EditorialIntrusion Detection and Prevention in Cloud, Fog, andInternet of Things

Xuyun Zhang ,1 Yuan Yuan,2 Zhili Zhou,3 Shancang Li,4

Lianyong Qi ,5 and Deepak Puthal6

1Department of Electrical, Computer and Software Engineering, University of Auckland, Auckland 1023, New Zealand2Department of Computer Science and Engineering, Michigan State University, Michigan, MI 48824, USA3Nanjing University of Information Science and Technology, Nanjing, 210044, China4FET-Computer Science and Creative Technologies, University of the West of England, Bristol BS16 1QY, UK5School of Information Science and Engineering, Chinese Academy of Education Big Data, Qufu Normal University,Qufu 276826, China

6Faculty of Engineering and IT, University of Technology Sydney, Ultimo, NSW 2007, Australia

Correspondence should be addressed to Xuyun Zhang; xuyun.zhang@auckland.ac.nz

Received 9 April 2019; Accepted 9 April 2019; Published 23 May 2019

Copyright © 2019 Xuyun Zhang et al. This is an open access article distributed under the Creative Commons Attribution License,which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

We are pleased to announce the publication of the specialissue focusing on intrusion detection and prevention incloud, fog, and Internet of Things (IoT). Internet of Things(IoT), cloud, and fog computing paradigms are as a wholeprovision a powerful large-scale computing infrastructure formany data and computation intensive applications. Specif-ically, the IoT technologies and deployment can widelyperceive our physical world at a fine granularity and gen-erate sensing data for further insight extraction. The fogcomputing facilities can provide computing power near theIoT devices where data are generated, aiming to achievefast data processing for time critical applications or save theamount of data transmitted into cloud for storage or furtherprocessing. The cloud computing platforms can offer bigdata storage and large-scale processing services for cheaplong-term storage or data intensive analytics with moreadvanced data mining models. Hence, it can be seen thatthe IoT/fog/cloud computing infrastructures can support thewhole lifecycle of large-scale applications where big datacollection, transmission, storage, processing, and miningcan be seamlessly integrated. However, these state-of-the-artcomputing infrastructures still suffer from severe securityand privacy threats because of their built-in propertiessuch as the ubiquitous-access and multitenancy features of

cloud computing, or the limited computing capability ofIoT devices. The expanded attack surface and the lack ofeffective security and privacy protection measures are stillone of the barriers of widely deploying applications on theIoT/fog/cloud infrastructure.

Intrusion detection and prevention systems that monitorthe devices, networks, and systems for malicious activitiesand policy violations are one of the key countermeasuresagainst cybersecurity attacks. With a wide spectrum, thedetection and prevention systems vary from antivirus soft-ware to hierarchical systems monitoring the traffic of anentire backbone networks. In general, intrusion detectionsystems can be categorized into two groups, that is, signature-based detection (malicious patterns are already known) andanomaly-based detection (no patterns are given). Traditionalmethods and systemsmight fail to be directly applicable to thestate-of-the-art computing paradigms and infrastructure asmentioned above. Novel intrusion detection and preventionalgorithms and systems are in demand to cater for the newcomputing infrastructure and newly emerging cybersecurityattacks and threats, taking into account the factors suchas algorithmic scalability, computing environment hetero-geneity, data diversity, and complexity. Extensive research isrequired to conduct more scalable and effective intrusion

HindawiSecurity and Communication NetworksVolume 2019, Article ID 4529757, 4 pageshttps://doi.org/10.1155/2019/4529757

2 Security and Communication Networks

detection and prevention in IoT/fog/cloud. Many relevanttheoretical and technical issues have not been answered wellyet. As such, it is high time to investigate the related issuesin intrusion detection and prevision in IoT, fog, and cloudcomputing by examining intrusion detection and previsionalgorithms, methods, architecture, systems, platforms, andapplications in detail. This special issue gained substantialinterests of researchers from all over the world and oureditorial team consisting of six researchers in this field haverigorously selected 20 articles out of 60 submissions forpublication. The research topics include intrusion detectionsystem, intrusion prevention systems, DDoS attack detection,network/IoT anomaly detection, anomaly detection in cloud,malware detection, privacy-preservation technologies, andother closely related works on data deduplication, cloudletplacement, and fault analysis.

In the paper entitled “Fingerprinting Network EntitiesBased on Traffic Analysis in High-speed Network Environ-ment”, X. Gu et al. studied the entity identification problemin high-speed network environment to detection potentialintruders and proposed to use the PFQ kernel module andStorm to capture high-speed packet and analyse online traffic,respectively. Based on this, they further proposed a noveldevice fingerprinting technology based on the runtime envi-ronment analysis that employs a logistic regression modeland the sliding window mechanism to implement onlineidentification.

In the paper entitled “Test Sequence Reduction of Wire-less Protocol Conformance Testing to Internet of Things”,W. Lin et al. investigated the wireless protocol conformancetesting problems which just judge whether a wireless pro-tocol has been performed as expected and proposed animproved method based on an overlapping technique thatmakes use of invertibility and multiple unique input/outputsequences. Specifically, the method consists of two steps:the maximum-length invertibility-dependent overlappingsequences (IDOSs) are constructed in the first step, anda minimum-length rural postman tour covering the justconstructed set of maximum-length IDOSs is generated.Finally, a test sequence is extracted from the tour.

In the paper entitled “Flow Correlation Degree Opti-mization Driven Random Forest for Detecting DDoS Attacksin Cloud Computing”, J. Cheng et al. investigated the Dis-tributed Denial-of-Service (DDoS) attacks in cloud comput-ing and proposed a DDoS attack detection method withthe enhanced random forest (RF) technique optimized by agenetic algorithm based on the flow correlation degree (FCD)features. Specifically, the features of attack flow and normalflows are described by the two-tuple FCD feature consist-ing of package-statistical degree (PSD) and semidirectivityinteraction abnormality (SDIA). A genetic algorithm basedon the FCD feature sequences is used to optimize two keyparameters of the decision tree in the RF, and the trained RFmodelwith the optimized parameters is employed to generatethe classifier for DDoS attack detection.

In the paper entitled “A Cooperative Denoising Algo-rithm with Interactive Dynamic Adjustment Function forSecurity of stacker in Industrial Internet of Things”, D.Huang et al. studied the problem of security monitoring of

stacker in Industry IoT (IIoT) and proposed a cooperativedenoising algorithm with interactive dynamic adjustmentfunction. Specifically, the denoising framework named asIDVSLMS-EEMD was constructed based on the advantagesof LMS, VSLMS, and improved VSLMS-EEMD. Real-worlddata applied in Power Grid of China was used to verify andsimulate the effectiveness of the proposed algorithms.

In the paper entitled “A Constraint-aware Optimiza-tion Method for Concurrency Bug Diagnosis Service ina Distributed Cloud Environment”, L. Bo and S. Jianginvestigated the performance problems in concurrency bugdiagnosis services which analyse concurrent software anddetect concurrency bugs and proposed a static constraint-aware method to simplify concurrent program buggy traces.Specifically, the maximal sound dependence relations oforiginal buggy traces are calculated based on the constraintmodels. The simplified traces can be obtained after checkingthe dependent constraints iteratively and forwarding currentevents to extend thread execution intervals.

In the paper entitled “Applying Catastrophe Theory forNetwork Anomaly Detection in Cloud Computing Traffic”,L. Khatibzadeh et al. examined the network traffic anomalydetection problems in cloud computing environments andproposed a catastrophe theory based approach aiming todepict sudden change processes of the network effectivelycaused by the dynamic nature of the cloud. ExponentialMoving Average (EMA) was applied for the state variablein sliding window to better show the dynamicity of cloudnetwork traffic, and entropy was used as one of the controlvariables in catastrophe theory to analyse the distribution oftraffic features.

In the paper entitled “A Privacy Protection Model ofData Publication Based on Game Theory”, L. Kuang et al.investigated the user privacy protection problem in sensoracquisition technology because the attacker may identify theuser based on the combination of user’s quasi-identifiers andthe fewer quasi-identifier fields result in a lower probability ofprivacy leaks. Specifically, they tried to determine an optimalnumber of quasi-identifier fields under the constraint oftrade-offs between service quality and privacy protection. Tothis aim, the service development process is modelled as acooperative game between the data owner and consumers,and the Stackelberg game model is leveraged to determinethe number of quasi-identifiers that are published to thedata development organization. Experiment showed that thedata loss of our model is less than that of the traditionalk-anonymity especially when strong privacy protection isapplied.

In the paper entitled “AQuantum-based Database QueryScheme for Privacy Preservation in Cloud Environment”, W.Liu et al. studied the privacy protection problems when usersaccess sensitive cloud data and proposed a quantum-baseddatabase query scheme for privacy preservation in cloudenvironment to achieve privacy preservation and reduce thecommunication complexity. Specifically, all the data itemsof a database are encrypted by different keys for protectingserver’s privacy, and the server is required to transmit allthese encrypted data items to the client with the oblivioustransfer strategy to guarantee the users’ privacy. Moreover,

Security and Communication Networks 3

two oracle operations, i.e., modified Grover iteration andspecial offset encryption mechanism, are combined togetherto ensure that a user can correctly query a desirable dataitem.

In the paper entitled “Application of Temperature Pre-diction based on Neural Network in Intrusion Detection ofIoT”, X. Liu et al. studied the security of network informationin IoT and proposed to use a neural network to constructthe farmland Internet of Things intrusion detection systemto detect anomalous intrusion. They used the temperaturedata from an IoT acquisition system as the case studyand adopted different time granularities for feature analysis.Results showed that the neural network can predict thetemperature sequence of varying time granularities better andensure a small prediction error.

In the paper entitled “Semantic Contextual Search basedon Conceptual Graphs over Encrypted Cloud”, Z. Wang etal. explored the problem of ignorance of context informationof the topic sentence when constructing conceptual graphin cloud searchable encryption. To address this problem, theauthors defined and constructed semantic search encryp-tion scheme for context-based conceptual graph (ESSEC).The contextual contact was associated with the central keyattributes in the topic sentence and its semantic informationwas extended, so as to improve the accuracy of the retrievaland semantic relevance. Experiments on real data showedthat the scheme is effective and feasible.

In the paper entitled “Adaptive DDoS attack detectionmethod based on multiple-kernel learning”, J. Cheng etal. investigated the distributed denial of service (DDoS)attack problems for Internet security and proposed anadaptive DDoS attack detection method (ADADM) basedon multiple-kernel learning (MKL). Five features from theburstiness of DDoS attack flow, the distribution of addressesand the interactivity of communication, were employed todescribe the network flow characteristics. A classifier wasestablished to identify an early DDoS attack by trainingsimple multiple-kernel learning (SMKL) models with twocharacteristics including interclass mean squared differ-ence growth (M-SMKL) and intraclass variance descent (S-SMKL).The sliding windowmechanism is used to coordinatethe S-SMKL and M-SMKL to detect the early DDoS attacks.The experimental results indicate that this method can detectDDoS attacks early and accurately.

In the paper entitled “A Sequence Number Predictionbased Bait Detection Scheme to Mitigate Sequence NumberAttacks in MANETs”, R. H. Jhaveri et al. explored thesequence number attacks which can degrade the networkfunctioning and performance by attracting the sender toestablish a path through the adversary node and proposeda proactive secure routing mechanism which makes useof linear regression mechanism to predict the maximumdestination sequence number that the neighbouring nodecan insert in the RREP packet. As an additional securitycheckpoint, a bait detection mechanism is used to establishthe confidence in marking a suspicious node as a maliciousnode. Results showed that the approach improves the net-work performance in the presence of adversaries as comparedto previous schemes.

In the paper entitled “RoughDroid: Operative Schemefor Functional Android Malware Detection”, K. Riad andL. Ke studied the malware problems in mobile applicationsand proposed a floppy analysis approach RoughDroid, whichcan discover Android malware applications directly on asmartphone. RoughDroid is based on seven feature sets fromthe XML manifest file of an Android application and threefeature sets from the Dex file. Those feature sets are fed tothe Rough Set algorithm to classify the Android applicationas either benign or malicious elastically. The experimentalresults showed that RoughDroid has 95.6% detection perfor-mance for the malware families at 1% false-positive rate.

In the paper entitled “Secure Deduplication Based onRabin Fingerprinting over Wireless Sensing Data in CloudComputing”, Y. Zhang et al. explored the data deduplicationproblem in cloud computing because existing data deduplica-tion technologies still suffer security and efficiency drawbacksand proposed two secure data deduplication schemes basedon Rabin fingerprinting over wireless sensing data in cloudcomputing. The first scheme is based on deterministic tagsand the other one adopts random tags.The proposed schemesrealize data deduplication before the data is outsourced to thecloud storage server, and hence both the communication costand the computation cost are reduced. Our security analysisshows that the proposed schemes are secure against offlinebrute-force dictionary attacks, and the random tag makes thesecond scheme more reliable.

In the paper entitled “Enhanced Adaptive CloudletPlacement Approach for Mobile Application on Spark”, Y.Zhang et al. investigated the cloudlet placement problemfor facilitating mobile computation offloading and pro-posed an enhanced adaptive cloudlet placement approachnamed EACP-CA (Enhanced Adaptive Cloudlets Placementapproach based on Covering Algorithm) for mobile applica-tions in a given network area. The CA (Covering Algorithm)was used to adaptively cluster the mobile devices based ontheir geographical locations, and the cloudlet destinationlocations were also determined according to the clusteringcentres. The algorithms were implemented on Apache Spark,and the experiment results showed the effectiveness andefficiency of the proposed approach.

In the paper entitled “A Security Sandbox Approach ofAndroid Based on Hook Mechanism”, X. Jiang et al. studiedthe security problems in the Android systems and proposeda new security sandbox approach of Android based on hookmechanism to further enrich Android malware detectiontechniques. The sandbox monitors the behaviours of a targetapplication by using a process hook-based dynamic trackingmethod during its running period. It can create an isolatedvirtual space where apk can be installed, run, and uninstalledand builds a risk assessment approach based on behaviouranalysis. Experiments on malware and normal applicationsamples verified the security of the sandbox.

In the paper entitled “Towards Optimized DFA Attackson AES under Multibyte Random Fault Model”, R. Wang etal. investigated the Differential Fault Analysis (DFA) attackproblems and pointed out that the state-of-the-art attack isnot fully optimized since no clear optimization goal was set.Accordingly, the authors proposed two optimization goals,

4 Security and Communication Networks

i.e., the fewest ciphertext pairs and the least computationalcomplexity, for optimization. To achieve these goals, the cor-responding optimized key recovery strategies are identified tofurther increase the efficiency of DFA attacks on AES.Then, amore accurate security assessment of AES can be completed.

In the paper entitled “Street-Level Landmark EvaluationBased on Nearest Routers”, R. Li et al. examined the evalu-ation issues of street-level landmarks for IP geolocation andproposed a street-level landmark evaluation approach basedon the nearest router given that the location organizationdeclared is regarded as an area not a point. Specifically, thedeclared location of preevaluated landmark is verified by IPlocation databases, and landmarks are grouped accordingto their nearest routers. The distance constraint is obtainedusing the delay value between a landmark and its near-est router by delay-distance correlation, based on whicha relation model is established among distance constraint,organization’s region radius, and distance between two land-marks.The experiment results showed that geolocation errorsdecrease obviously using evaluated landmarks.

In the paper entitled “Energy-Efficient Cloudlet Manage-ment for Privacy Preservation inWireless Metropolitan AreaNetworks”, X. Xu et al. investigated the energy and privacyprotection problems in cloudlet based wireless metropolitanarea networks (WMAN) and proposed an energy-efficientcloudlet management method, named ECM, for privacypreservation in WMAN. The problem was formulated withan optimization model. Based on the live virtual machine(VM) migration technique, a corresponding privacy-awareVM scheduling method for energy saving was designed todetermine which VMs should be migrated and where theyshould be migrated. Experimental results demonstrated thatthe proposed method is both efficient and effective.

In the paper entitled “Scheduling Parallel IntrusionDetecting Applications on Hybrid Clouds”, Y. Zhang etal. examined the scheduling problems in Parallel IntrusionDetection (PID) which can be regarded as a Bag-of-Tasks(BoT) application and proposed to construct an IteratedLocal Search (ILS) algorithm which uses an effective heuris-tic to obtain the initial task sequence and an insertion-neighbourhood-based local search method to explore bet-ter task sequences with lower makespans. Specifically, theauthors constructed a Fast Task Assignment (FTA) methodby integrating an existingTaskAssignment (TA)methodwithan acceleration mechanism to achieve efficiency without lossof any effectiveness. The experiment results showed that theproposed method can outperform the state-of-the-arts.

We strongly believe that this special issue will advance theunderstanding and research of various intrusion detectionand prevention techniques and the closely related privacy andsecurity technologies in cloud, edge/fog and IoT. We hopethat the audience will enjoy reading these novel contribu-tions.

Conflicts of Interest

The editors declare that they have no conflicts of interestregarding the publication of this special issue.

Acknowledgments

We would also like to cordially thank all the reviewers whohave participated in the review process of the articles submit-ted to this special issue and the special issue coordinators andthe technical supports from the publishing team.

Xuyun ZhangYuan YuanZhili Zhou

Shancang LiLianyong Qi

Deepak Puthal

International Journal of

AerospaceEngineeringHindawiwww.hindawi.com Volume 2018

RoboticsJournal of

Hindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com Volume 2018

Active and Passive Electronic Components

VLSI Design

Hindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com Volume 2018

Shock and Vibration

Hindawiwww.hindawi.com Volume 2018

Civil EngineeringAdvances in

Acoustics and VibrationAdvances in

Hindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com Volume 2018

Electrical and Computer Engineering

Journal of

Advances inOptoElectronics

Hindawiwww.hindawi.com

Volume 2018

Hindawi Publishing Corporation http://www.hindawi.com Volume 2013Hindawiwww.hindawi.com

The Scientific World Journal

Volume 2018

Control Scienceand Engineering

Journal of

Hindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com

Journal ofEngineeringVolume 2018

SensorsJournal of

Hindawiwww.hindawi.com Volume 2018

International Journal of

RotatingMachinery

Hindawiwww.hindawi.com Volume 2018

Modelling &Simulationin EngineeringHindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com Volume 2018

Chemical EngineeringInternational Journal of Antennas and

Propagation

International Journal of

Hindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com Volume 2018

Navigation and Observation

International Journal of

Hindawi

www.hindawi.com Volume 2018

Advances in

Multimedia

Submit your manuscripts atwww.hindawi.com