The fast emerging of internet of things (IoTs) has introduced fog computing as an intermediate layer between end-users and the cloud datacenters. Fog computing layer characterized by its closeness to end users for service provisioning than the cloud. However, security challenges are still a big concern in fog and cloud computing paradigms as well. In fog computing, one of the most destructive attacks is man-in-the-middle (MitM). Moreover, MitM attacks are hard to be detected since they performed passively on the network level. This paper proposes a MitM mitigation scheme in fog computing architecture. The proposal mapped the fog layer on software-defined network (SDN) architecture. The proposal integrated multi-path transmission control protocol (MPTCP), moving target defense (MTD) technique, and reinforcement learning agent (RL) in one framework that contributed significantly to improving the fog layer resources utilization and security. The proposed schema hardens the network reconnaissance and discovery, thus improved the network security against MitM attack. The evaluation framework was tested using a simulation environment on mininet, with the utilization of MPTCP kernel and Ryu SDN controller. The experimental results shows that the proposed schema maintained the network resiliency, improves resource utilization without adding significant overheads compared to the traditional transmission control protocol (TCP).
Security and Privacy Issues of Fog Computing: A SurveyHarshitParkar6677
Abstract. Fog computing is a promising computing paradigm that ex-
tends cloud computing to the edge of networks. Similar to cloud comput-
ing but with distinct characteristics, fog computing faces new security
and privacy challenges besides those inherited from cloud computing. In
this paper, we have surveyed these challenges and corresponding solu-
tions in a brief manner.
A review on orchestration distributed systems for IoT smart services in fog c...IJECEIAES
This paper provides a review of orchestration distributed systems for IoT smart services in fog computing. The cloud infrastructure alone cannot handle the flow of information with the abundance of data, devices and interactions. Thus, fog computing becomes a new paradigm to overcome the problem. One of the first challenges was to build the orchestration systems to activate the clouds and to execute tasks throughout the whole system that has to be considered to the situation in the large scale of geographical distance, heterogeneity and low latency to support the limitation of cloud computing. Some problems exist for orchestration distributed in fog computing are to fulfil with high reliability and low-delay requirements in the IoT applications system and to form a larger computer network like a fog network, at different geographic sites. This paper reviewed approximately 68 articles on orchestration distributed system for fog computing. The result shows the orchestration distribute system and some of the evaluation criteria for fog computing that have been compared in terms of Borg, Kubernetes, Swarm, Mesos, Aurora, heterogeneity, QoS management, scalability, mobility, federation, and interoperability. The significance of this study is to support the researcher in developing orchestration distributed systems for IoT smart services in fog computing focus on IR4.0 national agenda.
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGIJNSA Journal
In the IoT scenario, things at the edge can create significantly large amounts of data. Fog Computing has recently emerged as the paradigm to address the needs of edge computing in the Internet of Things (IoT) and Industrial Internet of Things (IIoT) applications. In a Fog Computing environment, much of the processing would take place closer to the edge in a router device, rather than having to be transmitted to the Fog. Authentication is an important issue for the security of fog computing since services are offered to massive-scale end users by front fog nodes.Fog computing faces new security and privacy challenges besides those inherited from cloud computing. Authentication helps to ensure and confirms a user's identity. The existing traditional password authentication does not provide enough security for the data and there have been instances when the password-based authentication has been manipulated to gain access into the data. Since the conventional methods such as passwords do not serve the purpose of data security, research worksare focused on biometric user authentication in fog computing environment. In this paper, we present biometric smartcard authentication to protect the fog computing environment.
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGIJNSA Journal
In the IoT scenario, things at the edge can create significantly large amounts of data. Fog Computing has recently emerged as the paradigm to address the needs of edge computing in the Internet of Things (IoT) and Industrial Internet of Things (IIoT) applications. In a Fog Computing environment, much of the processing would take place closer to the edge in a router device, rather than having to be transmitted to the Fog. Authentication is an important issue for the security of fog computing since services are offered to massive-scale end users by front fog nodes.Fog computing faces new security and privacy challenges besides those inherited from cloud computing. Authentication helps to ensure and confirms a user's identity. The existing traditional password authentication does not provide enough security for the data and there have been instances when the password-based authentication has been manipulated to gain access into the data. Since the conventional methods such as passwords do not serve the purpose of data security, research worksare focused on biometric user authentication in fog computing environment. In this paper, we present biometric smartcard authentication to protect the fog computing environment.
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...IJNSA Journal
Multi-cloud is an advanced version of cloud computing that allows its users to utilize different cloud systems from several Cloud Service Providers (CSPs) remotely. Although it is a very efficient computing
facility, threat detection, data protection, and vendor lock-in are the major security drawbacks of this infrastructure. These factors act as a catalyst in promoting serious cyber-crimes of the virtual world. Privacy and safety issues of a multi-cloud environment have been overviewed in this research paper. The
objective of this research is to analyze some logical automation and monitoring provisions, such as monitoring Cyber-physical Systems (CPS), home automation, automation in Big Data Infrastructure (BDI), Disaster Recovery (DR), and secret protection. The Results of this research investigation indicate that it is possible to avoid security snags of a multi-cloud interface by adopting these scientific solutions methodically.
Security and Privacy Issues of Fog Computing: A SurveyHarshitParkar6677
Abstract. Fog computing is a promising computing paradigm that ex-
tends cloud computing to the edge of networks. Similar to cloud comput-
ing but with distinct characteristics, fog computing faces new security
and privacy challenges besides those inherited from cloud computing. In
this paper, we have surveyed these challenges and corresponding solu-
tions in a brief manner.
A review on orchestration distributed systems for IoT smart services in fog c...IJECEIAES
This paper provides a review of orchestration distributed systems for IoT smart services in fog computing. The cloud infrastructure alone cannot handle the flow of information with the abundance of data, devices and interactions. Thus, fog computing becomes a new paradigm to overcome the problem. One of the first challenges was to build the orchestration systems to activate the clouds and to execute tasks throughout the whole system that has to be considered to the situation in the large scale of geographical distance, heterogeneity and low latency to support the limitation of cloud computing. Some problems exist for orchestration distributed in fog computing are to fulfil with high reliability and low-delay requirements in the IoT applications system and to form a larger computer network like a fog network, at different geographic sites. This paper reviewed approximately 68 articles on orchestration distributed system for fog computing. The result shows the orchestration distribute system and some of the evaluation criteria for fog computing that have been compared in terms of Borg, Kubernetes, Swarm, Mesos, Aurora, heterogeneity, QoS management, scalability, mobility, federation, and interoperability. The significance of this study is to support the researcher in developing orchestration distributed systems for IoT smart services in fog computing focus on IR4.0 national agenda.
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGIJNSA Journal
In the IoT scenario, things at the edge can create significantly large amounts of data. Fog Computing has recently emerged as the paradigm to address the needs of edge computing in the Internet of Things (IoT) and Industrial Internet of Things (IIoT) applications. In a Fog Computing environment, much of the processing would take place closer to the edge in a router device, rather than having to be transmitted to the Fog. Authentication is an important issue for the security of fog computing since services are offered to massive-scale end users by front fog nodes.Fog computing faces new security and privacy challenges besides those inherited from cloud computing. Authentication helps to ensure and confirms a user's identity. The existing traditional password authentication does not provide enough security for the data and there have been instances when the password-based authentication has been manipulated to gain access into the data. Since the conventional methods such as passwords do not serve the purpose of data security, research worksare focused on biometric user authentication in fog computing environment. In this paper, we present biometric smartcard authentication to protect the fog computing environment.
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGIJNSA Journal
In the IoT scenario, things at the edge can create significantly large amounts of data. Fog Computing has recently emerged as the paradigm to address the needs of edge computing in the Internet of Things (IoT) and Industrial Internet of Things (IIoT) applications. In a Fog Computing environment, much of the processing would take place closer to the edge in a router device, rather than having to be transmitted to the Fog. Authentication is an important issue for the security of fog computing since services are offered to massive-scale end users by front fog nodes.Fog computing faces new security and privacy challenges besides those inherited from cloud computing. Authentication helps to ensure and confirms a user's identity. The existing traditional password authentication does not provide enough security for the data and there have been instances when the password-based authentication has been manipulated to gain access into the data. Since the conventional methods such as passwords do not serve the purpose of data security, research worksare focused on biometric user authentication in fog computing environment. In this paper, we present biometric smartcard authentication to protect the fog computing environment.
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...IJNSA Journal
Multi-cloud is an advanced version of cloud computing that allows its users to utilize different cloud systems from several Cloud Service Providers (CSPs) remotely. Although it is a very efficient computing
facility, threat detection, data protection, and vendor lock-in are the major security drawbacks of this infrastructure. These factors act as a catalyst in promoting serious cyber-crimes of the virtual world. Privacy and safety issues of a multi-cloud environment have been overviewed in this research paper. The
objective of this research is to analyze some logical automation and monitoring provisions, such as monitoring Cyber-physical Systems (CPS), home automation, automation in Big Data Infrastructure (BDI), Disaster Recovery (DR), and secret protection. The Results of this research investigation indicate that it is possible to avoid security snags of a multi-cloud interface by adopting these scientific solutions methodically.
Cloud data security and various cryptographic algorithms IJECEIAES
Cloud computing has spread widely among different organizations due to its advantages, such as cost reduction, resource pooling, broad network access, and ease of administration. It increases the abilities of physical resources by optimizing shared use. Clients’ valuable items (data and applications) are moved outside of regulatory supervision in a shared environment where many clients are grouped together. However, this process poses security concerns, such as sensitive information theft and personally identifiable data leakage. Many researchers have contributed to reducing the problem of data security in cloud computing by developing a variety of technologies to secure cloud data, including encryption. In this study, a set of encryption algorithms (advance encryption standard (AES), data encryption standard (DES), Blowfish, Rivest-Shamir-Adleman (RSA) encryption, and international data encryption algorithm (IDEA) was compared in terms of security, data encipherment capacity, memory usage, and encipherment time to determine the optimal algorithm for securing cloud information from hackers. Results show that RSA and IDEA are less secure than AES, Blowfish, and DES). The AES algorithm encrypts a huge amount of data, takes the least encipherment time, and is faster than other algorithms, and the Blowfish algorithm requires the least amount of memory space.
Efficient ECC-Based Authentication Scheme for Fog-Based IoT EnvironmentIJCNCJournal
The rapid growth of cloud computing and Internet of Things (IoT) applications faces several threats, such as latency, security, network failure, and performance. These issues are solved with the development of fog computing, which brings storage and computation closer to IoT-devices. However, there are several challenges faced by security designers, engineers, and researchers to secure this environment. To ensure the confidentiality of data that passes between the connected devices, digital signature protocols have been applied to the authentication of identities and messages. However, in the traditional method, a user's private key is directly stored on IoTs, so the private key may be disclosed under various malicious attacks. Furthermore, these methods require a lot of energy, which drains the resources of IoT-devices. A signature scheme based on the elliptic curve digital signature algorithm (ECDSA) is proposed in this paper to improve the security of the private key and the time taken for key-pair generation. ECDSA security is based on the intractability of the Elliptic Curve Discrete Logarithm Problem (ECDLP), which allows one to use much smaller groups. Smaller group sizes directly translate into shorter signatures, which is a crucial feature in settings where communication bandwidth is limited, or data transfer consumes a large amount of energy. In this paper, we have chosen the safe curve types of elliptic-curve cryptography (ECC) such as M221, SECP256r1, curve 25519, Brainpool P256t1, and M-551. These types of curves are the most secure curves of other curves of ECC as their security is based on the complexity of the ECDLP of the curve. And these types of curves exceed the complexity of the ECDLP. A valid signature can be generated without reestablishing the whole private key. ECDSA ensures data security and successfully reduces intermediate attacks. The efficiency and effectiveness of ECDSA in the IoT environment are validated by experimental evaluation and comparison analysis. The results indicate that, in comparison to the two-party ECDSA and RSA, the proposed ECDSA decreases computation time by 65% and 87%, respectively. Additionally, as compared to two-party ECDSA and RSA, respectively, it reduces energy consumption by 77% and 82%.
Efficient ECC-Based Authentication Scheme for Fog-Based IoT EnvironmentIJCNCJournal
The rapid growth of cloud computing and Internet of Things (IoT) applications faces several threats, such as latency, security, network failure, and performance. These issues are solved with the development of fog computing, which brings storage and computation closer to IoT-devices. However, there are several challenges faced by security designers, engineers, and researchers to secure this environment. To ensure the confidentiality of data that passes between the connected devices, digital signature protocols have been applied to the authentication of identities and messages. However, in the traditional method, a user's private key is directly stored on IoTs, so the private key may be disclosed under various malicious attacks. Furthermore, these methods require a lot of energy, which drains the resources of IoT-devices. A signature scheme based on the elliptic curve digital signature algorithm (ECDSA) is proposed in this paper to improve the security of the private key and the time taken for key-pair generation. ECDSA security is based on the intractability of the Elliptic Curve Discrete Logarithm Problem (ECDLP), which allows one to use much smaller groups. Smaller group sizes directly translate into shorter signatures, which is a crucial feature in settings where communication bandwidth is limited, or data transfer consumes a large amount of energy. In this paper, we have chosen the safe curve types of elliptic-curve cryptography (ECC) such as M221, SECP256r1, curve 25519, Brainpool P256t1, and M-551. These types of curves are the most secure curves of other curves of ECC as their security is based on the complexity of the ECDLP of the curve. And these types of curves exceed the complexity of the ECDLP. A valid signature can be generated without reestablishing the whole private key. ECDSA ensures data security and successfully reduces intermediate attacks. The efficiency and effectiveness of ECDSA in the IoT environment are validated by experimental evaluation and comparison analysis. The results indicate that, in comparison to the two-party ECDSA and RSA, the proposed ECDSA decreases computation time by 65% and 87%, respectively. Additionally, as compared to two-party ECDSA and RSA, respectively, it reduces energy consumption by 77% and 82%.
A brief review: security issues in cloud computing and their solutionsTELKOMNIKA JOURNAL
Cloud computing is an Internet-based, emerging technology, tends to be prevailing in our environment especially in the field of computer sciences and information technologies which require network computing on large scale. Cloud Computing is a shared pool of services which is gaining popularity due to its cost, effectiveness, avilability and great production. Along with its numerous benefits, cloud computing brings much more challenging situation regarding data privacy, data protection, authenticated access, Intellectual property rights etc. Due to these issues, adoption of cloud computing is becoming difficult in today’s world. In this review paper, various security issues regarding data privacy and reliability, key factors which are affecting cloud computing, have been addressed and also suggestions on particular areas have been discussed.
A new algorithm to enhance security against cyber threats for internet of thi...IJECEIAES
One major problem is detecting the unsuitability of traffic caused by a distributed denial of services (DDoS) attack produced by third party nodes, such as smart phones and other handheld Wi-Fi devices. During the transmission between the devices, there are rising in the number of cyber attacks on systems by using negligible packets, which lead to suspension of the services between source and destination, and can find the vulnerabilities on the network. These vulnerable issues have led to a reduction in the reliability of networks and a reduction in consumer confidence. In this paper, we will introduce a new algorithm called rout attack with detection algorithm (RAWD) to reduce the affect of any attack by checking the packet injection, and to avoid number of cyber attacks being received by the destination and transferred through a determined path or alternative path based on the problem. The proposed algorithm will forward the real time traffic to the required destination from a new alternative backup path which is computed by it before the attacked occurred. The results have showed an improvement when the attack occurred and the alternative path has used to make sure the continuity of receiving the data to the main destination without any affection.
Internet of things: review, architecture and applicationsCSITiaesprime
Devices linked to the internet of things (IoT) may communicate with one another in several settings. Furthermore, rather of relying on an existing centralized system, users may develop their own network by using wireless capabilities. This kind of network is known as a wireless mobile ad hoc network. The mobile ad-hoc network (MANET) enables IoT devices to connect with one another in an unstructured networked environment. IoT devices may connect, establish linkages, and share data on a continuous basis. In this system, the cloud's purpose is to store and analyze data acquired from IoT devices. One of the most significant challenges in cloud computing has been identified as information security, and its resolution will result in an even bigger increase in cloud computing usage and popularity in the future. Finally, the goal of this project is to create a framework for facilitating communication between IoT devices in a Cloud and MANET context. Our major contribution is a ground-breaking research initiative that combines cloud computing with the MANET and connects the internet of things. This research might be used to the IoT in the future.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
F2CDM: Internet of Things for Healthcare Network Based Fog-to-Cloud and Data-...Istabraq M. Al-Joboury
Internet of Things (IoT) evolves very rapidly over time, since everything such as sensors/actuators linked together from around the world with use of evolution of ubiquitous computing through the Internet. These devices have a unique IP address in order to communicate with each other and transmit data with features of wireless technologies. Fog computing or so called edge computing brings all Cloud features to embedded devices at edge network and adds more features to servers like pre-store data of Cloud, fast response, and generate overhasty users reporting. Fog mediates between Cloud and IoT devices and thus enables new types of computing and services. The future applications take the advantage of combing the two concepts Fog and Cloud in order to provide low delay Fog-based and high capacity of storage Cloud-based. This paper proposes an IoT architecture for healthcare network based on Fog to Cloud and Data in Motion (F2CDM). The proposed architecture is designed and implemented over three sites: Site 1 contains the embedded devices layer, Site 2 consists of the Fog network layer, while Site 3 consists of the Cloud network. The Fog layer is represented by a middleware server in Al-Nahrain University with temporary storage such that the data lives inside for 30 min. During this time, the selection of up-normality in behavior is send to the Cloud while the rest of the data is wiped out. On the other hand, the Cloud stores all the incoming data from Fog permanently. The F2CDM works using Message Queue Telemetry Transport (MQTT) for fast response. The results show that all data can be monitored from the Fog in real time while the critical data can be monitored from Cloud. In addition, the response time is evaluated using traffic generator called Tsung. It has been found that the proposed architecture reduces traffic on Cloud network and provides better data analysis.
Fog computing security and privacy issues, open challenges, and blockchain so...IJECEIAES
Due to the expansion growth of the IoT devices, Fog computing was proposed to enhance the low latency IoT applications and meet the distribution nature of these devices. However, Fog computing was criticized for several privacy and security vulnerabilities. This paper aims to identify and discuss the security challenges for Fog computing. It also discusses blockchain technology as a complementary mechanism associated with Fog computing to mitigate the impact of these issues. The findings of this paper reveal that blockchain can meet the privacy and security requirements of fog computing; however, there are several limitations of blockchain that should be further investigated in the context of Fog computing.
Performance Analysis of Internet of Things Protocols Based Fog/Cloud over Hig...Istabraq M. Al-Joboury
The Internet of Things (IoT) becomes the future of a global data field in which the embedded devices communicate with each other, exchange data and making decisions through the Internet. IoT could improves the qualityoflife in smart cities, but a massive amount of data from different smart devices could slow down or crash database systems. In addition, IoT data transfer to Cloud for monitoring information and generating feedback thus will lead to highdelay in infrastructure level. Fog Computing can help by offering services closer to edge devices. In this paper, we propose an efficient system architecture to mitigate the problem of delay. We provide performance analysis like responsetime, throughput and packet loss for MQTT (Message Queue Telemetry Transport) and HTTP (Hyper Text Transfer Protocol) protocols based on Cloud or Fog serverswith large volume of data form emulated traffic generator working alongsidewith one real sensor. We implement both protocols in the same architecture, with low cost embedded devices to local and Cloud servers with different platforms. The results show that HTTP response time is 12.1 and 4.76 times higher than MQTT Fog and cloud based located in the same geographical area of the sensors respectively. The worst case in performance is observed when the Cloud is public and outside the country region. The results obtained for throughput shows that MQTT has the capability to carry the data with available bandwidth and lowest percentage of packet loss. We also prove that the proposed Fog architecture is an efficient way to reduce latency and enhance performance in Cloud based IoT.
A secure sharing control framework supporting elastic mobile cloud computing IJECEIAES
In elastic mobile cloud computing (EMCC), mobile devices migrate some computing tasks to the cloud for execution according to current needs and seamlessly and transparently use cloud resources to enhance their functions. First, based on the summary of existing EMCC schemes, a generic EMCC framework is abstracted; it is pointed out that the migration of sensitive modules in the EMCC program can bring security risks such as privacy leakage and information flow hijacking to EMCC; then, a generic framework of elastic mobile cloud computing that incorporates risk management is designed, which regards security risks as a cost of EMCC and ensures that the use of EMCC is. Finally, it is pointed out that the difficulty of risk management lies in risk quantification and sensitive module labeling. In this regard, risk quantification algorithms are designed, an automatic annotation tool for sensitive modules of Android programs is implemented, and the accuracy of the automatic annotation is demonstrated through experiments.
Bibliometric analysis highlighting the role of women in addressing climate ch...IJECEIAES
Fossil fuel consumption increased quickly, contributing to climate change
that is evident in unusual flooding and draughts, and global warming. Over
the past ten years, women's involvement in society has grown dramatically,
and they succeeded in playing a noticeable role in reducing climate change.
A bibliometric analysis of data from the last ten years has been carried out to
examine the role of women in addressing the climate change. The analysis's
findings discussed the relevant to the sustainable development goals (SDGs),
particularly SDG 7 and SDG 13. The results considered contributions made
by women in the various sectors while taking geographic dispersion into
account. The bibliometric analysis delves into topics including women's
leadership in environmental groups, their involvement in policymaking, their
contributions to sustainable development projects, and the influence of
gender diversity on attempts to mitigate climate change. This study's results
highlight how women have influenced policies and actions related to climate
change, point out areas of research deficiency and recommendations on how
to increase role of the women in addressing the climate change and
achieving sustainability. To achieve more successful results, this initiative
aims to highlight the significance of gender equality and encourage
inclusivity in climate change decision-making processes.
Voltage and frequency control of microgrid in presence of micro-turbine inter...IJECEIAES
The active and reactive load changes have a significant impact on voltage
and frequency. In this paper, in order to stabilize the microgrid (MG) against
load variations in islanding mode, the active and reactive power of all
distributed generators (DGs), including energy storage (battery), diesel
generator, and micro-turbine, are controlled. The micro-turbine generator is
connected to MG through a three-phase to three-phase matrix converter, and
the droop control method is applied for controlling the voltage and
frequency of MG. In addition, a method is introduced for voltage and
frequency control of micro-turbines in the transition state from gridconnected mode to islanding mode. A novel switching strategy of the matrix
converter is used for converting the high-frequency output voltage of the
micro-turbine to the grid-side frequency of the utility system. Moreover,
using the switching strategy, the low-order harmonics in the output current
and voltage are not produced, and consequently, the size of the output filter
would be reduced. In fact, the suggested control strategy is load-independent
and has no frequency conversion restrictions. The proposed approach for
voltage and frequency regulation demonstrates exceptional performance and
favorable response across various load alteration scenarios. The suggested
strategy is examined in several scenarios in the MG test systems, and the
simulation results are addressed.
More Related Content
Similar to Reinforcement learning-based security schema mitigating manin-the-middle attacks in fog computing
Cloud data security and various cryptographic algorithms IJECEIAES
Cloud computing has spread widely among different organizations due to its advantages, such as cost reduction, resource pooling, broad network access, and ease of administration. It increases the abilities of physical resources by optimizing shared use. Clients’ valuable items (data and applications) are moved outside of regulatory supervision in a shared environment where many clients are grouped together. However, this process poses security concerns, such as sensitive information theft and personally identifiable data leakage. Many researchers have contributed to reducing the problem of data security in cloud computing by developing a variety of technologies to secure cloud data, including encryption. In this study, a set of encryption algorithms (advance encryption standard (AES), data encryption standard (DES), Blowfish, Rivest-Shamir-Adleman (RSA) encryption, and international data encryption algorithm (IDEA) was compared in terms of security, data encipherment capacity, memory usage, and encipherment time to determine the optimal algorithm for securing cloud information from hackers. Results show that RSA and IDEA are less secure than AES, Blowfish, and DES). The AES algorithm encrypts a huge amount of data, takes the least encipherment time, and is faster than other algorithms, and the Blowfish algorithm requires the least amount of memory space.
Efficient ECC-Based Authentication Scheme for Fog-Based IoT EnvironmentIJCNCJournal
The rapid growth of cloud computing and Internet of Things (IoT) applications faces several threats, such as latency, security, network failure, and performance. These issues are solved with the development of fog computing, which brings storage and computation closer to IoT-devices. However, there are several challenges faced by security designers, engineers, and researchers to secure this environment. To ensure the confidentiality of data that passes between the connected devices, digital signature protocols have been applied to the authentication of identities and messages. However, in the traditional method, a user's private key is directly stored on IoTs, so the private key may be disclosed under various malicious attacks. Furthermore, these methods require a lot of energy, which drains the resources of IoT-devices. A signature scheme based on the elliptic curve digital signature algorithm (ECDSA) is proposed in this paper to improve the security of the private key and the time taken for key-pair generation. ECDSA security is based on the intractability of the Elliptic Curve Discrete Logarithm Problem (ECDLP), which allows one to use much smaller groups. Smaller group sizes directly translate into shorter signatures, which is a crucial feature in settings where communication bandwidth is limited, or data transfer consumes a large amount of energy. In this paper, we have chosen the safe curve types of elliptic-curve cryptography (ECC) such as M221, SECP256r1, curve 25519, Brainpool P256t1, and M-551. These types of curves are the most secure curves of other curves of ECC as their security is based on the complexity of the ECDLP of the curve. And these types of curves exceed the complexity of the ECDLP. A valid signature can be generated without reestablishing the whole private key. ECDSA ensures data security and successfully reduces intermediate attacks. The efficiency and effectiveness of ECDSA in the IoT environment are validated by experimental evaluation and comparison analysis. The results indicate that, in comparison to the two-party ECDSA and RSA, the proposed ECDSA decreases computation time by 65% and 87%, respectively. Additionally, as compared to two-party ECDSA and RSA, respectively, it reduces energy consumption by 77% and 82%.
Efficient ECC-Based Authentication Scheme for Fog-Based IoT EnvironmentIJCNCJournal
The rapid growth of cloud computing and Internet of Things (IoT) applications faces several threats, such as latency, security, network failure, and performance. These issues are solved with the development of fog computing, which brings storage and computation closer to IoT-devices. However, there are several challenges faced by security designers, engineers, and researchers to secure this environment. To ensure the confidentiality of data that passes between the connected devices, digital signature protocols have been applied to the authentication of identities and messages. However, in the traditional method, a user's private key is directly stored on IoTs, so the private key may be disclosed under various malicious attacks. Furthermore, these methods require a lot of energy, which drains the resources of IoT-devices. A signature scheme based on the elliptic curve digital signature algorithm (ECDSA) is proposed in this paper to improve the security of the private key and the time taken for key-pair generation. ECDSA security is based on the intractability of the Elliptic Curve Discrete Logarithm Problem (ECDLP), which allows one to use much smaller groups. Smaller group sizes directly translate into shorter signatures, which is a crucial feature in settings where communication bandwidth is limited, or data transfer consumes a large amount of energy. In this paper, we have chosen the safe curve types of elliptic-curve cryptography (ECC) such as M221, SECP256r1, curve 25519, Brainpool P256t1, and M-551. These types of curves are the most secure curves of other curves of ECC as their security is based on the complexity of the ECDLP of the curve. And these types of curves exceed the complexity of the ECDLP. A valid signature can be generated without reestablishing the whole private key. ECDSA ensures data security and successfully reduces intermediate attacks. The efficiency and effectiveness of ECDSA in the IoT environment are validated by experimental evaluation and comparison analysis. The results indicate that, in comparison to the two-party ECDSA and RSA, the proposed ECDSA decreases computation time by 65% and 87%, respectively. Additionally, as compared to two-party ECDSA and RSA, respectively, it reduces energy consumption by 77% and 82%.
A brief review: security issues in cloud computing and their solutionsTELKOMNIKA JOURNAL
Cloud computing is an Internet-based, emerging technology, tends to be prevailing in our environment especially in the field of computer sciences and information technologies which require network computing on large scale. Cloud Computing is a shared pool of services which is gaining popularity due to its cost, effectiveness, avilability and great production. Along with its numerous benefits, cloud computing brings much more challenging situation regarding data privacy, data protection, authenticated access, Intellectual property rights etc. Due to these issues, adoption of cloud computing is becoming difficult in today’s world. In this review paper, various security issues regarding data privacy and reliability, key factors which are affecting cloud computing, have been addressed and also suggestions on particular areas have been discussed.
A new algorithm to enhance security against cyber threats for internet of thi...IJECEIAES
One major problem is detecting the unsuitability of traffic caused by a distributed denial of services (DDoS) attack produced by third party nodes, such as smart phones and other handheld Wi-Fi devices. During the transmission between the devices, there are rising in the number of cyber attacks on systems by using negligible packets, which lead to suspension of the services between source and destination, and can find the vulnerabilities on the network. These vulnerable issues have led to a reduction in the reliability of networks and a reduction in consumer confidence. In this paper, we will introduce a new algorithm called rout attack with detection algorithm (RAWD) to reduce the affect of any attack by checking the packet injection, and to avoid number of cyber attacks being received by the destination and transferred through a determined path or alternative path based on the problem. The proposed algorithm will forward the real time traffic to the required destination from a new alternative backup path which is computed by it before the attacked occurred. The results have showed an improvement when the attack occurred and the alternative path has used to make sure the continuity of receiving the data to the main destination without any affection.
Internet of things: review, architecture and applicationsCSITiaesprime
Devices linked to the internet of things (IoT) may communicate with one another in several settings. Furthermore, rather of relying on an existing centralized system, users may develop their own network by using wireless capabilities. This kind of network is known as a wireless mobile ad hoc network. The mobile ad-hoc network (MANET) enables IoT devices to connect with one another in an unstructured networked environment. IoT devices may connect, establish linkages, and share data on a continuous basis. In this system, the cloud's purpose is to store and analyze data acquired from IoT devices. One of the most significant challenges in cloud computing has been identified as information security, and its resolution will result in an even bigger increase in cloud computing usage and popularity in the future. Finally, the goal of this project is to create a framework for facilitating communication between IoT devices in a Cloud and MANET context. Our major contribution is a ground-breaking research initiative that combines cloud computing with the MANET and connects the internet of things. This research might be used to the IoT in the future.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
F2CDM: Internet of Things for Healthcare Network Based Fog-to-Cloud and Data-...Istabraq M. Al-Joboury
Internet of Things (IoT) evolves very rapidly over time, since everything such as sensors/actuators linked together from around the world with use of evolution of ubiquitous computing through the Internet. These devices have a unique IP address in order to communicate with each other and transmit data with features of wireless technologies. Fog computing or so called edge computing brings all Cloud features to embedded devices at edge network and adds more features to servers like pre-store data of Cloud, fast response, and generate overhasty users reporting. Fog mediates between Cloud and IoT devices and thus enables new types of computing and services. The future applications take the advantage of combing the two concepts Fog and Cloud in order to provide low delay Fog-based and high capacity of storage Cloud-based. This paper proposes an IoT architecture for healthcare network based on Fog to Cloud and Data in Motion (F2CDM). The proposed architecture is designed and implemented over three sites: Site 1 contains the embedded devices layer, Site 2 consists of the Fog network layer, while Site 3 consists of the Cloud network. The Fog layer is represented by a middleware server in Al-Nahrain University with temporary storage such that the data lives inside for 30 min. During this time, the selection of up-normality in behavior is send to the Cloud while the rest of the data is wiped out. On the other hand, the Cloud stores all the incoming data from Fog permanently. The F2CDM works using Message Queue Telemetry Transport (MQTT) for fast response. The results show that all data can be monitored from the Fog in real time while the critical data can be monitored from Cloud. In addition, the response time is evaluated using traffic generator called Tsung. It has been found that the proposed architecture reduces traffic on Cloud network and provides better data analysis.
Fog computing security and privacy issues, open challenges, and blockchain so...IJECEIAES
Due to the expansion growth of the IoT devices, Fog computing was proposed to enhance the low latency IoT applications and meet the distribution nature of these devices. However, Fog computing was criticized for several privacy and security vulnerabilities. This paper aims to identify and discuss the security challenges for Fog computing. It also discusses blockchain technology as a complementary mechanism associated with Fog computing to mitigate the impact of these issues. The findings of this paper reveal that blockchain can meet the privacy and security requirements of fog computing; however, there are several limitations of blockchain that should be further investigated in the context of Fog computing.
Performance Analysis of Internet of Things Protocols Based Fog/Cloud over Hig...Istabraq M. Al-Joboury
The Internet of Things (IoT) becomes the future of a global data field in which the embedded devices communicate with each other, exchange data and making decisions through the Internet. IoT could improves the qualityoflife in smart cities, but a massive amount of data from different smart devices could slow down or crash database systems. In addition, IoT data transfer to Cloud for monitoring information and generating feedback thus will lead to highdelay in infrastructure level. Fog Computing can help by offering services closer to edge devices. In this paper, we propose an efficient system architecture to mitigate the problem of delay. We provide performance analysis like responsetime, throughput and packet loss for MQTT (Message Queue Telemetry Transport) and HTTP (Hyper Text Transfer Protocol) protocols based on Cloud or Fog serverswith large volume of data form emulated traffic generator working alongsidewith one real sensor. We implement both protocols in the same architecture, with low cost embedded devices to local and Cloud servers with different platforms. The results show that HTTP response time is 12.1 and 4.76 times higher than MQTT Fog and cloud based located in the same geographical area of the sensors respectively. The worst case in performance is observed when the Cloud is public and outside the country region. The results obtained for throughput shows that MQTT has the capability to carry the data with available bandwidth and lowest percentage of packet loss. We also prove that the proposed Fog architecture is an efficient way to reduce latency and enhance performance in Cloud based IoT.
A secure sharing control framework supporting elastic mobile cloud computing IJECEIAES
In elastic mobile cloud computing (EMCC), mobile devices migrate some computing tasks to the cloud for execution according to current needs and seamlessly and transparently use cloud resources to enhance their functions. First, based on the summary of existing EMCC schemes, a generic EMCC framework is abstracted; it is pointed out that the migration of sensitive modules in the EMCC program can bring security risks such as privacy leakage and information flow hijacking to EMCC; then, a generic framework of elastic mobile cloud computing that incorporates risk management is designed, which regards security risks as a cost of EMCC and ensures that the use of EMCC is. Finally, it is pointed out that the difficulty of risk management lies in risk quantification and sensitive module labeling. In this regard, risk quantification algorithms are designed, an automatic annotation tool for sensitive modules of Android programs is implemented, and the accuracy of the automatic annotation is demonstrated through experiments.
Bibliometric analysis highlighting the role of women in addressing climate ch...IJECEIAES
Fossil fuel consumption increased quickly, contributing to climate change
that is evident in unusual flooding and draughts, and global warming. Over
the past ten years, women's involvement in society has grown dramatically,
and they succeeded in playing a noticeable role in reducing climate change.
A bibliometric analysis of data from the last ten years has been carried out to
examine the role of women in addressing the climate change. The analysis's
findings discussed the relevant to the sustainable development goals (SDGs),
particularly SDG 7 and SDG 13. The results considered contributions made
by women in the various sectors while taking geographic dispersion into
account. The bibliometric analysis delves into topics including women's
leadership in environmental groups, their involvement in policymaking, their
contributions to sustainable development projects, and the influence of
gender diversity on attempts to mitigate climate change. This study's results
highlight how women have influenced policies and actions related to climate
change, point out areas of research deficiency and recommendations on how
to increase role of the women in addressing the climate change and
achieving sustainability. To achieve more successful results, this initiative
aims to highlight the significance of gender equality and encourage
inclusivity in climate change decision-making processes.
Voltage and frequency control of microgrid in presence of micro-turbine inter...IJECEIAES
The active and reactive load changes have a significant impact on voltage
and frequency. In this paper, in order to stabilize the microgrid (MG) against
load variations in islanding mode, the active and reactive power of all
distributed generators (DGs), including energy storage (battery), diesel
generator, and micro-turbine, are controlled. The micro-turbine generator is
connected to MG through a three-phase to three-phase matrix converter, and
the droop control method is applied for controlling the voltage and
frequency of MG. In addition, a method is introduced for voltage and
frequency control of micro-turbines in the transition state from gridconnected mode to islanding mode. A novel switching strategy of the matrix
converter is used for converting the high-frequency output voltage of the
micro-turbine to the grid-side frequency of the utility system. Moreover,
using the switching strategy, the low-order harmonics in the output current
and voltage are not produced, and consequently, the size of the output filter
would be reduced. In fact, the suggested control strategy is load-independent
and has no frequency conversion restrictions. The proposed approach for
voltage and frequency regulation demonstrates exceptional performance and
favorable response across various load alteration scenarios. The suggested
strategy is examined in several scenarios in the MG test systems, and the
simulation results are addressed.
Enhancing battery system identification: nonlinear autoregressive modeling fo...IJECEIAES
Precisely characterizing Li-ion batteries is essential for optimizing their
performance, enhancing safety, and prolonging their lifespan across various
applications, such as electric vehicles and renewable energy systems. This
article introduces an innovative nonlinear methodology for system
identification of a Li-ion battery, employing a nonlinear autoregressive with
exogenous inputs (NARX) model. The proposed approach integrates the
benefits of nonlinear modeling with the adaptability of the NARX structure,
facilitating a more comprehensive representation of the intricate
electrochemical processes within the battery. Experimental data collected
from a Li-ion battery operating under diverse scenarios are employed to
validate the effectiveness of the proposed methodology. The identified
NARX model exhibits superior accuracy in predicting the battery's behavior
compared to traditional linear models. This study underscores the
importance of accounting for nonlinearities in battery modeling, providing
insights into the intricate relationships between state-of-charge, voltage, and
current under dynamic conditions.
Smart grid deployment: from a bibliometric analysis to a surveyIJECEIAES
Smart grids are one of the last decades' innovations in electrical energy.
They bring relevant advantages compared to the traditional grid and
significant interest from the research community. Assessing the field's
evolution is essential to propose guidelines for facing new and future smart
grid challenges. In addition, knowing the main technologies involved in the
deployment of smart grids (SGs) is important to highlight possible
shortcomings that can be mitigated by developing new tools. This paper
contributes to the research trends mentioned above by focusing on two
objectives. First, a bibliometric analysis is presented to give an overview of
the current research level about smart grid deployment. Second, a survey of
the main technological approaches used for smart grid implementation and
their contributions are highlighted. To that effect, we searched the Web of
Science (WoS), and the Scopus databases. We obtained 5,663 documents
from WoS and 7,215 from Scopus on smart grid implementation or
deployment. With the extraction limitation in the Scopus database, 5,872 of
the 7,215 documents were extracted using a multi-step process. These two
datasets have been analyzed using a bibliometric tool called bibliometrix.
The main outputs are presented with some recommendations for future
research.
Use of analytical hierarchy process for selecting and prioritizing islanding ...IJECEIAES
One of the problems that are associated to power systems is islanding
condition, which must be rapidly and properly detected to prevent any
negative consequences on the system's protection, stability, and security.
This paper offers a thorough overview of several islanding detection
strategies, which are divided into two categories: classic approaches,
including local and remote approaches, and modern techniques, including
techniques based on signal processing and computational intelligence.
Additionally, each approach is compared and assessed based on several
factors, including implementation costs, non-detected zones, declining
power quality, and response times using the analytical hierarchy process
(AHP). The multi-criteria decision-making analysis shows that the overall
weight of passive methods (24.7%), active methods (7.8%), hybrid methods
(5.6%), remote methods (14.5%), signal processing-based methods (26.6%),
and computational intelligent-based methods (20.8%) based on the
comparison of all criteria together. Thus, it can be seen from the total weight
that hybrid approaches are the least suitable to be chosen, while signal
processing-based methods are the most appropriate islanding detection
method to be selected and implemented in power system with respect to the
aforementioned factors. Using Expert Choice software, the proposed
hierarchy model is studied and examined.
Enhancing of single-stage grid-connected photovoltaic system using fuzzy logi...IJECEIAES
The power generated by photovoltaic (PV) systems is influenced by
environmental factors. This variability hampers the control and utilization of
solar cells' peak output. In this study, a single-stage grid-connected PV
system is designed to enhance power quality. Our approach employs fuzzy
logic in the direct power control (DPC) of a three-phase voltage source
inverter (VSI), enabling seamless integration of the PV connected to the
grid. Additionally, a fuzzy logic-based maximum power point tracking
(MPPT) controller is adopted, which outperforms traditional methods like
incremental conductance (INC) in enhancing solar cell efficiency and
minimizing the response time. Moreover, the inverter's real-time active and
reactive power is directly managed to achieve a unity power factor (UPF).
The system's performance is assessed through MATLAB/Simulink
implementation, showing marked improvement over conventional methods,
particularly in steady-state and varying weather conditions. For solar
irradiances of 500 and 1,000 W/m2
, the results show that the proposed
method reduces the total harmonic distortion (THD) of the injected current
to the grid by approximately 46% and 38% compared to conventional
methods, respectively. Furthermore, we compare the simulation results with
IEEE standards to evaluate the system's grid compatibility.
Enhancing photovoltaic system maximum power point tracking with fuzzy logic-b...IJECEIAES
Photovoltaic systems have emerged as a promising energy resource that
caters to the future needs of society, owing to their renewable, inexhaustible,
and cost-free nature. The power output of these systems relies on solar cell
radiation and temperature. In order to mitigate the dependence on
atmospheric conditions and enhance power tracking, a conventional
approach has been improved by integrating various methods. To optimize
the generation of electricity from solar systems, the maximum power point
tracking (MPPT) technique is employed. To overcome limitations such as
steady-state voltage oscillations and improve transient response, two
traditional MPPT methods, namely fuzzy logic controller (FLC) and perturb
and observe (P&O), have been modified. This research paper aims to
simulate and validate the step size of the proposed modified P&O and FLC
techniques within the MPPT algorithm using MATLAB/Simulink for
efficient power tracking in photovoltaic systems.
Adaptive synchronous sliding control for a robot manipulator based on neural ...IJECEIAES
Robot manipulators have become important equipment in production lines, medical fields, and transportation. Improving the quality of trajectory tracking for
robot hands is always an attractive topic in the research community. This is a
challenging problem because robot manipulators are complex nonlinear systems
and are often subject to fluctuations in loads and external disturbances. This
article proposes an adaptive synchronous sliding control scheme to improve trajectory tracking performance for a robot manipulator. The proposed controller
ensures that the positions of the joints track the desired trajectory, synchronize
the errors, and significantly reduces chattering. First, the synchronous tracking
errors and synchronous sliding surfaces are presented. Second, the synchronous
tracking error dynamics are determined. Third, a robust adaptive control law is
designed,the unknown components of the model are estimated online by the neural network, and the parameters of the switching elements are selected by fuzzy
logic. The built algorithm ensures that the tracking and approximation errors
are ultimately uniformly bounded (UUB). Finally, the effectiveness of the constructed algorithm is demonstrated through simulation and experimental results.
Simulation and experimental results show that the proposed controller is effective with small synchronous tracking errors, and the chattering phenomenon is
significantly reduced.
Remote field-programmable gate array laboratory for signal acquisition and de...IJECEIAES
A remote laboratory utilizing field-programmable gate array (FPGA) technologies enhances students’ learning experience anywhere and anytime in embedded system design. Existing remote laboratories prioritize hardware access and visual feedback for observing board behavior after programming, neglecting comprehensive debugging tools to resolve errors that require internal signal acquisition. This paper proposes a novel remote embeddedsystem design approach targeting FPGA technologies that are fully interactive via a web-based platform. Our solution provides FPGA board access and debugging capabilities beyond the visual feedback provided by existing remote laboratories. We implemented a lab module that allows users to seamlessly incorporate into their FPGA design. The module minimizes hardware resource utilization while enabling the acquisition of a large number of data samples from the signal during the experiments by adaptively compressing the signal prior to data transmission. The results demonstrate an average compression ratio of 2.90 across three benchmark signals, indicating efficient signal acquisition and effective debugging and analysis. This method allows users to acquire more data samples than conventional methods. The proposed lab allows students to remotely test and debug their designs, bridging the gap between theory and practice in embedded system design.
Detecting and resolving feature envy through automated machine learning and m...IJECEIAES
Efficiently identifying and resolving code smells enhances software project quality. This paper presents a novel solution, utilizing automated machine learning (AutoML) techniques, to detect code smells and apply move method refactoring. By evaluating code metrics before and after refactoring, we assessed its impact on coupling, complexity, and cohesion. Key contributions of this research include a unique dataset for code smell classification and the development of models using AutoGluon for optimal performance. Furthermore, the study identifies the top 20 influential features in classifying feature envy, a well-known code smell, stemming from excessive reliance on external classes. We also explored how move method refactoring addresses feature envy, revealing reduced coupling and complexity, and improved cohesion, ultimately enhancing code quality. In summary, this research offers an empirical, data-driven approach, integrating AutoML and move method refactoring to optimize software project quality. Insights gained shed light on the benefits of refactoring on code quality and the significance of specific features in detecting feature envy. Future research can expand to explore additional refactoring techniques and a broader range of code metrics, advancing software engineering practices and standards.
Smart monitoring technique for solar cell systems using internet of things ba...IJECEIAES
Rapidly and remotely monitoring and receiving the solar cell systems status parameters, solar irradiance, temperature, and humidity, are critical issues in enhancement their efficiency. Hence, in the present article an improved smart prototype of internet of things (IoT) technique based on embedded system through NodeMCU ESP8266 (ESP-12E) was carried out experimentally. Three different regions at Egypt; Luxor, Cairo, and El-Beheira cities were chosen to study their solar irradiance profile, temperature, and humidity by the proposed IoT system. The monitoring data of solar irradiance, temperature, and humidity were live visualized directly by Ubidots through hypertext transfer protocol (HTTP) protocol. The measured solar power radiation in Luxor, Cairo, and El-Beheira ranged between 216-1000, 245-958, and 187-692 W/m 2 respectively during the solar day. The accuracy and rapidity of obtaining monitoring results using the proposed IoT system made it a strong candidate for application in monitoring solar cell systems. On the other hand, the obtained solar power radiation results of the three considered regions strongly candidate Luxor and Cairo as suitable places to build up a solar cells system station rather than El-Beheira.
An efficient security framework for intrusion detection and prevention in int...IJECEIAES
Over the past few years, the internet of things (IoT) has advanced to connect billions of smart devices to improve quality of life. However, anomalies or malicious intrusions pose several security loopholes, leading to performance degradation and threat to data security in IoT operations. Thereby, IoT security systems must keep an eye on and restrict unwanted events from occurring in the IoT network. Recently, various technical solutions based on machine learning (ML) models have been derived towards identifying and restricting unwanted events in IoT. However, most ML-based approaches are prone to miss-classification due to inappropriate feature selection. Additionally, most ML approaches applied to intrusion detection and prevention consider supervised learning, which requires a large amount of labeled data to be trained. Consequently, such complex datasets are impossible to source in a large network like IoT. To address this problem, this proposed study introduces an efficient learning mechanism to strengthen the IoT security aspects. The proposed algorithm incorporates supervised and unsupervised approaches to improve the learning models for intrusion detection and mitigation. Compared with the related works, the experimental outcome shows that the model performs well in a benchmark dataset. It accomplishes an improved detection accuracy of approximately 99.21%.
Developing a smart system for infant incubators using the internet of things ...IJECEIAES
This research is developing an incubator system that integrates the internet of things and artificial intelligence to improve care for premature babies. The system workflow starts with sensors that collect data from the incubator. Then, the data is sent in real-time to the internet of things (IoT) broker eclipse mosquito using the message queue telemetry transport (MQTT) protocol version 5.0. After that, the data is stored in a database for analysis using the long short-term memory network (LSTM) method and displayed in a web application using an application programming interface (API) service. Furthermore, the experimental results produce as many as 2,880 rows of data stored in the database. The correlation coefficient between the target attribute and other attributes ranges from 0.23 to 0.48. Next, several experiments were conducted to evaluate the model-predicted value on the test data. The best results are obtained using a two-layer LSTM configuration model, each with 60 neurons and a lookback setting 6. This model produces an R 2 value of 0.934, with a root mean square error (RMSE) value of 0.015 and a mean absolute error (MAE) of 0.008. In addition, the R 2 value was also evaluated for each attribute used as input, with a result of values between 0.590 and 0.845.
A review on internet of things-based stingless bee's honey production with im...IJECEIAES
Honey is produced exclusively by honeybees and stingless bees which both are well adapted to tropical and subtropical regions such as Malaysia. Stingless bees are known for producing small amounts of honey and are known for having a unique flavor profile. Problem identified that many stingless bees collapsed due to weather, temperature and environment. It is critical to understand the relationship between the production of stingless bee honey and environmental conditions to improve honey production. Thus, this paper presents a review on stingless bee's honey production and prediction modeling. About 54 previous research has been analyzed and compared in identifying the research gaps. A framework on modeling the prediction of stingless bee honey is derived. The result presents the comparison and analysis on the internet of things (IoT) monitoring systems, honey production estimation, convolution neural networks (CNNs), and automatic identification methods on bee species. It is identified based on image detection method the top best three efficiency presents CNN is at 98.67%, densely connected convolutional networks with YOLO v3 is 97.7%, and DenseNet201 convolutional networks 99.81%. This study is significant to assist the researcher in developing a model for predicting stingless honey produced by bee's output, which is important for a stable economy and food security.
A trust based secure access control using authentication mechanism for intero...IJECEIAES
The internet of things (IoT) is a revolutionary innovation in many aspects of our society including interactions, financial activity, and global security such as the military and battlefield internet. Due to the limited energy and processing capacity of network devices, security, energy consumption, compatibility, and device heterogeneity are the long-term IoT problems. As a result, energy and security are critical for data transmission across edge and IoT networks. Existing IoT interoperability techniques need more computation time, have unreliable authentication mechanisms that break easily, lose data easily, and have low confidentiality. In this paper, a key agreement protocol-based authentication mechanism for IoT devices is offered as a solution to this issue. This system makes use of information exchange, which must be secured to prevent access by unauthorized users. Using a compact contiki/cooja simulator, the performance and design of the suggested framework are validated. The simulation findings are evaluated based on detection of malicious nodes after 60 minutes of simulation. The suggested trust method, which is based on privacy access control, reduced packet loss ratio to 0.32%, consumed 0.39% power, and had the greatest average residual energy of 0.99 mJoules at 10 nodes.
Fuzzy linear programming with the intuitionistic polygonal fuzzy numbersIJECEIAES
In real world applications, data are subject to ambiguity due to several factors; fuzzy sets and fuzzy numbers propose a great tool to model such ambiguity. In case of hesitation, the complement of a membership value in fuzzy numbers can be different from the non-membership value, in which case we can model using intuitionistic fuzzy numbers as they provide flexibility by defining both a membership and a non-membership functions. In this article, we consider the intuitionistic fuzzy linear programming problem with intuitionistic polygonal fuzzy numbers, which is a generalization of the previous polygonal fuzzy numbers found in the literature. We present a modification of the simplex method that can be used to solve any general intuitionistic fuzzy linear programming problem after approximating the problem by an intuitionistic polygonal fuzzy number with n edges. This method is given in a simple tableau formulation, and then applied on numerical examples for clarity.
The performance of artificial intelligence in prostate magnetic resonance im...IJECEIAES
Prostate cancer is the predominant form of cancer observed in men worldwide. The application of magnetic resonance imaging (MRI) as a guidance tool for conducting biopsies has been established as a reliable and well-established approach in the diagnosis of prostate cancer. The diagnostic performance of MRI-guided prostate cancer diagnosis exhibits significant heterogeneity due to the intricate and multi-step nature of the diagnostic pathway. The development of artificial intelligence (AI) models, specifically through the utilization of machine learning techniques such as deep learning, is assuming an increasingly significant role in the field of radiology. In the realm of prostate MRI, a considerable body of literature has been dedicated to the development of various AI algorithms. These algorithms have been specifically designed for tasks such as prostate segmentation, lesion identification, and classification. The overarching objective of these endeavors is to enhance diagnostic performance and foster greater agreement among different observers within MRI scans for the prostate. This review article aims to provide a concise overview of the application of AI in the field of radiology, with a specific focus on its utilization in prostate MRI.
Seizure stage detection of epileptic seizure using convolutional neural networksIJECEIAES
According to the World Health Organization (WHO), seventy million individuals worldwide suffer from epilepsy, a neurological disorder. While electroencephalography (EEG) is crucial for diagnosing epilepsy and monitoring the brain activity of epilepsy patients, it requires a specialist to examine all EEG recordings to find epileptic behavior. This procedure needs an experienced doctor, and a precise epilepsy diagnosis is crucial for appropriate treatment. To identify epileptic seizures, this study employed a convolutional neural network (CNN) based on raw scalp EEG signals to discriminate between preictal, ictal, postictal, and interictal segments. The possibility of these characteristics is explored by examining how well timedomain signals work in the detection of epileptic signals using intracranial Freiburg Hospital (FH), scalp Children's Hospital Boston-Massachusetts Institute of Technology (CHB-MIT) databases, and Temple University Hospital (TUH) EEG. To test the viability of this approach, two types of experiments were carried out. Firstly, binary class classification (preictal, ictal, postictal each versus interictal) and four-class classification (interictal versus preictal versus ictal versus postictal). The average accuracy for stage detection using CHB-MIT database was 84.4%, while the Freiburg database's time-domain signals had an accuracy of 79.7% and the highest accuracy of 94.02% for classification in the TUH EEG database when comparing interictal stage to preictal stage.
Analysis of driving style using self-organizing maps to analyze driver behaviorIJECEIAES
Modern life is strongly associated with the use of cars, but the increase in acceleration speeds and their maneuverability leads to a dangerous driving style for some drivers. In these conditions, the development of a method that allows you to track the behavior of the driver is relevant. The article provides an overview of existing methods and models for assessing the functioning of motor vehicles and driver behavior. Based on this, a combined algorithm for recognizing driving style is proposed. To do this, a set of input data was formed, including 20 descriptive features: About the environment, the driver's behavior and the characteristics of the functioning of the car, collected using OBD II. The generated data set is sent to the Kohonen network, where clustering is performed according to driving style and degree of danger. Getting the driving characteristics into a particular cluster allows you to switch to the private indicators of an individual driver and considering individual driving characteristics. The application of the method allows you to identify potentially dangerous driving styles that can prevent accidents.
Hyperspectral object classification using hybrid spectral-spatial fusion and ...IJECEIAES
Because of its spectral-spatial and temporal resolution of greater areas, hyperspectral imaging (HSI) has found widespread application in the field of object classification. The HSI is typically used to accurately determine an object's physical characteristics as well as to locate related objects with appropriate spectral fingerprints. As a result, the HSI has been extensively applied to object identification in several fields, including surveillance, agricultural monitoring, environmental research, and precision agriculture. However, because of their enormous size, objects require a lot of time to classify; for this reason, both spectral and spatial feature fusion have been completed. The existing classification strategy leads to increased misclassification, and the feature fusion method is unable to preserve semantic object inherent features; This study addresses the research difficulties by introducing a hybrid spectral-spatial fusion (HSSF) technique to minimize feature size while maintaining object intrinsic qualities; Lastly, a soft-margins kernel is proposed for multi-layer deep support vector machine (MLDSVM) to reduce misclassification. The standard Indian pines dataset is used for the experiment, and the outcome demonstrates that the HSSF-MLDSVM model performs substantially better in terms of accuracy and Kappa coefficient.
About
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Technical Specifications
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
Key Features
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface
• Compatible with MAFI CCR system
• Copatiable with IDM8000 CCR
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
Application
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Quality defects in TMT Bars, Possible causes and Potential Solutions.PrashantGoswami42
Maintaining high-quality standards in the production of TMT bars is crucial for ensuring structural integrity in construction. Addressing common defects through careful monitoring, standardized processes, and advanced technology can significantly improve the quality of TMT bars. Continuous training and adherence to quality control measures will also play a pivotal role in minimizing these defects.
Automobile Management System Project Report.pdfKamal Acharya
The proposed project is developed to manage the automobile in the automobile dealer company. The main module in this project is login, automobile management, customer management, sales, complaints and reports. The first module is the login. The automobile showroom owner should login to the project for usage. The username and password are verified and if it is correct, next form opens. If the username and password are not correct, it shows the error message.
When a customer search for a automobile, if the automobile is available, they will be taken to a page that shows the details of the automobile including automobile name, automobile ID, quantity, price etc. “Automobile Management System” is useful for maintaining automobiles, customers effectively and hence helps for establishing good relation between customer and automobile organization. It contains various customized modules for effectively maintaining automobiles and stock information accurately and safely.
When the automobile is sold to the customer, stock will be reduced automatically. When a new purchase is made, stock will be increased automatically. While selecting automobiles for sale, the proposed software will automatically check for total number of available stock of that particular item, if the total stock of that particular item is less than 5, software will notify the user to purchase the particular item.
Also when the user tries to sale items which are not in stock, the system will prompt the user that the stock is not enough. Customers of this system can search for a automobile; can purchase a automobile easily by selecting fast. On the other hand the stock of automobiles can be maintained perfectly by the automobile shop manager overcoming the drawbacks of existing system.
Forklift Classes Overview by Intella PartsIntella Parts
Discover the different forklift classes and their specific applications. Learn how to choose the right forklift for your needs to ensure safety, efficiency, and compliance in your operations.
For more technical information, visit our website https://intellaparts.com
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxR&R Consult
CFD analysis is incredibly effective at solving mysteries and improving the performance of complex systems!
Here's a great example: At a large natural gas-fired power plant, where they use waste heat to generate steam and energy, they were puzzled that their boiler wasn't producing as much steam as expected.
R&R and Tetra Engineering Group Inc. were asked to solve the issue with reduced steam production.
An inspection had shown that a significant amount of hot flue gas was bypassing the boiler tubes, where the heat was supposed to be transferred.
R&R Consult conducted a CFD analysis, which revealed that 6.3% of the flue gas was bypassing the boiler tubes without transferring heat. The analysis also showed that the flue gas was instead being directed along the sides of the boiler and between the modules that were supposed to capture the heat. This was the cause of the reduced performance.
Based on our results, Tetra Engineering installed covering plates to reduce the bypass flow. This improved the boiler's performance and increased electricity production.
It is always satisfying when we can help solve complex challenges like this. Do your systems also need a check-up or optimization? Give us a call!
Work done in cooperation with James Malloy and David Moelling from Tetra Engineering.
More examples of our work https://www.r-r-consult.dk/en/cases-en/
Courier management system project report.pdfKamal Acharya
It is now-a-days very important for the people to send or receive articles like imported furniture, electronic items, gifts, business goods and the like. People depend vastly on different transport systems which mostly use the manual way of receiving and delivering the articles. There is no way to track the articles till they are received and there is no way to let the customer know what happened in transit, once he booked some articles. In such a situation, we need a system which completely computerizes the cargo activities including time to time tracking of the articles sent. This need is fulfilled by Courier Management System software which is online software for the cargo management people that enables them to receive the goods from a source and send them to a required destination and track their status from time to time.
Democratizing Fuzzing at Scale by Abhishek Aryaabh.arya
Presented at NUS: Fuzzing and Software Security Summer School 2024
This keynote talks about the democratization of fuzzing at scale, highlighting the collaboration between open source communities, academia, and industry to advance the field of fuzzing. It delves into the history of fuzzing, the development of scalable fuzzing platforms, and the empowerment of community-driven research. The talk will further discuss recent advancements leveraging AI/ML and offer insights into the future evolution of the fuzzing landscape.
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...Amil Baba Dawood bangali
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
Reinforcement learning-based security schema mitigating manin-the-middle attacks in fog computing
1. International Journal of Electrical and Computer Engineering (IJECE)
Vol. 13, No. 5, October 2023, pp. 5908~5921
ISSN: 2088-8708, DOI: 10.11591/ijece.v13i5.pp5908-5921 5908
Journal homepage: http://ijece.iaescore.com
Reinforcement learning-based security schema mitigating man-
in-the-middle attacks in fog computing
Hossam Elmansy, Khaled Metwally, Khaled Badran
Department of Computer Engineering and Artificial Intelligent, Military Technical College, Cairo, Egypt
Article Info ABSTRACT
Article history:
Received Sep 12, 2022
Revised Mar 13, 2023
Accepted Mar 28, 2023
The fast emerging of internet of things (IoTs) has introduced fog computing
as an intermediate layer between end-users and the cloud datacenters. Fog
computing layer characterized by its closeness to end users for service
provisioning than the cloud. However, security challenges are still a big
concern in fog and cloud computing paradigms as well. In fog computing, one
of the most destructive attacks is man-in-the-middle (MitM). Moreover, MitM
attacks are hard to be detected since they performed passively on the network
level. This paper proposes a MitM mitigation scheme in fog computing
architecture. The proposal mapped the fog layer on software-defined network
(SDN) architecture. The proposal integrated multi-path transmission control
protocol (MPTCP), moving target defense (MTD) technique, and
reinforcement learning agent (RL) in one framework that contributed
significantly to improving the fog layer resources utilization and security. The
proposed schema hardens the network reconnaissance and discovery, thus
improved the network security against MitM attack. The evaluation
framework was tested using a simulation environment on mininet, with the
utilization of MPTCP kernel and Ryu SDN controller. The experimental
results shows that the proposed schema maintained the network resiliency,
improves resource utilization without adding significant overheads compared
to the traditional transmission control protocol (TCP).
Keywords:
Fog computing security
Internet of things security
Man-in-the-middle
Moving target defense
Multi-path transmission control
protocol
Reinforcement learning
Software defined networking
This is an open access article under the CC BY-SA license.
Corresponding Author:
Hossam Elmansy
Department of Computer Engineering and Artificial Intelligent, Military Technical College
37 Ismail Al Fangari, El-Qobba Bridge, Cairo, Egypt
Email: hossamelmansy.developer@gmail.com
1. INTRODUCTION
Cloud computing has emerged as a significant trend in the field of information technology (IT) over
the last twenty years. It encompasses various concepts, including the internet of content (IoC), internet of
services (IoS), and internet of things (IoT), as part of its vision for the future development of IT, and supported
by an expanding network infrastructure, where content, services, and things have become the main orientation
of the new vision. The emergent growth in wearable devices, mobile devices, and sensors, have impacted end-
user prospects, such that they are no longer satisfied with a traditional service provisioning paradigm. Custom
quality of service (QoS) expectations for provisioned services are increasing and there is a rising expectation
of the potential capability of cloud systems as an IT infrastructure to help create new value.
Recently, the IoT has gained significant attention and interest in recent years and is considered one of
the most intriguing and rapidly growing areas in the current century. It converts trivial items into intelligent
ones and enables communication and interaction among them [1]. This rapid development of IoTs has spawned
many applications in numerous industries [2]. Many useful applications have been developed based on IoT
include automotive, home automation, healthcare, and industry, among others [3]. In addition, communication
2. Int J Elec & Comp Eng ISSN: 2088-8708
Learning agent-based security schema mitigating man-in-the-middle attacks … (Hossam Elmansy)
5909
between IoT sensors/devices imposed new restrictions on the entire system's architecture, like privacy, traffic
load, latency, and security [4]. Thus, fog computing and edge computing have been evolved to minimize the
restrictions and limitations of cloud computing as well as to maintain the customers’ high expectations. Fog
computing is a novel computing paradigm that got considerable interest in recent years. It was firstly offered
by Cisco in 2013 [5]. Figure 1 illustrates the fog computing paradigm layered hierarchy, the lowest layer
represents the edge devices, e.g., mobile devices, sensors, wearable devices. The middle layer comprises fog
nodes (network nodes) that provide storage, network connection, and computing functions. The top layer
represents the cloud data center (CDC). Fog computing layer was primarily identified by its proximity to the
edge devices and the processing capabilities it have that matched the restricted resources of the edge devices
[6]. As a result, fog nodes is beneficial in time-sensitive services and real-time applications, in the sense that,
fog nodes can perform analysis on data supplied by the edge devices (such as mobile devices) and then send
back a real-time result to the edge devices [7].
Figure 1. Fog computing hierarchy
The existence of direct connections between fog nodes had a significant impact on the data
transmission efficiency in the fog layer network as well as between the edge devices [8]. Thus, it is urgently
needed to implement flexible network traffic management that enhance the network efficiency and improve
the network resources utilization in this layer. The successful implementation of software-defined network
(SDN) in data centers prompted the usage of SDN in fog computing since they share similar goals of achieving
both network resilience and high throughput [9]. SDN emerged as a promising technique compatible with fog
computing networks for managing network traffic [10]. Moreover, SDN introduced additional capabilities, like
its able to operate the network programmatically, management and centralized network control. SDN
fundamental design divided both of the control plane and the data plane, allowing the SDN controller to
automatically operate the whole network in a dynamic and adaptable manner. The SDN controller receives
packets from the data plane in a continuous manner and sends the corresponding forwarding rules to the data
plane. OpenFlow is a well-known protocol for SDN that enables remote management of network devices
routing tables [11].
Since both SDN network topologies and fog computing share the same architecture characteristics,
both are susceptible to the same risk. There are different types of attacks that can compromise SDN-based
networks, including denial of service (DoS) and man-in-the-middle (MitM) attacks. These security threats can
potentially disrupt the normal functioning of SDN networks and cause significant damage to the overall
infrastructure [12]. It is worth mentioning that MitM attack is recognized as the most popular threat in fog
computing [13], since the fog computing architecture is intrinsically similar to the MitM attack technique as
shown in Figure 2, i.e., fog nodes reside between CDC’s servers and edge devices [14]. Moreover, it is clear
that fog nodes are closer to the attacker and have less computational power than cloud servers [15].
The static nature in traditional networks architecture makes attacks easily compromise the network
and allows the attacker collect knowledge about the network states before delivering the attack effectively.
Moreover, traditional intrusion detection systems (IDSs) and firewalls may be circumvented using malwares
that are commonly available on the internet. Thus, moving target defense (MTD) [16] emerged as a novel
security approach that tries to create asymmetric uncertainty on the attacker side. This increased the complexity
and expense of conducting attacks and reduced the network vulnerability exposure as well. MTD approach
seeks to change the target attack surface continually and randomly (by changing the flows routes, IP addresses,
and port numbers).
3. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 5, October 2023: 5908-5921
5910
Multipath routing [17], [18] is an existing technique that permits the simultaneous use of many routes
in a network. It is worth mentioning that recent edge devices (e.g., mobile devices) had various network
interfaces, including Wi-Fi and cellular that allowed the adoption of this multipath routing. Accordingly,
multipath transmission control protocol (MPTCP) has been evolved as a modification to the traditional
transmission control protocol (TCP) that enabled two hosts to interact simultaneously through several TCP
connections created on various interfaces [19]. It is worth mentioning that recent applications and operating
systems kernels have enabled MPTCP implementation. In addition, it works well in current existing networks,
because of MPTCP backward compatibility, such as the internet, where regular TCP is used.
Figure 2. Fog computing threat model
In the last decades, numerous research studies have been conducted on fog computing implementation,
particularly for IoT networks. The following related works highlighted some research proposals covering the
adoption of SDN in fog computing and its associated security solutions. Li et al. [20], described MitM attacks
against SDN networks that mainly depend on TLS protocol to protect the control channels between SDN
controllers and SDN switches. In addition, they recommend a small countermeasure exploiting Bloom filters
to identify this attack. However, if an OpenFlow connection between a switch and a controller in one path has
been intercepted and an attacker updated fields that are not recorded in the Bloom Filter, their approach will
not be effective.
Aliyu et al. [21] described a strategy for identifying and preventing intrusions, or MitM attacks. Each
node in the IDS looked for fog nodes and calculated their arrival time to determine their response. MitM attacks,
e.g., eavesdropping and packet alteration, were avoided by the intrusion prevention system's (IPSs) using
lightweight encryption and decryption. However, their method was unsuccessful in a busy environment where
packet delivery periods might differ widely.
Liu et al. [22] created a public-key cryptography-based cloud computing security framework;
traditional public key infrastructure (PKI) based encryption. However, this approach not suited for fog
computing [23] due to its high computational and communication overheads. To ensure the security of its nodes
and data transmission, fog computing cannot rely solely on cryptographic techniques due to their demanding
calculations and the limited resources available.
Chliah et al. [24] presented a method for defending SDN networks against MitM attacks. In their
solution, both SDN and MPTCP have been implemented. In addition, the MPTCP sub-flow routing was
controlled by pathfinder and secure load sharing (SLS) algorithms. However, while their solution employed
MPTCP to split traffic across different pathways, it did not provide automated network modifications to prevent
network scans by attackers. In addition, if an attacker captured both MPTCP sub-flows, the whole
communication could be successfully intercepted.
To enhance the mutation efficiency and increase the complexity of scanning and poisoning attacks,
Zkik et al. [25] modeled SDN topologies, to determine acceptable routes automatically two new modules were
built automatically using a pathfinder method. However, due to the deterministic nature of these multipath
mutation algorithms, an attacker can determine the mutation path, placing at risk any packets transported along
this path. In addition, not all accessible routes between source and destination were utilized.
4. Int J Elec & Comp Eng ISSN: 2088-8708
Learning agent-based security schema mitigating man-in-the-middle attacks … (Hossam Elmansy)
5911
Babar et al. [26] created an authentication system for IoTs that is resistant to eavesdropping and MitM
attacks. Due to the limited computational power of IoT devices, it has been proposed to shift the required
calculations to registration authority (RA) devices with higher computational capabilities. A suitable RA device
in a fog computing environment is the fog node. However, if the attacker was able to abuse the fog node, the
complete network is now vulnerable.
Several studies [27] have been done in the framework of protecting IoTs against MitM attacks. The
most typical countermeasures for MitM risks were mutual authentication, encryption, and ensuring infected
servers have been separated. As there are no relevant standard security standards for fog computing, these
methods have not been modified for fog computing. In addition to authentication and encryption, other
established security methods such as secure socket layer (SSL) and transport layer security (TLS) have been
employed to safeguard data flow between fog nodes. Despite being one of the most widely used encryption
systems, TLS still has flaws in both its cipher suites and the protocol.
MTD was developed in [28] to prevent inside and outside attacks on the SDN. In this case, the MTD
method reduces threats by integrating MTD with the SDN environment and employing the hosts' virtual IP
addresses. However, moving between multiple pathways causes a delay, and not all paths are being used.
This paper proposes a framework for mitigating MitM attacks in fog computing networks. As
demonstrated in Figure 3, the proposed solution integrates SDN and MPTCP to harden the attack surface to
MitM attacks. Moreover, the proposed framework incorporates MTD in two distinct ways. First, random host
mutation (RHM) is accomplished by constantly switching the IP addresses of hosts. Second, random route
mutation (RRM) [29] is achieved by constantly switching the routes between destination and source hosts. In
addition, the suggested framework utilizes a reinforcement learning (RL) algorithm to determine the most
efficient routes between source and destination hosts, hence minimize the latency and improve network
throughput. This work's major objective is to avoid MitM attacks without incurring additional overheads on
the network i.e., optimize the resource utilization. The rest of the paper is structured as follows: section 2
presents the proposed framework schema, including security considerations. Section 3 discusses the attack
scenario, performance evaluation, and framework security schema implementation. Finally, section 4
concludes the paper.
Figure 3. Fog-to-cloud architecture
2. METHOD
This study suggests a MitM reduction strategy that combines dispersed fog nodes in the fog computing
layer with MPTCP, SDN, MTD, and RL-based routing agents. This deployment is made to handle various
network configurations and apps. The working setting and the suggested remedy will be covered in more detail
in the following subsections.
2.1. Working environment
The working environment used in the study is depicted in Figure 3, comprising three levels: “the cloud
layer” as the first level, “the fog layer” as the second level, and “the edge devices layer” as the third level. The
5. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 5, October 2023: 5908-5921
5912
edge devices, which include smartphones, IoT devices, sensors, and other gadgets, are present in the bottom
layer. The data that is gathered and sent to the CDC servers by the fog nodes through the edge devices is
thought to be of exceptional quality. The fog layer, which serves as a bridge between the cloud and edge
devices, is the intermediate layer. Networking fog computing devices that handle data offloading, network
connection, and fog computing services make up this layer. The CDC servers were represented by the top layer.
A collection of edge devices covering a certain region and services may be offered by each fog node put at the
network's edge.
The primary focus of this research is on the fog layer, which is the second layer of the working
environment. Within the fog layer, the distributed architecture of fog nodes has made it possible to develop a
distributed computing model. This computing model enabled the adoption of the SDN paradigm, MTD
approach and applied RL-based routing algorithm in the network.
In the working scenario, the edge devices collect and upload data to the fog layer. Consequently, the
fog layer performs analytics, classification capabilities, and data processing at the fog nodes (network's edge).
In certain cases, the computations are transferred to the cloud layer for processing, while the results are
transferred back to the third layer. Thus, fog nodes offer computational capabilities close to the edge devices,
hence lowering end-to-end latency. Moreover, the cloud servers have the highest processing and computational
capabilities that fog nodes and edge devices may require.
End-to-end service was intended to be provided via the proposed framework. Figure 4 shows the
suggested framework applications' design. Fog nodes are used, which are positioned between edge devices and
the cloud. A central SDN controller manages and regulates network traffic between the dispersed fog nodes,
as well as between the fog nodes and edge devices. Fog nodes represented the scattered OpenFlow switches
with limited processing power in the SDN network. These OpenFlow switches may provide specific limited
services in addition to switching.
Figure 4. Proposed framework SDN-based applications
Using the OpenFlow protocol, the SDN controller manages all the installed OpenFlow switches (i.e.,
fog nodes) and orchestrates network traffic between them. Moreover, SDN-based applications that built up the
proposed framework has been implemented on the top of the SDN controller. The proposed system uses of all
available bandwidth and the redundant paths by employing MPTCP protocol to distribute traffic between fog
nodes across various paths. It is worth noting that, MPTCP implementation ensured the network's resiliency
against MitM attacks.
Figure 5 is a schematic representation of an attacker scenario in which the attacker attempted to
conduct a MitM attack in the second layer. In addition, the attacker attempted to interrupt packets sent among
fog nodes and edge devices. Since the proposed system employs MPTCP between the fog nodes and edge
devices, and both host and route mutation have been used, it will be hard for an attacker to capture traffic. And
even if the attacker succeeded in intercepting one of the sub-flows from the connection, it will be hard to
capture the whole traffic because of the adoption of MPTCP.
6. Int J Elec & Comp Eng ISSN: 2088-8708
Learning agent-based security schema mitigating man-in-the-middle attacks … (Hossam Elmansy)
5913
Figure 5. Fog nodes layer attack scenario
2.2. Proposed framework design
The proposed framework integrated SDN, MTD, MPTCP, and RL routing to mitigate MitM attacks
in Fog network. Figure 4 illustrated the implemented SDN applications in a typical Fog architecture, as well
as their interactions with other components. The SDN controller communicates with the Open vSwitches
through protected OpenFlow channels. SDN applications are software modules that have been implemented
atop the SDN controller and provide particular network operations. In proposed framework, the following
modules has been implemented:
OpenFlow network discovery application (ONDA): The network topology is discovered in this module
using the link layer discovery protocol (LLDP) [30].
Path discovery application (PDA): This module discovers all the available paths between source and
destination nodes.
Network monitoring application (NMA): This module collects the essential network information via
passive and network measures. Network information includes capacity, throughput, link latency, and link
status. In this proposal, the collected data represented the network states and the computed incentives.
Action obfuscator and translator application (AOTA): This module is responsible for converting the
actions generated by the RL agent into a series of OpenFlow messages, which are then used to update the
routing tables of the Open vSwitches. The module periodically converts the actual IP addresses of the
hosts to virtual IP addresses and also adjusts the MPTCP flow routes according to the data generated by
the NMA application.
2.3. MPTCP
The growing number in the connected devices in modern networks, makes it difficult to anticipate the
flowing traffic dependency since network traffic grows exponentially. Because of this, it may exist an MPTCP
connection (two TCP sessions) that utilizes the same path, which can result in a successful MitM, if an attacker
is able to intercept traffic along this way. For enhancing the network's efficiency, throughput, and latency,
network traffic should be directed through the most optimal pathways. Therefore, RL-based routing algorithm
has been implemented in SDN controller to find the optimal paths between source and destination nodes. RL
agent will select the best n paths between the source and the destination based on throughput and latency
metrics, then the best two paths will be selected for MPTCP connection.
2.4. MTD
The proposed architecture employed MTD to improve network unpredictability and prevent
reconnaissance attacks, as well as prevent attackers from scanning the network and identifying the network's
services. In this research, two distinct types of MTD have been implemented. The first technique used is RHM,
which involves periodically modifying the IP addresses of nodes. With the help of the SDN controller, the
actual IP address of each node is randomly replaced with a virtual IP address. Second, random route mutation
(RRM), which continually altering the network traffic flow paths between the source and destination nodes.
As MPTCP was the chosen protocol for communication, each MPTCP connection between two nodes will
establish two TCP sessions. It is worth mentioning that, using RRM, RHM, and MPTCP harden the attacker trials
7. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 5, October 2023: 5908-5921
5914
to conduct MitM attack. This will introduce a great deal of uncertainty into the network discovery. Adoption of
MTD promoted security, complexity, and the expense of attacks while minimizing exposure to weaknesses.
2.5. Reinforcement learning routing
With the fast evolution of connected devices (smartphones, wearable devices, and IoTs) and network
technology, network traffic increases tremendously. Therefore, it is challenging to understand and anticipate
communication networks traffic, since they become increasingly complex and dynamic. Instead of constructing
a precise mathematical model of the underlying network, intelligent agents were deployed in the network. The
deployed agents represent RL agents that collect extensive network statistics like throughput, bandwidth,
latency, and connection status.
In contrast to supervised learning and unsupervised learning, where the dataset contains the labels for the
trained model, RL is constrained to learn from experience, i.e., learning from the collected data on the network status
from the hosted environment. Thus, RL was selected, aiming to maximize the available network resources.
The conducted network in this research as shown in Figure 5 is represented by the directed graph
𝐺(𝑁, 𝜀). 𝑁 = {𝑛𝑜𝑑𝑒1, 𝑛𝑜𝑑𝑒2,… , 𝑛𝑜𝑑𝑒𝑛} is the set of nodes in the network, i.e., 9 Open vSwitches, whereas 𝜀
is the set of links. It is assumed that the network connectivity is full duplex. A path 𝑝𝑠𝑟𝑐,𝑑𝑒𝑠𝑡 is a graph walk
that connects 𝑛𝑜𝑑𝑒𝑠𝑟𝑐 and 𝑛𝑜𝑑𝑒𝑑𝑒𝑠𝑡 via a series of nodes. Also, 𝑏𝑤𝑡(𝑠𝑟𝑐, 𝑑𝑒𝑠𝑡) represents the bandwidth of
the link 𝑒𝑠𝑟𝑐,𝑑𝑒𝑠𝑡 that connects 𝑛𝑜𝑑𝑒𝑠𝑟𝑐 and 𝑛𝑜𝑑𝑒𝑑𝑒𝑠𝑡 at time interval ∆𝑡 and 𝑡ℎ𝑡(𝑠𝑟𝑐, 𝑑𝑒𝑠𝑡) represents the
throughput of the link 𝑒𝑠𝑟𝑐,𝑑𝑒𝑠𝑡 that connects 𝑛𝑜𝑑𝑒𝑠𝑟𝑐 and 𝑛𝑜𝑑𝑒𝑑𝑒𝑠𝑡 at time interval ∆𝑡. Table 1 provides a
summary of the key notations used in this research.
Table 1. Notation definition
Notation Definition
𝑁 The set of nodes, 𝑛𝑜𝑑𝑒𝑖 ∶ 1 ≤ 𝑖 ≤ 𝑛
𝑅 The set of real IP addresses, 𝑅𝑖 ∶ 1 ≤ 𝑖 ≤ 𝑟
𝑉 The set of virtual IP addresses, 𝑉𝑖 ∶ 1 ≤ 𝑖 ≤ 𝑣
𝜀 The set of links in the network
𝑒𝑠𝑟𝑐,𝑑𝑒𝑠𝑡 The link that connects 𝑛𝑜𝑑𝑒𝑠𝑟𝑐 𝑎𝑛𝑑 𝑛𝑜𝑑𝑒𝑑𝑒𝑠𝑡
∆𝑡 The time interval
𝑛𝑜𝑑𝑒𝑠𝑟𝑐 The source node
𝑛𝑜𝑑𝑒𝑑𝑒𝑠𝑡 The destination node
𝑝𝑠𝑟𝑐,𝑑𝑒𝑠𝑡 The path that connects 𝑛𝑜𝑑𝑒𝑠𝑟𝑐 and 𝑛𝑜𝑑𝑒𝑑𝑒𝑠𝑡
𝑏𝑤𝑡(𝑠𝑟𝑐, 𝑑𝑒𝑠𝑡) The bandwidth of link 𝑒𝑠𝑟𝑐,𝑑𝑒𝑠 𝑎𝑡 𝑡𝑖𝑚𝑒 ∆𝑡
𝑡ℎ𝑡(𝑠𝑟𝑐, 𝑑𝑒𝑠𝑡) The throughput of link 𝑒𝑠𝑟𝑐,𝑑𝑒𝑠 𝑎𝑡 𝑡𝑖𝑚𝑒 ∆𝑡
𝑑𝑒𝑙𝑎𝑦𝑡(𝑠𝑟𝑐, 𝑑𝑒𝑠𝑡) The delay of link 𝑒𝑠𝑟𝑐,𝑑𝑒𝑠 𝑎𝑡 𝑡𝑖𝑚𝑒 ∆𝑡
𝑠𝑡𝑎𝑡𝑢𝑠𝑡(𝑠𝑟𝑐, 𝑑𝑒𝑠𝑡) The link status of link 𝑒𝑠𝑟𝑐,𝑑𝑒𝑠 𝑎𝑡 𝑡𝑖𝑚𝑒 ∆𝑡
𝑓1 Bandwidth measurement for the 𝑆𝑡
𝑓2 Throughput measurement for the 𝑆𝑡
𝑓3 Latency measurement for the 𝑆𝑡
𝑓
4 Connection Status measurement for the 𝑆𝑡
In a typical RL working environment, in which an agent that has been deployed on an Open Vswitch
interacts with an environment 𝐸 as shown in Figure 5 across discrete time intervals ∆𝑡, 𝑡 ≥ 0. Each time
interval ∆𝑡, the agent watches the current state 𝑆𝑡 and selects an action 𝐴𝑡 ∈ 𝐴(𝑆𝑡) where 𝐴(𝑆𝑡) is the set of all
available actions. In exchange, the agent obtains a reward 𝑅𝑡+1 and advances to the subsequent state 𝑆𝑡+1. The
procedure is repeated until the agent reaches a terminal condition. The agent's objective is to learn a policy 𝜋 ∶
𝑆 → 𝐴 that maximizes the expected future reward R = ∑ 𝛾𝑡
𝑅𝑡+1
∞
𝑡=0 , where 𝛾 ∈ [0,1] is the discounting factor.
As actions use pathways, identifying the optimal policy is similar to determining the best routes in different
network states. The first step of RL is to define the states, actions, and a scalar reward for the ultimate objective.
The primary goal is to maximize throughput and minimize latency.
R = ∑ 𝛾𝑡
𝑅𝑡+1
∞
𝑡=0 (1)
First, a description for RL-routing will be introduced. Then, a Q learning technique will be provided
to address the routing issue. The RL-routing model is depicted by M = {𝑆, 𝐴, 𝑅, 𝛾}, where:
𝑆 ∈ ℝ is the state space.
A is the action space.
R ∶ 𝑆 × 𝐴 → ℝ is a reward function.
𝛾 ∈ [0,1] is a discounting factor.
8. Int J Elec & Comp Eng ISSN: 2088-8708
Learning agent-based security schema mitigating man-in-the-middle attacks … (Hossam Elmansy)
5915
A state S at time interval ∆𝑡 is represented by (2):
S = [𝑓
1, 𝑓2, 𝑓3, 𝑓4] (2)
At intervals of time ∆𝑡 , S profuces a summary of network information. The features are calculated in
following manner. 𝑓1 = {𝑏𝑤𝑡(𝑠𝑟𝑐, 𝑑𝑒𝑠𝑡)} is the link bandwidth at time interval ∆𝑡. 𝑓2 = {𝑡ℎ𝑡(𝑠𝑟𝑐, 𝑑𝑒𝑠𝑡)} is
the link throughput at time interval ∆𝑡, where the throughput for a link 𝑒𝑠𝑟𝑐,𝑑𝑒𝑠𝑡 is:
𝑡ℎ𝑡(𝑠𝑟𝑐, 𝑑𝑒𝑠𝑡) =
𝑡𝑥𝑡(𝑒𝑠𝑟𝑐,𝑑𝑒𝑠𝑡)
𝑏𝑤𝑡(𝑠𝑟𝑐,𝑑𝑒𝑠𝑡) ∙ |∆𝑡|
(3)
where 𝑡𝑥𝑡(𝑒𝑠𝑟𝑐,𝑑𝑒𝑠𝑡) is the amount of data that is transmitted via 𝑒𝑠𝑟𝑐,𝑑𝑒𝑠𝑡 at time interval ∆𝑡. |∆𝑡| is the duration
of the time interval ∆𝑡.𝑓3 = {𝑙𝑎𝑡𝑒𝑛𝑐𝑦𝑡(𝑠𝑟𝑐, 𝑑𝑒𝑠𝑡)} is the link latency at time interval ∆𝑡. 𝑓4 =
{𝑠𝑡𝑎𝑡𝑢𝑠𝑡(𝑠𝑟𝑐, 𝑑𝑒𝑠𝑡)} is the link status at time interval ∆𝑡, where the status for the link 𝑒𝑠𝑟𝑐,𝑑𝑒𝑠𝑡 is:
𝑠𝑡𝑎𝑡𝑢𝑠𝑡(𝑠𝑟𝑐, 𝑑𝑒𝑠𝑡) = {
1 𝑖𝑓 𝑒𝑠𝑟𝑐,𝑑𝑒𝑠𝑡 𝑖𝑠 𝑢𝑝 𝑑𝑢𝑟𝑖𝑛𝑔 ∆𝑡
0 𝑜𝑡ℎ𝑒𝑟𝑤𝑖𝑠𝑒
(4)
The action space is represented as (5)
A = {𝑎1, 𝑎2, . . . . . , 𝑎𝑛} (5)
where an action, 1 ≤ 𝑖 ≤ 𝑛, 𝑎𝑖(𝑠𝑟𝑐, 𝑑𝑒𝑠𝑡) is a collection of routes that connect 𝑛𝑜𝑑𝑒𝑠𝑟𝑐 to 𝑛𝑜𝑑𝑒𝑑𝑒𝑠𝑡. The
controller's scalability issue has been taken into consideration in the action definition when determining the
number of agents required for data forwarding. It gives the agent the ability to configure a one-to-manynetwork
all at once. Therefore, each Open vSwitch just requires only one agent deployed to it.
The reward function receives state 𝑠 and an action 𝑎 as inputs and produces a reward that represents
the quality of the selected action. The reward function is defined as (6),
r = 𝑟1 + 𝑟2 ∈ [0,2] (6)
where 𝑟1 and 𝑟2 are the selected action’s 𝑎 throughput and latency, respectively as (7) and (8).
𝑟1 = 𝐴𝑉𝐺𝐼𝐹(∑
𝑡𝑥𝑡(𝑝𝑠𝑟𝑐,𝑑𝑒𝑠𝑡)
𝑏𝑤𝑡(𝑝𝑠𝑟𝑐,𝑑𝑒𝑠𝑡) . |∆𝑡|
𝑝𝑠𝑟𝑐,𝑑𝑒𝑠𝑡∈𝑎 ) (7)
𝑟2 = ∑ 𝑑𝑒𝑙𝑎𝑦𝑡(𝑝𝑠𝑟𝑐,𝑑𝑒𝑠𝑡)
𝑝𝑠𝑟𝑐,𝑑𝑒𝑠𝑡∈𝑎 (8)
Overall, the agent has two main objectives which are reflected in the reward function detailed in (6).
A higher reward indicates that a greater number of packets are successfully transferred between 𝑛𝑜𝑑𝑒𝑠𝑟𝑐 to
𝑛𝑜𝑑𝑒𝑑𝑒𝑠𝑡 with minimal delay. This applies in both directions of data transmission.
To implement the RL routing algorithm, we used the dueling double deep Q-learning (dueling DDQN)
architecture with prioritized experience replay [31] and the ε-greedy policy to address the reinforcement learning
problem. This design addresses the issue of inflated Q-values and improves the stability of learning.
Algorithm 1 represented the implemented module exploiting MTD and RL. In step 1, the RL agent
realizes the network topology 𝐺(𝑁, 𝜀) found by the OpenFlow network discovery application (ONDA). Step 2
involves using the path discovery application (PDA) to create an action space A, following (5), for the topology
𝐺(𝑁, 𝜀). This process generates a set of routes for all pairs of nodes in the topology. In steps 3 and 4, the SDN
controller initializes the set of real and virtual IP addresses assigned to network nodes. The agent then initializes
the network’s current state, as in (2), by utilizing the NMA, the network current state is represented by the
bandwidth, throughput, latency, and link status.
At every time interval ∆𝑡 (step 7), a random number is generated and used for RHM while the IP
addresses of all network nodes are changed arbitrarily. In step 11, the agent chooses an action 𝐴𝑡 that maximizes
the reward 𝑅𝑡, as in (6). The agent executes 𝐴𝑡 by calling the AOTA to update the Open vSwitches routing
tables and change the IP addresses. It permits the network to operate for ∆𝑡. The NMM is then invoked to
collect updated network information 𝑆𝑡+1, as in (2). The collected network data used to compute the reward
𝑅𝑡+1, as in (6), for the selected action 𝐴𝑡. This process is repeated until the RL agent achieves the intended
reward for final goal.
9. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 5, October 2023: 5908-5921
5916
Algorithm 1. Proposed system algorithm with MTD & RL
1: 𝐺(𝑁, 𝜀) ← 𝑂𝑝𝑒𝑛𝐹𝑙𝑜𝑤 𝑁𝑒𝑡𝑤𝑜𝑟𝑘 𝐷𝑖𝑠𝑐𝑜𝑣𝑒𝑟𝑦
2: 𝐴 = 𝑃𝐷𝐴(𝐺(𝑁, 𝜀), 𝑛𝑜𝑑𝑒𝑠𝑟𝑐, 𝑛𝑜𝑑𝑒𝑑𝑒𝑠𝑡, ℎ)
3: 𝑅 ← 𝐼𝑛𝑖𝑡𝑖𝑎𝑙𝑖𝑧𝑒 𝑡ℎ𝑒 𝑠𝑒𝑡 𝑜𝑓 𝑣𝑖𝑟𝑡𝑢𝑎𝑙 𝐼𝑃 𝑎𝑑𝑑𝑟𝑒𝑠𝑠𝑒𝑠
4: 𝑉 ← 𝐼𝑛𝑖𝑡𝑖𝑎𝑙𝑖𝑧𝑒 𝑡ℎ𝑒 𝑠𝑒𝑡 𝑜𝑓 𝑟𝑒𝑎𝑙 𝐼𝑃 𝑎𝑑𝑑𝑟𝑒𝑠𝑠𝑒𝑠
5: 𝐼𝑛𝑖𝑡𝑖𝑎𝑙𝑖𝑧𝑒 𝑆 = [𝑓
1, 𝑓2, 𝑓3, 𝑓
4] 𝑏𝑦 𝑖𝑛𝑣𝑜𝑘𝑖𝑛𝑔 𝑁𝑀𝐴
6: 𝑟𝑒𝑝𝑒𝑎𝑡 𝑒𝑣𝑒𝑟𝑦 𝑡:
7: 𝑥 ← 𝑔𝑒𝑛𝑒𝑟𝑎𝑡𝑒 𝑟𝑎𝑛𝑑𝑜𝑚 𝑛𝑢𝑚𝑏𝑒𝑟
8: 𝑓𝑜𝑟 𝑒𝑎𝑐ℎ 𝑟𝑒𝑎𝑙 𝐼𝑃 𝑎𝑑𝑑𝑟𝑒𝑠𝑠 𝑅𝑖 𝑖𝑛 𝑅:
9: 𝑀𝑎𝑝 𝑒𝑎𝑐ℎ 𝑅𝑖 𝑡𝑜 𝑉𝑖
10: 𝑒𝑛𝑑 𝑓𝑜𝑟
11: 𝑐ℎ𝑜𝑜𝑠𝑒 𝑅𝑎𝑛𝑑𝑜𝑚 𝑎𝑐𝑡𝑖𝑜𝑛 𝐴, 𝑜𝑟 𝐴𝑡 = 𝑎𝑟𝑔𝑚𝑎𝑥 𝑞𝜋(𝑆𝑡, 𝐴)
12: 𝑒𝑥𝑒𝑐𝑢𝑡𝑒 𝐴𝑡 𝑏𝑦 𝑖𝑛𝑣𝑜𝑘𝑖𝑛𝑔 𝐴𝑂𝑇𝐴
13: 𝑆𝑡+1 = [𝑓
1, 𝑓2, 𝑓3, 𝑓
4] 𝑏𝑦 𝑖𝑛𝑣𝑜𝑘𝑖𝑛𝑔 𝑁𝑀𝐴
14: 𝑐𝑜𝑚𝑝𝑢𝑡𝑒 𝑡ℎ𝑒 𝑟𝑒𝑤𝑎𝑟𝑑 𝑅𝑡+1 𝑓𝑜𝑟 𝑎𝑐𝑡𝑖𝑜𝑛 𝐴𝑡
15: 𝑒𝑛𝑑 𝑟𝑒𝑝𝑒𝑎𝑡
3. RESULTS AND DISCUSSION
To evaluate the suggested framework and assess its performance, simulations were conducted on a
virtual machine that featured an Intel(R) Xeon(R) CPU E5-2676 v3 @2.40 GHz processor and 4.00 GB of
memory. The virtual machine was running the Linux Ubuntu 18.04 LTS operating system. We built the fog
nodes layer network, or SDN network, in mininet, which included nine Open vSwitches and five hosts, as
shown in Figure 5. For the hosts used for the tests, the MPTCP Linux kernel implementation was installed. For
the fog nodes layer, we used the Ryu SDN controller. Both H1 and H4 hosts had two network interfaces and
utilized the MPTCP protocol. The three hosts, Host-2 (H2), Host-3 (H3), and Host-5 (H5) utilized the TCP
protocol and shared a single network interface. Attacker Host-5 (H5) uses Ettercap to launch a MitM attack
against Host-1 (H1) (H2). The default speed for each open vSwitch port is 10 Gb. The network's performance
was evaluated using iPerf in four distinct conditions: standard TCP traffic flow, TCP traffic flow with a MitM
attack simulated using an RL agent developed in Python, MPTCP traffic flow, and MPTCP traffic flow with a
MitM attack also simulated using the RL agent.
RL agent has been trained to determine the optimal network paths connecting two parties. By setting
ℎ = 8, PDA has been executed to generate an action space with eight paths between a source and a destination.
Then, the best two paths have been selected for the sub-flows to establish the source-to-destination MPTCP
connection. Source-destination host combination has been created to generate random traffic for RL agent
training purposes. Additionally, the data transmission patterns between hosts are produced randomly.
Different values for the duration of a time interval |∆𝑡| have been tested. It was observed that when
|∆𝑡| = 1𝑠, for all metrics, RL-routing offers the best performance. The agent has been trained in an episodic
fashion. Each episode consists of 100 steps, where the duration of each step is |∆𝑡| seconds.
The proposal was tested with various traffic compositions, including traffic that is created randomly,
for training purpose. It was discovered that orchestrating hosts to provide the same amount of traffic throughout
each episode is an efficient method of training the agent. This technique forced the agent to return to each stage
frequently enough to test out various options. We plan for each host pair to create traffic on a regular basis in
a set of predetermined steps. We allowed each pair of hosts to randomly generate traffic with a duration
obtained from a normal distribution with 𝜇 = 5 seconds and 𝜎 = 1. Data transfer patterns between each host
pair are left up to the generator. The duration of the burst and the packet interval time are not specified.
Figure 6 depicts the agent's training while using RL-routing. The figure illustrated the performance of
the RL agent in terms of total rewards, using a window size of 50 episodes. On average, 25 k distinct states
were produced, some of which are quite similar and others which are completely different. Figure 6 illustrates
the number of training episodes on the x-axis and the total incentives earned during each episode on the y-axis.
Initially, the RL agent does not comprehend the underlying network well enough. Thus, the agent largely
engaged in environmental exploration and reaps little benefit. Following a few episodes, the awards rise until
they reach their maximum levels.
The bottom layers of the dueling network in the chosen dueling DDQN are convolutional, just like in
the original DQNs (3 convolutional layers followed by 2 fully connected layers). Two sequences (or streams)
of fully connected layers have been employed in this architecture as opposed to one series of fully connected
layers after the convolutional layers. Because of how the streams are built, different estimates of the value and
advantage functions were produced. According to [31], the output of the network is a set of Q values, with one
for each action, and the two streams are merged to create a unified output Q function. It is worth mentioning
that the adopted dueling DDQN architecture and hyper-parameters as mentioned in [32], [33] have been fine
tuned to fit the network state input vector that maintained the RL-routing operation.
10. Int J Elec & Comp Eng ISSN: 2088-8708
Learning agent-based security schema mitigating man-in-the-middle attacks … (Hossam Elmansy)
5917
Figure 6. RL agent performance
The objective is to understand what and how to discover an effective solution to the routing issue
given the state representation, reward function, and action description. It is worth mentioning that any routing
algorithm uses a policy to determine its route without losing generality. A stochastic policy 𝜋 determines the
routing algorithm's behavior and is represented as a distribution over actions for a specific state, defined (9).
π(𝑎|𝑠) = 𝑃[𝑎|𝑠] (9)
For an agent behaving according to a stochastic policy 𝜋, the values of the state-action pair (𝑠, 𝑎) and the state
𝑠 (i.e., Q, V functions) are defined as (10).
Q𝜋(𝑠, 𝑎) = 𝔼[𝑅𝑡|𝑠𝑡 = 𝑠, 𝑎𝑡 = 𝑎, 𝜋], 𝑎𝑛𝑑
𝑉𝜋(𝑠) = 𝔼𝑎~𝜋(𝑠)[𝑄𝜋(𝑠, 𝑎)] (10)
The preceding Q function value can be computed recursively with dynamic programming:
𝑄𝜋(𝑠, 𝑎) = 𝔼𝑠` [𝑟 + 𝔼𝑎`~𝜋(𝑠`)[𝑄𝜋(𝑠`
, 𝑎`)]| 𝑠, 𝑎, 𝜋] (11)
We define the optimal 𝑄∗(𝑠, 𝑎) = 𝑚𝑎𝑥𝜋𝑄𝜋(𝑠, 𝑎).
Under the deterministic policy 𝑎 = arg𝑚𝑎𝑥𝑎`∈𝐴𝑄∗
(𝑠, 𝑎`
), it follows that 𝑉∗(𝑠) = 𝑚𝑎𝑥𝑎𝑄∗
(𝑠, 𝑎). From this,
it also follows that the optimal 𝑄 function satisfies the Bellman (12)
𝑄∗(𝑠, 𝑎) = 𝔼𝑠`[𝑟 + 𝛾 𝑚𝑎𝑥𝑎`𝑄∗(𝑠`
, 𝑎`)|𝑠, 𝑎] (12)
We define another important quantity, the advantage function, relating the value and 𝑄 functions as (13).
𝐴𝜋(𝑠, 𝑎) = 𝑄𝜋(𝑠, 𝑎) − 𝑉𝜋(𝑠) (13)
Note that 𝔼𝑎~𝜋(𝑠)[𝐴𝜋(𝑠, 𝑎)] = 0. The value function 𝑉 intuitively measures how favorable it is to be
in a particular state 𝑠, while the 𝑄 function measures the value of selecting a particular action when in that
state. The advantage function is obtained by subtracting the state value from the 𝑄 function, providing a relative
measure of the significance of each action.
RL-Routing algorithm begins with an initial policy 𝜋𝑅𝐿 and utilizes policy iteration to enhance its
performance. In each step, the agent updates 𝑄𝜋𝑅𝐿
by computing states using (2), selecting actions using its
policy 𝜋𝑅𝐿, and calculating rewards using (6). By repeating these steps for a large number of iterations, the
agent identifies an optimal 𝑄𝜋𝑅𝐿
∗ . Once an optimal policy 𝜋∗
is obtained, the agent selects the best possible
action in each state 𝑠 ∈ 𝑆 by:
A = arg max𝑄𝜋∗(𝑠, 𝑎) , 𝑎 ∈ 𝐴(𝑠) (14)
11. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 5, October 2023: 5908-5921
5918
Finding the optimal policy 𝜋∗
is therefore comparable to finding the best effective solution (i.e., best
routing path). RL-routing has the potential to discover an improved policy, as it depends on the traffic patterns
observed during the training phase and the chosen exploration mechanism that manage the trade-off between
exploration and exploitation. At the start of the training phase, the agent largely explores to gather information,
i.e., exploration, as depicted in Figure 6. After some time, it begins to gain by leveraging its understanding of
the underlying network to inform better decisions, i.e., exploitation.
Network throughput and delay overhead have been chosen as the assessment measures to measure
how well the suggested architecture performs. Figures 7 and 8 compare the delay overhead between TCP and
MPTCP with and without the MitM attack, while Figures 9 and 10 compare TCP and MPTCP in the presence
and absence of MitM attacks. The tests were run repeatedly, and the average of the results was calculated.
Figure 7. Delay overhead comparison for
TCP vs. MPTCP
Figure 8. Delay overhead comparison for
TCP vs. MPTCP
Figure 9. Throughput comparison for
TCP vs. MPTCP
Figure 10. Throughput comparison for
TCP vs. MPTCP
Figure 7 showed the overhead delay comparison between TCP and MPTCP without using MTD and
RL. It showed that the delay overhead added by MPTCP is almost double of TCP as it uses two TCP sub flows
for each MPTCP connection. Additionally, Figure 8 showed the overhead delay comparison between TCP and
12. Int J Elec & Comp Eng ISSN: 2088-8708
Learning agent-based security schema mitigating man-in-the-middle attacks … (Hossam Elmansy)
5919
MPTCP using MTD and RL routing with different configurations for the changing (mutation-turn around) time
between new routes and IP addresses. It showed that when decreasing the changing time, the more delay
overhead occurred. It is worth mentioning that, the degradation in performance ensure that it will be hard to
the attacker to discover the network and reconnaissance it, it is a tradeoff between security and performance.
Moreover, it showed that the proposed framework did not add much delay overhead to the network if the
changing period configured to be 60 seconds.
The performance difference between TCP and MPTCP with/without MTD and RL routing was shown
in Figures 9 and 10. The results collected demonstrated that the MPTCP network throughput was higher than
that of conventional TCP. This is as a result of MPTCP using various paths between hosts. Also, the network
throughput has been increased using our proposed framework as MPTCP sub flows since RL routing selected
the best routes between source and destination. Exploiting RL routing helped in finding the best routes between
two parties in terms of throughput and delay. This guaranteed MPTCP's involvement in preserving the fog
nodes layer network's resilience and end-users' quality of hope (QoE).
A comparative study has been carried out among similar related work. Table 2 summarized this
comparative study in terms of the defense methodology and the evaluation metrics. It was shown that, the
proposed system has better security as it incorporates several techniques to mitigate MitM attacks in fog
computing without adding a lot of overhead and delay to the network. As well as the overhead added by the
complexity of the security solution have been controlled by using RL agent. Adoption of RL agent in routing
optimization and selecting the best routing paths between nodes decreased the additional overheads incurred
by the security solution.
Table 2. Comparison against related work
Authors/Publication Defense methodology Metrics
Aliyu et al. [21] SDN, MITM Time cost to detect attack and delay
Liu et al. [22] IDS, IPS, MITM Time cost to detect attack and delay
and Energy Consumption
Zkik et al. [25] SDN, MPTCP, MITM Application execution time
Babar et al. [26] SDN, MTD, MITM ---
Duan et al. [29] SDN, MTD, MITM ---
Proposed Solution SDN, MPTCP, MTD, Reinforcement
learning, MITM
Throughput and delay
4. CONCLUSION
This study proposed a MitM mitigation solution for fog computing that integrated SDN, MTD,
MPTCP, and RL routing. The SDN controller has been configured for managing and controlling fog nodes. In
addition, MPTCP has been implemented to make use of the various connection interfaces in fog computing
Open vSwitches and edge devices, which enabled redundancy path for traffic between all fog nodes and edge
devices. The system employed MTD in two ways, RHM and RRM, to enhance network uncertainty and harden
the network scanning for attackers, hence decreasing the likelihood of a successful MitM attack. In addition, a
RL routing algorithm has been employed to assist the SDN in determining the optimal network path between
source and destination nodes. The simulation findings demonstrated that the proposed framework improved
network throughput, robustness, and security with minimal delay overhead. In the future, we plan to enhance
the security of the fog layer by leveraging additional SDN and MPTCP capabilities.
REFERENCES
[1] J. Iannacci, “Internet of things (IoT); internet of everything (IoE); tactile internet; 5G – A (not so evanescent) unifying vision
empowered by EH-MEMS (energy harvesting MEMS) and RF-MEMS (radio frequency MEMS),” Sensors and Actuators A:
Physical, vol. 272, pp. 187–198, Apr. 2018, doi: 10.1016/j.sna.2018.01.038.
[2] P. Sethi and S. R. Sarangi, “Internet of things: Architectures, protocols, and applications,” Journal of Electrical and Computer
Engineering, vol. 2017, pp. 1–25, 2017, doi: 10.1155/2017/9324035.
[3] A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, and M. Ayyash, “Internet of things: a survey on enabling technologies,
protocols, and applications,” IEEE Communications Surveys & Tutorials, vol. 17, no. 4, pp. 2347–2376, 2015, doi:
10.1109/COMST.2015.2444095.
[4] P. P. Ray, “A survey on internet of things architectures,” Journal of King Saud University - Computer and Information Sciences,
vol. 30, no. 3, pp. 291–319, Jul. 2018, doi: 10.1016/j.jksuci.2016.10.003.
[5] N. L. Fantana et al., Internet of things - converging technologies for smart environments and integrated ecosystems, River
Publishers, 2013.
[6] E. G. M. Petrakis, S. Sotiriadis, T. Soultanopoulos, P. T. Renta, R. Buyya, and N. Bessis, “Internet of things as a service (iTaaS):
challenges and solutions for management of sensor data on the cloud and the fog,” Internet of Things, vol. 3–4, pp. 156–174, Oct.
2018, doi: 10.1016/j.iot.2018.09.009.
[7] X. Lyu, C. Ren, W. Ni, H. Tian, and R. P. Liu, “Cooperative computing anytime, anywhere: Ubiquitous fog services,” IEEE Wireless
Communications, vol. 27, no. 1, pp. 162–169, Feb. 2020, doi: 10.1109/MWC.001.1900044.
13. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 5, October 2023: 5908-5921
5920
[8] K. Pyatkova et al., “Flood impacts on road transportation using microscopic traffic modelling techniques,” in Simulating Urban
Traffic Scenarios, 2019, pp. 115–126, doi: 10.1007/978-3-319-33616-9_8.
[9] C. Lin, G. Han, X. Qi, M. Guizani, and L. Shu, “A Distributed mobile fog computing scheme for mobile delay-sensitive applications
in SDN-enabled vehicular networks,” IEEE Transactions on Vehicular Technology, vol. 69, no. 5, pp. 5481–5493, May 2020, doi:
10.1109/TVT.2020.2980934.
[10] A. Mayoral, R. Vilalta, R. Muñoz, R. Casellas, and R. Martínez, “SDN orchestration architectures and their integration
with cloud computing applications,” Optical Switching and Networking, vol. 26, pp. 2–13, Nov. 2017,
doi: 10.1016/j.osn.2015.09.007.
[11] P. Parol and M. Pawlowski, “Towards networks of the future: SDN paradigm introduction to PON networking for business
applications,” in 2013 Federated Conference on Computer Science and Information Systems, 2013, pp. 829–836.
[12] Y. Desmedt, “Man-in-the-middle attack,” in Encyclopedia of Cryptography and Security, Springer US, 2005, pp. 368–368, doi:
10.1007/0-387-23483-7_241.
[13] B. N. B. Ekanayake, M. N. Halgamuge, and A. Syed, “Review: security and privacy issues of fog computing for the
internet of things (IoT),” in Cognitive Computing for Big Data Systems Over IoT, 2018, pp. 139–174,
doi: 10.1007/978-3-319-70688-7_7.
[14] B. Potter and B. Fleck, 802.11 security, ser. O’Reilly series. O’Reilly Media, Incorporated, 2003.
[15] S. Khan, S. Parkinson, and Y. Qin, “Fog computing security: a review of current applications and security solutions,” Journal of
Cloud Computing, vol. 6, no. 1, Dec. 2017, doi: 10.1186/s13677-017-0090-3.
[16] A. Aydeger, N. Saputro, and K. Akkaya, “A moving target defense and network forensics framework for ISP networks using SDN
and NFV,” Future Generation Computer Systems, vol. 94, pp. 496–509, May 2019, doi: 10.1016/j.future.2018.11.045.
[17] R. Banner and A. Orda, “Multipath routing algorithms for congestion minimization,” in NETWORKING 2005: NETWORKING
2005. Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and
Wireless Communications Systems, 2005, pp. 536–548, doi: 10.1007/11422778_43.
[18] M. Chliah, G. Orhanou, and S. El Hajji, “Countering MitM attacks using evolved PathFinder algorithm,” International Journal of
Cloud Applications and Computing, vol. 7, no. 2, pp. 41–61, Apr. 2017, doi: 10.4018/IJCAC.2017040104.
[19] C. Paasch and O. Bonaventure, “Multipath TCP,” Queue, vol. 12, no. 2, pp. 40–51, Feb. 2014, doi: 10.1145/2578508.2591369.
[20] C. Li, Z. Qin, E. Novak, and Q. Li, “Securing SDN infrastructure of IoT–fog networks from MitM attacks,” IEEE Internet of Things
Journal, vol. 4, no. 5, pp. 1156–1164, Oct. 2017, doi: 10.1109/JIOT.2017.2685596.
[21] F. Aliyu, T. Sheltami, and E. M. Shakshuki, “A detection and prevention technique for man in the middle attack in fog computing,”
Procedia Computer Science, vol. 141, pp. 24–31, 2018, doi: 10.1016/j.procs.2018.10.125.
[22] J. Liu, Y. Xiao, and C. L. P. Chen, “Authentication and access control in the internet of things,” in 2012 32nd International
Conference on Distributed Computing Systems Workshops, Jun. 2012, pp. 588–592, doi: 10.1109/ICDCSW.2012.23.
[23] H. HaddadPajouh, A. Dehghantanha, R. M. Parizi, M. Aledhari, and H. Karimipour, “A survey on internet of things security:
Requirements, challenges, and solutions,” Internet of Things, vol. 14, Jun. 2021, doi: 10.1016/j.iot.2019.100129.
[24] M. Chliah, G. Orhanou, and S. El Hajji, “SDN MPTCP sub-flows routing security against MiTM attacks,” International Journal of
Control and Automation 1, vol. 11, no. 6, pp. 123–136, 2018, doi: 10.14257/ijca.2018.11.6.12.
[25] K. Zkik, A. Sebbar, Y. Baddi, and M. Boulmalf, “Secure multipath mutation SMPM in moving target defense based on SDN,”
Procedia Computer Science, vol. 151, pp. 977–984, 2019, doi: 10.1016/j.procs.2019.04.137.
[26] S. Babar, A. Stango, N. Prasad, J. Sen, and R. Prasad, “Proposed embedded security framework for internet of things (IoT),” in
2011 2nd International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace &
Electronic Systems Technology (Wireless VITAE), Feb. 2011, pp. 1–5, doi: 10.1109/WIRELESSVITAE.2011.5940923.
[27] Y. Sheffer, R. Holz, and P. Saint-Andre, “Summarizing known attacks on transport layer security (TLS) and datagram TLS
(DTLS),” Feb. 2015, doi: 10.17487/rfc7457.
[28] S. Macwan and C.-H. Lung, “Investigation of moving target defense technique to prevent poisoning attacks in SDN,” in 2019 IEEE
World Congress on Services (SERVICES), Jul. 2019, pp. 178–183, doi: 10.1109/SERVICES.2019.00050.
[29] Q. Duan, E. Al-Shaer, and H. Jafarian, “Efficient random route mutation considering flow and network constraints,” in 2013
IEEE Conference on Communications and Network Security (CNS), Oct. 2013, pp. 260–268,
doi: 10.1109/CNS.2013.6682715.
[30] “IEEE Standard for local and metropolitan area networks - station and media access control connectivity discovery,” in IEEE Std
802.1AB-2016 (Revision of IEEE Std 802.1AB-2009), 2016, pp. 1–146, doi: 10.1109/IEEESTD.2016.7433915.
[31] Z. Wang, T. Schaul, M. Hessel, H. van Hasselt, M. Lanctot, and N. de Freitas, “Dueling network architectures for deep reinforcement
learning,” Prepr. arXiv.1511.06581, Nov. 2015.
[32] H. van Hasselt, A. Guez, and D. Silver, “Deep reinforcement learning with double Q-learning,” Prepr. arXiv.1509.06461, Sep.
2015.
[33] V. Mnih et al., “Human-level control through deep reinforcement learning,” Nature, vol. 518, no. 7540, pp. 529–533, Feb. 2015,
doi: 10.1038/nature14236.
BIOGRAPHIES OF AUTHORS
Hossam Elmansy received the B.Eng. degree in computer engineering from
Military Technical College, Cairo, Egypt in 2012. Currently, he is a Solutions Architect. His
research interests include cloud computing, network security, multi-cloud, blockchain, AWS
cloud, fog computing, IoT, databases, distributed computing, and security. He can be contacted
at email: hossamelmansy.developer@gmail.com.
14. Int J Elec & Comp Eng ISSN: 2088-8708
Learning agent-based security schema mitigating man-in-the-middle attacks … (Hossam Elmansy)
5921
Khaled Metwally received the B.Sc. and M.Sc. degrees in electrical engineering
from Military Technical College (MTC), Cairo, Egypt, in 2001 and 2008, respectively, and the
Ph.D. degree in electrical engineering from University of Ottawa, Canada, in 2017. He is
currently a researcher and lecturer in Computers Eng. & Artificial Intelligence department in
MTC. His research interests include cloud computing resources allocation management,
provisioning, and optimization, cloud security, software-defined network (SDN) security, the
applications of machine learning and deep learning techniques in object detection, robot
navigation, cyber security techniques. He can be contacted at email: k.metwally@mtc.edu.eg.
Khaled Badran received a Bachelor Degree in computer engineering and Masters
of Science degree from the MTC, Cairo, Egypt, in 1995 and 2000, respectively. He also received
the Ph.D. degree in Electrical and Computer engineering from Sheffield University, UK, in 2009.
He is currently Head of the Department of Computer Engineering and Artificial Intelligence,
MTC. His research interests are in artificial intelligent, data mining, semantic web, and database
security. He can be contacted at email: khaledbadran@mtc.edu.eg.