Cloud storage,a core component of cloud computing,plays a vital role in the storage and management of data.Electronic Health Records(EHRs),which document users’health information,are typically stored on cloud servers...Cloud storage,a core component of cloud computing,plays a vital role in the storage and management of data.Electronic Health Records(EHRs),which document users’health information,are typically stored on cloud servers.However,users’sensitive data would then become unregulated.In the event of data loss,cloud storage providers might conceal the fact that data has been compromised to protect their reputation and mitigate losses.Ensuring the integrity of data stored in the cloud remains a pressing issue that urgently needs to be addressed.In this paper,we propose a data auditing scheme for cloud-based EHRs that incorporates recoverability and batch auditing,alongside a thorough security and performance evaluation.Our scheme builds upon the indistinguishability-based privacy-preserving auditing approach proposed by Zhou et al.We identify that this scheme is insecure and vulnerable to forgery attacks on data storage proofs.To address these vulnerabilities,we enhanced the auditing process using masking techniques and designed new algorithms to strengthen security.We also provide formal proof of the security of the signature algorithm and the auditing scheme.Furthermore,our results show that our scheme effectively protects user privacy and is resilient against malicious attacks.Experimental results indicate that our scheme is not only secure and efficient but also supports batch auditing of cloud data.Specifically,when auditing 10,000 users,batch auditing reduces computational overhead by 101 s compared to normal auditing.展开更多
Traditional steganography conceals information by modifying cover data,but steganalysis tools easily detect such alterations.While deep learning-based steganography often involves high training costs and complex deplo...Traditional steganography conceals information by modifying cover data,but steganalysis tools easily detect such alterations.While deep learning-based steganography often involves high training costs and complex deployment.Diffusion model-based methods face security vulnerabilities,particularly due to potential information leakage during generation.We propose a fixed neural network image steganography framework based on secure diffu-sion models to address these challenges.Unlike conventional approaches,our method minimizes cover modifications through neural network optimization,achieving superior steganographic performance in human visual perception and computer vision analyses.The cover images are generated in an anime style using state-of-the-art diffusion models,ensuring the transmitted images appear more natural.This study introduces fixed neural network technology that allows senders to transmit only minimal critical information alongside stego-images.Recipients can accurately reconstruct secret images using this compact data,significantly reducing transmission overhead compared to conventional deep steganography.Furthermore,our framework innovatively integrates ElGamal,a cryptographic algorithm,to protect critical information during transmission,enhancing overall system security and ensuring end-to-end information protection.This dual optimization of payload reduction and cryptographic reinforcement establishes a new paradigm for secure and efficient image steganography.展开更多
Wireless mesh network is a new emerging field with its potential applications in extremely unpredictable and dynamic environments.However,it is particularly vulnerable due to its features of open medium,dynamic changi...Wireless mesh network is a new emerging field with its potential applications in extremely unpredictable and dynamic environments.However,it is particularly vulnerable due to its features of open medium,dynamic changing topology, cooperative routing algorithms.The article surveys the state of the art in security for wireless mesh networks.Firstly,we analyze various possible threats to security in wireless mesh networks.Secondly,we introduce some representative solutions to these threats,including solutions to the problems of key management,secure network routing,and intrusion detection.We also provide a comparison and discussion of their respective merits and drawbacks,and propose some improvements for these drawbacks.Finally,we also discuss the remaining challenges in the area.展开更多
With increased cyber attacks over years,information system security assessment becomes more and more important.This paper provides an ontology-based attack model,and then utilizes it to assess the information system s...With increased cyber attacks over years,information system security assessment becomes more and more important.This paper provides an ontology-based attack model,and then utilizes it to assess the information system security from attack angle.We categorize attacks into a taxonomy suitable for security assessment.The proposed taxonomy consists of five dimensions,which include attack impact,attack vector,attack target,vulnerability and defense.Afterwards we build an ontology according to the taxonomy.In the ontology,attack related concepts included in the five dimensions and relationships between them are formalized and analyzed in detail.We also populate our attack ontology with information from national vulnerability database(NVD)about the vulnerabilities,such as common vulnerabilities and exposures(CVE),common weakness enumeration(CWE),common vulnerability scoring system(CVSS),and common platform enumeration(CPE).Finally we propose an ontology-based framework for security assessment of network and computer systems,and describe the utilization of ontology in the security assessment and the method for evaluating attack efect on the system when it is under attack.展开更多
The CLC protocol (proposed by Tzung-Her Chen, Wei-Bin Lee and Hsing-Bai Chen, CLC, for short) is a new three-party password-authenticated key exchange (3PAKE) protocol. This CLC protocol provides a superior round ...The CLC protocol (proposed by Tzung-Her Chen, Wei-Bin Lee and Hsing-Bai Chen, CLC, for short) is a new three-party password-authenticated key exchange (3PAKE) protocol. This CLC protocol provides a superior round efficiency (only three rounds), and its resources required for computation are relatively few. However, we find that the leakage of values VA and VB in the CLC protocol will make a man-in-the-middle attack feasible in practice, where VA and VB are the authentication information chosen by the server for the participants A and B. In this paper, we describe our attack on the CLC protocol and further present a modified 3PAKE protocol, which is essentially an improved CLC protocol. Our protocol can resist attacks available, including man-in-the-middle attack we mount on the initial CLC protocol. Meanwhile, we allow that the participants choose their own pass- words by themselves, thus avoiding the danger that the server is controlled in the initialization phase. Also, the computational cost of our protocol is lower than that of the CLC protocol.展开更多
Modeling of network traffic is a fundamental building block of computer science. Measurements of network traffic demonstrate that self-similarity is one of the basic properties of the network traffic possess at large ...Modeling of network traffic is a fundamental building block of computer science. Measurements of network traffic demonstrate that self-similarity is one of the basic properties of the network traffic possess at large time-scale. This paper investigates the change of non-stationary self-similarity of network traffic over time,and proposes a method of combining the discrete wavelet transform (DWT) and Schwarz information criterion (SIC) to detect change points of self-similarity in network traffic. The traffic is segmented into pieces around changing points with homogenous characteristics for the Hurst parameter,named local Hurst parameter,and then each piece of network traffic is modeled using fractional Gaussian noise (FGN) model with the local Hurst parameter. The presented experimental performance on data set from the Internet Traffic Archive (ITA) demonstrates that the method is more accurate in describing the non-stationary self-similarity of network traffic.展开更多
To avoid the scalability of the existing systems that employed centralized indexing,index flooding or query flooding,we proposed an efficient peer-to-peer information retrieval system SPIRS (Semantic P2P-based Informa...To avoid the scalability of the existing systems that employed centralized indexing,index flooding or query flooding,we proposed an efficient peer-to-peer information retrieval system SPIRS (Semantic P2P-based Information Retrieval System) that supported state-of-the-art content and semantic searches. SPIRS distributes document indices through P2P network hierarchically by Latent Semantic Indexing (LSI) and organizes nodes into a hierarchical overlay through CAN and TRIE. Comparing with other P2P search techniques,those based on simple keyword matching,SPIRS has better accuracy for considering the advanced relevance among documents. Given a query,only a small number of nodes are needed for SPIRS to identify the matching documents. Furthermore,both theoretical analysis and experimental results show that SPIRS possesses higher accuracy and less logic hops.展开更多
Network operators are attempting many innovations and changes in 5G using self-organizing networks(SON).The SON operates on the measurement reports(MR),which are obtained from user equipment(UE)and secured against mal...Network operators are attempting many innovations and changes in 5G using self-organizing networks(SON).The SON operates on the measurement reports(MR),which are obtained from user equipment(UE)and secured against malware and userspace programs.However,the synchronization signal block that the UE relies on to measure the wireless environment configured by a base station is not authenticated.As a result,the UE will likely gauge the wrong wireless environment configured by a false base station(FBS)and transmit the corresponding MR to the serving base station,which poisons the data used for 5G SONs.Therefore,the serving base stations must verify the authenticity of the MR.The 3GPP has advocated numerous solutions for this issue,including the use of public key certificates,identity-based keys,and group keys.Although the solution leveraging group keys have better efficiency and practicality than the other two,they are vulnerable to security threats caused by key leaks via insiders or malicious UE.In this paper,we analyze these security issues and propose an improved group key protocol that uses a new network function,called a broadcast message authentication network function(BMANF),which validates broadcasted messages on behalf of the UE.The protocol operates in two phases:initial and verification.During the initial phase,the 5G core network distributes a shared secret key to the BMANF and UE,allowing the latter to request an authentication ticket from the former.During the verification phase,the UE requests the BMANF to validate the broadcasted messages received from base stations using the ticket and its corresponding shared key.For evaluation,we formally verified the proposed protocol,which was then compared with alternative methods in terms of computing cost.As a result,the proposed protocol fulfills the security requirements and shows a lower overhead than the alternatives.展开更多
This paper proposes a new approach to counter cyberattacks using the increasingly diverse malware in cyber security.Traditional signature detection methods that utilize static and dynamic features face limitations due...This paper proposes a new approach to counter cyberattacks using the increasingly diverse malware in cyber security.Traditional signature detection methods that utilize static and dynamic features face limitations due to the continuous evolution and diversity of new malware.Recently,machine learning-based malware detection techniques,such as Convolutional Neural Networks(CNN)and Recurrent Neural Networks(RNN),have gained attention.While these methods demonstrate high performance by leveraging static and dynamic features,they are limited in detecting new malware or variants because they learn based on the characteristics of existing malware.To overcome these limitations,malware detection techniques employing One-Shot Learning and Few-Shot Learning have been introduced.Based on this,the Siamese Network,which can effectively learn from a small number of samples and perform predictions based on similarity rather than learning the characteristics of the input data,enables the detection of new malware or variants.We propose a dual Siamese network-based detection framework that utilizes byte images converted frommalware binary data to grayscale,and opcode frequency-based images generated after extracting opcodes and converting them into 2-gramfrequencies.The proposed framework integrates two independent Siamese network models,one learning from byte images and the other from opcode frequency-based images.The detection models trained on the different kinds of images generated separately apply the L1 distancemeasure to the output vectors themodels generate,calculate the similarity,and then apply different weights to each model.Our proposed framework achieved a malware detection accuracy of 95.9%and 99.83%in the experimentsusingdifferentmalware datasets.The experimental resultsdemonstrate that ourmalware detection model can effectively detect malware by utilizing two different types of features and employing the dual Siamese network-based model.展开更多
With the rapid spread of Internet information and the spread of fake news,the detection of fake news becomes more and more important.Traditional detection methods often rely on a single emotional or semantic feature t...With the rapid spread of Internet information and the spread of fake news,the detection of fake news becomes more and more important.Traditional detection methods often rely on a single emotional or semantic feature to identify fake news,but these methods have limitations when dealing with news in specific domains.In order to solve the problem of weak feature correlation between data from different domains,a model for detecting fake news by integrating domain-specific emotional and semantic features is proposed.This method makes full use of the attention mechanism,grasps the correlation between different features,and effectively improves the effect of feature fusion.The algorithm first extracts the semantic features of news text through the Bi-LSTM(Bidirectional Long Short-Term Memory)layer to capture the contextual relevance of news text.Senta-BiLSTM is then used to extract emotional features and predict the probability of positive and negative emotions in the text.It then uses domain features as an enhancement feature and attention mechanism to fully capture more fine-grained emotional features associated with that domain.Finally,the fusion features are taken as the input of the fake news detection classifier,combined with the multi-task representation of information,and the MLP and Softmax functions are used for classification.The experimental results show that on the Chinese dataset Weibo21,the F1 value of this model is 0.958,4.9% higher than that of the sub-optimal model;on the English dataset FakeNewsNet,the F1 value of the detection result of this model is 0.845,1.8% higher than that of the sub-optimal model,which is advanced and feasible.展开更多
Traditional information hiding techniques achieve information hiding by modifying carrier data,which can easily leave detectable traces that may be detected by steganalysis tools.Especially in image transmission,both ...Traditional information hiding techniques achieve information hiding by modifying carrier data,which can easily leave detectable traces that may be detected by steganalysis tools.Especially in image transmission,both geometric and non-geometric attacks can cause subtle changes in the pixels of the image during transmission.To overcome these challenges,we propose a constructive robust image steganography technique based on style transformation.Unlike traditional steganography,our algorithm does not involve any direct modifications to the carrier data.In this study,we constructed a mapping dictionary by setting the correspondence between binary codes and image categories and then used the mapping dictionary to map secret information to secret images.Through image semantic segmentation and style transfer techniques,we combined the style of secret images with the content of public images to generate stego images.This type of stego image can resist interference during public channel transmission,ensuring the secure transmission of information.At the receiving end,we input the stego image into a trained secret image reconstruction network,which can effectively reconstruct the original secret image and further recover the secret information through a mapping dictionary to ensure the security,accuracy,and efficient decoding of the information.The experimental results show that this constructive information hiding method based on style transfer improves the security of information hiding,enhances the robustness of the algorithm to various attacks,and ensures information security.展开更多
Mobile ad hoc networking (MANET) has become an exciting and important technology in recent years, because of the rapid proliferation of wireless devices. Mobile ad hoc networks is highly vulnerable to attacks due to...Mobile ad hoc networking (MANET) has become an exciting and important technology in recent years, because of the rapid proliferation of wireless devices. Mobile ad hoc networks is highly vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, and lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective for those features. A distributed intrusion detection approach based on timed automata is given. A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then the timed automata is constructed by the way of manually abstracting the correct behaviours of the node according to the routing protocol of dynamic source routing (DSR). The monitor nodes can verify the behaviour of every nodes by timed automata, and validly detect real-time attacks without signatures of intrusion or trained data. Compared with the architecture where each node is its own IDS agent, the approach is much more efficient while maintaining the same level of effectiveness. Finally, the intrusion detection method is evaluated through simulation experiments.展开更多
The nature of adhoc networks makes them vulnerable to security attacks. Many security technologies such as intrusion prevention and intrusion detection are passive in response to intrusions in that their countermea- s...The nature of adhoc networks makes them vulnerable to security attacks. Many security technologies such as intrusion prevention and intrusion detection are passive in response to intrusions in that their countermea- sures are only to protect the networks, and there is no automated network-wide counteraction against detected intrusions, the architecture of cooperation intrusion response based multi-agent is propose. The architecture is composed of mobile agents. Monitor agent resides on every node and monitors its neighbor nodes. Decision agent collects information from monitor nodes and detects an intrusion by security policies. When an intruder is found in the architecture, the block agents will get to the neighbor nodes of the intruder and form the mobile firewall to isolate the intruder. In the end, we evaluate it by simulation.展开更多
Online reviews and comments are important information resources for people.A new model,called Sentiment Vector Space Model(SVSM),for feature selection and weighting is proposed to predict the sentiment orientation of ...Online reviews and comments are important information resources for people.A new model,called Sentiment Vector Space Model(SVSM),for feature selection and weighting is proposed to predict the sentiment orientation of comments and reviews,e.g.,sorting out positive reviews from negative ones.Different from that of topic-oriented classification,feature selection of sentiment orientation prediction focuses on language characteristics.Different from traditional algorithms for sentiment classification,this model integrates grammatical knowledge and takes topic correlations into account.Features are extracted,and the similarity between these features and the topic are also computed.The feature similarity is taken as a factor when evaluating the polarity of opinions.The experimental results show that the proposed model is more effective in identifying sentiment orientation than most of the traditional techniques.展开更多
Dear Editor, We developed a GPU-based analytical method, named as SHEsisEpi, which purely focuses on risk epistasis in a genome-wide association study (GWAS) of complex traits, excluding the contamination of margin...Dear Editor, We developed a GPU-based analytical method, named as SHEsisEpi, which purely focuses on risk epistasis in a genome-wide association study (GWAS) of complex traits, excluding the contamination of marginal effects caused by single-locus association. We analyzed the Wellcome Trust Case Control Consortium's (WTCCC) GWAS data of bipolar disorder (BPD) with 500K SNPs.展开更多
Mobile ad hoc networks are particularly vulnerable to denial of service (DOS) attacks launched through compromised nodes or intruders. In this paper, we present a new DOS attack and its defense in ad hoc networks. T...Mobile ad hoc networks are particularly vulnerable to denial of service (DOS) attacks launched through compromised nodes or intruders. In this paper, we present a new DOS attack and its defense in ad hoc networks. The new DOS attack, called AA hoc Flooding Attack(AHFA), is that intruder broadcasts mass Route Request packets to exhaust the communication bandwidth and node resource so that the valid communication can not be kept. After analyzed AM hoc Flooding Attack, we develop Flooding Attack Prevention (FAP), a genetic defense against the AM hoc Flooding Attack. When the intruder broadcasts exceeding packets of Route Request, the immediate neighbors of the intruder record the rate of Route Request. Once the threshold is exceeded, nodes deny any future request packets from the intruder. The results of our implementation show FAP can prevent the AM hoe Flooding attack efficiently.展开更多
Wireless Mesh Networks is vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, Lack of centralized monitoring and management point. The traditional way of protec...Wireless Mesh Networks is vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, Lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer suffi- cient and effective for those features. In this paper, we propose a distributed intrusion detection ap- proach based on timed automata. A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then we con- struct the Finite State Machine (FSM) by the way of manually abstracting the correct behaviors of the node according to the routing protocol of Dynamic Source Routing (DSR). The monitor nodes can verify every node's behavior by the Finite State Ma- chine (FSM), and validly detect real-time attacks without signatures of intrusion or trained data.Compared with the architecture where each node is its own IDS agent, our approach is much more efficient while maintaining the same level of effectiveness. Finally, we evaluate the intrusion detection method through simulation experiments.展开更多
This paper focuses on investigating immunological principles in designing a multi-agent security architecture for intrusion detection and response in wireless mesh networks.In this approach,the immunity-based agents m...This paper focuses on investigating immunological principles in designing a multi-agent security architecture for intrusion detection and response in wireless mesh networks.In this approach,the immunity-based agents monitor the situation in the network.These agents can take appropriate actions according to the underlying security policies.Specifically,their activities are coordinated in a hierarchical fashion while sensing,communicating,determining and generating responses.Such an agent can learn about and adapt to its environment dynamically and can detect both known and unknown intrusions.The proposed intrusion detection architecture is designed to be flexible,extendible,and adaptable so that it can perform real-time monitoring.This paper provides the conceptual view and a general framework of the proposed system.In the end,the architecture is illustrated by an example and by simulation to show it can prevent attacks efficiently.展开更多
Highly security-critical system should possess features of continuous service. We present a new Robust Disaster Recovery System Model (RDRSM). Through strengthening the ability of safe communications, RDRSM guarante...Highly security-critical system should possess features of continuous service. We present a new Robust Disaster Recovery System Model (RDRSM). Through strengthening the ability of safe communications, RDRSM guarantees the secure and reliable command on disaster recovery. Its self-supervision capability can monitor the integrality and security of disaster recovery system itself. By 2D and 3D rea-time visible platform provided by GIS, GPS and RS, the model makes the using, management and maintenance of disaster recovery system easier. RDRSM possesses predominant features of security, robustness and controllability. And it can be applied to highly security-critical environments such as E-government and bank. Conducted by RDRSM, an important E-government disaster recovery system has been constructed successfully. The feasibility of this model is verified by practice. We especially emphasize the significance of some components of the model, such as risk assessment, disaster recovery planning, system supervision and robust communication support.展开更多
The key exposure problem is a practical threat for many security applications. In wireless sensor networks (WSNs), keys could be compromised easily due to its limited hardware protections. A secure group key managemen...The key exposure problem is a practical threat for many security applications. In wireless sensor networks (WSNs), keys could be compromised easily due to its limited hardware protections. A secure group key management scheme is responsible for secure distributing group keys among valid nodes of the group. Based on the key-insulated encryption (KIE), we propose a group key management scheme (KIE-GKMS), which integrates the pair-wise key pre-distribution for WSN. The KIE-GKMS scheme updates group keys dynamically when adding or removing nodes. Moreover, the security analysis proves that the KIE-GKMS scheme not only obtains the semantic security, but also provides the forward and backward security. Finally, the theoretical analysis shows that the KIE-GKMS scheme has constant performance on both communication and storage costs in sensor nodes.展开更多
基金supported by National Natural Science Foundation of China(No.62172436)Additionally,it is supported by Natural Science Foundation of Shaanxi Province(No.2023-JC-YB-584)Engineering University of PAP’s Funding for Scientific Research Innovation Team and Key Researcher(No.KYGG202011).
文摘Cloud storage,a core component of cloud computing,plays a vital role in the storage and management of data.Electronic Health Records(EHRs),which document users’health information,are typically stored on cloud servers.However,users’sensitive data would then become unregulated.In the event of data loss,cloud storage providers might conceal the fact that data has been compromised to protect their reputation and mitigate losses.Ensuring the integrity of data stored in the cloud remains a pressing issue that urgently needs to be addressed.In this paper,we propose a data auditing scheme for cloud-based EHRs that incorporates recoverability and batch auditing,alongside a thorough security and performance evaluation.Our scheme builds upon the indistinguishability-based privacy-preserving auditing approach proposed by Zhou et al.We identify that this scheme is insecure and vulnerable to forgery attacks on data storage proofs.To address these vulnerabilities,we enhanced the auditing process using masking techniques and designed new algorithms to strengthen security.We also provide formal proof of the security of the signature algorithm and the auditing scheme.Furthermore,our results show that our scheme effectively protects user privacy and is resilient against malicious attacks.Experimental results indicate that our scheme is not only secure and efficient but also supports batch auditing of cloud data.Specifically,when auditing 10,000 users,batch auditing reduces computational overhead by 101 s compared to normal auditing.
基金supported in part by the National Natural Science Foundation of China under Grants 62102450,62272478 and the Independent Research Project of a Certain Unit under Grant ZZKY20243127。
文摘Traditional steganography conceals information by modifying cover data,but steganalysis tools easily detect such alterations.While deep learning-based steganography often involves high training costs and complex deployment.Diffusion model-based methods face security vulnerabilities,particularly due to potential information leakage during generation.We propose a fixed neural network image steganography framework based on secure diffu-sion models to address these challenges.Unlike conventional approaches,our method minimizes cover modifications through neural network optimization,achieving superior steganographic performance in human visual perception and computer vision analyses.The cover images are generated in an anime style using state-of-the-art diffusion models,ensuring the transmitted images appear more natural.This study introduces fixed neural network technology that allows senders to transmit only minimal critical information alongside stego-images.Recipients can accurately reconstruct secret images using this compact data,significantly reducing transmission overhead compared to conventional deep steganography.Furthermore,our framework innovatively integrates ElGamal,a cryptographic algorithm,to protect critical information during transmission,enhancing overall system security and ensuring end-to-end information protection.This dual optimization of payload reduction and cryptographic reinforcement establishes a new paradigm for secure and efficient image steganography.
基金Project supported by the Shanghai Minicipal Natural Science Foundation(Grant No09ZR1414900)the National High Technology Development 863 Program of China(Grant No2006AA01Z436,No2007AA01Z452,No2009AA01Z118)
文摘Wireless mesh network is a new emerging field with its potential applications in extremely unpredictable and dynamic environments.However,it is particularly vulnerable due to its features of open medium,dynamic changing topology, cooperative routing algorithms.The article surveys the state of the art in security for wireless mesh networks.Firstly,we analyze various possible threats to security in wireless mesh networks.Secondly,we introduce some representative solutions to these threats,including solutions to the problems of key management,secure network routing,and intrusion detection.We also provide a comparison and discussion of their respective merits and drawbacks,and propose some improvements for these drawbacks.Finally,we also discuss the remaining challenges in the area.
基金the National Basic Research Program(973)of China(No.2010CB731403)the Information Network Security Key Laboratory Open Project of the Ministry of Public Security of China(No.C09603)the Shanghai Key Scientific and Technological Project(No.11511504302)
文摘With increased cyber attacks over years,information system security assessment becomes more and more important.This paper provides an ontology-based attack model,and then utilizes it to assess the information system security from attack angle.We categorize attacks into a taxonomy suitable for security assessment.The proposed taxonomy consists of five dimensions,which include attack impact,attack vector,attack target,vulnerability and defense.Afterwards we build an ontology according to the taxonomy.In the ontology,attack related concepts included in the five dimensions and relationships between them are formalized and analyzed in detail.We also populate our attack ontology with information from national vulnerability database(NVD)about the vulnerabilities,such as common vulnerabilities and exposures(CVE),common weakness enumeration(CWE),common vulnerability scoring system(CVSS),and common platform enumeration(CPE).Finally we propose an ontology-based framework for security assessment of network and computer systems,and describe the utilization of ontology in the security assessment and the method for evaluating attack efect on the system when it is under attack.
基金Supported by the National High Technology Research and Development Program of China (863 Program)(2006AA01Z405)
文摘The CLC protocol (proposed by Tzung-Her Chen, Wei-Bin Lee and Hsing-Bai Chen, CLC, for short) is a new three-party password-authenticated key exchange (3PAKE) protocol. This CLC protocol provides a superior round efficiency (only three rounds), and its resources required for computation are relatively few. However, we find that the leakage of values VA and VB in the CLC protocol will make a man-in-the-middle attack feasible in practice, where VA and VB are the authentication information chosen by the server for the participants A and B. In this paper, we describe our attack on the CLC protocol and further present a modified 3PAKE protocol, which is essentially an improved CLC protocol. Our protocol can resist attacks available, including man-in-the-middle attack we mount on the initial CLC protocol. Meanwhile, we allow that the participants choose their own pass- words by themselves, thus avoiding the danger that the server is controlled in the initialization phase. Also, the computational cost of our protocol is lower than that of the CLC protocol.
基金the National High Technology Research and Development Program (863) of China(Nos. 2005AA145110 and 2006AA01Z436)the Natural Science Foundation of Shanghai of China(No. 05ZR14083)the Pudong New Area Technology Innovation Public Service Platform of China(No. PDPT2005-04)
文摘Modeling of network traffic is a fundamental building block of computer science. Measurements of network traffic demonstrate that self-similarity is one of the basic properties of the network traffic possess at large time-scale. This paper investigates the change of non-stationary self-similarity of network traffic over time,and proposes a method of combining the discrete wavelet transform (DWT) and Schwarz information criterion (SIC) to detect change points of self-similarity in network traffic. The traffic is segmented into pieces around changing points with homogenous characteristics for the Hurst parameter,named local Hurst parameter,and then each piece of network traffic is modeled using fractional Gaussian noise (FGN) model with the local Hurst parameter. The presented experimental performance on data set from the Internet Traffic Archive (ITA) demonstrates that the method is more accurate in describing the non-stationary self-similarity of network traffic.
基金the Nartional Basic Research Programof China(Grant No.2002CB312002)the Science and Technology Commission of Shanghai Munic-ipality Project(Grant No.03dz15027 and 03dz15028).
文摘To avoid the scalability of the existing systems that employed centralized indexing,index flooding or query flooding,we proposed an efficient peer-to-peer information retrieval system SPIRS (Semantic P2P-based Information Retrieval System) that supported state-of-the-art content and semantic searches. SPIRS distributes document indices through P2P network hierarchically by Latent Semantic Indexing (LSI) and organizes nodes into a hierarchical overlay through CAN and TRIE. Comparing with other P2P search techniques,those based on simple keyword matching,SPIRS has better accuracy for considering the advanced relevance among documents. Given a query,only a small number of nodes are needed for SPIRS to identify the matching documents. Furthermore,both theoretical analysis and experimental results show that SPIRS possesses higher accuracy and less logic hops.
基金This work was supported by Institute of Information&communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2020-0-00952,Development of 5G Edge Security Technology for Ensuring 5G+Service Stability and Availability,100%)。
文摘Network operators are attempting many innovations and changes in 5G using self-organizing networks(SON).The SON operates on the measurement reports(MR),which are obtained from user equipment(UE)and secured against malware and userspace programs.However,the synchronization signal block that the UE relies on to measure the wireless environment configured by a base station is not authenticated.As a result,the UE will likely gauge the wrong wireless environment configured by a false base station(FBS)and transmit the corresponding MR to the serving base station,which poisons the data used for 5G SONs.Therefore,the serving base stations must verify the authenticity of the MR.The 3GPP has advocated numerous solutions for this issue,including the use of public key certificates,identity-based keys,and group keys.Although the solution leveraging group keys have better efficiency and practicality than the other two,they are vulnerable to security threats caused by key leaks via insiders or malicious UE.In this paper,we analyze these security issues and propose an improved group key protocol that uses a new network function,called a broadcast message authentication network function(BMANF),which validates broadcasted messages on behalf of the UE.The protocol operates in two phases:initial and verification.During the initial phase,the 5G core network distributes a shared secret key to the BMANF and UE,allowing the latter to request an authentication ticket from the former.During the verification phase,the UE requests the BMANF to validate the broadcasted messages received from base stations using the ticket and its corresponding shared key.For evaluation,we formally verified the proposed protocol,which was then compared with alternative methods in terms of computing cost.As a result,the proposed protocol fulfills the security requirements and shows a lower overhead than the alternatives.
文摘This paper proposes a new approach to counter cyberattacks using the increasingly diverse malware in cyber security.Traditional signature detection methods that utilize static and dynamic features face limitations due to the continuous evolution and diversity of new malware.Recently,machine learning-based malware detection techniques,such as Convolutional Neural Networks(CNN)and Recurrent Neural Networks(RNN),have gained attention.While these methods demonstrate high performance by leveraging static and dynamic features,they are limited in detecting new malware or variants because they learn based on the characteristics of existing malware.To overcome these limitations,malware detection techniques employing One-Shot Learning and Few-Shot Learning have been introduced.Based on this,the Siamese Network,which can effectively learn from a small number of samples and perform predictions based on similarity rather than learning the characteristics of the input data,enables the detection of new malware or variants.We propose a dual Siamese network-based detection framework that utilizes byte images converted frommalware binary data to grayscale,and opcode frequency-based images generated after extracting opcodes and converting them into 2-gramfrequencies.The proposed framework integrates two independent Siamese network models,one learning from byte images and the other from opcode frequency-based images.The detection models trained on the different kinds of images generated separately apply the L1 distancemeasure to the output vectors themodels generate,calculate the similarity,and then apply different weights to each model.Our proposed framework achieved a malware detection accuracy of 95.9%and 99.83%in the experimentsusingdifferentmalware datasets.The experimental resultsdemonstrate that ourmalware detection model can effectively detect malware by utilizing two different types of features and employing the dual Siamese network-based model.
基金The authors are highly thankful to the National Social Science Foundation of China(20BXW101,18XXW015)Innovation Research Project for the Cultivation of High-Level Scientific and Technological Talents(Top-Notch Talents of theDiscipline)(ZZKY2022303)+3 种基金National Natural Science Foundation of China(Nos.62102451,62202496)Basic Frontier Innovation Project of Engineering University of People’s Armed Police(WJX202316)This work is also supported by National Natural Science Foundation of China(No.62172436)Engineering University of PAP’s Funding for Scientific Research Innovation Team,Engineering University of PAP’s Funding for Basic Scientific Research,and Engineering University of PAP’s Funding for Education and Teaching.Natural Science Foundation of Shaanxi Province(No.2023-JCYB-584).
文摘With the rapid spread of Internet information and the spread of fake news,the detection of fake news becomes more and more important.Traditional detection methods often rely on a single emotional or semantic feature to identify fake news,but these methods have limitations when dealing with news in specific domains.In order to solve the problem of weak feature correlation between data from different domains,a model for detecting fake news by integrating domain-specific emotional and semantic features is proposed.This method makes full use of the attention mechanism,grasps the correlation between different features,and effectively improves the effect of feature fusion.The algorithm first extracts the semantic features of news text through the Bi-LSTM(Bidirectional Long Short-Term Memory)layer to capture the contextual relevance of news text.Senta-BiLSTM is then used to extract emotional features and predict the probability of positive and negative emotions in the text.It then uses domain features as an enhancement feature and attention mechanism to fully capture more fine-grained emotional features associated with that domain.Finally,the fusion features are taken as the input of the fake news detection classifier,combined with the multi-task representation of information,and the MLP and Softmax functions are used for classification.The experimental results show that on the Chinese dataset Weibo21,the F1 value of this model is 0.958,4.9% higher than that of the sub-optimal model;on the English dataset FakeNewsNet,the F1 value of the detection result of this model is 0.845,1.8% higher than that of the sub-optimal model,which is advanced and feasible.
基金the National Natural Science Foundation of China(Nos.62272478,61872384,62172436,62102451)Natural Science Foundation of Shanxi Province(No.2023-JC-YB-584)Engineering University of PAP’s Funding for Key Researcher(No.KYGG202011).
文摘Traditional information hiding techniques achieve information hiding by modifying carrier data,which can easily leave detectable traces that may be detected by steganalysis tools.Especially in image transmission,both geometric and non-geometric attacks can cause subtle changes in the pixels of the image during transmission.To overcome these challenges,we propose a constructive robust image steganography technique based on style transformation.Unlike traditional steganography,our algorithm does not involve any direct modifications to the carrier data.In this study,we constructed a mapping dictionary by setting the correspondence between binary codes and image categories and then used the mapping dictionary to map secret information to secret images.Through image semantic segmentation and style transfer techniques,we combined the style of secret images with the content of public images to generate stego images.This type of stego image can resist interference during public channel transmission,ensuring the secure transmission of information.At the receiving end,we input the stego image into a trained secret image reconstruction network,which can effectively reconstruct the original secret image and further recover the secret information through a mapping dictionary to ensure the security,accuracy,and efficient decoding of the information.The experimental results show that this constructive information hiding method based on style transfer improves the security of information hiding,enhances the robustness of the algorithm to various attacks,and ensures information security.
基金the National High Technology Development "863" Program of China (2006AA01Z436, 2007AA01Z452)the National Natural Science Foundation of China(60702042).
文摘Mobile ad hoc networking (MANET) has become an exciting and important technology in recent years, because of the rapid proliferation of wireless devices. Mobile ad hoc networks is highly vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, and lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective for those features. A distributed intrusion detection approach based on timed automata is given. A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then the timed automata is constructed by the way of manually abstracting the correct behaviours of the node according to the routing protocol of dynamic source routing (DSR). The monitor nodes can verify the behaviour of every nodes by timed automata, and validly detect real-time attacks without signatures of intrusion or trained data. Compared with the architecture where each node is its own IDS agent, the approach is much more efficient while maintaining the same level of effectiveness. Finally, the intrusion detection method is evaluated through simulation experiments.
基金This project was supported by the National Natural Science Foundation of China (60672068)the National High Technology Development 863 Program of China (2006AA01Z436, 2007AA01Z452.)
文摘The nature of adhoc networks makes them vulnerable to security attacks. Many security technologies such as intrusion prevention and intrusion detection are passive in response to intrusions in that their countermea- sures are only to protect the networks, and there is no automated network-wide counteraction against detected intrusions, the architecture of cooperation intrusion response based multi-agent is propose. The architecture is composed of mobile agents. Monitor agent resides on every node and monitors its neighbor nodes. Decision agent collects information from monitor nodes and detects an intrusion by security policies. When an intruder is found in the architecture, the block agents will get to the neighbor nodes of the intruder and form the mobile firewall to isolate the intruder. In the end, we evaluate it by simulation.
基金supported by National Natural Science Foundation of China under Grant No. 60703032,and Science and Technology Development Center of the Ministry of Education,China
文摘Online reviews and comments are important information resources for people.A new model,called Sentiment Vector Space Model(SVSM),for feature selection and weighting is proposed to predict the sentiment orientation of comments and reviews,e.g.,sorting out positive reviews from negative ones.Different from that of topic-oriented classification,feature selection of sentiment orientation prediction focuses on language characteristics.Different from traditional algorithms for sentiment classification,this model integrates grammatical knowledge and takes topic correlations into account.Features are extracted,and the similarity between these features and the topic are also computed.The feature similarity is taken as a factor when evaluating the polarity of opinions.The experimental results show that the proposed model is more effective in identifying sentiment orientation than most of the traditional techniques.
文摘Dear Editor, We developed a GPU-based analytical method, named as SHEsisEpi, which purely focuses on risk epistasis in a genome-wide association study (GWAS) of complex traits, excluding the contamination of marginal effects caused by single-locus association. We analyzed the Wellcome Trust Case Control Consortium's (WTCCC) GWAS data of bipolar disorder (BPD) with 500K SNPs.
基金This project was supported by the National"863"High Technology Development Programof China (2003AA148010) Key Technologies R&D Programof China (2002DA103A03 -07)
文摘Mobile ad hoc networks are particularly vulnerable to denial of service (DOS) attacks launched through compromised nodes or intruders. In this paper, we present a new DOS attack and its defense in ad hoc networks. The new DOS attack, called AA hoc Flooding Attack(AHFA), is that intruder broadcasts mass Route Request packets to exhaust the communication bandwidth and node resource so that the valid communication can not be kept. After analyzed AM hoc Flooding Attack, we develop Flooding Attack Prevention (FAP), a genetic defense against the AM hoc Flooding Attack. When the intruder broadcasts exceeding packets of Route Request, the immediate neighbors of the intruder record the rate of Route Request. Once the threshold is exceeded, nodes deny any future request packets from the intruder. The results of our implementation show FAP can prevent the AM hoe Flooding attack efficiently.
基金Acknowledgements Project supported by the National Natural Science Foundation of China (Grant No.60932003), the National High Technology Development 863 Program of China (Grant No.2007AA01Z452, No. 2009AA01 Z118 ), Project supported by Shanghai Municipal Natural Science Foundation (Grant No.09ZRI414900), National Undergraduate Innovative Test Program (091024812).
文摘Wireless Mesh Networks is vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, Lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer suffi- cient and effective for those features. In this paper, we propose a distributed intrusion detection ap- proach based on timed automata. A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then we con- struct the Finite State Machine (FSM) by the way of manually abstracting the correct behaviors of the node according to the routing protocol of Dynamic Source Routing (DSR). The monitor nodes can verify every node's behavior by the Finite State Ma- chine (FSM), and validly detect real-time attacks without signatures of intrusion or trained data.Compared with the architecture where each node is its own IDS agent, our approach is much more efficient while maintaining the same level of effectiveness. Finally, we evaluate the intrusion detection method through simulation experiments.
基金supported by National Natural Science Foundation of China under Grant No.60932003National High Technical Research and Development Program of China(863 program) Grant No.2007AA01Z452,No.2009AA01Z118+1 种基金Shanghai Municipal Natural Science Foundation under Grant No.09ZR1414900National Undergraduate Innovative Test Program under Grant No.091024812
文摘This paper focuses on investigating immunological principles in designing a multi-agent security architecture for intrusion detection and response in wireless mesh networks.In this approach,the immunity-based agents monitor the situation in the network.These agents can take appropriate actions according to the underlying security policies.Specifically,their activities are coordinated in a hierarchical fashion while sensing,communicating,determining and generating responses.Such an agent can learn about and adapt to its environment dynamically and can detect both known and unknown intrusions.The proposed intrusion detection architecture is designed to be flexible,extendible,and adaptable so that it can perform real-time monitoring.This paper provides the conceptual view and a general framework of the proposed system.In the end,the architecture is illustrated by an example and by simulation to show it can prevent attacks efficiently.
基金Supported by the 10th Five Year High-Tech Researchand Development Plan of China (2002AA1Z67101)
文摘Highly security-critical system should possess features of continuous service. We present a new Robust Disaster Recovery System Model (RDRSM). Through strengthening the ability of safe communications, RDRSM guarantees the secure and reliable command on disaster recovery. Its self-supervision capability can monitor the integrality and security of disaster recovery system itself. By 2D and 3D rea-time visible platform provided by GIS, GPS and RS, the model makes the using, management and maintenance of disaster recovery system easier. RDRSM possesses predominant features of security, robustness and controllability. And it can be applied to highly security-critical environments such as E-government and bank. Conducted by RDRSM, an important E-government disaster recovery system has been constructed successfully. The feasibility of this model is verified by practice. We especially emphasize the significance of some components of the model, such as risk assessment, disaster recovery planning, system supervision and robust communication support.
基金Project(61100201) supported by National Natural Science Foundation of ChinaProject(12ZZ019) supported by Technology Innovation Research Program,Shang Municipal Education Commission,China+1 种基金Project(LYM11053) supported by the Foundation for Distinguished Young Talents in Higher Education of Guangdong Province,ChinaProject(NCET-12-0358) supported by New Century Excellent Talentsin University,Ministry of Education,China
文摘The key exposure problem is a practical threat for many security applications. In wireless sensor networks (WSNs), keys could be compromised easily due to its limited hardware protections. A secure group key management scheme is responsible for secure distributing group keys among valid nodes of the group. Based on the key-insulated encryption (KIE), we propose a group key management scheme (KIE-GKMS), which integrates the pair-wise key pre-distribution for WSN. The KIE-GKMS scheme updates group keys dynamically when adding or removing nodes. Moreover, the security analysis proves that the KIE-GKMS scheme not only obtains the semantic security, but also provides the forward and backward security. Finally, the theoretical analysis shows that the KIE-GKMS scheme has constant performance on both communication and storage costs in sensor nodes.
