Feature selection methods for classification are crucial for intrusion detection techniques using machine learning. High-dimensional features in intrusion detection data affect computational complexity, consume more u...
详细信息
Feature selection methods for classification are crucial for intrusion detection techniques using machine learning. High-dimensional features in intrusion detection data affect computational complexity, consume more used resources and more time for data analysis, and the irrelevant and redundant features among them often hinder the performance of classifiers and mislead the classification task. Therefore, it is challenging to select more relevant features from intrusion detection data containing many such features. In this paper, we propose an efficient feature selection algorithm that first considers the correlation between features and the redundancy of pairs of features with respect to class labels based on an improved Pearson correlation coefficient, and later improves the evaluation function based on conditional mutual information to obtain a final subset of features with the goal of improving the classification rate and accuracy. The proposed feature selection method based on improved conditional mutual information is compared with three existing feature selection methods on the frequently studied public benchmark intrusion detection dataset NSL-KDD. The experimental results show that the features selected by the proposed method in this paper lead to a significant reduction in execution time while resulting in higher classification accuracy.
JavaScript engine is the core component of web browsers, whose security issues are one of the critical aspects of the overall Web Eco-Security. Fuzzing technology, as an efficient software testing approach, has been w...
详细信息
Recently, American National Institute of Standards and Technology (NIST) announced Kyber as the first KEM candidate to be standardized. The security of Kyber is based on the modular learning with errors (MLWE) problem...
Recently, American National Institute of Standards and Technology (NIST) announced Kyber as the first KEM candidate to be standardized. The security of Kyber is based on the modular learning with errors (MLWE) problem, which achieves excellent efficiency and size. This work proposes an improved key mismatch on Kyber, which can reduce the number of queries required to recover the secret key. We first transform the problem of finding a certain parameter of ciphertexts into a quantum ordered search problem. Then we give the procedure of finding the value of a parameter in the ciphertexts by the quantum method. Finally, we instantiate this attack method on Kyber512, Kyber768 and Kyber1024. Compared with the existing attack algorithm, our improved attack reduces the number of queries for Kyber512, Kyber768 and Kyber1024 by 63%, 59% and 45%, respectively.
At present, the network security of embedded devices has received more and more attention. However, the existing dynamic analysis tools can’t performance in embedded devices as common softwares. The main reason is th...
At present, the network security of embedded devices has received more and more attention. However, the existing dynamic analysis tools can’t performance in embedded devices as common softwares. The main reason is that the internal state information of the embedded device can not be directly obtained, and the debugging interface usually shields the device after the manufacturer produces it. Thus, this paper introduces rehosting techniques for embedded systems and the differences between each way. Then we talk about the Deficiencies and future works in emulate execution.
Directed greybox fuzzing directs fuzzers to specified code areas and has gained great achievements in 1-day vulnerability detection. However, existing directed graybox fuzzers fail to generate the crash sample even if...
Directed greybox fuzzing directs fuzzers to specified code areas and has gained great achievements in 1-day vulnerability detection. However, existing directed graybox fuzzers fail to generate the crash sample even if they found a testcase reaching the target site. There are mainly two questions that affect the effectiveness of directed greybox fuzzing: basic block-level target is coarse enough for 1-day vulnerability detection and the fuzzers follow a specific rule to select operators regardless of the vulnerability itself. This paper points out that only a few vulnerability-related variables are related to the vulnerability triggering. Based on the vulnerability-related variables, this paper proposes critical variable guided mutation, a mutation scheduling method to enhance the crash reproduction capability of directed greybox fuzzing. We implemented a prototype MDGF based on the critical variable guided mutation and evaluate it on real world programs. Evaluation of MDGF on various real-world programs showed that MDGF found vulnerabilities faster than the mainstream directed greybox fuzzers. The experimental results showed that the speed of MDGF is 6.18 times faster than that of AFLGo and 1.40 times faster than Beacon, and MDGF can find 1.71x more bugs than AFLGo.
Existing memory attacks against SGX use the enclave interface, such as ECALLs and OCALLs, to inject malicious data into the enclave’s trusted memory to trigger memory corruption vulnerabilities therein. Therefore, en...
Existing memory attacks against SGX use the enclave interface, such as ECALLs and OCALLs, to inject malicious data into the enclave’s trusted memory to trigger memory corruption vulnerabilities therein. Therefore, enclave interface security becomes a key issue in defending against such attacks. However, a comprehensive static analysis of source SGX programs is currently lacking to obtain sufficient a priori knowledge to provide effective runtime interface protection for the enclave. In view of this, we identify 8 types of unsafe input data of enclave and design a new interface cropping method, SGXCrop. This method extracts critical interface information from source SGX programs, including ECALLs in use and unsafe input data, which are cropped at runtime of SGX programs. Tests in real SGX environment verify that the proposed method can effectively crop illegal ECALLs and unsafe input data.
With the intensification of informatization and mobility, various web security threats are emerging. Cross-site scripting (XSS) attack is the most common type of web attack. Most traditional detection methods have bee...
详细信息
With the intensification of informatization and mobility, various web security threats are emerging. Cross-site scripting (XSS) attack is the most common type of web attack. Most traditional detection methods have been difficult to adapt to the existing confusion variants of XSS attacks. In this paper, we extract features based on big data collected from 2017 to 2022. In order to improve the XSS detection effect of detection tools, we build machine learning models based on more than 210,000 positive and negative samples, among which CNN has the best performance. Furthermore, we propose a new algorithm that improves the traditional virtual sample generation technology based on prior knowledge in order to improve the generalization of the models. Experimental results show that in most cases, the performance of the algorithm in this paper is better than other VSG methods, and the ability to detect and discover unknown attacks is improved to a certain extent.
Software vulnerability detection is crucial for maintaining the security and stability of software systems. In this paper, we propose a novel neural network model called TS-GGNN to address the problem of vulnerability...
Software vulnerability detection is crucial for maintaining the security and stability of software systems. In this paper, we propose a novel neural network model called TS-GGNN to address the problem of vulnerability detection in source code slices. The TS-GGNN model effectively captures both local and global features of vulnerable code by fusing sequence features with graph features. To achieve this, we utilize graph structure and sequence structure learning approaches to comprehensively extract valuable information from the source code slices. Our experiments are conducted on the SARD dataset, which consists of 61,638 code samples annotated for the presence or absence of vulnerabilities. The results demonstrate that TS-GGNN has the best vulnerability detection performance, with an accuracy of 99.4%, a precision of 98.81%, and an F1 score as high as 99.4% thereby validating the effectiveness of the TS-GGNN model in capturing features relevant to software vulnerabilities.
The difference between real devices and virtual environments causes a low success rate of application-layer program emulation when the firmware is operating in full-system emulation during the dynamic analysis of the ...
The difference between real devices and virtual environments causes a low success rate of application-layer program emulation when the firmware is operating in full-system emulation during the dynamic analysis of the firmware of embedded devices. In this paper, we propose ALEmu, an emulation framework for application-layer programs, which can effectively improve the emulation success rate of application-layer programs in embedded device firmware through automatic preprocessing of target programs, building configuration libraries, and hooking external program calls. When we test ALEmu on a variety of real-world devices, including routers and IP cameras, we find that it performs more successfully and accurately than the current state-of-the-art full-system emulation frameworks like Firmadyne and FirmAE.
Device simulation is an important method of embedded device security analysis, due to the extensive and heterogeneous nature of the current peripherals, the existing simulation technology for peripheral simulation is ...
详细信息
Device simulation is an important method of embedded device security analysis, due to the extensive and heterogeneous nature of the current peripherals, the existing simulation technology for peripheral simulation is mostly fuzzy, to find the input and output that meet the firmware requirements as the main goal. In order to construct a template based on IO interface identification to extend the peripheral simulation scheme, this paper identifies the IO interface without firmware source code based on the characteristics of the IO configuration process in MCU firmware. Through experimental comparison, this method has a certain effect in MCU firmware interface recognition.
暂无评论