Biblio

Detection of malware and security attacks is a complex process that can vary in its details and analysis activities. As part of the detection process, malware scanners try to categorize a malware once it is detected under one of the known malware categories (e.g. worms, spywares, viruses, etc.). However, many studies and researches indicate problems with scanners categorizing or identifying a particular malware under more than one malware category. This paper, and several others, show that machine learning can be used for malware detection especially with ensemble base prediction methods. In this paper, we evaluated several custom-built ensemble models. We focused on multi-label malware classification as individual or classical classifiers showed low accuracy in such territory.This paper showed that recent machine models such as ensemble and deep learning can be used for malware detection with better performance in comparison with classical models. This is very critical in such a dynamic and yet important detection systems where challenges such as the detection of unknown or zero-day malware will continue to exist and evolve.

The increased dissemination of open source software to a broader audience has led to a proportional increase in the dissemination of vulnerabilities. These vulnerabilities are introduced by developers, some intentionally or negligently. In this paper, we work to quantity the relative risk that a given developer represents to a software project. We propose using empirical software engineering based analysis on the vast data made available by GitHub to create a Developer Risk Score (DRS) for prolific contributors on GitHub. The DRS can then be aggregated across a project as a derived vulnerability assessment, we call this the Computational Vulnerability Assessment Score (CVAS). The CVAS represents the correlation between the Developer Risk score across projects and vulnerabilities attributed to those projects. We believe this to be a contribution in trying to quantity risk introduced by specific developers across open source projects. Both of the risk scores, those for contributors and projects, are derived from an amalgamation of data, both from GitHub and outside GitHub. We seek to provide this risk metric as a force multiplier for the project maintainers that are responsible for reviewing code contributions. We hope this will lead to a reduction in the number of introduced vulnerabilities for projects in the Open Source ecosystem.

Distributed Container-based cloud system has the advantages of rapid deployment, efficient virtualization, simplified configuration, and well-scalability. However, good scalability may slow down container-based cloud because it is more vulnerable to gray faults. As a new fault model similar with fail-slow and limping, gray fault has so many root causes that current studies focus only on a certain type of fault are not sufficient. And unlike traditional cloud, container is a black box provided by service providers, making it difficult for traditional API intrusion-based diagnosis methods to implement. A better approach should shield low-level causes from high-level processing. A Gray Fault Prediction Strategy based on Context Graph is proposed according to the correlation between gray faults and application scenarios. From historical data, the performance metrics related to how above context evolve to fault scenarios are established, and scenarios represented by corresponding data are stored in a graph. A scenario will be predicted as a fault scenario, if its isomorphic scenario is found in the graph. The experimental results show that the success rate of prediction is stable at more than 90%, and it is verified the overhead is optimized well.

The correctness of security control system strategy is very important to ensure the stability of power system. Aiming at the problem that the current security control strategy verification method is not enough to match the increasingly complex large power grid, this paper proposes a cyclic verification method of security control system strategy table based on constraints and whole process dynamic simulation. Firstly, the method is improved based on the traditional security control strategy model to make the strategy model meet certain generalization ability; And on the basis of this model, the cyclic dynamic verification of the strategy table is realized based on the constraint conditions and the whole process dynamic simulation, which not only ensures the high accuracy of strategy verification for the security control strategy of complex large power grid, but also ensures that the power system is stable and controllable. Finally, based on a certain regional power system, the optimal verification of strategy table verification experiment is realized. The experimental results show that the average processing time of the proposed method is 10.32s, and it can effectively guarantee the controllability and stability of power grid.

With the increasing popularity of the Internet, mobile Internet and the Internet of Things, the current network environment continues to become more complicated. Due to the increasing variety and severity of cybersecurity threats, traditional means of network security protection have ushered in a huge challenge. The network security posture prediction can effectively predict the network development trend in the future time based on the collected network history data, so this paper proposes an algorithm based on simulated annealing-particle swarm algorithm to optimize improved Elman neural network parameters to achieve posture prediction for network security. Taking advantage of the characteristic that the value of network security posture has periodicity, a simulated annealing algorithm is introduced along with an improved particle swarm algorithm to solve the problem that neural network training is prone to fall into a local optimal solution and achieve accurate prediction of the network security posture. Comparison of the proposed scheme with existing prediction methods validates that the scheme has a good posture prediction accuracy.