Biblio

While backtracking analysis has been successful in assisting the investigation of complex security attacks, it faces a critical dependency explosion problem. To address this problem, security analysts currently need to tune backtracking analysis manually with different case-specific heuristics. However, existing systems fail to fulfill two important system requirements to achieve effective backtracking analysis. First, there need flexible abstractions to express various types of heuristics. Second, the system needs to be responsive in providing updates so that the progress of backtracking analysis can be frequently inspected, which typically involves multiple rounds of manual tuning. In this paper, we propose a novel system, APTrace, to meet both of the above requirements. As we demonstrate in the evaluation, security analysts can effectively express heuristics to reduce more than 99.5% of irrelevant events in the backtracking analysis of real-world attack cases. To improve the responsiveness of backtracking analysis, we present a novel execution-window partitioning algorithm that significantly reduces the waiting time between two consecutive updates (especially, 57 times reduction for the top 1% waiting time).

Cross-site scripting (XSS) is one of the main threats of Web applications, which has great harm. How to effectively detect and defend against XSS attacks has become more and more important. Due to the malicious obfuscation of attack codes and the gradual increase in number, the traditional XSS detection methods have some defects such as poor recognition of malicious attack codes, inadequate feature extraction and low efficiency. Therefore, we present a novel approach to detect XSS attacks based on the attention mechanism of Long Short-Term Memory (LSTM) recurrent neural network. First of all, the data need to be preprocessed, we used decoding technology to restore the XSS codes to the unencoded state for improving the readability of the code, then we used word2vec to extract XSS payload features and map them to feature vectors. And then, we improved the LSTM model by adding attention mechanism, the LSTM-Attention detection model was designed to train and test the data. We used the ability of LSTM model to extract context-related features for deep learning, the added attention mechanism made the model extract more effective features. Finally, we used the classifier to classify the abstract features. Experimental results show that the proposed XSS detection model based on LSTM-Attention achieves a precision rate of 99.3% and a recall rate of 98.2% in the actually collected dataset. Compared with traditional machine learning methods and other deep learning methods, this method can more effectively identify XSS attacks.

Nowadays, the rapid development of the Internet of Things facilitates human life and work, while it also brings great security risks to the society due to the frequent occurrence of various security issues. IoT device has the characteristics of large-scale deployment and single responsibility application, which makes it easy to cause a chain reaction and results in widespread privacy leakage and system security problems when the software vulnerability is identified. It is difficult to guarantee that there is no security hole in the IoT operating system which is usually designed for MCU and has no kernel mode. An alternative solution is to identify the security issues in the first time when the system is hijacked and suspend the suspicious task before it causes irreparable damage. This paper proposes KLRA (A Kernel Level Resource Auditing Tool) for IoT Operating System Security This tool collects the resource-sensitive events in the kernel and audit the the resource consumption pattern of the system at the same time. KLRA can take fine-grained events measure with low cost and report the relevant security warning in the first time when the behavior of the system is abnormal compared with daily operations for the real responsibility of this device. KLRA enables the IoT operating system for MCU to generate the security early warning and thereby provides a self-adaptive heuristic security mechanism for the entire IoT system.

In this paper, security of secret key extraction scheme is evaluated for private communication between legitimate wireless devices. Multiple adversaries that distribute around these legitimate wireless devices eavesdrop on the data transmitted between them, and deduce the secret key. Conditional min-entropy given the view of those adversaries is utilized as security evaluation metric in this paper. Besides, the wiretap channel model and hidden Markov model (HMM) are regarded as the channel model and a dynamic programming approach is used to approximate conditional min- entropy. Two algorithms are proposed to mathematically calculate the conditional min- entropy by combining the Viterbi algorithm with the Forward algorithm. Optimal method with multiple adversaries (OME) algorithm is proposed firstly, which has superior performance but exponential computation complexity. To reduce this complexity, suboptimal method with multiple adversaries (SOME) algorithm is proposed, using performance degradation for the computation complexity reduction. In addition to the theoretical analysis, simulation results further show that the OME algorithm indeed has superior performance as well as the SOME algorithm has more efficient computation.

In this paper, we address the problem of demand response of electrical vehicles (EVs) during microgrid outages in the smart grid through the application of Vehicle-to-Grid (V2G) technology. Particularly, we present a novel privacy-preserving double auction scheme. In our auction market, the MicroGrid Center Controller (MGCC) acts as the auctioneer, solving the social welfare maximization problem of matching buyers to sellers, and the cloud is used as a broker between bidders and the auctioneer, protecting privacy through homomorphic encryption. Theoretical analysis is conducted to validate our auction scheme in satisfying the intended economic and privacy properties (e.g., strategy-proofness and k-anonymity). We also evaluate the performance of the proposed scheme to confirm its practical effectiveness.

Data assurance and resilience are crucial security issues in cloud-based IoT applications. With the widespread adoption of drones in IoT scenarios such as warfare, agriculture and delivery, effective solutions to protect data integrity and communications between drones and the control system have been in urgent demand to prevent potential vulnerabilities that may cause heavy losses. To secure drone communication during data collection and transmission, as well as preserve the integrity of collected data, we propose a distributed solution by utilizing blockchain technology along with the traditional cloud server. Instead of registering the drone itself to the blockchain, we anchor the hashed data records collected from drones to the blockchain network and generate a blockchain receipt for each data record stored in the cloud, reducing the burden of moving drones with the limit of battery and process capability while gaining enhanced security guarantee of the data. This paper presents the idea of securing drone data collection and communication in combination with a public blockchain for provisioning data integrity and cloud auditing. The evaluation shows that our system is a reliable and distributed system for drone data assurance and resilience with acceptable overhead and scalability for a large number of drones.

Fuzzy c-means algorithm is used to identity clusters of similar objects within a data set, while it is not directly applied to incomplete data. In this paper, we proposed a novel fuzzy c-means algorithm based on missing attribute interval size for the clustering of incomplete data. In the new algorithm, incomplete data set was transformed to interval data set according to the nearest neighbor rule. The missing attribute value was replaced by the corresponding interval median and the interval size was set as the additional property for the incomplete data to control the effect of interval size in clustering. Experiments on standard UCI data set show that our approach outperforms other clustering methods for incomplete data.