Visible to the public Biblio

Filters: Author is Chen, Yue  [Clear All Filters]
2020-01-21
Zhang, Jiange, Chen, Yue, Yang, Kuiwu, Zhao, Jian, Yan, Xincheng.  2019.  Insider Threat Detection Based on Adaptive Optimization DBN by Grid Search. 2019 IEEE International Conference on Intelligence and Security Informatics (ISI). :173–175.

Aiming at the problem that one-dimensional parameter optimization in insider threat detection using deep learning will lead to unsatisfactory overall performance of the model, an insider threat detection method based on adaptive optimization DBN by grid search is designed. This method adaptively optimizes the learning rate and the network structure which form the two-dimensional grid, and adaptively selects a set of optimization parameters for threat detection, which optimizes the overall performance of the deep learning model. The experimental results show that the method has good adaptability. The learning rate of the deep belief net is optimized to 0.6, the network structure is optimized to 6 layers, and the threat detection rate is increased to 98.794%. The training efficiency and the threat detection rate of the deep belief net are improved.

2018-12-10
Chen, Yue, Khandaker, Mustakimur, Wang, Zhi.  2017.  Pinpointing Vulnerabilities. Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. :334–345.
Memory-based vulnerabilities are a major source of attack vectors. They allow attackers to gain unauthorized access to computers and their data. Previous research has made significant progress in detecting attacks. However, developers still need to locate and fix these vulnerabilities, a mostly manual and time-consuming process. They face a number of challenges. Particularly, the manifestation of an attack does not always coincide with the exploited vulnerabilities, and many attacks are hard to reproduce in the lab environment, leaving developers with limited information to locate them. In this paper, we propose Ravel, an architectural approach to pinpoint vulnerabilities from attacks. Ravel consists of an online attack detector and an offline vulnerability locator linked by a record & replay mechanism. Specifically, Ravel records the execution of a production system and simultaneously monitors it for attacks. If an attack is detected, the execution is replayed to reveal the targeted vulnerabilities by analyzing the program's memory access patterns under attack. We have built a prototype of Ravel based on the open-source FreeBSD operating system. The evaluation results in security and performance demonstrate that Ravel can effectively pinpoint various types of memory vulnerabilities and has low performance overhead.