Network Security Empowered by Artificial Intelligence

Preface
Contents
Part I Architecture Innovations and Security in 5G Networks
nCore: Clean Slate Next-G Mobile Core Network Architecture for Scalability and Low Latency
1 Introduction and Background
2 Next-Gen Mobile Core Requirements
2.1 Ultra-High Bit Rate
2.2 Low Latency
2.3 Support for Internet-of-Things
2.4 Heterogeneity in Access Networks
3 nCore Network Architecture
3.1 Architecture Overview
3.2 Mobility Management
3.3 Packet Forwarding
3.4 Policy and Charging
3.5 Security in nCore Architecture
3.6 Privacy in the nCore Architecture
4 Mobility Control Plane Protocol for UE States
4.1 Initial Attach
4.2 Handover
4.3 Idle-to-Connected
5 nCore Support for 5G Use Cases
5.1 5G Mobility
5.2 Multihoming
5.3 Mobile Edge Computing
5.4 Roaming Architecture
6 Standalone Deployment of nCore and Compatibility with 5G Physical Layer
7 Prototype Evaluation of nCore
7.1 Network Layer Connection Establishment Latency
7.2 Overall Connection Establishment Latency
8 Conclusion
Acronyms
References
Decision-Dominant Strategic Defense Against Lateral Movement for 5G Zero-Trust Multi-Domain Networks
1 Introduction
2 Multi-Domain Warfare and 5G Networks
2.1 Multi-Domain Warfare
2.2 5G Multi-Domain Networks
3 Emerging Security Challenges in 5G Multi-Domain Networks
3.1 Security of 5G Multi-Domain Networks
3.2 5G Threat Landscape: Vulnerabilities and Kill Chain
4 Decision-Dominant Zero-Trust Defense: A Game-Theoretic Framework
4.1 Decision Dominance
4.2 Conceptualization of Decision-Dominant Zero-Trust Defense
5 Zero-Trust Defense
5.1 Information Asymmetry in Zero-Trust Defense
5.2 Defending Against Lateral Movement: A Running Example
5.3 Trust Evaluation and Access Policy in Zero-Trust Defense
5.3.1 Bayes Trust Engine
5.3.2 Machine Learning Trust Engine
5.3.3 Optimal Access Policy: Approximation and Learning
5.4 Generalizability, Explainability, and Accountability of Learning-Based Zero-Trust Defense
5.4.1 Reinforcement Learning and Explainable Defense
5.4.2 Meta-Learning and Generalizable Defense
5.4.3 Accountability
6 Decision-Dominance Defense
6.1 D3 as Dynkin's Game
6.2 Equilibrium Strategies for D3
6.2.1 Case I: Adversarial Dominance
6.2.2 Case II: Defensive Dominance
6.2.3 Decision Dominance with Information Asymmetry
6.3 Decision Dominance Zero-Trust Defense (DD-ZTD): A Case Study
7 Conclusion
References
Part II Security in Artificial Intelligence-Enabled Intrusion Detection Systems
Artificial Intelligence and Machine Learning for Network Security: Quo Vadis?
1 Introduction
1.1 Chapter Roadmap
2 Network Intrusion Detection Systems
2.1 Basic Network Monitoring and Analysis
2.2 Traditional NIDS
2.3 Advanced NIDS with AI/ML
3 AI/ML Systems' Vulnerabilities
4 Intersection of Security and AI/ML
4.1 AI/ML for Network Security
4.1.1 Adversarial Machine Learning
4.1.2 Adversarial Machine Learning for Network Security
4.1.3 Countermeasures
4.2 Security Considerations for AI/ML
5 Conclusion
References
Understanding the Ineffectiveness of the Transfer Attack in Intrusion Detection System
1 Introduction
2 Background of Adversarial Attack on Intrusion Detection System
2.1 Intrusion Detection System
2.2 Adversarial Attacks and Formulation
2.3 Existing Attacks on IDS
2.3.1 White-Box Attacks
2.3.2 Black-Box Attacks
2.3.3 Gray-Box Attacks
2.4 Threat Model
3 Building Surrogate Model of IDS
3.1 Datasets
3.2 Building IDS via Various Machine Learning Models
3.3 Training Surrogate Models
3.4 Evaluation Metrics
3.5 Model Performance Analysis
4 Investigating the Transferability of AEs in IDS
4.1 Different AEs Generation on White-Box Attacks
4.2 Investigating on AE Transferability
4.2.1 Surrogate Model Settings
4.2.2 Surrogate Dataset Settings
4.2.3 Adversarial Algorithm Settings
4.2.4 Evaluation Metrics
4.2.5 Experiment Setting
4.3 Evaluation of AEs Transferability: Results and Discussion
4.3.1 The Affect of Different Attack Algorithms on Transferability
4.3.2 The Affect of Perturbation Norm on Transferability
5 Conclusion
References
Advanced ML/DL-Based Intrusion Detection Systems for Software-Defined Networks
1 Introduction
2 Machine Learning Based Intrusion Detection Methods
2.1 Statistical Methods
2.2 Classification-Based Methods
2.3 Hybrid Approach
3 Deep Learning-Based Intrusion Detection Methods
4 Reinforcement Learning (RL) Techniques for IDSs
5 ML-Based Anomaly Detection on a Real SDN
5.1 Entropy-KL IDS: A Statistical Intrusion Detection Method
5.2 Sample-Based RL Intrusion Detection Method
5.3 Deploying Chain of IDS in Data Plane
6 Measurements
6.1 Effectiveness
6.2 Efficiency
6.3 Evaluation of Specific Intrusion Detection Methods on SDN
7 Conclusion
References
Part III Attack and Defense in Artificial Intelligence-Enabled Wireless Systems
Deep Learning for Robust and Secure Wireless Communications
1 Introduction
2 Deep Learning for Identifying RF Emissions and Collisions
2.1 Literature Studies on RF Identification
2.2 Visual-Based Spectral Representation
2.3 Detecting Wireless Collisions
2.3.1 Learning from Synthetic Data
2.3.2 Evaluation
2.4 Real-Time, Wideband Spectro-Temporal RF Identification
2.4.1 Deep Learning Model and Optimizations
2.4.2 RF-Centric Compression
2.4.3 Experimental Results
2.5 SPREAD Dataset
3 Deep Learning for Canceling Adversarial Interference
3.1 Motivation
3.2 System Model and Problem Formulation
3.3 JaX Jammer Cancellation Scheme
3.3.1 Multi-Functional Convolutional Neural Network
3.3.2 Analyzing CNN Output and Canceling Jammer
3.4 Experimental Analysis
3.4.1 Comparison with Pilot-Based Cancellation
3.4.2 Impact of Phase Alignment and Jammer Type
3.4.3 Over-the-Air Performance
4 Deep Learning for Enhancing RF Receiver with Universal Beamforming
4.1 Motivation
4.2 Beamforming Theory
4.3 Estimating Beamforming Parameters
4.3.1 Amplitude Estimation
4.3.2 Phase Estimation
4.4 Evaluation
4.4.1 Simulation Results
4.4.2 Experimental Results
4.5 Universal RF Beamforming-Relay
5 Conclusion
References
Universal Targeted Adversarial Attacks Against mmWave-Based Human Activity Recognition
1 Introduction
2 Related Work
3 Background
3.1 Sensing Using Wireless Signals
3.2 Adversarial Attack
3.3 Human Activity Recognition
4 Victim Machine Learning Models
5 Threat Model
5.1 White-Box Attack
5.2 Black-Box Attack
6 Attack Design
6.1 White-Box Attack Implementation
6.1.1 Targeted and Untargeted Attack
6.1.2 Perturbation Optimization
6.1.3 Practical Universal Targeted Attack Design
6.2 Black-Box Attack Implementation
7 Performance Evaluation
7.1 Experimental Setup
7.2 Evaluation of White-Box Attack
7.3 Impact of Perturbation Magnitude
7.4 Evaluation of Black-Box Attack
8 Conclusion
References
Adversarial Machine Learning for Wireless Localization
1 Introduction
2 Machine Learning-Based Localization
2.1 Wi-Fi-Based Localization
2.1.1 RSS-Based
2.1.2 CSI-Based
2.2 5G-Based Localization
2.3 Voice-Based Localization
3 Adversarial Machine Learning on Localization
3.1 Backdoor Attack
3.1.1 Backdoor Attack on 5G-Based Localization
3.2 Adversarial Attack
3.2.1 Classic Attack Methods
3.2.2 Adversarial Training
3.2.3 Adversarial Attack on 5G-Based Localization
3.2.4 Adversarial Attack on Wi-Fi-Based Localization
4 Conclusion
References
Localizing Spectrum Offenders Using Crowdsourcing
1 Introduction
1.1 Problem Setting
2 Basics of RSS Localization
2.1 Physics-Based Localization
2.2 Fingerprint-Based Localization
2.3 Neural Networks for Localization
2.3.1 Augmenting with Physical Models
3 Recent Localization Techniques
3.1 SPLOT
3.2 LLOCUS
3.3 TL;DL
3.4 CUTL
3.4.1 An Out-of-Distribution Dataset for Localization
4 Adversarial Attacks on Crowdsourced Localization
4.1 Naive Attacks
4.2 Informed Attacks
4.3 Omniscient Attacks
4.3.1 Worst-Case Attack
4.3.2 Fast Gradient Sign Method
4.4 Defending Against Adversarial Attacks
4.4.1 Sensor Identification and Removal
4.4.2 Adversarial Training for Accurate Localization
5 A Case Study on Attacking Localization
5.1 Attack Scenario
5.1.1 Defending Our Localization Model
5.2 Naive Random Attack
5.3 FGSM Attacks
5.4 Worst Cast Attack
5.5 Discussion
6 Location Privacy Concerns
7 Looking Forward
8 Conclusion
References
Adversarial Online Reinforcement Learning Under Limited Defender Resources
1 Introduction
2 An Overview of Adversarial RL Without Switching Costs
3 Adversarial Bandit Learning With Switching Costs
3.1 Problem Formulation
3.2 Algorithm and Regret
4 Adversarial RL With Switching Costs
4.1 Problem Formulation
4.2 A Lower Bound
4.3 The Case When the Transition Function Is Known
4.4 The Case When the Transition Function Is Unknown
5 Conclusion and Future Work
Appendix: Proof of Theorem 5
References
Part IV Security in Network-Enabled Applications
Security and Privacy of Augmented Reality Systems
1 Introduction
2 Augmented Reality System Overview
2.1 Architecture of AR Systems
2.2 Sensors and Important Components on AR Devices
2.2.1 Depth Sensor
2.2.2 Camera System and Eye Gaze Sensor
2.2.3 Motion Sensor
2.2.4 Audio System
3 Security and Privacy Concerns of Augmented Reality
4 Input Security
4.1 Threat Model
4.2 Audio Input Security
4.2.1 Vulnerabilities
4.2.2 Defense Solutions
4.3 Motion Input Security
4.3.1 Vulnerabilities
4.3.2 Defense Solutions
4.4 Depth Input Security
4.4.1 Vulnerabilities
4.4.2 Defense Solutions
5 Input Privacy
5.1 Threat Model
5.2 Bystander Privacy
5.2.1 Explicit Solutions
5.2.2 Implicit Solutions
5.3 Location Privacy
5.4 Gaze Privacy
5.4.1 Identification
5.4.2 Preferences and Knowledgeability
5.4.3 Defense Solutions
6 Output Safety, Security, and Privacy
6.1 Output Safety and Security
6.2 Output Privacy
7 Opportunities and Future Directions
8 Conclusion
References
Securing Augmented Reality Applications
1 Introduction
1.1 Background
1.1.1 The Early Years: A Detailed Overview
1.1.2 Mainstream Adoption: An In-depth Examination
1.1.3 Recent Developments: A Comprehensive Analysis
1.1.4 Future Trends
1.2 The Imperative of Security in Augmented Reality (AR) Applications
1.3 Leveraging Artificial Intelligence and Machine Learning for Enhanced Security in Augmented Reality Systems
2 Augmented Reality (AR) Security Threats
2.1 Fraud, Theft, and Disruption
2.2 Invisible Eavesdropping
2.3 Manipulation into Physical Harm
2.4 Human Joystick Attack in AR
2.5 Chaperone Attack in AR
2.6 Overlay Attack
2.7 Disorientation Attack
2.8 Man in the Room Attack in AR
3 AI and ML in Enhancing AR Security
3.1 AI for Anomaly Detection in AR Systems
4 Case Study Analysis
4.1 Case Study 1: Defending Against AR Attack in Mobile Scenario
4.2 Case Study 2: Understanding and Mitigating Perceptual Manipulation Attacks
5 Case Study 3: Secure and Private Sharing Mechanisms for Multi-User AR System
6 Challenges and Future Prospects
6.1 Potential Risks of AI and Machine Learning in AR Security
6.1.1 Exploiting AI-Generated Video Manipulations for AR Device Location Tracking
6.2 Emerging Trends and Future Prospects
6.2.1 AI for Prevention of Malicious AR Content
6.2.2 AI-Based User Authentication Methods in AR
7 Conclusion
References
On the Robustness of Image-Based Malware Detection Against Adversarial Attacks
1 Introduction
2 Related Work
3 Background
3.1 Portable Executable (PE) File Format
3.2 Visualization of Portable Executable Malware Files
3.3 PE-Based Adversarial Malware Attacks
3.3.1 Byte Append Attacks
3.3.2 Feature Modification Attacks
3.3.3 Malicious Code Append Attacks
4 Problem Scope and Threat Model
4.1 Problem Definition
4.2 Threat Model
5 Proposed Image-Based Malware Classifier
5.1 Methodology
5.2 Network Architecture
5.3 Dataset
5.4 Preprocessing: Conversion of Malware Binary to Image
6 Considered Adversarial Attacks
6.1 Adversarial Attacks Under Black-Box Settings
6.2 Adversarial Attacks Under White-Box Settings
7 Performance and Robustness Evaluation
7.1 Performance Analysis
7.1.1 Classification Accuracy
7.1.2 Overhead Analysis
7.2 Robustness Analysis
8 Discussion
9 Conclusion
References
The Cost of Privacy: A Comprehensive Analysis of the Security Issues in Federated Learning
1 Federated Learning Basics
1.1 What Is Federated Learning? Why Do We Need It?
1.2 Applications of Federated Learning
1.2.1 Healthcare
1.2.2 Internet of Things
1.2.3 Mobile Devices
1.2.4 Smart Grids
1.2.5 Autonomous Vehicles
1.2.6 Finance
1.3 Workflow of a Federated Learning System
1.4 Factors to Consider
1.4.1 Based on Data Distribution
1.4.2 Based on the Type of Feature Division
1.5 Common Threat Model
1.5.1 Number of Attackers
1.5.2 Attacker Knowledge
1.5.3 Attacker Capacity
1.5.4 Defender Knowledge
1.5.5 Defender Capacity
2 Issues With Federated Learning
2.1 Privacy Issues in FL
2.1.1 Inversion Attack
2.1.2 Inference Attack
2.2 Free-Rider Issues in FL
3 Security Attacks on Federated Learning
3.1 Based on Attack Objective
3.1.1 Byzantine Attack
3.1.2 Backdoor Attack
3.2 Based on Attack Approach
3.2.1 Data Poisoning
3.2.2 Model Poisoning
4 Impact of Attacks on FL
4.1 Angular Deviation
4.2 Magnitude Deviation
4.3 Minor Deviation
5 Common Defense Methods
5.1 Clustering
5.1.1 Downsides of Clustering
5.2 Clipping
5.2.1 Downsides of Clipping
5.3 Similarity Checking
5.3.1 Downsides of Similarity Checking
5.4 Noise Addition
5.4.1 Downsides of Noise Addition
5.5 Robust Aggregation
5.5.1 Selecting a Subset from Submitted Models
5.5.2 Truncating the Weights of the Updates
5.5.3 Replacing Simple Averaging
5.5.4 Downsides of Robust Aggregation
6 Some State-of-the-Art Backdoor Defense Techniques
6.1 Protocol-Level Defenses
6.2 Server-Level Defenses
6.3 Client-Level Defenses
7 Opportunities and Future Directions
7.1 Beyond Text and Image
7.2 Beyond Single-Domain
7.3 Beyond Security Impacts
7.4 Beyond Horizontal Federated Learning
7.5 Need for Client-Level Defenses
8 Conclusion
References
Lessons Learned and Future Directions for Security, Resilience and Artificial Intelligence in Cyber Physical Systems
1 Introduction
2 Physical Domain and Cyber Domain
2.1 System Model and Control in CPS
2.2 CPS-Specific Cyber Security Challenges and Solutions
2.2.1 Cyber Attacks Against CPS and Critical Infrastructure
2.2.2 Anatomy of CPS/Controller Owning Cyber Exploits
2.2.3 Defense: White Listing and Operation Segmentation
2.2.4 Defense: Reference Model Based CPS Security
2.2.5 Defense: Vulnerability Prevention
Security Hardening
Formal Methods
2.2.6 Defense: Vulnerability Tolerance
Software Brittleness
Byzantine Fault Tolerance++ (BFT++)
You Only Live Once (YOLO)
CPS Cyber Resilience Architecture (CRA)
3 Machine Learning and CPS
3.1 Enhancing CPS Robustness with Machine Learning
3.2 Roles and Pitfalls of AI in CPS
3.3 Future Direction for AI in CPS
References