With serious cybersecurity situations and frequent network attacks,the demands for automated pentests continue to increase,and the key issue lies in attack planning.Considering the limited viewpoint of the attacker,at...With serious cybersecurity situations and frequent network attacks,the demands for automated pentests continue to increase,and the key issue lies in attack planning.Considering the limited viewpoint of the attacker,attack planning under uncertainty is more suitable and practical for pentesting than is the traditional planning approach,but it also poses some challenges.To address the efficiency problem in uncertainty planning,we propose the APU-D*Lite algorithm in this paper.First,the pentest framework is mapped to the planning problem with the Planning Domain Definition Language(PDDL).Next,we develop the pentest information graph to organize network information and assess relevant exploitation actions,which helps to simplify the problem scale.Then,the APU-D*Lite algorithm is introduced based on the idea of incremental heuristic searching.This method plans for both hosts and actions,which meets the requirements of pentesting.With the pentest information graph as the input,the output is an alternating host and action sequence.In experiments,we use the attack success rate to represent the uncertainty level of the environment.The result shows that APU-D*Lite displays better reliability and efficiency than classical planning algorithms at different attack success rates.展开更多
Federated learning(FL)development has grown increasingly strong with the increased emphasis on data for individuals and industry.Federated learning allows individual participants to jointly train a global model withou...Federated learning(FL)development has grown increasingly strong with the increased emphasis on data for individuals and industry.Federated learning allows individual participants to jointly train a global model without sharing local data,which significantly enhances data privacy.However,federated learning is vulnerable to poisoning attacks by malicious participants.Since federated learning does not have access to the participants’training process,i.e.,attackers can compromise the global model by uploading elaborate malicious local updates to the server under the guise of normal participants.Current model poisoning attacks usually add small perturbations to the local model after it is trained to craft harmful local updates and the attacker finds the appropriate perturbation size to bypass robust detection methods and corrupt the global model as much as possible.In contrast,we propose a novel model poisoning attack based on the momentum of history information(MPHM),that is,the attacker makes new malicious updates by dynamically crafting perturbations using the historical information in the local training,which will make the new malicious updates more effective and stealthy.Our attack aims to indiscriminately reduce the testing accuracy of the global model with minimal information.Experiments show that in the classical defense case,our attack can significantly corrupt the accuracy of the global model compared to other advanced poisoning attacks.展开更多
Proprietary(or semi-proprietary)protocols are widely adopted in industrial control systems(ICSs).Inferring protocol format by reverse engineering is important for many network security applications,e.g.,program tests ...Proprietary(or semi-proprietary)protocols are widely adopted in industrial control systems(ICSs).Inferring protocol format by reverse engineering is important for many network security applications,e.g.,program tests and intrusion detection.Conventional protocol reverse engineering methods have been proposed which are considered time-consuming,tedious,and error-prone.Recently,automatical protocol reverse engineering methods have been proposed which are,however,neither effective in handling binary-based ICS protocols based on network traffic analysis nor accurate in extracting protocol fields from protocol implementations.In this paper,we present a framework called the industrial control system protocol reverse engineering framework(ICSPRF)that aims to extract ICS protocol fields with high accuracy.ICSPRF is based on the key insight that an individual field in a message is typically handled in the same execution context,e.g.,basic block(BBL)group.As a result,by monitoring program execution,we can collect the tainted data information processed in every BBL group in the execution trace and cluster it to derive the protocol format.We evaluate our approach with six open-source ICS protocol implementations.The results show that ICSPRF can identify individual protocol fields with high accuracy(on average a 94.3%match ratio).ICSPRF also has a low coarse-grained and overly fine-grained match ratio.For the same metric,ICSPRF is more accurate than AutoFormat(88.5%for all evaluated protocols and 80.0%for binary-based protocols).展开更多
A glucose-sensitive polymer,poly(N-isopropylacrylamide-co-2-acrylamidophenylboronic acid)(P(NIPAM-co-2-AAPBA)),was synthesized by reversible addition fragmentation chain transfer(RAFT)copolymerization.Addition of gluc...A glucose-sensitive polymer,poly(N-isopropylacrylamide-co-2-acrylamidophenylboronic acid)(P(NIPAM-co-2-AAPBA)),was synthesized by reversible addition fragmentation chain transfer(RAFT)copolymerization.Addition of glucose results in reduced solubility and hence increased turbidity,rather than the normal increase in solubility(decreased turbidity)observed for other PBA-based glucose-sensitive polymers.The novel glucose-sensitive behavior is explained by a new mechanism,in which glucose acts as an additive and depresses the lower critical solution temperature(LCST)of the polymer,instead of increasing solubility by increasing the degree of ionization of the PBA groups.Experimental and theoretic analysis for the influence of glucose on the thermal behavior of P(NIPAM-co-2-AAPBA)reveals that glucose depresses the LCST of P(NIPAM-co-2-AAPBA)copolymers in a two-stage manner,a fast decrease at low glucose concentrations followed by a slow decrease at high glucose concentrations.For low glucose concentrations,the binding of glucose with PBA groups on the polymer chain increases the number of glucose molecules proximal to the polymer which influences the thermal behavior of the polymer,causing a rapid decrease in LCST.Importantly,the transition occurs at a glucose concentration equal to the reciprocal of the binding constant between PBA and glucose,thus providing a novel method to determine the binding constant.Other saccharides,including mannose,galactose and fructose,also depress the LCST of P(NIPAM-co-2-AAPBA)copolymer in the same way.展开更多
文摘With serious cybersecurity situations and frequent network attacks,the demands for automated pentests continue to increase,and the key issue lies in attack planning.Considering the limited viewpoint of the attacker,attack planning under uncertainty is more suitable and practical for pentesting than is the traditional planning approach,but it also poses some challenges.To address the efficiency problem in uncertainty planning,we propose the APU-D*Lite algorithm in this paper.First,the pentest framework is mapped to the planning problem with the Planning Domain Definition Language(PDDL).Next,we develop the pentest information graph to organize network information and assess relevant exploitation actions,which helps to simplify the problem scale.Then,the APU-D*Lite algorithm is introduced based on the idea of incremental heuristic searching.This method plans for both hosts and actions,which meets the requirements of pentesting.With the pentest information graph as the input,the output is an alternating host and action sequence.In experiments,we use the attack success rate to represent the uncertainty level of the environment.The result shows that APU-D*Lite displays better reliability and efficiency than classical planning algorithms at different attack success rates.
基金supported in part by the National Key R&D Program of China(2020YFB1712401,2018YFB1701400)the Nature Science Foundation of China(62006210,62001284,62206252)+7 种基金the Key Scientific and Technology Project of Henan Province of China(221100210100)the Key Project of Public Benefit in Henan Province of China(201300210500)the Research Foundation for Advanced Talents of Zhengzhou University(32340306)the Key Research Projects of Universities in Henan Province of China(7A520015,21B520018)Fundamental Science Projects of Railway Police College(2020TJJBKY002)Advanced research project of SongShan Laboratory(YYJC022022001)The Key R&D and Promotion Project in Science and Technology of Henan(232102210154)the Key Scientific and Technological Research Projects in Henan Province of China(192102310216).
文摘Federated learning(FL)development has grown increasingly strong with the increased emphasis on data for individuals and industry.Federated learning allows individual participants to jointly train a global model without sharing local data,which significantly enhances data privacy.However,federated learning is vulnerable to poisoning attacks by malicious participants.Since federated learning does not have access to the participants’training process,i.e.,attackers can compromise the global model by uploading elaborate malicious local updates to the server under the guise of normal participants.Current model poisoning attacks usually add small perturbations to the local model after it is trained to craft harmful local updates and the attacker finds the appropriate perturbation size to bypass robust detection methods and corrupt the global model as much as possible.In contrast,we propose a novel model poisoning attack based on the momentum of history information(MPHM),that is,the attacker makes new malicious updates by dynamically crafting perturbations using the historical information in the local training,which will make the new malicious updates more effective and stealthy.Our attack aims to indiscriminately reduce the testing accuracy of the global model with minimal information.Experiments show that in the classical defense case,our attack can significantly corrupt the accuracy of the global model compared to other advanced poisoning attacks.
基金supported by the National Natural Science Foundation of China(No.61833015)。
文摘Proprietary(or semi-proprietary)protocols are widely adopted in industrial control systems(ICSs).Inferring protocol format by reverse engineering is important for many network security applications,e.g.,program tests and intrusion detection.Conventional protocol reverse engineering methods have been proposed which are considered time-consuming,tedious,and error-prone.Recently,automatical protocol reverse engineering methods have been proposed which are,however,neither effective in handling binary-based ICS protocols based on network traffic analysis nor accurate in extracting protocol fields from protocol implementations.In this paper,we present a framework called the industrial control system protocol reverse engineering framework(ICSPRF)that aims to extract ICS protocol fields with high accuracy.ICSPRF is based on the key insight that an individual field in a message is typically handled in the same execution context,e.g.,basic block(BBL)group.As a result,by monitoring program execution,we can collect the tainted data information processed in every BBL group in the execution trace and cluster it to derive the protocol format.We evaluate our approach with six open-source ICS protocol implementations.The results show that ICSPRF can identify individual protocol fields with high accuracy(on average a 94.3%match ratio).ICSPRF also has a low coarse-grained and overly fine-grained match ratio.For the same metric,ICSPRF is more accurate than AutoFormat(88.5%for all evaluated protocols and 80.0%for binary-based protocols).
基金supported by the National Natural Science Foundation of China(51625302,51873091)the National Key Research and Development Program of China(2017YFC1103501).
文摘A glucose-sensitive polymer,poly(N-isopropylacrylamide-co-2-acrylamidophenylboronic acid)(P(NIPAM-co-2-AAPBA)),was synthesized by reversible addition fragmentation chain transfer(RAFT)copolymerization.Addition of glucose results in reduced solubility and hence increased turbidity,rather than the normal increase in solubility(decreased turbidity)observed for other PBA-based glucose-sensitive polymers.The novel glucose-sensitive behavior is explained by a new mechanism,in which glucose acts as an additive and depresses the lower critical solution temperature(LCST)of the polymer,instead of increasing solubility by increasing the degree of ionization of the PBA groups.Experimental and theoretic analysis for the influence of glucose on the thermal behavior of P(NIPAM-co-2-AAPBA)reveals that glucose depresses the LCST of P(NIPAM-co-2-AAPBA)copolymers in a two-stage manner,a fast decrease at low glucose concentrations followed by a slow decrease at high glucose concentrations.For low glucose concentrations,the binding of glucose with PBA groups on the polymer chain increases the number of glucose molecules proximal to the polymer which influences the thermal behavior of the polymer,causing a rapid decrease in LCST.Importantly,the transition occurs at a glucose concentration equal to the reciprocal of the binding constant between PBA and glucose,thus providing a novel method to determine the binding constant.Other saccharides,including mannose,galactose and fructose,also depress the LCST of P(NIPAM-co-2-AAPBA)copolymer in the same way.