Biblio

Specific emitter identification (SEI) is a physical-layer-based approach for enhancing wireless communication network security. A well-done SEI method can be widely applied in identifying the individual wireless communication device. In this paper, we propose a novel specific emitter identification method based on variational mode decomposition and histogram of oriented gradient (VMD-HOG). The signal is decomposed into specific temporal modes via VMD and HOG features are obtained from the time-frequency spectrum of temporal modes. The performance of the proposed method is evaluated both in single hop and relaying scenarios and under three channels with the number of emitters varying. Results depict that our proposed method provides great identification performance for both simulated signals and realistic data of Zigbee devices and outperforms the two existing methods in identification accuracy and computational complexity.

Optical time domain reflectometry (OTDR) plays an important role in optical fiber communications. To improve the performance of OTDR, we propose a method based on the Variational Mode Decomposition (VMD) and Hilbert transform (HT) for fiber events detection. Firstly, the variational mode decomposition is applied to decompose OTDR data into some intrinsic mode functions (imfs). To determine the decomposition mode number in VMD, an adaptive estimation method is introduced. Secondly, the Hilbert transform is utilized to obtain the instantaneous amplitude of the imf for events localization. Finally, the Dynamic Time Warping (DTW) is used for identifying the type of event. Experimental results show that the proposed method can locate events accurately. Compared with the Short-Time Fourier Transform (STFT) method, the VMD-HT method presents a higher accuracy in events localization, which indicates that the method is effective and applicable.

Electromagnetic (EM) radiation is an inherent phenomenon in the operation of electronic information equipment. The side-channel attack, malicious hardware and software implantation attack by using the EM radiation are implemented to steal information. This form of attacks can be used in air-gap information equipment, which bring great danger for information security. The malicious implantation hidden in circuits are difficult to detect. How to detect the implantation is a challenging problem. In this paper, a malicious hardware implantation is analyzed. A method that leverages EM signals for Trojan-embedded computer video cable detection is proposed. The method neither needs activating the Trojan nor requires near-field probe approaching at close. It utilizes recognizable patterns in the spectrum of EM to predict potential risks. This paper focuses on the extraction of feature vectors via the empirical mode decomposition (EMD) algorithm. Intrinsic mode functions (IMFs) are analyzed and selected to be eigenvectors. Using a common classification technique, we can achieve both effective and reliable detection results.

Nowadays, machine learning is a popular method for DDoS detection. However, machine learning algorithms are very vulnerable under the attacks of adversarial samples. Up to now, multiple methods of generating adversarial samples have been proposed. However, they cannot be applied to LSTM-based DDoS detection directly because of the discrete property and the utility requirement of its input samples. In this paper, we propose two methods to generate DDoS adversarial samples, named Genetic Attack (GA) and Probability Weighted Packet Saliency Attack (PWPSA) respectively. Both methods modify original input sample by inserting or replacing partial packets. In GA, we evolve a set of modified samples with genetic algorithm and find the evasive variant from it. In PWPSA, we modify original sample iteratively and use the position saliency as well as the packet score to determine insertion or replacement order at each step. Experimental results on CICIDS2017 dataset show that both methods can bypass DDoS detectors with high success rate.

Hardware design, especially the very large scale integration(VLSI) and systems on chip design(SOC), utilizes many codes from third-party intellectual property (IP) providers and former designers. Hardware Trojans (HTs) are easily inserted in this process. Recently researchers have proposed many HTs detection techniques targeting the design codes. State-of-art detections are based on the testability including Controllability and Observability, which are effective to all HTs from TrustHub, and advanced HTs like DeTrust. Meanwhile, testability based detections have advantages in the timing complexity and can be easily integrated into recently industrial verification. Undoubtedly, the adversaries will upgrade their designs accordingly to evade these detection techniques. Designing a variety of complex trojans is a significant way to perfect the existing detection, therefore, we present a novel design of HTs to defeat the testability based detection methods, namely DeTest. Our approach is simple and straight forward, yet it proves to be effective at adding some logic. Without changing HTs malicious function, DeTest decreases controllability and observability values to about 10% of the original, which invalidates distinguishers like clustering and support vector machines (SVM). As shown in our practical attack results, adversaries can easily use DeTest to upgrade their HTs to evade testability based detections. Combined with advanced HTs design techniques like DeTrust, DeTest can evade previous detecions, like UCI, VeriTrust and FANCI. We further discuss how to extend existing solutions to reduce the threat posed by DeTest.

Android malware family classification is an advanced task in Android malware analysis, detection and forensics. Existing methods and models have achieved a certain success for Android malware detection, but the accuracy and the efficiency are still not up to the expectation, especially in the context of multiple class classification with imbalanced training data. To address those challenges, we propose an Android malware family classification model by analyzing the code's specific semantic information based on sensitive opcode sequence. In this work, we construct a sensitive semantic feature-sensitive opcode sequence using opcodes, sensitive APIs, STRs and actions, and propose to analyze the code's specific semantic information, generate a semantic related vector for Android malware family classification based on this feature. Besides, aiming at the families with minority, we adopt an oversampling technique based on the sensitive opcode sequence. Finally, we evaluate our method on Drebin dataset, and select the top 40 malware families for experiments. The experimental results show that the Total Accuracy and Average AUC (Area Under Curve, AUC) reach 99.50% and 98.86% with 45. 17s per Android malware, and even if the number of malware families increases, these results remain good.

Anomaly detection generally involves the extraction of features from entities' or users' properties, and the design of anomaly detection models using machine learning or deep learning algorithms. However, only considering entities' property information could lead to high false positives. We posit the importance of also considering connections or relationships between entities in the detecting of anomalous behaviors and associated threat groups. Therefore, in this paper, we design a GCN (graph convolutional networks) based anomaly detection model to detect anomalous behaviors of users and malicious threat groups. The GCN model could characterize entities' properties and structural information between them into graphs. This allows the GCN based anomaly detection model to detect both anomalous behaviors of individuals and associated anomalous groups. We then evaluate the proposed model using a real-world insider threat data set. The results show that the proposed model outperforms several state-of-art baseline methods (i.e., random forest, logistic regression, SVM, and CNN). Moreover, the proposed model can also be applied to other anomaly detection applications.

With the development of wireless networks, the security of wireless systems is becoming more and more important. In this paper, a novel double layers constellations is proposed to protect the polarization modulation information from being acquired by the eavesdropper. Based on the double layers constellations, a constellations' optimization algorithm for achieving high power-efficiency is proposed. Based on this algorithm, 4,8,16-order double-layer constellations are designed. We use Monte Carlo simulation to test the security performance and symbol error rate performance of this constellations. The results show that the double layers constellations can effectively ensure communication security and the SER performance has superiority over the classic symmetrical constellations.

Virtual machine live migration technology, as an important support for cloud computing, has become a central issue in recent years. The virtual machines' runtime environment is migrated from the original physical server to another physical server, maintaining the virtual machines running at the same time. Therefore, it can make load balancing among servers and ensure the quality of service. However, virtual machine migration security issue cannot be ignored due to the immature development of it. This paper we analyze the security threats of the virtual machine migration, and compare the current proposed protection measures. While, these methods either rely on hardware, or lack adequate security and expansibility. In the end, we propose a security model of live virtual machine migration based on security policy transfer and encryption, named as SPLM (Security Protection of Live Migration) and analyze its security and reliability, which proves that SPLM is better than others. This paper can be useful for the researchers to work on this field. The security study of live virtual machine migration in this paper provides a certain reference for the research of virtualization security, and is of great significance.