AI-Driven Network Security and Privacy

1. Introduction

While creating unprecedented opportunities, artificial intelligence is also accompanied by unprecedented risks. Although artificial intelligence has many advantages in network security, it also faces some challenges in the fields of data security, communication security, and privacy protection, including in terms of network attacks, data destruction, and disclosure of private information, which seriously affect the promotion and application of new information technologies. Ensuring that they are implemented securely in scenarios such as smart life, smart cities, and smart networks, as well as promoting and enhancing the development of network security are the goals of this Special Issue of Electronics, entitled “AI-Driven Network Security and Privacy”.

2. The Present Issue

This Special Issue focuses on new-generation network attack and defense technology, new secure cryptographic algorithms, data security and privacy protection technology, network and communication security protocols, and security analysis, while also evaluating their new application scenarios. In our call for papers, we sought to provide a platform for researchers, industry specialists, and application developers to discuss the most pressing issues in the field, exchange insights, and share experiences. We collected a large number of research results, and through strict and careful selection, 23 papers were selected for publication. We have excerpted and collated the main findings of these articles, which are described below.

Wenjie Guo et al. introduce the opcode slice-based Malware Detection Framework Using Active and Ensemble Learning (MalOSDF) framework, designed to address the need for efficient and rapid feature extraction from malware samples and develop a resilient malware detection engine capable of identifying unknown malware types (contribution 1). Specifically, their work presents an opcode slice-based feature engineering method and a Semi-supervised Ensemble Active Learning (SSEAL) malware detection algorithm. The opcode slice-based feature engineering method conducts semantic aggregation, effectively reducing feature dimensionality. Simultaneously, malicious samples are embedded with semantic information to resolve the issue of sparse features and dimensionality explosion associated with the one-hot encoding of all opcodes. The MalOSDF malware detection method employs the principles of semi-supervised learning and utilizes active learning and ensemble learning techniques. This approach enhances the quality of knowledge extraction and learning for model training while addressing the limitations of classical machine learning models in detecting unknown categories of malware and their vulnerability to noisy data.

Zengyu Cai et al. propose an intrusion detection method for industrial control systems based on a one-dimensional convolutional Wasserstein generative adversarial network (1D CWGAN) (contribution 2). The 1D CWGAN is a network attack sample generation method that combines a 1D convolution neural network (CNN) and a Wasserstein generative adversarial network (WGAN). Firstly, the problem of low industrial control system (ICS) intrusion detection accuracy caused by a few types of attack samples is analyzed. This method balances the number of various attack samples in the dataset in terms of data enhancement to improve detection accuracy. According to the temporal characteristics of network traffic, the algorithm uses 1D convolution and 1D transposed convolution to construct the modeling framework of network traffic data of two competing networks and uses gradient penalty instead of weight cutting in the WGAN to generate virtual samples similar to real samples.

Jian Lyu et al. present a streamlined and efficient framework of malware family classification (MalSEF) (contribution 3) which leverages sampling and parallel processing to efficiently and effectively classify a vast number of metamorphic malware variants. The proposed parallel processing strategy is employed to reduce processing times and ameliorate processing efficiency for feature extraction and feature matrix generation from the entire dataset. By constructing the above lightweight feature set and applying the parallel processing strategy, the time overhead required for classifying large amounts of malware can be efficiently reduced. Finally, the strategy evaluates MalSEF on the Microsoft Kaggle malware dataset and achieves a promising classification accuracy. In addition, the processing time overhead can apparently be reduced compared with the serial processing mode. To this end, the strategy first attenuates the complexity of feature engineering by extracting a small portion of representative samples from the entire dataset and establishing a simple feature vector based on opcode sequences; then, it generates the feature matrix and conducts the classification task in parallel with collaboration utilizing multiple cores and a proactive recommendation scheme. At last, its practicality is strengthened to cope with the large volume of diversified malware variants based on common computing platforms.

Yuanping Nie et al. combined the analysis of artificial features and advanced neural network features to detect Domain Generation Algorithm (DGA) domain names (contribution 4). A total of 34 artificial features related to string structure, language characteristics, and distribution statistics were extracted. Deep neural networks were used to actively mine high-level features of domain name characters. Then, the DGA domain name was detected by combining traditional machine learning methods and deep learning methods. In terms of the multi-model decision-making mechanism, a method based on statistical learning was proposed to provide a fair comparison standard for heterogeneous models and produce decision results with a certain level of confidence through voting. When the prediction labels of all models lacked sufficient confidence, confidence and credibility were considered to comprehensively evaluate the prediction quality of the model, and the prediction result with the highest quality was selected as the final decision result.

Gangqiang Duan et al. propose a verifiable dynamic encryption scheme (v-PADSSE) based on the public key cryptosystem (contribution 6). In order to achieve efficient and correct data updating, the scheme designs verification information (VI) for each keyword and constructs a verification list (VL) to store it. When dynamic update operations are performed on the cloud data, it is easy to quickly update the security index through obtaining the latest verification information in the VL. The paper explores the use of the public key cryptosystem in a dynamic searchable symmetric encryption (DSSE) scheme to verify the correctness and integrity of the result returned by the cloud server and to manage the encryption key effectively and securely.

Jiazheng Sun et al. present the design, implementation, and evaluation of Canary, a platform that aims to answer this question (contribution 6). Canary uses a common scoring framework that includes four dimensions with twenty-six (sub) metrics for evaluation. First, Canary generates and selects valid adversarial examples and collects metrics data through a series of tests. Then, it uses a two-way evaluation strategy to guide the data organization and finally integrates all the data to give scores for model robustness and attack effectiveness. The paper is the first to use Item Response Theory (IRT) in this process to ensure that all the metrics can be fairly calculated into a score that can visually measure the platform’s capability. In order to fully demonstrate the effectiveness of Canary, the authors conduct large-scale testing of 15 representative models trained on the ImageNet dataset using 12 white-box attacks and 12 black-box attacks and come up with a series of interesting in-depth findings, further illustrating the capabilities and strengths of Canary as a benchmarking platform. The paper provides an open-source framework for model robustness evaluation, allowing researchers to perform comprehensive and rapid evaluations of models or attack/defense algorithms, thus inspiring further improvements and greatly benefiting future work.

The subsequent contribution to this Special Issue focuses on privacy protection based on traffic obfuscation technology (contribution 7), which is used to obscure the true traffic of smart home devices to prevent malicious traffic listeners from analyzing user privacy information based on traffic characteristics. The paper proposes an enhanced smart home traffic obfuscation method called SHTObfuscator (smart home traffic obfuscator) based on the virtual user technology concept and introduces a virtual user behavior construction method based on logical integrity. By injecting the traffic fingerprints of different device activities into the real traffic environment of smart homes as obfuscating traffic, attackers cannot distinguish between the working status of real devices and the user behavior privacy strategies introduced by the system, effectively reducing the effect of traffic classification attack models. The protection level can be manually or automatically adjusted, achieving a balance between privacy protection and bandwidth overhead.

A novel approach for extracting Advanced Persistent Threat (APT) attack events from web texts is proposed in paper (contribution 8). First, an APT event schema is proposed based on analyzing APT attack stages. Event schemas differ from field to field. For APT events, the correct schema must be defined in order to extract effective information. Secondly, an APT event dataset in Chinese is constructed to train models. Among the many existing event datasets, there is no APT event dataset. Therefore, it is necessary to construct a corresponding dataset to train extraction models. Finally, an APT event extraction method based on the BERT-BiGRU-CRF model is proposed. This offers numerous advantages which are helpful for solving the issues of insufficient attack sample data and low detection accuracy.

Yuzhao Liu et al. propose a dual-backbone network detection method (DB-YOLOv5) for an object detection model that is suitable for unmanned aerial vehicles (UAVs), aiming at the problem of excessively small targets UAV (contribution 9). The model adopts a composite backbone network which connects multiple identical backbone networks in a composite manner and fuses their high-level and low-level features, thus expanding the network’s receptive field of. A bidirectional feature pyramid network structure is also introduced in the feature extraction stage and can fuse multi-scale features conveniently, quickly, and effectively to improve the detection accuracy of small-scale targets. The spatial pyramid attention mechanism is used in the output stage and can maintain the feature representation and spatial location information of the target, further strengthening the model’s ability to identify and locate small targets. Finally, EIoU_loss is used to further optimize the bounding box of the small-scale target to improve the bounding box problem in small target detection.

A depth feature extraction method for high dimensional network traffic is proposed in paper (contribution 10). The method can extract local features without losing time features and add residual connections, which not only alleviates the problem of gradient disappearance but also improves the convergence speed of the network. It is combined with a parallel algorithm for simplified recurrent unit (SRU) abnormal traffic detection. Compared with the traditional long short-term memory (LSTM) model, the SRU model has the advantages of high computational efficiency, fast training, strong sequence modeling ability, low memory utilization rate, and the ability to train the accuracy of the model faster. At the same time, the training time required for this method is also greatly shortened, and it can perform efficient intrusion detection on the industrial Internet.

Jingyu Liu et al. propose a dynamic adjustment technology for hot and cold data to achieve high scalability in large key–value (KV) stores (contribution 11). Specifically, they perform timely adjustments to data classification and change the store management method according to the heat of real-time data changes. They introduce a hybrid index method to improve I/O performance and reduce memory overhead. They also implement fine-grained partial KV separation, distinguishing between small and large KV pairs in cold data management to reduce the I/O overhead caused by frequent value movement due to the compression operation of large KV pairs in the log-structured merge-tree. In order to improve reading, writing, and scanning performance, they also propose a dynamic value grouping method to effectively manage large KV pairs.

Lujuan Deng et al. propose a BERT-ETextCNN-ELSTM (bidirectional encoder representations from transformers–enhanced convolution neural network–enhanced long short-term memory) model for sentiment analysis (contribution 12). The model takes text after word embedding and BERT encoder processing and feeds it to an optimized convolutional neural network (CNN) layer for convolution operations in order to extract local features of the text. Features from the CNN layer are then fed into the LSTM layer for time-series modeling to capture long-term dependencies in the text. It uses pretrained models and optimized hybrid (combinatorial, fusion) neural networks for sentiment analysis to effectively address the problem of ignoring contextual semantics in traditional sentiment analysis methods and to better extract semantic information from the corresponding words to achieve an effective sentiment classification of text.

Yi Sun et al. employ a number of models to extract forgery features from various deepfake datasets and utilize the K-means clustering method to identify datasets with similar feature values (contribution 13). They analyze feature values using the Calinski–Harabasz Index method. Their findings reveal that datasets with the same or similar labels in different deepfake datasets exhibit different forgery features. To solve this problem, the authors propose the KCE system, which combines multiple deepfake datasets according to feature similarity, and point out that the forgery category labels in the deepfake dataset lack objectivity. The KCE system is a deepfake dataset similarity evaluation index system that provides a measure of the similarity between different datasets. Its implementation lays the foundation for subsequent researchers, allowing them to use these datasets comprehensively. The authors’ experiments confirm that when the forgery method of the deepfake dataset is unknown, the model can achieve better generalization performance by training on datasets that are merged based on closer feature distances.

Shaohan Wu et al. propose a black-box evasion attack method based on the confidence score of benign samples (contribution 14). The method extracts sequence fragments called benign payload from benign samples based on detection results and uses an RNN generative model to learn the benign features embedded in these sequences. Then, it uses the end of the original malicious sample as input to generate an adversarial perturbation that reduces the malicious probability of the sample and appends it to the end of the sample to generate an adversarial sample. According to different adversarial scenarios, the authors propose two different generation strategies, which are the one-time generation method and the iterative generation method.

Xiaojin Fan et al. propose a few-shot, multi-pose face recognition method based on hypergraph de-deflection and multi-task collaborative optimization (HDMCO) (contribution 15). In HDMCO, the hypergraph is embedded in a non-negative image decomposition to obtain images without pose deflection. Furthermore, a feature-encoding method is proposed by considering the importance of samples and combining support vector data description, triangle coding, etc. This feature-encoding method is used to extract features from pose-free images. Finally, multi-tasks such as feature extraction and feature recognition are jointly optimized to obtain a solution closer to the optimal global solution.

Lu Liu et al. take adversarial examples from remote sensing image recognition as their research object and systematically study vanishing attacks against a remote sensing image object detection model (contribution 16). To solve the problem of difficult attack implementation on remote sensing image object detection, they propose an adversarial attack adaptation method based on interpolation scaling and patch perturbation stacking. Their method is an adaptation of classical attack algorithms. A hot restart perturbation update strategy is proposed, and the joint attack of the first and second stages of the two-stage remote sensing object detection model is achieved through the design of the attack loss function. To solve the problem of the excessively high modification cost of global pixel attack, a local pixel attack algorithm based on sensitive pixel location is proposed. By searching for the location of sensitive pixels and constructing a mask of the attack area, a good local pixel attack effect is achieved.

To address the problem of inaccurate target tracking results in aerial unmanned aerial vehicle (UAV) videos due to complex backgrounds, a high density of small-scale targets, and mutual occlusion between targets, Li Tan et al. propose a strong interference motion target tracking method based on the target consistency algorithm for UAVs (contribution 17). An interframe fusion method is introduced in the model to correct its tracking trajectory of the target by fusing the current frame with previous frames. The method successfully updates the model’s tracking trajectory by combining the tracking results from the previous frames and learning them again. The model introduces a trajectory confidence mechanism which defines the tracked trajectory’s confidence level according to its duration and then corrects and updates the trajectory in multiple directions to ensure the accuracy of the tracking results. It also optimizes the objective function using the alternating direction method of multipliers (ADMM) algorithm and solves the function by iteration to obtain the optimal tracking trajectory.

Zixiao Kong et al. propose a MalDBA (detection for query-based malware black-box adversarial attacks) method for experiments on the VirusShare dataset (contribution 18). MalDBA defends against query-based malware black-box attacks, helping analysts effectively detect the existence of adversarial attacks. It also can be run on ordinary personal workstations and does not require high-performance hardware resources, so it meets the needs of ordinary researchers who deal with a large number of malicious codes. A stateful detection method for black-box adversarial attacks is proposed. Most of the previous detection methods for adversarial examples (AEs) are stateless, and the method introduced by the authors can precisely carry out a supplementary defense. Existing stateful detection methods for malware black-box attacks are based on the feature space level, while the new method is based on the complete malicious file.

In (contribution 19) a naming-based access control model is proposed. The model is based on identity-based encryption with wildcard key derivation (WKD-IBE), which ensures data confidentiality and integrity as well as fine-grained access control for many-to-many communications in named data networks (NDNs). To effectively and securely share resources, the paper introduce a decentralized authorization mechanism which allows data subjects to manage the data and access policies. Furthermore, this mechanism grants permissions in a transparent and auditable manner.

Qikun Zhang et al. propose a Nadam iterative fast gradient method (NAI-FGM), which combines an improved Nadam optimizer with gradient-based iterative attacks (contribution 20). Specifically, they introduce the look-ahead momentum vector and the adaptive learning rate component based on the Momentum Iterative Fast Gradient Sign Method (MI-FGSM). The look-ahead momentum vector is dedicated to making the loss function converge faster and get rid of the poor local maximum. Additionally, the adaptive learning rate component is used to help the adversarial example to converge to a better extreme point by obtaining adaptive update directions according to the current parameters. Furthermore, they also carry out different input transformations to further enhance the attack performance before using NAI-FGM for attack. Finally, they consider attacking the ensemble model. Extensive experiments show that the NAI-FGM has stronger transferability and black-box attack capability than advanced momentum-based iterative attacks.

Jing Li et al. propose a coverless audio-steganography model to conceal secret audio (contribution 21). In this method, the stego-audio is directly synthesized by their model, which is based on the WaveGAN framework. An extractor reconstructs the secret audio and contains resolution blocks to learn the different resolution features. The method does not perform any modification to an existing or generated cover. It is the first directly generated stego-audio concealment method. The authors prove that it is difficult for current steganalysis methods to detect the existence of the secret stego-audio generated by their method because there is no cover audio. The Mean Opinion Score (MOS) metric indicates that the generated stego-audio has high audio quality. Spectrum diagrams in different forms are used to show that the extractor can reconstruct the secret audio successfully on hearing it, which guarantees complete semantic transmission.

Shengang Hao et al. propose and implement an optimized monocular image depth estimation algorithm based on conditional generative adversarial networks (contribution 22). The goal is to overcome the limitations of insufficient data diversity training and overly blurred depth estimation contours in current monocular image depth estimation algorithms based on generative adversarial networks. The proposed algorithm employs an enhanced conditional generative adversarial network model with a generator that adopts a network structure similar to UNet and a novel feature upsampling module. The discriminator uses a multi-layer patchGAN conditional discriminator and incorporates the original depth map as input to effectively utilize prior knowledge. The loss function combines the least squares loss function. Compared to traditional depth estimation algorithms, the proposed optimization algorithm can effectively restore image contour information and enhance the visualization capability of depth prediction maps. The experimental results demonstrate that the method can expedite the convergence of the model on NYU-V2 and Make3D datasets and generate predicted depth maps that contain more details and clearer object contours.

Jonghoo Han et al. propose a novel intrusion detection system (NIDS) that requires low memory storage space and exhibits high detection performance without detection delay (contribution 22). The proposed method directly inputs the received packet data to the classifier without collecting them and stores the output through them. When the next session packet is received, the previously stored output and received new packet are input back to the classifier. Therefore, partial classification is performed every time a packet is received. Further, whenever a new session packet is received, several state values for the session are updated, and a feature set of the machine learning (ML) model is finally created using these values. In addition, instead of using all packets for each session, intrusion detection is performed before session termination because only some packets are used at the beginning of the session, as in the conventional method. The proposed method does not need to store packets for the current session and uses only some packets, as in conventional methods, but achieves very high detection performance.

3. Future Directions

The future of AI-driven network security and privacy is expected to follow several key directions, as outlined by the collection of research articles in this Special Issue. These directions are as follows:

• Secure data sharing: through consensus calculation, the secure exchange of multi-party keys can be completed, leading to the secure sharing of multi-party-encrypted data;
• Privacy protection: through machine learning and model training, the purposes of data classification and identification can be achieved without providing local datasets for training, so as to protect local privacy data from being leaked;
• Threat detection and prevention: by learning and analyzing massive amounts of data, AI can quickly identify potential attacks and provide early warning;
• Intrusion detection and prevention: through deep learning and analysis of network traffic, AI can detect unusual network behavior and react quickly;
• Identification and protection of malicious code: through learning and analyzing malicious code samples, artificial intelligence can automatically extract features and build corresponding models, so as to achieve the accurate identification and effective protection of malicious code;
• Automated attack defense: artificial intelligence can automatically detect and identify abnormal patterns in network traffic to determine whether there is a potential attack behavior in real time;
• Threat intelligence: AI can also be used to gather and analyze cyber threat intelligence. Through large amounts of network traffic data, AI is able to identify the behavior patterns of attackers, which can help predict future attack trends and strategies;
• Automated response and repair: when an attack is detected, AI can quickly isolate the affected system and prevent further spread of the attack. At the same time, AI can also automatically find and repair security vulnerabilities in the system, improving its overall security.