Visible to the public Biblio

Found 15086 results

Filters: Keyword is pubcrawl  [Clear All Filters]
2023-09-08
Hamdaoui, Ikram, Fissaoui, Mohamed El, Makkaoui, Khalid El, Allali, Zakaria El.  2022.  An intelligent traffic monitoring approach based on Hadoop ecosystem. 2022 5th International Conference on Networking, Information Systems and Security: Envisage Intelligent Systems in 5g//6G-based Interconnected Digital Worlds (NISS). :1–6.
Nowadays, smart cities (SCs) use technologies and different types of data collected to improve the lifestyles of their citizens. Indeed, connected smart vehicles are technologies used for an SC’s intelligent traffic monitoring systems (ITMSs). However, most proposed monitoring approaches do not consider realtime monitoring. This paper presents real-time data processing for an intelligent traffic monitoring dashboard using the Hadoop ecosystem dashboard components. Many data are available due to our proposed monitoring approach, such as the total number of vehicles on different routes and data on trucks within a radius (10KM) of a specific point given. Based on our generated data, we can make real-time decisions to improve circulation and optimize traffic flow.
Deng, Wei, Liu, Wei, Liu, Xinlin, Zhang, Jian.  2022.  Security Classification of Mobile Intelligent Terminal Based on Multi-source Data Fusion. 2022 4th International Conference on Frontiers Technology of Information and Computer (ICFTIC). :427–430.
The application of mobile intelligent terminal in the environment is very complex, and its own computing capacity is also very limited, so it is vulnerable to malicious attacks. The security classification of mobile intelligent terminals can effectively ensure the security of their use. Therefore, a security classification method for mobile intelligent terminals based on multi-source data fusion is proposed. The Boolean value is used to count the multi-source data of the mobile intelligent terminal, and the word frequency method is used to calculate the weight of the multi-source data of the mobile intelligent terminal. The D-S evidence theory is used to complete the multi-source data fusion of the mobile intelligent terminal and implement the multi-source data fusion processing of the mobile intelligent terminal. On this basis, the security level permission value of mobile intelligent terminal is calculated to achieve the security level division of mobile intelligent terminal based on multi-source data fusion. The experimental results show that the accuracy of mobile intelligent terminal security classification is higher than 96% and the classification time is less than 3.8 ms after the application of the proposed method. Therefore, the security level of mobile intelligent terminals after the application of this method is high, and the security performance of mobile intelligent terminals is strong, which can effectively improve the accuracy of security classification and shorten the time of security classification.
Yadav, Ranjeet, Ritambhara, Vaigandla, Karthik Kumar, Ghantasala, G S Pradeep, Singh, Rajesh, Gangodkar, Durgaprasad.  2022.  The Block Chain Technology to protect Data Access using Intelligent Contracts Mechanism Security Framework for 5G Networks. 2022 5th International Conference on Contemporary Computing and Informatics (IC3I). :108–112.
The introduction of the study primarily emphasises the significance of utilising block chain technologies with the possibility of privacy and security benefits from the 5G Network. One may state that the study’s primary focus is on all the advantages of adopting block chain technology to safeguard everyone’s access to crucial data by utilizing intelligent contracts to enhance the 5G network security model on information security operations.Our literature evaluation for the study focuses primarily on the advantages advantages of utilizing block chain technology advance data security and privacy, as well as their development and growth. The whole study paper has covered both the benefits and drawbacks of employing the block chain technology. The literature study part of this research article has, on the contrary hand, also studied several approaches and tactics for using the blockchain technology facilities. To fully understand the circumstances in this specific case, a poll was undertaken. It was possible for the researchers to get some real-world data in this specific situation by conducting a survey with 51 randomly selected participants.
2023-09-07
Cheng, Cheng, Liu, Zixiang, Zhao, Feng, Wang, Xiang, Wu, Feng.  2022.  Security Protection of Research Sensitive Data Based on Blockchain. 2022 21st International Symposium on Distributed Computing and Applications for Business Engineering and Science (DCABES). :237–241.
In order to meet the needs of intellectual property protection and controlled sharing of scientific research sensitive data, a mechanism is proposed for security protection throughout “transfer, store and use” process of sensitive data which based on blockchain. This blockchain bottom layer security is reinforced. First, the encryption algorithm used is replaced by the national secret algorithm and the smart contract is encapsulated as API at the gateway level. Signature validation is performed when the API is used to prevent illegal access. Then the whole process of data up-chain, storage and down-chain is encrypted, and a mechanism of data structure query and data query condition construction based on blockchain smart is provided to ensure that the data is “usable and invisible”. Finally, data access control is ensured through role-based and hierarchical protection, and the blockchain base developed has good extensibility, which can meet the requirement of sensitive data security protection in scientific research filed and has broad application prospects.
ISSN: 2473-3636
Fowze, Farhaan, Choudhury, Muhtadi, Forte, Domenic.  2022.  EISec: Exhaustive Information Flow Security of Hardware Intellectual Property Utilizing Symbolic Execution. 2022 Asian Hardware Oriented Security and Trust Symposium (AsianHOST). :1–6.
Hardware IPs are assumed to be roots-of-trust in complex SoCs. However, their design and security verification are still heavily dependent on manual expertise. Extensive research in this domain has shown that even cryptographic modules may lack information flow security, making them susceptible to remote attacks. Further, when an SoC is in the hands of the attacker, physical attacks such as fault injection are possible. This paper introduces EISec, a novel tool utilizing symbolic execution for exhaustive analysis of hardware IPs. EISec operates at the pre-silicon stage on the gate level netlist of a design. It detects information flow security violations and generates the exhaustive set of control sequences that reproduces them. We further expand its capabilities to quantify the confusion and diffusion present in cryptographic modules and to analyze an FSM's susceptibility to fault injection attacks. The proposed methodology efficiently explores the complete input space of designs utilizing symbolic execution. In short, EISec is a holistic security analysis tool to help hardware designers capture security violations early on and mitigate them by reporting their triggers.
Xie, Xinjia, Guo, Yunxiao, Yin, Jiangting, Gai, Shun, Long, Han.  2022.  Research on Intellectual Property Protection of Artificial Intelligence Creation in China Based on SVM Kernel Methods. 2022 International Conference on Blockchain Technology and Information Security (ICBCTIS). :230–236.
Artificial intelligence creation comes into fashion and has brought unprecedented challenges to intellectual property law. In order to study the viewpoints of AI creation copyright ownership from professionals in different institutions, taking the papers of AI creation on CNKI from 2016 to 2021, we applied orthogonal design and analysis of variance method to construct the dataset. A kernel-SVM classifier with different kernel methods in addition to some shallow machine learning classifiers are selected in analyzing and predicting the copyright ownership of AI creation. Support vector machine (svm) is widely used in statistics and the performance of SVM method is closely related to the choice of the kernel function. SVM with RBF kernel surpasses the other seven kernel-SVM classifiers and five shallow classifier, although the accuracy provided by all of them was not satisfactory. Various performance metrics such as accuracy, F1-score are used to evaluate the performance of KSVM and other classifiers. The purpose of this study is to explore the overall viewpoints of AI creation copyright ownership, investigate the influence of different features on the final copyright ownership and predict the most likely viewpoint in the future. And it will encourage investors, researchers and promote intellectual property protection in China.
Jin, Bo, Zhou, Zheng, Long, Fei, Xu, Huan, Chen, Shi, Xia, Fan, Wei, Xiaoyan, Zhao, Qingyao.  2022.  Software Supply Chain Security of Power Industry Based on BAS Technology. 2022 International Conference on Artificial Intelligence of Things and Crowdsensing (AIoTCs). :556–561.
The rapid improvement of computer and network technology not only promotes the improvement of productivity and facilitates people's life, but also brings new threats to production and life. Cyberspace security has attracted more and more attention. Different from traditional cyberspace security, APT attacks on key networks or infrastructure, with the main goal of stealing intellectual property, confidential information or sabotage, seriously threatening the interests and security of governments, enterprises and scientific research institutions. Timely detection and blocking is particularly important. The purpose of this paper is to study the security of software supply chain in power industry based on BAS technology. The experimental data shows that Type 1 projects account for the least amount and Type 2 projects account for the highest proportion. Type 1 projects have high unit price contracts and high profits, but the number is small and the time for signing orders is long.
Li, Jinkai, Yuan, Jie, Xiao, Yue.  2022.  A traditional medicine intellectual property protection scheme based on Hyperledger Fabric. 2022 4th International Conference on Advances in Computer Technology, Information Science and Communications (CTISC). :1–5.
Due to its decentralized trust mechanism, blockchain is increasingly used as a trust intermediary for multi-party cooperation to reduce the cost and risk of maintaining centralized trust nowadays. And as the requirements for privacy and high throughput, consortium blockchain is widely used in data sharing and business cooperation in practical application scenarios. Nowadays, the protection of traditional medicine has been regarded as human intangible cultural heritage in recent years, but this kind of protection still faces the problem that traditional medicine prescriptions are unsuitable for disclosure and difficult to protect. Hyperledger is a consortium blockchain featuring authorized access, high throughput, and tamper-resistance, making it ideal for privacy protection and information depository in traditional medicine protection. This study proposes a solution for intellectual property protection of traditional medicine by using a blockchain platform to record prescription iterations and clinical trial data. The privacy and confidentiality of Hyperledger can keep intellectual property information safe and private. In addition, the author proposes to invite the Patent Offices and legal institutions to join the blockchain network, maintain users' properties and issue certificates, which can provide a legal basis for rights protection when infringement occurs. Finally, the researchers have built a system corresponding to the scheme and tested the system. The test outcomes of the system can explain the usability of the system. And through the test of system throughput, under low system configuration, it can reach about 200 query operations per second, which can meet the application requirements of relevant organizations and governments.
Sha, Weinan, Luo, Tianyu, Leng, Jiewu, Lin, Zisheng.  2022.  Heterogeneous Multi-Blockchain Model-based Intellectual Property Protection in Social Manufacturing Paradigm. 2022 IEEE 25th International Conference on Computer Supported Cooperative Work in Design (CSCWD). :891–896.
[Purpose/meaning] In this paper, a unified scheme based on blockchain technology to realize the three modules of intellectual property confirmation, utilization, and protection of rights at the application layer is constructed, to solve the problem of unbalanced and inadequate resource distribution and development level in the field of industrial intellectual property. [Method/process] Based on the application of the core technology of blockchain in the field of intellectual property, this paper analyzes the pain points in the current field of intellectual property, and selects matching blockchain types according to the protection of intellectual property and the different decisions involved in the transaction process, to build a heterogeneous multi-chain model based on blockchain technology. [Conclusion] The heterogeneous multi-chain model based on Polkadot[1] network is proposed to realize the intellectual property protection scheme of a heterogeneous multi-chain model, to promote collaborative design and product development between regions, and to make up for the shortcomings of technical exchange, and weaken the phenomenon of "information island" in a certain extent. [Limitation/deficiency] The design of smart contracts in the field of intellectual property, the development of cross-chain protocols, and the formulation of national standards for blockchain technology still need to be developed and improved. At the same time, the intellectual property protection model designed in this paper needs to be verified in the application of practical cases.
Wanigasooriya, C. S., Gunasekara, A. D. A. I., Kottegoda, K. G. K. G..  2022.  Blockchain-based Intellectual Property Management Using Smart Contracts. 2022 3rd International Conference for Emerging Technology (INCET). :1–5.
Smart contracts are an attractive aspect of blockchain technology. A smart contract is a piece of executable code that runs on top of the blockchain and is used to facilitate, execute, and enforce agreements between untrustworthy parties without the need for a third party. This paper offers a review of the literature on smart contract applications in intellectual property management. The goal is to look at technology advancements and smart contract deployment in this area. The theoretical foundation of many papers published in recent years is used as a source of theoretical and implementation research for this purpose. According to the literature review we conducted, smart contracts function automatically, control, or document legally significant events and activities in line with the contract agreement's terms. This is a relatively new technology that is projected to deliver solutions for trust, security, and transparency across a variety of areas. An exploratory strategy was used to perform this literature review.
Kulba, Vladimir, Sirotyuk, Vladimir.  2022.  Formalized Models and Methods for Building Efficient Digital Information Funds of Intellectual Property. 2022 15th International Conference Management of large-scale system development (MLSD). :1–5.
The goals, objectives and criteria of the effectiveness of the creation, maintenance and use of the Digital Information Fund of Intellectual Property (DIFIP) are considered. A formalized methodology is proposed for designing DIFIPs, increasing its efficiency and quality, based on a set of interconnected models, methods and algorithms for analysis, synthesis and normalization distributed information management of DIFIP's structure; classification of databases users of patent and scientific and technical information; synthesis of optimal logical structures of the DIFIP database and thematic databases; assessing the quality of the database and ensuring the required level of data security.
2023-09-01
Musa, Nura Shifa, Mirza, Nada Masood, Ali, Adnan.  2022.  Current Trends in Internet of Things Forensics. 2022 International Arab Conference on Information Technology (ACIT). :1—5.
Digital forensics is essential when performing in-depth crime investigations and evidence extraction, especially in the field of the Internet of Things, where there is a ton of information every second boosted with latest and smartest technological devices. However, the enormous growth of data and the nature of its complexity could constrain the data examination process since traditional data acquisition techniques are not applicable nowadays. Therefore, if the knowledge gap between digital forensics and the Internet of Things is not bridged, investigators will jeopardize the loss of a possible rich source of evidence that otherwise could act as a lead in solving open cases. The work aims to introduce examples of employing the latest Internet of Things forensics approaches as a panacea in this regard. The paper covers a variety of articles presenting the new Blockchain, fog, and video-based applications that can aid in easing the process of digital forensics investigation with a focus on the Internet of Things. The results of the review indicated that the above current trends are very promising procedures in the field of Internet of Things digital forensics and need to be explored and applied more actively.
Shang, Siyuan, Zhou, Aoyang, Tan, Ming, Wang, Xiaohan, Liu, Aodi.  2022.  Access Control Audit and Traceability Forensics Technology Based on Blockchain. 2022 4th International Conference on Frontiers Technology of Information and Computer (ICFTIC). :932—937.
Access control includes authorization of security administrators and access of users. Aiming at the problems of log information storage difficulty and easy tampering faced by auditing and traceability forensics of authorization and access in cross-domain scenarios, we propose an access control auditing and traceability forensics method based on Blockchain, whose core is Ethereum Blockchain and IPFS interstellar mail system, and its main function is to store access control log information and trace forensics. Due to the technical characteristics of blockchain, such as openness, transparency and collective maintenance, the log information metadata storage based on Blockchain meets the requirements of distribution and trustworthiness, and the exit of any node will not affect the operation of the whole system. At the same time, by storing log information in the blockchain structure and using mapping, it is easy to locate suspicious authorization or judgment that lead to permission leakage, so that security administrators can quickly grasp the causes of permission leakage. Using this distributed storage structure for security audit has stronger anti-attack and anti-risk.
Lan, James Kin Wah, Lee, Frankie Kin Wah.  2022.  Drone Forensics: A Case Study on DJI Mavic Air 2. 2022 24th International Conference on Advanced Communication Technology (ICACT). :291—296.
With the inundation of more cost effective and improved flight performance Unmanned Aerial Vehicles (UAVs) into the consumer market, we have seen more uses of these for both leisure and business purposes. As such, demand for digital forensic examination on these devices has seen an increase as well. This research will explore and discuss the forensic examination process on one of the more popular brands of UAV in Singapore, namely DJI. The findings are from the examination of the exposed File Transfer Protocol (FTP) channel and the extraction of the Data-at-Rest on the memory chip of the drone. The extraction was done using the Chip-Off and Chip-On technique.
Liu, Zhiqin, Zhu, Nan, Wang, Kun.  2022.  Recaptured Image Forensics Based on Generalized Central Difference Convolution Network. 2022 IEEE 2nd International Conference on Software Engineering and Artificial Intelligence (SEAI). :59—63.
With large advancements in image display technology, recapturing high-quality images from high-fidelity LCD screens becomes much easier. Such recaptured images can be used to hide image tampering traces and fool some intelligent identification systems. In order to prevent such a security loophole, we propose a recaptured image detection approach based on generalized central difference convolution (GCDC) network. Specifically, by using GCDC instead of vanilla convolution, more detailed features can be extracted from both intensity and gradient information from an image. Meanwhile, we concatenate the feature maps from multiple GCDC modules to fuse low-, mid-, and high-level features for higher performance. Extensive experiments on three public recaptured image databases demonstrate the superior of our proposed method when compared with the state-of-the-art approaches.
Yi Gong, Huang, Chun Hui, Feng, Dan Dan, Bai.  2022.  IReF: Improved Residual Feature For Video Frame Deletion Forensics. 2022 4th International Conference on Data Intelligence and Security (ICDIS). :248—253.
Frame deletion forensics has been a major area of video forensics in recent years. The detection effect of current deep neural network-based methods outperforms previous traditional detection methods. Recently, researchers have used residual features as input to the network to detect frame deletion and have achieved promising results. We propose an IReF (Improved Residual Feature) by analyzing the effect of residual features on frame deletion traces. IReF preserves the main motion features and edge information by denoising and enhancing the residual features, making it easier for the network to identify the tampered features. And the sparse noise reduction reduces the storage requirement. Experiments show that under the 2D convolutional neural network, the accuracy of IReF compared with residual features is increased by 3.81 %, and the storage space requirement is reduced by 78%. In the 3D convolutional neural network with video clips as feature input, the accuracy of IReF features is increased by 5.63%, and the inference efficiency is increased by 18%.
Chen, Guangxuan, Chen, Guangxiao, Wu, Di, Liu, Qiang, Zhang, Lei.  2022.  A Crawler-based Digital Forensics Method Oriented to Illegal Website. 2022 IEEE 5th Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC). 5:1883—1887.
There are a large number of illegal websites on the Internet, such as pornographic websites, gambling websites, online fraud websites, online pyramid selling websites, etc. This paper studies the use of crawler technology for digital forensics on illegal websites. First, a crawler based illegal website forensics program is designed and developed, which can detect the peripheral information of illegal websites, such as domain name, IP address, network topology, and crawl key information such as website text, pictures, and scripts. Then, through comprehensive analysis such as word cloud analysis, word frequency analysis and statistics on the obtained data, it can help judge whether a website is illegal.
Küçük, Düzgün, Yakut, Ömer Faruk, Cevız, Barış, Çakar, Emre, Ertam, Fatih.  2022.  Data Manipulation and Digital Forensics Analysis on WhatsApp Application. 2022 15th International Conference on Information Security and Cryptography (ISCTURKEY). :19—24.
WhatsApp is one of the rare applications that has managed to become one of the most popular instant messaging applications all over the world. While inherently designed for simple and fast communication, privacy features such as end-to-end encryption have made confidential communication easy for criminals aiming to commit illegal acts. However, as it meets many daily communication and communication needs, it has a great potential to be digital evidence in interpersonal disputes. In this study, in parallel with the potential of WhatsApp application to contain digital evidence, the abuse of this situation and the manipulation method of multimedia files, which may cause wrong decisions by the judicial authorities, are discussed. The dangerous side of this method, which makes the analysis difficult, is that it can be applied by anyone without the need for high-level root authority or any other application on these devices. In addition, it is difficult to detect as no changes can be made in the database during the analysis phase. In this study, a controlled experimental environment was prepared on the example scenario, the manipulation was carried out and the prepared system analysis was included. The results obtained showed that the evidence at the forensic analysis stage is open to misinterpretation.
Ye, Jiao.  2022.  A fuzzy decision tree reasoning method for network forensics analysis. 2022 World Automation Congress (WAC). :41—45.
As an important branch of computer forensics, network forensics technology, whether abroad or at home, is in its infancy. It mainly focuses on the research on the framework of some forensics systems or some local problems, and has not formed a systematic theory, method and system. In order to improve the network forensics sys-tem, have a relatively stable and correct model for refer-ence, ensure the authenticity and credibility of network fo-rensics from the forensics steps, provide professional and non professional personnel with a standard to measure the availability of computer network crime investigation, guide the current network forensics process, and promote the gradual maturity of network forensics theories and methods, This paper presents a fuzzy decision tree reason-ing method for network forensics analysis.
Paschal Mgembe, Innocent, Ladislaus Msongaleli, Dawson, Chaundhary, Naveen Kumar.  2022.  Progressive Standard Operating Procedures for Darkweb Forensics Investigation. 2022 10th International Symposium on Digital Forensics and Security (ISDFS). :1—3.
With the advent of information and communication technology, the digital space is becoming a playing ground for criminal activities. Criminals typically prefer darkness or a hidden place to perform their illegal activities in a real-world while sometimes covering their face to avoid being exposed and getting caught. The same applies in a digital world where criminals prefer features which provide anonymity or hidden features to perform illegal activities. It is from this spirit the Darkweb is attracting all kinds of criminal activities conducted over the Internet such as selling drugs, illegal weapons, child pornography, assassination for hire, hackers for hire, and selling of malicious exploits, to mention a few. Although the anonymity offered by Darkweb can be exploited as a tool to arrest criminals involved in cybercrime, an in-depth research is needed to advance criminal investigation on Darkweb. Analysis of illegal activities conducted in Darkweb is in its infancy and faces several challenges like lack of standard operating procedures. This study proposes progressive standard operating procedures (SOPs) for Darkweb forensics investigation. We provide the four stages of SOP for Darkweb investigation. The proposed SOP consists of the following stages; identification and profiling, discovery, acquisition and preservation, and the last stage is analysis and reporting. In each stage, we consider the objectives, tools and expected results of that particular stage. Careful consideration of this SOP revealed promising results in the Darkweb investigation.
Amin, Md Rayhan, Bhowmik, Tanmay.  2022.  Existing Vulnerability Information in Security Requirements Elicitation. 2022 IEEE 30th International Requirements Engineering Conference Workshops (REW). :220—225.
In software engineering, the aspect of addressing security requirements is considered to be of paramount importance. In most cases, however, security requirements for a system are considered as non-functional requirements (NFRs) and are addressed at the very end of the software development life cycle. The increasing number of security incidents in software systems around the world has made researchers and developers rethink and consider this issue at an earlier stage. An important and essential step towards this process is the elicitation of relevant security requirements. In a recent work, Imtiaz et al. proposed a framework for creating a mapping between existing requirements and the vulnerabilities associated with them. The idea is that, this mapping can be used by developers to predict potential vulnerabilities associated with new functional requirements and capture security requirements to avoid these vulnerabilities. However, to what extent, such existing vulnerability information can be useful in security requirements elicitation is still an open question. In this paper, we design a human subject study to answer this question. We also present the results of a pilot study and discuss their implications. Preliminary results show that existing vulnerability information can be a useful resource in eliciting security requirements and lays ground work for a full scale study.
Meixner, Kristof, Musil, Jürgen, Lüder, Arndt, Winkler, Dietmar, Biffl, Stefan.  2022.  A Coordination Artifact for Multi-disciplinary Reuse in Production Systems Engineering. 2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA). :1—8.
In Production System Engineering (PSE), domain experts from different disciplines reuse assets such as products, production processes, and resources. Therefore, PSE organizations aim at establishing reuse across engineering disciplines. However, the coordination of multi-disciplinary reuse tasks, e.g., the re-validation of related assets after changes, is hampered by the coarse-grained representation of tasks and by scattered, heterogeneous domain knowledge. This paper introduces the Multi-disciplinary Reuse Coordination (MRC) artifact to improve task management for multi-disciplinary reuse. For assets and their properties, the MRC artifact describes sub-tasks with progress and result states to provide references for detailed reuse task management across engineering disciplines. In a feasibility study on a typical robot cell in automotive manufacturing, we investigate the effectiveness of task management with the MRC artifact compared to traditional approaches. Results indicate that the MRC artifact is feasible and provides effective capabilities for coordinating multi-disciplinary re-validation after changes.
Xie, Genlin, Cheng, Guozhen, Liang, Hao, Wang, Qingfeng, He, Benwei.  2022.  Evaluating Software Diversity Based on Gadget Feature Analysis. 2022 IEEE 8th International Conference on Computer and Communications (ICCC). :1656—1660.
Evaluating the security gains brought by software diversity is one key issue of software diversity research, but the existing software diversity evaluation methods are generally based on conventional code features and are relatively single, which are difficult to accurately reflect the security gains brought by software diversity. To solve these problems, from the perspective of return-oriented programming (ROP) attack, we present a software diversity evaluation method which integrates metrics for the quality and distribution of gadgets. Based on the proposed evaluation method and SpiderMonkey JavaScript engine, we implement a software diversity evaluation system for compiled languages and script languages. Diversity techniques with different granularities are used to test. The evaluation results show that the proposed evaluation method can accurately and comprehensively reflect the security gains brought by software diversity.
Sumoto, Kensuke, Kanakogi, Kenta, Washizaki, Hironori, Tsuda, Naohiko, Yoshioka, Nobukazu, Fukazawa, Yoshiaki, Kanuka, Hideyuki.  2022.  Automatic labeling of the elements of a vulnerability report CVE with NLP. 2022 IEEE 23rd International Conference on Information Reuse and Integration for Data Science (IRI). :164—165.
Common Vulnerabilities and Exposures (CVE) databases contain information about vulnerabilities of software products and source code. If individual elements of CVE descriptions can be extracted and structured, then the data can be used to search and analyze CVE descriptions. Herein we propose a method to label each element in CVE descriptions by applying Named Entity Recognition (NER). For NER, we used BERT, a transformer-based natural language processing model. Using NER with machine learning can label information from CVE descriptions even if there are some distortions in the data. An experiment involving manually prepared label information for 1000 CVE descriptions shows that the labeling accuracy of the proposed method is about 0.81 for precision and about 0.89 for recall. In addition, we devise a way to train the data by dividing it into labels. Our proposed method can be used to label each element automatically from CVE descriptions.
Fang, Lele, Liu, Jiahao, Zhu, Yan, Chan, Chi-Hang, Martins, Rui Paulo.  2022.  LSB-Reused Protection Technique in Secure SAR ADC against Power Side-Channel Attack. 2022 Asian Hardware Oriented Security and Trust Symposium (AsianHOST). :1—6.
Successive approximation register analog-to-digital converter (SAR ADC) is widely adopted in the Internet of Things (IoT) systems due to its simple structure and high energy efficiency. Unfortunately, SAR ADC dissipates various and unique power features when it converts different input signals, leading to severe vulnerability to power side-channel attack (PSA). The adversary can accurately derive the input signal by only measuring the power information from the analog supply pin (AVDD), digital supply pin (DVDD), and/or reference pin (Ref) which feed to the trained machine learning models. This paper first presents the detailed mathematical analysis of power side-channel attack (PSA) to SAR ADC, concluding that the power information from AVDD is the most vulnerable to PSA compared with the other supply pin. Then, an LSB-reused protection technique is proposed, which utilizes the characteristic of LSB from the SAR ADC itself to protect against PSA. Lastly, this technique is verified in a 12-bit 5 MS/s secure SAR ADC implemented in 65nm technology. By using the current waveform from AVDD, the adopted convolutional neural network (CNN) algorithms can achieve \textgreater99% prediction accuracy from LSB to MSB in the SAR ADC without protection. With the proposed protection, the bit-wise accuracy drops to around 50%.