Quantum-Enhanced Blockchain: A Secure and Practical Blockchain Scheme

The rapid advancement of quantum technology poses significant security risks to blockchain systems.However,quantum technology can also provide solutions for enhancing blockchain security.In this paper,we propose a quantum-enhanced blockchain scheme to achieve a high level of security against quantum computing attacks.We first discuss quantum computing attacks on classic blockchains,including attacks on hash functions,digital signatures,and consensus mechanisms.We then introduce quantum technologies,such as a quantum hash function(QHF),a quantum digital signature(QDS),and proof of authority(PoA)consensus mechanism,into our scheme to improve the security of the blockchain system.Our security analysis demonstrates that our scheme offers superior security against quantum and classic attacks.Finally,we compare our scheme with previous works,showing that our scheme has achieved a perfect balance in terms of practicality,reliability,scalability,and efficiency.Overall,this work contributes to the ongoing research on quantum blockchain in the quantum era.

Side-Channel Attacks Based on Collaborative Learning

Side-channel attacks based on supervised learning require that the attacker have complete control over the cryptographic device and obtain a large number of labeled power traces.However,in real life,this requirement is usually not met.In this paper,an attack algorithm based on collaborative learning is proposed.The algorithm only needs to use a small number of labeled power traces to cooperate with the unlabeled power trace to realize the attack to cryptographic device.By experimenting with the DPA contest V4 dataset,the results show that the algorithm can improve the accuracy by about 20%compared with the pure supervised learning in the case of using only 10 labeled power traces.

Rumor detection with self-supervised learning on texts and social graph

Rumor detection has become an emerging and active research field in recent years.At the core is to model the rumor characteristics inherent in rich information,such as propagation patterns in social network and semantic patterns in post content,and differentiate them from the truth.However,existing works on rumor detection fall short in modeling heterogeneous information,either using one single information source only(e.g.,social network,or post content)or ignoring the relations among multiple sources(e.g.,fusing social and content features via simple concatenation).Therefore,they possibly have drawbacks in comprehensively understanding the rumors,and detecting them accurately.In this work,we explore contrastive self-supervised learning on heterogeneous information sources,so as to reveal their relations and characterize rumors better.Technically,we supplement the main supervised task of detection with an auxiliary self-supervised task,which enriches post representations via post self-discrimination.Specifically,given two heterogeneous views of a post(i.e.,representations encoding social patterns and semantic patterns),the discrimination is done by maximizing the mutual information between different views of the same post compared to that of other posts.We devise cluster-wise and instance-wise approaches to generate the views and conduct the discrimination,considering different relations of information sources.We term this framework as self-supervised rumor detection(SRD).Extensive experiments on three real-world datasets validate the effectiveness of SRD for automatic rumor detection on social media.

TIM: threat context-enhanced TTP intelligence mining on unstructured threat data

TTPs (Tactics, Techniques, and Procedures), which represent an attacker’s goals and methods, are the long period and essential feature of the attacker. Defenders can use TTP intelligence to perform the penetration test and compensate for defense deficiency. However, most TTP intelligence is described in unstructured threat data, such as APT analysis reports. Manually converting natural language TTPs descriptions to standard TTP names, such as ATT&CK TTP names and IDs, is time-consuming and requires deep expertise. In this paper, we define the TTP classification task as a sentence classification task. We annotate a new sentence-level TTP dataset with 6 categories and 6061 TTP descriptions from 10761 security analysis reports. We construct a threat context-enhanced TTP intelligence mining (TIM) framework to mine TTP intelligence from unstructured threat data. The TIM framework uses TCENet (Threat Context Enhanced Network) to find and classify TTP descriptions, which we define as three continuous sentences, from textual data. Meanwhile, we use the element features of TTP in the descriptions to enhance the TTPs classification accuracy of TCENet. The evaluation result shows that the average classification accuracy of our proposed method on the 6 TTP categories reaches 0.941. The evaluation results also show that adding TTP element features can improve our classification accuracy compared to using only text features. TCENet also achieved the best results compared to the previous document-level TTP classification works and other popular text classification methods, even in the case of few-shot training samples. Finally, the TIM framework organizes TTP descriptions and TTP elements into STIX 2.1 format as final TTP intelligence for sharing the long-period and essential attack behavior characteristics of attackers. In addition, we transform TTP intelligence into sigma detection rules for attack behavior detection. Such TTP intelligence and rules can help defenders deploy long-term effective threat detection and perform more realistic attack simulations to strengthen defense.