Biblio

Filters: Author is Huang, He  [Clear All Filters]
2023-05-11
Zhu, Lei, Huang, He, Gao, Song, Han, Jun, Cai, Chao.  2022.  False Data Injection Attack Detection Method Based on Residual Distribution of State Estimation. 2022 12th International Conference on CYBER Technology in Automation, Control, and Intelligent Systems (CYBER). :724–728.
While acquiring precise and intelligent state sensing and control capabilities, the cyber physical power system is constantly exposed to the potential cyber-attack threat. False data injection (FDI) attack attempts to disrupt the normal operation of the power system through the coupling of cyber side and physical side. To deal with the situation that stealthy FDI attack can bypass the bad data detection and thus trigger false commands, a system feature extraction method in state estimation is proposed, and the corresponding FDI attack detection method is presented. Based on the principles of state estimation and stealthy FDI attack, we analyze the impacts of FDI attack on measurement residual. Gaussian fitting method is used to extract the characteristic parameters of residual distribution as the system feature, and attack detection is implemented in a sliding time window by comparison. Simulation results prove that the proposed attack detection method is effectiveness and efficiency.
ISSN: 2642-6633
2018-01-23
Huang, He, Youssef, Amr M., Debbabi, Mourad.  2017.  BinSequence: Fast, Accurate and Scalable Binary Code Reuse Detection. Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. :155–166.

Code reuse detection is a key technique in reverse engineering. However, existing source code similarity comparison techniques are not applicable to binary code. Moreover, compilers have made this problem even more difficult due to the fact that different assembly code and control flow structures can be generated by the compilers even when implementing the same functionality. To address this problem, we present a fuzzy matching approach to compare two functions. We first obtain an initial mapping between basic blocks by leveraging the concept of longest common subsequence on the basic block level and execution path level. We then extend the achieved mapping using neighborhood exploration. To make our approach applicable to large data sets, we designed an effective filtering process using Minhashing. Based on the proposed approach, we implemented a tool named BinSequence and conducted extensive experiments with it. Our results show that given a large assembly code repository with millions of functions, BinSequence is efficient and can attain high quality similarity ranking of assembly functions with an accuracy of above 90%. We also present several practical use cases including patch analysis, malware analysis and bug search.