Fuzzing [1] is a well-known technique which was employed to provide unexpected or random data as input to JavaScript engines in hopes of finding a security vulnerability. For effective fuzzing, the input must be both ...
详细信息
With the continuous development of trusted computing, the integrity measurement has gradually been practical;but the popularization and application of the existing measurement tools are still restricted by their own m...
详细信息
The security of the IoT has become a hot research area in cyberspace security, among which the malware is a major threat. Based on the ATT&CK model, this paper studies the composition and behavior of IoT malware, ...
详细信息
Malware clustering analysis plays an important role in large-scale malware homology analysis. However, the generation approach of the ground truth data is usually ignored. The Labels from Anti-virus(AV) engines are mo...
详细信息
Current white-box attack to deep neural networks have achieved considerable success, but not for black-box attack. The main reason is poor transferability, as the adversarial examples are crafted with single deep neur...
详细信息
Neural networks are vulnerable when input data is applied with human-imperceptible perturbations, which is called adversarial examples. When used in image classification models, adversarial examples mislead neural net...
详细信息
This paper is twofold. The first is devoted to study a class of quadratic rotation symmetric S-boxes(RSSBs) which was presented by Gao G, et al., Constructions of quadratic and cubic rotation symmetric bent functions,...
详细信息
This paper is twofold. The first is devoted to study a class of quadratic rotation symmetric S-boxes(RSSBs) which was presented by Gao G, et al., Constructions of quadratic and cubic rotation symmetric bent functions, IEEE Transactions on Information Theory, vol. 58, no. 7, pp. 4908 –4913, 2012, by decomposing a class of cubic rotation symmetric bent functions. The authors obtain its nonlinearity and differential uniformity of such class of S-boxes. In particular, the compositional inversion of the class of rotation symmetric S-boxes is also presented. Then the authors introduce a steepest-descent-like search algorithm for the generation of RSSBs. The algorithm finds 5,6,7,8-bit RSSBs with very good cryptographic properties which can be applied in designing cryptographical algorithms.
Cyberspace is vulnerable to continuous malicious attacks. Traceability of network attacks is an effective defense means to curb and counter network attacks. In this paper, the evolutionary game model is used to analyz...
详细信息
As an active defenses technique,multivariant execution(MVX)can detect attacks by monitoring the consistency of heterogeneous variants with parallel *** with patch-style passive defense,MVX can defend against known and...
详细信息
As an active defenses technique,multivariant execution(MVX)can detect attacks by monitoring the consistency of heterogeneous variants with parallel *** with patch-style passive defense,MVX can defend against known and even unknown vulnerability-based attacks without relying on attack feature ***,variants generated with software diversity technologies will introduce new vulnerabilities when they execute in ***,we analyze the security of MVX theory from the perspective of formal *** we summarize the general forms and techniques for attacks against MVX,and analyze the new vulnerabilities arising from the combination of variant generation *** propose SecMVX,a secure MVX architecture and variant generation *** evaluations based on CVEs and SPEC 2006 benchmark show that SecMVX introduces 11.29%of the average time overhead,and avoids vulnerabilities caused by the improper combination of variant generation technologies while keeping the defensive ability of MVX.
At present,there is a problem of false positives caused by the too vast mimic scope in mimic transformation *** studies have focused on the“compensation”method to deal with this problem,which is expensive and cannot...
详细信息
At present,there is a problem of false positives caused by the too vast mimic scope in mimic transformation *** studies have focused on the“compensation”method to deal with this problem,which is expensive and cannot fundamentally solve *** paper provides new insights into coping with the ***,this study summarizes the false-positive problem in the mimic transformation,analyzes its possible harm and the root ***,three properties about the mimic scope are *** on the three properties and security quantification technology,the best mimic component set theory is put forward to solve the false-positive *** are two algorithms,the supplemental method and the subtraction *** best mimic component set obtained by these two algorithms can fundamentally solve the mimic system’s false-positive problem but reduce the cost of mimic *** make up for the lack of previous researches.
暂无评论