Biblio

Filters: Author is Wang, Zhongjie  [Clear All Filters]
2020-05-11
Peng, Wang, Kong, Xiangwei, Peng, Guojin, Li, Xiaoya, Wang, Zhongjie.  2019.  Network Intrusion Detection Based on Deep Learning. 2019 International Conference on Communications, Information System and Computer Engineering (CISCE). :431–435.
With the continuous development of computer network technology, security problems in the network are emerging one after another, and it is becoming more and more difficult to ignore. For the current network administrators, how to successfully prevent malicious network hackers from invading, so that network systems and computers are at Safe and normal operation is an urgent task. This paper proposes a network intrusion detection method based on deep learning. This method uses deep confidence neural network to extract features of network monitoring data, and uses BP neural network as top level classifier to classify intrusion types. The method was validated using the KDD CUP'99 dataset from the Lincoln Laboratory of the Massachusetts Institute of Technology. The results show that the proposed method has a significant improvement over the traditional machine learning accuracy.
2018-03-19
Quach, Alan, Wang, Zhongjie, Qian, Zhiyun.  2017.  Investigation of the 2016 Linux TCP Stack Vulnerability at Scale. Proceedings of the 2017 ACM SIGMETRICS / International Conference on Measurement and Modeling of Computer Systems. :8–8.

To combat blind in-window attacks against TCP, changes proposed in RFC 5961 have been implemented by Linux since late 2012. While successfully eliminating the old vulnerabilities, the new TCP implementation was reported in August 2016 to have introduced a subtle yet serious security flaw. Assigned CVE-2016-5696, the flaw exploits the challenge ACK rate limiting feature that could allow an off-path attacker to infer the presence/absence of a TCP connection between two arbitrary hosts, terminate such a connection, and even inject malicious payload. In this work, we perform a comprehensive measurement of the impact of the new vulnerability. This includes (1) tracking the vulnerable Internet servers, (2) monitoring the patch behavior over time, (3) picturing the overall security status of TCP stacks at scale. Towards this goal, we design a scalable measurement methodology to scan the Alexa top 1 million websites for almost 6 months. We also present how notifications impact the patching behavior, and compare the result with the Heartbleed and the Debian PRNG vulnerability. The measurement represents a valuable data point in understanding how Internet servers react to serious security flaws in the operating system kernel.