检索结果-南通市图书馆

MRm-DLDet:a memory-resident malware detection framework based on memory forensics and deep neural network

在线全文

同方期刊数据库

学校读者我要写书评

暂无评论

Cybersecurity 2024年第1期7卷 88-109页

作者： Jiaxi liu Yun Feng Xinyu liu Jianjun Zhao qixu liu Institute of Information Engineering Chinese Academy of SciencesBeijing 100085China School of Cyber Security University of Chinese Academy of SciencesBeijing 100049China

Cyber attackers have constantly updated their attack techniques to evade antivirus software detection in recent *** popular evasion method is to execute malicious code and perform malicious actions only in ***-cious programs that use this attack method are called memory-resident malware,with excellent evasion capability,and have posed huge threats to cyber *** static and dynamic methods are not effective in detect-ing memory-resident *** addition,existing memory forensics detection solutions perform unsatisfactorily in detection rate and depend on massive expert knowledge in memory *** paper proposes MRm-DLDet,a state-of-the-art memory-resident malware detection framework,to overcome these ***-DLDet first builds a virtual machine environment and captures memory dumps,then creatively processes the memory dumps into RGB images using a pre-processing technique that combines deduplication and ultra-high resolution image cropping,followed by our neural network MRmNet in MRm-DLDet to fully extract high-dimensional features from memory dump files and detect *** receives the labeled sub-images of the cropped high-resolution RGB images as input of ResNet-18,which extracts the features of the *** trains a network of gated recurrent units with an attention ***,it determines whether a program is memory-resident malware based on the detection results of each sub-image through a specially designed voting *** created a high-quality dataset consisting of 2,060 benign and memory-resident *** other words,the dataset contains 1,287,500 labeled sub-images cut from the MRm-DLDet transformed ultra-high resolution RGB *** implement MRm-DLDet for Windows 10,and it performs better than the latest methods,with a detection accuracy of up to 98.34%.Moreover,we measured the effects of mimicry and adversarial attacks on MRm-DLDet,and the experimental results demonstrated the robustness

关键词： Memory-resident malware Memory forensics Malware detection Deep learning Ultra-high resolution image

Tracking Your Browser with High-Performance Browser Fingerprint Recognition Model

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

China Communications 2020年第3期17卷 168-175页

作者： Wei Jiang Xiaoxi Wang Xinfang Song qixu liu Xiaofeng liu Chinese Academy of Cyberspace Studies Beijing 100010China College of Computer Science Beijing University of TechnologyBeijing100124China Beijing Information Technology College Beijing100015China Institute of Information Engineering Chinese Academy of SciencesBeijing100093China University of Chinese Academy of Sciences Beijing100049China

As the cyber security has attracted great attention in recent years,and with all kinds of tools’(such as Network Agent,VPN and so on)help,traditional methods of tracking users like log analysis and cookie have been not that *** for some privacy sensitive users who changed their browser configuration frequently to hide *** Browser Fingerprinting technology proposed by Electronic Frontier Foundation(EFF)gives a new approach of tracking users,and then our team designed an enhanced fingerprint dealing solution based on browser fingerprinting *** enhanced solution plays well in recognizing the similar fingerprints,but it is not that *** we improve the algorithm and propose a high-performance,efficient Browser Fingerprint Recognition *** new model reforms the fingerprint items set by EFF and propose a Fingerprint Tracking Algorithm(FTA)to deal with collected *** can associate users with some browser configuration changes in different periods of time quickly and *** testing with the experimental website built on the public network,we prove the high-performance and efficiency of our algorithm with a 20%time-consuming decrease than ever.

关键词： browser fingerprint AHP fingerprint tracking algorithm

维普期刊数据库

Driving Android apps to trigger target API invocations based on activity and GUI filtering

在线全文

学校读者我要写书评

暂无评论

Science China(Information Sciences) 2017年第7期60卷 262-264页

作者： Hongzhou YUE Yuqing ZHANG Wenjie WANG qixu liu State Key Laboratory of Integrated Services Networks Xidian University National Computer Network Intrusion Protection Center University of Chinese Academy of Sciences State Key Laboratory of Information Security Institute of Information EngineeringChinese Academy of Sciences

For an Android app tester,it is often needed to trigger the specific behaviors of an ***,most of the existing Android GUI exploration tools only pursue high code coverage,rather than triggering the specific behaviors of an app[1,2].It inevitably leads to the unnecessary time consumption in the exploration process of an app if the testers only care about some specific behaviors of this ***,methods of making a more targeted GUI exploration tool had been studied by

关键词： GUI API Driving Android apps to trigger target API invocations based on activity and GUI filtering

A lightweight DDoS detection scheme under SDN context

在线全文

同方期刊数据库

学校读者我要写书评

暂无评论

Cybersecurity 2023年第1期6卷 75-89页

作者： Kun Jia Chaoge liu qixu liu Junnan Wang Jiazhi liu Feng liu State Key Laboratory of Information Security Institute of Information EngineeringBeijingChina School of Cyber Security University of Chinese Acad emy of SciencesBeijing 100049China The Sixth Research Offce Institute of Information EngineeringChinese Academy of SciencesBeijing 100093China

Software-defined networking(SDN),a novel network paradigm,separates the control plane and data plane into dif-ferent network equipment to realize the flexible control of network *** excellent programmability and global view present many new *** detection under the SDN context is an important and challenging research *** previous works attempted to collect and analyze statistics related to flows,usually recorded in switches,to address DDoS *** contrast,other works applied machine learning-based solutions to identify DDos and achieved promising ***,most previous works need to periodically request flow rules or packets to obtain flow statistics or features to detect stealthy ***,the request for flow rules is very time-consuming and CPU-consuming;moreover may congest the communication channel between the controller and the ***,we present FORT,a lightweight DDoS detection scheme,which spreads the rule-based detection algorithm at edge switches and determines whether to start it by periodically retrieving the ports state.A time-series algorithm,ARIMA,is utilized to determine the port statistics adaptively,and an SVM algorithm is applied to detect whether a DDoS attack does *** experiments demonstrate that FORT can significantly reduce the controller load and provide a reliable detection *** to the false alarm rate of 1.24%in the comparison scheme,the false alarm rate of this scheme is only 0.039%,which significantly reduces the probability of false ***,by introducing the alarm mechanism,this scheme can reduce the load of the southbound chan-nel by more than 60%in the normal state.

关键词： DDoS Port monitoring Flow rule Software defined network MiniNet RYU controller Detection

An adaptive system for detecting malicious queries in web attacks

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Science China(Information Sciences) 2018年第3期61卷 175-190页

作者： Ying DONG Yuqing ZHANG Hua MA Qianru WU qixu liu Kai WANG Wenjie WANG National Computer Network Intrusion Protection Center University of Chinese Academy of Sciences State Key Laboratory of Information Security Institute of Information EngineeringChinese Academy of Sciences School of Mathematics and Statistics Xidian University Security Department Alibaba Group Zhanlu Laboratory Tencent Incorporation

Web request query strings(queries), which pass parameters to a referenced resource, are always manipulated by attackers to retrieve sensitive data and even take full control of victim web servers and web applications. However, existing malicious query detection approaches in the literature cannot cope with changing web attacks. In this paper, we introduce a novel adaptive system(AMOD) that can adaptively detect web-based code injection attacks, which are the majority of web attacks, by analyzing queries. We also present a new adaptive learning strategy, called SVM HYBRID, leveraged by our system to minimize manual work. In the evaluation, an up-to-date detection model is trained on a ten-day query dataset collected from an academic institute’s web server logs. The evaluation shows our approach overwhelms existing approaches in two respects. Firstly, AMOD outperforms existing web attack detection methods with an F-value of 99.50%and FP rate of 0.001%. Secondly, the total number of malicious queries obtained by SVM HYBRID is3.07 times that by the popular support vector machine adaptive learning(SVM AL) method. The malicious queries obtained can be used to update the web application firewall(WAF) signature library.

关键词： web attacks adaptive learning intrusion detection anomaly detection SVM

A static technique for detecting input validation vulnerabilities in Android apps

在线全文

同方期刊数据库

学校读者我要写书评

暂无评论

Science China(Information Sciences) 2017年第5期60卷 210-225页

作者： Zhejun FANG qixu liu Yuqing ZHANG Kai WANG Zhiqiang WANG Qianru WU National Computer Network Intrusion Protection Center University of Chinese Academy of Sciences National Computer Network Emergency Response Technical Team/Coordination Center of China State Key Laboratory of Information Security Institute of Information EngineeringChinese Academy of Sciences Beijing Electronic Science and Technology Institute

Input validation vulnerabilities are common in Android apps, especially in inter-component communications. Malicious attacks can exploit this kind of vulnerability to bypass Android security mechanism and compromise the integrity, confidentiality and availability of Android devices. However, so far there is not a sound approach at the source code level for app developers aiming to detect input validation vulnerabilities in Android apps. In this paper, we propose a novel approach for detecting input validation flaws in Android apps and we implement a prototype named Easy IVD, which provides practical static analysis of Java source *** IVD leverages backward program slicing to extract transaction and constraint slices from Java source *** Easy IVD validates these slices with predefined security rules to detect vulnerabilities in a known *** detect vulnerabilities in an unknown pattern, Easy IVD extracts implicit security specifications as frequent patterns from the duplicated slices and verifies them. Then Easy IVD semi-automatically confirms the suspicious rule violations and reports the confirmed ones as vulnerabilities. We evaluate Easy IVD on four versions of original Android apps spanning from version 2.2 to 5.0. It detects 58 vulnerabilities including confused deputy attacks and denial of service attacks. Our results prove that Easy IVD can provide a practical defensive solution for app developers.

关键词： input validation static analysis program slicing vulnerability detection Android security

Detecting compromised email accounts via login behavior characterization

在线全文

同方期刊数据库

学校读者我要写书评

暂无评论

Cybersecurity 2024年第1期7卷 16-36页

作者： Jianjun Zhao Can Yang Di Wu Yaqin Cao Yuling liu Xiang Cui qixu liu Institute of Information Engineering Chinese Academy of SciencesBeijing100085China School of Cyber Security University of Chinese Academy of SciencesBeijing100049China China Cybersecurity Review Technology and Certification Center Beijing100013China Zhongguancun Laboratory Beijing100089China

The illegal use of compromised email accounts by adversaries can have severe consequences for enterprises and *** compromised email accounts is more challenging than in the social network field,where email accounts have only a few interaction events(sending and receiving).To address the issue of insufficient features,we propose a novel approach to detecting compromised accounts by combining time zone differences and alternate logins to identify abnormal *** on this approach,we propose a compromised email account detection framework that relies on widely available and less sensitive login logs and does not require *** framework characterizes login behaviors to identify logins that do not belong to the account owner and outputs a list of account-subnet pairs ranked by their likelihood of having abnormal login *** approach reduces the number of account-subnet pairs that need to be investigated and provides a reference for investigation *** evaluation demonstrates that our method can detect most email accounts that have been accessed by disclosed malicious IP addresses and outperforms similar ***,our framework has the capability to uncover undisclosed malicious IP addresses.

关键词： Compromised account detection Mixture model Login log analysis Attribution and forensic

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Flash跨站脚本漏洞挖掘技术研究

计算机研究与发展 2014年第7期51卷 1624-1632页

作者：刘奇旭温涛闻观行中国科学院大学国家计算机网络入侵防范中心北京101408 综合业务网理论及关键技术国家重点实验室(西安电子科技大学) 西安710071

Flash引起的跨站脚本攻击能够导致用户隐私泄露,严重威胁Web安全.有必要对此类漏洞的挖掘技术进行深入研究,尽早发现并修复安全隐患.通过分析总结可以导致XSS(cross-site scripting)漏洞的不安全ActionScript函数,设计并实现了Flash跨... 详细信息

Flash引起的跨站脚本攻击能够导致用户隐私泄露,严重威胁Web安全.有必要对此类漏洞的挖掘技术进行深入研究,尽早发现并修复安全隐患.通过分析总结可以导致XSS(cross-site scripting)漏洞的不安全ActionScript函数,设计并实现了Flash跨站脚本漏洞挖掘工具(flash XSS detector,FXD).它将静态分析和动态测试技术相结合,能够自动地反编译Flash文件,分析ActionScript文件中包含的危险函数及对应参数,并通过动态测试方法加以验证.通过使用该工具对Alexa Top100站点中的Flash文件进行广泛的测试,发现18个站点的48个Flash应用可以导致XSS攻击.该测试结果表明了FXD的有效性和先进性.

关键词： Adobe Flash ActionScript 跨站脚本安全漏洞 Web安全

维普期刊数据库

BotCatcher:基于深度学习的僵尸网络检测系统

在线全文

学校读者我要写书评

暂无评论

通信学报 2018年第8期39卷 18-28页

作者：吴迪方滨兴崔翔刘奇旭中国科学院信息工程研究所北京100093 中国科学院大学网络空间安全学院北京100049 广州大学网络空间先进技术研究院广东广州510006 电子科技大学广东电子信息工程研究院广东东莞523808 北京邮电大学网络空间安全学院北京100876

机器学习技术在僵尸网络检测领域具有广泛应用,但随着僵尸网络形态和命令控制机制逐渐变化,人工特征选取变得越来越困难。为此,提出基于深度学习的僵尸网络检测系统——BotCatcher,从时间和空间这2个维度自动化提取网络流量特征,通过结... 详细信息

机器学习技术在僵尸网络检测领域具有广泛应用,但随着僵尸网络形态和命令控制机制逐渐变化,人工特征选取变得越来越困难。为此,提出基于深度学习的僵尸网络检测系统——BotCatcher,从时间和空间这2个维度自动化提取网络流量特征,通过结合多种深层神经网络结构建立分类器。BotCatcher不依赖于任何有关协议和拓扑的先验知识,不需要人工选取特征。实验结果表明,该模型性能良好,能够对僵尸网络流量进行准确识别。

关键词：僵尸网络深度学习检测特征

维普期刊数据库