M. Sophocleous, A. Karkotis, L. Christofi, T. Lagos Jenschke, M. Dias de Amorim, S. Fdida, J. Costa-Requena, S. Katta

We consider the important emerging scenario of a private 5G packet core supporting proximity services enabling coverage extension for end-devices through relays using Wi-Fi Direct connectivity. We demonstrate and evaluate the implementation of Device-to-device (D2D) communications using Off-The-Shelf User Equipment through the development of a customized 5G Packet Core with Local Area Network capability and a mobile/server application to allow direct communication, discovery, and relay selection between the end-device and the relay(s). The system was tested in a laboratory-based testbed, and latency, throughput, and jitter measurements were obtained for multiple devices. We conclude that 5G networks are suitable for industrial applications, although current 5G solutions are focused on consumer communications, which require changes in the configuration to have similar capacity and delay both for download and upload traffic.

K. Psychogyios, T.H. Velivassaki, St. Bourou, A. Voulkidis, D. Skias, Th. Zahariadis

Federated learning (FL) is an emerging machine learning technique where machine learning models are trained in a decentralized manner. The main advantage of this approach is the data privacy it provides because the data are not processed in a centralized device. Moreover, the local client models are aggregated on a server, resulting in a global model that has accumulated knowledge from all the different clients. This approach, however, is vulnerable to attacks because clients can be malicious or malicious actors may interfere within the network. In the first case, these types of attacks may refer to data or model poisoning attacks where the data or model parameters, respectively, may be altered. In this paper, we investigate the data poisoning attacks and, more specifically, the label-flipping case within a federated learning system. For an image classification task, we introduce two variants of data poisoning attacks, namely model degradation and targeted label attacks. These attacks are based on synthetic images generated by a generative adversarial network (GAN). This network is trained jointly by the malicious clients using a concatenated malicious dataset. Due to dataset sample limitations, the architecture and learning procedure of the GAN are adjusted accordingly. Through the experiments, we demonstrate that these types of attacks are effective in achieving their task and managing to fool common federated defenses (stealth). We also propose a mechanism to mitigate these attacks based on clean label training on the server side. In more detail, we see that the model degradation attack causes an accuracy degradation of up to 25%, while common defenses can only alleviate this for a percentage of ∼5%. Similarly, the targeted label attack results in a misclassification of 56% compared to 2.5% when no attack takes place. Moreover, our proposed defense mechanism is able to mitigate these attacks.

Z. Anastasakis, K. Psychogyios, T.-H. Velivassaki, St. Bourou, A. Voulkidis, D. Skias, A. Gonos, Th. Zahariadis,

Nowadays, IoT networks and devices exist in our everyday life, capturing and carrying unlimited data. However, increasing penetration of connected systems and devices implies rising threats for cybersecurity with IoT systems suffering from network attacks. Artificial Intelligence (AI) and Machine Learning take advantage of huge volumes of IoT network logs to enhance their cybersecurity in IoT. However, these data are often desired to remain private. Federated Learning (FL) provides a potential solution which enables collaborative training of attack detection model among a set of federated nodes, while preserving privacy as data remain local and are never disclosed or processed on central servers. While FL is resilient and resolves, up to a point, data governance and ownership issues, it does not guarantee security and privacy by design. Adversaries could interfere with the communication process, expose network vulnerabilities, and manipulate the training process, thus affecting the performance of the trained model. In this paper, we present a federated learning model which can successfully detect network attacks in IoT systems. Moreover, we evaluate its performance under various settings of differential privacy as a privacy preserving technique and configurations of the participating nodes. We prove that the proposed model protects the privacy without actually compromising performance. Our model realizes a limited performance impact of only ~ 7% less testing accuracy compared to the baseline while simultaneously guaranteeing security and applicability.

T. Lagos Jenschke, M. Dias de Amorim, S. Fdida

The enormous success of direct communication applications has shed light on the practical interest of Device-to-device (D2D) communications. However, to set up a direct link between two neighboring nodes, they have first to detect each other, which introduces a delay before they can start sending and receiving data. The link establishment delay can be particularly unfavorable in situations of strong mobility, as the availability of the direct communication link depends on how long the devices stay within communication range of each other. This paper reports on our experiments to evaluate the link establishment delay. We focus on Android devices and use the Nearby Connection Application Programming Interface (API), which supports Bluetooth Classic and Bluetooth Low Energy (BLE) to perform link connectivity. In a nutshell, we observe that the link establishment delay requires several seconds to complete in the case of Bluetooth Classic and even tens of seconds for BLE.

A.Geri, F.M.Gatta, M.Maccioni, J.Dell’Olmo, F.Carere, M.A.Bucarelli, P.Poursoltan, N.Hadifar, M.Paulucci

The energy transition requires an increasing penetration of renewable resources, particularly at MV/LV levels. The emerging production scheme is characterized by distributed power plants, imposes a capillary control of produc-tion and consumption among the Distribution Network (DN). The implementa-tion of Demand-side Response (DSR) campaigns is widely seen as a solution that can increase grid stability, but they require a complex and expensive monitoring infrastructure to select the optimal operating point of the production/consumption systems. This paper suggests a cheap and reliable smart monitoring device based on Raspberry Pi technology. The communication infrastructure adopted in the smart building of ASM S.p.A., the Distribution System Operator (DSO) of Terni city, shows the feasibility of implementing this prototype on a large-scale.

N. Fotiou, V. A. Siris, G. Polyzos, Y. Kortesniemi, D. Lagutin

Capabilities-based access control is a promising paradigm that can handle the particularities of IoT systems.Nevertheless, existing systems are not interoperable and they have limitations, such as lack of proof of possession, inefficient revocation mechanisms, and reliance on trusted third parties. In this paper we overcome these limitations by designing and implementing a system that leverages Verifiable Credentials (VCs) to encode the access rights. Our solution specifies protocols for requesting and using VCs that can be mapped to OAuth 2.0, includes an efficient and privacy preserving proof of possession mechanism, and it supports revocation. We implement and evaluate our solution and we show that it can be directly used even by constrained devices. Index Terms—Decentralized Identifiers, OAuth 2.0, Proof-ofPossession, Internet of Things

A. Geri, F.M. Gatta, M. Maccioni, J. Dell’Olmo, F. Carere, M.A. Bucarelli, P. Poursoltan, N. Hadifar, M. Paulucci

The evolution of the distribution grids towards the smart grid paradigm requires the implementation of a telecommunication network overlayed to the distribution grid. To achieve this target a new generation of reliable, cheap, and easily deployable smart meters needs to be developed. This paper presents a smart meter that fits in a series of possible implementations from the household metering to the distributed generation monitoring. The Raspberry Pi ecosystem is chosen for this purpose due to low cost and a highly reliable technology to develop an easy-deployable smart meter, to collect the principal magnitudes of interest of the monitored side and make them accessible from Laptop or mobile phone. The designed device is realized and deployed in a secondary substation to monitor a PV power plant in the ASM Terni distribution network.

St. Bourou, A. El Saer, T.-H. Velivassaki, A. Voulkidis, Th. Zahariadis

Recent technological innovations along with the vast amount of available data worldwide, have led to the rise of cyberattacks against network systems. Intrusion Detection Systems (IDS) play a crucial role as a defense mechanism in networks, against adversarial attackers. Machine Learning methods provide various cybersecurity tools. However, these methods require plenty of data to be trained efficiently. Data which may be hard to collect or to use due to privacy reasons. One of the most notable Machine Learning tools is the Generative Adversarial Network (GAN) and it has great potential for Tabular data synthesis. In this work, we start by briefly presenting the most popular GAN architectures, VanillaGAN, WGAN and WGAN-GP. Focusing on tabular data generation, CTGAN, CopulaGAN and TableGAN models are used for the creation of synthetic IDS data. Specifically, the models are trained and evaluated on NSL-KDD dataset, considering the limitations and requirements that this procedure needs. Finally, based on certain quantitative and qualitative methods we argue and evaluate the most prominent GANs for tabular network data synthesis.

N. Eiling, J. Baude, S. Lankes, A. Monti

In high-performance computing and cloud computing the introduction of heterogeneous computing resources, such as GPU accelerator have led to a dramatic increase in performance and efficiency. While the benefits of virtualization features in these environments are well researched, GPUs do not offer virtualization support that enables fine-grained control, increased flexibility, and fault tolerance. In this article, we present Cricket: A transparent and low-overhead solution to GPU virtualization that enables future research into other virtualization techniques, due to its open-source nature. Cricket supports remote execution and checkpoint/restart of CUDA applications. Both features enable the distribution of GPU tasks dynamically and flexibly across computing nodes and the multi-tenant usage of GPU resources, thereby improving flexibility and utilization for high-performance and cloud computing.