检索结果-内蒙古大学图书馆

Automatic feature construction for network intrusion detection 11th

学校读者我要写书评

暂无评论

Automatic feature construction for network intrusion detecti...

11th International Conference on Simulated Evolution and Learning, SEAL 2017

作者： Tran, Binh Picek, Stjepan Xue, Bing School of Engineering and Computer Science Victoria University of Wellington 600 Wellington6140 New Zealand Cyber Security Research Group Delft University of Technology Mekelweg 2 Delft Netherlands

ISBN: (纸本)9783319687582

The notion of cyberspace became impossible to separate from the notions of cyber threat and cyberattack. Since cyberattacks are getting easier to run, they are also becoming more serious threats from the economic damage perspective. Consequently, we are evident of a continuous adversarial relationship between the attackers trying to mount as powerful as possible attacks and defenders trying to stop the attackers in their goals. To defend against such attacks, defenders have at their disposal a plethora of techniques but they are often falling behind the attackers due to the fact that they need to protect the whole system while the attacker needs to find only a single weakness to exploit. In this paper, we consider one type of a cyberattack – network intrusion – and investigate how to use feature construction via genetic programming in order to improve the intrusion detection accuracy. The obtained results show that feature construction offers improvements in a number of tested scenarios and therefore should be considered as an important step in defense efforts. Such improvements are especially apparent in scenario with the highly unbalanced data, which also represents the most interesting case from the defensive perspective. © Springer International Publishing AG 2017.

关键词： Genetic programming

Modeling Multi-turn conversation with deep utterance aggregation

学校读者我要写书评

暂无评论

arXiv 2018年

作者： Zhang, Zhuosheng Li, Jiangtong Zhu, Pengfei Zhao, Hai Liu, Gongshen Department of Computer Science and Engineering Shanghai Jiao Tong University Key Lab. of Shanghai Education Commission for Intelligent Interaction and Cognitive Engineering Shanghai Jiao Tong University Shanghai200240 College of Zhiyuan Shanghai Jiao Tong University School of Cyber Security Shanghai Jiao Tong University School of Computer Science and Software Engineering East China Normal University

Multi-turn conversation understanding is a major challenge for building intelligent dialogue systems. This work focuses on retrieval-based response matching for multi-turn conversation whose related work simply concatenates the conversation utterances, ignoring the interactions among previous utterances for context modeling. In this paper, we formulate previous utterances into context using a proposed deep utterance aggregation model to form a fine-grained context representation. In detail, a self-matching attention is first introduced to route the vital information in each utterance. Then the model matches a response with each refined utterance and the final matching score is obtained after attentive turns aggregation. Experimental results show our model outperforms the state-of-the-art methods on three multi-turn conversation benchmarks, including a newly introduced e-commerce dialogue corpus. Copyright © 2018, The Authors. All rights reserved.

关键词： Speech processing

Privacy-preserving and efficient aggregation based on blockchain for power grid communications in smart communities

学校读者我要写书评

暂无评论

arXiv 2018年

作者： Guan, Zhitao Si, Guanlin Zhang, Xiaosong Wu, Longfei Guizani, Nadra Du, Xiaojiang Ma, Yinglong School of Control and Computer Engineering North China Electric Power University Beijing102206 China Center for Cyber Security University of Electronic Science and Technology of China Chengdu China Department of mathematics and Computer Science Fayetteville State University FayettevilleNC United States School of Electrical and Computer Engineering Purdue University West LafayetteIN United States Department of Computer and Information Sciences Temple University PhiladelphiaPA United States

Intelligence is one of the most important aspects in the development of our future communities. Ranging from smart home, smart building, to smart city, all these smart infrastructures must be supported by intelligent power supply. Smart grid is proposed to solve all challenges of future electricity supply. In smart grid, in order to realize optimal scheduling, a Smart Meter (SM) is installed at each home to collect the near real-time electricity consumption data, which can be used by the utilities to offer better smart home services. However, the near real-time data may disclose user's privacy. An adversary may track the application usage patterns by analyzing the user's electricity consumption profile. In this paper, we propose a privacy-preserving and efficient data aggregation scheme. We divide users into different groups and each group has a private blockchain to record its members' data. To preserve the inner privacy within a group, we use pseudonym to hide user's identity, and each user may create multiple pseudonyms and associate his/her data with different pseudonyms. In addition, the bloom filter is adopted for fast authentication. The analysis shows that the proposed scheme can meet the security requirements, and achieve a better performance than other popular methods. Copyright © 2018, The Authors. All rights reserved.

关键词： Data structures

URefFlow: A Unified Android Malware Detection Model Based on Reflective Calls

学校读者我要写书评

暂无评论

URefFlow: A Unified Android Malware Detection Model Based on...

IEEE International Performance Computing and Communications Conference

作者： Chao Liu Jianan Li Min Yu Gang Li Bo Luo Kai Chen Jianguo Jiang Weiqing Huang Institute of Information Engineering Chinese Academy of Sciences Beijing China School of Cyber Security University of Chinese Academy of Sciences Beijing China School of Information Technology Deakin University VIC Australia Department of Electrical Engineering and Computer Science University of Kansas Lawrence Kansas City USA

ISBN: (纸本)9781538668092;9781538668085

In Android malware detection, sensitive data-flows provide more accurate information on the application's behavior than regular features such as signatures and permissions. Currently, Android static taint analysis is widely adopted to identify sensitive data-flows because of its high code coverage and low false negative rate. However, existing static taint analysis tools cannot effectively analyze applications that adopt Android reflection mechanism. Reflection mechanism can block the control-flows and data-flows of the application. When constructing a call graph, the call information will point directly to the system's reflection processing method, rather than the actual method invoked by the application. This significantly affects the accurate representation of the application's behavior. To address this issue, this paper proposes a unified Android malware detection model based on reflective calls named URefFlow, in which the reflective call statement is replaced by the non-reflective call statement to make the reflective calls explicit by combining the parameters of the reflective calls into standard function calls. After extracting the complete sensitive data-flows with reflective calls from an application, we analyze the characteristics of these data-flows to determine whether the application is malicious. Evaluation results on thousands of applications show that URefFlow can achieve an impressive detection accuracy of 95.6% with a false positive rate of 0.8%. In addition, the proposed approach complements well with existing static stain analysis techniques.

关键词： Data-flow Reflection Standardization Android malware detection

Cryptanalysis of two strongly unforgeable identity-based signatures in the standard model

学校读者我要写书评

暂无评论

International Journal of Network security 2018年第6期20卷 1194-1199页

作者： Yang, Wenjie Chen, Min-Rong Zeng, Guo-Qiang College of Cyber Security College of Information Science and Technology Jinan University China School of Computer South China Normal University Guangzhou510631 China National-Local Joint Engineering Laboratory of Digitalize Electrical Design Technology Wenzhou University China

The strong unforgeability of digital signature means that no attacker can forge a valid signature on a message, even given some previous signatures on the message, which has been widely accepted as a common security requirement. Recently, Tsai et al. and Hung et al. presented an efficient identity-based signature scheme and a revocable identity- based signature scheme, respectively. Meanwhile, they all claimed that their scheme is strongly unforgeable against chosen message attacks. In this paper, we point out that the two schemes cannot meet the requirements of strong unforgeability by giving some concrete attacks and brie y analyze the reasons why the provably-secure schemes are insecure following their security model. © 2018 International Journal of Network security.

关键词： Authentication

Privacy-preserving mobile crowdsensing for located-based applications

学校读者我要写书评

暂无评论

Privacy-preserving mobile crowdsensing for located-based app...

2017 IEEE International Conference on Communications, ICC 2017

作者： Ni, Jianbing Zhang, Kuan Lin, Xiaodong Xia, Qi Shen, Xuemin Sherman Department of Electrical and Computer Engineering University of Waterloo Canada Faculty of Business and Information Technology University of Ontario Institute of Technology Canada Center of Cyber Security University of Electronic Science and Technology of China China

ISBN: (纸本)9781467389990

Mobile crowdsensing is a new paradigm which explores the mobility and intelligence of mobile users to collect high-quality data from social events and phenomena for conducting complex sensing tasks. Nevertheless, privacy preservation and task allocation become main obstacles that need additional attention. To achieve accurate task allocation, it is inevitable to share some sensitive information of mobile users and customers, such as identities, location and points of interest. In this paper, we propose a privacy-preserving mobile crowdsensing framework (PPMC) for location-based applications to balance the tradeoff between privacy preservation and task allocation. In PPMC, we develop a matrix-based location matching mechanism for the service provider to achieve location-based task allocation without disclosing the location of mobile users and the sensing area of tasks. We also extend BBS+ signature and proxy reencryption to preserve identity privacy and data privacy for both customers and mobile users under the condition that they are honest to release and perform tasks, respectively. Finally, we discuss security properties and demonstrate the efficiency of PPMC in terms of computational and communication overhead. © 2017 IEEE.

关键词： Mobile communication Sensors Privacy Resource management security Mobile handsets Information systems

Political corporate governance of ICT: Essential for national service delivery and security 16

学校读者我要写书评

暂无评论

Political corporate governance of ICT: Essential for nationa...

16th European Conference on cyber Warfare and security, ECCWS 2017

作者： Van Der Walt, Tersia Von Solms, Sebastiaan Centre for Cyber Security Academy for Computer Science and Software Engineering University of Johannesburg South Africa Government Chief Information Office Department of Public Service and Administration South African Government South Africa

ISBN: (纸本)9781911218432

In any developing country, delivering of proper services to the people of the country, on a national level by the incumbent Government, is crucial to the social and economic development and stability and security of the country. A sound ICT system is essential to achieve this. This PhD project investigated the Political Corporate Governance of ICT (PCGICT) in South Africa (SA) and identified how the lack of such political governance and accountability for ICT is core to the problems with service delivery, fraud and corruption in SA. The identified weaknesses of the present system of PCGICT and the relation with bad service delivery was informed by several strategic reports and audits, amongst others by the Auditor-General of SA (AGSA). Using international best practices for ICT, some strategic planning documents created by the Government itself and the identified weaknesses as drivers, a new model and structure for PCGICT in SA was created. It was shown how the new structure, which consolidated many dysfunctional and disjoint existing ICT governance mechanisms into a sound structure with clear accountabilities, addressed most, if not all of the problems identified by the AGSA. The proposed model is also much more in line with the outcomes of Government plans over many years, which were never implemented. The proposed model clearly highlights the importance for Political Corporate Governance of ICT in a developing country to really leverage the benefits of ICT for the country as a *** core component of the proposed model, which was escalated right up to the highest level of Government, is the accountability from the highest level of the political structures for Information and cyber security (ICSec). In the proposed model, accountability for ICSec was consolidated and escalated right to the top of the Government structure. This ensures that national security of the country will surely be improved and will therefore realise strategic benefits for SA.

关键词： Developing countries

CommanderSong: A systematic approach for practical adversarial voice recognition

学校读者我要写书评

暂无评论

arXiv 2018年

作者： Yuan, Xuejing Chen, Yuxuan Zhao, Yue Long, Yunhui Liu, Xiaokang Chen, Kai Zhang, Shengzhi Huang, Heqing Wang, XiaoFeng Gunter, Carl A. SKLOIS Institute of Information Engineering Chinese Academy of Sciences China School of Cyber Security University of Chinese Academy of Sciences China Department of Computer Science Florida Institute of Technology United States Department of Computer Science University of Illinois at Urbana-Champaign United States Department of Computer Science Metropolitan College Boston University United States School of Informatics and Computing Indiana University Bloomington United States

The popularity of automatic speech recognition (ASR) systems, like Google Assistant, Cortana, brings in security concerns, as demonstrated by recent attacks. The impacts of such threats, however, are less clear, since they are either less stealthy (producing noise-like voice commands) or requiring the physical presence of an attack device (using ultrasound speakers or transducers). In this paper, we demonstrate that not only are more practical and surreptitious attacks feasible but they can even be automatically constructed. Specifically, we find that the voice commands can be stealthily embedded into songs, which, when played, can effectively control the target system through ASR without being noticed. For this purpose, we developed novel techniques that address a key technical challenge: integrating the commands into a song in a way that can be effectively recognized by ASR through the air, in the presence of background noise, while not being detected by a human listener. Our research shows that this can be done automatically against real world ASR applications1. We also demonstrate that such CommanderSongs can be spread through Internet (e.g., YouTube) and radio, potentially affecting millions of ASR users. Finally we present mitigation techniques that defend existing ASR systems against such threat. Copyright © 2018, The Authors. All rights reserved.

关键词： Speech recognition

CloudMe forensics: A case of big-data investigation

学校读者我要写书评

暂无评论

arXiv 2018年

作者： Teing, Yee-Yang Dehghantanha, Ali Choo, Kim-Kwang Raymond Department of Computer Science Faculty of Computer Science and Technology Universiti Putra Malaysia Serdang Selangor43400 Malaysia School of Computing Science and Engineering University of Salford Salford Greater ManchesterM5 4WT United Kingdom Department of Information Systems and Cyber Security University of Texas at San Antonio San AntonioTX78249-0631 United States

—The issue of increasing volume, variety and velocity of has been an area of concern in cloud forensics. The high volume of data will, at some point, become computationally exhaustive to be fully extracted and analysed in a timely manner. To cut down the size of investigation, it is important for a digital forensic practitioner to possess a well-rounded knowledge about the most relevant data artefacts from the cloud product investigating. In this paper, we seek to tackle on the residual artefacts from the use of CloudMe cloud storage service. We demonstrate the types and locations of the artefacts relating to the installation, uninstallation, log-in, log-off, and file synchronisation activities from the computer desktop and mobile clients. Findings from this research will pave the way towards the development of data mining methods for cloud-enabled big data endpoint forensics investigation. Copyright © 2018, The Authors. All rights reserved.

关键词： Big data