Sensor network security defense strategy based on attack graph and improved binary PSO

Safety Science 117 (2019) 81–87

Contents lists available at ScienceDirect

Safety Science journal homepage: www.elsevier.com/locate/safety

Sensor network security defense strategy based on attack graph and improved binary PSO

T

⁎

Chaoxian Donga, , Lixin Zhaob a b

College of Information Media, Sanmenxia Polytechnic, Sanmenxia, Henan 472000, China Dean's Office, Sanmenxia Polytechnic, Sanmenxia, Henan 472000, China

A R T I C LE I N FO

A B S T R A C T

Keywords: Attack graph Binary particle swarm algorithm Sensor network security defense Minimum key strategy set

Attack graph is a common tool for qualitative analysis of Sensor network security and it can provide an important basis for security administrators to prevent malicious intrusion. In order to conduct Sensor network security assessment and active defense, this paper proposed a Sensor network security defense strategy based on attack graphs and improved binary PSO. Based on each intrusion action in the attack graph, it constructed a set of weighted defense strategies to emphasize the defense cost. In order to prevent Sensor network malicious intrusion with minimum cost, the strategy introduced and improved binary particle swarm optimization algorithm and obtains the minimum key strategy set of attack graph. Based on the principle of M-IDS combined with game theory and attack pattern mining algorithm of Markov Decision Process (MDP), the optimal protection strategy is determined by game theory, and MDP is used to predict future attacks and design corresponding protection strategies. Simulation experiments show that compared with the ant colony algorithm and greedy algorithm, the proposed strategy can effectively obtain the optimal solution of the minimum key strategy set and it is more efficient.

1. Introduction With the expansion of the Sensor network scale and the increasingly diversified service connection methods, security vulnerabilities have become an important threat to Sensor network security (Sommestad et al., 2013). The Sensor network attack graph (Kaynar, 2016) simulates the behavior and associated vulnerabilities of intruders and finally enumerates all possible attack paths in the form of map when the intruder attacks the Sensor network. Each path can be regarded as an attack scenario and they contain information such as the relationship between exploits and the sequence of attacks. By analyzing Sensor network attack graphs, security administrators can identify Sensor network system vulnerabilities and potential security threats in advance and select appropriate security defense measures according to requirements to avoid dangerous events (Sommestad and Sandström, 2015; Durkota et al., 2016). The defense strategy map is formed on the basis of the attack graph by adding the defense strategy library corresponding to the attack. The difference between the analysis of the defense strategy map and the analysis of the attack graph is that the former draws a solution from the perspective of the defender, which is more intuitive and efficient than the latter in the perspective of the attacker. The ideal defense (Chiarelli et al., 2016) system should

⁎

prevent all attack behaviors, but considering the actual situation such as organizational resource constraints, it should use limited resources to make the most reasonable decisions. Therefore, the defense cost should be an important factor for security administrators to consider (Sheyner et al., 2002; Abadi and Jalili, 2010; Tang and Guan, 2017; Chen et al., 2016; Aiguo and Qin, 2017). Sheyner in Literature (Sheyner et al., 2002) proposed the concept of minimum critical attack set and cut off the attack path by removing atomic attacks in the set. The study is actually an NP-complete problem. Mahdi Abadia and Saeed Jalilia in Literature (Abadi and Jalili, 2010) proposed a method to get the minimum key strategies for solving attack graphs using the binary particle swarm algorithm (BPSO), which uses fewer particles and more iterations to find the optimal solution. This paper considers the cost of defense strategies against attacks and improves traditional attack graphs, and proposes a Sensor network security defense strategy based on attack graphs and improved binary PSO (Wang and Yan, 2015; CardellOliver et al., 2016; Yang et al., 2016; Amish and Vaghela, 2016; Misra et al., 2017). In the BPSO algorithm, in order to overcome the shortcomings of the particle swarm optimization algorithm which tends to fall into local extremum, premature convergence, and poor convergence performance, this strategy increases the size of the particle swarm (Tang and Guan, 2017) and abstracts each

Corresponding author. E-mail address: [email protected] (C. Dong).

https://doi.org/10.1016/j.ssci.2019.04.007 Received 19 February 2019; Received in revised form 24 March 2019; Accepted 5 April 2019 0925-7535/ © 2019 Elsevier Ltd. All rights reserved.

Safety Science 117 (2019) 81–87

C. Dong and L. Zhao

from a general random solution, find the speed and position of the state through multiple iterations, and finally find the optimal solution of the particle (Aiguo and Qin, 2017). Therefore, the velocity of each particle are updated as follows:

scene into a particle (Ou et al., 2017; Rajendra Achary et al., 2019; Oh et al., 2018; Al-Bashir et al., 2018; Ashish Khanna et al., 2018). It eliminates the reorganization process of extracting and inserting the path into particles, and overcomes the problem of premature convergence. Minimized analysis (Chen et al., 2016) can help security administrators take the best defensive strategies and take the initiative to defend. 2. Defense strategy model

t vidt+ 1 = wvidt + c1 r1 (pidt − x idt ) + c2 r2 ⎜⎛pgd − x idt⎞⎟ ⎠ ⎝

(1)

x idt+ 1 = x idt + vidt+ 1

(2)

The discrete binary PSO algorithm (Wang and Yan, 2015) is an improvement of the PSO algorithm. Its speed update formula is the same as the original PSO algorithm, but there is no original PSO particle position update formula. The speed value is converted to the probability that the position variable x i takes a value of 1, which is generally mapped to the interval (Sommestad et al., 2013) using the sigmoid function. The sigmoid function is defined as follows (CardellOliver et al., 2016):

This paper introduces a policy set M , and the defense strategy map G consists of a seven-tuple G = (S, H , C , E , M , R) . S (Services) represents a set of Sensor network services, which consists of the twotuple s ∈ S (service_name, port); H (Hosts) represents the set of interconnected hosts in the Sensor network, which consists of the four-tuple h ∈ H (id, running service: svcs, intruder rights: privilege, existing vulnerability collection: vuls); C (Connection) represents the set of connection relationships between hosts, which consists of the threetuple c ∈ C (source host: source_host, destination host: dst_host, connection port); E (Exploits) represents the set of atomic attacks contained in the defense strategy map, which consists of the four-tuple e ∈ E (priori conditions, source host: source_host, destination host: dst_host, attack effect); M (countermeasures) represents a set of prevention strategies. In order to prevent attacks from intruders, Sensor network security administrators must adopt effective tactics, such as modifying firewall settings, removing vulnerabilities, modifying services or applications, and canceling user accounts. The defense strategy map is to classify these strategies according to the difficulty of implementation, that is the defense cost. R represents an intruder. For the defense strategy diagram, the significance of the key strategy set is that if all the strategies in the policy set are adopted for the target Sensor network, then all the scenarios can be prevented from being generated, thereby enabling the Sensor network system to be in a certain safe state (Aiguo and Qin, 2017). That is, for a policy set Mc ∈ M if the contained policy in Mc can prevent the generation of all scenarios, then Mc is critical. If the sum of the strategic weights ws contained in Mc is the smallest, that is, there is no key policy set Mc′ which satisfies ws (Mc′) < ws (Mc ) , then the minimum key set is Mc . The above hypothesis is verified by a simple example. Assuming there is a scene set S {{1, 2, 4}, {1, 3, 4}, {1, 4}} , the corresponding policy set T is {{t1, t2}, {t1, t3}, {t2, t4}, {t2}} , as shown in Fig. 1. It is easy to know that the set {t1, t2} is the smallest critical attack set of T .

r3j is a random number on the interval (Sommestad et al., 2013). To avoid the value of sig (v ) too close to 1 or 0, introduce the parameter vmax as the maximum speed value which limits the range of vij , vij ∈ [−vmax , vmax ].

3. Minimum key strategy set acquisition method

ms (ei ) represents the policy set corresponding to the atomic attack ei , then the corresponding policy set is:

3.1. Binary particle swarm optimization

ms (sk ) = ∪ei ∈ sk ms (ei )

sig (v ) ←

1 1 + e−v

(3)

The particle changes its position through Eq. (4):

0 r3j (t ) ⩾ sig (vij (t + 1)) x ij (t + 1) ← ⎧ ⎨ ⎩ 1 r3j (t ) < sig (vij (t + 1))

(4)

3.2. The proposed algorithm 3.2.1. Variable definition Assuming that E = {e1, e2, ...,en} represents atomic attack sets, ei represents single atomic attacks, M = {m1, m2 , ...,mp} represents policy sets, and mi represents individual policy. The variables used in this algorithm are defined as follows: Definition 1 (attack scenario s ) The defense strategy diagram G consists of a five-tuple G = (V , A, V0, Vf , L) . V represents a node set, A represents a directly connected edge, V0 represents an initial node set, Vf represents a target node set, and L represents a path set (Yang et al., 2016), and it is expressed as follows:

sk = L (π ) = e1, ms (e1), e2, ms (e2), ...,er , ms (er )

(5)

(6)

Assuming that S = {s1, s2, ...,sl} represents the set of scenes for the attack graph G . In the algorithm, each attack scene is abstracted into a PSO particle, and the number of particles is equal to the number of scenes in the attack graph. Definition 2 (number of blocked scenes pvr (mj , U ) ) It indicates the number of scenes that the policy in mj can block and the policy in U cannot block. If mj ∈ ms (sk ) , then mj can block scene sk . ps (U ) represents a set of scenarios that can be blocked by a policy in the policy set U .

Particle swarm optimization is a multi-objective optimization intelligent algorithm (Wang and Yan, 2015). Its design idea is to start

pvr (mj , U ) = {sk ∈ S mj ∈ ms (sk ) ∧ sk ∉ ps (U )}

(7)

Definition 3 (separate number of blocked scenes pvx (mj , Mc ) ) It represents the number of scene sets that can be prevented from mj but cannot be prevented from Mc . Mc {mj} represents a complement of mj (mj ∈ Mc ) , ps (Mc {mj}) represents a set of scenes that can be blocked by Mc .

pvx (mj , Mc ) = {sk ∈ S mj ∈ ms (sk ) ∧ sk ∉ ps (Mc {mj})} Fig. 1. Simple attack diagram composed of policy sets.

For mj ∈ Mc , if pvx (mj , Mc ) = 0 , then strategy mj is redundant. 82

(8)

Safety Science 117 (2019) 81–87

C. Dong and L. Zhao

IDS self-learning ability. MDP provides a learning mechanism for IDS, and in the process of learning, MIDS's self learning ability can evolve. When time t is in order st , the decision maker can choose an action. For the decision maker, the process generates in time t + 1 and state st + 1. According to the concept of MDP, this paper defines a function fx : S → Q × B that represents the protection strategy and attack strategy of a particular time node x . For example, fx (st ) = (qi , bj ) represents the combination of protection and attack strategies when a node (qi , bj ) moves from state st to state st + 1, and the return Re(fx (st )) of the node is expressed as follows:

Definition 4 (local selection value svr (mj , Mi ) ) It is defined as follows:

svr (mj , Mi ) = pvr (mj , Mi ) w (mj )

(9)

Definition 5 (redundant value rv (mj , Mc ) ) It is defined as follows:

rv (mj , Mc ) =

w (mj ) 1 + ∑mk ∈ Mc

{mj}

pvx (mk , Mc {mj})

(10)

The proposed algorithm uses Markov Intrusion Detection System (MIDS) to protect sensor nodes. Through MIDS operation in a hierarchical clustering WSNs, a small number of strong cluster heads (CH) a (Amish and Vaghela, 2016). CH has the characteristics of loss prevention hardware, traditional memory and processing power. They can communicate directly with base stations (Misra et al., 2017). When nodes are attacked or receive unknown messages, CH transfers these data to MIDS. Based on the data from CH, MIDS determines which nodes are attacked or at risk and decides whether to protect them (Ou et al., 2017). MIDS sets a threshold v. Once the return value of the node exceeds the threshold v, MIDS will judge whether the node is attacked or in dangerous state, and strengthen the protection of the location area of the node (see Fig. 2).

0 ⎧ ⎪ δi (P − Di ) Re(fx (st )) = ⎨ −D ⎪ Pk − D ij i ⎩

if if if if

i i i i

= ≠ = ≠

0, 0, 0, 0,

j j j j

= = ≠ ≠

0 0 0 0

(11)

In Eq. (11), the first case indicates no protection and no attack. Therefore, the return is 0. For the second case, when the node x is not the target of attack, but IDS still protects the node, the return value is δi (P − Di ) . In the third case, when IDS is not protected against attack, its return will be −D. The last scenario, if i ≠ 0 and j ≠ 0 when it means that IDS uses protection strategies qi to resist attacks bi , pays off Pkij − Di . Suppose the node x is in the state s0 of the moment t = 0 . If the protection strategy q is against the attack strategy b , the state of the node changes from s0 to another s1, and the return of the node x is Re(fx (s0)) , etc., as shown in Eq. (2). In MDP, the state of node x is changed from s0 to s1 and eventually changed to sp , 1 ⩽ p ⩽ k − 1. Therefore, the cumulative return of the node x is as follows:

3.2.2. MIDS model Using the concept of game theory to improve MIDS, two players, but they can also solve the problem of competition events. In order to demonstrate the nature of the relationship between intruders and systems, the non-cooperative game used by MIDS is a method to protect sensor nodes from attack. MIDS also adopts a game, because the loss of a participant is the income of another participant. For example, when MIDS decides to protect clusters, DS must deduct the cost of protection, and the loss is not limited by the loss obtained directly from the opponent. When IDS fails to protect WSNs and the attacker attacks, the return value of IDS will be -B. In order to predict the types of attacks that nodes may be attacked in the future, this paper uses MDP to improve

Re xp = Re(fx (s0 )) + γ Re(fx (s1)) + γ 2 Re(fx (s2)) + ...+γ p Re(fx (sp)) (12) p

The goal of IDS is to obtain cumulative returns Re0x = ∑t = 0 γ p Re(fx (sp)) . The theory of learning algorithm is that in a dynamic environment, the sensor nodes of learning system learn the correct protection strategy by interacting with the nodes around them. If at the moment p , the

Fig. 2. Sensor network security defense model. 83

Safety Science 117 (2019) 81–87

C. Dong and L. Zhao

Fig. 4. Flow chart of improved algorithm.

attacked sensor node. MIDS sends commands to nodes to keep nodes in sleep state, and ensures that the node can be awakened in the future. 3.2.3. Algorithm implementation Under the assumption that a scene is equivalent to one particle, based on the BPSO algorithm, an improved algorithm is obtained by incorporating a greedy repair algorithm and a redundancy elimination algorithm. Since it is not guaranteed that a single path contains all key strategies before each iteration, so greedy fixes are carried out. Considering that the larger the particle dimension is, the lower the algorithm efficiency is, the redundant strategy is eliminated after greedy repair. The flow chart of improved algorithm is in Fig. 3. The input is a weighted policy set model and its related parameters, and the output is the minimum key policy set of the attack graph. The algorithm first abstracts all scenes into corresponding particle swarms, initializes the particle swarm and parameters, and then repeats the iterative process of optimization until it reaches the number of iterations. In each iteration, if the current position x i associated with the policy set is not critical, it performs greedy repair algorithm on particles: select the strategy with the largest local selection value from the complement set of Mi and add it to Mi , modify the corresponding position value to 1 and set the speed is maximum. Repeat this process until the associated policy set of x i is critical. To avoid redundancy, remove the redundancy of the particle: obtain the redundancy set Ri from the associated policy set Mi and select the policy with the largest

Fig. 3. Flow chart of improved binary particle swarm algorithm.

protection policy qi is used against the attack strategy bi , and the state of the node x goes from st to st + 1, the learning function Qt: S × Q × B → R is defined as follows:

Qt (sp, qi , bj ) ← Qt (sp, qi , bj ) + α [Re(fx (sp)) + γ Re xp + 1−Qt (sp, qi , bj )] (13) The node obtains the return through the return function, and the final return value of the node can be obtained by using the Qt learning algorithm. MIDS judges the security of the nodes; otherwise, the judged nodes are not secure, and appropriate protection strategies will be adopted to resist potential attacks. The combination of Markov decision process and attack pattern mining algorithm can determine protection strategies (finding and protecting the weakest nodes). When an intruder continues to attack a single node, the strategy chosen by MIDS may be a sleep model for the 84

Safety Science 117 (2019) 81–87

C. Dong and L. Zhao

Fig. 6. The effect of the number of initial attribute nodes on the performance of the algorithm.

Fig. 7. The average number of iterations of the three algorithms.

Fig 5. MDP operating procedure.

redundancy value and delete it, and set the corresponding position value to 0 and set the speed value minimum. Enter the next cycle until the redundant set is empty. After traversing all the particles, select the global optimal position from the individual optimal positions of the particle swarm and update vmax . Finally, update the velocity vi and position x i for all particles. Assuming that the number of PSO particles is n , the particle dimension is M , and the number of iterations is K , the time complexity of initializing the particle is O (n) , the greedy repair and redundancy elimination algorithm are both O (M 2n) , the updated position and velocity are both O (1) . Then, the total time complexity of this algorithm is O (n) + O (KM 2n2) + O (K ) + O (Kn) . Since both M and K are constants, the total time complexity of the algorithm is O (n2) . From the above analysis, it can be seen that the number of particles

Fig. 8. The average time of a single iteration of the three algorithms.

directly affects the efficiency of the algorithm. To reduce the number of particles, we introduce the scene fusion algorithm. Considering that the inclusion of relationships between scenes exits, particles of shorter dimensions will replace longer particles, and algorithm performance will 85

Safety Science 117 (2019) 81–87

C. Dong and L. Zhao

iterations and the average calculation time of a single iteration in the proposed algorithm are superior to the other two algorithms. The main reason is that the proposed algorithm use the improved discrete binary particle swarm optimization algorithm to improve the computational efficiency, and it has good scalability. When the number of initial attribute nodes reaches 2000, the average computation time for a single iteration is only 11 ms. In order to test the performance of the algorithm in the smallest set of key strategies, six groups of large-scale defense strategy maps are randomly generated, which are recorded as WAG1 to WAG6. Each group of attack graph consists of E , M , S . E is atomic attack set; M is the policy set, the strategy weight is a random number between 1 and 10; S is the scene set, each scene consists of 5–20 atomic attacks from E . Table 1 shows the composition of each attack graph, which contains the average weight and total weight of the strategy. Perform proposed algorithm, ant colony algorithm and greedy algorithm on each group of attack graphs and calculate the sum of the weights of the key strategy sets obtained respectively to compare the performance of the three algorithms, set the maximum number of iterations as 200. Run 30 times for each set of attack graphs and take the average weight. The results are shown in Table 2, form the experimental results we can see that the minimum key strategy weight value obtained by proposed algorithm is about 16% smaller than that of the ant colony algorithm and about 22% smaller than that of the greedy algorithm.

Table 1 Large scale sensor network attacks. Number

Number of attacks

Number of strategies

Number of scenes

Average weight

Total weight

WAG1 WAG2 WAG3 WAG4 WAG5 WAG6

200 200 400 400 600 600

182 161 335 526 351 372

2000 2000 4000 4000 6000 6000

5.36 5.19 5.27 5.29 5.22 5.25

127,828 126,917 467,705 469,136 1,070,861 1,102,997

Table 2 The minimum critical strategy lumped weights for the three algorithms. Number

Proposed algorithm

Ant colony algorithm

Greedy algorithm

WAG1 WAG2 WAG3 WAG4 WAG5 WAG6

106 103 229 227 112 110

158 161 264 259 127 123

165 192 274 271 136 138

improve. The flow chart of the algorithm is in Fig. 4. In order to solve the problem that detection process takes too much time in game theory, MDP is applied to predict the possible attack, MIDS designed a node protection strategy. Fig. 5 shows the operation steps of MDP.

5. Conclusion This paper focuses on the optimization of Sensor network defense strategies for defense strategy maps. It transforms the problems into the smallest set of key strategies for solving defense strategy maps and avoids the problem of ignoring the defense costs in key attack sets. The proposed Sensor network security defense strategy based on attack graphs and improved binary PSO can effectively overcome the shortcomings of premature convergence. Compared with ant colony algorithm and greedy algorithm, we know that the minimum key strategy set obtained by this algorithm is better than the other two algorithms, which indicates that the algorithm is more efficient.

M-IDS record past attacks. MDP analyses attack records. If sensor nodes are frequently attacked in a short time, MDP uses time stamp analysis to determine the predicted value. MDP transfer sensor node prediction value to game theory mode. Before merging timestamp analysis, MDP processes each attack record by the attack type of each sensor node, so as to predict future attacks and design attack strategies.

4. Experimental results and analysis

References

In order to verify the feasibility and scalability of the proposed algorithm, experiments are carried out from different angles of analysis. The experimental environment is as follows: server PowerEDGE R710, operating system RetHAT V5.4, memory 32 GB, CPU 2.26 GHz. According to the performance analysis of the algorithm, the performance of the algorithm is related to the number of initial attribute nodes, number of iterations, and other parameters in the target Sensor network system. In order to verify the influence of these parameters on the performance of the algorithm in different Sensor network environments, the following experiment is designed on the premise of obtaining the optimal solution. When the number of initial attribute nodes is different, the average calculation time for a single iteration is shown in Fig. 6. The average calculation time of a single iteration is a polynomial increase trend with the increase of the number of initial attribute nodes. Compare the proposed algorithm with ant colony algorithm and greedy algorithm. In the proposed algorithm, set the parameters as c1 = 3, c2 = 3, the initial maximum speed Vmax (0) = 2, the final maximum speed Vmax (t max) = 2 . In the ant colony algorithm, set the parameters α = 1, β = 7 , ρ = 0.6. Figs. 7 and 8 show the average number of iterations and the average calculation time of a single iteration of the three algorithms when achieving the optimal state using different number of initial attribute nodes. From the experimental results we can see that on the one hand, for the same target Sensor network environment, the average number of

Abadi, M., Jalili, S., 2010. A particle swarm optimization algorithm for minimization analysis of cost-sensitive attack graphs[J]. Journals 9 (2), 299–306. Al-Bashir, A.K., Al-Abed, M.A., Amari, H.K., Al-Rousan, F.M., Bashmaf, O.M., Abdulhay, E.W., Al-Basheer, A.K., 2018. Computer-based cobb angle measurement using deflection points in adolescence idiopathic scoliosis from radiographic images. Neural Comput. Appl. 1–15. https://doi.org/10.1007/s00521-018-3614-y. Amish, P., Vaghela, V.B., 2016. Detection and prevention of wormhole attack in wireless sensor network using AOMDV protocol ☆[J]. Procedia Comput. Sci. 79, 700–707. CardellOliver, Rachel, Kranz, Mark, Smettem, Keith, et al., 2016. A reactive soil moisture sensor network: design and field evaluation [J], 1(2), 149–162. Chen, B., Zhang, J., Xie, W., et al., 2016. Minimum-cost survivable virtual optical sensor network mapping in flexible bandwidth optical sensor networks[C]. Global Communications Conference. IEEE, pp. 2023–2038. Chiarelli, R., Martino, C., Agnello, M., et al., 2016. Autophagy as a defense strategy against stress: focus on paracentrotus lividus sea urchin embryos exposed to cadmium.[J]. Cell Stress Chaperon. 21 (1), 19–27. Durkota, K., Lisy, V., Kiekintveld, C., et al., 2016. Case studies of sensor network defense with attack graph games[J]. IEEE Intell. Syst. 31 (5), 24–30. Kaynar, K., 2016. A taxonomy for attack graph generation and usage in sensor network security[J]. J. Inform. Secur. Appl. 29 (C), 27–56. Khanna, Ashish, Jain, Sanchit, Aggarwal, Tushar, kumar, Arun, Gupta, Deepak, Julka, Arnav, Albuquerque, Victor, 2018. Optimized cuttlefish algorithm for diagnosis of Parkinson’s disease, Cognitive Syst. Res., 52, 36–48. Li Aiguo, Qin, 2017. Particle swarm optimization algorithms[J]. Adv. Mater. Res. 186 (3), 454–458. Misra, S., Chatterjee, S., Obaidat, M.S., 2017. On theoretical modeling of sensor cloud: a paradigm shift from wireless sensor network[J]. IEEE Syst. J. 11 (2), 1084–1093. Oh, Shu Lih, Hagiwara, Yuki, Raghavendra, U., Yuvaraj, Rajamanickam, Arunkumar, N., Murugappan, M., Rajendra Acharya, U., 2018. A deep learning approach for Parkinson’s disease diagnosis from EEG signals. Neural Comput. Appl., 1–7. https:// doi.org/10.1007/s00521-018-3689-5. Ou, S.H., Lee, C.H., Somayazulu, V.S., et al., 2017. On-line multi-view video

86

Safety Science 117 (2019) 81–87

C. Dong and L. Zhao

analysis tool[J]. Inform. Comput. Secur. 23 (5), 516–531. Sommestad, T., Ekstedt, M., Holm, H., 2013. The cyber security modeling language: a tool for assessing the vulnerability of enterprise system architectures[J]. IEEE Syst. J. 7 (3), 363–373. Tang, Y., Guan, X., 2017. Parameter estimation for time-delay chaotic system by particle swarm optimization[J]. Chaos Solitons Fractals 40 (3), 1391–1398. Wang, H., Yan, X., 2015. Optimizing the echo state Sensor network with a binary particle swarm optimization algorithm[J]. Knowl.-Based Syst. 86 (C), 182–193. Yang, Yi, Zhu, Sencun, Cao, Guohong, 2016. Improving sensor network immunity under worm attacks: a software diversity approach ☆[J]. Ad Hoc Netw. 47 (1), 26–40.

summarization for wireless video sensor network[J]. IEEE J. Sel. Top. Signal Process. 9 (1), 165–179. Rajendra Achary, U., Hagiwara, Yuki, Deshpande, Sunny Nitin, Suren, S., Koh, Joel En Wei, Oh, Shu Lih, Arunkumar, N., Ciaccio, Edward J., Lim, Choo Min, 2019. Characterization of focal EEG signals: a review. Future Gener. Comput. Syst., 91, 290–299. Sheyner, O., Haines, J., Jha, S., et al., 2002. Automated generation and analysis of attack graphs[C]. IEEE Symposium on Security and Privacy. IEEE Computer Society, pp. 273–284. Sommestad, T., Sandström, F., 2015. An empirical test of the accuracy of an attack graph

87