The malicious dissemination of hate speech via compromised accounts,automated bot networks and malware-driven social media campaigns has become a growing cybersecurity concern.Automatically detecting such content in S...The malicious dissemination of hate speech via compromised accounts,automated bot networks and malware-driven social media campaigns has become a growing cybersecurity concern.Automatically detecting such content in Spanish is challenging due to linguistic complexity and the scarcity of annotated resources.In this paper,we compare two predominant AI-based approaches for the forensic detection of malicious hate speech:(1)finetuning encoder-only models that have been trained in Spanish and(2)In-Context Learning techniques(Zero-and Few-Shot Learning)with large-scale language models.Our approach goes beyond binary classification,proposing a comprehensive,multidimensional evaluation that labels each text by:(1)type of speech,(2)recipient,(3)level of intensity(ordinal)and(4)targeted group(multi-label).Performance is evaluated using an annotated Spanish corpus,standard metrics such as precision,recall and F1-score and stability-oriented metrics to evaluate the stability of the transition from zero-shot to few-shot prompting(Zero-to-Few Shot Retention and Zero-to-Few Shot Gain)are applied.The results indicate that fine-tuned encoder-only models(notably MarIA and BETO variants)consistently deliver the strongest and most reliable performance:in our experiments their macro F1-scores lie roughly in the range of approximately 46%–66%depending on the task.Zero-shot approaches are much less stable and typically yield substantially lower performance(observed F1-scores range approximately 0%–39%),often producing invalid outputs in practice.Few-shot prompting(e.g.,Qwen 38B,Mistral 7B)generally improves stability and recall relative to pure zero-shot,bringing F1-scores into a moderate range of approximately 20%–51%but still falling short of fully fine-tuned models.These findings highlight the importance of supervised adaptation and discuss the potential of both paradigms as components in AI-powered cybersecurity and malware forensics systems designed to identify and mitigate coordinated online hate campaigns.展开更多
With the development of anti-virus technology,malicious documents have gradually become the main pathway of Advanced Persistent Threat(APT)attacks,therefore,the development of effective malicious document classifiers ...With the development of anti-virus technology,malicious documents have gradually become the main pathway of Advanced Persistent Threat(APT)attacks,therefore,the development of effective malicious document classifiers has become particularly urgent.Currently,detection methods based on document structure and behavioral features encounter challenges in feature engineering,these methods not only have limited accuracy,but also consume large resources,and usually can only detect documents in specific formats,which lacks versatility and adaptability.To address such problems,this paper proposes a novel malicious document detection method-visualizing documents as GGE images(Grayscale,Grayscale matrix,Entropy).The GGE method visualizes the original byte sequence of the malicious document as a grayscale image,the information entropy sequence of the document as an entropy image,and at the same time,the grayscale level co-occurrence matrix and the texture and spatial information stored in it are converted into grayscale matrix image,and fuses the three types of images to get the GGE color image.The Convolutional Block Attention Module-EfficientNet-B0(CBAM-EfficientNet-B0)model is then used for classification,combining transfer learning and applying the pre-trained model on the ImageNet dataset to the feature extraction process of GGE images.As shown in the experimental results,the GGE method has superior performance compared with other methods,which is suitable for detecting malicious documents in different formats,and achieves an accuracy of 99.44%and 97.39%on Portable Document Format(PDF)and office datasets,respectively,and consumes less time during the detection process,which can be effectively applied to the task of detecting malicious documents in real-time.展开更多
With the widespread use of SMS(Short Message Service),the proliferation of malicious SMS has emerged as a pressing societal issue.While deep learning-based text classifiers offer promise,they often exhibit suboptimal ...With the widespread use of SMS(Short Message Service),the proliferation of malicious SMS has emerged as a pressing societal issue.While deep learning-based text classifiers offer promise,they often exhibit suboptimal performance in fine-grained detection tasks,primarily due to imbalanced datasets and insufficient model representation capabilities.To address this challenge,this paper proposes an LLMs-enhanced graph fusion dual-stream Transformer model for fine-grained Chinese malicious SMS detection.During the data processing stage,Large Language Models(LLMs)are employed for data augmentation,mitigating dataset imbalance.In the data input stage,both word-level and character-level features are utilized as model inputs,enhancing the richness of features and preventing information loss.A dual-stream Transformer serves as the backbone network in the learning representation stage,complemented by a graph-based feature fusion mechanism.At the output stage,both supervised classification cross-entropy loss and supervised contrastive learning loss are used as multi-task optimization objectives,further enhancing the model’s feature representation.Experimental results demonstrate that the proposed method significantly outperforms baselines on a publicly available Chinese malicious SMS dataset.展开更多
With the continuous expansion of digital infrastructures,malicious behaviors in host systems have become increasingly sophisticated,often spanning multiple processes and employing obfuscation techniques to evade detec...With the continuous expansion of digital infrastructures,malicious behaviors in host systems have become increasingly sophisticated,often spanning multiple processes and employing obfuscation techniques to evade detection.Audit logs,such as Sysmon,offer valuable insights;however,existing approaches typically flatten event sequences or rely on generic graph models,thereby discarding the natural parent-child process hierarchy that is critical for analyzing multiprocess attacks.This paper proposes a structure-aware threat detection framework that transforms audit logs into a unified two-dimensional(2D)spatio-temporal representation,where process hierarchy is modeled as the spatial axis and event chronology as the temporal axis.In addition,entropy-based features are incorporated to robustly capture obfuscated and non-linguistic strings,overcoming the limitations of semantic embeddings.The model’s performance was evaluated on publicly available datasets,achieving competitive results with an accuracy exceeding 95%and an F1-score of at least 0.94.The proposed approach provides a promising and reproducible solution for detecting attacks with unknown indicators of compromise(IoCs)by analyzing the relationships and behaviors of processes recorded in large-scale audit logs.展开更多
With the emergence of new attack techniques,traffic classifiers usually fail to maintain the expected performance in real-world network environments.In order to have sufficient generalizability to deal with unknown ma...With the emergence of new attack techniques,traffic classifiers usually fail to maintain the expected performance in real-world network environments.In order to have sufficient generalizability to deal with unknown malicious samples,they require a large number of new samples for retraining.Considering the cost of data collection and labeling,data augmentation is an ideal solution.We propose an optimized noise-based traffic data augmentation system,ONTDAS.The system uses a gradient-based searching algorithm and an improved Bayesian optimizer to obtain optimized noise.The noise is injected into the original samples for data augmentation.Then,an improved bagging algorithm is used to integrate all the base traffic classifiers trained on noised datasets.The experiments verify ONTDAS on 6 types of base classifiers and 4 publicly available datasets respectively.The results show that ONTDAS can effectively enhance the traffic classifiers’performance and significantly improve their generalizability on unknown malicious samples.The system can also alleviate dataset imbalance.Moreover,the performance of ONTDAS is significantly superior to the existing data augmentation methods mentioned.展开更多
Large-scale neural networks-based federated learning(FL)has gained public recognition for its effective capabilities in distributed training.Nonetheless,the open system architecture inherent to federated learning syst...Large-scale neural networks-based federated learning(FL)has gained public recognition for its effective capabilities in distributed training.Nonetheless,the open system architecture inherent to federated learning systems raises concerns regarding their vulnerability to potential attacks.Poisoning attacks turn into a major menace to federated learning on account of their concealed property and potent destructive force.By altering the local model during routine machine learning training,attackers can easily contaminate the global model.Traditional detection and aggregation solutions mitigate certain threats,but they are still insufficient to completely eliminate the influence generated by attackers.Therefore,federated unlearning that can remove unreliable models while maintaining the accuracy of the global model has become a solution.Unfortunately some existing federated unlearning approaches are rather difficult to be applied in large neural network models because of their high computational expenses.Hence,we propose SlideFU,an efficient anti-poisoning attack federated unlearning framework.The primary concept of SlideFU is to employ sliding window to construct the training process,where all operations are confined within the window.We design a malicious detection scheme based on principal component analysis(PCA),which calculates the trust factors between compressed models in a low-cost way to eliminate unreliable models.After confirming that the global model is under attack,the system activates the federated unlearning process,calibrates the gradients based on the updated direction of the calibration gradients.Experiments on two public datasets demonstrate that our scheme can recover a robust model with extremely high efficiency.展开更多
The proliferation of internet traffic encryption has become a double-edged sword. While it significantly enhances user privacy, it also inadvertently shields cyber-attacks from detection, presenting a formidable chall...The proliferation of internet traffic encryption has become a double-edged sword. While it significantly enhances user privacy, it also inadvertently shields cyber-attacks from detection, presenting a formidable challenge to cybersecurity. Traditional machine learning and deep learning techniques often fall short in identifying encrypted malicious traffic due to their inability to fully extract and utilize the implicit relational and positional information embedded within data packets. This limitation has led to an unresolved challenge in the cybersecurity community: how to effectively extract valuable insights from the complex patterns of traffic packet transmission. Consequently, this paper introduces the TB-Graph model, an encrypted malicious traffic classification model based on a relational graph attention network. The model is a heterogeneous traffic burst graph that embeds side-channel features, which are unaffected by encryption, into the graph nodes and connects them with three different types of burst edges. Subsequently, we design a relational positional coding that prevents the loss of temporal relationships between the original traffic flows during graph transformation. Ultimately, TB-Graph leverages the powerful graph representation learning capabilities of Relational Graph Attention Network (RGAT) to extract latent behavioral features from the burst graph nodes and edge relationships. Experimental results show that TB-Graph outperforms various state-of-the-art methods in fine-grained encrypted malicious traffic classification tasks on two public datasets, indicating its enhanced capability for identifying encrypted malicious traffic.展开更多
Unmanned Aerial Vehicle(UAV)-aided communication,prized for its network reconfigurability,operational flexibility,and cost-effectiveness,is a key enabler of the low-altitude economy.However,the high possibilities of l...Unmanned Aerial Vehicle(UAV)-aided communication,prized for its network reconfigurability,operational flexibility,and cost-effectiveness,is a key enabler of the low-altitude economy.However,the high possibilities of line-of-sight links and the broadcast nature of air-ground UAV communications make it vulnerable and prone to eavesdropping by malicious nodes.展开更多
With the growth of the Internet of Things(IoT)comes a flood of malicious traffic in the IoT,intensifying the challenges of network security.Traditional models operate with independent layers,limiting their effectivene...With the growth of the Internet of Things(IoT)comes a flood of malicious traffic in the IoT,intensifying the challenges of network security.Traditional models operate with independent layers,limiting their effectiveness in addressing these challenges.To address this issue,we propose a cross-layer cooperative Feature Subset-Based Malicious Traffic Detection(FSMMTD)model for detecting malicious traffic.Our approach begins by applying an enhanced random forest method to adaptively filter and retain highly discriminative first-layer features.These processed features are then input into an improved state-space model that integrates the strengths of recurrent neural networks(RNNs)and transformers,enabling superior processing of complex patterns and global information.This integration allows the FSMMTD model to enhance its capability in identifying intricate data relationships and capturing comprehensive contextual insights.The FSMMTD model monitors IoT data flows in real-time,efficiently detecting anomalies and enabling rapid response to potential intrusions.We validate our approach using the publicly available ToN_IoT dataset for IoT traffic analysis.Experimental results demonstrate that our method achieves superior performance with an accuracy of 98.37%,precision of 96.28%,recall of 95.36%,and F1-score of 96.79%.These metrics indicate that the FSMMTD model outperforms existing methods in detecting malicious traffic,showcasing its effectiveness and reliability in enhancing IoT network security.展开更多
The increasingly complex and interconnected train control information network is vulnerable to a variety of malicious traffic attacks,and the existing malicious traffic detection methods mainly rely on machine learnin...The increasingly complex and interconnected train control information network is vulnerable to a variety of malicious traffic attacks,and the existing malicious traffic detection methods mainly rely on machine learning,such as poor robustness,weak generalization,and a lack of ability to learn common features.Therefore,this paper proposes a malicious traffic identification method based on stacked sparse denoising autoencoders combined with a regularized extreme learning machine through particle swarm optimization.Firstly,the simulation environment of the Chinese train control system-3,was constructed for data acquisition.Then Pearson coefficient and other methods are used for pre-processing,then a stacked sparse denoising autoencoder is used to achieve nonlinear dimensionality reduction of features,and finally regularization extreme learning machine optimized by particle swarm optimization is used to achieve classification.Experimental data show that the proposed method has good training performance,with an average accuracy of 97.57%and a false negative rate of 2.43%,which is better than other alternative methods.In addition,ablation experiments were performed to evaluate the contribution of each component,and the results showed that the combination of methods was superior to individual methods.To further evaluate the generalization ability of the model in different scenarios,publicly available data sets of industrial control system networks were used.The results show that the model has robust detection capability in various types of network attacks.展开更多
Dear Editor,Industrial Internet of things(IIoT) is a typical application of cyberphysical system(CPS). In the IIoT, wireless communication is an inevitable trend to replace the deployment-limited wired transmission fo...Dear Editor,Industrial Internet of things(IIoT) is a typical application of cyberphysical system(CPS). In the IIoT, wireless communication is an inevitable trend to replace the deployment-limited wired transmission for cases with large-scale and mobile devices. However, wireless communication gives rise to critical issues related to physical security, such as malicious detections and attacks [1].展开更多
Future 6G communications will open up opportunities for innovative applications,including Cyber-Physical Systems,edge computing,supporting Industry 5.0,and digital agriculture.While automation is creating efficiencies...Future 6G communications will open up opportunities for innovative applications,including Cyber-Physical Systems,edge computing,supporting Industry 5.0,and digital agriculture.While automation is creating efficiencies,it can also create new cyber threats,such as vulnerabilities in trust and malicious node injection.Denialof-Service(DoS)attacks can stop many forms of operations by overwhelming networks and systems with data noise.Current anomaly detection methods require extensive software changes and only detect static threats.Data collection is important for being accurate,but it is often a slow,tedious,and sometimes inefficient process.This paper proposes a new wavelet transformassisted Bayesian deep learning based probabilistic(WT-BDLP)approach tomitigate malicious data injection attacks in 6G edge networks.The proposed approach combines outlier detection based on a Bayesian learning conditional variational autoencoder(Bay-LCVariAE)and traffic pattern analysis based on continuous wavelet transform(CWT).The Bay-LCVariAE framework allows for probabilistic modelling of generative features to facilitate capturing how features of interest change over time,spatially,and for recognition of anomalies.Similarly,CWT allows emphasizing the multi-resolution spectral analysis and permits temporally relevant frequency pattern recognition.Experimental testing showed that the flexibility of the Bayesian probabilistic framework offers a vast improvement in anomaly detection accuracy over existing methods,with a maximum accuracy of 98.21%recognizing anomalies.展开更多
Dear Editor,This letter investigates the optimal denial-of-service(DoS)attack scheduling targeting state estimation in cyber-Physical systems(CPSs)with the two-hop multi-channel network.CPSs are designed to achieve ef...Dear Editor,This letter investigates the optimal denial-of-service(DoS)attack scheduling targeting state estimation in cyber-Physical systems(CPSs)with the two-hop multi-channel network.CPSs are designed to achieve efficient,secure and adaptive operation by embedding intelligent and autonomous decision-making capabilities in the physical world.As a key component of the CPSs,the wireless network is vulnerable to various malicious attacks due to its openness[1].DoS attack is one of the most common attacks,characterized of simple execution and significant destructiveness[2].To mitigate the economic losses and environmental damage caused by DoS attacks,it is crucial to model and investigate data transmissions in CPSs.展开更多
With the gradual penetration of the internet of things(IoT)into all areas of life,the scale of IoT devices shows an explosive growth trend.The era of internet of everything is coming,and the important position of IoT ...With the gradual penetration of the internet of things(IoT)into all areas of life,the scale of IoT devices shows an explosive growth trend.The era of internet of everything is coming,and the important position of IoT security is becoming increasingly prominent.Due to the large number types of IoT devices,there may be different security vulnerabilities,and unknown attack forms and virus samples are appear.In other words,large number of IoT devices,large data volumes,and various attack forms pose a big challenge of malicious traffic identification.To solve these problems,this paper proposes a concept drift detection and adaptation(CDDA)method for IoT security framework.The AI model performance is evaluated by verifying the effectiveness of IoT traffic for data drift detection,so as to select the best AI model.The experimental test are given to confirm that the feasibility of the framework and the adaptive method in practice,and the effect on the performance of IoT traffic identification is also verified.展开更多
Accurate time synchronization is fundamental to the correct and efficient operation of Wireless Sensor Networks(WSNs),especially in security-critical,time-sensitive applications.However,most existing protocols degrade...Accurate time synchronization is fundamental to the correct and efficient operation of Wireless Sensor Networks(WSNs),especially in security-critical,time-sensitive applications.However,most existing protocols degrade substantially under malicious interference.We introduce iSTSP,an Intelligent and Secure Time Synchronization Protocol that implements a four-stage defense pipeline to ensure robust,precise synchronization even in hostile environments:(1)trust preprocessing that filters node participation using behavioral trust scoring;(2)anomaly isolation employing a lightweight autoencoder to detect and excise malicious nodes in real time;(3)reliability-weighted consensus that prioritizes high-trust nodes during time aggregation;and(4)convergence-optimized synchronization that dynamically adjusts parameters using theoretical stability bounds.We provide rigorous convergence analysis including a closed-form expression for convergence time,and validate the protocol through both simulations and realworld experiments on a controlled 16-node testbed.Under Sybil attacks with five malicious nodes within this testbed,iSTSP maintains synchronization error increases under 12%and achieves a rapid convergence.Compared to state-ofthe-art protocols like TPSN,SE-FTSP,and MMAR-CTS,iSTSP offers 60%faster detection,broader threat coverage,and more than 7 times lower synchronization error,with a modest 9.3%energy overhead over 8 h.We argue this is an acceptable trade-off for mission-critical deployments requiring guaranteed security.These findings demonstrate iSTSP’s potential as a reliable solution for secure WSN synchronization and motivate future work on large-scale IoT deployments and integration with energy-efficient communication protocols.展开更多
In order to detect web shells that hackers inject into web servers by exploiting system vulnerabilities or web page open sources, a novel web shell detection system based on the scoring scheme is proposed, named Evil-...In order to detect web shells that hackers inject into web servers by exploiting system vulnerabilities or web page open sources, a novel web shell detection system based on the scoring scheme is proposed, named Evil-hunter. First, a large set of malicious function samples normally used in web shells are collected from various sources on the Internet and security forums. Secondly, according to the danger level and the frequency of using these malicious functions in the web shells as well as in legal web applications, an assigning score strategy for each malicious sample is devised. Then, the appropriate score threshold value for each sample is obtained from the results of a statistical analysis. Finally, based on the threshold value, a simple algorithm is presented to identify files that contain web shells in web applications. The experimental results show that compared with other approaches, Evil-hunter can identify web shells more efficiently and accurately.展开更多
Power Shell has been widely deployed in fileless malware and advanced persistent threat(APT)attacks due to its high stealthiness and live-off-theland technique.However,existing works mainly focus on deobfuscation and ...Power Shell has been widely deployed in fileless malware and advanced persistent threat(APT)attacks due to its high stealthiness and live-off-theland technique.However,existing works mainly focus on deobfuscation and malicious detection,lacking the malicious Power Shell families classification and behavior analysis.Moreover,the state-of-the-art methods fail to capture fine-grained features and semantic relationships,resulting in low robustness and accuracy.To this end,we propose Power Detector,a novel malicious Power Shell script detector based on multimodal semantic fusion and deep learning.Specifically,we design four feature extraction methods to extract key features from character,token,abstract syntax tree(AST),and semantic knowledge graph.Then,we intelligently design four embeddings(i.e.,Char2Vec,Token2Vec,AST2Vec,and Rela2Vec) and construct a multi-modal fusion algorithm to concatenate feature vectors from different views.Finally,we propose a combined model based on transformer and CNN-Bi LSTM to implement Power Shell family detection.Our experiments with five types of Power Shell attacks show that PowerDetector can accurately detect various obfuscated and stealth PowerShell scripts,with a 0.9402 precision,a 0.9358 recall,and a 0.9374 F1-score.Furthermore,through singlemodal and multi-modal comparison experiments,we demonstrate that PowerDetector’s multi-modal embedding and deep learning model can achieve better accuracy and even identify more unknown attacks.展开更多
In recent years,the number of exposed vulnerabilities has grown rapidly and more and more attacks occurred to intrude on the target computers using these vulnerabilities such as different malware.Malware detection has...In recent years,the number of exposed vulnerabilities has grown rapidly and more and more attacks occurred to intrude on the target computers using these vulnerabilities such as different malware.Malware detection has attracted more attention and still faces severe challenges.As malware detection based traditional machine learning relies on exports’experience to design efficient features to distinguish different malware,it causes bottleneck on feature engineer and is also time-consuming to find efficient features.Due to its promising ability in automatically proposing and selecting significant features,deep learning has gradually become a research hotspot.In this paper,aiming to detect the malicious payload and identify their categories with high accuracy,we proposed a packet-based malicious payload detection and identification algorithm based on object detection deep learning network.A dataset of malicious payload on code execution vulnerability has been constructed under the Metasploit framework and used to evaluate the performance of the proposed malware detection and identification algorithm.The experimental results demonstrated that the proposed object detection network can efficiently find and identify malicious payloads with high accuracy.展开更多
Since the introduction of the Internet of Things(IoT),several researchers have been exploring its productivity to utilize and organize the spectrum assets.Cognitive radio(CR)technology is characterized as the best asp...Since the introduction of the Internet of Things(IoT),several researchers have been exploring its productivity to utilize and organize the spectrum assets.Cognitive radio(CR)technology is characterized as the best aspirant for wireless communications to augment IoT competencies.In the CR networks,secondary users(SUs)opportunistically get access to the primary users(PUs)spectrum through spectrum sensing.The multipath issues in the wireless channel can fluster the sensing ability of the individual SUs.Therefore,several cooperative SUs are engaged in cooperative spectrum sensing(CSS)to ensure reliable sensing results.In CSS,security is still a major concern for the researchers to safeguard the fusion center(FC)against abnormal sensing reports initiated by the malicious users(MUs).In this paper,butterfly optimization algorithm(BOA)-based soft decision method is proposed to find an optimized weighting coefficient vector correlated to the SUs sensing notifications.The coefficient vector is utilized in the soft decision rule at the FC before making any global decision.The effectiveness of the proposed scheme is compared for a variety of parameters with existing schemes through simulation results.The results confirmed the supremacy of the proposed BOA scheme in both the normal SUs’environment and when lower and higher SNRs information is carried by the different categories of MUs.展开更多
基金the research project LaTe4PoliticES(PID2022-138099OB-I00)funded by MCIN/AEI/10.13039/501100011033 and the European Fund for Regional Development(ERDF)-a way to make Europe.Tomás Bernal-Beltrán is supported by University of Murcia through the predoctoral programme.
文摘The malicious dissemination of hate speech via compromised accounts,automated bot networks and malware-driven social media campaigns has become a growing cybersecurity concern.Automatically detecting such content in Spanish is challenging due to linguistic complexity and the scarcity of annotated resources.In this paper,we compare two predominant AI-based approaches for the forensic detection of malicious hate speech:(1)finetuning encoder-only models that have been trained in Spanish and(2)In-Context Learning techniques(Zero-and Few-Shot Learning)with large-scale language models.Our approach goes beyond binary classification,proposing a comprehensive,multidimensional evaluation that labels each text by:(1)type of speech,(2)recipient,(3)level of intensity(ordinal)and(4)targeted group(multi-label).Performance is evaluated using an annotated Spanish corpus,standard metrics such as precision,recall and F1-score and stability-oriented metrics to evaluate the stability of the transition from zero-shot to few-shot prompting(Zero-to-Few Shot Retention and Zero-to-Few Shot Gain)are applied.The results indicate that fine-tuned encoder-only models(notably MarIA and BETO variants)consistently deliver the strongest and most reliable performance:in our experiments their macro F1-scores lie roughly in the range of approximately 46%–66%depending on the task.Zero-shot approaches are much less stable and typically yield substantially lower performance(observed F1-scores range approximately 0%–39%),often producing invalid outputs in practice.Few-shot prompting(e.g.,Qwen 38B,Mistral 7B)generally improves stability and recall relative to pure zero-shot,bringing F1-scores into a moderate range of approximately 20%–51%but still falling short of fully fine-tuned models.These findings highlight the importance of supervised adaptation and discuss the potential of both paradigms as components in AI-powered cybersecurity and malware forensics systems designed to identify and mitigate coordinated online hate campaigns.
基金supported by the Natural Science Foundation of Henan Province(Grant No.242300420297)awarded to Yi Sun.
文摘With the development of anti-virus technology,malicious documents have gradually become the main pathway of Advanced Persistent Threat(APT)attacks,therefore,the development of effective malicious document classifiers has become particularly urgent.Currently,detection methods based on document structure and behavioral features encounter challenges in feature engineering,these methods not only have limited accuracy,but also consume large resources,and usually can only detect documents in specific formats,which lacks versatility and adaptability.To address such problems,this paper proposes a novel malicious document detection method-visualizing documents as GGE images(Grayscale,Grayscale matrix,Entropy).The GGE method visualizes the original byte sequence of the malicious document as a grayscale image,the information entropy sequence of the document as an entropy image,and at the same time,the grayscale level co-occurrence matrix and the texture and spatial information stored in it are converted into grayscale matrix image,and fuses the three types of images to get the GGE color image.The Convolutional Block Attention Module-EfficientNet-B0(CBAM-EfficientNet-B0)model is then used for classification,combining transfer learning and applying the pre-trained model on the ImageNet dataset to the feature extraction process of GGE images.As shown in the experimental results,the GGE method has superior performance compared with other methods,which is suitable for detecting malicious documents in different formats,and achieves an accuracy of 99.44%and 97.39%on Portable Document Format(PDF)and office datasets,respectively,and consumes less time during the detection process,which can be effectively applied to the task of detecting malicious documents in real-time.
基金supported by the Fundamental Research Funds for the Central Universities(2024JKF13)the Beijing Municipal Education Commission General Program of Science and Technology(No.KM202414019003).
文摘With the widespread use of SMS(Short Message Service),the proliferation of malicious SMS has emerged as a pressing societal issue.While deep learning-based text classifiers offer promise,they often exhibit suboptimal performance in fine-grained detection tasks,primarily due to imbalanced datasets and insufficient model representation capabilities.To address this challenge,this paper proposes an LLMs-enhanced graph fusion dual-stream Transformer model for fine-grained Chinese malicious SMS detection.During the data processing stage,Large Language Models(LLMs)are employed for data augmentation,mitigating dataset imbalance.In the data input stage,both word-level and character-level features are utilized as model inputs,enhancing the richness of features and preventing information loss.A dual-stream Transformer serves as the backbone network in the learning representation stage,complemented by a graph-based feature fusion mechanism.At the output stage,both supervised classification cross-entropy loss and supervised contrastive learning loss are used as multi-task optimization objectives,further enhancing the model’s feature representation.Experimental results demonstrate that the proposed method significantly outperforms baselines on a publicly available Chinese malicious SMS dataset.
基金supported by the Nuclear Safety Research Program through Korea Foundation of Nuclear Safety(KoFONS)using the financial resource granted by the Nuclear Safety and Security Commission(NSSC)of the Republic of Korea(Grant number:2106061,50%)supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(RS-2025-25394739,Development of Security Enhancement Technology for Industrial Control Systems Based on S/HBOM Supply Chain Protection,50%).
文摘With the continuous expansion of digital infrastructures,malicious behaviors in host systems have become increasingly sophisticated,often spanning multiple processes and employing obfuscation techniques to evade detection.Audit logs,such as Sysmon,offer valuable insights;however,existing approaches typically flatten event sequences or rely on generic graph models,thereby discarding the natural parent-child process hierarchy that is critical for analyzing multiprocess attacks.This paper proposes a structure-aware threat detection framework that transforms audit logs into a unified two-dimensional(2D)spatio-temporal representation,where process hierarchy is modeled as the spatial axis and event chronology as the temporal axis.In addition,entropy-based features are incorporated to robustly capture obfuscated and non-linguistic strings,overcoming the limitations of semantic embeddings.The model’s performance was evaluated on publicly available datasets,achieving competitive results with an accuracy exceeding 95%and an F1-score of at least 0.94.The proposed approach provides a promising and reproducible solution for detecting attacks with unknown indicators of compromise(IoCs)by analyzing the relationships and behaviors of processes recorded in large-scale audit logs.
基金supported in part by the National Key Research and Development Program of China(No.2022YFB4500800)the National Science Foundation of China(No.42071431).
文摘With the emergence of new attack techniques,traffic classifiers usually fail to maintain the expected performance in real-world network environments.In order to have sufficient generalizability to deal with unknown malicious samples,they require a large number of new samples for retraining.Considering the cost of data collection and labeling,data augmentation is an ideal solution.We propose an optimized noise-based traffic data augmentation system,ONTDAS.The system uses a gradient-based searching algorithm and an improved Bayesian optimizer to obtain optimized noise.The noise is injected into the original samples for data augmentation.Then,an improved bagging algorithm is used to integrate all the base traffic classifiers trained on noised datasets.The experiments verify ONTDAS on 6 types of base classifiers and 4 publicly available datasets respectively.The results show that ONTDAS can effectively enhance the traffic classifiers’performance and significantly improve their generalizability on unknown malicious samples.The system can also alleviate dataset imbalance.Moreover,the performance of ONTDAS is significantly superior to the existing data augmentation methods mentioned.
基金supported in part by the National Social Science Foundation of China under Grant 20BTQ058in part by the Natural Science Foundation of Hunan Province under Grant 2023JJ50033.
文摘Large-scale neural networks-based federated learning(FL)has gained public recognition for its effective capabilities in distributed training.Nonetheless,the open system architecture inherent to federated learning systems raises concerns regarding their vulnerability to potential attacks.Poisoning attacks turn into a major menace to federated learning on account of their concealed property and potent destructive force.By altering the local model during routine machine learning training,attackers can easily contaminate the global model.Traditional detection and aggregation solutions mitigate certain threats,but they are still insufficient to completely eliminate the influence generated by attackers.Therefore,federated unlearning that can remove unreliable models while maintaining the accuracy of the global model has become a solution.Unfortunately some existing federated unlearning approaches are rather difficult to be applied in large neural network models because of their high computational expenses.Hence,we propose SlideFU,an efficient anti-poisoning attack federated unlearning framework.The primary concept of SlideFU is to employ sliding window to construct the training process,where all operations are confined within the window.We design a malicious detection scheme based on principal component analysis(PCA),which calculates the trust factors between compressed models in a low-cost way to eliminate unreliable models.After confirming that the global model is under attack,the system activates the federated unlearning process,calibrates the gradients based on the updated direction of the calibration gradients.Experiments on two public datasets demonstrate that our scheme can recover a robust model with extremely high efficiency.
文摘The proliferation of internet traffic encryption has become a double-edged sword. While it significantly enhances user privacy, it also inadvertently shields cyber-attacks from detection, presenting a formidable challenge to cybersecurity. Traditional machine learning and deep learning techniques often fall short in identifying encrypted malicious traffic due to their inability to fully extract and utilize the implicit relational and positional information embedded within data packets. This limitation has led to an unresolved challenge in the cybersecurity community: how to effectively extract valuable insights from the complex patterns of traffic packet transmission. Consequently, this paper introduces the TB-Graph model, an encrypted malicious traffic classification model based on a relational graph attention network. The model is a heterogeneous traffic burst graph that embeds side-channel features, which are unaffected by encryption, into the graph nodes and connects them with three different types of burst edges. Subsequently, we design a relational positional coding that prevents the loss of temporal relationships between the original traffic flows during graph transformation. Ultimately, TB-Graph leverages the powerful graph representation learning capabilities of Relational Graph Attention Network (RGAT) to extract latent behavioral features from the burst graph nodes and edge relationships. Experimental results show that TB-Graph outperforms various state-of-the-art methods in fine-grained encrypted malicious traffic classification tasks on two public datasets, indicating its enhanced capability for identifying encrypted malicious traffic.
文摘Unmanned Aerial Vehicle(UAV)-aided communication,prized for its network reconfigurability,operational flexibility,and cost-effectiveness,is a key enabler of the low-altitude economy.However,the high possibilities of line-of-sight links and the broadcast nature of air-ground UAV communications make it vulnerable and prone to eavesdropping by malicious nodes.
基金funded by the National Natural Science Foundation of China,grant numbers 61876189,61703426,and 61273275.
文摘With the growth of the Internet of Things(IoT)comes a flood of malicious traffic in the IoT,intensifying the challenges of network security.Traditional models operate with independent layers,limiting their effectiveness in addressing these challenges.To address this issue,we propose a cross-layer cooperative Feature Subset-Based Malicious Traffic Detection(FSMMTD)model for detecting malicious traffic.Our approach begins by applying an enhanced random forest method to adaptively filter and retain highly discriminative first-layer features.These processed features are then input into an improved state-space model that integrates the strengths of recurrent neural networks(RNNs)and transformers,enabling superior processing of complex patterns and global information.This integration allows the FSMMTD model to enhance its capability in identifying intricate data relationships and capturing comprehensive contextual insights.The FSMMTD model monitors IoT data flows in real-time,efficiently detecting anomalies and enabling rapid response to potential intrusions.We validate our approach using the publicly available ToN_IoT dataset for IoT traffic analysis.Experimental results demonstrate that our method achieves superior performance with an accuracy of 98.37%,precision of 96.28%,recall of 95.36%,and F1-score of 96.79%.These metrics indicate that the FSMMTD model outperforms existing methods in detecting malicious traffic,showcasing its effectiveness and reliability in enhancing IoT network security.
文摘The increasingly complex and interconnected train control information network is vulnerable to a variety of malicious traffic attacks,and the existing malicious traffic detection methods mainly rely on machine learning,such as poor robustness,weak generalization,and a lack of ability to learn common features.Therefore,this paper proposes a malicious traffic identification method based on stacked sparse denoising autoencoders combined with a regularized extreme learning machine through particle swarm optimization.Firstly,the simulation environment of the Chinese train control system-3,was constructed for data acquisition.Then Pearson coefficient and other methods are used for pre-processing,then a stacked sparse denoising autoencoder is used to achieve nonlinear dimensionality reduction of features,and finally regularization extreme learning machine optimized by particle swarm optimization is used to achieve classification.Experimental data show that the proposed method has good training performance,with an average accuracy of 97.57%and a false negative rate of 2.43%,which is better than other alternative methods.In addition,ablation experiments were performed to evaluate the contribution of each component,and the results showed that the combination of methods was superior to individual methods.To further evaluate the generalization ability of the model in different scenarios,publicly available data sets of industrial control system networks were used.The results show that the model has robust detection capability in various types of network attacks.
基金partly supported by the National Natural Science Foundation of China(62273298,62273295)Hebei Natural Science Foundation(F2023203063,F2022203025)+1 种基金China Scholarship Council(CSC)(202308130180)Provincial Key Laboratory Performance Subsidy Project(22567612H)
文摘Dear Editor,Industrial Internet of things(IIoT) is a typical application of cyberphysical system(CPS). In the IIoT, wireless communication is an inevitable trend to replace the deployment-limited wired transmission for cases with large-scale and mobile devices. However, wireless communication gives rise to critical issues related to physical security, such as malicious detections and attacks [1].
文摘Future 6G communications will open up opportunities for innovative applications,including Cyber-Physical Systems,edge computing,supporting Industry 5.0,and digital agriculture.While automation is creating efficiencies,it can also create new cyber threats,such as vulnerabilities in trust and malicious node injection.Denialof-Service(DoS)attacks can stop many forms of operations by overwhelming networks and systems with data noise.Current anomaly detection methods require extensive software changes and only detect static threats.Data collection is important for being accurate,but it is often a slow,tedious,and sometimes inefficient process.This paper proposes a new wavelet transformassisted Bayesian deep learning based probabilistic(WT-BDLP)approach tomitigate malicious data injection attacks in 6G edge networks.The proposed approach combines outlier detection based on a Bayesian learning conditional variational autoencoder(Bay-LCVariAE)and traffic pattern analysis based on continuous wavelet transform(CWT).The Bay-LCVariAE framework allows for probabilistic modelling of generative features to facilitate capturing how features of interest change over time,spatially,and for recognition of anomalies.Similarly,CWT allows emphasizing the multi-resolution spectral analysis and permits temporally relevant frequency pattern recognition.Experimental testing showed that the flexibility of the Bayesian probabilistic framework offers a vast improvement in anomaly detection accuracy over existing methods,with a maximum accuracy of 98.21%recognizing anomalies.
文摘Dear Editor,This letter investigates the optimal denial-of-service(DoS)attack scheduling targeting state estimation in cyber-Physical systems(CPSs)with the two-hop multi-channel network.CPSs are designed to achieve efficient,secure and adaptive operation by embedding intelligent and autonomous decision-making capabilities in the physical world.As a key component of the CPSs,the wireless network is vulnerable to various malicious attacks due to its openness[1].DoS attack is one of the most common attacks,characterized of simple execution and significant destructiveness[2].To mitigate the economic losses and environmental damage caused by DoS attacks,it is crucial to model and investigate data transmissions in CPSs.
基金supported by 2023 Teaching Research Project of the Education Department of Anhui Province:Exploration of Optimizing Teaching Strategies for Embedded Courses in the Context of“New Engineering”(Project No.2023jyxm0460)2024 High-quality Course on Ideological and Political Education Integrated into Curriculum at Anhui University of Engineering:“Data Structures and Algorithms”(Project No.2024szyzk40)Industry-University-Research Cooperation Project of Anhui University of Engineering:“Online detection of surface quality defects in high-speed wire rod”(Project No.HX-2024-11-003).
文摘With the gradual penetration of the internet of things(IoT)into all areas of life,the scale of IoT devices shows an explosive growth trend.The era of internet of everything is coming,and the important position of IoT security is becoming increasingly prominent.Due to the large number types of IoT devices,there may be different security vulnerabilities,and unknown attack forms and virus samples are appear.In other words,large number of IoT devices,large data volumes,and various attack forms pose a big challenge of malicious traffic identification.To solve these problems,this paper proposes a concept drift detection and adaptation(CDDA)method for IoT security framework.The AI model performance is evaluated by verifying the effectiveness of IoT traffic for data drift detection,so as to select the best AI model.The experimental test are given to confirm that the feasibility of the framework and the adaptive method in practice,and the effect on the performance of IoT traffic identification is also verified.
基金this project under Geran Putra Inisiatif(GPI)with reference of GP-GPI/2023/976210。
文摘Accurate time synchronization is fundamental to the correct and efficient operation of Wireless Sensor Networks(WSNs),especially in security-critical,time-sensitive applications.However,most existing protocols degrade substantially under malicious interference.We introduce iSTSP,an Intelligent and Secure Time Synchronization Protocol that implements a four-stage defense pipeline to ensure robust,precise synchronization even in hostile environments:(1)trust preprocessing that filters node participation using behavioral trust scoring;(2)anomaly isolation employing a lightweight autoencoder to detect and excise malicious nodes in real time;(3)reliability-weighted consensus that prioritizes high-trust nodes during time aggregation;and(4)convergence-optimized synchronization that dynamically adjusts parameters using theoretical stability bounds.We provide rigorous convergence analysis including a closed-form expression for convergence time,and validate the protocol through both simulations and realworld experiments on a controlled 16-node testbed.Under Sybil attacks with five malicious nodes within this testbed,iSTSP maintains synchronization error increases under 12%and achieves a rapid convergence.Compared to state-ofthe-art protocols like TPSN,SE-FTSP,and MMAR-CTS,iSTSP offers 60%faster detection,broader threat coverage,and more than 7 times lower synchronization error,with a modest 9.3%energy overhead over 8 h.We argue this is an acceptable trade-off for mission-critical deployments requiring guaranteed security.These findings demonstrate iSTSP’s potential as a reliable solution for secure WSN synchronization and motivate future work on large-scale IoT deployments and integration with energy-efficient communication protocols.
基金The Science and Technology Support Program of Jiangsu Province(No.BE2011173)the Future Network Proactive Program of Jiangsu Province(No.BY2013095-5-03)the Program for Special Talent in Six Fields of Jiangsu Province(No.2011-DZ024)
文摘In order to detect web shells that hackers inject into web servers by exploiting system vulnerabilities or web page open sources, a novel web shell detection system based on the scoring scheme is proposed, named Evil-hunter. First, a large set of malicious function samples normally used in web shells are collected from various sources on the Internet and security forums. Secondly, according to the danger level and the frequency of using these malicious functions in the web shells as well as in legal web applications, an assigning score strategy for each malicious sample is devised. Then, the appropriate score threshold value for each sample is obtained from the results of a statistical analysis. Finally, based on the threshold value, a simple algorithm is presented to identify files that contain web shells in web applications. The experimental results show that compared with other approaches, Evil-hunter can identify web shells more efficiently and accurately.
基金This work was supported by National Natural Science Foundation of China(No.62172308,No.U1626107,No.61972297,No.62172144,and No.62062019).
文摘Power Shell has been widely deployed in fileless malware and advanced persistent threat(APT)attacks due to its high stealthiness and live-off-theland technique.However,existing works mainly focus on deobfuscation and malicious detection,lacking the malicious Power Shell families classification and behavior analysis.Moreover,the state-of-the-art methods fail to capture fine-grained features and semantic relationships,resulting in low robustness and accuracy.To this end,we propose Power Detector,a novel malicious Power Shell script detector based on multimodal semantic fusion and deep learning.Specifically,we design four feature extraction methods to extract key features from character,token,abstract syntax tree(AST),and semantic knowledge graph.Then,we intelligently design four embeddings(i.e.,Char2Vec,Token2Vec,AST2Vec,and Rela2Vec) and construct a multi-modal fusion algorithm to concatenate feature vectors from different views.Finally,we propose a combined model based on transformer and CNN-Bi LSTM to implement Power Shell family detection.Our experiments with five types of Power Shell attacks show that PowerDetector can accurately detect various obfuscated and stealth PowerShell scripts,with a 0.9402 precision,a 0.9358 recall,and a 0.9374 F1-score.Furthermore,through singlemodal and multi-modal comparison experiments,we demonstrate that PowerDetector’s multi-modal embedding and deep learning model can achieve better accuracy and even identify more unknown attacks.
基金This work was supported by Natural Science Foundation of China(61702013,61572492)the National Key research and Development Plan(Grant No.2018YFB0803504)+1 种基金Joint of Beijing Natural Science Foundation and Education Commission(KZ201810009011)Science and Technology Innovation Project of North China University of Technology(19XN108).
文摘In recent years,the number of exposed vulnerabilities has grown rapidly and more and more attacks occurred to intrude on the target computers using these vulnerabilities such as different malware.Malware detection has attracted more attention and still faces severe challenges.As malware detection based traditional machine learning relies on exports’experience to design efficient features to distinguish different malware,it causes bottleneck on feature engineer and is also time-consuming to find efficient features.Due to its promising ability in automatically proposing and selecting significant features,deep learning has gradually become a research hotspot.In this paper,aiming to detect the malicious payload and identify their categories with high accuracy,we proposed a packet-based malicious payload detection and identification algorithm based on object detection deep learning network.A dataset of malicious payload on code execution vulnerability has been constructed under the Metasploit framework and used to evaluate the performance of the proposed malware detection and identification algorithm.The experimental results demonstrated that the proposed object detection network can efficiently find and identify malicious payloads with high accuracy.
基金This work was supported in part by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT)(No.2016R1C1B1014069)in part by the National Research Foundation of Korea(NRF)funded by the Korea government(MIST)(No.2021R1A2C1013150).
文摘Since the introduction of the Internet of Things(IoT),several researchers have been exploring its productivity to utilize and organize the spectrum assets.Cognitive radio(CR)technology is characterized as the best aspirant for wireless communications to augment IoT competencies.In the CR networks,secondary users(SUs)opportunistically get access to the primary users(PUs)spectrum through spectrum sensing.The multipath issues in the wireless channel can fluster the sensing ability of the individual SUs.Therefore,several cooperative SUs are engaged in cooperative spectrum sensing(CSS)to ensure reliable sensing results.In CSS,security is still a major concern for the researchers to safeguard the fusion center(FC)against abnormal sensing reports initiated by the malicious users(MUs).In this paper,butterfly optimization algorithm(BOA)-based soft decision method is proposed to find an optimized weighting coefficient vector correlated to the SUs sensing notifications.The coefficient vector is utilized in the soft decision rule at the FC before making any global decision.The effectiveness of the proposed scheme is compared for a variety of parameters with existing schemes through simulation results.The results confirmed the supremacy of the proposed BOA scheme in both the normal SUs’environment and when lower and higher SNRs information is carried by the different categories of MUs.
