Department of Computer Science and Information Engineering College of Engineering National Chung Cheng University Doctoral dissertation Collaborative detection framework for security attacks on the Internet of Things Nguyen Van Linh Advisor: Prof Po-Ching Lin, Ph.D Co-advisor: Prof Ren-Hung Hwang, Ph.D Taiwan, R.O.C, Fall 2019 博碩士論文電子檔案上網授權書 本聯請隨論文繳回學校圖書館，供國家圖書館做為授權管理用 ） ID:106CCU00392111 （ 本授權書所授權之論文為授權人在 國立中正 大學(學院) 資訊工程研究所 系所 _ 組 108 學年度第 一 學期取得 博 士學位之論文。 論文題目： Collaborative detection framework for security attacks on the Internet of Things 指導教授： 林柏青,Po-Ching Lin　 茲同意將授權人擁有著作權之上列論文全文 ( 含摘要 ) ，提供讀者基於個人非營利性質之線上 檢索、閱覽、下載或列印，此項授權係非專屬、無償授權國家圖書館及本人畢業學校之圖書 館，不限地域、時間與次數，以微縮、光碟或數位化方式將上列論文進行重製，並同意公開傳 輸數位檔案。 校內外立即開放 □ 校內立即開放，校外於 年 月 日後開放 □ 校內於 年 月 日；校外於 年 月 日後開放 □ 其他 授權人：阮文齡 簽　名 ： _ 日期： 年 月 日 Acknowledgements The road to scientific research has never been a flat one, especially to me After three years of fighting for my dream, being a cybersecurity scientist, finally, I also have a chance to express my sincere gratitude to the people who have given me passion and strength in this fight I would like to sincerely express the deepest appreciation to my beloved supervisors, Prof Po-Ching Lin and Prof Ren-Hung Hwang, who both have encouraged me to surpass the critical points of this research I could not have imagined, without their valuable assistance and timely encouragement, whether I was on the right track To me, their insightful comments, tough questions, and particularly thoughtful reviews have certainly motivated me a lot to finish this extremely hard work on time I’d like to sincerely thank National Chung Cheng University (CCU) for offering me a full scholarship Also, the precious and constant sponsorship from Prof.Lin and Prof.Hwang, Department of Computer Science and Information Engineering (CSIE@CCU), and Taiwan Information Security Center in National Sun Yat-sen University (TWISC@NSYSU) is extremely vital for my research and living in Taiwan Also, a thank you to my professors at CCU/NSYSU who taught me great courses or worked with me in meaningful projects A thank you to Ms Huang and Ms Chen who have given me exciting Chinese courses, that certainly helped me to forget all tiredness at work and keep fighting I would like to thank the staff of CSIE@CCU for their great support in the document procedure Thank all members of Network and System Security Lab, my beloved friends in CCU, Karate club, and Badminton team who are always willing to encourage and cheer with me at the memorable time of my Ph.D journey Finally, thanks to my parents, my darling, and all my friends for their unconditional support and patience during the courses of this work Last but not least, I would like to thank my life partner, Lan-Huong, for her constant encouragement, sacrifices and endless love in me, that motivated me a lot to firmly pursue the doctoral program till the end I believe that, without the encouragement and supports, I could never be strong enough to overcome the difficulties and finish this research successfully i Abstract A connected world of Internet of Things (IoT) has become a visible reality closer than ever and that is now being fueled by the appearance of 5G and beyond 5G (B5G) connectivity technologies However, besides bringing up the hope of a better life for the human being through promising applications, at the same time, the complicated structure of IoT and the diversity of the stakeholders in accessing the networks also raises grave concerns that our life may be extremely vulnerable than ever with daily threats of security attacks, disinformation, and privacy violation The objective of the research presented in this dissertation is to detect the attacks targeting the network availability (e.g., the volume attacks) and data authenticity (e.g., data forgery dissemination attacks) in the perception layer and the network layer of IoT networks Further, our research targets to exclude responsible attackers, misbehavior nodes and unreliable stakeholders from active network participation or even mitigate the magnitude of such attacks significantly at the edge of the networks in a timely fashion While most existing solutions in the context of security detection in IoT are based on datadriven learning and plausibility checks on the traffic near the victim or a single network hop, we propose in this dissertation a collaborative security defense framework, so-called TrioSys, which primarily relies on three main approaches First, the system evaluates the behavior of traffic/nodes based on learning cooperatively accumulated information, e.g., traffic request distribution targeting a specific address over a time interval, and fusing the trustworthiness of post-detection results from multiple layer trusted engines such as the edge-based(regional)/cloud-based (global) detection systems Second, by largely targeting at filtering malicious traffic/bogus messages directly at/near the source/nodes/edge, our system provides an extremely effect protection approach with low latency response to the attacks, particularly before their malicious traffic have a chance to pour into the networks or affect to the decision of the unsuspecting nodes such as the control system of an autonomous vehicle Finally, in each specific case of the application deployment, i.e., in IoT eMBB or IoT uRRLC, we propose a proper strategy to implement the detection mechanisms for the platform For example, in the autonomous driving case (IoT uRRLC), we propose a novel method to exploit passive source localization techniques from physical signals of multi-array beamforming antennas in V2X-supported vehicles and motion prediction to verify the truthfulness of the claimed GPS location in V2X messages without ii requiring the availability of many dedicated anchors or a strong assumption of the honest majority rule as in conventional approaches In summary, this work has been developed that consists of two main contributions: (1) TrioSys, a robust and effective platform for detecting and filtering the attacks in IoT, particularly compatible with 5G applications and network models; (2) a novel near-source detection for DDoS defense in IoT eMBB slice and two physical signal-driven verification schemes for V2X (i.e., IoT uRLLC) Also, besides our comprehensive survey on the state-of-the-art attacks against network availability/data authenticity and countermeasure approaches, our findings on relevant security issues can certainly provide useful suggestions for future work Keywords – Internet of Things Security, 5G/B5G Security, Distributed Denial-of-service defense, Misbehavior Detection in 5G V2X iii Overview of publication The following articles are peer-reviewed and accepted publications with results included in/achieved during this dissertation: Journal Papers Van-Linh Nguyen, Po-Ching Lin and Ren-Hung Hwang, “Multi-array relative positioning for verifying the truthfulness of V2X messages,” IEEE Communication Letter, Vol 23 , No 10, pp 1704-1707, Oct 2019 Van-Linh Nguyen, Po-Ching Lin, and Ren-Hung Hwang, “Energy depletion attacks in Low Power Wireless networks,” IEEE Access, Vol.7, Apr 2019 Van-Linh Nguyen, Po-Ching Lin and Ren-Hung Hwang, “MECPASS: Distributed Denial of Service Defense Architecture for Mobile Networks,” IEEE Network, Vol 32, No 1, pp 118-124, Jan.-Feb 2018 Van-Linh Nguyen, Po-Ching Lin, and Ren-Hung Hwang, “Web Attacks: beating monetisation attempts,” Network Security Journal (Elsevier), No.5, pp 1-20, May 2019 Ren-Hung Hwang, Min-Chun Peng, Van-Linh Nguyen, and Yu-Lun Chang, “An LSTM-Based Deep Learning Approach for Classifying Malicious Traffic at the Packet Level,” Applied Sciences, Vol 9, No 16, pp.3414-3428 , Aug 2019 Van-Linh Nguyen, Po-Ching Lin and Ren-Hung Hwang, “Enhancing misbehavior detection in 5G Vehicle-to-Vehicle communications,” submitted to IEEE Transactions on Vehicular Technology (major revision) Ren-Hung Hwang, Min-Chun Peng, Chien-Wei Huang, Po-Ching Lin and Van-Linh Nguyen, “PartPack: An unsupervised deep learning model for early anomaly detection in network traffic,” submitted in Aug 2019 to IEEE Transactions on Emerging Topics in Computational Intelligence Conference Papers Ren-Hung Hwang, Van-Linh Nguyen, and Po-Ching Lin, “StateFit: A security framework for SDN programmable data plane model,” The 15th International Symposium on Pervasive Systems, Algorithms and Networks (ISPAN), Yichang, iv China, Oct 2018 Po-Ching Lin, Ping-Chung Li, and Van-Linh Nguyen,“Inferring OpenFlow rules by active probing in software-defined networks,” The 19th International Conference on Advanced Communications Technology (ICACT), Pyongchang, South Korea, Jan 2017 Van-Linh Nguyen, Po-Ching Lin and Ren-Hung Hwang, “Physical signal-driven fusion for V2X misbehavior detection,” IEEE Vehicular Networking Conference, Los Angeles, USA, 2019 Projects that I have contributions on Po-Ching Lin and Van-Linh Nguyen “Security protection system for V2X in 5G networks,” a three-year granted MOST project, 2019/08/01 - 2022/07/31 v vi Contents Acknowledgements i Abstract ii List of Figures ix List of Tables xii Acronyms xiii Introduction 1.1 Motivation 1.2 The featured security attacks on IoT 1.3 The collaborative security defense approach 1.4 Problem statement, challenges and our research position 1.5 Goals 1.6 Contributions 1.7 Structure of the Dissertation 10 11 11 Background 2.1 Internet of Things and existing security issues: A glance 2.2 Enabling technologies promoting the changes to IoT security research 2.3 Summary 13 13 16 22 TrioSys: A collaborative security attack detection 3.1 Related work 3.2 Assumption and Adversary model 3.2.1 Assumption 3.2.2 Adversary model 3.3 Generic architecture 3.4 System description 3.5 Detection and filtering 3.6 Data sharing and update management 3.7 Data fusion 3.8 Summary 25 25 27 27 28 30 32 35 37 38 39 system for IoT TrioSys implementation for enhanced mobile broadband networks 41 4.1 Related work 41 4.1.1 Overview of DDoS attacks 41 vii [10] S T Zargar, J Joshi, and D Tipper, “A survey of defense mechanisms against distributed denial of service (ddos) flooding attacks”, IEEE Communications Surveys and Tutorials, vol 15, no 4, pp 2046–2069, 2013 [11] E T V15.4.0, “Security architecture and procedures for 5g system”, 3GPP, 2019 [12] J Petit, B Stottelaar, M Feiri, and F Kargl, “Remote attacks on automated vehicles sensors: Experiments on camera and lidar”, Black Hat Europe, 2015 [13] V.-L Nguyen, P.-C Lin, and R.-H Hwang, “Web attacks: Beating monetisation attempts”, Network Security Journal (Elsevier), vol 5, pp 1–20, 2019 [14] E Commission, SecurityIoT project, accessed on Jun 2018 [Online] Available: https://secureiot.eu [15] A M Zarca, J B Bernabe, R Trapero, D Rivera, J Villalobos, A Skarmeta, S Bianchi, A Zafeiropoulos, and P Gouvas, “Security management architecture for nfv/sdn-aware iot systems”, IEEE Internet of Things, 2019 (early access) [16] PPP, “5g ensure security architecture (final) - 5g enablers for network and system security and resilience”, 2017 [17] J Lin, W Yu, N Zhang, X Yang, H Zhang, and W Zhao, “A survey on internet of things: Architecture, enabling technologies, security and privacy, and applications”, IEEE Internet of Things Journal, vol 4, no 5, pp 1125–1142, 2017, issn: 2327-4662 [18] R T Tiburski, C R Moratelli, S F Johann, M V Neves, E de Matos, L A Amaral, and F Hessel, “Lightweight security architecture based on embedded virtualization and trust mechanisms for iot edge devices”, IEEE Communications Magazine, vol 57, no 2, pp 67–73, 2019, issn: 0163-6804 [19] A M Alberti, G D Scarpioni, V J Magalhães, A C S., J J P C Rodrigues, and R da Rosa Righi, “Advancing novagenesis architecture towards future internet of things”, IEEE Internet of Things Journal, vol 6, no 1, pp 215–229, 2019, issn: 2327-4662 [20] I Stellios, P Kotzanikolaou, M Psarakis, C Alcarazy, and J Lopezy, “A survey of iot-enabled cyberattacks: Assessing attack paths to critical infrastructures and services”, IEEE Communications Surveys and Tutorials, vol 20, no 4, pp 3453–3495, 2018 [21] E Benkhelifa, T Welsh, and W Hamouda, “A critical review of practices and challenges in intrusion detection systems for iot: Towards universal and resilient systems”, IEEE Communications Surveys and Tutorials, vol 20, no 4, 2018 134 [22] K Lu, D Wu, J Fan, S Todorovic, and A Nucci, “Robust and efficient detection of ddos attacks for large-scale internet”, Computer Networks, vol 51, no 18, pp 5036–5056, 2007 [23] P Porambage, J Okwuibe, M Liyanage, M Ylianttila, and T Taleb, “Survey on multi-access edge computing for internet of things realization”, IEEE Communications Surveys and Tutorials, vol 20, no 4, pp 2961–2991, 2018 [24] 3GPP.TR.22.886, “Study on enhancement of 3gpp support for 5g v2x services”, 3GPP TR 22.886 V16.1.1 (2018-09), 2018 [25] R.-H Hwang, V.-L Nguyen, and P.-C Lin, “Statefit: A security framework for sdn programmable data plane model”, 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks (I-SPAN), 2018 [26] B Brecht, D Therriault, A Weimerskirch, W Whyte, V Kumar, T Hehn, and R Goudy, “A security credential management system for v2x communications”, IEEE Transaction on Intelligent Transportation Systems, vol 19, no 12, pp 3850–3871, 2018 [27] V L Nguyen, P.-C Lin, and R.-H Hwang, “Multi-array relative positioning for verifying the truthfulness of v2x messages”, IEEE Communication Letter, vol 23, no 10, pp 1704–1707, 2019 [28] V.-L Nguyen, P.-C Lin, and R.-H Hwang, “Enhancing misbehavior detection in 5g vehicle-to-vehicle communications”, Submitted to IEEE Transactions on Vehicular Technology, 2019 [29] V L Nguyen, P.-C Lin, and R.-H Hwang, “Physical signal-driven fusion for v2x misbehavior detection”, Accepted to appear in IEEE Vehicular Networking Conference, Los Angeles, USA, 2019 [30] U Raza, P Kulkarni, and M Sooriyabandara, “Low power wide area networks: An overview”, IEEE Communications Surveys and Tutorials, vol 19, no 2, pp 855–873, 2017 [31] C Hennebert and J D Santos, “Security protocols and privacy issues into 6lowpan stack: A synthesis”, IEEE Internet of Things Journal, vol 1, no 5, pp 384–398, 2014 [32] J H Kong, L.-M Ang, and K P Seng, “A comprehensive survey of modern symmetric cryptographic solutions for resource constrained environments”, Journal of Network and Computer Applications, vol 49, pp 15–50, 2015 135 [33] J Granjal, E Monteiro, and J S Silva, “Security in the integration of low-power wireless sensor networks with the internet: A survey”, Ad Hoc Networks, vol 24, pp 264–287, 2014 [34] M Frustaci, P Pace, G Aloi, and G Fortino, “Evaluating critical security issues of the iot world: Present and future challenges”, IEEE Internet of Things Journal, vol 5, no 4, pp 2483–2495, 2018 [35] A W Group, “View on 5g architecture”, 2018 [36] M T Beck, M Werner, S Feld, and T Schimper, “Mobile edge computing: A taxonomy”, The Sixth International Conference on Advances in Future Internet, 2014 [37] X Sun and N Ansari, “Edgeiot: Mobile edge computing for the internet of things”, IEEE Communications Magazine, vol 54, no 12, pp 22–29, 2016 [38] Saguna, “Cyber security solutions based on saguna open-ran mec platform”, vol 2016, accessed on Nov 2016 [39] D Kreutz, F M V Ramos, P E Veríssimo, C E Rothenberg, S Azodolmolky, and S Uhlig, “Software-defned networking: A comprehensive survey”, Proc IEEE, vol 33, no 1, pp 14–76, 2015 [40] D Suh, S Jang, S Han, S Pack, M.-S Kim, T Kim, and C.-G Lim, “Toward highly available and scalable software defined networks for service providers”, IEEE Communications Magazine, vol 55, no 4, pp 100–107, 2017 [41] ONF, “Open networking operating system”, accessed on June 2018 [42] B Networks, “Barefoot tofino”, vol 2017, no February, accessed on August 2017 [43] P Bosshart, D Daly, G Gibb, M Izzard, N McKeown, J Rexford, C Schlesinger, D Talayco, A Vahdat, G Varghese, and D Walker, “P4: Programming protocolindependent packet processors”, ACM SIGCOMM Computer Communication Review, vol 44, no 3, pp 87–95, 2014 [44] G Vladimir, “P41 6introduction”, Barefoot Networks, P4.org, Version 1.0.1, 2017 [45] V Varadharajan and U Tupakula, “Security as a service model for cloud environment”, IEEE Transactions on Network and Service Management, vol 11, no 1, pp 60–75, 2014 [46] T G Nguyen, T V P TRUNG, N B Trong, C So-In, Z A Baig, and S Sanguanpong, “Search: A collaborative and intelligent nids architecture for sdn-based cloud iot networks”, IEEE Access, vol 7, pp 107 678–107 694, 2018 136 [47] J Arshad, M A Azad, M M Abdellatif, and M H U Rehm, “Colide: A collaborative intrusion detection framework for internet of things”, IET Networks, vol 8, no 1, pp 3–14, 2019 [48] Y Chen, K Hwang, and W.-S Ku, “Collaborative detection of ddos attacks over multiple network domains”, IEEE Transactions on Parallel and Distributed Systems, vol 18, no 10, pp 1649–1662, 2007 [49] C J Fung, J Zhang, I Aib, and R Boutaba, “Dirichlet-based trust management for effective collaborative intrusion detection networks”, IEEE Transactions on Network and Service Management, vol 8, no 2, pp 79–91, 2011 [50] B Hu, C Zhou, Y.-C Tian, Y Qin, and X Junping, “A collaborative intrusion detection approach using blockchain for multimicrogrid systems”, IEEE Transactions on Systems, Man and Cybernetics: Systems, vol 49, no 8, pp 1720–1730, 2019 [51] H Wu and W Wang, “A game theory based collaborative security detection method for internet of things systems”, IEEE Transactions on Information Forensics and Security, vol 13, no 6, pp 1432–1445, 2018 [52] Z Tan, U T Nagar, X He, P Nanda, R P Liu, S Wang, and J Hu, “Enhancing big data security with collaborative intrusion detection”, IEEE Cloud Computing, vol 1, no 3, pp 27–33, 2014 [53] A Networks, “Abor network worldwide infrastructure security report”, 2016 [54] Akamai, “Akamai report - ddos and application attacks”, vol 5, no 1, 2019 [55] P S Karanpreet Singh and K Kumar, “Application layer http-get flood ddos attacks: Research landscape and challenges”, Computers and Security, vol 65, pp 344–372, 2017, issn: 0167-4048 doi: 10.1016/j.cose.2016.10.005 [56] D K B Nazrul Hoque and J K Kalita, “Botnet in ddos attacks: Trends and challenges”, IEEE Communications Surveys and Tutorials, vol 17, no 4, pp 2242–2270, 2015 [57] P Farina, E Cambiaso, G Papaleo, and M Aiello, “Are mobile botnets a possible threat? the case of slowbot net”, Computer and Security, vol 58, pp 268–283, 2016 [58] S Mavoungou, G Kaddoum, M Taha, and G Matar, “Survey on threats and attacks on mobile networks”, IEEE Access, vol 4, pp 4543–4572, 2016 [59] G K Constantinos Kolias, A Stavrou, and J Voas, “Ddos in the iot: Mirai and other botnets”, Computer, vol 50, no 7, pp 80–84, 2017, issn: 0018-9162 doi: Doi10.1109/Mc.2017.201 137 [60] J R Piqueras, “Security attacks against the availability of lte mobility networks: Overview and research directions”, The 16th International Symposium on Wireless Personal Multimedia Communications (WPMC), 2013 [61] A Praseed and P S Thilagam, “Ddos attacks at the application layer: Challenges and research perspectives for safeguarding web applications”, IEEE Communications Surveys and Tutorials, vol 21, no 1, pp 2490–2502, 2019 [62] V Durcekova, L Schwartz, and N Shahmehri, “Sophisticated denial of service attacks aimed at application layer”, Proc ELEKTRO, pp 55–60, 2012 [63] E Cambiaso, G Papaleo, G Chiola, and M Aiello, “Slow dos attacks: Definition and categorisation”, International Journal of Trust management and Computation Communication, vol 1, no 1, pp 300–319, 2013 [64] Y Wang, L Liu, B Sun, and Y Li, “A survey of defense mechanisms against application layer distributed denial of service attacks”, IEEE International Conference Software Engineering Service Science, pp 1034–1037, 2015 [65] P Zilberman, R Puzis, and Y Elovici, “On network footprint of traffic inspection and filtering at global scrubbing centers”, IEEE Transactions on Dependable and Secure Computing, vol 14, no 5, pp 521–534, 2017 [66] H H Jazi, H Gonzalez, N Stakhanova, and A A Ghorbani, “Detecting http-based application layer dos attacks on web servers in the presence of sampling”, Computer Networks, vol 121, pp 25–36, 2017 [67] K Hong, Y Kim, H Choi, and J Park, “Sdn-assisted slow http ddos attack defense method”, IEEE Communications Letters, vol 22, no 4, pp 688–691, 2018 [68] N Agrawal and S Tapaswi, “Defense mechanisms against ddos attacks in a cloud computing environment: State-of-the-art and research challenges”, IEEE Communications Surveys and Tutorials (early access), 2019 [69] S Ranjan, R Swaminathan, M Uysal, A Nucci, and E Knightly, “Ddosshield: Ddos-resilient scheduling to counter application layer attacks”, IEEE/ACM Transactions on Networking, vol 17, no 1, pp 26–39, 2009 [70] Y Xiang, K Li, and W Zhou, “Low-rate ddos attacks detection and traceback by using new information metrics”, IEEE Transactions on Information Forensics and Security, vol 6, no 2, pp 426–437, 2011 [71] C.-T Im, J H Oh, D W Kang, S K Kim, and S H Kim, “Ip spoofing detection apparatus”, vol US 2014/0075538 A1, 2014 138 [72] Y Zhao, B Zhang, C Li, and C Chen, “On/off traffic shaping in the internet: Motivation, challenges and solutions”, IEEE Network, vol 31, no 2, pp 48–57, 2017 [73] I Tsompanidis, A H Zahran, and C J Sreenan, “Mobile network traffic: A user behaviour model”, The 7th IFIP Wireless and Mobile Networking Conference (WMNC), 2014 [74] R.-H Hwang, M.-C Peng, V.-L Nguyen, and Y.-L Chang, “An lstm-based deep learning approach for classifying malicious traffic at the packet level”, Applied Sciences (Basel), vol 16, pp 3414–3428, 2019 [75] M Ambrosin, C Busold, M Conti, A.-R Sadeghi, and M Schunter, “Updaticator: Updating billions of devices by an efficient, scalable and secure software update distribution over untrusted cache-enabled networks”, Computer Security, pp 76–93, 2014 [76] C Cascone, L Pollini, D Sanvito, and A Capone, “Traffic management applications for stateful sdn data plane”, 2015 Fourth European Workshop on Software Defined Networks (EWSDN), 2015 [77] L Peterson, A Al-Shabibi, T Anshutz, S Baker, A Bavier, S Das, J Hart, G Palukar, and W Snow, “Central office re-architected as a data center”, IEEE Communications Magazine, vol 54, no 10, pp 96–101, 2016 [78] T Dargahi, A Caponi, M Ambrosin, G Bianchi, and M Conti, “A survey on the security of stateful sdn data planes”, IEEE Communications Surveys and Tutorials, vol 19, no 3, pp 1701–1725, 2017 [79] ONOS.Project, “P4.runtime.support”, accessed on 16 Apr 2018 [Online] Available: https://wiki.onosproject.org/display/ONOS/P4+Runtime+support+in+ONOS [80] K.-T Forster, S Schmid, and S Vissicchio, “Survey of consistent softwaredefined network updates”, IEEE Communications Surveys and Tutorials, vol 20, pp 344–372, 2019 [81] M Reitblatt, N Foster, J Rexford, C Schlesinger, and D Walker, “Abstractions for network update”, Proceeding ACM SIGCOMM, pp 323–334, 2012 [82] Scapy, “Scapy”, accessed on 16 Jan 2018 [Online] Available: http://www.secdev org/projects/scapy/ [83] DDoS.Tool, “Firefox bug”, accessed on 18 Jan 2018 [Online] Available: https: //github.com/firefoxbug/ddos 139 [84] ONOS.Project, “Onostest”, accessed on May 2018 [Online] Available: https: //wiki.onosproject.org/display/ONOS/1.11-Performance+and+Scale-out [85] A Bremler-Barr, Y Harchol, D Hay, and Y Koral, “Deep packet inspection as a service”, Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies, pp 271–282, 2014 [86] E Ahmed and H Gharavi, “Cooperative vehicular networking: A survey”, IEEE Transportation Intelligent Transportation System, vol 19, no 3, pp 996–1014, 2018, issn: 1524-9050 (Print) 1524-9050 (Linking) doi: 10.1109/TITS.2018.2795381 [87] J Zhu, Y Zou, and B Zheng, “Physical-layer security and reliability challenges for industrial wireless sensor networks”, IEEE Access, vol 5, 2017 [88] ADAS, “Advanced driver asssistance systems”, accessed on 29 June 2019 [Online] Available: https://en.wikipedia.org/wiki/Advanced%5C_driver- assistance%5C_ systems [89] I Ali, A Hassan, and F Li, “Authentication and privacy schemes for vehicular ad hoc networks (vanets): A survey”, Vehicular Communications, vol 16, pp 45–61, 2019 [90] A Abdelaziz, R Burton, F Barickman, J Martin, J Weston, and C E Koksal, “Enhanced authentication based on angle of signal arrivals”, IEEE Transactions on Vehicular Technology, 2019 [91] R W van der Heijden, S Dietzel, T Leinmüller, and F Kargl, “Survey on misbehavior detection in cooperative intelligent transportation systems”, IEEE Communications Surveys and Tutorials, 2018 [92] A Alnasser, H Sun, and J Jiang, “Cyber security challenges and solutions for v2x communications: A survey”, Computer Networks, 2018 doi: https://doi.org/10 1016/j.comnet.2018.12.018 [93] Chakrabarty, T Zhou, R R Choudhury, P Ning, and Krishnendu, “P2dap — sybil attacks detection in vehicular ad hoc networks”, IEEE Journal on Selected Areas in Communications, vol 29, no 3, 2011 [94] J S Firl, H Huss, S A, and C Stiller, “Marv-x: Applying maneuver assessment for reliable verification of car-to-x mobility data”, IEEE Transactions on Intelligent Transportation Systems, vol 14, no 3, pp 1301–1312, 2013, issn: 1524-9050 doi: 10.1109/Tits.2013.2262176 140 [95] F Guo, Z Wang, S Du, H Li, H Zhu, Q Pei, Z Cao, and J Zhao, “Detecting vehicle anomaly in the edge via sensor consistency and frequency characteristic”, IEEE Transactions on Vehicular Technology, vol 68, no 6, pp 5618–5628, 2019 [96] S So, J Petit, and D Starobinski, “Physical layer plausibility checks for misbehavior detection in v2x networks”, WiSec ’19 Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, 2019 [97] M Sun, M Li, and R Gerdes, “A data trust framework for vanets enabling false data detection and secure vehicle tracking”, 2017 IEEE Conference on Communications and Network Security (CNS), 2017 [98] V.-L Nguyen, P.-C Lin, and R.-H Hwang, “Multi-array relative positioning for verifying the truthfulness of v2x messages”, IEEE Communications Letters, no 10, pp 1704–1707, 2019 [99] M Naserian and A Lewis, “Detecting misbehavior in vehicle-to-vehicle communications”, US Patent, no 9,865,168 9, 2018 [100] J Liu, N Kato, J Ma, and N Kadowaki, “Device-to-device communication in lte-advanced networks: A survey”, IEEE Communications Surveys and Tutorials, vol 17, no 4, pp 1923–1940, 2014 [101] Q Luo, Y Cao, J Liu, and A Benslimane, “Localization and navigation in autonomous driving: Threats and countermeasures”, IEEE Wireless Communications, vol 26, no 4, pp 38–45, 2019 [102] 5GPPP, “Report on channel modelling and positioning for 5g v2x”, Fifth Generation Communication Automotive Research and innovation, 2018 [103] Z MacHardy, A Khan, K Obana, and S Iwashina, “V2x access technologies: Regulation, research and remaining challenges”, IEEE Communications Surveys and Tutorials, vol 20, no 3, pp 1858–1877, 2018, issn: 1553-877x doi: 10.1109/ Comst.2018.2808444 [104] R Hussain and S Zeadally, “Autonomous cars: Research results, issues and future challenges”, IEEE Communications Surveys and Tutorials, vol 21, no 2, pp 1275–1313, 2019 [105] A Shahmansoori, G E Garcia, G Destino, G Seco-Granados, and H Wymeersch, “Position and orientation estimation through millimeter-wave mimo in 5g systems”, IEEE Transactions on Wireless Communications, vol 17, no 3, pp 1822–1835, 2018, issn: 1536-1276 141 [106] A Guerra, F Guidi, and D Dardari, “Single-anchor localization and orientation performance limits using massive arrays: Mimo vs beamforming”, IEEE Transactions on Wireless Communications, vol 17, no 8, pp 5241–5255, 2018 [107] ETSI, “Its communications security architecture and security management”, ETSI TS 102 940 V1.3.1, 2018 [108] A Kakkavas, M H C Garc, R A Stirling-Gallacher, and J A Nossek, “Multiarray 5g v2v relative positioning: Performance bounds”, IEEE GlobeCOMM, 2018 [109] J Petit, F Schaub, M Feiri, and F Kargl, “Pseudonym schemes in vehicular networks: A survey”, IEEE Communications Surveys and Tutorials, vol 17, no 1, pp 228–255, 2015, issn: 1553-877x doi: 10.1109/Comst.2014.2345420 [110] O Ozdogan, E Bjornson, and E G Larsson, “Massive mimo with spatially correlated rician fading channels”, IEEE Transactions on Communications, vol 67, no 5, pp 3234–3250, 2019 [111] K Witrisal, P Meissner, E Leitinger, Y Shen, C G and, F Tufvesson, K Haneda, D Dardari, A F M Win, A Conti, and M Z., “High-accuracy localization for assisted living 5g systems will turn multipath channels from foe to friend”, Ieee Signal Processing Magazine, vol 33, no 2, pp 59–70, 2016, issn: 1053-5888 doi: 10.1109/Msp.2015.2504328 [112] 5GPPP, “Final 5g v2x radio design”, Fifth Generation Communication Automotive Research and innovation, 2019 [113] M Boban, J Barros, and O K Tonguz, “Geometry-based vehicle-to-vehicle channel modeling for large-scale simulation”, IEEE Transactions on Vehicular Technology, vol 63, no 9, pp 4146–4164, 2014 [114] L N Balico, A A Loureiro, E F Nakamura, R S Barreto, R W Pazzi, and H A Oliveira, “Localization prediction in vehicular ad hoc networks”, IEEE Communications Surveys and Tutorials, vol 20, no 4, pp 2784–2803, 2018 [115] UKF, “Unscented kalman filter in autonomous driving”, accessed on 11 May 2019 [Online] Available: https://www.haidynmcleod.com/unscented-kalman-filter [116] Z Chen, “Bayesian filtering: From kalman filters to particle filters and beyond”, Statistics: A Journal of Theoretical and Applied Statistics, 2003 [117] B Gao, S Gao, Y Zhong, G Hu, and C Gu, “Interacting multiple model estimationbased adaptive robust unscented kalman filter”, International Journal of Control, Automation and Systems, vol 15, no 5, pp 1–13, 2017 142 [118] R Schubert, E Richter, and G Wanielik, “Comparison and evaluation of advanced motion models for vehicle tracking”, 11th Interna tional Conference on Information Fusion, 2008 [119] E Mazor, A Averbuch, Y Bar-Shalom, and J Dayan, “Interacting multiple model methods in target tracking: A survey”, IEEE Transactions on Aerospace and Electronic Systems, vol 34, no 1, pp 103–123, 1998 [120] Z Chen, C Heckman, S Julier, and N Ahmed, “Weak in the nees?: Autotuning kalman filters with bayesian optimization”, 21st International Conference on Information Fusion, Cambridge, UK, 2018 [121] J Zacharias and S Froschle, “Misbehavior detection system in vanets using local traffic density”, VNC, 2018 [122] J J LaViola, “A comparison of unscented and extended kalman filtering for estimating quaternion motion”, Proceedings of the 2003 American Control Conference, 2003 [123] P Lytrivis, G Thomaidis, M Tsogas, and A Amditis, “An advanced cooperative path prediction algorithm for safety applications in vehicular networks”, IEEE Transactions on Intelligent Transportation Systems, vol 12, no 3, pp 669–679, 2011, issn: 1524-9050 doi: 10.1109/Tits.2011.2123096 [124] R W van der Heijden, T Lukaseder, and F Kargl, “Veremi: A dataset for comparable evaluation of misbehavior detection in vanets”, SecureComm 2018 14th EAI International Conference on Security and Privacy in Communication Networks, 2018 [125] SAE.J3016.Updates, accessed on 10 April 2019 [Online] Available: https://www sae.org/news/2019/01/sae-updates-j3016-automated-driving-graphic [126] A B Reis, S Sargento, and O K Tonguz, “Parked cars are excellent roadside units”, IEEE Transactions on Intelligent Transportation Systems, vol 18, no 9, pp 2490–2502, 2017 [127] S Schneider and P Ryan, “The modelling and analysis of security protocols: The csp approach”, Pearson Education, ISBN 0-201-67471-8, 2011 [128] Proverif.Tool, “Proverif”, accessed on 18 Jan 2019 [Online] Available: http:// prosecco.gforge.inria.fr/personal/bblanche/proverif/ [129] ns3, “Ns3”, accessed on Jan 2018 [Online] Available: https://www.nsnam.org/ 143 [130] J Navarro-Ortiz, S Sendra, P Ameigeiras, and J M Lopez-Soler, “Integration of lorawan and 4g/5g for the industrial internet of things”, IEEE Communications Magazine, vol 56, no 2, pp 60–67, 2018 144 Nguyen Van Linh Birth date : 1987-04-10 Gender : Male Email : nvlinh@ictu.edu.vn Mobile No : +886 0965120676 Nationality : Vietnam Address : No 168, University Rd., Minhsiung, Chiayi, Taiwan FIELDS OF INTEREST IoT security, Software-defined networking, Vehicular Security, AI-based Applications ACADEMIC INFORMATION Degree Ph.D candidate Specialization University Year Computer National Science University (CCU), Chiayi, Chung Cheng 2016-present GPA 5/5 Taiwan (sponsored by CCU Full Scholarship) Master Computer National Vietnam Science University (VNU), Hanoi, 2013-2015 3.25/4 2006-2011 4.23/5 Vietnam Engineer Computer University networks Communication Information of and Technology, Thai Nguyen, Vietnam TEACHING EXPERIENCE • 8/2012 - 8/2015: Teaching Assistant in Department of Information Technology, University of Information and Communication Technology, Thai Nguyen, Vietnam The courses include: Computer Fundamentals, Computer Networks, Network Programming, Network Security • 9/2015 - 8/2016: Lecturer of Department of Information Technology, University of Information and Communication Technology, Thai Nguyen, Vietnam The courses include: Computer Networks, Network Programming, Network Security 145 • 9/2016 - 8/2018: Ph.D student of Department of Computer Science and Information Engineering, College of Engineering, National Chung Cheng University, Chiayi, Taiwan • 9/2018 - present: Ph.D candidate of Department of Computer Science and Information Engineering, College of Engineering, National Chung Cheng University, Chiayi, Taiwan PROFESSIONAL VOLUNTEER • Reviewer of journals: IEEE Communications Magazine, IEEE Network Magazine, IEEE Access, Journal of Information Science and Engineering(Sinica), Computer Networks, Computers & Security, IEEE Transactions on Emerging Topics in Computational Intelligence, International Journal of Ad Hoc and Ubiquitous Computing • Reviewer of conferences: IEEE GlobeCOMM Conference, IEEE ICACT • Member of IEEE Community, the world’s largest technical professional organization for the advancement of technology (ID: 94126260) HONORS AND AWARDS • Recipient of YOUNG SCIENTIST AWARD in Ministry of Science and Technology & Vietnam, 2014 • Scholarship for the excellent undergraduate student of full-time course in University of Communication and Information Technology (2006-2011) • Full Scholarship for Ph.D program in National Chung Cheng University for period 2016-2019 Journal Papers Van-Linh Nguyen, Po-Ching Lin and Ren-Hung Hwang, “Multi-array relative positioning for verifying the truthfulness of V2X messages,” IEEE Communication Letter, Vol 23 , No 10, pp 1704-1707, Oct 2019 Van-Linh Nguyen, Po-Ching Lin, and Ren-Hung Hwang, “Energy depletion attacks in Low Power Wireless networks,” IEEE Access, Vol.7, Apr 2019 Van-Linh Nguyen, Po-Ching Lin and Ren-Hung Hwang, “MECPASS: Distributed Denial of Service Defense Architecture for Mobile Networks,” IEEE Network, Vol 146 32, No 1, pp 118-124, Jan.-Feb 2018 Van-Linh Nguyen, Po-Ching Lin, and Ren-Hung Hwang, “Web Attacks: beating monetisation attempts,” Network Security Journal (Elsevier), No.5, pp 1-20, May 2019 Ren-Hung Hwang, Min-Chun Peng, Van-Linh Nguyen, and Yu-Lun Chang, “An LSTM-Based Deep Learning Approach for Classifying Malicious Traffic at the Packet Level,” Applied Sciences, Vol 9, No 16, pp.3414-3428 , Aug 2019 Van-Linh Nguyen, Po-Ching Lin and Ren-Hung Hwang, “Enhancing misbehavior detection in 5G Vehicle-to-Vehicle communications,” submitted in Aug 2019 to IEEE Transactions on Vehicular Technology Ren-Hung Hwang, Min-Chun Peng, Chien-Wei Huang, Po-Ching Lin and Van-Linh Nguyen, “PartPack: An unsupervised deep learning model for early anomaly detection in network traffic,” submitted in Aug 2019 to IEEE Transactions on Emerging Topics in Computational Intelligence Conference Papers Ren-Hung Hwang, Van-Linh Nguyen, and Po-Ching Lin, “StateFit: A security framework for SDN programmable data plane model,” The 15th International Symposium on Pervasive Systems, Algorithms and Networks (ISPAN), Yichang, China, Oct 2018 Po-Ching Lin, Ping-Chung Li, and Van-Linh Nguyen,“Inferring OpenFlow rules by active probing in software-defined networks,” The 19th International Conference on Advanced Communications Technology (ICACT), Pyongchang, South Korea, Jan 2017 Van-Linh Nguyen, Po-Ching Lin and Ren-Hung Hwang, “Physical signal-driven fusion for V2X misbehavior detection,” IEEE Vehicular Networking Conference, Los Angeles, USA, 2019 COMMUNICATION SKILLS • Vietnamese - Native • English - Proficient • Chinese/Mandarin - Intermediate (including reading/writing) 147 • Japanese - Basic TECHNICAL SKILLS • Programming Languages - C/C++, Python • Academic Programming - NS3, Matlab, Matplotlib 148 ... 4.2.2 The illustration of the anti-spoofing mechanism, in which the TEID value must be the same in both the GTP-C packets and the GTP-U packets 50 4.2.3 The illustration of the ON/ OFF model ON. .. values of the system used for checking the consistency between the claimed value of a given message source and the estimate of the actual state of the vehicle (illustration with location information)... rely on the honest majority rule, i.e., the detection of the nearby/neighbor vehicles, since the attacker can be any of them (c) A misbehavior detection mechanism must work for both Light -of- Sight