The message blinding method is the most efficient and secure countermeasure against first-order differential power analysis(DPA).Although cross correlation attacks(CCAs) were given for defeating message blinding metho...The message blinding method is the most efficient and secure countermeasure against first-order differential power analysis(DPA).Although cross correlation attacks(CCAs) were given for defeating message blinding methods,however searching for correlation points is difficult for noise,misalignment in practical environment.In this paper,we propose an optimized cross correlation power attack for message blinding exponentiation algorithms.The attack method can select the more correlative power points of share one operation in the modular multiplication by comparing variances between correlation coefficients.Further we demonstrate that the attack method is more efficient in experiments with hardware implementation of RSA on a crypto chip card.In addition to the proposed CCA method can recovery all 1024 bits secret key and recognition rate increases to 100%even when the recorded signals are noisy.展开更多
A simple fast correlation attack is used to analysis the security of Bluetooth combiner in this paper. This attack solves the tradeoff between the length of the keystream and the computing complexity needed to recover...A simple fast correlation attack is used to analysis the security of Bluetooth combiner in this paper. This attack solves the tradeoff between the length of the keystream and the computing complexity needed to recover the secret key. We give the computing complexities of the attack algorithm according to different lengths of the known keystream. The result is less time-consuming than before. It is also shown that the secu-rity of the modified Bluetooth combiner by Hermelin and Nyberg is not significantly enhanced.展开更多
With the continuous development of network technology,various large-scale cyber-attacks continue to emerge.These attacks pose a severe threat to the security of systems,networks,and data.Therefore,how to mine attack p...With the continuous development of network technology,various large-scale cyber-attacks continue to emerge.These attacks pose a severe threat to the security of systems,networks,and data.Therefore,how to mine attack patterns from massive data and detect attacks are urgent problems.In this paper,an approach for attack mining and detection is proposed that performs tasks of alarm correlation,false-positive elimination,attack mining,and attack prediction.Based on the idea of CluStream,the proposed approach implements a flow clustering method and a two-step algorithm that guarantees efficient streaming and clustering.The context of an alarm in the attack chain is analyzed and the LightGBM method is used to perform falsepositive recognition with high accuracy.To accelerate the search for the filtered alarm sequence data to mine attack patterns,the PrefixSpan algorithm is also updated in the store strategy.The updated PrefixSpan increases the processing efficiency and achieves a better result than the original one in experiments.With Bayesian theory,the transition probability for the sequence pattern string is calculated and the alarm transition probability table constructed to draw the attack graph.Finally,a long-short-term memory network and embedding word-vector method are used to perform online prediction.Results of numerical experiments show that the method proposed in this paper has a strong practical value for attack detection and prediction.展开更多
Detection of thewormhole attacks is a cumbersome process,particularly simplex and duplex over thewireless sensor networks(WSNs).Wormhole attacks are characterized as distributed passive attacks that can destabilize or...Detection of thewormhole attacks is a cumbersome process,particularly simplex and duplex over thewireless sensor networks(WSNs).Wormhole attacks are characterized as distributed passive attacks that can destabilize or disable WSNs.The distributed passive nature of these attacks makes them enormously challenging to detect.The main objective is to find all the possible ways in which how the wireless sensor network’s broadcasting character and transmission medium allows the attacker to interrupt network within the distributed environment.And further to detect the serious routing-disruption attack“Wormhole Attack”step by step through the different network mechanisms.In this paper,a new multi-step detection(MSD)scheme is introduced that can effectively detect the wormhole attacks for WSN.The MSD consists of three algorithms to detect and prevent the simplex and duplex wormhole attacks.Furthermore,the proposed scheme integrated five detection modules to systematically detect,recover,and isolate wormhole attacks.Simulation results conducted inOMNET++show that the proposedMSDhas lower false detection and false toleration rates.Besides,MSDcan effectively detect wormhole attacks in a completely distributed network environment,as suggested by the simulation results.展开更多
False Data Injection Attacks(FDIAs)pose a critical security threat to modern power grids,corrupting state estimation and enabling malicious control actions that can lead to severe consequences,including cascading fail...False Data Injection Attacks(FDIAs)pose a critical security threat to modern power grids,corrupting state estimation and enabling malicious control actions that can lead to severe consequences,including cascading failures,large-scale blackouts,and significant economic losses.While detecting attacks is important,accurately localizing compromised nodes or measurements is even more critical,as it enables timely mitigation,targeted response,and enhanced system resilience beyond what detection alone can offer.Existing research typically models topological features using fixed structures,which can introduce irrelevant information and affect the effectiveness of feature extraction.To address this limitation,this paper proposes an FDIA localization model with adaptive neighborhood selection,which dynamically captures spatial dependencies of the power grid by adjusting node relationships based on data-driven similarities.The improved Transformer is employed to pre-fuse global spatial features of the graph,enriching the feature representation.To improve spatio-temporal correlation extraction for FDIA localization,the proposed model employs dilated causal convolution with a gating mechanism combined with graph convolution to capture and fuse long-range temporal features and adaptive topological features.This fully exploits the temporal dynamics and spatial dependencies inherent in the power grid.Finally,multi-source information is integrated to generate highly robust node embeddings,enhancing FDIA detection and localization.Experiments are conducted on IEEE 14,57,and 118-bus systems,and the results demonstrate that the proposed model substantially improves the accuracy of FDIA localization.Additional experiments are conducted to verify the effectiveness and robustness of the proposed model.展开更多
During the standardisation process of post-quantum cryptography,NIST encourages research on side-channel analysis for candidate schemes.As the recommended lattice signature scheme,CRYSTALS-Dilithium,when implemented o...During the standardisation process of post-quantum cryptography,NIST encourages research on side-channel analysis for candidate schemes.As the recommended lattice signature scheme,CRYSTALS-Dilithium,when implemented on hardware,has seen limited research on side-channel analysis,and current attacks are incomplete or requires a substantial quantity of traces.Therefore,we conducted a more complete analysis to investigate the leakage of an FPGA implementation of CRYSTALS-Dilithium using the Correlation Power Analysis(CPA)method,where with a minimum of 70,000 traces partial private key coefficients can be recovered.Furthermore,we optimise the attack by extracting Point-of-Interests using known information due to parallelism(named CPA-PoI)and by iteratively utilising parallel leakages(named CPA-ITR).Our experimental results show that CPA-PoI reduces the number of traces by up to 16.67%,CPA-ITR by up to 25%,and both increase the number of recovered key coefficients by up to 55.17% and 93.10% using the same number of traces.They outperfom the CPA method.As a result,it suggests that the FPGA implementation of CRYSTALS-Dilithium is more vulnerable than thought before to side-channel analysis.展开更多
Traffic flow prediction is an important part of the intelligent transportation system. Accurate multi-step traffic flow prediction plays an important role in improving the operational efficiency of the traffic network...Traffic flow prediction is an important part of the intelligent transportation system. Accurate multi-step traffic flow prediction plays an important role in improving the operational efficiency of the traffic network. Since traffic flow data has complex spatio-temporal correlation and non-linearity, existing prediction methods are mainly accomplished through a combination of a Graph Convolutional Network (GCN) and a recurrent neural network. The combination strategy has an excellent performance in traffic prediction tasks. However, multi-step prediction error accumulates with the predicted step size. Some scholars use multiple sampling sequences to achieve more accurate prediction results. But it requires high hardware conditions and multiplied training time. Considering the spatiotemporal correlation of traffic flow and influence of external factors, we propose an Attention Based Spatio-Temporal Graph Convolutional Network considering External Factors (ABSTGCN-EF) for multi-step traffic flow prediction. This model models the traffic flow as diffusion on a digraph and extracts the spatial characteristics of traffic flow through GCN. We add meaningful time-slots attention to the encoder-decoder to form an Attention Encoder Network (AEN) to handle temporal correlation. The attention vector is used as a competitive choice to draw the correlation between predicted states and historical states. We considered the impact of three external factors (daytime, weekdays, and traffic accident markers) on the traffic flow prediction tasks. Experiments on two public data sets show that it makes sense to consider external factors. The prediction performance of our ABSTGCN-EF model achieves 7.2%–8.7% higher than the state-of-the-art baselines.展开更多
In Wireless Body Area Networks(WBANs)with respect to health care,sensors are positioned inside the body of an individual to transfer sensed data to a central station periodically.The great challenges posed to healthca...In Wireless Body Area Networks(WBANs)with respect to health care,sensors are positioned inside the body of an individual to transfer sensed data to a central station periodically.The great challenges posed to healthcare WBANs are the black hole and sink hole attacks.Data from deployed sensor nodes are attracted by sink hole or black hole nodes while grabbing the shortest path.Identifying this issue is quite a challenging task as a small variation in medicine intake may result in a severe illness.This work proposes a hybrid detection framework for attacks by applying a Proportional Coinciding Score(PCS)and an MK-Means algorithm,which is a well-known machine learning technique used to raise attack detection accuracy and decrease computational difficulties while giving treatments for heartache and respiratory issues.First,the gathered training data feature count is reduced through data pre-processing in the PCS.Second,the pre-processed features are sent to the MK-Means algorithm for training the data and promoting classification.Third,certain attack detection measures given by the intrusion detection system,such as the number of data packages trans-received,are identified by the MK-Means algorithm.This study demonstrates that the MK-Means framework yields a high detection accuracy with a low packet loss rate,low communication overhead,and reduced end-to-end delay in the network and improves the accuracy of biomedical data.展开更多
In the era of global Internet security threats,there is an urgent need for different organizations to cooperate and jointly fight against cyber attacks.We present an algorithm that combines a privacy-preserving techni...In the era of global Internet security threats,there is an urgent need for different organizations to cooperate and jointly fight against cyber attacks.We present an algorithm that combines a privacy-preserving technique and a multi-step attack-correlation method to better balance the privacy and availability of alarm data.This algorithm is used to construct multi-step attack scenarios by discovering sequential attack-behavior patterns.It analyzes the time-sequential characteristics of attack behaviors and implements a support-evaluation method.Optimized candidate attack-sequence generation is applied to solve the problem of pre-defined association-rule complexity,as well as expert-knowledge dependency.An enhanced k-anonymity method is applied to this algorithm to preserve privacy.Experimental results indicate that the algorithm has better performance and accuracy for multi-step attack correlation than other methods,and reaches a good balance between efficiency and privacy.展开更多
Correlation power analysis(CPA) has become a successful attack method about crypto-graphic hardware to recover the secret keys. However, the noise influence caused by the random process interrupts(RPIs) becomes an imp...Correlation power analysis(CPA) has become a successful attack method about crypto-graphic hardware to recover the secret keys. However, the noise influence caused by the random process interrupts(RPIs) becomes an important factor of the power analysis attack efficiency, which will cost more traces or attack time. To address the issue, an improved method about empirical mode decomposition(EMD) was proposed. Instead of restructuring the decomposed signals of intrinsic mode functions(IMFs), we extract a certain intrinsic mode function(IMF) as new feature signal for CPA attack. Meantime, a new attack assessment is proposed to compare the attack effectiveness of different methods. The experiment shows that our method has more excellent performance on CPA than others. The first and the second IMF can be chosen as two optimal feature signals in CPA. In the new method, the signals of the first IMF increase peak visibility by 64% than those of the tradition EMD method in the situation of non-noise. On the condition of different noise interference, the orders of attack efficiencies are also same. With external noise interference, the attack effect of the first IMF based on noise with 15dB is the best.展开更多
Building attack scenario is one of the most important aspects in network security.This paper pro-posed a system which collects intrusion alerts,clusters them as sub-attacks using alerts abstraction,ag-gregates the sim...Building attack scenario is one of the most important aspects in network security.This paper pro-posed a system which collects intrusion alerts,clusters them as sub-attacks using alerts abstraction,ag-gregates the similar sub-attacks,and then correlates and generates correlation graphs.The scenarios wererepresented by alert classes instead of alerts themselves so as to reduce the required rules and have the a-bility of detecting new variations of attacks.The proposed system is capable of passing some of the missedattacks.To evaluate system effectiveness,it was tested with different datasets which contain multi-stepattacks.Compressed and easily understandable Correlation graphs which reflect attack scenarios were gen-erated.The proposed system can correlate related alerts,uncover the attack strategies,and detect newvariations of attacks.展开更多
面向高维复杂的电力量测数据,现有攻击定位检测方法存在定位精度差的问题。为此该文提出一种基于最大信息系数-双层置信极端梯度提升树的电网虚假数据注入攻击定位检测方法。所提方法引入最大信息系数对量测数据进行特征选择,能够非线...面向高维复杂的电力量测数据,现有攻击定位检测方法存在定位精度差的问题。为此该文提出一种基于最大信息系数-双层置信极端梯度提升树的电网虚假数据注入攻击定位检测方法。所提方法引入最大信息系数对量测数据进行特征选择,能够非线性地衡量数据特征之间的关联性,且公平地根据一个特征变量中包含另一个特征变量的信息量来去除冗余特征,有效解决虚假数据注入攻击定位检测方法普遍面临的量测数据高维冗余问题;同时提出一种具有正反馈信息传递作用的双层置信极端梯度提升树来对各节点状态进行分类,通过结合电网拓扑关系学习标签相关性,从而有选择性地利用前序标签有效预测信息,来减少后续分类器学习到的前序标签预测信息中包含的错误,最终实现对受攻击位置的精确定位。在IEEE-14、IEEE-57节点系统上进行大量仿真,算例结果验证了所提方法的有效性,且相较于其他方法具有更高的准确率、精度、召回率、F1值和AUC(area under curve)值。展开更多
ABC v3 is a stream cipher submitted to the ECRYPT eStream project and has entered the second evaluation phase. Its key length is 128 bits. In this paper, we find large numbers of new weak keys of ABC family and introd...ABC v3 is a stream cipher submitted to the ECRYPT eStream project and has entered the second evaluation phase. Its key length is 128 bits. In this paper, we find large numbers of new weak keys of ABC family and introduce a method to search for them, and then apply a fast correlation attack to break ABC v3 with weak keys. We show that there are at least 2^103.71 new weak keys in ABC v3. Recovering the internal state of a weak key requires 236.05 keystream words and 2^50.56 operations. The attack can be applied to ABC vl and v2 with the same complexity as that of ABC v3. However, the number of weak keys of ABC vl as well as ABC v2 decreases to 2^97 + 20^95.19,It reveals that ABC v3 incurs more weak keys than that of ABC vl and v2.展开更多
电力系统作为实时信息与能源高度融合的电力信息物理融合系统(cyber-physical power system,CPPS),虚假数据注入攻击(false data injection attacks,FDIAs)的准确辨识将有效保证CPPS安全稳定运行。为准确、高效地完成日前负荷预测,首先...电力系统作为实时信息与能源高度融合的电力信息物理融合系统(cyber-physical power system,CPPS),虚假数据注入攻击(false data injection attacks,FDIAs)的准确辨识将有效保证CPPS安全稳定运行。为准确、高效地完成日前负荷预测,首先使用肯德尔相关系数(Kendall's tau-b)量化日期类型的取值,引入加权灰色关联分析选取相似日,再建立基于最小二乘支持向量机(least squares support vector machine,LSSVM)的日前负荷预测模型。将预测负荷通过潮流计算求解的系统节点状态量与无迹卡尔曼滤波(unscented Kalman filter,UKF)动态状态估计得到的状态量进行自适应加权混合,最后基于混合预测值和静态估计值间的偏差变量提出了攻击检测指数(attack detection index,ADI),根据ADI的分布检测FDIAs。若检测到FDIAs,使用混合预测状态量对该时刻的量测量进行修正。使用IEEE-14和IEEE-39节点系统进行仿真,结果验证了所提方法的有效性与可行性。展开更多
基金supported in part by National Natural Science Foundation of China Project(Grant No.60873216) Scientific and Technological Research Priority Projects of Sichuan Province(Grant No. 2012GZ0017)
文摘The message blinding method is the most efficient and secure countermeasure against first-order differential power analysis(DPA).Although cross correlation attacks(CCAs) were given for defeating message blinding methods,however searching for correlation points is difficult for noise,misalignment in practical environment.In this paper,we propose an optimized cross correlation power attack for message blinding exponentiation algorithms.The attack method can select the more correlative power points of share one operation in the modular multiplication by comparing variances between correlation coefficients.Further we demonstrate that the attack method is more efficient in experiments with hardware implementation of RSA on a crypto chip card.In addition to the proposed CCA method can recovery all 1024 bits secret key and recognition rate increases to 100%even when the recorded signals are noisy.
基金Supported by the National Key Foundation Research "973" project (No.G1999035802) and the National Natural Science Foundation of China (No.60273027).
文摘A simple fast correlation attack is used to analysis the security of Bluetooth combiner in this paper. This attack solves the tradeoff between the length of the keystream and the computing complexity needed to recover the secret key. We give the computing complexities of the attack algorithm according to different lengths of the known keystream. The result is less time-consuming than before. It is also shown that the secu-rity of the modified Bluetooth combiner by Hermelin and Nyberg is not significantly enhanced.
基金This work is supported by the National Key R&D Program of China(2016QY05X1000)the National Natural Science Foundation of China(Grant No.201561402137).
文摘With the continuous development of network technology,various large-scale cyber-attacks continue to emerge.These attacks pose a severe threat to the security of systems,networks,and data.Therefore,how to mine attack patterns from massive data and detect attacks are urgent problems.In this paper,an approach for attack mining and detection is proposed that performs tasks of alarm correlation,false-positive elimination,attack mining,and attack prediction.Based on the idea of CluStream,the proposed approach implements a flow clustering method and a two-step algorithm that guarantees efficient streaming and clustering.The context of an alarm in the attack chain is analyzed and the LightGBM method is used to perform falsepositive recognition with high accuracy.To accelerate the search for the filtered alarm sequence data to mine attack patterns,the PrefixSpan algorithm is also updated in the store strategy.The updated PrefixSpan increases the processing efficiency and achieves a better result than the original one in experiments.With Bayesian theory,the transition probability for the sequence pattern string is calculated and the alarm transition probability table constructed to draw the attack graph.Finally,a long-short-term memory network and embedding word-vector method are used to perform online prediction.Results of numerical experiments show that the method proposed in this paper has a strong practical value for attack detection and prediction.
文摘Detection of thewormhole attacks is a cumbersome process,particularly simplex and duplex over thewireless sensor networks(WSNs).Wormhole attacks are characterized as distributed passive attacks that can destabilize or disable WSNs.The distributed passive nature of these attacks makes them enormously challenging to detect.The main objective is to find all the possible ways in which how the wireless sensor network’s broadcasting character and transmission medium allows the attacker to interrupt network within the distributed environment.And further to detect the serious routing-disruption attack“Wormhole Attack”step by step through the different network mechanisms.In this paper,a new multi-step detection(MSD)scheme is introduced that can effectively detect the wormhole attacks for WSN.The MSD consists of three algorithms to detect and prevent the simplex and duplex wormhole attacks.Furthermore,the proposed scheme integrated five detection modules to systematically detect,recover,and isolate wormhole attacks.Simulation results conducted inOMNET++show that the proposedMSDhas lower false detection and false toleration rates.Besides,MSDcan effectively detect wormhole attacks in a completely distributed network environment,as suggested by the simulation results.
基金supported by National Key Research and Development Plan of China(No.2022YFB3103304).
文摘False Data Injection Attacks(FDIAs)pose a critical security threat to modern power grids,corrupting state estimation and enabling malicious control actions that can lead to severe consequences,including cascading failures,large-scale blackouts,and significant economic losses.While detecting attacks is important,accurately localizing compromised nodes or measurements is even more critical,as it enables timely mitigation,targeted response,and enhanced system resilience beyond what detection alone can offer.Existing research typically models topological features using fixed structures,which can introduce irrelevant information and affect the effectiveness of feature extraction.To address this limitation,this paper proposes an FDIA localization model with adaptive neighborhood selection,which dynamically captures spatial dependencies of the power grid by adjusting node relationships based on data-driven similarities.The improved Transformer is employed to pre-fuse global spatial features of the graph,enriching the feature representation.To improve spatio-temporal correlation extraction for FDIA localization,the proposed model employs dilated causal convolution with a gating mechanism combined with graph convolution to capture and fuse long-range temporal features and adaptive topological features.This fully exploits the temporal dynamics and spatial dependencies inherent in the power grid.Finally,multi-source information is integrated to generate highly robust node embeddings,enhancing FDIA detection and localization.Experiments are conducted on IEEE 14,57,and 118-bus systems,and the results demonstrate that the proposed model substantially improves the accuracy of FDIA localization.Additional experiments are conducted to verify the effectiveness and robustness of the proposed model.
基金supported in part by National Key R&D Program of China(No.2022YFB3103800)National Natural Science Foundation of China(No.U1936209,No.62202231 and No.62202230)+4 种基金the Defense Industrial Technology Development Program(No.JCKY2021606B013)China Postdoctoral Science Foundation(No.2021M701726)Jiangsu Funding Program for Excellent Postdoctoral Talent(No.2022ZB270)Yunnan Provincial Major Science and Technology Special Plan Projects(No.202103AA080015)CCF-Tencent Rhino-Bird Open Research Fund(No.CCF-Tencent RAGR20230114).
文摘During the standardisation process of post-quantum cryptography,NIST encourages research on side-channel analysis for candidate schemes.As the recommended lattice signature scheme,CRYSTALS-Dilithium,when implemented on hardware,has seen limited research on side-channel analysis,and current attacks are incomplete or requires a substantial quantity of traces.Therefore,we conducted a more complete analysis to investigate the leakage of an FPGA implementation of CRYSTALS-Dilithium using the Correlation Power Analysis(CPA)method,where with a minimum of 70,000 traces partial private key coefficients can be recovered.Furthermore,we optimise the attack by extracting Point-of-Interests using known information due to parallelism(named CPA-PoI)and by iteratively utilising parallel leakages(named CPA-ITR).Our experimental results show that CPA-PoI reduces the number of traces by up to 16.67%,CPA-ITR by up to 25%,and both increase the number of recovered key coefficients by up to 55.17% and 93.10% using the same number of traces.They outperfom the CPA method.As a result,it suggests that the FPGA implementation of CRYSTALS-Dilithium is more vulnerable than thought before to side-channel analysis.
基金supported by the Nation Natural Science Foundation of China(NSFC)under Grant No.61462042 and No.61966018.
文摘Traffic flow prediction is an important part of the intelligent transportation system. Accurate multi-step traffic flow prediction plays an important role in improving the operational efficiency of the traffic network. Since traffic flow data has complex spatio-temporal correlation and non-linearity, existing prediction methods are mainly accomplished through a combination of a Graph Convolutional Network (GCN) and a recurrent neural network. The combination strategy has an excellent performance in traffic prediction tasks. However, multi-step prediction error accumulates with the predicted step size. Some scholars use multiple sampling sequences to achieve more accurate prediction results. But it requires high hardware conditions and multiplied training time. Considering the spatiotemporal correlation of traffic flow and influence of external factors, we propose an Attention Based Spatio-Temporal Graph Convolutional Network considering External Factors (ABSTGCN-EF) for multi-step traffic flow prediction. This model models the traffic flow as diffusion on a digraph and extracts the spatial characteristics of traffic flow through GCN. We add meaningful time-slots attention to the encoder-decoder to form an Attention Encoder Network (AEN) to handle temporal correlation. The attention vector is used as a competitive choice to draw the correlation between predicted states and historical states. We considered the impact of three external factors (daytime, weekdays, and traffic accident markers) on the traffic flow prediction tasks. Experiments on two public data sets show that it makes sense to consider external factors. The prediction performance of our ABSTGCN-EF model achieves 7.2%–8.7% higher than the state-of-the-art baselines.
基金funded by Stefan cel Mare University of Suceava,Romania.
文摘In Wireless Body Area Networks(WBANs)with respect to health care,sensors are positioned inside the body of an individual to transfer sensed data to a central station periodically.The great challenges posed to healthcare WBANs are the black hole and sink hole attacks.Data from deployed sensor nodes are attracted by sink hole or black hole nodes while grabbing the shortest path.Identifying this issue is quite a challenging task as a small variation in medicine intake may result in a severe illness.This work proposes a hybrid detection framework for attacks by applying a Proportional Coinciding Score(PCS)and an MK-Means algorithm,which is a well-known machine learning technique used to raise attack detection accuracy and decrease computational difficulties while giving treatments for heartache and respiratory issues.First,the gathered training data feature count is reduced through data pre-processing in the PCS.Second,the pre-processed features are sent to the MK-Means algorithm for training the data and promoting classification.Third,certain attack detection measures given by the intrusion detection system,such as the number of data packages trans-received,are identified by the MK-Means algorithm.This study demonstrates that the MK-Means framework yields a high detection accuracy with a low packet loss rate,low communication overhead,and reduced end-to-end delay in the network and improves the accuracy of biomedical data.
基金This work is supported by the Ordinary University Innovation Project of Guangdong Province(Nos.2014KTSCX212,2014KQNCX24).
文摘In the era of global Internet security threats,there is an urgent need for different organizations to cooperate and jointly fight against cyber attacks.We present an algorithm that combines a privacy-preserving technique and a multi-step attack-correlation method to better balance the privacy and availability of alarm data.This algorithm is used to construct multi-step attack scenarios by discovering sequential attack-behavior patterns.It analyzes the time-sequential characteristics of attack behaviors and implements a support-evaluation method.Optimized candidate attack-sequence generation is applied to solve the problem of pre-defined association-rule complexity,as well as expert-knowledge dependency.An enhanced k-anonymity method is applied to this algorithm to preserve privacy.Experimental results indicate that the algorithm has better performance and accuracy for multi-step attack correlation than other methods,and reaches a good balance between efficiency and privacy.
基金supported by The National Natural Science Foundation of China under Grants 61571063,61501100 and 61472357
文摘Correlation power analysis(CPA) has become a successful attack method about crypto-graphic hardware to recover the secret keys. However, the noise influence caused by the random process interrupts(RPIs) becomes an important factor of the power analysis attack efficiency, which will cost more traces or attack time. To address the issue, an improved method about empirical mode decomposition(EMD) was proposed. Instead of restructuring the decomposed signals of intrinsic mode functions(IMFs), we extract a certain intrinsic mode function(IMF) as new feature signal for CPA attack. Meantime, a new attack assessment is proposed to compare the attack effectiveness of different methods. The experiment shows that our method has more excellent performance on CPA than others. The first and the second IMF can be chosen as two optimal feature signals in CPA. In the new method, the signals of the first IMF increase peak visibility by 64% than those of the tradition EMD method in the situation of non-noise. On the condition of different noise interference, the orders of attack efficiencies are also same. With external noise interference, the attack effect of the first IMF based on noise with 15dB is the best.
基金the National High Technology Research and Development Programme of China(2006AA01Z452)
文摘Building attack scenario is one of the most important aspects in network security.This paper pro-posed a system which collects intrusion alerts,clusters them as sub-attacks using alerts abstraction,ag-gregates the similar sub-attacks,and then correlates and generates correlation graphs.The scenarios wererepresented by alert classes instead of alerts themselves so as to reduce the required rules and have the a-bility of detecting new variations of attacks.The proposed system is capable of passing some of the missedattacks.To evaluate system effectiveness,it was tested with different datasets which contain multi-stepattacks.Compressed and easily understandable Correlation graphs which reflect attack scenarios were gen-erated.The proposed system can correlate related alerts,uncover the attack strategies,and detect newvariations of attacks.
文摘面向高维复杂的电力量测数据,现有攻击定位检测方法存在定位精度差的问题。为此该文提出一种基于最大信息系数-双层置信极端梯度提升树的电网虚假数据注入攻击定位检测方法。所提方法引入最大信息系数对量测数据进行特征选择,能够非线性地衡量数据特征之间的关联性,且公平地根据一个特征变量中包含另一个特征变量的信息量来去除冗余特征,有效解决虚假数据注入攻击定位检测方法普遍面临的量测数据高维冗余问题;同时提出一种具有正反馈信息传递作用的双层置信极端梯度提升树来对各节点状态进行分类,通过结合电网拓扑关系学习标签相关性,从而有选择性地利用前序标签有效预测信息,来减少后续分类器学习到的前序标签预测信息中包含的错误,最终实现对受攻击位置的精确定位。在IEEE-14、IEEE-57节点系统上进行大量仿真,算例结果验证了所提方法的有效性,且相较于其他方法具有更高的准确率、精度、召回率、F1值和AUC(area under curve)值。
基金the National Natural Science Foundation of China (Grant Nos.90604036 and 60525201)the 973 Project (Grant No.2007CB807902)
文摘ABC v3 is a stream cipher submitted to the ECRYPT eStream project and has entered the second evaluation phase. Its key length is 128 bits. In this paper, we find large numbers of new weak keys of ABC family and introduce a method to search for them, and then apply a fast correlation attack to break ABC v3 with weak keys. We show that there are at least 2^103.71 new weak keys in ABC v3. Recovering the internal state of a weak key requires 236.05 keystream words and 2^50.56 operations. The attack can be applied to ABC vl and v2 with the same complexity as that of ABC v3. However, the number of weak keys of ABC vl as well as ABC v2 decreases to 2^97 + 20^95.19,It reveals that ABC v3 incurs more weak keys than that of ABC vl and v2.
文摘电力系统作为实时信息与能源高度融合的电力信息物理融合系统(cyber-physical power system,CPPS),虚假数据注入攻击(false data injection attacks,FDIAs)的准确辨识将有效保证CPPS安全稳定运行。为准确、高效地完成日前负荷预测,首先使用肯德尔相关系数(Kendall's tau-b)量化日期类型的取值,引入加权灰色关联分析选取相似日,再建立基于最小二乘支持向量机(least squares support vector machine,LSSVM)的日前负荷预测模型。将预测负荷通过潮流计算求解的系统节点状态量与无迹卡尔曼滤波(unscented Kalman filter,UKF)动态状态估计得到的状态量进行自适应加权混合,最后基于混合预测值和静态估计值间的偏差变量提出了攻击检测指数(attack detection index,ADI),根据ADI的分布检测FDIAs。若检测到FDIAs,使用混合预测状态量对该时刻的量测量进行修正。使用IEEE-14和IEEE-39节点系统进行仿真,结果验证了所提方法的有效性与可行性。
