检索结果-内蒙古大学图书馆

Understanding User Passwords through Parsing Tree

IEEE Transactions on Dependable and Secure Computing 2025年

作者： Wang, Ding Shan, Xuan Wu, Yuxuan Jia, Chunfu Nankai University College of Cryptology and Cyber Science Tianjin300350 China Ministry of Education of China Henan Key Laboratory of Network Cryptography Key Laboratory of Cyberspace Security China Nankai University Tianjin Key Laboratory of Network and Data Security Technology Tianjin300350 China

Passwords are today's dominant form of authentication, and password guessing is the most effective method for evaluating password strength. Most password guessing models (e.g., PCFG, Markov, and RFGuess) regard passwords as sequences composed of basic units (i.e., characters/segments), with the information flow being unidirectional (i.e., predicting the next unit based on the preceding units). However, modeling passwords in a single direction fails to capture users' password creation behavior that is actually impacted by the full password context. Through an in-depth analysis of real-world passwords, we reveal that users often create passwords around a central keyword, like common words, names, or dates, and then embellish them with numbers or symbols. Based on this observation, we, for the first time, attempt to parse passwords as trees. Unlike existing sequence models, trees can reveal the semantic connections within passwords and the logical thought processes users follow when creating passwords. For instance, in the password iloveyou, the basic units i and you are semantically dependent on the predicate love, forming a natural tree structure. We propose a trawling guessing model called PassTree and a targeted guessing model based on personally identifiable information (PII), named PassTree-PII. Our extensive experiments demonstrate the effectiveness of our models: (1) PassTree outperforms its leading counterparts by 0.38%-2.51% when guessing numbers are below 107 (2) PassTree-PII achieves a cracking rate comparable to the state-of-the-art RFGuess-PII proposed in USENIX security'23, but operates significantly more efficiently, using only 0.87% of the memory and being 16.60 times faster. Our work provides a new perspective on understanding user passwords and demonstrates a feasible technical route of applying tree structures to password guessing. © 2025 IEEE.

关键词： Markov processes

来源：评论

学校读者我要写书评

暂无评论

Privacy-preserving Trajectory data Release Hierarchical Model 13

Privacy-preserving Trajectory Data Release Hierarchical Mode...

引用

13th International Conference on Communication and network security, ICCNS 2023

作者： Zhang, Qian Zhang, Xing Shi, Wei Key Laboratory of Security for Network and Data in Industrial Internet of Liaoning Province Liaoning University of Technology Jinzhou121000 China

ISBN: (纸本)9798400707964

The development of positioning technology and mobile intelligent devices has given rise to plentiful location-based services and generated much trajectory data. The publication and analysis of trajectory data bring convenience to users, but also carry the risk of sensitive information being exposed. Existing trajectory data publication models mostly only consider the processing of static trajectory data and do not effectively combine spatiotemporal properties, and the problem of dishonest third parties unconsciously collecting data from other parties also occurs from time to time. This paper proposes a new privacy-preserving trajectory data publication hierarchical model based on secure two-party computation. The user layer, the cloud layer, and the local server layer collaborate to complete the trajectory publishing process. Experimental statistics have proved that the proposed method has better privacy and data availability. © 2023 ACM.

关键词： Trajectories

来源：评论

学校读者我要写书评

暂无评论

Probabilistic Reliability via Subsystem Structures of Arrangement Graph networks

引用

IEEE Transactions on Reliability 2024年第1期73卷 279-289页

作者： Huang, Yanze Lin, Limei Xu, Li Hsieh, Sun-Yuan Fujian University of Technology Fujian Provincial Key Laboratory of Big Data Mining and Applications School of Computer Science and Mathematics Fuzhou350118 China Fujian Normal University College of Computer and Cyber Security Key Laboratory of Network Security and Cryptology Fuzhou350117 China National Cheng Kung University Department of Computer Science and Information Engineering Tainan701 Taiwan

With the rapid growth of the number of processors in a multiprocessor system, faulty processors occur in it with a probability that rises quickly. The probability of a subsystem with an appropriate size being fault-free in a definite time interval is a significant and practical measure of the reliability for a multiprocessor system, which characterizes the functionality of a multiprocessor system well. Motivated by the study of subgraph reliability, as well as the attractive structure and fault tolerance properties of (n, k)-arrangement graph A n, k, we focus on the subgraph reliability for A n, k under the probabilistic fault model in this article. First, we investigate intersections of no more than four subgraphs in A n, k, and classify all the intersecting modes. Second, we focus on the probability P(q, A n, k n-1, k-1) with which at least one (n-1, k-1)-subarrangement graph is fault-free in A n, k, when given a uniform probability q with which a single vertex is fault-free, and we establish the P(q, A n, kn-1, k-1) by adopting the principle of inclusion-exclusion under the probabilistic fault model. Finally, we study the probabilistic fault model involving a nonuniform probability with which a single vertex is fault-free, and we prove that the P(q, A n, kn-1, k-1) under both models is very close to the asymptotic value by both theoretical arguments and experimental results. © 1963-2012 IEEE.

关键词： Fault tolerance

来源：评论

学校读者我要写书评

暂无评论

MMH-FE:AMulti-Precision and Multi-Sourced Heterogeneous Privacy-Preserving Neural network Training Based on Functional Encryption

引用

Computers, Materials & Continua 2025年第3期82卷 5387-5405页

作者： Hao Li Kuan Shao Xin Wang Mufeng Wang Zhenyong Zhang The State Key Laboratory of Public Big Data College of Computer Science and TechnologyGuizhou UniversityGuiyang550025China Key Laboratory of Computing Power Network and Information Security Ministry of EducationShandong Computer Science CenterQilu University of Technology(Shandong Academy of Sciences)Jinan250014China China Industrial Control Systems Cyber Emergency Response Team Beijing100040China

Due to the development of cloud computing and machine learning,users can upload their data to the cloud for machine learning model ***,dishonest clouds may infer user data,resulting in user data *** schemes have achieved secure outsourced computing,but they suffer from low computational accuracy,difficult-to-handle heterogeneous distribution of data from multiple sources,and high computational cost,which result in extremely poor user experience and expensive cloud computing *** address the above problems,we propose amulti-precision,multi-sourced,andmulti-key outsourcing neural network training ***,we design a multi-precision functional encryption computation based on Euclidean ***,we design the outsourcing model training algorithm based on a multi-precision functional encryption with multi-sourced ***,we conduct experiments on three *** results indicate that our framework achieves an accuracy improvement of 6%to 30%.Additionally,it offers a memory space optimization of 1.0×2^(24) times compared to the previous best approach.

关键词： Functional encryption multi-sourced heterogeneous data privacy preservation neural networks

来源：评论

学校读者我要写书评

暂无评论

Achieving reliable and anti-collusive outsourcing computation and verification based on blockchain in 5G-enabled IoT

引用

Digital Communications and networks 2022年第5期8卷 644-653页

作者： Linjie Wang Youliang Tian Jinbo Xiong School of Data Science Tongren UniversityTongren554300China State Key Laboratory of Public Big Data College of Computer Science and Technology Guizhou UniversityGuiyang550025China Fujian Provincial Key Laboratory of Network Security and Cryptology College of Computer and Cyber SecurityFujian Normal UniversityFuzhou350117China

Widespread applications of 5G technology have prompted the outsourcing of computation dominated by the Internet of Things(IoT)cloud to improve transmission efficiency,which has created a novel paradigm for improving the speed of common connected objects in ***,although it makes it easier for ubiquitous resource-constrained equipment that outsources computing tasks to achieve high-speed transmission services,security concerns,such as a lack of reliability and collusion attacks,still exist in the outsourcing *** this paper,we propose a reliable,anti-collusion outsourcing computation and verification protocol,which uses distributed storage solutions in response to the issue of centralized storage,leverages homomorphic encryption to deal with outsourcing computation and ensures data ***,we embed outsourcing computation results and a novel polynomial factorization algorithm into the smart contract of Ethereum,which not only enables the verification of the outsourcing result without a trusted third party but also resists collusion *** results of the theoretical analysis and experimental performance evaluation demonstrate that the proposed protocol is secure,reliable,and more effective compared with state-of-the-art approaches.

关键词： Outsourcing computation Ethereum Smart contract Public verification Homomorphic encryption

来源：评论

学校读者我要写书评

暂无评论

Regularization Mixup Adversarial Training: A Defense Strategy for Membership Privacy with Model Availability Assurance 2

Regularization Mixup Adversarial Training: A Defense Strateg...

引用

2nd International Conference on Big data and Privacy Computing, BDPC 2024

作者： Ding, Zehua Tian, Youliang Wang, Guorong Xiong, Jinbo College of Computer Science and Technology Guizhou University State Key Laboratory of Public Big Data Guiyang China College of Computer and Cyber Security Fujian Normal University Fujian Provincial Key Laboratory of Network Security and Cryptology Fuzhou China

ISBN: (纸本)9798350307597

Neural network models face two highly destructive threats in real-world applications: membership inference attacks (MIAs) and adversarial attacks (AAs). One compromises the model's confidentiality, leading to membership privacy breaches, while the other disrupts the model's availability, rendering it dysfunctional. Recent work has shown that adversarial examples can pose dual threats to neural network models, both MIAs and AAs, so that these two different types of attacks have a certain degree of intersection. However, existing defense methods typically focus on defending against one of the two attacks and cannot simultaneously address both. To address the above issues, we propose a defense method called regularization mixup adversarial training (RMAT), aiming to protect model membership privacy while ensuring model availability. The core idea of RMAT is to use a continuous augmentation strategy during training to generate mixup adversarial examples, weakening attackers' understanding of membership data, and updating the model with a new membership-weighted loss strategy to improve its generalization ability for handling unknown samples. This approach can further protect the model's membership privacy and ensure model availability. Experimental results demonstrate that compared to single defense strategies, RMAT can simultaneously protect the model's membership privacy and availability. © 2024 IEEE.

关键词： Adversarial machine learning

来源：评论

学校读者我要写书评

暂无评论

Statistical Model on CRAFT

引用

Chinese Journal of Electronics 2022年第4期31卷 698-712页

作者： WANG Caibing GUO Hao YE Dingfeng WANG Ping State Key Laboratory of Information Security Institute of Information EngineeringChinese Academy of Sciences School of Cyber Security University of Chinese Academy of Sciences Tianjin Aerospace Zhongwei Data System Technology Co. Ltd.

Many cryptanalytic techniques for symmetric-key primitives rely on specific statistical analysis to extract some secrete key information from a large number of known or chosen plaintext-ciphertext pairs. For example, there is a standard statistical model for differential cryptanalysis that determines the success probability and complexity of the attack given some predefined configurations of the attack. In this work, we investigate the differential attack proposed by Guo et al. at Fast Software Encryption Conference 2020 and find that in this attack, the statistical behavior of the counters for key candidates deviate from standard scenarios, where both the correct key and the correct key xor specific difference are expected to receive the largest number of votes. Based on this bimodal behavior, we give three different statistical models for truncated differential distinguisher on CRAFT(a cryptographic algorithm name) for bimodal phenomena. Then, we provide the formulas about the success probability and data complexity for different models under the condition of a fixed threshold value. Also, we verify the validity of our models for bimodal phenomena by experiments on round-reduced of the versions distinguishers on CRAFT. We find that the success probability of theory and experiment are close when we fix the data complexity and threshold value. Finally, we compare the three models using the mathematical tool Matlab and conclude that Model 3 has better performance.

关键词： Differential cryptanalysis Statistical models Success probability data complexity Bimodal behavior CRAFT Differential fault analysis (DFA) attacks

来源：评论

学校读者我要写书评

暂无评论

POINTERGUESS: targeted password guessing model using pointer mechanism 24

POINTERGUESS: targeted password guessing model using pointer...

引用

Proceedings of the 33rd USENIX Conference on security Symposium

作者： Kedong Xiu Ding Wang College of Cyber Science Nankai University Tianjin China and Key Laboratory of Data and Intelligent System Security (NKU) Ministry of Education Tianjin China and Tianjin Key Laboratory of Network and Data Security Technology Nankai University Tianjin China

ISBN: (纸本)9781939133441

Most existing targeted password guessing models view users' reuse behaviors as sequences of edit operations (e.g., insert and delete) performed on old passwords. These atomic edit operations are limited to modifying one character at a time and cannot fully cover users' complex password modification behaviors (e.g., modifying the password structure). This partially leads to a significant gap between the proportion of users' reused passwords and the success rates that existing targeted password models can achieve. To fill this gap, this paper models users' reuse behaviors by focusing on two key components: (1) What they want to copy/keep; (2) What they want to tweak. More specifically, we introduce the pointer mechanism and propose a new targeted guessing model, namely POINTERGUESS. By hierarchically redefining password reuse from both personal and population-wide perspectives, we can accurately and comprehensively characterize users' password reuse behaviors. Moreover, we propose MS-POINTERGUESS, which can employ the victim's multiple leaked *** employing 13 large-scale real-world password datasets, we demonstrate that POINTERGUESS is effective: (1) When the victim's password at site A (namely pwA) is known, within 100 guesses, the average success rate of POINTERGUESS in guessing her password at site B (namely pwB, pwA ≠ pwB) is 25.21% (for common users) and 12.34% (for security-savvy users), respectively, which is 21.23%~71.54% (38.37% on average) higher than its foremost counterparts; (2) When not excluding identical password pairs (i.e., pwA can equal pwB), within 100 guesses, the average success rate of POINTERGUESS is 48.30% (for common users) and 28.42% (for security-savvy users), respectively, which is 6.31%~15.92% higher than its foremost counterparts; (3) Within 100 guesses, the MS-POINTERGUESS further improves the cracking success rate by 31.21% compared to POINTERGUESS.

关键词：

来源：评论

学校读者我要写书评

暂无评论

Three-level Compact Caching for Search Engines Based on Solid State Drives 23

Three-level Compact Caching for Search Engines Based on Soli...

引用

23rd IEEE International Conference on High Performance Computing and Communications, 7th IEEE International Conference on data Science and Systems, 19th IEEE International Conference on Smart City and 7th IEEE International Conference on Dependability in Sensor, Cloud and Big data Systems and Applications, HPCC-DSS-SmartCity-DependSys 2021

作者： Zhang, Rui Sun, Pengyu Tong, Jiancong Zang, Ruirui Qian, Heng Pan, Yu Stones, Rebecca J. Wang, Gang Liu, Xiaoguang Li, Yusen College of Computer Science Nankai University Tianjin China Tianjin Key Laboratory of Network and Data Security Technology Tianjin China Baidu Inc Beijing China

ISBN: (纸本)9781665494571

The query processing in search engines can be classified into either disk I/O operations and CPU computation operations. Conventional search engine caching methods mostly aimed at reducing disk I/O operations. However, with the new trend of using solid state drives (SSDs) instead of hard disk drives for search engine storage, the bottleneck of query processing shifts from disk I/O to computation. In this paper, we design a three-level compact caching structure suited to SSD-based search engines, incorporating caches for (a) doculets, partial documents which contain previously encountered snippets, (b) fragments, compact data structures containing snippet metadata, and (c) ranked docID lists, which index the top-k documents relevant to a query. This three-level compact caching method aims at reducing the bottleneck of repetitive CPU computation operations. Moreover, by considering different levels of caches as a whole system, the proposed three-level compact caching eliminates the redundancy among cache items. This increases the efficiency of cache space utilization. Experimental results indicate an improvement in query response latency by a factor of around 2.6 when using static caching and 1.3 under dynamic caching. © 2021 IEEE.

关键词： Costs Solid state drives Smart cities Query processing Redundancy Search engines Metadata

来源：评论

学校读者我要写书评

暂无评论

DBKEM-AACS: a distributed key escrow model in blockchain with anonymous authentication and committee selection

引用

Science China(Information Sciences) 2023年第3期66卷 289-290页

作者： Axin XIANG Hongfeng GAO Youliang TIAN Liang WAN College of Computer Science and Technology Guizhou University Institute of Cryptography and Data Security Guizhou University Network and Information Management Center Guizhou University State Key Laboratory of Public Big Data Guizhou University Institute of Computer Software and Theory Guizhou University

Dear editor, key security is of great practical significance and demand to guarantee the security of digital assets in the blockchain system. At present, users prefer to escrow their assets on centralized institutions, but this phenomenon has gone against the unique characteristics of decentralization and anonymity in the blockchain. Among them, the suspense incidents of assets lock or lost are enough to prove that the security of escrowed keys on the exchanges is questionable.

关键词：

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：