The Internet of Things (IoT) is also known as the Internet of everything. As an important part of the new generation of intelligent information technology, the IoT has attracted the attention both of researchers and engineers all over the world. Considering the limited capacity of smart products, the IoT mainly uses cloud computing to expand computing and storage resources. The massive data collected by the sensor are stored in the cloud storage server, also the cloud vulnerability will directly threaten the security and reliability of the IoT. In order to ensure data integrity and availability in the cloud and IoT storage system, users need to verify the integrity of remote data. However, the existing remote data integrity verification schemes are mostly based on the RSA and BLS signature mechanisms. The RSA-based scheme has too much computational overhead. The BLS signature-based scheme needs to adopt a specific hash function, and the batch signature efficiency in the big data environment is low. Therefore, for the computational overhead and signature efficiency issues of these two signature mechanisms, we propose a scheme of data integrity verification based on a short signature algorithm (ZSS signature), which supports privacy protection and public auditing by introducing a trusted third party (TPA). The computational overhead is effectively reduced by reducing hash function overhead in the signature process. Under the assumption of CDH difficult problem, it can resist adaptive chosen-message attacks. The analysis shows that the scheme has a higher efficiency and safety.INDEX TERMS Internet of Things, cloud computing, provable data integrity, privacy preserving, public auditability, short signature, ZSS signature.
With the rapid development of the Internet, various forms of network attack have emerged, so how to detect abnormal behavior effectively and to recognize their attack categories accurately have become an important research subject in the field of cyberspace security. Recently, many hot machine learning-based approaches are applied in the Intrusion Detection System (IDS) to construct a data-driven model. The methods are beneficial to reduce the time and cost of manual detection. However, the real-time network data contain an ocean of redundant terms and noises, and some existing intrusion detection technologies have lower accuracy and inadequate ability of feature extraction. In order to solve the above problems, this paper proposes an intrusion detection method based on the Decision Tree-Recursive Feature Elimination (DT-RFE) feature in ensemble learning. We firstly propose a data processing method by the Decision Tree-Based Recursive Elimination Algorithm to select features and to reduce the feature dimension. This method eliminates the redundant and uncorrelated data from the dataset to achieve better resource utilization and to reduce time complexity. In this paper, we use the Stacking ensemble learning algorithm by combining Decision Tree (DT) with Recursive Feature Elimination (RFE) methods. Finally, a series of comparison experiments by cross-validation on the KDD CUP 99 and NSL-KDD datasets indicate that the DT-RFE and Stacking-based approach can better improve the performance of the IDS, and the accuracy for all kinds of features is higher than 99%, except in the case of U2R accuracy, which is 98%.
The explosive growth of network traffic and its multitype on Internet have brought new and severe challenges to DDoS attack detection. To get the higher True Negative Rate (TNR), accuracy, and precision and to guarantee the robustness, stability, and universality of detection system, in this paper, we propose a DDoS attack detection method based on hybrid heterogeneous multiclassifier ensemble learning and design a heuristic detection algorithm based on Singular Value Decomposition (SVD) to construct our detection system. Experimental results show that our detection method is excellent in TNR, accuracy, and precision. Therefore, our algorithm has good detective performance for DDoS attack. Through the comparisons with Random Forest, k-Nearest Neighbor (k-NN), and Bagging comprising the component classifiers when the three algorithms are used alone by SVD and by un-SVD, it is shown that our model is superior to the state-of-the-art attack detection techniques in system generalization ability, detection stability, and overall detection performance.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.