检索结果-内蒙古大学图书馆

A consistency-guaranteed approach for Internet of Things software refactoring

INTERNATIONAL JOURNAL OF DISTRIBUTED SENSOR NETWORKS 2020年第1期16卷

作者： Zhang, Yang Sun, Shixin Zhang, Dongwen Qiu, Jing Tian, Zhihong Hebei Univ Sci & Technol Sch Informat Sci & Engn Shijiazhuang Hebei Peoples R China Guangzhou Univ Cyberspace Inst Adv Technol Guangzhou 510006 Guangdong Peoples R China

The software architecture of Internet of Things defines the component model and interconnection topology of Internet of Things systems. Refactoring is a systematic practice of improving a software structure without altering its external behaviors. When the Internet of Things software is refactored, it is necessary to detect the correctness of Internet of Things software to ensure its security. To this end, this article proposes a novel refactoring correction detection approach to ensure software security. control flow analysis and data flow analysis are used to detect code changes before and after refactoring, and synchronization dependency analysis is used to detect changes in synchronization dependency. Three detection algorithms are designed to detect refactoring correctness. Four real-world benchmark applications are used to evaluate our approach. The experimental results show that our proposed approach can ensure correctness of Internet of Things software refactoring.

关键词： IoT software consistency detection control flow analysis data flow analysis synchronization dependency analysis

来源：评论

学校读者我要写书评

暂无评论

Execution anomaly detection in large-scale systems through console log analysis

引用

JOURNAL OF SYSTEMS AND SOFTWARE 2018年 143卷 172-186页

作者： Bao, Liang Li, Qian Lu, Peiyao Lu, Jie Ruan, Tongxiao Zhang, Ke XiDian Univ Sch Software Xian 710071 Shaanxi Peoples R China Xi An Jiao Tong Univ Sch Econ & Finance Xian 710061 Shaanxi Peoples R China

Execution anomaly detection is important for development, maintenance and performance tuning in large-scale systems. System console logs are the significant source of troubleshooting and problem diagnosis. However, manually inspecting logs to detect anomalies is unfeasible due to the increasing volume and complexity of log files. Therefore, this is a substantial demand for automatic anomaly detection based on log analysis. In this paper, we propose a general method to mine console logs to detect system problems. We first give some formal definitions of the problem, and then extract the set of log statements in the source code and generate the reachability graph to reveal the reachable relations of log statements. After that, we parse the log files to create log messages by combining information about log statements with information retrieval techniques. These messages are grouped into execution traces according to their execution units. We propose a novel anomaly detection algorithm that considers traces as sequence data and uses a probabilistic suffix tree based method to organize and differentiate significant statistical properties possessed by the sequences. Experiments on a CloudStack testbed and a Hadoop production system show that our method can effectively detect running anomalies in comparison with existing four detection algorithms.

关键词： Log analysis Execution anomaly detection control flow analysis Trace anomaly index

来源：评论

学校读者我要写书评

暂无评论

DroidNative: Automating and optimizing detection of Android native code malware variants

引用

COMPUTERS & SECURITY 2017年 65卷 230-246页

作者： Alam, Shahid Qu, Zhengyang Riley, Ryan Chen, Yan Rastogi, Vaibhav Gebze Tech Univ Dept Comp Engn Gebze Turkey Northwestern Univ Dept Elect Engn & Comp Sci Evanston IL USA Qatar Univ Dept Comp Sci & Engn Doha Qatar Univ Wisconsin Madison Dept Comp Sci Madison WI USA

According to the Symantec and F-Secure threat reports, mobile malware development in 2013 and 2014 has continued to focus almost exclusively (similar to 99%) on the Android platform. Malware writers are applying stealthy mutations (obfuscations) to create malware variants, thwarting detection by signature-based detectors. In addition, the plethora of more sophisticated detectors making use of static analysis techniques to detect such variants operate only at the bytecode level, meaning that malware embedded in native code goes undetected. A recent study shows that 86% of the most popular Android applications contain native code, making native code malware a plausible threat vector. This paper proposes DroidNative, an Android malware detector that uses specific control flow patterns to reduce the effect of obfuscations and provides automation. As far as we know, DroidNative is the first system that builds cross-platform (x86 and ARM) semantic-based signatures at the Android native code level, allowing the system to detect malware embedded in either bytecode or native code. When tested with a dataset of 5490 samples, DroidNative achieves a detection rate (DR) of 93.57% and a false positive rate of 2.7%. When tested with traditional malware variants, it achieves a DR of 99.48%, compared to the DRs of academic and commercial tools that range from 8.33% to 93.22%. (C) 2016 Elsevier Ltd. All rights reserved.

关键词： Android native code Maiware analysis Maiware variant detection control flow analysis Data mining

来源：评论

学校读者我要写书评

暂无评论

Checking global usage of resources handled with local policies

引用

SCIENCE OF COMPUTER PROGRAMMING 2017年第Part1期133卷 20-50页

作者： Bodei, Chiara Viet Dung Dinh Ferrari, Gian-Luigi Univ Pisa Dipartimento Informat Pisa Italy

We present a methodology to reason about resource usage (acquisition, release, revision, and so on) and, in particular, to predict bad usage of resources. Keeping in mind the interplay between local and global information that occur in application-resource interactions, we model resources as entities with local policies and we study global properties that govern overall interactions. Formally, our model is an extension of pi-calculus with primitives to manage resources. To predict possible bad usage of resources, we develop a control flow analysis that computes a static over-approximation of process behaviour. (C) 2016 Elsevier B.V. All rights reserved.

关键词： Network resources Process calculi Publish-subscribe systems Formal methods control flow analysis

来源：评论

学校读者我要写书评

暂无评论

Privilege Escalation Detecting in Android Applications 3

Privilege Escalation Detecting in Android Applications

引用

3rd International Conference on Big Data Computing and Communications (BIGCOM)

作者： Zhong, Xingqiu Zeng, Fanping Cheng, Zhichao Xie, Niannian Qin, Xiaoxia Guo, Shuli Univ Sci & Technol China Sch Comp Sci & Technol Hefei Anhui Peoples R China Anhui Prov Key Lab Software Comp & Commun Hefei Anhui Peoples R China

ISBN: (纸本)9781538633496

As the most popular mobile operating system, there are large amount of applications developed for Android. Considering security issues, developers are forced to declare relative permissions in manifest file when they need to use sensitive APIs. With the ability of inter-component communication (ICC) provided by Android, malicious applications can indirectly call sensitive APIs through components exposed by other applications, leading to privilege escalation. To address this problem, we propose a method to detect this kind of privilege escalation between two applications. First, we compare the permission sets of both applications. Then, if necessary we identify call links between two applications and perform inter-application control flow analysis. Finally, according to the result of control flow analysis, we can judge whether the privilege escalation exists. As the experiment result shows, our method can accurately detect privilege escalation between two applications.

关键词： Android Applications Privilege Escalation control flow analysis

来源：评论

学校读者我要写书评

暂无评论

Context-aware security: Linguistic mechanisms and static analysis

引用

JOURNAL OF COMPUTER SECURITY 2016年第4期24卷 427-477页

作者： Bodei, Chiara Degano, Pierpaolo Galletta, Letterio Salvatori, Francesco Univ Pisa Dipartimento Informat Pisa Italy

Adaptive systems improve their efficiency by modifying their behaviour to respond to changes in their operational environment. Also, security must adapt to these changes and policy enforcement becomes dependent on the dynamic contexts. We study these issues within MLCoDa, (the core of) an adaptive declarative language proposed recently. A main characteristic of MLCoDa is to have two components: a logical one for handling the context and a functional one for computing. We extend this language with security policies that are expressed in logical terms. They are of two different kinds: context and application policies. The first, unknown a priori to an application, protect the context from unwanted changes. The others protect the applications from malicious actions of the context, can be nested and can be activated and deactivated according to their scope. An execution step can only occur if all the policies in force hold, under the control of an execution monitor. Beneficial to this is a type and effect system, which safely approximates the behaviour of an application, and a further static analysis, based on the computed effect. The last analysis can only be carried on at load time, when the execution context is known, and it enables us to efficiently enforce the security policies on the code execution, by instrumenting applications. The monitor is thus implemented within MLCoDa, and it is only activated on those policies that may be infringed, and switched off otherwise.

关键词： Security policy context-awareness static analysis type and effect system control flow analysis code instrumentation

来源：评论

学校读者我要写书评

暂无评论

A framework for metamorphic malware analysis and real-time detection

引用

COMPUTERS & SECURITY 2015年 48卷 212-233页

作者： Alam, Shahid Horspool, R. Nigel Traore, Issa Sogukpinar, Ibrahim Univ Victoria Dept Comp Sci Victoria BC V8P5C2 Canada Univ Victoria Dept Elect & Comp Engn Victoria BC V8P5C2 Canada Gebze Inst Technol Dept Comp Engn TR-41400 Gebze Kocaeli Turkey

Metamorphism is a technique that mutates the binary code using different obfuscations. It is difficult to write a new metamorphic malware and in general malware writers reuse old malware. To hide detection the malware writers change the obfuscations (syntax) more than the behavior (semantic) of such a new malware. On this assumption and motivation, this paper presents a new framework named MARD for Metamorphic Malware analysis and Real-Time Detection. As part of the new framework, to build a behavioral signature and detect metamorphic malware in real-time, we propose two novel techniques, named ACFG (Annotated control flow Graph) and SWOD-CFWeight (Sliding Window of Difference and control flow Weight). Unlike other techniques, ACFG provides a faster matching of CFGs, without compromising detection accuracy;it can handle malware with smaller CFGs, and contains more information and hence provides more accuracy than a CFG. SWOD-CFWeight mitigates and addresses key issues in current techniques, related to the change of the frequencies of opcodes, such as the use of different compilers, compiler optimizations, operating systems and obfuscations. The size of SWOD can change, which gives. anti-malware tool developers the ability to select appropriate parameter values to further optimize malware detection. CFWeight captures the control flow semantics of a program to an extent that helps detect metamorphic malware in real-time. Experimental evaluation of the two proposed techniques, using an existing dataset, achieved detection rates in the range 94%-99.6%. Compared to ACFG, SWOD-CFWeight significantly improves the detection time, and is suitable to be used where the time for malware detection is more important as in real-time (practical) anti-malware applications. (C) 2014 Elsevier Ltd. All rights reserved.

关键词： End point security Malware analysis Malware detection Metamorphic malware Window of difference control flow analysis Heuristics Data mining

来源：评论

学校读者我要写书评

暂无评论

control flow analysis for Brane Calculi

引用

ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE 2009年第C期227卷 59-75页

作者： Bodei, Chiara Bracciali, Andrea Chiarugi, Davide Univ Pisa Dipartimento Informat I-56127 Pisa Italy Univ Siena Dipartimento Sci Matemat Informat I-53100 Siena Italy

We introduce a control flow analysis for Brane Calculi. This verification technique allows properties regarding the behaviour of biological systems to be checked. This is an approximate technique that focusses on the static specification of a system, rather than on its dynamics, striving for effectiveness. Examples illustrate the approach.

关键词： Brane calculi control flow analysis systems biology

来源：评论

学校读者我要写书评

暂无评论

A control flow analysis for Beta-binders with and without static compartments

引用

THEORETICAL COMPUTER SCIENCE 2009年第33-34期410卷 3110-3127页

作者： Bodei, Chiara Univ Pisa Dipartimento Informat I-56127 Pisa Italy

We introduce a control flow analysis, that statically approximates the dynamic behaviour of processes, expressed in the Beta-binders calculus and in an extended version of the calculus modelling static compartments. Our analysis of a system is able to describe the essential behaviour of each box, tracking all the possible bindings of variables, all the possible intra- and inter-boxes communications, and, finally, all the possible movements across compartments. The analysis offers a basis for establishing static checks of biological dynamic properties. We apply our analysis to an abstract specification of the interaction between a virus and cells of the immune system and to a model of the cAMP-signaling Pathway in Olfactory Sensory Neurons. (C) 2008 Elsevier B.V. All rights reserved.

关键词： control flow analysis Beta-binders Biological compartments

来源：评论

学校读者我要写书评

暂无评论

SymWalker: Symbolic Execution in Routines of Binary Code 10

SymWalker: Symbolic Execution in Routines of Binary Code

引用

10th International Conference on Computational Intelligence and Security CIS 2014

作者： Ma, Jinxin Dong, Guowei Zhang, Puhan Guo, Tao China Informat Technol Secur Evaluat Ctr Beijing Peoples R China

ISBN: (纸本)9781479974344

Detecting vulnerabilities in binary codes is one of the most difficult problems due to the lack of type information and symbols. We propose a novel tool to perform symbolic execution inside the routines of binary codes, providing easy static analysis for vulnerability detection. Compared with existing systems, our tool has four properties: first, it could work on binary codes without source codes;second, it employs the VEX language for program analysis, thus having no side effects;third, it could deliver high coverage by statically executing on control flow graphs of disassembly codes;fourth, two security property rules are summarized to detect the corresponding vulnerabilities, based on which a convenient interface is provided for developers to detecting vulnerabilities, such as buffer overflow, improper memory access, and etc. Experimental results on real software binary files show that our tool could efficiently detect different types of vulnerabilities.

关键词： symbolic execution control flow analysis security property vulnerabilities

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：