An Attack Modeling Based on Colored Petri Net

A color petri net (CPN) based attack modeling approach is addressed. Compared with graph-based modeling, CPN based attack model is flexible enough to model Internet intrusions, because of their static and dynamic features. The processes and rules of building CPN based attack model from attack tree are also presented. In order to evaluate the risk of intrusion, some cost elements are added to CPN based attack modeling. This extended model is useful in intrusion detection and risk evaluation. Experiences show that it is easy to exploit CPN based attack modeling approach to provide the controlling functions, such as intrusion response and intrusion defense. A case study given in this paper shows that CPN based attack model has many unique characters which attack tree model hasn’t.

Study on Anti-ship Missile Saturation Attack Model

Based on the analysis for the interception process of ship-to-air missile system to the anti-ship missile stream, the antagonism of ship-to-air missile and anti-ship missile stream was modeled by Monte Carlo method. This model containing the probability of acquiring anti-ship missile, threat estimation, firepower distribution, interception, effectiveness evaluation and firepower turning, can dynamically simulate the antagonism process of anti-ship missile attack stream and anti-air missile weapon system. The anti-ship missile's saturation attack stream for different ship-to-air missile systems can be calculated quantitatively. The simulated results reveal the relations among the anti-ship missile saturation attack and the attack intensity of anti-ship missile, interception mode and the main parameters of anti-air missile weapon system. It provides a theoretical basis for the effective operation of anti-ship missile.

Evaluating Privacy Leakage and Memorization Attacks on Large Language Models (LLMs) in Generative AI Applications

The recent interest in the deployment of Generative AI applications that use large language models (LLMs) has brought to the forefront significant privacy concerns, notably the leakage of Personally Identifiable Information (PII) and other confidential or protected information that may have been memorized during training, specifically during a fine-tuning or customization process. We describe different black-box attacks from potential adversaries and study their impact on the amount and type of information that may be recovered from commonly used and deployed LLMs. Our research investigates the relationship between PII leakage, memorization, and factors such as model size, architecture, and the nature of attacks employed. The study utilizes two broad categories of attacks: PII leakage-focused attacks (auto-completion and extraction attacks) and memorization-focused attacks (various membership inference attacks). The findings from these investigations are quantified using an array of evaluative metrics, providing a detailed understanding of LLM vulnerabilities and the effectiveness of different attacks.

GUARDIAN: A Multi-Tiered Defense Architecture for Thwarting Prompt Injection Attacks on LLMs

This paper introduces a novel multi-tiered defense architecture to protect language models from adversarial prompt attacks. We construct adversarial prompts using strategies like role emulation and manipulative assistance to simulate real threats. We introduce a comprehensive, multi-tiered defense framework named GUARDIAN (Guardrails for Upholding Ethics in Language Models) comprising a system prompt filter, pre-processing filter leveraging a toxic classifier and ethical prompt generator, and pre-display filter using the model itself for output screening. Extensive testing on Meta’s Llama-2 model demonstrates the capability to block 100% of attack prompts. The approach also auto-suggests safer prompt alternatives, thereby bolstering language model security. Quantitatively evaluated defense layers and an ethical substitution mechanism represent key innovations to counter sophisticated attacks. The integrated methodology not only fortifies smaller LLMs against emerging cyber threats but also guides the broader application of LLMs in a secure and ethical manner.

Analysis of SVEIR worm attack model with saturated incidence and partial immunization

Internet worms can propagate across networks at terrifying speeds,reduce network security to a remarkable extent,and cause heavy economic losses.Thus,the rapid elimination of Internet worms using partial immunization becomes a significant matter for sustaining Internet infrastructure.This paper addresses this issue by presenting a novel worm susceptible-vaccinated-exposed-infectious-recovered model,named the SVEIR model.The SVEIR model extends the classical susceptible-exposed-infectious-recovered model(refer to SEIR model)through incorporating a saturated incidence rate and a partial immunization rate.The basic reproduction number in the SVEIR model is obtained.By virtue of the basic reproduction number,we prove the global stabilities of an infection-free equilibrium point and a unique endemic equilibrium point.Numerical methods are used to verify the proposed SVEIR model.Simulation results show that partial immunization is highly effective for eliminating worms,and the SVEIR model is viable for controlling and forecasting Internet worms.

A Novel Shilling Attack Detection Model Based on Particle Filter and Gravitation

With the rapid development of e-commerce, the security issues of collaborative filtering recommender systems have been widely investigated. Malicious users can benefit from injecting a great quantities of fake profiles into recommender systems to manipulate recommendation results. As one of the most important attack methods in recommender systems, the shilling attack has been paid considerable attention, especially to its model and the way to detect it. Among them, the loose version of Group Shilling Attack Generation Algorithm (GSAGenl) has outstanding performance. It can be immune to some PCC (Pearson Correlation Coefficient)-based detectors due to the nature of anti-Pearson correlation. In order to overcome the vulnerabilities caused by GSAGenl, a gravitation-based detection model (GBDM) is presented, integrated with a sophisticated gravitational detector and a decider. And meanwhile two new basic attributes and a particle filter algorithm are used for tracking prediction. And then, whether an attack occurs can be judged according to the law of universal gravitation in decision-making. The detection performances of GBDM, HHT-SVM, UnRAP, AP-UnRAP Semi-SAD,SVM-TIA and PCA-P are compared and evaluated. And simulation results show the effectiveness and availability of GBDM.

Algebraic Attack on Filter-Combiner Model Keystream Generators

Algebraic attack was applied to attack Filter-Combintr model keystreamgenerators. We proposed the technique of function composition to improve the model, and the improvedmodel can resist the algebraic attack. A new criterion for designing Filter-Combiner model was alsoproposed: the total length I. of Linear Finite State Machines used in the model should be largeenough and the degree d of Filter-Combiner function should be approximate [L/2].

A Novel Attack on Complex APUFs Using the Evolutionary Deep Convolutional Neural Network

As the internet of things(IoT)continues to expand rapidly,the significance of its security concerns has grown in recent years.To address these concerns,physical unclonable functions(PUFs)have emerged as valuable tools for enhancing IoT security.PUFs leverage the inherent randomness found in the embedded hardware of IoT devices.However,it has been shown that some PUFs can be modeled by attackers using machine-learning-based approaches.In this paper,a new deep learning(DL)-based modeling attack is introduced to break the resistance of complex XAPUFs.Because training DL models is a problem that falls under the category of NP-hard problems,there has been a significant increase in the use of meta-heuristics(MH)to optimize DL parameters.Nevertheless,it is widely recognized that finding the right balance between exploration and exploitation when dealing with complex problems can pose a significant challenge.To address these chal-lenges,a novel migration-based multi-parent genetic algorithm(MBMPGA)is developed to train the deep convolutional neural network(DCNN)in order to achieve a higher rate of accuracy and convergence speed while decreas-ing the run-time of the attack.In the proposed MBMPGA,a non-linear migration model of the biogeography-based optimization(BBO)is utilized to enhance the exploitation ability of GA.A new multi-parent crossover is then introduced to enhance the exploration ability of GA.The behavior of the proposed MBMPGA is examined on two real-world optimization problems.In benchmark problems,MBMPGA outperforms other MH algorithms in convergence rate.The proposed model are also compared with previous attacking models on several simulated challenge-response pairs(CRPs).The simulation results on the XAPUF datasets show that the introduced attack in this paper obtains more than 99%modeling accuracy even on 8-XAPUF.In addition,the proposed MBMPGA-DCNN outperforms the state-of-the-art modeling attacks in a reduced timeframe and with a smaller number of required sets of CRPs.The area under the curve(AUC)of MBMPGA-DCNN outperforms other architectures.MBMPGA-DCNN achieved sensitivities,specificities,and accuracies of 99.12%,95.14%,and 98.21%,respectively,in the test datasets,establishing it as the most successful method.

自杀式恐怖袭击防控探究

自杀式恐怖袭击具有恐怖袭击模式与恐怖袭击手段的多重属性,其运行满足以恐怖主体为核心耦合袭击目标、袭击手段、袭击时间和袭击后果等多维恐怖袭击要素的基本存续结构,亦以袭击主体的消亡带动袭击目标受袭形成袭击手段。为有效认知自杀式恐怖袭击以提升恐怖主义治理效能,从袭击主体、袭击工具和袭击行动的消亡性对其进行剖析,发现基于行为体、承袭体和致损体生成致灾因子、构成致灾机理、形成防控困境,同时也回溯治理逻辑。加强对自杀式恐怖袭击的有效研究,有利于丰富恐怖袭击的研究体系、提升恐怖袭击的应对能力,以期进一步完善恐怖主义的治理工作。

面向人工智能模型的安全攻击和防御策略综述

近年来,以深度学习为代表的人工智能技术发展迅速,在计算机视觉、自然语言处理等多个领域得到广泛应用.然而,最新研究表明这些先进的人工智能模型存在潜在的安全隐患,可能影响人工智能技术应用的可靠性.为此,深入调研了面向人工智能模型的安全攻击、攻击检测以及防御策略领域中前沿的研究成果.在模型安全攻击方面,聚焦于对抗性攻击、模型反演攻击、模型窃取攻击等方面的原理和技术现状;在模型攻击检测方面,聚焦于防御性蒸馏、正则化、异常值检测、鲁棒统计等检测方法;在模型防御策略方面,聚焦于对抗训练、模型结构防御、查询控制防御等技术手段.概括并扩展了人工智能模型安全相关的技术和方法,为模型的安全应用提供了理论支持.此外,还使研究人员能够更好地理解该领域的当前研究现状,并选择适当的未来研究方向.

基于感知相似性的多目标优化隐蔽图像后门攻击

深度学习模型容易受到后门攻击,在处理干净数据时表现正常,但在处理具有触发模式的有毒样本时会表现出恶意行为.然而,目前大多数后门攻击产生的后门图像容易被人眼察觉,导致后门攻击隐蔽性不足.因此提出了一种基于感知相似性的多目标优化隐蔽图像后门攻击方法.首先,使用感知相似性损失函数减少后门图像与原始图像之间的视觉差异.其次,采用多目标优化方法解决中毒模型上任务间冲突的问题,从而确保模型投毒后性能稳定.最后,采取了两阶段训练方法,使触发模式的生成自动化,提高训练效率.最终实验结果表明,在干净准确率不下降的情况下,人眼很难将生成的后门图像与原始图像区分开.同时,在目标分类模型上成功进行了后门攻击,all-to-one攻击策略下所有实验数据集的攻击成功率均达到了100%.相比其他隐蔽图像后门攻击方法,具有更好的隐蔽性.

基于Stacking融合模型的Web攻击检测方法

随着计算机技术与互联网技术的飞速发展,Web应用在人们的生产与生活中扮演着越来越重要的角色。但是在人们的日常生活与工作中带来了更多便捷的同时,却也带来了严重的安全隐患。在开发Web应用的过程中,大量不规范的新技术应用引入了很多的网站漏洞。攻击者可以利用Web应用开发过程中的漏洞发起攻击,当Web应用受到攻击时会造成严重的数据泄露和财产损失等安全问题,因此Web安全问题一直受到学术界和工业界的关注。超文本传输协议(HTTP)是一种在Web应用中广泛使用的应用层协议。随着HTTP协议的大量使用,在HTTP请求数据中包含了大量的实际入侵,针对HTTP请求数据进行Web攻击检测的研究也开始逐渐被研究人员所重视。本文提出了一种基于Stacking融合模型的Web攻击检测方法,针对每一条文本格式的HTTP请求数据,首先进行格式化处理得到既定的格式,结合使用Word2Vec方法和TextCNN模型将其转换成向量化表示形式;然后利用Stacking模型融合方法,将不同的子模型(使用配置不同尺寸过滤器的Text-CNN模型搭配不同的检测算法)进行融合搭建出Web攻击检测模型,与融合之前单独的子模型相比在准确率、召回率、F1值上都有所提升。本文所提出的Web攻击检测模型在公开数据集和真实环境数据上都取得了更加稳定的检测性能。

基于凝聚层次聚类算法的ATT&CK模型改进

在应用ATT&CK模型(网络攻击模型)进行网络安全威胁分析的过程中,ATT&CK模型提供的技术集合过于复杂。针对ATT&CK模型应用复杂的问题,论文对模型的技术集进行聚类简化研究,提出了基于聚类算法的模型改进方法,首先对ATT&CK模型的技术集合进行量化和聚类趋势评估,然后对量化的数据应用凝聚层次聚类算法得到简化的聚类结果,最后通过实验验证模型改进有效性。

硫酸盐对混凝土侵蚀过程的细观数值分析

硫酸盐侵蚀作为混凝土耐久性损伤的一个重要方面,日益受到人们的普遍关注。根据Fick第二定律和化学反应动力方程,建立了细观层面硫酸盐对混凝土侵蚀过程的数值分析方法。以混凝土随机凸多边形骨料模型为基础,利用Matlab程序对有限元软件进行二次开发,建立了基于扩散-化学反应的硫酸盐对混凝土侵蚀过程的细观数值分析方法,并与试验结果进行了对比。结果表明:硫酸盐侵蚀过程细观数值方法得到的模拟结果与试验结果吻合较好,可以有效模拟硫酸盐对混凝土的侵蚀过程;距混凝土表面一定深度范围内,SO_(4)^(2-)浓度随表面SO_(4)^(2-)浓度的提高而增加;砂浆中SO_(4)^(2-)扩散系数是影响混凝土内SO_(4)^(2-)最大侵蚀深度的主要因素;界面过渡区厚度对硫酸盐环境中混凝土损伤的影响较小。

基于引导扩散模型的自然对抗补丁生成方法

近年来,物理世界中的对抗补丁攻击因其对深度学习模型安全的影响而引起了广泛关注.现有的工作主要集中在生成在物理世界中攻击性能良好的对抗补丁,没有考虑到对抗补丁图案与自然图像的差别,因此生成的对抗补丁往往不自然且容易被观察者发现.为了解决这个问题,本文提出了一种基于引导的扩散模型的自然对抗补丁生成方法.具体而言,本文通过解析目标检测器的输出构建预测对抗补丁攻击成功率的预测器,利用该预测器的梯度作为条件引导预训练的扩散模型的逆扩散过程,从而生成自然度更高且保持高攻击成功率的对抗补丁.本文在数字世界和物理世界中进行了广泛的实验,评估了对抗补丁针对各种目标检测模型的攻击效果以及对抗补丁的自然度.实验结果表明,通过将所构建的攻击成功率预测器与扩散模型相结合,本文的方法能够生成比现有方案更自然的对抗补丁,同时保持攻击性能.

基于差分隐私与模型聚类的安全联邦学习方案

联邦学习中的模型安全以及客户隐私是亟待解决的重要挑战。为了同时应对这2大挑战,提出了一项基于差分隐私与模型聚类的联邦学习方案,该方案兼顾模型安全与隐私保护。通过在客户更新中引入局部差分隐私扰乱客户上传的参数以保护客户的隐私数据。为保证对加噪模型更新的精准聚类,首次定义余弦梯度作为聚类指标,并根据聚类结果精准定位恶意模型。最后引入全局差分隐私以抵御潜在的后门攻击。通过理论分析得到全局噪声的噪声边界,并证明了本方案引入的噪声总量低于经典模型安全方案所引入的噪声总量。实验结果表明,本方案能够达成在精度、鲁棒以及隐私3方面的预期目标。

基于Transformer和GAN的对抗样本生成算法

对抗攻击与防御是计算机安全领域的一个热门研究方向。针对现有基于梯度的对抗样本生成方法可视质量差、基于优化的方法生成效率低的问题,提出基于Transformer和生成对抗网络(GAN)的对抗样本生成算法Trans-GAN。首先利用Transformer强大的视觉表征能力,将其作为重构网络,用于接收干净图像并生成攻击噪声;其次将Transformer重构网络作为生成器,与基于深度卷积网络的鉴别器相结合组成GAN网络架构,提高生成图像的真实性并保证训练的稳定性,同时提出改进的注意力机制Targeted Self-Attention,在训练网络时引入目标标签作为先验知识,指导网络模型学习生成具有特定攻击目标的对抗扰动;最后利用跳转连接将对抗噪声施加在干净样本上,形成对抗样本,攻击目标分类网络。实验结果表明:Trans-GAN算法针对MNIST数据集中2种模型的攻击成功率都达到99.9%以上,针对CIFAR10数据集中2种模型的攻击成功率分别达到96.36%和98.47%,优于目前先进的基于生成式的对抗样本生成方法;相比快速梯度符号法和投影梯度下降法,Trans-GAN算法生成的对抗噪声扰动量更小,形成的对抗样本更加自然,满足人类视觉不易分辨的要求。

受压混凝土中硫酸根离子的扩散与损伤机理分析

针对沿海、盐渍土环境下荷载和硫酸盐侵蚀的耦合作用对混凝土结构耐久性造成的损伤,提出了一种受压混凝土中硫酸根离子扩散的数值模型。首先,基于Fick第二定律,考虑应力和混凝土孔隙率之间的关系建立了荷载作用下混凝土内硫酸根离子的理论扩散模型;其次,通过自编程序构建包含水泥砂浆、界面过渡区和天然骨料的混凝土三相随机凸多边形骨料模型,从而实现了受压混凝土中硫酸根离子扩散的细观模拟;最后,通过与受压混凝土在硫酸盐溶液中全浸泡的实验结果对比分析,验证了理论模型和细观模型的有效性。进而对不同水灰比的受压混凝土试件在不同浓度硫酸盐溶液中的离子扩散与损伤过程进行了数值分析,分析结果表明:随着压应力水平的提高,同深度处硫酸根离子浓度逐渐减小;与压应力相比,侵蚀溶液浓度和水灰比对硫酸根离子扩散的影响更加明显;水灰比对压应力抑制离子扩散程度的影响要大于侵蚀溶液浓度;适当减小水灰比更有利于受压状态下的混凝土抵抗硫酸盐侵蚀。

基于博弈论的弹目攻防决策方法研究

针对空战环境中弹目攻防双方的对抗特性,提出了一种基于博弈论的弹目攻防决策方法。基于导弹目标运动数学关系得到状态方程,根据弹目攻防对抗机理建立“一对一导弹-目标”动态博弈模型,确定弹目双方策略集与收益矩阵,提出混合策略纳什均衡求解方法,并结合模型滚动预测方法获得该策略空间的纳什均衡点。算例仿真结果表明,基于混合策略下导弹制导律为该策略空间的纳什均衡点,且该方法可以减小导弹对目标的脱靶量,提高导弹的命中精度,为导弹攻防作战提供了依据。

面向大语言模型的越狱攻击综述

近年来,大语言模型(large language model,LLM)在一系列下游任务中得到了广泛应用,并在多个领域表现出了卓越的文本理解、生成与推理能力.然而,越狱攻击正成为大语言模型的新兴威胁.越狱攻击能够绕过大语言模型的安全机制,削弱价值观对齐的影响,诱使经过对齐的大语言模型产生有害输出.越狱攻击带来的滥用、劫持、泄露等问题已对基于大语言模型的对话系统与应用程序造成了严重威胁.对近年的越狱攻击研究进行了系统梳理,并基于攻击原理将其分为基于人工设计的攻击、基于模型生成的攻击与基于对抗性优化的攻击3类.详细总结了相关研究的基本原理、实施方法与研究结论,全面回顾了大语言模型越狱攻击的发展历程,为后续的研究提供了有效参考.对现有的安全措施进行了简略回顾,从内部防御与外部防御2个角度介绍了能够缓解越狱攻击并提高大语言模型生成内容安全性的相关技术,并对不同方法的利弊进行了罗列与比较.在上述工作的基础上,对大语言模型越狱攻击领域的现存问题与前沿方向进行探讨,并结合多模态、模型编辑、多智能体等方向进行研究展望.