Federation Boosting Tree for Originator Rights Protection

The problem of data island hinders the application of big data in artificial intelligence model training,so researchers propose a federated learning framework.It enables model training without having to centralize all data in a central storage point.In the current horizontal federated learning scheme,each participant gets the final jointly trained model.No solution is proposed for scenarios where participants only provide training data in exchange for benefits,but do not care about the final jointly trained model.Therefore,this paper proposes a newboosted tree algorithm,calledRPBT(the originator Rights Protected federated Boosted Tree algorithm).Compared with the current horizontal federal learning algorithm,each participant will obtain the final jointly trained model.RPBT can guarantee that the local data of the participants will not be leaked,while the final jointly trained model cannot be obtained.It is worth mentioning that,from the perspective of the participants,the scheme uses the batch idea to make the participants participate in the training in random batches.Therefore,this scheme is more suitable for scenarios where a large number of participants are jointly modeling.Furthermore,a small number of participants will not actually participate in the joint training process.Therefore,the proposed scheme is more secure.Theoretical analysis and experimental evaluations show that RPBT is secure,accurate and efficient.

Unsupervised Binary Protocol Clustering Based on Maximum Sequential Patterns

With the rapid development of the Internet,a large number of private protocols emerge on the network.However,some of them are constructed by attackers to avoid being analyzed,posing a threat to computer network security.The blockchain uses the P2P protocol to implement various functions across the network.Furthermore,the P2P protocol format of blockchain may differ from the standard format specification,which leads to sniffing tools such as Wireshark and Fiddler not being able to recognize them.Therefore,the ability to distinguish different types of unknown network protocols is vital for network security.In this paper,we propose an unsupervised clustering algorithm based on maximum frequent sequences for binary protocols,which can distinguish various unknown protocols to provide support for analyzing unknown protocol formats.We mine the maximum frequent sequences of protocolmessage sets in bytes.Andwe calculate the fuzzymembership of the protocolmessage to each maximum frequent sequence,which is based on fuzzy set theory.Then we construct the fuzzy membership vector for each protocol message.Finally,we adopt K-means++to split different types of protocol messages into several clusters and evaluate the performance by calculating homogeneity,integrity,and Fowlkes and Mallows Index(FMI).Besides,the clustering algorithms based onNeedleman–Wunsch and the fixed-length prefix are compared with the algorithm presented in this paper.Compared with these traditional clustering methods,we demonstrate a certain improvement in the clustering performance of our work.

Content Feature Extraction-based Hybrid Recommendation for Mobile Application Services

The number of mobile application services is showing an explosive growth trend,which makes it difficult for users to determine which ones are of interest.Especially,the new mobile application services are emerge continuously,most of them have not be rated when they need to be recommended to users.This is the typical problem of cold start in the field of collaborative filtering recommendation.This problem may makes it difficult for users to locate and acquire the services that they actually want,and the accuracy and novelty of service recommendations are also difficult to satisfy users.To solve this problem,a hybrid recommendation method for mobile application services based on content feature extraction is proposed in this paper.First,the proposed method in this paper extracts service content features through Natural Language Processing technologies such as word segmentation,part-of-speech tagging,and dependency parsing.It improves the accuracy of describing service attributes and the rationality of the method of calculating service similarity.Then,a language representation model called Bidirectional Encoder Representation from Transformers(BERT)is used to vectorize the content feature text,and an improved weighted word mover’s distance algorithm based on Term Frequency-Inverse Document Frequency(TFIDF-WMD)is used to calculate the similarity of mobile application services.Finally,the recommendation process is completed by combining the item-based collaborative filtering recommendation algorithm.The experimental results show that by using the proposed hybrid recommendation method presented in this paper,the cold start problem is alleviated to a certain extent,and the accuracy of the recommendation result has been significantly improved.

EDSM-Based Binary Protocol State Machine Reversing

Internet communication protocols define the behavior rules of network components when they communicate with each other.With the continuous development of network technologies,many private or unknown network protocols are emerging in endlessly various network environments.Herein,relevant protocol specifications become difficult or unavailable to translate in many situations such as network security management and intrusion detection.Although protocol reverse engineering is being investigated in recent years to perform reverse analysis on the specifications of unknown protocols,most existing methods have proven to be time-consuming with limited efficiency,especially when applied on unknown protocol state machines.This paper proposes a state merging algorithm based on EDSM(Evidence-Driven State Merging)to infer the transition rules of unknown protocols in form of state machines with high efficiency.Compared with another classical state machine inferring method based on Exbar algorithm,the experiment results demonstrate that our proposed method could run faster,especially when dealing with massive training data sets.In addition,this method can also make the state machines have higher similarities with the reference state machines constructed from public specifications.

Container Introspection: Using External Management Containers to Monitor Containers in Cloud Computing

Cloud computing plays an important role in today’s Internet environment,which meets the requirements of scalability,security and reliability by using virtualization technologies.Container technology is one of the two mainstream virtualization solutions.Its lightweight,high deployment efficiency make container technology widely used in large-scale cloud computing.While container technology has created huge benefits for cloud service providers and tenants,it cannot meet the requirements of security monitoring and management from a tenant perspective.Currently,tenants can only run their security monitors in the target container,but it is not secure because the attacker is able to detect and compromise the security monitor.In this paper,a secure external monitoring approach is proposed to monitor target containers in another management container.The management container is transparent for target containers,but it can obtain the executing information of target containers,providing a secure monitoring environment.Security monitors running inside management containers are secure for the cloud host,since the management containers are not privileged.We implement the transparent external management containers by performing the one-way isolation of processes and files.For process one-way isolation,we leverage Linux namespace technology to let management container become the parent of target containers.By mounting the file system of target container to that of the management container,file system one-way isolation is achieved.Compared with the existing host-based monitoring approach,our approach is more secure and suitable in the cloud environment.

Road Distance Computation Using Homomorphic Encryption in Road Networks

Road networks have been used in a wide range of applications to reduces the cost of transportation and improve the quality of related services.The shortest road distance computation has been considered as one of the most fundamental operations of road networks computation.To alleviate privacy concerns about location privacy leaks during road distance computation,it is desirable to have a secure and efficient road distance computation approach.In this paper,we propose two secure road distance computation approaches,which can compute road distance over encrypted data efficiently.An approximate road distance computation approach is designed by using Partially Homomorphic Encryption and road network set embedding.An exact road distance computation is built by using Somewhat Homomorphic Encryption and road network hypercube embedding.We implement our two road distance computation approaches,and evaluate them on the real cityscale road network.Evaluation results show that our approaches are accurate and efficient.

Skipping Undesired High-Frequency Content to Boost DPI Engine

Deep Packet Inspection(DPI)at the core of many monitoring appliances,such as NIDS,NIPS,plays a major role.DPI is beneficial to content providers and censorship to monitor network traffic.However,the surge of network traffic has put tremendous pressure on the performance of DPI.In fact,the sensitive content being monitored is only a minority of network traffic,that is to say,most is undesired.A close look at the network traffic,we found that it contains many undesired high frequency content(UHC)that are not monitored.As everyone knows,the key to improve DPI performance is to skip as many useless characters as possible.Nevertheless,researchers generally study the algorithm of skipping useless characters through sensitive content,ignoring the high-frequency non-sensitive content.To fill this gap,in this literature,we design a model,named Fast AC Model with Skipping(FAMS),to quickly skip UHC while scanning traffic.The model consists of a standard AC automaton,where the input traffic is scanned byte-by-byte,and an additional sub-model,which includes a mapping set and UHC matching model.The mapping set is a bridge between the state node of AC and UHC matching model,while the latter is to select a matching function from hash and fingerprint functions.Our experiments show promising results that we achieve a throughput gain of 1.3-2.6 times the original throughput and 1.1-1.3 times Barr’s double path method.

Blood Sample Image Classification Algorithm Based on SVM and HOG

In the medical field,the classification and analysis of blood samples has always been arduous work.In the previous work of this task,manual classification maneuvers have been used,which are time consuming and laborious.The conventional blood image classification research is mainly focused on the microscopic cell image classification,while the macroscopic reagent processing blood coagulation image classification research is still blank.These blood samples processed with reagents often show some inherent shape characteristics,such as coagulation,attachment,discretization and so on.The shape characteristics of these blood samples also make it possible for us to recognize their classification through computer vision algorithms.Blood sample classification focuses on the texture and shape of the picture.HOG feature is a kind of feature descriptor used for object detection in computer vision and image processing.It can better extract the outline and texture features of the image by calculating and counting the histogram of oriented gradient of the local region of the image.Because the medical machines that need to identify and classify blood samples often lack strong calculation power,the current popular machine-learning classification algorithms cannot play a good role in these machines.In addition,the characteristics of blood samples produced by different types of reagents and processing methods are different,and it is difficult to obtain real samples,so the amount of data that can be used for training is small.Combining the above conditions and the experimental comparison of a variety of classification algorithms,we find that the lightweight SVMmodel has a better performance on this problem,and the combination of HOG and SVM has also been widely used in other research.The experiment demonstrated that the classification algorithm based on SVM and HOG can give a good result of both performance and accuracy in the classification of blood samples problem.