To improve the theoretical prediction accuracy of static mechanical quantities in MEMS cantilever beams for microwave power detection chips,a distributed static model is proposed based on the deflection equation.An an...To improve the theoretical prediction accuracy of static mechanical quantities in MEMS cantilever beams for microwave power detection chips,a distributed static model is proposed based on the deflection equation.An analytical frame-work is established through the precise characterization of cantilever beam bending.The framework can accurately extract key electromechanical parameters,and the correlation between these parameters and geometric changes is systematically studied.Results show that the pull-in voltage increases with the gap but decreases with the length.The predicted pull-in voltage indi-cates a relative error of only 6.5%between the distributed static model and the simulation,which is significantly lower than that of the other two models.The overload power and sensitivity are also analyzed to facilitate performance trade-offs in chip design.The measured return loss varies between-66.46 and-10.56 dB over the 8-12 GHz frequency band,exhibiting a charac-teristic V-shaped trend.Moreover,the measured sensitivity of 66.5 fF/W closely matches the theoretical value of 69.3 fF/W,show-ing a relative error of 5.6%.These findings confirm that the distributed model outperforms the other two in terms of both accu-racy and physical realism,thereby providing important reference for the design of microwave power detection chips.展开更多
Mobile malware is rapidly increasing and its detection has become a critical issue. In this study, we summarize the common characteristics of this inalicious software on Android platform. We design a detection engine ...Mobile malware is rapidly increasing and its detection has become a critical issue. In this study, we summarize the common characteristics of this inalicious software on Android platform. We design a detection engine consisting of six parts: decompile, grammar parsing, control flow and data flow analysis, safety analysis, and comprehensive evaluation. In the comprehensive evaluation, we obtain a weight vector of 29 evaluation indexes using the analytic hierarchy process. During this process, the detection engine exports a list of suspicious API. On the basis of this list, the evaluation part of the engine performs a compre- hensive evaluation of the hazard assessment of software sample. Finally, hazard classification is given for the software. The false positive rate of our approach for detecting rnalware samples is 4. 7% and normal samples is 7.6%. The experimental results show that the accuracy rate of our approach is almost similar to the method based on virus signatures. Compared with the method based on virus signatures, our approach performs well in detecting unknown malware. This approach is promising for the application of malware detection.展开更多
Chromium is a harmful contaminant showing mutagenicity and carcinogenicity.Therefore,detection of chromium requires the development of low-cost and high-sensitivity sensors.Herein,blue-fluorescent carbon quantum dots ...Chromium is a harmful contaminant showing mutagenicity and carcinogenicity.Therefore,detection of chromium requires the development of low-cost and high-sensitivity sensors.Herein,blue-fluorescent carbon quantum dots were synthesized by one-step hydrothermal method from alkali-soluble Poria cocos polysaccharide,which is green source,cheap and easy to obtain,and has no pharmacological activity due to low water solubility.These carbon quantum dots exhibit good fluorescence stability,water solubility,anti-interference and low cytotoxicity,and can be specifically combined with the detection of Cr(Ⅵ)to form a non-fluorescent complex that causes fluorescence quenching,so they can be used as a label-free nanosensor.High-sensitivity detection of Cr(Ⅵ)was achieved through internal filtering and static quenching effects.The fluorescence quenching degree of carbon dots fluorescent probe showed a good linear relationship with Cr(Ⅵ)concentration in the range of 1-100μM.The linear equation was F;/F=0.9942+0.01472[Cr(Ⅵ)](R;=0.9922),and the detection limit can be as low as 0.25μM(S/N=3),which has been successfully applied to Cr(Ⅵ)detection in actual water samples herein.展开更多
A major issue while building web applications is proper input validation and sanitization.Attackers can quickly exploit errors and vulnerabilities that lead to malicious behavior in web application validation operatio...A major issue while building web applications is proper input validation and sanitization.Attackers can quickly exploit errors and vulnerabilities that lead to malicious behavior in web application validation operations.Attackers are rapidly improving their capabilities and technologies and now focus on exploiting vulnerabilities in web applications and compromising confidentiality.Cross-site scripting(XSS)and SQL injection attack(SQLIA)are attacks in which a hacker sends malicious inputs(cheat codes)to confuse a web application,to access or disable the application’s back-end without user awareness.In this paper,we explore the problem of detecting and removing bugs from both client-side and server-side code.A new idea that allows assault detection and prevention using the input validation mechanism is introduced.In addition,the project supports web security tests by providing easy-to-use and accurate models of vulnerability prediction and methods for validation.If these attributes imply a program statement that is vulnerable in an SQLIA,this can be evaluated and checked for a set of static code attributes.Additionally,we provide a script whitelisting interception layer built into the browser’s JavaScript engine,where the SQLIA is eventually detected and the XSS attack resolved using the method of input validation and script whitelisting under pushdown automatons.This framework was tested under a scenario of an SQL attack and XSS.It is demonstrated to offer an extensive improvement over the current framework.The framework’s main ability lies in the decrease of bogus positives.It has been demonstrated utilizing new methodologies,nevertheless giving unique access to sites dependent on the peculiarity score related to web demands.Our proposed input validation framework is shown to identify all anomalies and delivers better execution in contrast with the current program.展开更多
Side-channel attacks have recently progressed into software-induced attacks.In particular,a rowhammer attack,which exploits the characteristics of dynamic random access memory(DRAM),can quickly and continuously access...Side-channel attacks have recently progressed into software-induced attacks.In particular,a rowhammer attack,which exploits the characteristics of dynamic random access memory(DRAM),can quickly and continuously access the cells as the cell density of DRAM increases,thereby generating a disturbance error affecting the neighboring cells,resulting in bit flips.Although a rowhammer attack is a highly sophisticated attack in which disturbance errors are deliberately generated into data bits,it has been reported that it can be exploited on various platforms such as mobile devices,web browsers,and virtual machines.Furthermore,there have been studies on bypassing the defense measures of DRAM manufacturers and the like to respond to rowhammer attacks.A rowhammer attack can control user access and compromise the integrity of sensitive data with attacks such as a privilege escalation and an alteration of the encryption keys.In an attempt to mitigate a rowhammer attack,various hardware-and software-based mitigation techniques are being studied,but there are limitations in that the research methods do not detect the rowhammer attack in advance,causing overhead or degradation of the system performance.Therefore,in this study,a rowhammer attack detection technique is proposed by extracting common features of rowhammer attack files through a static analysis of rowhammer attack codes.展开更多
Behaviour detection models based on automata have been studied widely. By add- ing edge ε, the local automata are combined into global automata to describe and detect soft- ware behaviour. However, these methods in- ...Behaviour detection models based on automata have been studied widely. By add- ing edge ε, the local automata are combined into global automata to describe and detect soft- ware behaviour. However, these methods in- troduce nondeterminacy, leading to models that are imprecise or inefficient. We present a model of software Behaviour Detection based on Process Algebra and system call (BDPA). In this model, a system call is mapped into an action, and a function is mapped into a process We construct a process expression for each function to describe its behaviour. Without con- strutting automata or introducing nondeter- minacy, we use algebraic properties and algo- rithms to obtain a global process expression by combining the process expressions derived from each function. Behaviour detection rules and methods based on BDPA are determined by equivalence theory. Experiments demon- strate that the BDPA model has better preci- sion and efficiency than traditional methods.展开更多
This study presents a new idea of using only mid-span displacement measurement for damage detection of simply supported beams. Equivalent element concept is introduced at the beginning. In order to relate the damage d...This study presents a new idea of using only mid-span displacement measurement for damage detection of simply supported beams. Equivalent element concept is introduced at the beginning. In order to relate the damage detectability by means of mid-span dlsplacement measurement with the damage-eaused local stiffness change, a novel index termed as symmetrical mid-span displacement difference index (SMDDI) is proposed. The proposed method based on SMDDI is sensitive to tiny damage and comparatively small quantities of measurements are required during the application process. Another significant attraction of this method is putting aside the knowledge a-priori of the intact state. An example using simulated data has been conducted to examine the suitability of this method and assess its comparative advantages over the previous modal method.展开更多
In an era marked by escalating cybersecurity threats,our study addresses the challenge of malware variant detection,a significant concern for amultitude of sectors including petroleum and mining organizations.This pap...In an era marked by escalating cybersecurity threats,our study addresses the challenge of malware variant detection,a significant concern for amultitude of sectors including petroleum and mining organizations.This paper presents an innovative Application Programmable Interface(API)-based hybrid model designed to enhance the detection performance of malware variants.This model integrates eXtreme Gradient Boosting(XGBoost)and an Artificial Neural Network(ANN)classifier,offering a potent response to the sophisticated evasion and obfuscation techniques frequently deployed by malware authors.The model’s design capitalizes on the benefits of both static and dynamic analysis to extract API-based features,providing a holistic and comprehensive view of malware behavior.From these features,we construct two XGBoost predictors,each of which contributes a valuable perspective on the malicious activities under scrutiny.The outputs of these predictors,interpreted as malicious scores,are then fed into an ANN-based classifier,which processes this data to derive a final decision.The strength of the proposed model lies in its capacity to leverage behavioral and signature-based features,and most importantly,in its ability to extract and analyze the hidden relations between these two types of features.The efficacy of our proposed APIbased hybrid model is evident in its performance metrics.It outperformed other models in our tests,achieving an impressive accuracy of 95%and an F-measure of 93%.This significantly improved the detection performance of malware variants,underscoring the value and potential of our approach in the challenging field of cybersecurity.展开更多
The method proposed in this paper is based on the fact that the damage in different types of structural members has distinctive influence on the structural stiffness. The intrinsic mechanical property of the structure...The method proposed in this paper is based on the fact that the damage in different types of structural members has distinctive influence on the structural stiffness. The intrinsic mechanical property of the structure is tapped and fully utilized for damage detection. The simplified model of the flexibility of frames treats the individual storeys as springs in series and the frame as an equivalent column. It fully considers the main deformation of all beams and columns in the frame. The deformation property of the simplified model accorded well with that of the actual frame model. The obtained increment of lateral displacement change (IOLDC) at the storey level was found to be very sensitive to the local damage in the frame. A damage detection method is pro- posed using the IOLDCs as the damage identification parameters. Numerical examples demonstrate the potential applicability of this method.展开更多
At present,the network security situation is becoming more and more serious.Malicious network attacks such as computer viruses,Trojans and hacker attacks are becoming more and more rampant.National and group network a...At present,the network security situation is becoming more and more serious.Malicious network attacks such as computer viruses,Trojans and hacker attacks are becoming more and more rampant.National and group network attacks such as network information war and network terrorism have a serious damage to the production and life of the whole society.At the same time,with the rapid development of Internet of Things and the arrival of 5G era,IoT devices as an important part of industrial Internet system,have become an important target of infiltration attacks by hostile forces.This paper describes the challenges facing firmware vulnerability detection at this stage,and introduces four automatic detection and utilization technologies in detail:based on patch comparison,based on control flow,based on data flow and ROP attack against buffer vulnerabilities.On the basis of clarifying its core idea,main steps and experimental results,the limitations of its method are proposed.Finally,combined with four automatic detection methods,this paper summarizes the known vulnerability detection steps based on firmware analysis,and looks forward to the follow-up work.展开更多
Deadlock detection is an essential aspect of concurrency control in parallel and distributed systems,as it ensures the efficient utilization of resources and prevents indefinite delays.This paper presents a comprehens...Deadlock detection is an essential aspect of concurrency control in parallel and distributed systems,as it ensures the efficient utilization of resources and prevents indefinite delays.This paper presents a comprehensive analysis of the various deadlock detection techniques,including static and dynamic approaches.We discuss the future improvements associated with deadlock detection and provide a comparative evaluation of these techniques in terms of their accuracy,complexity,and scalability.Furthermore,we outline potential future research directions to improve deadlock detection mechanisms and enhance system performance.展开更多
基金supported by the National Natural Science Foundation of China(61904089)the Province Natural Science Foundation of Jiangsu(BK20190731).
文摘To improve the theoretical prediction accuracy of static mechanical quantities in MEMS cantilever beams for microwave power detection chips,a distributed static model is proposed based on the deflection equation.An analytical frame-work is established through the precise characterization of cantilever beam bending.The framework can accurately extract key electromechanical parameters,and the correlation between these parameters and geometric changes is systematically studied.Results show that the pull-in voltage increases with the gap but decreases with the length.The predicted pull-in voltage indi-cates a relative error of only 6.5%between the distributed static model and the simulation,which is significantly lower than that of the other two models.The overload power and sensitivity are also analyzed to facilitate performance trade-offs in chip design.The measured return loss varies between-66.46 and-10.56 dB over the 8-12 GHz frequency band,exhibiting a charac-teristic V-shaped trend.Moreover,the measured sensitivity of 66.5 fF/W closely matches the theoretical value of 69.3 fF/W,show-ing a relative error of 5.6%.These findings confirm that the distributed model outperforms the other two in terms of both accu-racy and physical realism,thereby providing important reference for the design of microwave power detection chips.
基金supported by Major National Science and Technology Projects(No.3) under Grant No. 2012ZX03002012
文摘Mobile malware is rapidly increasing and its detection has become a critical issue. In this study, we summarize the common characteristics of this inalicious software on Android platform. We design a detection engine consisting of six parts: decompile, grammar parsing, control flow and data flow analysis, safety analysis, and comprehensive evaluation. In the comprehensive evaluation, we obtain a weight vector of 29 evaluation indexes using the analytic hierarchy process. During this process, the detection engine exports a list of suspicious API. On the basis of this list, the evaluation part of the engine performs a compre- hensive evaluation of the hazard assessment of software sample. Finally, hazard classification is given for the software. The false positive rate of our approach for detecting rnalware samples is 4. 7% and normal samples is 7.6%. The experimental results show that the accuracy rate of our approach is almost similar to the method based on virus signatures. Compared with the method based on virus signatures, our approach performs well in detecting unknown malware. This approach is promising for the application of malware detection.
基金financially supported by the Natural Science Foundation of Anhui University of Chinese Medicine (Grant No.: 2018zrzd04)Anhui Provincial Natural Science Foundation (Grant No.: 1908085QH351)+2 种基金Major Science and Technology Projects of Anhui Province (Grant No.: 18030801131)National Key Research and Development Project (Grant No.: 2017YFC1701600)Anhui Province’s Central Special Fund for Local Science and Technology Development (Grant No.: 201907d07050002)
文摘Chromium is a harmful contaminant showing mutagenicity and carcinogenicity.Therefore,detection of chromium requires the development of low-cost and high-sensitivity sensors.Herein,blue-fluorescent carbon quantum dots were synthesized by one-step hydrothermal method from alkali-soluble Poria cocos polysaccharide,which is green source,cheap and easy to obtain,and has no pharmacological activity due to low water solubility.These carbon quantum dots exhibit good fluorescence stability,water solubility,anti-interference and low cytotoxicity,and can be specifically combined with the detection of Cr(Ⅵ)to form a non-fluorescent complex that causes fluorescence quenching,so they can be used as a label-free nanosensor.High-sensitivity detection of Cr(Ⅵ)was achieved through internal filtering and static quenching effects.The fluorescence quenching degree of carbon dots fluorescent probe showed a good linear relationship with Cr(Ⅵ)concentration in the range of 1-100μM.The linear equation was F;/F=0.9942+0.01472[Cr(Ⅵ)](R;=0.9922),and the detection limit can be as low as 0.25μM(S/N=3),which has been successfully applied to Cr(Ⅵ)detection in actual water samples herein.
基金Taif University supported this study through Taif University Researcher Support Project(TURSP-2020/115).
文摘A major issue while building web applications is proper input validation and sanitization.Attackers can quickly exploit errors and vulnerabilities that lead to malicious behavior in web application validation operations.Attackers are rapidly improving their capabilities and technologies and now focus on exploiting vulnerabilities in web applications and compromising confidentiality.Cross-site scripting(XSS)and SQL injection attack(SQLIA)are attacks in which a hacker sends malicious inputs(cheat codes)to confuse a web application,to access or disable the application’s back-end without user awareness.In this paper,we explore the problem of detecting and removing bugs from both client-side and server-side code.A new idea that allows assault detection and prevention using the input validation mechanism is introduced.In addition,the project supports web security tests by providing easy-to-use and accurate models of vulnerability prediction and methods for validation.If these attributes imply a program statement that is vulnerable in an SQLIA,this can be evaluated and checked for a set of static code attributes.Additionally,we provide a script whitelisting interception layer built into the browser’s JavaScript engine,where the SQLIA is eventually detected and the XSS attack resolved using the method of input validation and script whitelisting under pushdown automatons.This framework was tested under a scenario of an SQL attack and XSS.It is demonstrated to offer an extensive improvement over the current framework.The framework’s main ability lies in the decrease of bogus positives.It has been demonstrated utilizing new methodologies,nevertheless giving unique access to sites dependent on the peculiarity score related to web demands.Our proposed input validation framework is shown to identify all anomalies and delivers better execution in contrast with the current program.
基金supported by a National Research Foundation of Korea(NRF)Grant funded by the Korean government(MSIT)(No.NRF-2017R1E1A1A01075110).
文摘Side-channel attacks have recently progressed into software-induced attacks.In particular,a rowhammer attack,which exploits the characteristics of dynamic random access memory(DRAM),can quickly and continuously access the cells as the cell density of DRAM increases,thereby generating a disturbance error affecting the neighboring cells,resulting in bit flips.Although a rowhammer attack is a highly sophisticated attack in which disturbance errors are deliberately generated into data bits,it has been reported that it can be exploited on various platforms such as mobile devices,web browsers,and virtual machines.Furthermore,there have been studies on bypassing the defense measures of DRAM manufacturers and the like to respond to rowhammer attacks.A rowhammer attack can control user access and compromise the integrity of sensitive data with attacks such as a privilege escalation and an alteration of the encryption keys.In an attempt to mitigate a rowhammer attack,various hardware-and software-based mitigation techniques are being studied,but there are limitations in that the research methods do not detect the rowhammer attack in advance,causing overhead or degradation of the system performance.Therefore,in this study,a rowhammer attack detection technique is proposed by extracting common features of rowhammer attack files through a static analysis of rowhammer attack codes.
基金supported by the Fund of National Natural Science Project under Grant No.61272125the Specialized Research Fund for the Doctoral Program of Higher Education under Grant No.20121333110014the Hebei Provincial Natural Science Foundation under Grant No.F2011203234
文摘Behaviour detection models based on automata have been studied widely. By add- ing edge ε, the local automata are combined into global automata to describe and detect soft- ware behaviour. However, these methods in- troduce nondeterminacy, leading to models that are imprecise or inefficient. We present a model of software Behaviour Detection based on Process Algebra and system call (BDPA). In this model, a system call is mapped into an action, and a function is mapped into a process We construct a process expression for each function to describe its behaviour. Without con- strutting automata or introducing nondeter- minacy, we use algebraic properties and algo- rithms to obtain a global process expression by combining the process expressions derived from each function. Behaviour detection rules and methods based on BDPA are determined by equivalence theory. Experiments demon- strate that the BDPA model has better preci- sion and efficiency than traditional methods.
基金National Key Basic Research and Development Program of China (973) (No. 2002CB412709)
文摘This study presents a new idea of using only mid-span displacement measurement for damage detection of simply supported beams. Equivalent element concept is introduced at the beginning. In order to relate the damage detectability by means of mid-span dlsplacement measurement with the damage-eaused local stiffness change, a novel index termed as symmetrical mid-span displacement difference index (SMDDI) is proposed. The proposed method based on SMDDI is sensitive to tiny damage and comparatively small quantities of measurements are required during the application process. Another significant attraction of this method is putting aside the knowledge a-priori of the intact state. An example using simulated data has been conducted to examine the suitability of this method and assess its comparative advantages over the previous modal method.
基金supported by the Deanship of Scientific Research at Northern Border University for funding work through Research Group No.(RG-NBU-2022-1724).
文摘In an era marked by escalating cybersecurity threats,our study addresses the challenge of malware variant detection,a significant concern for amultitude of sectors including petroleum and mining organizations.This paper presents an innovative Application Programmable Interface(API)-based hybrid model designed to enhance the detection performance of malware variants.This model integrates eXtreme Gradient Boosting(XGBoost)and an Artificial Neural Network(ANN)classifier,offering a potent response to the sophisticated evasion and obfuscation techniques frequently deployed by malware authors.The model’s design capitalizes on the benefits of both static and dynamic analysis to extract API-based features,providing a holistic and comprehensive view of malware behavior.From these features,we construct two XGBoost predictors,each of which contributes a valuable perspective on the malicious activities under scrutiny.The outputs of these predictors,interpreted as malicious scores,are then fed into an ANN-based classifier,which processes this data to derive a final decision.The strength of the proposed model lies in its capacity to leverage behavioral and signature-based features,and most importantly,in its ability to extract and analyze the hidden relations between these two types of features.The efficacy of our proposed APIbased hybrid model is evident in its performance metrics.It outperformed other models in our tests,achieving an impressive accuracy of 95%and an F-measure of 93%.This significantly improved the detection performance of malware variants,underscoring the value and potential of our approach in the challenging field of cybersecurity.
文摘The method proposed in this paper is based on the fact that the damage in different types of structural members has distinctive influence on the structural stiffness. The intrinsic mechanical property of the structure is tapped and fully utilized for damage detection. The simplified model of the flexibility of frames treats the individual storeys as springs in series and the frame as an equivalent column. It fully considers the main deformation of all beams and columns in the frame. The deformation property of the simplified model accorded well with that of the actual frame model. The obtained increment of lateral displacement change (IOLDC) at the storey level was found to be very sensitive to the local damage in the frame. A damage detection method is pro- posed using the IOLDCs as the damage identification parameters. Numerical examples demonstrate the potential applicability of this method.
文摘At present,the network security situation is becoming more and more serious.Malicious network attacks such as computer viruses,Trojans and hacker attacks are becoming more and more rampant.National and group network attacks such as network information war and network terrorism have a serious damage to the production and life of the whole society.At the same time,with the rapid development of Internet of Things and the arrival of 5G era,IoT devices as an important part of industrial Internet system,have become an important target of infiltration attacks by hostile forces.This paper describes the challenges facing firmware vulnerability detection at this stage,and introduces four automatic detection and utilization technologies in detail:based on patch comparison,based on control flow,based on data flow and ROP attack against buffer vulnerabilities.On the basis of clarifying its core idea,main steps and experimental results,the limitations of its method are proposed.Finally,combined with four automatic detection methods,this paper summarizes the known vulnerability detection steps based on firmware analysis,and looks forward to the follow-up work.
文摘Deadlock detection is an essential aspect of concurrency control in parallel and distributed systems,as it ensures the efficient utilization of resources and prevents indefinite delays.This paper presents a comprehensive analysis of the various deadlock detection techniques,including static and dynamic approaches.We discuss the future improvements associated with deadlock detection and provide a comparative evaluation of these techniques in terms of their accuracy,complexity,and scalability.Furthermore,we outline potential future research directions to improve deadlock detection mechanisms and enhance system performance.
