With the development of hardware devices and the upgrading of smartphones,a large number of users save privacy-related information in mobile devices,mainly smartphones,which puts forward higher demands on the protecti...With the development of hardware devices and the upgrading of smartphones,a large number of users save privacy-related information in mobile devices,mainly smartphones,which puts forward higher demands on the protection of mobile users’privacy information.At present,mobile user authenticationmethods based on humancomputer interaction have been extensively studied due to their advantages of high precision and non-perception,but there are still shortcomings such as low data collection efficiency,untrustworthy participating nodes,and lack of practicability.To this end,this paper proposes a privacy-enhanced mobile user authentication method with motion sensors,which mainly includes:(1)Construct a smart contract-based private chain and federated learning to improve the data collection efficiency of mobile user authentication,reduce the probability of the model being bypassed by attackers,and reduce the overhead of data centralized processing and the risk of privacy leakage;(2)Use certificateless encryption to realize the authentication of the device to ensure the credibility of the client nodes participating in the calculation;(3)Combine Variational Mode Decomposition(VMD)and Long Short-TermMemory(LSTM)to analyze and model the motion sensor data of mobile devices to improve the accuracy of model certification.The experimental results on the real environment dataset of 1513 people show that themethod proposed in this paper can effectively resist poisoning attacks while ensuring the accuracy and efficiency of mobile user authentication.展开更多
Internet traffic encryption is a very common traffic protection method.Most internet traffic is protected by the encryption protocol called transport layersecurity (TLS). Although traffic encryption can ensure the sec...Internet traffic encryption is a very common traffic protection method.Most internet traffic is protected by the encryption protocol called transport layersecurity (TLS). Although traffic encryption can ensure the security of communication, it also enables malware to hide its information and avoid being detected.At present, most of the malicious traffic detection methods are aimed at the unencrypted ones. There are some problems in the detection of encrypted traffic, suchas high false positive rate, difficulty in feature extraction, and insufficient practicability. The accuracy and effectiveness of existing methods need to be improved.In this paper, we present TLSmell, a framework that conducts maliciousencrypted HTTPs traffic detection with simple connection-specific indicators byusing different classifiers based online training. We perform deep packet analysisof encrypted traffic through data pre-processing to extract effective features, andthen the online training algorithm is used for training and prediction. Withoutdecrypting the original traffic, high-precision malicious traffic detection and analysis are realized, which can guarantee user privacy and communication security.At the same time, since there is no need to decrypt the traffic in advance, the effi-ciency of detecting malicious HTTPs traffic will be greatly improved. Combinedwith the traditional detection and analysis methods, malicious HTTPs traffic isscreened, and suspicious traffic is further analyzed by the expert through the context of suspicious behaviors, thereby improving the overall performance of malicious encrypted traffic detection.展开更多
基金Wenzhou Key Scientific and Technological Projects(No.ZG2020031)Wenzhou Polytechnic Research Projects(No.WZY2021002)+3 种基金Key R&D Projects in Zhejiang Province(No.2021C01117)Major Program of Natural Science Foundation of Zhejiang Province(LD22F020002)the Cloud Security Key Technology Research Laboratorythe Researchers Supporting Project Number(RSP2023R509),King Saud University,Riyadh,Saudi Arabia.
文摘With the development of hardware devices and the upgrading of smartphones,a large number of users save privacy-related information in mobile devices,mainly smartphones,which puts forward higher demands on the protection of mobile users’privacy information.At present,mobile user authenticationmethods based on humancomputer interaction have been extensively studied due to their advantages of high precision and non-perception,but there are still shortcomings such as low data collection efficiency,untrustworthy participating nodes,and lack of practicability.To this end,this paper proposes a privacy-enhanced mobile user authentication method with motion sensors,which mainly includes:(1)Construct a smart contract-based private chain and federated learning to improve the data collection efficiency of mobile user authentication,reduce the probability of the model being bypassed by attackers,and reduce the overhead of data centralized processing and the risk of privacy leakage;(2)Use certificateless encryption to realize the authentication of the device to ensure the credibility of the client nodes participating in the calculation;(3)Combine Variational Mode Decomposition(VMD)and Long Short-TermMemory(LSTM)to analyze and model the motion sensor data of mobile devices to improve the accuracy of model certification.The experimental results on the real environment dataset of 1513 people show that themethod proposed in this paper can effectively resist poisoning attacks while ensuring the accuracy and efficiency of mobile user authentication.
基金supported in part by the following grants:Wenzhou key scientific and technological projects(No.ZG2020031)Researchers Supporting Project of King Saud University,Riyadh,Saudi Arabia(No.RSP-2020/102)+6 种基金National Natural Science Foundation of China under Grant(No.U1936215 and 61772026)Ministry of Industry and Information Technology of the People’s Republic of China under Grant(No.TC190H3WN)State Grid Corporation of China under Grant(No.5211XT19006B)Wenzhou Polytechnic research projects(No.WZY2020001)2020 industrial Internet innovation and development project(TC200H01V)Wenzhou Scientific Research Projects for Underdeveloped Areas(WenRenSheFa[2020]61(No.5)).Zhejiang key R&D projects(No.2021C01117).
文摘Internet traffic encryption is a very common traffic protection method.Most internet traffic is protected by the encryption protocol called transport layersecurity (TLS). Although traffic encryption can ensure the security of communication, it also enables malware to hide its information and avoid being detected.At present, most of the malicious traffic detection methods are aimed at the unencrypted ones. There are some problems in the detection of encrypted traffic, suchas high false positive rate, difficulty in feature extraction, and insufficient practicability. The accuracy and effectiveness of existing methods need to be improved.In this paper, we present TLSmell, a framework that conducts maliciousencrypted HTTPs traffic detection with simple connection-specific indicators byusing different classifiers based online training. We perform deep packet analysisof encrypted traffic through data pre-processing to extract effective features, andthen the online training algorithm is used for training and prediction. Withoutdecrypting the original traffic, high-precision malicious traffic detection and analysis are realized, which can guarantee user privacy and communication security.At the same time, since there is no need to decrypt the traffic in advance, the effi-ciency of detecting malicious HTTPs traffic will be greatly improved. Combinedwith the traditional detection and analysis methods, malicious HTTPs traffic isscreened, and suspicious traffic is further analyzed by the expert through the context of suspicious behaviors, thereby improving the overall performance of malicious encrypted traffic detection.