检索结果-内蒙古大学图书馆

9th IEEE International Conference on Software engineering and Service Science, ICSESS 2018

作者： Cao, Fei Li, Qingbao Chen, Zhifeng State Key Laboratory of Mathematical Engineering and Advanced Computing Zhengzhou China

ISBN: (纸本)9781538665640

Targeted at the situation of rampant attack on UEFI Platform Firmware, this paper summarizes the UEFI platform firmware framework structure as well as its potential security problems. Then the vulnerability factors of UEFI platform firmware are described using the modeling language. This paper proposes an improved Attack Graphs model based on Finite state Machine (AGFSM), which can be used to evaluate the reliability of UEFI, as well as calculate the expected exploitation cost and expected attack loss. Finally, based on the AGFSM model, we realize the evaluation of a set of attack strategies for the UEFI platform firmware and verify the rationality of the model and the validity of the evaluation. The research is conducive to the rapid detection of the vulnerability of UEFI Platform Firmware, predict the attack paths and deploy the security strategy targeted to safeguard the firmware. © 2018 IEEE.

关键词： Firmware

来源：评论

学校读者我要写书评

暂无评论

A review of cryptographic algorithm recognition technology for binary code

引用

Journal of Physics: Conference Series 2021年第1期1856卷

作者： Chenxia Zhao Fei Kang Ju Yang Hui Shu Zhengzhou University Zhengzhou Henan 450001 China State Key Laboratory of Mathematical Engineering and Advanced Computing Zhengzhou Henan 450001 China

Aiming at the cryptographic algorithm that may be contained in the binary program, combined with existing research results, several cryptographic algorithm identification techniques are analyzed, including control flow graphs, data flow graphs, feature matching, selection of command statistical attributes, and semantic-based behavior analysis. The recognition effects of related technologies are discussed respectively.

关键词：

来源：评论

学校读者我要写书评

暂无评论

Poison over troubled forwarders: a cache poisoning attack targeting DNS forwarding device 20

Poison over troubled forwarders: a cache poisoning attack ta...

引用

Proceedings of the 29th USENIX Conference on Security Symposium

作者： Xiaofeng Zheng Chaoyi Lu Jian Peng Qiushi Yang Dongjie Zhou Baojun Liu keyu Man Shuang Hao Haixin Duan Zhiyun Qian Tsinghua University and Qi An Xin Technology Research Institute Tsinghua University Qi An Xin Technology Research Institute State Key Laboratory of Mathematical Engineering and Advanced Computing University of California Riverside University of Texas at Dallas

ISBN: (纸本)9781939133175

In today's DNS infrastructure, DNS forwarders are devices standing in between DNS clients and recursive resolvers. The devices often serve as ingress servers for DNS clients, and instead of resolving queries, they pass the DNS requests to other servers. Because of the advantages and several use cases, DNS forwarders are widely deployed and queried by Internet users. However, studies have shown that DNS forwarders can be more vulnerable devices in the DNS *** this paper, we present a cache poisoning attack targeting DNS forwarders. Through this attack, attackers can inject rogue records of arbitrary victim domain names using a controlled domain, and circumvent widely-deployed cache poisoning defences. By performing tests on popular home router models and DNS software, we find several vulnerable implementations, including those of large vendors (e.g., D-Link, Linksys, dnsmasq and MS DNS). Further, through a nationwide measurement, we estimate the population of Chinese mobile clients which are using vulnerable DNS forwarders. We have been reporting the issue to the affected vendors, and so far have received positive feedback from three of them. Our work further demonstrates that DNS forwarders can be a soft spot in the DNS infrastructure, and calls for attention as well as implementation guidelines from the community.

关键词：

来源：评论

学校读者我要写书评

暂无评论

A Security-Sensitive Function Mining Framework for Source Code 5th

A Security-Sensitive Function Mining Framework for Source Co...

引用

5th International Conference on Artificial Intelligence and Security, ICAIS 2019

作者： Chen, Lin Yang, Chunfang Liu, Fenlin Gong, Daofu Ding, Shichang Zhengzhou Science and Technology Institute Zhengzhou450001 China State Key Laboratory of Mathematical Engineering and Advanced Computing Zhengzhou450001 China University of Göttingen Goldschmidtstr. 7 Göttingen37077 Germany

ISBN: (纸本)9783030242671

The security-sensitive functions can be effectively used to improve the efficiency of vulnerability mining techniques, but mining security-sensitive functions of the large-scale code base is difficult. An automatic mining framework for security-sensitive functions is proposed. Firstly, a class of high-resolution code features is used to extract suspected security-sensitive function sets, and then a class of code features is applied to measure the sensitivity of each suspected security-sensitive function. Ultimately, the final security-sensitive function set is ensured based on the measurement result. Established along the framework, a mining algorithm for a type security-sensitive function is proposed. Through the mining experiments on three well-known open source codes, the performance of this algorithm is better than the existing methods. © 2019, Springer Nature Switzerland AG.

关键词： Open source software

来源：评论

学校读者我要写书评

暂无评论

Multi-label Classification with High-rank and High-order label Correlations

arXiv

引用

arXiv 2022年

作者： Si, Chongjie Jia, Yuheng Wang, Ran Zhang, Min-Ling Feng, Yanghe Qu, Chongxiao The Chien-Shiung Wu College Southeast University Nanjing210096 China The MoE Key Lab of Artificial Intelligence AI Institute Shanghai Jiao Tong University Shanghai200240 China The School of Computer Science and Engineering Southeast University Nanjing210096 China Ministry of Education China School of Computing & Information Sciences Caritas Institute of Higher Education Hong Kong The Key Laboratory of Computer Network and Information Integration Southeast University Ministry of Education China The School of Mathematical Science Shenzhen University Shenzhen518060 China Shenzhen Key Laboratory of Advanced Machine Learning and Applications Shenzhen University Shenzhen518060 China The College of Systems Engineering National University of Defense Technology China The 52nd Research Institute of China Electronics Technology Group China

Exploiting label correlations is important to multi-label classification. Previous methods capture the high-order label correlations mainly by transforming the label matrix to a latent label space with low-rank matrix factorization. However, the label matrix is generally a full-rank or approximate full-rank matrix, making the low-rank factorization inappropriate. Besides, in the latent space, the label correlations will become implicit. To this end, we propose a simple yet effective method to depict the high-order label correlations explicitly, and at the same time maintain the high-rank of the label matrix. Moreover, we estimate the label correlations and infer model parameters simultaneously via the local geometric structure of the input to achieve mutual enhancement. Comparative studies over twelve benchmark data sets validate the effectiveness of the proposed algorithm in multi-label classification. The exploited high-order label correlations are consistent with common sense empirically. Our code is publicly available at https://***/Chongjie-Si/HOMI. Copyright © 2022, The Authors. All rights reserved.

关键词： Matrix algebra

来源：评论

学校读者我要写书评

暂无评论

Comments on Privacy-preserving Yoking proof with key exchange in the three-party setting

引用

International Journal of Network Security 2019年第2期21卷 355-358页

作者： Cheng, Qingfeng Zhang, Xinglong State Key Laboratory of Mathematical Engineering and Advanced Computing Zhengzhou Henan Province450001 China

In 2017, Tian, Yang and Mu presented a new three-party key exchange protocol YPKE in radio frequency identification environment, which is based on the HMQV protocol. They claimed that the proposed YPKE protocol in the three-party setting meets user privacy and session key security. In this comment, we point out that the YPKE protocol still has some weaknesses. Our results show that the proposed YPKE protocol cannot provide perfect forward secrecy, and also cannot resist impersonation attack. At the same time, the YPKE protocol is lack of the security of ephemeral private key leakage and unknown key-share, which the original HMQV protocol can achieve. © 2019 Femto Technique Co., Ltd.

关键词： Radio frequency identification (RFID)

来源：评论

学校读者我要写书评

暂无评论

GREYONE: data flow sensitive fuzzing 20

GREYONE: data flow sensitive fuzzing

引用

Proceedings of the 29th USENIX Conference on Security Symposium

作者： Shuitao Gan Chao Zhang Peng Chen Bodong Zhao Xiaojun Qin Dong Wu Zuoning Chen State Key Laboratory of Mathematical Engineering and Advanced Computing Institute for Network Science and Cyberspace Tsinghua University and Beijing National Research Center for Information Science and Technology ByteDance AI lab Institute for Network Science and Cyberspace Tsinghua University National Research Center of Parallel Computer Engineering and Technology

ISBN: (纸本)9781939133175

Data flow analysis (e.g., dynamic taint analysis) has proven to be useful for guiding fuzzers to explore hard-to-reach code and find vulnerabilities. However, traditional taint analysis is labor-intensive, inaccurate and slow, affecting the fuzzing efficiency. Apart from taint, few data flow features are *** this paper, we proposed a data flow sensitive fuzzing solution GREYONE. We first utilize the classic feature taint to guide fuzzing. A lightweight and sound fuzzing-driven taint inference (FTI) is adopted to infer taint of variables, by monitoring their value changes while mutating input bytes during fuzzing. With the taint, we propose a novel input prioritization model to determine which branch to explore, which bytes to mutate and how to mutate. Further, we use another data flow feature constraint conformance, i.e., distance of tainted variables to values expected in untouched branches, to tune the evolution direction of *** implemented a prototype of GREYONE and evaluated it on the LAVA data set and 19 real world programs. The results showed that it outperforms various state-of-the-art fuzzers in terms of both code coverage and vulnerability discovery. In the LAVA data set, GREYONE found all listed bugs and 336 more unlisted. In real world programs, GREYONE on average found 2.12X unique program paths and 3.09X unique bugs than state-of-the-art evolutionary fuzzers, including AFL, VUzzer, CollAFL, Angora and Honggfuzz, Moreover, GREYONE on average found 1.2X unique program paths and 1.52X unique bugs than a state-of-the-art symbolic exeuction assisted fuzzer QSYM. In total, it found 105 new security bugs, of which 41 are confirmed by CVE.

关键词：

来源：评论

学校读者我要写书评

暂无评论

A Format Protection Method of Greybox Fuzzing 19

A Format Protection Method of Greybox Fuzzing

引用

19th IEEE International Conference on Communication Technology, ICCT 2019

作者： Zhao, Shibin Zhou, Tianyang Duan, Xiaoli Lin, Hongyang Ying, Xinlei Shi, Qibo Peng, Jianshan State Key Laboratory of Mathematical Engineering and Advanced Computing Zhengzhou450001 China China United Network Communications Group Co. Ltd Shanxi Yuncheng Branch Yuncheng044000 China Ant-financial Light-Year Security Lab hangzhou310000 China

ISBN: (纸本)9781728105352

Greybox fuzzing, which can fuzz without knowledge of the format, is one of the most advanced fuzzing techniques. However, the lack of format knowledge makes the test cases' format messy as the fuzzing proceeds and reduces the effectiveness of fuzzing. In this paper, we introduce a format protection method that can protect the format of test cases during greybox fuzzing. Based on prior knowledge, the Naive Bayes classifier is applied to achieve a format check method, which is used to improve the favourite seed selection process and induce the position of variation. The experiment results indicate that this method not only has a higher code coverage ratio and more unique crashes in less time than other fuzzers but also maintains the invalid format ratio at a low level. 24 previously unreported CVEs were exposed. © 2019 IEEE.

关键词： Classifiers

来源：评论

学校读者我要写书评

暂无评论

A dynamic network change detection method using network embedding 4th

A dynamic network change detection method using network embe...

引用

4th International Conference on Cloud computing and Security, ICCCS 2018

作者： Sun, Tong Liu, Yan China State Key Laboratory of Mathematical Engineering and Advanced Computing Zhengzhou China

ISBN: (纸本)9783030000059

Dynamic networks are ubiquitous. Detecting dynamic network changes is helpful to understand the network development trend and discover network anomalies in time. It is a research hotspot at present. The structure of the network in the real world is very complex, the current feature learning method is difficult to capture a variety of network connectivity patterns, and the definition of efficient network features requires a large number of neighborhood knowledge and computational costs. In order to overcome this limitation, this paper presents a method of dynamic network change detection using network embedding, which automates the whole process by using feature extraction as a embedding problem, and carries out dynamic network change detection by analyzing the distribution of nodes in space after network embedding processing. We use this method to simulate dynamic network and real dynamic network datasets to prove the validity of this method. © Springer Nature Switzerland AG 2018.

关键词： Network embeddings

来源：评论

学校读者我要写书评

暂无评论

HHL Analysis and Simulation Verification Based on Origin Quantum Platform

引用

Journal of Physics: Conference Series 2021年第1期2113卷

作者： Xiaonan Liu Lina Jing Lin Han Jie Gao State Key Laboratory of Mathematical Engineering and Advanced Computing Zhengzhou 450001 China Henan Supercomputing Center Zhengzhou University Zhengzhou 450001 China

Solving large-scale linear equations is of great significance in many engineering fields, such as weather forecasting and bioengineering. The classical computer solves the linear equations, no matter adopting the elimination method or Kramer's rule, the time required for solving is in a polynomial relationship with the scale of the equation system. With the advent of the era of big data, the integration of transistors is getting higher and higher. When the size of transistors is close to the order of electron diameter, quantum tunneling will occur, and Moore's Law will not be followed. Therefore, the traditional computing model will not be able to meet the demand. In this paper, through an in-depth study of the classic HHL algorithm, a small-scale quantum circuit model is proposed to solve a 2×2 linear equations, and the circuit diagram and programming are used to simulate and verify on the Origin Quantum Platform. The fidelity under different parameter values reaches more than 90%. For the case where the matrix to be solved is a sparse matrix, the quantum algorithm has an exponential speed improvement over the best known classical algorithm.

关键词：

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：