Biblio

The 5G technology brings the substantial improvement on the quality of services (QoS), such as higher throughput, lower latency, more stable signal and more ultra-reliable data transmission, triggering a revolution for the wireless mobile network. But in a general traffic channel in the 5G-based wireless mobile network, an attacker can detect a message transmitted over a channel, or even worse, forge or tamper with the message. Building a secure channel over the two parties is a feasible solution to this uttermost data transmission security challenge in 5G-based wireless mobile network. However, how to authentication the identities of the both parties before establishing the secure channel to fully ensure the data confidentiality and integrity during the data transmission has still been a open issue. To establish a fully secure channel, in this paper, we propose a strongly secure pairing-free certificateless authenticated key agreement (PF-CL-AKA) protocol with two-way identity-based authentication before extracting the secure session key. Our protocol is provably secure in the Lippold model, which means our protocol is still secure as long as each party of the channel has at least one uncompromised partial private term. Finally, By the theoretical analysis and simulation experiments, we can observe that our scheme is practical for the real-world applications in the 5G-based wireless mobile network.

Concurrency programs often induce buggy results due to the unexpected interaction among threads. The detection of these concurrency bugs costs a lot because they usually appear under a specific execution trace. How to virtually explore different thread schedules to detect concurrency bugs efficiently is an important research topic. Many techniques have been proposed, including lightweight techniques like adaptive randomized scheduling (ARS) and heavyweight techniques like maximal causality reduction (MCR). Compared to heavyweight techniques, ARS is efficient in exploring different schedulings and achieves state-of-the-art performance. However, it will lead to explore large numbers of redundant thread schedulings, which will reduce the efficiency. Moreover, it suffers from the “cold start” issue, when little information is available to guide the distance calculation at the beginning of the exploration. In this work, we propose a Heuristic-Enhanced Adaptive Randomized Scheduling (HARS) algorithm, which improves ARS to detect concurrency bugs guided with novel distance metrics and heuristics obtained from existing research findings. Compared with the adaptive randomized scheduling method, it can more effectively distinguish the traces that may contain concurrency bugs and avoid redundant schedules, thus exploring diverse thread schedules effectively. We conduct an evaluation on 45 concurrency Java programs. The evaluation results show that our algorithm performs more stably in terms of effectiveness and efficiency in detecting concurrency bugs. Notably, HARS detects hard-to-expose bugs more effectively, where the buggy traces are rare or the bug triggering conditions are tricky.

Ahstract-Vulnerability detection is an important topic of software engineering. To improve the effectiveness and efficiency of vulnerability detection, many traditional machine learning-based and deep learning-based vulnerability detection methods have been proposed. However, the impact of different factors on vulnerability detection is unknown. For example, classification models and vectorization methods can directly affect the detection results and code replacement can affect the features of vulnerability detection. We conduct a comparative study to evaluate the impact of different classification algorithms, vectorization methods and user-defined variables and functions name replacement. In this paper, we collected three different vulnerability code datasets. These datasets correspond to different types of vulnerabilities and have different proportions of source code. Besides, we extract and analyze the features of vulnerability code datasets to explain some experimental results. Our findings from the experimental results can be summarized as follows: (i) the performance of using deep learning is better than using traditional machine learning and BLSTM can achieve the best performance. (ii) CountVectorizer can improve the performance of traditional machine learning. (iii) Different vulnerability types and different code sources will generate different features. We use the Random Forest algorithm to generate the features of vulnerability code datasets. These generated features include system-related functions, syntax keywords, and user-defined names. (iv) Datasets without user-defined variables and functions name replacement will achieve better vulnerability detection results.

With the rapid development of networks, cyberspace security is facing increasingly severe challenges. Traditional alert aggregation process and alert correlation analysis process are susceptible to a large amount of redundancy and false alerts. To tackle the challenge, this paper proposes a network security situational awareness model KG-NSSA (Knowledge-Graph-based NSSA) based on knowledge graphs. This model provides an asset-based network security knowledge graph construction scheme. Based on the network security knowledge graph, a solution is provided for the classic problem in the field of network security situational awareness - network attack scenario discovery. The asset-based network security knowledge graph combines the asset information of the monitored network and fully considers the monitoring of network traffic. The attack scenario discovery according to the KG-NSSA model is to complete attack discovery and attack association through attribute graph mining and similarity calculation, which can effectively reflect specific network attack behaviors and mining attack scenarios. The effectiveness of the proposed method is verified on the MIT DARPA2000 data set. Our work provides a new approach for network security situational awareness.

With the advent of fifth generation (5G) network and increasingly powerful mobile devices, people can conveniently obtain network resources wherever they are and whenever they want. However, the problem of mobility support in current network has not been adequately solved yet, especially in inter-domain mobile scenario, which leads to poor experience for mobile consumers. MobilityFirst is a clean slate future Internet architecture which adopts a clean separation between identity and network location. It provides new mechanisms to address the challenge of wireless access and mobility at scale. However, MobilityFirst lacks effective ways to deal with multicast service over mobile networks. In this paper, we design an efficient multicast mechanism based on MobilityFirst architecture and present the deployment in current network at scale. Furthermore, we propose a hierarchical multicast packet header with additional destinations to achieve low-cost dynamic multicast routing and provide solutions for both the multicast source and the multicast group members moving in intra- or inter-domain. Finally, we deploy a multicast prototype system to evaluate the performance of the proposed multicast mechanism.