Hanlin Zhang

A Survey on Internet of Things: Architecture, Enabling Technologies, Security and Privacy, and Applications

Fog/edge computing has been proposed to be integrated with Internet of Things (IoT) to enable computing services devices deployed at network edge, aiming to improve the user’s experience and resilience of the services in case of failures. With the advantage of distributed architecture and close to end-users, fog/edge computing can provide faster response and greater quality of service for IoT applications. Thus, fog/edge computing-based IoT becomes future infrastructure on IoT development. To develop fog/edge computing-based IoT infrastructure, the architecture, enabling techniques, and issues related to IoT should be investigated first, and then the integration of fog/edge computing and IoT should be explored. To this end, this paper conducts a comprehensive overview of IoT with respect to system architecture, enabling technologies, security and privacy issues, and present the integration of fog/edge computing and IoT, and applications. Particularly, this paper first explores the relationship between cyber-physical systems and IoT, both of which play important roles in realizing an intelligent cyber-physical world. Then, existing architectures, enabling technologies, and security and privacy issues in IoT are presented to enhance the understanding of the state of the art IoT development. To investigate the fog/edge computing-based IoT, this paper also investigate the relationship between IoT and fog/edge computing, and discuss issues in fog/edge computing-based IoT. Finally, several applications, including the smart grid, smart transportation, and smart cities, are presented to demonstrate how fog/edge computing-based IoT to be implemented in real-world applications.

On behavior-based detection of malware on Android platform

Because of exponential growth in smart mobile devices, malware attacks on smart mobile devices have been growing and pose serious threats to mobile device users. To address this issue, we develop a malware detection system, which uses a behavior-based detection approach to deal with the detection of a large number of unknown malware. To accurately detect malware, we examine system calls to capture the runtime behavior of software, which interacts with an operating system and adopt machine learning approaches such as Support Vector Machine (SVM) and Naive Bayes learning schemes to learn the dynamic behavior of software execution. Using real-world malware and benign samples, we conduct experiments on Android devices and evaluate the effectiveness of our developed system in terms of learning algorithms, the size of training set, the length of n-grams, and the overhead in training and detection processes. Our experimental data demonstrates the effectiveness of our proposed detection system to detect malware.

Ultra-Dense Networks: Survey of State of the Art and Future Directions

Within the foreseeable future, the growing number of mobile devices, and their diversity, will challenge the current network architecture. Furthermore, users will expect greater data rates, lower latency, lower packet drop rates, etc. in future wireless networks. Ultra Dense Networks (UDN), considered to be one of the best ways to meet user expectations and support future wireless network deployment, will face multiple significant hurdles, including interference, mobility, and cost. In this paper, we review existing research efforts toward addressing those challenges and present future avenues for research. We first develop a taxonomy to review and describe existing research efforts. Next, we focus on inter-cell interference, handover performance, and energy efficiency as the key techniques to addressing the most pressing challenges. Finally, we present several future research directions, including emergent Internet-of-Things (IoT) applications, security and privacy, modeling and realistic simulations, and relevant techniques.

ScanMe mobile: a local and cloud hybrid service for analyzing APKs

As mobile malware increases in numbers and sophistication, it becomes pertinent for users to have access to tools that can inform them of potentially malicious applications. In this paper, we developed a cloud based Android malware analysis service called ScanMe Mobile. The objective of this service is to allow users to learn information about Android application package (APK) files before installing them on their Android devices. With ScanMe Mobile, users can locally scan APK files on their phones SD (Secure Digital) memory card, compile a comprehensive report, and share the report by publishing it through a web interface. ScanMe Mobile allows users to perform both static and dynamic analysis on APK files. In addition to integrating some existing analysis tools into the system, we performed Android malware detection based on machine learning techniques. Our experimental data shows that our proposed system can effectively detect malware on the Android platform.

On effectiveness of game theoretic modeling and analysis against cyber threats for avionic systems

Cyber-attack defense requires network security situation awareness through distributed collaborative monitoring, detection, and mitigation. An issue of developing and demonstrating innovative and effective situational awareness techniques for avionics has increased in importance in the last decade. In this paper, we first conducted a game theoretical based modeling and analysis to study the interaction between an adversary and a defender. We then introduced the implementation of game-theoretic analysis on an Avionics Sensor-based Defense System (ASDS), which consists of distributed passive and active network sensors. A trade-off between defense and attack strategy was studied via existing tools for game theory (Gambit). To further enhance the defense and mitigate attacks, we designed and implemented a multi-functional web display to integrate the game theocratic analysis. Our simulation validates that the game theoretical modeling and analysis can help the Avionics Sensor-based Defense System (ASDS) adapt detection and response strategies to efficiently and dynamically deal with various cyber threats.

On detection and visualization techniques for cyber security situation awareness

Networking technologies are exponentially increasing to meet worldwide communication requirements. The rapid growth of network technologies and perversity of communications pose serious security issues. In this paper, we aim to developing an integrated network defense system with situation awareness capabilities to present the useful information for human analysts. In particular, we implement a prototypical system that includes both the distributed passive and active network sensors and traffic visualization features, such as 1D, 2D and 3D based network traffic displays. To effectively detect attacks, we also implement algorithms to transform real-world data of IP addresses into images and study the pattern of attacks and use both the discrete wavelet transform (DWT) based scheme and the statistical based scheme to detect attacks. Through an extensive simulation study, our data validate the effectiveness of our implemented defense system.

On effective data aggregation techniques in host-based intrusion detection in MANET

Mobile Ad Hoc Networks (MANETs) have been widely used in commercial and tactical domains. MANETs commonly demand a robust, diverse, energy-efficient, and resilient communication and computing infrastructure, enabling network-centric operation with minimal downtime. MANETs face security risks and energy consumption. However, conducting cyber attack monitoring and detection in a MANET becomes a challenging issue because of limited resources and its infrastructureless network environment. To address this issue, we develop both lossless and lossy aggregation techniques to reduce the energy cost in information transition and bandwidth consumption while preserving the desired detection accuracy. In particular, we develop two lossless aggregation techniques: compression-based and event-based aggregation and develop a lossy aggregation technique: feature-based aggregation. We conduct real-world experiments and simulation study to evaluate the effectiveness of our proposed data aggregation techniques in terms of the energy consumption and detection accuracy.

Performance Evaluation of NETCONF Protocol in MANET Using Emulation

The Mobile Ad-hoc Network (MANET) is an emerging infrastructure-free network constructed by self-organized mobile devices. In order to manage MANET, with its dynamic topology, several network management protocols have been proposed, and Network Configuration Protocol (NETCONF) is representative one. Nonetheless, the performance of these network management protocols on MANET remains unresolved. In this paper, we leverage the Common Open Research Emulator (CORE), a network emulation tool, to conduct the quantitative performance evaluation of NETCONF in an emulated MANET environment. We design a framework that captures the key characteristics of MANET (i.e., distance, mobility, and disruption), and develop subsequent emulation scenarios to perform the evaluation. Our experimental data illustrates how NETCONF performance is affected by each individual characteristic, and the results can serve as a guideline for deploying NETCONF in MANET.

ScanMe mobile: a cloud-based Android malware analysis service

As mobile malware have increased in number and sophistication, it has become pertinent for users to have tools that can inform them of potentially malicious applications. To fulfill this need, we develop a cloud-based malware analysis service called ScanMe Mobile, for the Android platform. The objective of this service is to provide users with detailed information about Android Application Package (APK) files before installing them on their devices. With ScanMe Mobile, users are able to upload APK files from their device SD card, scan the APK in the malware detection system that could be deployed in the cloud, compile a comprehensive report, and store or share the report by publishing it to the website. ScanMe Mobile works by running the APK in a virtual sandbox to generate permission data, and analyzes the result in the machine learning detection system. Through our experimental results, we demonstrate that the proposed system can effectively detect malware on the Android platform.

Scheduling methods for unmanned aerial vehicle based delivery systems

The recent Federal Aviation Administration (FAA) approval of Unmanned Aerial Vehicle (UAV) testing will transform our daily lives. Because of the inherent flexibility, ease of use, and low cost to operate; UAV-based delivery systems will become tremendously popular in the near future. In this paper, we address the issue of cyber-physical scheduling of UAV resources in order to achieve an efficient delivery service. Particularly, to reduce the overall delivery time, we develop a weight-based scheduling scheme, which considers the priority and delivery distance of service requests. To maximize the probability of effectively handling service requests with a limited number of UAVs, we first formalize the problem as an optimization problem and then use a dynamic programming approach to solve the problem. Through a simulation study, our data shows that the service delivery delay and the probability of successfully handling UAV services requests can be significantly improved upon in comparison with existing baseline schemes.