检索结果-内蒙古大学图书馆

From proof-of-concept to exploitable

Cybersecurity 2019年第1期2卷 189-213页

作者： Yan Wang WeiWu Chao Zhang Xinyu Xing Xiaorui Gong Wei Zou School of Cyber Security University of Chinese Academy of SciencesBeijingChina Institute for Network Sciences and Cyberspace Tsinghua UniversityBeijingChina College of Information Sciences and Technology Pennsylvania State UniversityUniversity ParkUnited States Institute of Information Engineering Chinese Academy of SciencesBeijingChina Key Laboratory of Network Assessment Technology CASBeijingChina Beijing Key Laboratory of Network Security and Protection Technology BeijingChina

Exploitability assessment of vulnerabilities is important for both defenders and *** ultimate way to assess the exploitability is crafting a working ***,it usually takes tremendous hours and significant manual *** address this issue,automated techniques can be *** solutions usually explore in depth the crashing paths,i.e.,paths taken by proof-of-concept(PoC)inputs triggering vulnerabilities,and assess exploitability by finding exploitable states along the ***,exploitable states do not always exist in crashing ***,existing solutions heavily rely on symbolic execution and are not scalable in path exploration and exploit *** this paper,we propose a novel solution to generate exploit for userspace programs or facilitate the process of crafting a kernel UAF ***,we utilize oriented fuzzing to explore diverging paths from vulnerability *** userspace programs,we adopt a control-flow stitching solution to stitch crashing paths and diverging paths together to generate *** kernel UAF,we leverage a lightweight symbolic execution to identify,analyze and evaluate the system calls valuable and useful for exploiting *** have developed a prototype system and evaluated it on a set of 19 CTF(capture the flag)programs and 15 realworld Linux kernel UAF *** results showed it could generate exploit for most of the userspace test set,and it could also facilitate security mitigation bypassing and exploitability evaluation for kernel test set.

关键词： Exploit Vulnerability Taint analysis Fuzzing Symbolic execution

来源：评论

学校读者我要写书评

暂无评论

Intelligent Upgrade of Waste-Activated Sludge Dewatering Process Based on Artificial Neural Network Model: Core Influential Factor Identification and Non-Experimental Prediction of Sludge Dewatering Performance

SSRN

引用

SSRN 2023年

作者： Li, Hewei Li, Chunjiang Zhou, Kun Ye, Wei Lu, Yufei Chaia, Xiaoli Daia, Xiaohu Wu, Boran State Key Laboratory of Pollution Control and Resource Reuse College of Environmental Science and Engineering Tongji University 1239 Siping Road Shanghai200092 China Shanghai Technology Innovation Center of Sludge Treatment and Resourcification Shanghai CEO Environmental Protection Technology Co. Ltd. 1668 Guoquan Road Shanghai200438 China Co. Ltd. 901 Zhongshan North 2nd Road Shanghai200092 China College of Electronic and Information Engineering Tongji University 4800 Cao'an Highway Shanghai201804 China Shanghai Institute of Pollution Control and Ecological Security Shanghai200092 China

Owing to the extremely complex compositions and origins of waste-activated sludge (WAS), the multiple physiochemical properties of WAS have impacts on its dewaterability, and there is a complex interaction relationship among the multiple physiochemical properties, which makes it difficult to identify the controlling factors on WAS dewaterability. Accordingly, there is still no unified certainty in the appropriate ranges of physiochemical properties for the optimal dewaterability of sludge from different sources, resulting in a lack of clear theoretical basis for technical selection and optimization of sludge dewatering processes. The large consumption of conditioning chemicals and low process efficiency stand for the major deficiency of existing sludge conditioning technologies. This study proposed to use a non-linear, adaptive and self-organizing artificial neural network (ANN) model to integrate the multiple physiochemical properties of WAS affecting its dewaterability, and WAS dewatering performance under certain conditioning schemes could be predicated by ANN model with the multiple physiochemical properties and conditioning operation parameters as the input arguments. Thus, the laborious filtration experiments for screening conditioning chemicals could be replaced by the input adjustment of ANN model. Rooted mean squared error (RMSE) of 6.51 and coefficient of determination (R2) of 0.73 confirmed the satisfied stability and accuracy of established ANN model. Furthermore, the predictor-exclusive method revealed that the exclusion of polar interface free energy decreased most, which reflected the importance of surface hydrophilicity reduction in sludge dewaterability improvement. All the contributions presented here were believed to provide an intelligent insight to improve the experience operation status of WAS dewatering process. © 2023, The Authors. All rights reserved.

关键词： Neural networks

来源：评论

学校读者我要写书评

暂无评论

Constructing benchmarks for supporting explainable evaluations of static application security testing tools 13

Constructing benchmarks for supporting explainable evaluatio...

引用

13th International Symposium on Theoretical Aspects of Software engineering, TASE 2019

作者： Hao, Gaojian Li, Feng Huo, Wei Sun, Qing Wang, Wei Li, Xinhua Zou, Wei Institute of Information Engineering Chinese Academy of Sciences China Key Laboratory of Network Assessment Technology Chinese Academy of Sciences Beijing Key Laboratory of Network Security and Protection Technology China School of Cyber Security University of Chinese Academy of Sciences China

ISBN: (纸本)9781728133423

When evaluating Static Application security Testing (SAST) tools, benchmarks based on real-world softwares are considered more representative than synthetic micro benchmarks. Generated from real-world software, the test cases in such kind of benchmarks usually contain multiple syntactic features which affect the vulnerability detection results reflecting SAST tools' capabilities in real-world settings. However, most existing benchmarks based on real-world software pay little attention to these syntactic features so that only limited information about the capabilities of SAST tools can be obtained from the evaluation results. In this paper, we provide a method of constructing benchmarks and evaluating SAST tools, which leverages the syntactic features to support the evaluation to be more explainable. To demonstrate the effectiveness, we applied our method to the benchmark built by Misha Zitser et al., generated 10 groups of test cases, and evaluated 2 SAST tools with them. The result shows that, with the benchmark constructed by our method, the evaluation could be more explainable which helps us to gain more information about the SAST tools' capabilities of vulnerability detection. © 2019 IEEE.

关键词： Software testing

来源：评论

学校读者我要写书评

暂无评论

Spatiotemporal estimation and local driver analysis of fractional vegetation coverage in the Three-North region, China

引用

Advances in Space Research 2025年

作者： Yi Long Hua Sun Fugen Jiang Song Chen Jie Tang Research Center of Forestry Remote Sensing and Information Engineering Central South University of Forestry and Technology Changsha China Key Laboratory of Forestry Remote Sensing Based Big Data and Ecological Security for Hunan Province Changsha China Key Laboratory of National Forestry and Grassland Administration on Forest Resources Management and Monitoring in Southern Area Changsha China

Understanding the spatio-temporal dynamics of fractional vegetation coverage (FVC) and its driving factors is imperative for advancing ecological management and fostering sustainable development. Towards the Three-North region of China, five distinct nonnegative matrix factorization models were employed to estimate FVC. The quadratic optimization derived from improved constrained nonnegative matrix factorization, IC-NMF 2 , was implemented to refine FVC estimation from 2000 to 2022. The spatial evolution pattern and change trend analysis were performed. The global and local drivers of FVC were analyzed using optimal parameter-based geographic detector (OPGD) and geographically weighted random forest (GWRF) model. The findings indicated that the IC-NMF 2 model outperformed other models in estimation accuracy and stability. FVC in the Three-North region had notable directional and regional characteristics, with a predominant tendency of either improvement or relative stability. However, localized degradation was observed, particularly in the Tianshan Mountains and the Beijing-Tianjin-Hebei region. Both OPGD and GWRF analyses consistently identified average relative humidity and accumulated precipitation as the primary global drivers of FVC, which showed a bi-enhance interactive effect. Average relative humidity was the first local influencing factor of FVC in most regions, showing strong spatial alignment with FVC distributions. By integrating local factor importance with trend analysis, more precise recommendations for ecological protection and management for sub-regions can be formulated. This study demonstrates great potential for application in other regions, especially in monitoring vegetation ecosystems and their dynamic responses to global climate changes in desert areas.

关键词：

来源：评论

学校读者我要写书评

暂无评论

A novel image encryption method based on hyperchaotic system and pixel information association

引用

International Journal of Wireless and Mobile Computing 2018年第3期15卷 207-214页

作者： Duan, Lijuan Zhang, Dongkui Ning, Zhenhu Xu, Fan Cui, Guoqin Liang, Peng Faculty of Information Technology Beijing University of Technology Beijing Key Laboratory of Trusted Computing National Engineering Laboratory for Critical Technologies of Information Security Classified Protection Beijing100124 China State Key Laboratory of Digital Multi-Media Chip Technology Vimicro Corporation Beijing100191 China State Information Center National Engineering Laboratory for e-Government Integration and Application Beijing100045 China

In recent years, a variety of image encryption methods based on chaotic systems has been proposed, and has achieved good results. In order to improve the security of image encryption, this paper proposes a new image encryption method with a dynamic key, based on a hyperchaotic system and the association of pixel information, and designs the three-level encryption structure with diffusion encryption, scrambling encryption and re-diffusion encryption. The innovation of this method is to add the whole information of the image and the position information of the pixels in the diffusion encryption, and add the data information of the pixels in the scrambling encryption. The plaintext information of the image is added to the encryption process, which can enhance the security of encryption. Experiments demonstrate that the image encryption method proposed in this paper has the characteristics of strong sensitivity, low correlation between adjacent pixels, anti-differential attack and high security. Copyright © 2018 Inderscience Enterprises Ltd.

关键词： Cryptography

来源：评论

学校读者我要写书评

暂无评论

Semantically Secure and Verifiable Multi-keyword Search in Cloud Computing 1

引用

2nd International Conference on Machine Learning for Cyber security, ML4CS 2019

作者： Zhang, Lili Wang, Wenjie Zhang, Yuqing National Key Laboratory of Integrated Services Networks Xidian University Xi’an710071 China Henan International Joint Laboratory of Cyberspace Security Applications Information Engineering College Henan University of Science and Technology Luoyang471023 China National Computer Network Intrusion Protection Center University of Chinese Academy of Sciences Beijing100049 China State Key Laboratory of Information Security Institute of Information Engineering Chinese Academy of Sciences Beijing100093 China

ISBN: (数字)9783030306199

ISBN: (纸本)9783030306182

In cloud computing model, the data are usually encrypted before outsourced to the cloud server, which protects the data privacy, but also leaves keyword searches over ciphertext data a challenging problem. A keyword search scheme over encrypted data should achieve both index privacy and query privacy;moreover, verification of search results is desirable because the incorrectf results can be returned owing to system defects or the cloud server’s motivation to save computation recourses. Many multi-keyword search schemes have been proposed;however, few of these schemes are verifiable and adaptively index-hiding and adaptively query-hiding. In this paper, a semantically secure multi-keyword search scheme is constructed, which is adaptively index-hiding and adaptively query-hiding, also supports the correctness verification of search results. We provide a detailed performance comparison and give a thorough security proof by a sequence of games. The combined results demonstrate that our scheme is secure and practical. © 2019, Springer Nature Switzerland AG.

关键词： Cloud computing

来源：评论

学校读者我要写书评

暂无评论

A security scheme for intelligent substation communications considering real-time performance

引用

Journal of Modern Power Systems and Clean Energy 2019年第4期7卷 948-961页

作者： Jie ZHANG Jun’e LI Xiong CHEN Ming NI Ting WANG Jianbo LUO Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of EducationSchool of Cyber Science and EngineeringWuhan UniversityWuhan 430072China NARI Group Corporation(State Grid Electric Power Research Institute) Nanjing 211106China NARI Technology Co.Ltd. Nanjing 211106China State Key Laboratory of Smart Grid Protection and Control Nanjing 211106China

Tampering,forgery and theft of the measurement and control messages in a smart grid could cause one breakdown in the power ***,no security measures are employed for communications in intelligent *** services in an intelligent substation have high demands for real-time performance,which must be considered when deploying security *** paper studies the security requirements of communication services in intelligent substations,analyzes the security capabilities and shortages of IEC 62351,and proposes a novel security scheme for intelligent substation *** security scheme covers internal and telecontrol communications,in which the real-time performance of each security measure is *** this scheme,certificateless public key cryptography(CLPKC)is used to avoid the latency of certificate exchange in certificate-based cryptosystem and the problem of key escrow in identity-based cryptosystem;the security measures of generic object-oriented substation event,sampled measure value and manufacturing message specification in IEC 62351 are improved to meet the real-time requirements of the messages as well as to provide new security features to resist repudiation and replay attacks;and the security at transport layer is modified to fit CLPKC,which implements mutual authentication by exchanging ***,a deployment of CLPKC in an intelligent substation is *** also evaluate the security properties of the scheme and analyze the end-to-end delays of secured services by combining theoretical calculation and simulation in this *** results indicate that the proposed scheme meets the requirements of security and real-time performance of communications in intelligent substations.

关键词： Intelligent substation security measures Certificateless public key cryptography(CLPKC) Real-time communication IEC 62351

来源：评论

学校读者我要写书评

暂无评论

An Intelligent Learning Method and System for Cybersecurity Threat Detection

引用

Journal of Physics: Conference Series 2020年第1期1575卷

作者： Yuan Tao Wei Hu Moyan Li The Third Research Institute of Ministry of Public Security Shanghai China National Engineering Laboratory for Key Technology of Classified Information Security Protection Beijing China

To protect information system and data effectively is the core of cybersecurity. At present, most technologies are based on known static protection strategies. Through the cybersecurity threat is dynamic, so it is necessary to detect the cybersecurity in advance, so as to update the protection strategy in time, which means the dynamic and active defence. The intelligent learning method and system for cybersecurity threat detection is proposed. And the immune selection of cybersecurity threat detection is proposed to select the appropriate threshold, and the knowledge map of cybersecurity threat detection are constructed from suspicious time, security management centre, security computing environment, security area boundary and security communication network. The threshold is built by immune selection, and the cybersecurity intelligent detection can be achieved by knowledge map. The architecture of intelligent detection system is proposed. So that the cybersecurity threat detection can be dynamic and intelligent, and the performance of cybersecurity threat detection and analysis can be greatly improved.

关键词：

来源：评论

学校读者我要写书评

暂无评论

Research on Knowledge Graph Model for Cybersecurity Logs Based on Ontology and classified protection

引用

Journal of Physics: Conference Series 2020年第1期1575卷

作者： Yuan Tao Moyan Li Wei Hu The Third Research Institute of Ministry of Public Security Shanghai China National Engineering Laboratory for Key Technology of Classified Information Security Protection Beijing China

In order to audit and analyse cybersecurity events from massive logs, the knowledge graph model for cybersecurity logs is proposed. The data layer and the pattern layer of the knowledge graph model for cybersecurity logs is obtained based on ontology and classified protection. Entity classification of cybersecurity logs is extracted by using classified protection standards in the data layer of the knowledge graph. The relationship and attribute of ontology from cybersecurity logs is defined. The pattern layer of the knowledge graph model for cybersecurity logs is defined, classified protection data is integrated in entity alignment, and classified protection information gain is used in ontology construction. The structure of the knowledge graph for cybersecurity logs is given. So that the efficient association and deep mining analysis of cybersecurity logs are realized, and it can be directly analysed and processed on the data without the need for precise modelling of the problem. The efficiency of logs analysis is improved. The model has heuristic characteristics and generalization abstract ability, and the model is suitable for big data analysis of large-scale cybersecurity logs.

关键词：

来源：评论

学校读者我要写书评

暂无评论

Contrastive Learning for Robust Android Malware Familial Classification

arXiv

引用

arXiv 2021年

作者： Wu, Yueming Dou, Shihan Zou, Deqing Yang, Wei Qiang, Weizhong Jin, Hai National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan430074 China Shanghai Key Laboratory of Intelligent Information Processing School of Computer Science Fudan University Shanghai200433 China University of Texas at Dallas Dallas United States National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Cluster and Grid Computing Lab School of Computer Science and Technology Huazhong University of Science and Technology Wuhan430074 China

Due to its open-source nature, Android operating system has been the main target of attackers to exploit. Malware creators always perform different code obfuscations on their apps to hide malicious activities. Features extracted from these obfuscated samples through program analysis contain many useless and disguised features, which leads to many false negatives. To address the issue, in this paper, we demonstrate that obfuscation-resilient malware family analysis can be achieved through contrastive learning. The key insight behind our analysis is that contrastive learning can be used to reduce the difference introduced by obfuscation while amplifying the difference between malware and other types of malware. Based on the proposed analysis, we design a system that can achieve robust and interpretable classification of Android malware. To achieve robust classification, we perform contrastive learning on malware samples to learn an encoder that can automatically extract robust features from malware samples. To achieve interpretable classification, we transform the function call graph of a sample into an image by centrality analysis. Then the corresponding heatmaps can be obtained by visualization techniques. These heatmaps can help users understand why the malware is classified as this family. We implement IFDroid and perform extensive evaluations on two datasets. Experimental results show that IFDroid is superior to state-of-the-art Android malware familial classification systems. Moreover, IFDroid is capable of maintaining a 98.4% F1 on classifying 69,421 obfuscated malware samples. © 2021, CC0.

关键词： Android (operating system)

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：