Previous studies have shown that deep learning is very effective in detecting known ***,when facing unknown attacks,models such as Deep Neural networks(DNN)combined with Long Short-Term Memory(LSTM),Convolutional Neur...
详细信息
Previous studies have shown that deep learning is very effective in detecting known ***,when facing unknown attacks,models such as Deep Neural networks(DNN)combined with Long Short-Term Memory(LSTM),Convolutional Neural networks(CNN)combined with LSTM,and so on are built by simple stacking,which has the problems of feature loss,low efficiency,and low ***,this paper proposes an autonomous detectionmodel for Distributed Denial of Service attacks,Multi-Scale Convolutional Neural network-Bidirectional Gated Recurrent Units-Single Headed Attention(MSCNN-BiGRU-SHA),which is based on a Multistrategy Integrated Zebra Optimization Algorithm(MI-ZOA).The model undergoes training and testing with the CICDDoS2019 dataset,and its performance is evaluated on a new GINKS2023 *** hyperparameters for Conv_filter and GRU_unit are optimized using the Multi-strategy Integrated Zebra Optimization Algorithm(MIZOA).The experimental results show that the test accuracy of the MSCNN-BiGRU-SHA model based on the MIZOA proposed in this paper is as high as 0.9971 in the CICDDoS 2019 *** evaluation accuracy of the new dataset GINKS2023 created in this paper is *** to the MSCNN-BiGRU-SHA model based on the Zebra Optimization Algorithm(ZOA),the detection accuracy on the GINKS2023 dataset has improved by 5.81%,precisionhas increasedby 1.35%,the recallhas improvedby 9%,and theF1scorehas increasedby 5.55%.Compared to the MSCNN-BiGRU-SHA models developed using Grid Search,Random Search,and Bayesian Optimization,the MSCNN-BiGRU-SHA model optimized with the MI-ZOA exhibits better performance in terms of accuracy,precision,recall,and F1 score.
Input validation vulnerabilities are common in Android apps, especially in inter-component communications. Malicious attacks can exploit this kind of vulnerability to bypass Android security mechanism and compromise t...
详细信息
Input validation vulnerabilities are common in Android apps, especially in inter-component communications. Malicious attacks can exploit this kind of vulnerability to bypass Android security mechanism and compromise the integrity, confidentiality and availability of Android devices. However, so far there is not a sound approach at the source code level for app developers aiming to detect input validation vulnerabilities in Android apps. In this paper, we propose a novel approach for detecting input validation flaws in Android apps and we implement a prototype named Easy IVD, which provides practical static analysis of Java source *** IVD leverages backward program slicing to extract transaction and constraint slices from Java source *** Easy IVD validates these slices with predefined security rules to detect vulnerabilities in a known *** detect vulnerabilities in an unknown pattern, Easy IVD extracts implicit security specifications as frequent patterns from the duplicated slices and verifies them. Then Easy IVD semi-automatically confirms the suspicious rule violations and reports the confirmed ones as vulnerabilities. We evaluate Easy IVD on four versions of original Android apps spanning from version 2.2 to 5.0. It detects 58 vulnerabilities including confused deputy attacks and denial of service attacks. Our results prove that Easy IVD can provide a practical defensive solution for app developers.
暂无评论