Smartphones and mobile tablets are rapidly becoming indispensable in daily life. Android has been the most popular mobile operating system since 2012. However, owing to the open nature of Android, countless malwares a...Smartphones and mobile tablets are rapidly becoming indispensable in daily life. Android has been the most popular mobile operating system since 2012. However, owing to the open nature of Android, countless malwares are hidden in a large number of benign apps in Android markets that seriously threaten Android security. Deep learning is a new area of machine learning research that has gained increasing attention in artificial intelligence. In this study, we propose to associate the features from the static analysis with features from dynamic analysis of Android apps and characterize malware using deep learning techniques. We implement an online deep-learning-based Android malware detection engine(Droid Detector) that can automatically detect whether an app is a malware or not. With thousands of Android apps, we thoroughly test Droid Detector and perform an indepth analysis on the features that deep learning essentially exploits to characterize malware. The results show that deep learning is suitable for characterizing Android malware and especially effective with the availability of more training data. Droid Detector can achieve 96.76% detection accuracy, which outperforms traditional machine learning techniques. An evaluation of ten popular anti-virus softwares demonstrates the urgency of advancing our capabilities in Android malware detection.展开更多
Mass monitor logs are produced during the process of component security testing. In order to mine the explicit and implicit security exception information of the tested component, the log should be searched for keywor...Mass monitor logs are produced during the process of component security testing. In order to mine the explicit and implicit security exception information of the tested component, the log should be searched for keyword strings. However, existing string-searching algorithms are not very efficient or appropriate for the operation of searching monitor logs during component security testing. For mining abnormal information effectively in monitor logs, an improved string-searching algorithm is proposed. The main idea of this algorithm is to search for the first occurrence of a character in the main string. The character should be different and farther from the last character in the pattern string. With this algorithm, the backward moving distance of the pattern string will be increased and the matching time will be optimized. In the end, we conduct an experimental study based on our approach, the results of which show that the proposed algorithm finds strings in monitor logs 11.5% more efficiently than existing approaches.展开更多
Genetic algorithm(GA) has received significant attention for the design and implementation of intrusion detection systems. In this paper, it is proposed to use variable length chromosomes(VLCs) in a GA-based network i...Genetic algorithm(GA) has received significant attention for the design and implementation of intrusion detection systems. In this paper, it is proposed to use variable length chromosomes(VLCs) in a GA-based network intrusion detection system.Fewer chromosomes with relevant features are used for rule generation. An effective fitness function is used to define the fitness of each rule. Each chromosome will have one or more rules in it. As each chromosome is a complete solution to the problem, fewer chromosomes are sufficient for effective intrusion detection. This reduces the computational time. The proposed approach is tested using Defense Advanced Research Project Agency(DARPA) 1998 data. The experimental results show that the proposed approach is efficient in network intrusion detection.展开更多
With the wide application and development of blockchain technology in various fields such as finance, government affairs and medical care, security incidents occur frequently on it, which brings great threats to users...With the wide application and development of blockchain technology in various fields such as finance, government affairs and medical care, security incidents occur frequently on it, which brings great threats to users’ assets and information. Many researchers have worked on blockchain abnormal behavior awareness in respond to these threats. We summarize respectively the existing public blockchain and consortium blockchain abnormal behavior awareness methods and ideas in detail as the difference between the two types of blockchain. At the same time, we summarize and analyze the existing data sets related to mainstream blockchain security, and finally discuss possible future research directions. Therefore, this work can provide a reference for blockchain security awareness research.展开更多
It is difficult to formalize the causes of vulnerability, and there is no effective model to reveal the causes and characteristics of vulnerability. In this paper, a vulnerability model construction method is proposed...It is difficult to formalize the causes of vulnerability, and there is no effective model to reveal the causes and characteristics of vulnerability. In this paper, a vulnerability model construction method is proposed to realize the description of vulnerability attribute and the construction of a vulnerability model. A vulnerability model based on chemical abstract machine(CHAM) is constructed to realize the CHAM description of vulnerability model, and the framework of vulnerability model is also discussed. Case study is carried out to verify the feasibility and effectiveness of the proposed model. In addition, a prototype system is also designed and implemented based on the proposed vulnerability model. Experimental results show that the proposed model is more effective than other methods in the detection of software vulnerabilities.展开更多
文摘Smartphones and mobile tablets are rapidly becoming indispensable in daily life. Android has been the most popular mobile operating system since 2012. However, owing to the open nature of Android, countless malwares are hidden in a large number of benign apps in Android markets that seriously threaten Android security. Deep learning is a new area of machine learning research that has gained increasing attention in artificial intelligence. In this study, we propose to associate the features from the static analysis with features from dynamic analysis of Android apps and characterize malware using deep learning techniques. We implement an online deep-learning-based Android malware detection engine(Droid Detector) that can automatically detect whether an app is a malware or not. With thousands of Android apps, we thoroughly test Droid Detector and perform an indepth analysis on the features that deep learning essentially exploits to characterize malware. The results show that deep learning is suitable for characterizing Android malware and especially effective with the availability of more training data. Droid Detector can achieve 96.76% detection accuracy, which outperforms traditional machine learning techniques. An evaluation of ten popular anti-virus softwares demonstrates the urgency of advancing our capabilities in Android malware detection.
基金supported by the National Natural Science Foundation of China (Nos.61202110 and 61502205)the Postdoctoral Science Foundation of China (Nos.2015M571687 and 2015M581739)the Graduate Research Innovation Project of Jiangsu Province (No.KYLX15 1079)
文摘Mass monitor logs are produced during the process of component security testing. In order to mine the explicit and implicit security exception information of the tested component, the log should be searched for keyword strings. However, existing string-searching algorithms are not very efficient or appropriate for the operation of searching monitor logs during component security testing. For mining abnormal information effectively in monitor logs, an improved string-searching algorithm is proposed. The main idea of this algorithm is to search for the first occurrence of a character in the main string. The character should be different and farther from the last character in the pattern string. With this algorithm, the backward moving distance of the pattern string will be increased and the matching time will be optimized. In the end, we conduct an experimental study based on our approach, the results of which show that the proposed algorithm finds strings in monitor logs 11.5% more efficiently than existing approaches.
文摘Genetic algorithm(GA) has received significant attention for the design and implementation of intrusion detection systems. In this paper, it is proposed to use variable length chromosomes(VLCs) in a GA-based network intrusion detection system.Fewer chromosomes with relevant features are used for rule generation. An effective fitness function is used to define the fitness of each rule. Each chromosome will have one or more rules in it. As each chromosome is a complete solution to the problem, fewer chromosomes are sufficient for effective intrusion detection. This reduces the computational time. The proposed approach is tested using Defense Advanced Research Project Agency(DARPA) 1998 data. The experimental results show that the proposed approach is efficient in network intrusion detection.
基金This research is supported by National Key Research and Development Program of China (Nos. 2021YFF0307203 and 2019QY1300)Youth Innovation Promotion Association CAS (No. 2021156)+2 种基金the Strategic Priority Research Program of Chinese Academy of Sciences (No. XDC02040100)National Natural Science Foundation of China (No. 61802404)This work is also supported by the Program of Key Laboratory of Network Assessment Technology, the Chinese Academy of Sciences, Program of Beijing Key Laboratory of Network Security and Protection Technology.
文摘With the wide application and development of blockchain technology in various fields such as finance, government affairs and medical care, security incidents occur frequently on it, which brings great threats to users’ assets and information. Many researchers have worked on blockchain abnormal behavior awareness in respond to these threats. We summarize respectively the existing public blockchain and consortium blockchain abnormal behavior awareness methods and ideas in detail as the difference between the two types of blockchain. At the same time, we summarize and analyze the existing data sets related to mainstream blockchain security, and finally discuss possible future research directions. Therefore, this work can provide a reference for blockchain security awareness research.
基金Supported by the National Natural Science Foundation of China(61202110 and 61502205)the Project of Jiangsu Provincial Six Talent Peaks(XYDXXJS-016)
文摘It is difficult to formalize the causes of vulnerability, and there is no effective model to reveal the causes and characteristics of vulnerability. In this paper, a vulnerability model construction method is proposed to realize the description of vulnerability attribute and the construction of a vulnerability model. A vulnerability model based on chemical abstract machine(CHAM) is constructed to realize the CHAM description of vulnerability model, and the framework of vulnerability model is also discussed. Case study is carried out to verify the feasibility and effectiveness of the proposed model. In addition, a prototype system is also designed and implemented based on the proposed vulnerability model. Experimental results show that the proposed model is more effective than other methods in the detection of software vulnerabilities.
