Visible to the public Biblio

Filters: Author is Zhang, Zhiwei  [Clear All Filters]
2019-05-01
Fang, Aidong, Zhang, Zhiwei.  2018.  Research on Parallel Dynamic Encryption Transmission Algorithm on VoIP. Proceedings of the 2018 International Conference on Information Science and System. :204–206.
Aiming to the current lack of VoIP voice encryption, a dynamic encryption method on grouping voice encryption and parallel encrypted is proposed in this paper. Though dynamic selection of encryption algorithms and dynamic distribution of key to increase the complexity of the encryption, at the same time reduce the time complexity of asymmetric encryption algorithm by using parallel encryption to ensure the real-time of the voice and improve call security.
2017-08-18
Pei, Kexin, Gu, Zhongshu, Saltaformaggio, Brendan, Ma, Shiqing, Wang, Fei, Zhang, Zhiwei, Si, Luo, Zhang, Xiangyu, Xu, Dongyan.  2016.  HERCULE: Attack Story Reconstruction via Community Discovery on Correlated Log Graph. Proceedings of the 32Nd Annual Conference on Computer Security Applications. :583–595.

Advanced cyber attacks consist of multiple stages aimed at being stealthy and elusive. Such attack patterns leave their footprints spatio-temporally dispersed across many different logs in victim machines. However, existing log-mining intrusion analysis systems typically target only a single type of log to discover evidence of an attack and therefore fail to exploit fundamental inter-log connections. The output of such single-log analysis can hardly reveal the complete attack story for complex, multi-stage attacks. Additionally, some existing approaches require heavyweight system instrumentation, which makes them impractical to deploy in real production environments. To address these problems, we present HERCULE, an automated multi-stage log-based intrusion analysis system. Inspired by graph analytics research in social network analysis, we model multi-stage intrusion analysis as a community discovery problem. HERCULE builds multi-dimensional weighted graphs by correlating log entries across multiple lightweight logs that are readily available on commodity systems. From these, HERCULE discovers any "attack communities" embedded within the graphs. Our evaluation with 15 well known APT attack families demonstrates that HERCULE can reconstruct attack behaviors from a spectrum of cyber attacks that involve multiple stages with high accuracy and low false positive rates.