Biblio

Software vulnerabilities are closely monitored by the security community to timely address the security and privacy issues in software systems. Before a vulnerability is published by vulnerability management systems, it needs to be characterized to highlight its unique attributes, including affected software products and versions, to help security professionals prioritize their patches. Associating product names and versions with disclosed vulnerabilities may require a labor-intensive process that may delay their publication and fix, and thereby give attackers more time to exploit them. This work proposes a machine learning method to extract software product names and versions from unstructured CVE descriptions automatically. It uses Word2Vec and Char2Vec models to create context-aware features from CVE descriptions and uses these features to train a Named Entity Recognition (NER) model using bidirectional Long short-term memory (LSTM) networks. Based on the attributes of the product names and versions in previously published CVE descriptions, we created a set of Expert System (ES) rules to refine the predictions of the NER model and improve the performance of the developed method. Experiment results on real-life CVE examples indicate that using the trained NER model and the set of ES rules, software names and versions in unstructured CVE descriptions could be identified with F-Measure values above 0.95.

Ensuring high data availability while realizing privacy protection is a research hotspot in the field of privacy-preserving data publishing. In view of the instability of data availability in the existing differential privacy high-dimensional data publishing methods based on Bayesian networks, this paper proposes an improved MEPrivBayes privacy-preserving data publishing method, which is mainly improved from two aspects. Firstly, in view of the structural instability caused by the random selection of Bayesian first nodes, this paper proposes a method of first node selection and Bayesian network construction based on the Maximum Information Coefficient Matrix. Then, this paper proposes a privacy budget elastic allocation algorithm: on the basis of pre-setting differential privacy budget coefficients for all branch nodes and all leaf nodes in Bayesian network, the influence of branch nodes on their child nodes and the average correlation degree between leaf nodes and all other nodes are calculated, then get a privacy budget strategy. The SVM multi-classifier is constructed with privacy preserving data as training data set, and the original data set is used as input to evaluate the prediction accuracy in this paper. The experimental results show that the MEPrivBayes method proposed in this paper has higher data availability than the classical PrivBayes method. Especially when the privacy budget is small (noise is large), the availability of the data published by MEPrivBayes decreases less.

In recent years, differential privacy has gradually become a standard definition in the field of data privacy protection. Differential privacy does not need to make assumptions about the prior knowledge of privacy adversaries, so it has a more stringent effect than existing privacy protection models and definitions. This good feature has been used by researchers to solve the in-depth learning problem restricted by the problem of privacy and security, making an important breakthrough, and promoting its further large-scale application. Combining differential privacy with BEGAN, we propose the DP-BEGAN framework. The differential privacy is realized by adding carefully designed noise to the gradient of Gan model training, so as to ensure that Gan can generate unlimited synthetic data that conforms to the statistical characteristics of source data and does not disclose privacy. At the same time, it is compared with the existing methods on public datasets. The results show that under a certain privacy budget, this method can generate higher quality privacy protection data more efficiently, which can be used in a variety of data analysis tasks. The privacy loss is independent of the amount of synthetic data, so it can be applied to large datasets.

This paper explores recent achievements and novel challenges of the annoying privacy-preserving big data stream mining problem, which consists in applying mining algorithms to big data streams while ensuring the privacy of data. Recently, the emerging big data analytics context has conferred a new light to this exciting research area. This paper follows the so-depicted research trend.

In order to gain more benefits from big data, they must be shared, published, analyzed and processed without having any harm or facing any violation and finally get better values from these analytics. The literature reports that this analytics brings an issue of privacy violations. This issue is also protected by law and bring fines to the companies, institutions or individuals. As a result, data collectors avoid to publish or share their big data due to these concerns. In order to obtain plausible solutions, there are a number of techniques to reduce privacy risks and to enable publishing big data while preserving privacy at the same time. These are known as privacy-preserving big data publishing (PPBDP) models. This study presents the privacy problem in big data, evaluates big data components from privacy perspective, privacy risks and protection methods in big data publishing, and reviews existing privacy-preserving big data publishing approaches and anonymization methods in literature. The results were finally evaluated and discussed, and new suggestions were presented.

In recent years, with the rise of the Internet of things industry, a variety of user location-based applications came into being. While users enjoy these convenient services, their location information privacy is also facing a great threat. Therefore, the research on location privacy protection in the Internet of things has become a hot spot for scholars. Privacy protection microdata publishing is a hot spot in data privacy protection research. Data interference is an effective solution for privacy protection microdata publishing. Aiming at privacy protection clustering problem, a privacy protection data interference method is proposed. In this paper, the location privacy protection algorithm is studied, with the purpose of providing location services and protecting the data interference of users' location privacy. In this paper, the source location privacy protection protocol (PR \_ CECRP) algorithm with controllable energy consumption is proposed to control the energy consumption of phantom routing strategy. In the routing process from the source node to the phantom node, the source data packet forwarding mechanism based on sector area division is adopted, so that the random routing path is generated and the routing energy consumption and transmission delay are effectively controlled.

Quasi-identifier is an attribute combined with other attributes to identify specific tuples or partial tuples. Improper selection of quasi-identifiers will lead to the failure of current privacy protection anonymization technology. Therefore, in this paper, we propose a method to solve single structured relational data quasi-identifiers based on functional dependency and determines the attribute classification standard. Firstly, the solution scope of quasi-identifier is determined to be all attributes except identity attributes and critical attributes. Secondly, the real data set is used to evaluate the dependency relationship between the indefinite attribute subset and the identity attribute to solve the quasi-identifiers set. Finally, we propose an algorithm to find all quasi-identifiers and experiment on real data sets of different sizes. The results show that our method can achieve better performance on the same dataset.

In Indonesia, there have been many certificates forgery happened. The lack of security system for the certificate and the difficulty in verification process toward the authenticity certificate become the main factor of the certificate forgery cases happen. The aim of this research is to improve the security system such digital signature and QR code to authenticate the authenticity certificate and to facilitate the user in verify their certificate and also to minimize the certificate forgery cases. The aim of this research is to improve the security system such digital signature and QR code to authenticate the authenticity certificate and to facilitate the user in verify their certificate and also to minimize the certificate forgery cases. The application is built in web system to facilitate the user to access it everywhere and any time. This research uses Research and Development method for problem analysis and to develop application using Software Development Life Cycle method with waterfall approach. Black box testing is chosen as testing method for each function in this system. The result of this research is creatcate application that’s designed to support the publishing and the verification of the electronic authenticity certificate by online. There are two main schemes in system: the scheme in making e-certificate and the scheme of verification QR Code. There is the electronic professional certificate application by applying digital signature and QR Code. It can publish e-certificate that can prevent from criminal action such certificate forgery, that’s showed in implementation and can be proven in test.

Pedestrian dead reckoning (PDR) is a widely used approach to estimate locations and trajectories. Accessing location-based services with trajectory data can bring convenience to people, but may also raise privacy concerns that need to be addressed. In this paper, a privacy-preserving pedestrian dead reckoning framework is proposed to protect a user’s trajectory privacy based on differential privacy. We introduce two metrics to quantify trajectory privacy and data utility. Our proposed privacy-preserving trajectory extraction algorithm consists of three mechanisms for the initial locations, stride lengths and directions. In addition, we design an adversary model based on particle filtering to evaluate the performance and demonstrate the effectiveness of our proposed framework with our collected sensor reading dataset.

Cyber-physical systems (CPS) data privacy protection during sharing, aggregating, and publishing is a challenging problem. Several privacy protection mechanisms have been developed in the literature to protect sensitive data from adversarial analysis and eliminate the risk of re-identifying the original properties of shared data. However, most of the existing solutions have drawbacks, such as (i) lack of a proper vulnerability characterization model to accurately identify where privacy is needed, (ii) ignoring data providers privacy preference, (iii) using uniform privacy protection which may create inadequate privacy for some provider while over-protecting others, and (iv) lack of a comprehensive privacy quantification model assuring data privacy-preservation. To address these issues, we propose a personalized privacy preference framework by characterizing and quantifying the CPS vulnerabilities as well as ensuring privacy. First, we introduce a Standard Vulnerability Profiling Library (SVPL) by arranging the nodes of an energy-CPS from maximum to minimum vulnerable based on their privacy loss. Based on this model, we present our personalized privacy framework (PDP) in which Laplace noise is added based on the individual node's selected privacy preferences. Finally, combining these two proposed methods, we demonstrate that our privacy characterization and quantification model can attain better privacy preservation by eliminating the trade-off between privacy, utility, and risk of losing information.

The integration of advanced information, communication and data analytic technologies has transformed the traditional grid into an intelligent bidirectional system that can automatically adapt its services for utilities or consumers' needs. However, this change raises new privacy-related challenges. Privacy leakage has become a severe issue in the grid paradigm as adversaries run malicious analytics to identify the system's internal insight or use it to interrupt grids' operation by identifying real-time demand-based supply patterns. As a result, current grid authorities require an integrated mechanism to improve the system's sensitive data's privacy preservation. To this end, we present a multilayered smart grid architecture by characterizing the privacy issues that occur during data sharing, aggregation, and publishing by individual grid end nodes. Based on it, we quantify the nodes preferred privacy requirements. We further introduce personalized differential privacy (PDP) scheme based on trust distance in our proposed framework to provide the system with the added benefit of a user-specific privacy guarantee to eliminate differential privacy's limitation that allows the same level of privacy for all data providers. Lastly, we conduct extensive experimental analysis on a real-world grid dataset to illustrate that our proposed method is efficient enough to provide privacy preservation on sensitive smart grid data.

Cyber attacks are a major concern for network administrators as the occurrences of such events are continuously increasing on the Internet. Software-defined networks (SDN) enable many management applications, but they may also become targets for attackers. Due to the separation of the data plane and the control plane, the controller appears as a new element in SDN networks, allowing centralized control of the network, becoming a strategic target in carrying out an attack. According to reports generated by security labs, the frequency of the distributed denial of service (DDoS) attacks has seen an increase in recent years, characterizing a major threat to the SDN. However, few research papers address the prevention of DDoS attacks on SDN. Therefore, this work presents a Systematic Mapping of Literature, aiming at identifying, classifying, and thus disseminating current research studies that propose techniques and methods for preventing DDoS attacks in SDN. When answering these questions, it was determined that the SDN controller was vulnerable to possible DDoS attacks. No prevention methods were found in the literature for the first phase of the attack (when attackers try to deceive users and infect the host). Therefore, the security of software-defined networks still needs improvement over DDoS attacks, despite the evident risk of an attack targeting the SDN controller.

The collection of digital information by governments, companies and individuals creates tremendous opportunities for knowledge and information-based decision-making. Driven by mutual benefit and laws and regulations, there is a need for data exchange and publication between all parties. However, data in its original form usually contains sensitive information about individuals and publishing such data would violate personal privacy. Privacy Protection Data Distribution (PPDP) provides methods and tools to release useful information while protecting data privacy. In recent years, PPDP has received extensive attention from the research community, and many solutions have been proposed for different data release scenarios. How to ensure the availability of data under the premise of protecting user privacy is the core problem to be solved in this field. This paper studies the existing achievements of privacy protection data release anonymity technology, focusing on the existing anonymity technology in three aspects of high-dimensional, high-deficiency, and complex relational data, and analyzes and summarizes them.

Vulnerability detection and exploitation serves as a milestone for secure development and identifying major threats in software applications. Automated exploit generation helps in easier identification of bugs, the attack vectors and the various possibilities of generation of the exploit payload. Thus, we introduce AngErza which uses dynamic and symbolic execution to identify hot-spots in the code, formulate constraints and generate a payload based on those constraints. Our tool is entirely based on angr which is an open-sourced offensive binary analysis framework. The work around AngErza focuses on exploit and vulnerability detection in CTF-style C binaries compiled on 64-bit Intel architecture for the early-phase of this project.

Information level protection standard 2.0 requires trusted verification of system bootstrappers, system programs, etc. of server equipment based on trusted root. According to the requirements of information level protection standard, this paper puts forward a network trusted start-up scheme based on the trusted platform control module to guarantee the security and trust of the server's BIOS firmware, PXE boot file and Linux system file. When publishing BIOS firmware, PXE startup file, Linux system file, the state-secret algorithm SM3 is used to calculate the summary value as the benchmark value, and stored in the trusted platform control module, BIOS firmware, Linux boot file. When the server starts up with PXE, the BIOS firmware is measured by the Trusted Platform Control Module, the BIOS Start Environment Measures PXE Boot File, and the PXE Boot File measures the Linux system file. The trusted platform control module is the trust root level measurement level, the first level of trust level, the trust chain, the implementation of a trusted server operating environment. The method proposed in this paper is tested on the domestic autonomous controllable Sunway server, and the experimental results show that the method proposed in this paper is feasible.

The recent spurt of incidents related to copyrights and security breaches has led to the monetary loss of several digital content creators and publishers. These incidents conclude that the existing system lacks the ability to uphold the integrity of their published content. Moreover, some of the digital content owners rely on third parties, results in lack of ability to provide provenance of digital media. The question that needs to be addressed today is whether modern technologies can be leveraged to suppress such incidents and regain the confidence of creators and the audience. Fortunately, this paper presents a unique framework that empowers digital content creators to have complete control over the place of its origin, accessibility and impose restrictions on unauthorized alteration of their content. This framework harnesses the power of the Ethereum platform, a part of Blockchain technology, and uses S mart Contracts as a key component empowering the creators with enhanced control of their content and the corresponding audience.

With the increasing attention to ocean and the development of data-intensive sciences, a large amount of ocean data has been acquired by various observing platforms and sensors, which poses new challenges to data management and utilization. Typically, nowadays we target to move ocean data management toward the FAIR principles of being findable, accessible, interoperable, and reusable. However, the data produced and managed by different organizations with wide diversity, various structures and increasing volume make it hard to be FAIR, and one of the most critical reason is the lack of unified data representation and publication methods. In this paper, we propose novel techniques to try to solve the problem by introducing semantics with ontologies. Specifically, we first propose a unified semantic model named OEDO to represent ocean data by defining the concepts of ocean observing field, specifying the relations between the concepts, and describing the properties with ocean metadata. Then, we further optimize the state-of-the-art quick service query list (QSQL) data structure, by extending the domain concepts with WordNet to improve data discovery. Moreover, based on the OEDO model and the optimized QSQL, we propose an ocean data service publishing method called DOLP to improve data discovery and data access. Finally, we conduct extensive experiments to demonstrate the effectiveness and efficiency of our proposals.

With the development of Internet technology, the attacker gets more and more complex background knowledge, which makes the anonymous model susceptible to background attack. Although the differential privacy model can resist the background attack, it reduces the versatility of the data. In this paper, this paper proposes a differential privacy information publishing algorithm based on clustering anonymity. The algorithm uses the cluster anonymous algorithm based on KD tree to cluster the original data sets and gets anonymous tables by anonymous operation. Finally, the algorithm adds noise to the anonymous table to satisfy the definition of differential privacy. The algorithm is compared with the DCMDP (Density-Based Clustering Mechanism with Differential Privacy, DCMDP) algorithm under different privacy budgets. The experiments show that as the privacy budget increases, the algorithm reduces the information loss by about 80% of the published data.

To our best knowledge, the p-sensitive k-anonymity model is a sophisticated model to resist linking attacks and homogeneous attacks in data publishing. However, if the distribution of sensitive values is skew, the model is difficult to defend against skew attacks and even faces sensitive attacks. In practice, the privacy requirements of different sensitive values are not always identical. The “one size fits all” unified privacy protection level may cause unnecessary information loss. To address these problems, the paper quantifies privacy requirements with the concept of IDF and concerns more about sensitive groups. Two enhanced anonymous models with personalized protection characteristic, that is, (p,αisg) -sensitive k-anonymity model and (pi,αisg)-sensitive k-anonymity model, are then proposed to resist skew attacks and sensitive attacks. Furthermore, two clustering algorithms with global search and local search are designed to implement our models. Experimental results show that the two enhanced models have outstanding advantages in better privacy at the expense of a little data utility.

Recently, a large amount of research studies aiming at the privacy-preserving data publishing have been conducted. We find that most K-anonymity algorithms fail to consider the characteristics of attribute values distribution in data and the contribution value differences in quasi-identifier attributes when service-oriented. In this paper, the importance of distribution characteristics of attribute values and the differences in contribution value of quasi-identifier attributes to anonymous results are illustrated. In order to maximize the utility of released data, a service-oriented adaptive anonymity algorithm is proposed. We establish a model of reaction dispersion degree to quantify the characteristics of attribute value distribution and introduce the concept of utility weight related to the contribution value of quasi-identifier attributes. The priority coefficient and the characterization coefficient of partition quality are defined to optimize selection strategies of dimension and splitting value in anonymity group partition process adaptively, which can reduce unnecessary information loss so as to further improve the utility of anonymized data. The rationality and validity of the algorithm are verified by theoretical analysis and multiple experiments.

The existing anonymized differential privacy model adopts a unified anonymity method, ignoring the difference of personal privacy, which may lead to the problem of excessive or insufficient protection of the original data [1]. Therefore, this paper proposes a personalized k-anonymity model for tuples (PKA) and proposes a differential privacy data publishing algorithm (DPPA) based on personalized anonymity, firstly based on the tuple personality factor set by the user in the original data set. The values are classified and the corresponding privacy protection relevance is calculated. Then according to the tuple personality factor classification value, the data set is clustered by clustering method with different anonymity, and the quasi-identifier attribute of each cluster is aggregated and noise-added to realize anonymized differential privacy; finally merge the subset to get the data set that meets the release requirements. In this paper, the correctness of the algorithm is analyzed theoretically, and the feasibility and effectiveness of the proposed algorithm are verified by comparison with similar algorithms.

Since trajectory data is widely collected and utilized for scientific research and business purpose, publishing trajectory without proper privacy-policy leads to an acute threat to individual data. Recently, several methods, i.e., k-anonymity, l-diversity, t-closeness have been studied, though they tend to protect by reducing data depends on a feature of each method. When a strong privacy protection is required, these methods have excessively reduced data utility that may affect the result of scientific research. In this research, we suggest a novel approach to tackle this existing dilemma via an adding noise trajectory on a vector-based grid environment.

With the development of location technology, location-based services greatly facilitate people's life . However, due to the location information contains a large amount of user sensitive informations, the servicer in location-based services published location data also be subject to the risk of privacy disclosure. In particular, it is more easy to lead to privacy leaks without considering the attacker's semantic background knowledge while the publish sparse location data. So, we proposed semantic k-anonymity privacy protection method to against above problem in this paper. In this method, we first proposed multi-user compressing sensing method to reconstruct the missing location data . To balance the availability and privacy requirment of anonymity set, We use semantic translation and multi-view fusion to selected non-sensitive data to join anonymous set. Experiment results on two real world datasets demonstrate that our solution improve the quality of privacy protection to against semantic attacks.

Different tools and sources are used to collect big data, which may create privacy issues. k-anonymity, l-diversity, t-closeness etc. privacy preserving data publishing approaches are used data de-identification, but as multiple sources is used to collect the data, chance of re-identification is very high. Anonymization large data is not a trivial task, hence, privacy preserving approaches scalability has become a challenging research area. Researchers explore it by proposing algorithms for scalable anonymization. We further found that in some scenarios efficient anonymization is not enough, timely anonymization is also required. Hence, to incorporate the velocity of data with Scalable k-Anonymization (SKA) approach, we propose a novel approach, Scalable ( α, k)-Anonymization (SAKA). Our proposed approach outperforms in terms of information loss and running time as compared to existing approaches. With best of our knowledge, this is the first proposed scalable anonymization approach for the velocity of data.

Differential privacy, which is due to its rigorous mathematical proof and strong privacy guarantee, has become a standard for the release of statistics with privacy protection. Recently, a lot of dynamic data publishing algorithms based on differential privacy have been proposed, but most of the algorithms use a native method to allocate the privacy budget. That is, the limited privacy budget is allocated to each time point uniformly, which may result in the privacy budget being unreasonably utilized and reducing the utility of data. In order to make full use of the limited privacy budget in the dynamic data publishing and improve the utility of data publishing, we propose a dynamic data publishing algorithm based on reinforcement learning in this paper. The algorithm consists of two parts: privacy budget allocation and data release. In the privacy budget allocation phase, we combine the idea of reinforcement learning and the changing characteristics of dynamic data, and establish a reinforcement learning model for the allocation of privacy budget. Finally, the algorithm finds a reasonable privacy budget allocation scheme to publish dynamic data. In the data release phase, we also propose a new dynamic data publishing strategy to publish data after the privacy budget is exhausted. Extensive experiments on real datasets demonstrate that our algorithm can allocate the privacy budget reasonably and improve the utility of dynamic data publishing.