The prognosis of infectious diseases is determined by host-pathogen interactions.Control of pathogens has been the central dogma of treating infectious diseases in modern medicine,but the pathogen-directed medicine is...The prognosis of infectious diseases is determined by host-pathogen interactions.Control of pathogens has been the central dogma of treating infectious diseases in modern medicine,but the pathogen-directed medicine is facing significant challenges,including a lack of effective antimicrobials for newly emerging pathogens,pathogen drug resistance,and drug side effects.Here,a mathematic equation(ter-med equation of host-pathogen interactions,HPI-Equation)is developed to dissect the key variables of hostpathogen interactions.It shows that control of pathogens does not necessarily lead to host recov-ery.Instead,a combination of promoting a host’s power of self-healing and balancing immune responses provides the best benefit for host.Moreover,the HPI-Equation elucidates the scientific basis of traditional Chinese medicine(TCM),a host-based medicine that treats infectious diseases by promot-ing self-healing power and balancing immune responses.The importance of self-healing power eluci-dated in the HPIEquation is confirmed by recent studies that the tolerance mechanism,which is discovered in plants and animals and conceptually similar to self-healing power,improves host survival without directly attacking pathogens.In summary,the HPI-Equation describes host-pathogen interac-tions with mathematical logic and precision;it translates the ancient wisdoms of TCM into apprehen-sible modern sciences and opens a new venue for integrating TCM and modern medicine for a future medicine.展开更多
With the continuous expansion of digital infrastructures,malicious behaviors in host systems have become increasingly sophisticated,often spanning multiple processes and employing obfuscation techniques to evade detec...With the continuous expansion of digital infrastructures,malicious behaviors in host systems have become increasingly sophisticated,often spanning multiple processes and employing obfuscation techniques to evade detection.Audit logs,such as Sysmon,offer valuable insights;however,existing approaches typically flatten event sequences or rely on generic graph models,thereby discarding the natural parent-child process hierarchy that is critical for analyzing multiprocess attacks.This paper proposes a structure-aware threat detection framework that transforms audit logs into a unified two-dimensional(2D)spatio-temporal representation,where process hierarchy is modeled as the spatial axis and event chronology as the temporal axis.In addition,entropy-based features are incorporated to robustly capture obfuscated and non-linguistic strings,overcoming the limitations of semantic embeddings.The model’s performance was evaluated on publicly available datasets,achieving competitive results with an accuracy exceeding 95%and an F1-score of at least 0.94.The proposed approach provides a promising and reproducible solution for detecting attacks with unknown indicators of compromise(IoCs)by analyzing the relationships and behaviors of processes recorded in large-scale audit logs.展开更多
The continuous emerging of peer-to-peer(P2P) applications enriches resource sharing by networks, but it also brings about many challenges to network management. Therefore, P2 P applications monitoring, in particular,P...The continuous emerging of peer-to-peer(P2P) applications enriches resource sharing by networks, but it also brings about many challenges to network management. Therefore, P2 P applications monitoring, in particular,P2 P traffic classification, is becoming increasingly important. In this paper, we propose a novel approach for accurate P2 P traffic classification at a fine-grained level. Our approach relies only on counting some special flows that are appearing frequently and steadily in the traffic generated by specific P2 P applications. In contrast to existing methods, the main contribution of our approach can be summarized as the following two aspects. Firstly, it can achieve a high classification accuracy by exploiting only several generic properties of flows rather than complicated features and sophisticated techniques. Secondly, it can work well even if the classification target is running with other high bandwidth-consuming applications, outperforming most existing host-based approaches, which are incapable of dealing with this situation. We evaluated the performance of our approach on a real-world trace. Experimental results show that P2 P applications can be classified with a true positive rate higher than 97.22% and a false positive rate lower than 2.78%.展开更多
文摘The prognosis of infectious diseases is determined by host-pathogen interactions.Control of pathogens has been the central dogma of treating infectious diseases in modern medicine,but the pathogen-directed medicine is facing significant challenges,including a lack of effective antimicrobials for newly emerging pathogens,pathogen drug resistance,and drug side effects.Here,a mathematic equation(ter-med equation of host-pathogen interactions,HPI-Equation)is developed to dissect the key variables of hostpathogen interactions.It shows that control of pathogens does not necessarily lead to host recov-ery.Instead,a combination of promoting a host’s power of self-healing and balancing immune responses provides the best benefit for host.Moreover,the HPI-Equation elucidates the scientific basis of traditional Chinese medicine(TCM),a host-based medicine that treats infectious diseases by promot-ing self-healing power and balancing immune responses.The importance of self-healing power eluci-dated in the HPIEquation is confirmed by recent studies that the tolerance mechanism,which is discovered in plants and animals and conceptually similar to self-healing power,improves host survival without directly attacking pathogens.In summary,the HPI-Equation describes host-pathogen interac-tions with mathematical logic and precision;it translates the ancient wisdoms of TCM into apprehen-sible modern sciences and opens a new venue for integrating TCM and modern medicine for a future medicine.
基金supported by the Nuclear Safety Research Program through Korea Foundation of Nuclear Safety(KoFONS)using the financial resource granted by the Nuclear Safety and Security Commission(NSSC)of the Republic of Korea(Grant number:2106061,50%)supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(RS-2025-25394739,Development of Security Enhancement Technology for Industrial Control Systems Based on S/HBOM Supply Chain Protection,50%).
文摘With the continuous expansion of digital infrastructures,malicious behaviors in host systems have become increasingly sophisticated,often spanning multiple processes and employing obfuscation techniques to evade detection.Audit logs,such as Sysmon,offer valuable insights;however,existing approaches typically flatten event sequences or rely on generic graph models,thereby discarding the natural parent-child process hierarchy that is critical for analyzing multiprocess attacks.This paper proposes a structure-aware threat detection framework that transforms audit logs into a unified two-dimensional(2D)spatio-temporal representation,where process hierarchy is modeled as the spatial axis and event chronology as the temporal axis.In addition,entropy-based features are incorporated to robustly capture obfuscated and non-linguistic strings,overcoming the limitations of semantic embeddings.The model’s performance was evaluated on publicly available datasets,achieving competitive results with an accuracy exceeding 95%and an F1-score of at least 0.94.The proposed approach provides a promising and reproducible solution for detecting attacks with unknown indicators of compromise(IoCs)by analyzing the relationships and behaviors of processes recorded in large-scale audit logs.
基金supported by the National Natural Science Foundation of China(Nos.61170286 and 61202486)
文摘The continuous emerging of peer-to-peer(P2P) applications enriches resource sharing by networks, but it also brings about many challenges to network management. Therefore, P2 P applications monitoring, in particular,P2 P traffic classification, is becoming increasingly important. In this paper, we propose a novel approach for accurate P2 P traffic classification at a fine-grained level. Our approach relies only on counting some special flows that are appearing frequently and steadily in the traffic generated by specific P2 P applications. In contrast to existing methods, the main contribution of our approach can be summarized as the following two aspects. Firstly, it can achieve a high classification accuracy by exploiting only several generic properties of flows rather than complicated features and sophisticated techniques. Secondly, it can work well even if the classification target is running with other high bandwidth-consuming applications, outperforming most existing host-based approaches, which are incapable of dealing with this situation. We evaluated the performance of our approach on a real-world trace. Experimental results show that P2 P applications can be classified with a true positive rate higher than 97.22% and a false positive rate lower than 2.78%.
