检索结果-内蒙古大学图书馆

Forward Legal Anonymous Group Pairing-Onion Routing for Mobile Opportunistic Networks

IEEE Transactions on Mobile Computing 2025年第7期24卷 6595-6612页

作者： Zhu, Xiuzhen Lin, Limei Huang, Yanze Wang, Xiaoding Hsieh, Sun-Yuan Wu, Jie Fujian Normal University College of Computer and Cyber Security Fujian Provincial Key Laboratory of Network Security and Cryptology Fujian Fuzhou350117 China Fujian University of Technology School of Computer Science and Mathematics Fujian Fuzhou350118 China National Cheng Kung University Department of Computer Science and Information Engineering Tainan701 Taiwan Temple University Department of Computer and Information Science 1925 N. 12th St PhiladelphiaPA19122 United States

Mobile Opportunistic Networks (MONs) often experience frequent interruptions in end-to-end connections, which increases the likelihood of message loss during delivery and makes users more susceptible to various cyber attacks. However, most currently proposed anonymous routing protocols are primarily designed for networks with stable connections, making it challenging to protect user identities in MONs. To address these challenges, we propose FLAG-POR (Forward Legal Anonymous Group Pairing-Onion Routing), a novel anonymous routing protocol specifically tailored to enhance message delivery anonymity and security in MONs. Specifically, we abstract the mobile opportunistic network as a contact graph. By introducing the concept of "groups» into the pairing-onion routing protocol, which encrypts messages and relay nodes layer by layer, we develop a novel group-based pairing-onion routing protocol. This protocol ensures message confidentiality and relay node anonymity, while also improving message forwarding rates, as any node within a group can potentially act as a relay. To ensure message authenticity, we employ the efficient SM2 signing algorithm to generate signatures for the message source. Furthermore, by incorporating parameters such as the public key validity period and master key validity period into the group pairing-onion routing protocol, we achieve forward security in message delivery. We conduct a thorough theoretical analysis of the protocol's security and performance. The experimental results demonstrate that our FLAG-POR protocol outperforms baseline anonymous protocols in terms of delivery success rate, traceability rate, path anonymity, and node anonymity. Additionally, the FLAG-POR scheme effectively resists three potential threats to the routing system: collusion attack threat, node identification threat, and path identification threat, in any situation. © 2002-2012 IEEE.

关键词： Anonymity

来源：评论

学校读者我要写书评

暂无评论

Analysing the Adversarial Landscape of Binary stochastic Networks 1

引用

iCatse International Conference on Information Science and Applications, ICISA 2020

作者： Tan, Yi Xiang Marcus Elovici, Yuval Binder, Alexander ST Engineering-SUTD Cyber Security Laboratory Singapore Singapore Information Systems Technology and Design Pillar Singapore University of Technology and Design Singapore Singapore Department of Software and Information Systems Engineering Ben-Gurion University of the Negev Beer-Sheva Israel

ISBN: (数字)9789813363854

ISBN: (纸本)9789813363847

We investigate the robustness of stochastic ANNs to adversarial attacks. We perform experiments on three known datasets. Our experiments reveal similar susceptibility of stochastic ANNs compared to conventional ANNs when confronted with simple iterative gradient-based attacks in the white-box settings. We observe, however, that in black-box settings, SANNs are more robust than conventional ANNs against boundary and surrogate attacks. Consequently, we propose improved attacks against stochastic ANNs. In the first step, we show that using stochastic networks as surrogates outperforms deterministic ones, when performing surrogate-based black-box attacks. In order to further boost adversarial success rates, we propose in a second step the novel Variance Mimicking (VM) surrogate training, and validate its improved performance. © 2021, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

关键词： Machine learning

来源：评论

学校读者我要写书评

暂无评论

Detection of Adversarial Supports in Few-Shot Classifiers Using Self-Similarity and Filtering

Detection of Adversarial Supports in Few-Shot Classifiers Us...

引用

2021 International Workshop on Safety and security of Deep Learning, SSDL 2021

作者： Tan, Yi Xiang Marcus Chong, Penny Sun, Jiamei Cheung, Ngai-Man Elovici, Yuval Binder, Alexander Information Systems Technology and Design Pillar Singapore University of Technology and Design Singapore Department of Software and Information Systems Engineering Ben-Gurion University of the Negev Be’er Sheva Israel Department of Informatics University of Oslo Norway ST Engineering-SUTD Cyber Security Laboratory

Few-shot classifiers excel under limited training samples, making them useful in applications with sparsely user-provided labels. Their unique relative prediction setup offers opportunities for novel attacks, such as targeting support sets required to categorise unseen test samples, which are not available in other machine learning setups. In this work, we propose a detection strategy to identify adversarial support sets, aimed at destroying the understanding of a few-shot classifier for a certain class. We achieve this by introducing the concept of self-similarity of a support set and by employing filtering of supports. Our method is attack-agnostic, and we are the first to explore adversarial detection for support sets of few-shot classifiers to the best of our knowledge. Our evaluation of the miniImagenet (MI) and CUB datasets exhibits good attack detection performance despite conceptual simplicity, showing high AUROC scores. We show that self-similarity and filtering for adversarial detection can be paired with other filtering functions, constituting a generalisable concept. © 2021 CEUR-WS. All rights reserved.

关键词： Machine learning

来源：评论

学校读者我要写书评

暂无评论

SmartWitness: A proactive software transparency system using smart contracts 2

SmartWitness: A proactive software transparency system using...

引用

2nd ACM International Symposium on Blockchain and Secure Critical Infrastructure, BSCI 2020, Co-located with AsiaCCS 2020

作者： Guarnizo, Juan Alangot, Bithin Szalachowski, Pawel ST Engineering-SUTD Cyber Security Laboratory Singapore University of Technology and Design Singapore Singapore Center for Cybersecurity Systems and Networks Amrita Vishwa Vidyapeetham Amritapuri India

ISBN: (纸本)9781450376105

Package managers have become essential for software distribution and management. Their goal is to allow users to install programs, drivers, or updates in their systems in a secure, quick, and often, unattended way. However, in recent years, attackers have found severe flaws in software distribution systems and used them as a stealthy launch pad for malicious software. Moreover, it was proved that actors of the software supply-chain are ineffective in detecting and stopping attacks on user devices. In this paper, we present a design for software distribution systems based on distributed ledgers. By replacing traditional code signing certificates with smart contracts, named SmartWitness, we propose a novel system that provides properties of binary transparency, useful and granular package revocation, and dynamic and proactive security assessment improving risk awareness of end users. SmartWitness keeps all actors transparent and accountable, and it enables security providers to participate earlier in the software distribution process, directly influencing package installations on user devices. We show how SmartWitness is integrated into an existing package manager system, and we present results from conducted experiments indicating that the system is practical as for today. © 2020 ACM.

关键词： Smart contract

来源：评论

学校读者我要写书评

暂无评论

Query recovery from easy to hard: jigsaw attack against SSE 24

Query recovery from easy to hard: jigsaw attack against SSE

引用

Proceedings of the 33rd USENIX Conference on security Symposium

作者： Hao Nie Wei Wang Peng Xu Xianglong Zhang Laurence T. Yang Kaitai Liang Huazhong University of Science and Technology Huazhong University of Science and Technology and Hubei Key Laboratory of Distributed System Security School of Cyber Science and Engineering and JinYinHu Laboratory and State Key Laboratory of Cryptology Huazhong University of Science and Technology and St. Francis Xavier University Delft University of Technology

ISBN: (纸本)9781939133441

Searchable symmetric encryption schemes often unintentionally disclose certain sensitive information, such as access, volume, and search patterns. Attackers can exploit such leakages and other available knowledge related to the user's database to recover queries. We find that the effectiveness of query recovery attacks depends on the volume/frequency distribution of keywords. Queries containing keywords with high volumes/frequencies are more susceptible to recovery, even when countermeasures are implemented. Attackers can also effectively leverage these "special" queries to recover all *** exploiting the above finding, we propose a Jigsaw attack that begins by accurately identifying and recovering those distinctive queries. Leveraging the volume, frequency, and cooccurrence information, our attack achieves 90% accuracy in three tested datasets, which is comparable to previous attacks (Oya et al., USENIX' 22 and Damie et al., USENIX' 21). With the same runtime, our attack demonstrates an advantage over the attack proposed by Oya et al (approximately 15% more accuracy when the keyword universe size is 15k). Furthermore, our proposed attack outperforms existing attacks against widely studied countermeasures, achieving roughly 60% and 85% accuracy against the padding and the obfuscation, respectively. In this context, with a large keyword universe (≥3k), it surpasses current state-of-the-art attacks by more than 20%.

关键词：

来源：评论

学校读者我要写书评

暂无评论

Query Recovery from Easy to Hard: Jigsaw Attack against SSE

arXiv

引用

arXiv 2024年

作者： Nie, Hao Wang, Wei Xu, Peng Zhang, Xianglong Yang, Laurence T. Liang, Kaitai Huazhong University of Science and Technology China Hubei Key Laboratory of Distributed System Security School of Cyber Science and Engineering China JinYinHu Laboratory China State Key Laboratory of Cryptology China St. Francis Xavier University Canada Delft University of Technology Netherlands

Searchable symmetric encryption schemes often unintentionally disclose certain sensitive information, such as access, volume, and search patterns. Attackers can exploit such leakages and other available knowledge related to the user’s database to recover queries. We find that the effectiveness of query recovery attacks depends on the volume/frequency distribution of keywords. Queries containing keywords with high volumes/frequencies are more susceptible to recovery, even when countermeasures are implemented. Attackers can also effectively leverage these "special" queries to recover all others. By exploiting the above finding, we propose a Jigsaw attack that begins by accurately identifying and recovering those distinctive queries. Leveraging the volume, frequency, and co-occurrence information, our attack achieves 90% accuracy in three tested datasets, which is comparable to previous attacks (Oya et al., USENIX’ 22 and Damie et al., USENIX’ 21). With the same runtime, our attack demonstrates an advantage over the attack proposed by Oya et al (approximately 15% more accuracy when the keyword universe size is 15k). Furthermore, our proposed attack outperforms existing attacks against widely studied countermeasures, achieving roughly 60% and 85% accuracy against the padding and the obfuscation, respectively. In this context, with a large keyword universe (≥3k), it surpasses current state-of-the-art attacks by more than 20%. Copyright © 2024, The Authors. All rights reserved.

关键词： Recovery

来源：评论

学校读者我要写书评

暂无评论

Understanding the Bad Development Practices of Android Custom Permissions in the Wild

引用

IEEE Transactions on Dependable and Secure Computing 2025年

作者： Zhang, Xiaohan Yu, Zhiyuan Li, Xinghua Zhang, Cen Sun, Cong Zhang, Ning Deng, Robert H. Xidian University State Key Laboratory of Integrated Service Networks School of Cyber Engineering Xi'an710071 China Ministry of Education Engineering Research Center of Big data Security China Washington University in St. Louis Department of Computer Science and Engineering St. LouisMO63130 United States Nanyang Technological University 639798 Singapore Singapore Management University 188065 Singapore

Android system provides application developers with the ability to define custom permissions, which serve to regulate the sharing of resources and functionalities with other applications. However, developers' improper development practices can render the permission mechanism ineffective, facilitating easy exploitation by attackers. This paper presents a comprehensive examination of the problematic practices surrounding custom permissions employed by developers, referred to as Bad Practices of Custom Permissions (BPCP issues). To accomplish this, we conducted an empirical study and identified nine common BPCP issue patterns that can lead to various adverse consequences, such as installation failures, crashes, and even component hijacking. To automatically identify these patterns of bad practices, we devised PERMEAGRE, a static analysis tool. Employing PERMEAGRE, we performed a large-scale analysis of 83,085 applications obtained from seven major app markets, aiming to detect instances of BPCP issues. The results revealed that more than 26% of the analyzed apps contained at least one issue, and a significant number of apps had garnered millions of downloads. Our analysis delved into the underlying causes of these issues. Consequently, this analysis sheds light on the potential threat landscape associated with bad practices in custom permissions, emphasizing the urgent requirement for effective mitigation strategies. © 2004-2012 IEEE.

关键词： Android custom permission empirical study static analysis

来源：评论

学校读者我要写书评

暂无评论

d-DSE: distinct dynamic searchable encryption resisting volume leakage in encrypted databases 24

d-DSE: distinct dynamic searchable encryption resisting volu...

引用

Proceedings of the 33rd USENIX Conference on security Symposium

作者： Dongli Liu Wei Wang Peng Xu Laurence T. Yang Bo Luo Kaitai Liang Huazhong University of Science and Technology Huazhong University of Science and Technology and Hubei Key Laboratory of Distributed System Security School of Cyber Science and Engineering and JinYinHu Laboratory and State Key Laboratory of Cryptology Huazhong University of Science and Technology and St. Francis Xavier University The University of Kansas Delft University of Technology

ISBN: (纸本)9781939133441

Dynamic Searchable Encryption (DSE) has emerged as a solution to efficiently handle and protect large-scale data storage in encrypted databases (EDBs). Volume leakage poses a significant threat' as it enables adversaries to reconstruct search queries and potentially compromise the security and privacy of data. Padding strategies are common countermeasures for the leakage' but they significantly increase storage and communication costs. In this work' we develop a new perspective on handling volume leakage. We start with distinct search and further explore a new concept called distinct DSE (d-DSE).We also define new security notions' in particular Distinct with Volume-Hiding security' as well as forward and backward privacy' for the new concept. Based on d-DSE' we construct the d-DSE designed EDB with related constructions for distinct keyword (d-KW-dDSEX keyword (KW-dDSE) and join queries (JOIN-dDSE) and update queries in encrypted databases. We instantiate a concrete scheme BF-SRE' employing Symmetric Revocable Encryption. We conduct extensive experiments on real-world datasets' such as Crime' Wikipedia' and Enron' for performance evaluation. The results demonstrate that our scheme is practical in data search and with comparable computational performance to the SOTA DSE scheme (MITRA*' AURA) and padding strategies (SEAL' ShieldDB). Furthermore' our proposal sharply reduces the communication cost as compared to padding strategies' with roughly 6.36 to 53.14x advantage for search queries.

关键词：

来源：评论

学校读者我要写书评

暂无评论

d-DSE: Distinct Dynamic Searchable Encryption Resisting Volume Leakage in Encrypted Databases

arXiv

引用

arXiv 2024年

作者： Liu, Dongli Wang, Wei Xu, Peng Yang, Laurence T. Luo, Bo Liang, Kaitai Huazhong University of Science and Technology China Hubei Key Laboratory of Distributed System Security School of Cyber Science and Engineering China JinYinHu Laboratory China State Key Laboratory of Cryptology China St. Francis Xavier University The University of Kansas United States Delft University of Technology Netherlands

Dynamic Searchable Encryption (DSE) has emerged as a solution to efficiently handle and protect large-scale data storage in encrypted databases (EDBs). Volume leakage poses a significant threat, as it enables adversaries to reconstruct search queries and potentially compromise the security and privacy of data. Padding strategies are common countermeasures for the leakage, but they significantly increase storage and communication costs. In this work, we develop a new perspective to handle volume leakage. We start with distinct search and further explore a new concept called distinct DSE (d-DSE). We also define new security notions, in particular Distinct with Volume-Hiding security, as well as forward and backward privacy, for the new concept. Based on d-DSE, we construct the d-DSE designed EDB with related constructions for distinct keyword (d-KW-dDSE), keyword (KW-dDSE), and join queries (JOIN-dDSE) and update queries in encrypted databases. We instantiate a concrete scheme BF-SRE, employing Symmetric Revocable Encryption. We conduct extensive experiments on real-world datasets, such as Crime, Wikipedia, and Enron, for performance evaluation. The results demonstrate that our scheme is practical in data search and with comparable computational performance to the SOTA DSE scheme (MITRA*, AURA) and padding strategies (SEAL, ShieldDB). Furthermore, our proposal sharply reduces the communication cost as compared to padding strategies, with roughly 6.36 to 53.14x advantage for search queries. Copyright © 2024, The Authors. All rights reserved.

关键词： Cryptography

来源：评论

学校读者我要写书评

暂无评论

Tensor-Based Multi-Scale Correlation Anomaly Detection for AIoT-Enabled Consumer Applications

引用

IEEE Transactions on Consumer Electronics 2024年

作者： Zeng, Jiuzhen Yang, Laurence T. Wang, Chao Deng, Xianjun Yang, Xiangli Huazhong University of Science and Technology Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Wuhan430074 China Huazhong University of Science and Technology School of Cyber Science and Engineering Wuhan430074 China Zhengzhou University School of Computer and Artificial Intelligence Zhengzhou450001 China St. Francis Xavier University Department of Computer Science AntigonishNSB2G 2W5 Canada University of South China School of Electrical Engineering Hengyang421001 China

Artificial Intelligence of Things (AIoT) is an innovative paradigm expected to enable various consumer applications that is transforming our lives. While enjoying benefits and services from these applications, we also face serious security issues due to malicious cyber attacks on the massive growth of AIoT consumer devices. Accurate anomaly detection is one of the critical tasks for the trustworthy AIoT removing those obstacles. However, limited by the vector-based data pattern and ill-considered factors for anomalous samples analysis, existing methods suffer from the low detection performance. In this paper, a multi-scale correlation tensor convolutional Gaussian mixture network (named as MTCGM) is presented for ameliorating this actuality. Specifically, MTCGM suggests to construct the multi-scale correlation tensor by stacking one self-correlation matrix and multiple surrounding-correlations of different scales, which well characterizes the network status of AIoT. Subsequently, a 3D-convolutional autoencoder (3DCA) is designed for capturing inter-feature correlations, and followed with a Gaussian mixture probability (GMP) network for the observations likelihood estimation. Moreover, low-dimensional space features, relative Euclidean distance and tensor cosine similarity (TCS) are adopted in MTCGM as the multi-factor to boost the likelihood estimation. Extensive experiments on public benchmark datasets verify the validity of MTCGM, and demonstrate its superiority over the state-of-the-art baselines even in presence of contaminated training samples and input noise. © 1975-2011 IEEE.

关键词： Tensors

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：