Biblio

With large advancements in image display technology, recapturing high-quality images from high-fidelity LCD screens becomes much easier. Such recaptured images can be used to hide image tampering traces and fool some intelligent identification systems. In order to prevent such a security loophole, we propose a recaptured image detection approach based on generalized central difference convolution (GCDC) network. Specifically, by using GCDC instead of vanilla convolution, more detailed features can be extracted from both intensity and gradient information from an image. Meanwhile, we concatenate the feature maps from multiple GCDC modules to fuse low-, mid-, and high-level features for higher performance. Extensive experiments on three public recaptured image databases demonstrate the superior of our proposed method when compared with the state-of-the-art approaches.

Anomaly detection has been considered under several extents of prior knowledge. Unsupervised methods do not require any labelled data, whereas semi-supervised methods leverage some known anomalies. Inspired by mixture-of-experts models and the analysis of the hidden activations of neural networks, we introduce a novel data-driven anomaly detection method called ARGUE. Our method is not only applicable to unsupervised and semi-supervised environments, but also profits from prior knowledge of self-supervised settings. We designed ARGUE as a combination of dedicated expert networks, which specialise on parts of the input data. For its final decision, ARGUE fuses the distributed knowledge across the expert systems using a gated mixture-of-experts architecture. Our evaluation motivates that prior knowledge about the normal data distribution may be as valuable as known anomalies.

Network security has always been the most important of enterprise informatization construction and development, and the security assessment of network system is the basis for enterprises to make effective security defense strategies. Aiming at the relevance of security factors and subjectivity of evaluation results in the process of enterprise network system security assessment, a security assessment method combining Analytic Network Process and evidence theory is proposed. Firstly, we built a complete security assessment index system and network analysis structure model for enterprise network, and determined the converged security index weights by calculating hypermatrix, limit hypermatrix and stable limit hypermatrix; then, we used the evidence theory on data fusion of the evaluation opinions of multiple experts to eliminate the conflict between evidences. Finally, according to the principle of maximum membership degree, we realized the assessment of enterprise network security level using weighted average. The example analysis showed that the model not only weighed the correlation influence among the security indicators, but also effectively reduced the subjectivity of expert evaluation and the fuzziness and uncertainty in qualitative analysis, which verified the effectiveness of the model and method, and provided an important basis for network security management.

Existing group shilling attack detection methods mainly depend on human feature engineering to extract group attack behavior features, which requires a high knowledge cost. To address this problem, we propose a group shilling attack detection method based on maximum density subtensor mining. First, the rating time series of each item is divided into time windows and the item tensor groups are generated by establishing the user-rating-time window data models of three-dimensional tensor. Second, the M-Zoom model is applied to mine the maximum dense subtensor of each item, and the subtensor groups with high consistency of behaviors are selected as candidate groups. Finally, a dual-input convolutional neural network model is designed to automatically extract features for the classification of real users and group attack users. The experimental results on the Amazon and Netflix datasets show the effectiveness of the proposed method.

At present, most smart contract vulnerability detection use manually-defined patterns, which is time-consuming and far from satisfactory. To address this issue, researchers attempt to deploy deep learning techniques for automatic vulnerability detection in smart contracts. Nevertheless, current work mostly relies on a single code representation such as AST (Abstract Syntax Tree) or code tokens to learn vulnerability characteristics, which might lead to incompleteness of learned semantics information. In addition, the number of available vulnerability datasets is also insufficient. To address these limitations, first, we construct a dataset covering most typical types of smart contract vulnerabilities, which can accurately indicate the specific row number where a vulnerability may exist. Second, for each single code representation, we propose a novel way called AFS (AST Fuse program Slicing) to fuse code characteristic information. AFS can fuse the structured information of AST with program slicing information and detect vulnerabilities by learning new vulnerability characteristic information.

Trust relationship prediction among people provides valuable supports for decision making, information dissemination, and product promotion in online social networks. Network embedding has achieved promising performance for link prediction by learning node representations that encode intrinsic network structures. However, most of the existing network embedding solutions cannot effectively capture the properties of a trust network that has directed edges and nodes with in/out links. Furthermore, there usually exist rich user attributes in trust networks, such as ratings, reviews, and the rated/reviewed items, which may exert significant impacts on the formation of trust relationships. It is still lacking a network embedding-based method that can adequately integrate these properties for trust prediction. In this work, we develop an AtNE-Trust model to address these issues. We firstly capture user embedding from both the trust network structures and user attributes. Then we design a deep multi-view representation learning module to further mine and fuse the obtained user embedding. Finally, a trust evaluation module is developed to predict the trust relationships between users. Representation learning and trust evaluation are optimized together to capture high-quality user embedding and make accurate predictions simultaneously. A set of experiments against the real-world datasets demonstrates the effectiveness of the proposed approach.

This work presents ChainFS, a middleware system that secures cloud storage services using a minimally trusted Blockchain. ChainFS hardens the cloud-storage security against forking attacks. The ChainFS middleware exposes a file-system interface to end users. Internally, ChainFS stores data files in the cloud and exports minimal and necessary functionalities to the Blockchain for key distribution and file operation logging. We implement the ChainFS system on Ethereum and S3FS and closely integrate it with FUSE clients and Amazon S3 cloud storage. We measure the system performance and demonstrate low overhead.

Phishing websites have long been a serious threat to cyber security. For decades, many researchers have been devoted to developing novel techniques to detect phishing websites automatically. While state-of-the-art solutions can achieve superior performances, they require substantial manual feature engineering and are not adept at detecting newly emerging phishing attacks. Therefore, developing techniques that can detect phishing websites automatically and handle zero-day phishing attacks swiftly is still an open challenge in this area. In this work, we propose PhishingNet, a deep learning-based approach for timely detection of phishing Uniform Resource Locators (URLs). Specifically, we use a Convolutional Neural Network (CNN) module to extract character-level spatial feature representations of URLs; meanwhile, we employ an attention-based hierarchical Recurrent Neural Network(RNN) module to extract word-level temporal feature representations of URLs. We then fuse these feature representations via a three-layer CNN to build accurate feature representations of URLs, on which we train a phishing URL classifier. Extensive experiments on a verified dataset collected from the Internet demonstrate that the feature representations extracted automatically are conducive to the improvement of the generalization ability of our approach on newly emerging URLs, which makes our approach achieve competitive performance against other state-of-the-art approaches.

In this paper, we propose a novel visual secret sharing (VSS) scheme for color QR code (VSSCQR) with (n, n) threshold based on high capacity, admirable visual effects and popularity of color QR code. By splitting and encoding a secret image into QR codes and then fusing QR codes to generate color QR code shares, the scheme can share the secret among a certain number of participants. However, less than n participants cannot reveal any information about the secret. The embedding amount and position of the secret image bits generated by VSS are in the range of the error correction ability of the QR code. Each color share is readable, which can be decoded and thus may not come into notice. On one hand, the secret image can be reconstructed by first decomposing three QR codes from each color QR code share and then stacking the corresponding QR codes based on only human visual system without computational devices. On the other hand, by decomposing three QR codes from each color QR code share and then XORing the three QR codes respectively, we can reconstruct the secret image losslessly. The experiment results display the effect of our scheme.

Barrier coverage has been widely adopted to prevent unauthorized invasion of important areas in sensor networks. As sensors are typically placed outdoors, they are susceptible to getting faulty. Previous works assumed that faulty sensors are easy to recognize, e.g., they may stop functioning or output apparently deviant sensory data. In practice, it is, however, extremely difficult to recognize faulty sensors as well as their invalid output. We, in this paper, propose a novel fault-tolerant intrusion detection algorithm (TrusDet) based on trust management to address this challenging issue. TrusDet comprises of three steps: i) sensor-level detection, ii) sink-level decision by collective voting, and iii) trust management and fault determination. In the Step i) and ii), TrusDet divides the surveillance area into a set of fine- grained subareas and exploits temporal and spatial correlation of sensory output among sensors in different subareas to yield a more accurate and robust performance of barrier coverage. In the Step iii), TrusDet builds a trust management based framework to determine the confidence level of sensors being faulty. We implement TrusDet on HC- SR501 infrared sensors and demonstrate that TrusDet has a desired performance.

Traditionally, utility crews have used faulted circuit indicators (FCIs) to locate faulted line sections. FCIs monitor current and provide a local visual indication of recent fault activity. When a fault occurs, the FCIs operate, triggering a visual indication that is either a mechanical target (flag) or LED. There are also enhanced FCIs with communications capability, providing fault status to the outage management system (OMS) or supervisory control and data acquisition (SCADA) system. Such quickly communicated information results in faster service restoration and reduced outage times. For distribution system protection, protection devices (such as recloser controls) must coordinate with downstream devices (such as fuses or other recloser controls) to clear faults. Furthermore, if there are laterals on a feeder that are protected by a recloser control, it is desirable to communicate to the recloser control which lateral had the fault in order to enhance tripping schemes. Because line sensors are typically placed along distribution feeders, they are capable of sensing fault status and characteristics closer to the fault. If such information can be communicated quickly to upstream protection devices, at protection speeds, the protection devices can use this information to securely speed up distribution protection scheme operation. With recent advances in low-power electronics, wireless communications, and small-footprint sensor transducers, wireless line sensors can now provide fault information to the protection devices with low latencies that support protection speeds. This paper describes the components of a wireless protection sensor (WPS) system, its integration with protection devices, and how the fault information can be transmitted to such devices. Additionally, this paper discusses how the protection devices use this received fault information to securely speed up the operation speed of and improve the selectivity of distribution protection schemes, in add- tion to locating faulted line sections.

Information fusion deals with the integration and merging of data and information from multiple (heterogeneous) sources. In many cases, the information that needs to be fused has security classification. The result of the fusion process is then by necessity restricted with the strictest information security classification of the inputs. This has severe drawbacks and limits the possible dissemination of the fusion results. It leads to decreased situational awareness: the organization knows information that would enable a better situation picture, but since parts of the information is restricted, it is not possible to distribute the most correct situational information. In this paper, we take steps towards defining fusion and data mining processes that can be used even when all the underlying data that was used cannot be disseminated. The method we propose here could be used to produce a classifier where all the sensitive information has been removed and where it can be shown that an antagonist cannot even in principle obtain knowledge about the classified information by using the classifier or situation picture.