In the execution of method invocation sequences to test component security,abnormal or normal information is generated and recorded in a monitor log. By searching abnormal information from monitor log,the exceptions t...In the execution of method invocation sequences to test component security,abnormal or normal information is generated and recorded in a monitor log. By searching abnormal information from monitor log,the exceptions that the component has can be determined. To facilitate the searching process,string searching methods could be employed. However,current approaches are not effective enough to search long pattern string. In order to mine the specific information with less number of matches,we proposed an improved Sunday string searching algorithm in this paper. Unlike Sunday algorithm which does not make use of the already matched characters,the proposed approach presents two ideas — utilizing and recycling these characters. We take advantage of all matched characters in main string,if they are still in the matchable interval compared with pattern string,to increase the distance that pattern string moves backwards. Experimental analysis shows that,compared to Sunday algorithm,our method could greatly reduce the matching times,if the scale of character set constituting both main string and pattern string is small,or if the length of pattern string is long. Also,the proposed approach can improve the search effectiveness for abnormal information in component security testing.展开更多
Smartphones and mobile tablets are rapidly becoming indispensable in daily life. Android has been the most popular mobile operating system since 2012. However, owing to the open nature of Android, countless malwares a...Smartphones and mobile tablets are rapidly becoming indispensable in daily life. Android has been the most popular mobile operating system since 2012. However, owing to the open nature of Android, countless malwares are hidden in a large number of benign apps in Android markets that seriously threaten Android security. Deep learning is a new area of machine learning research that has gained increasing attention in artificial intelligence. In this study, we propose to associate the features from the static analysis with features from dynamic analysis of Android apps and characterize malware using deep learning techniques. We implement an online deep-learning-based Android malware detection engine(Droid Detector) that can automatically detect whether an app is a malware or not. With thousands of Android apps, we thoroughly test Droid Detector and perform an indepth analysis on the features that deep learning essentially exploits to characterize malware. The results show that deep learning is suitable for characterizing Android malware and especially effective with the availability of more training data. Droid Detector can achieve 96.76% detection accuracy, which outperforms traditional machine learning techniques. An evaluation of ten popular anti-virus softwares demonstrates the urgency of advancing our capabilities in Android malware detection.展开更多
Mass monitor logs are produced during the process of component security testing. In order to mine the explicit and implicit security exception information of the tested component, the log should be searched for keywor...Mass monitor logs are produced during the process of component security testing. In order to mine the explicit and implicit security exception information of the tested component, the log should be searched for keyword strings. However, existing string-searching algorithms are not very efficient or appropriate for the operation of searching monitor logs during component security testing. For mining abnormal information effectively in monitor logs, an improved string-searching algorithm is proposed. The main idea of this algorithm is to search for the first occurrence of a character in the main string. The character should be different and farther from the last character in the pattern string. With this algorithm, the backward moving distance of the pattern string will be increased and the matching time will be optimized. In the end, we conduct an experimental study based on our approach, the results of which show that the proposed algorithm finds strings in monitor logs 11.5% more efficiently than existing approaches.展开更多
With the wide application and development of blockchain technology in various fields such as finance, government affairs and medical care, security incidents occur frequently on it, which brings great threats to users...With the wide application and development of blockchain technology in various fields such as finance, government affairs and medical care, security incidents occur frequently on it, which brings great threats to users’ assets and information. Many researchers have worked on blockchain abnormal behavior awareness in respond to these threats. We summarize respectively the existing public blockchain and consortium blockchain abnormal behavior awareness methods and ideas in detail as the difference between the two types of blockchain. At the same time, we summarize and analyze the existing data sets related to mainstream blockchain security, and finally discuss possible future research directions. Therefore, this work can provide a reference for blockchain security awareness research.展开更多
It is difficult to formalize the causes of vulnerability, and there is no effective model to reveal the causes and characteristics of vulnerability. In this paper, a vulnerability model construction method is proposed...It is difficult to formalize the causes of vulnerability, and there is no effective model to reveal the causes and characteristics of vulnerability. In this paper, a vulnerability model construction method is proposed to realize the description of vulnerability attribute and the construction of a vulnerability model. A vulnerability model based on chemical abstract machine(CHAM) is constructed to realize the CHAM description of vulnerability model, and the framework of vulnerability model is also discussed. Case study is carried out to verify the feasibility and effectiveness of the proposed model. In addition, a prototype system is also designed and implemented based on the proposed vulnerability model. Experimental results show that the proposed model is more effective than other methods in the detection of software vulnerabilities.展开更多
基金supported by National Natural Science Foundation of China (NSFC grant number:61202110,61401180 and 61502205)the Postdoctoral Science Foundation of China (Grant number:2015M571687 and 2015M581739)the Graduate Research Innovation Project of Jiangsu Province(KYLX15_1079 and KYLX16_0900)
文摘In the execution of method invocation sequences to test component security,abnormal or normal information is generated and recorded in a monitor log. By searching abnormal information from monitor log,the exceptions that the component has can be determined. To facilitate the searching process,string searching methods could be employed. However,current approaches are not effective enough to search long pattern string. In order to mine the specific information with less number of matches,we proposed an improved Sunday string searching algorithm in this paper. Unlike Sunday algorithm which does not make use of the already matched characters,the proposed approach presents two ideas — utilizing and recycling these characters. We take advantage of all matched characters in main string,if they are still in the matchable interval compared with pattern string,to increase the distance that pattern string moves backwards. Experimental analysis shows that,compared to Sunday algorithm,our method could greatly reduce the matching times,if the scale of character set constituting both main string and pattern string is small,or if the length of pattern string is long. Also,the proposed approach can improve the search effectiveness for abnormal information in component security testing.
文摘Smartphones and mobile tablets are rapidly becoming indispensable in daily life. Android has been the most popular mobile operating system since 2012. However, owing to the open nature of Android, countless malwares are hidden in a large number of benign apps in Android markets that seriously threaten Android security. Deep learning is a new area of machine learning research that has gained increasing attention in artificial intelligence. In this study, we propose to associate the features from the static analysis with features from dynamic analysis of Android apps and characterize malware using deep learning techniques. We implement an online deep-learning-based Android malware detection engine(Droid Detector) that can automatically detect whether an app is a malware or not. With thousands of Android apps, we thoroughly test Droid Detector and perform an indepth analysis on the features that deep learning essentially exploits to characterize malware. The results show that deep learning is suitable for characterizing Android malware and especially effective with the availability of more training data. Droid Detector can achieve 96.76% detection accuracy, which outperforms traditional machine learning techniques. An evaluation of ten popular anti-virus softwares demonstrates the urgency of advancing our capabilities in Android malware detection.
基金supported by the National Natural Science Foundation of China (Nos.61202110 and 61502205)the Postdoctoral Science Foundation of China (Nos.2015M571687 and 2015M581739)the Graduate Research Innovation Project of Jiangsu Province (No.KYLX15 1079)
文摘Mass monitor logs are produced during the process of component security testing. In order to mine the explicit and implicit security exception information of the tested component, the log should be searched for keyword strings. However, existing string-searching algorithms are not very efficient or appropriate for the operation of searching monitor logs during component security testing. For mining abnormal information effectively in monitor logs, an improved string-searching algorithm is proposed. The main idea of this algorithm is to search for the first occurrence of a character in the main string. The character should be different and farther from the last character in the pattern string. With this algorithm, the backward moving distance of the pattern string will be increased and the matching time will be optimized. In the end, we conduct an experimental study based on our approach, the results of which show that the proposed algorithm finds strings in monitor logs 11.5% more efficiently than existing approaches.
基金This research is supported by National Key Research and Development Program of China (Nos. 2021YFF0307203 and 2019QY1300)Youth Innovation Promotion Association CAS (No. 2021156)+2 种基金the Strategic Priority Research Program of Chinese Academy of Sciences (No. XDC02040100)National Natural Science Foundation of China (No. 61802404)This work is also supported by the Program of Key Laboratory of Network Assessment Technology, the Chinese Academy of Sciences, Program of Beijing Key Laboratory of Network Security and Protection Technology.
文摘With the wide application and development of blockchain technology in various fields such as finance, government affairs and medical care, security incidents occur frequently on it, which brings great threats to users’ assets and information. Many researchers have worked on blockchain abnormal behavior awareness in respond to these threats. We summarize respectively the existing public blockchain and consortium blockchain abnormal behavior awareness methods and ideas in detail as the difference between the two types of blockchain. At the same time, we summarize and analyze the existing data sets related to mainstream blockchain security, and finally discuss possible future research directions. Therefore, this work can provide a reference for blockchain security awareness research.
基金Supported by the National Natural Science Foundation of China(61202110 and 61502205)the Project of Jiangsu Provincial Six Talent Peaks(XYDXXJS-016)
文摘It is difficult to formalize the causes of vulnerability, and there is no effective model to reveal the causes and characteristics of vulnerability. In this paper, a vulnerability model construction method is proposed to realize the description of vulnerability attribute and the construction of a vulnerability model. A vulnerability model based on chemical abstract machine(CHAM) is constructed to realize the CHAM description of vulnerability model, and the framework of vulnerability model is also discussed. Case study is carried out to verify the feasibility and effectiveness of the proposed model. In addition, a prototype system is also designed and implemented based on the proposed vulnerability model. Experimental results show that the proposed model is more effective than other methods in the detection of software vulnerabilities.