byzantine adversaries, who may upload false data owning to unreliable communication channels, corrupted hardware or even malicious attacks, might be concealed in the group of the distributed worker. Meanwhile, it has been proved that membership attacks and reverse attacks against federated learning can lead to privacy leakage of the training data. To address the aforementioned challenges, we propose a privacy-preserving Byzantine-robust federated learning scheme (PBFL) which takes both the robustness of federated learning and the privacy of the workers into account. PBFL is constructed from an existing Byzantine-robust federated learning algorithm and combined with distributed Paillier encryption and zero-knowledge proof to guarantee privacy and filter out anomaly parameters from Byzantine adversaries. Finally, we prove that our scheme provides a higher level of privacy protection compared to the previous Byzantine-robust federated learning algorithms.

Declarative Algorithms and Complexity Results for Assumption-Based Argumentation

The study of computational models for argumentation is a vibrant area of artificial intelligence and, in particular, knowledge representation and reasoning research. Arguments most often have an intrinsic structure made explicit through derivations from more basic structures. Computational models for structured argumentation enable making the internal structure of arguments explicit. Assumption-based argumentation (ABA) is a central structured formalism for argumentation in AI. In this article, we make both algorithmic and complexity-theoretic advances in the study of ABA. In terms of algorithms, we propose a new approach to reasoning in a commonly studied fragment of ABA (namely the logic programming fragment) with and without preferences. While previous approaches to reasoning over ABA frameworks apply either specialized algorithms or translate ABA reasoning to reasoning over abstract argumentation frameworks, we develop a direct declarative approach to ABA reasoning by encoding ABA reasoning tasks in answer set programming. We show via an extensive empirical evaluation that our approach significantly improves on the empirical performance of current ABA reasoning systems. In terms of computational complexity, while the complexity of reasoning over ABA frameworks is well-understood, the complexity of reasoning in the ABA+ formalism integrating preferences into ABA is currently not fully established. Towards bridging this gap, our results suggest that the integration of preferential information into ABA via so-called reverse attacks results in increased problem complexity for several central argumentation semantics.

Unified Inter-Letter Steganographic Algorithm, A Text-based Data Hiding Method

This paper funds a novel text-based steganographic algorithm with enhanced functionality with respect to the previously proposed methods. By careful selection of one of standard space characters, the introduced Inter-Letter Steganographic Method, or Visual and Reverse Extraction attacks, two additional modes of operation have been added into original InLetSteg algorithm and have been merged into a single one, called as Unified Inter-Letter Steganographic Method, or UILS. The Unified Inter-Letter Steganographic Method (UILS) embeds the data using variable step-size into the host text and the developed mathematical model can calculate the approximate length of host text required to embed certain data, statistically. In addition, the general mathematical model of UILS makes it customizable to adapt the real-world applications. The statistical parameters that are in use through this work are calculated for English host text, but are easily calculable for other languages with similar alphabets and structure of notations. Finally, the programmatically deployed UILS outputs are experimentally examined using 60 attendant and the results are discussed

Privacy preservation for machine learning training and classification based on homomorphic encryption schemes

In recent years, more and more machine learning algorithms depend on the cloud computing. When a machine learning system is trained or classified in the cloud environment, the cloud server obtains data from the user side. Then, the privacy of the data depends on the service provider, it is easy to induce the malicious acquisition and utilization of data. On the other hand, the attackers can detect the statistical characteristics of machine learning data and infer the parameters of machine learning model through reverse attacks. Therefore, it is urgent to design an effective encryption scheme to protect the data’s privacy without breaking the performance of machine learning.In this paper, we propose a novel homomorphic encryption framework over non-abelian rings, and define the homomorphism operations in ciphertexts space. The scheme can achieve one-way security based on the Conjugacy Search Problem. After that, a homomorphic encryption was proposed over a matrix-ring. It supports real numbers encryption based on the homomorphism of 2-order displacement matrix coding function and achieves fast ciphertexts homomorphic comparison without decrypting any ciphetexts operations’ intermediate result. Furthermore, we use the scheme to realize privacy preservation for machine learning training and classification in data ciphertexts environment. The analysis shows that our proposed schemes are efficient for encryption/decryption and homomorphic operations.

Reverse speculative attacks

In January 2015, in the face of sustained capital inflows, the Swiss National Bank abandoned the floor for the Swiss Franc against the Euro, a decision which led to the appreciation of the Swiss Franc. The objective of this paper is to present a simple numerical framework that helps to better understand the timing of this episode, which we label a “reverse speculative attack”. We model a central bank which wishes to maintain a peg, and responds to increases in demand for domestic currency by expanding its balance sheet. In contrast to the classic speculative attacks, which are triggered by the depletion of foreign assets, reverse attacks are triggered by the concern of future balance sheet losses. Our key result is that the interaction between the desire to maintain the peg and the concern about future losses, can lead the central bank to first accumulate a large amount of reserves, and then to abandon the peg, just as we have observed in the Swiss case.

Comments on “Reverse speculative attacks” by M. Amador, J. Bianchi, L. Bocola and F. Perri

Comments on “Reverse speculative attacks” by M. Amador, J. Bianchi, L. Bocola and F. Perri

Phosphate Hydrolysis by the Fe2-Ca3-Dependent Alkaline Phosphatase PhoX: Mechanistic Insights from DFT calculations.

PhoX is a pentanuclear metalloenzyme that employs two ferric ions and three calcium ions to catalyze the hydrolysis of phosphomonoesters. On the basis of the X-ray structure of PhoX ( Science 2014 , 345 , 1170 - 1173 ), a model of the active site is designed, and quantum chemical calculations are used to investigate the reaction mechanism of this enzyme. The calculations support the experimental suggestion, in which the two high spin ferric ions interact in an antiferromagnetic fashion. The two step mechanism proposed by experimentalists has been investigated. The nucleophilic attack of a trinuclear bridging oxo group on the phosphorus center was calculated to be the first step, which is concomitant with the departure of the phenolate, which is stabilized by a calcium ion. The second step is a reverse attack by a water molecule activated by a calcium-bound hydroxide, leading to the regeneration of the bridging oxo group. The second step was calculated to have a barrier of 27.6 kcal/mol. The high barrier suggests that the alternative mechanism involving phosphate release directly from the active site seems to be more likely. All five metal ions are involved in the catalysis by stabilizing the pentacoordinated trigonal bipyramidal transition states.

Novel Approach against Reverse Bandwagon Profile Inject Attack in Recommender Systems

Due to the simplicity and high recommending quality, collaborative filtering algorithms are the most successful recommender techniques and wildly used in e-commerce recommender systems. However, such systems are vulnerable to profile inject attack which is employed by inserting biased profiles into systems in order to influence the recommendations. In this paper, we propose a novel method against reverse bandwagon profile inject attack model. Our method is basing the standard collaborative filtering algorithms. Experiment results show that our method has better performance against reverse bandwagon attack model.

Why calcium inhibits magnesium-dependent enzyme phosphoserine phosphatase? A theoretical study

Phosphoserine phosphatase (PSP) utilizes one Mg2+ ion to catalyze the hydrolysis of phospho-l-serine. The displacement of Mg2+ by Ca2+ results in the loss of activity. The reaction mechanisms for the enzyme with both Mg2+ and Ca2+ bound were investigated using hybrid density functional theory. A large quantum chemical model abstracted from the X-ray crystal structure was employed in the calculations. Our calculations shed new insight into the catalytic mechanism of the natural enzyme and its lack of activity by Ca2+ substitution. For the catalytic reaction, our calculations showed that the whole reaction proceeds through two steps, namely dephosphorylation and phosphate hydrolysis. The associated barriers for these two steps are calculated to be 11.9 and 12.0 kcal mol−1, respectively. The Mg-bound Asp11 residue functions as a nucleophile to attack the phosphorus moiety, in concomitant with the departure of the leaving group, which takes a proton from the neutral Asp13 residue. In the subsequent step, the newly formed anionic Asp13 residue activates a water molecule to perform the reverse attack on the phosphoryl intermediate, affording the phosphate product. The substitution of Mg2+ by Ca2+ results in different metal coordination fashion, in which the Asp167 residue changes from bidentate to monodentate and a second water molecule becomes ligated to Ca2+. The calculated barriers for the hydrolysis are ca 8 kcal mol−1 higher than those in the native enzyme, which reconciles with the fact that Ca2+ inhibits the activity of PSP. Several possible reasons are discussed.

Automatic generation method for penetration test programs based on attack graph

In order to fulfil the need for network security management a new automatic generation method of penetration test programs was proposed in this paper.The penetration attack graph was set up with the inference relation of the vulnerabilities in the target network through the forward breadth-first search strategy which combined knowledge of atomic attack.The system produced penetration test programs through reverse depth-first traversal attack graph.A prototype of penetration test programs automatic generating system was designed and implemented on the basis of this method.The illustration indicates that this method can effectively set up the penetration test programs which provide a useful reference for network security analysis.

Aggressive behaviour and dominance relationships of the dark chub, Zacco temmincki with special reference to their individual recognition

Aggressive behaviour and dominance relationships ofZacco temmincki were observed by introducing fish into an enclosed pond. Chase (-flee), lateral display, parallel swim and butt were the principal behavioural patterns in aggressive encounters between fish, while chase, resulting in lateral display by the chased fish was the most common behavioural sequence. Initially, mutual behavioural patterns such as parallel swim and mutual lateral display were most evident among the total aggressive acts although chase became dominant three days after introduction into the pond. The dominance matrix constructed from chase-flee interactions during all observation periods contained many reverse attacks (336 out of 2,740 chases). These reverse attacks did not concentrate upon a specific period and were not site-dependent. Examination of chase-flee interactions and the subsequent behavioural pattern revealed that a chased fish reacted to the chaser either by attacking in turn, or performing lateral display etc. roughly in relation to the dominance rank of the chaser. This result implies that fish recognized each other to a great extent during aggressive encounters. It seems likely that such individual recognition was initiated during the early period when mutual behaviour was most frequent, and that some attacks against the dominance order were caused as a result of revolts rather than mistakes.

Reaction Mechanism of the Trinuclear Zinc Enzyme Phospholipase C: A Density Functional Theory Study

Phosphatidylcholine-preferring phospholipase C is a trinuclear zinc-dependent phosphodiesterase, catalyzing the hydrolysis of choline phospholipids. In the present study, density functional theory is used to investigate the reaction mechanism of this enzyme. Two possible mechanistic scenarios were considered with a model of the active site designed on the basis of the high resolution X-ray crystal structure of the native enzyme. The calculations show that a Zn1 and Zn3 bridging hydroxide rather than a Zn1 coordinated water molecule performs the nucleophilic attack on the phosphorus center. Simultaneously, Zn2 activates a water molecule to protonate the leaving group. In the following step, the newly generated Zn2 bound hydroxide makes the reverse attack, resulting in the regeneration of the bridging hydroxide. The first step is calculated to be rate-limiting with a barrier of 17.3 kcal/mol, in good agreement with experimental kinetic studies. The zinc ions are suggested to orient the substrate for nucleophilic attack and provide electrostatic stabilization to the dianionic penta-coordinated trigonal bipyramidal transition states, thereby lowering the barrier.

Theoretical Study of the RNA Hydrolysis Mechanism of the Dinuclear Zinc Enzyme RNase Z

AbstractRNase Z is a dinuclear zinc enzyme that catalyzes the removal of the tRNA 3′‐end trailer. Density functional theory is used to investigate the phosphodiester hydrolysis mechanism of this enzyme with a model of the active site constructed on the basis of the crystal structure. The calculations imply that the reaction proceeds through two steps. The first step is a nucleophilic attack by a bridging hydroxide coupled with protonation of the leaving group by a Glu‐His diad. Subsequently, a water molecule activated by the same Glu‐His diad makes a reverse attack, regenerating the bridging hydroxide. The second step is calculated to be the rate‐limiting step with a barrier of 18 kcal/mol, in good agreement with experimental kinetic studies. Both zinc ions participate in substrate binding and orientation, facilitating nucleophilic attack. In addition, they act as electrophilic catalysts to stabilize the pentacoordinate trigonal‐bipyramidal transition states.(© Wiley‐VCH Verlag GmbH & Co. KGaA, 69451 Weinheim, Germany, 2009)