A Cross Language Code Security Audit Framework Based on Normalized Representation

With the rapid development of information technology,audit objects and audit itself are more and more inseparable from software.As an important means of software security audit,code security audit will become an important aspect of future audit that cannot be ignored.However,the existing code security audit ismainly based on source code,which is difficult to meet the audit needs of more and more programming languages and binary commercial software.Based on the idea of normalized transformation,this paper constructs a cross language code security audit framework(CLCSA).CLCSA first uses compile/decompile technology to convert different highlevel programming languages and binary codes into normalized representation,and then usesmachine learning technology to build a cross language code security audit model based on normalized representation to evaluate code security and find out possible code security vulnerabilities.Finally,for the discovered vulnerabilities,the heuristic search strategy will be used to find the best repair scheme from the existing normalized representation sample library for automatic repair,which can improve the effectiveness of code security audit.CLCSA realizes the normalized code security audit of different types and levels of code,which provides a strong support for improving the breadth and depth of code security audit.

Enhancing Security in QR Code Technology Using AI: Exploration and Mitigation Strategies

The widespread adoption of QR codes has revolutionized various industries, streamlined transactions and improved inventory management. However, this increased reliance on QR code technology also exposes it to potential security risks that malicious actors can exploit. QR code Phishing, or “Quishing”, is a type of phishing attack that leverages QR codes to deceive individuals into visiting malicious websites or downloading harmful software. These attacks can be particularly effective due to the growing popularity and trust in QR codes. This paper examines the importance of enhancing the security of QR codes through the utilization of artificial intelligence (AI). The abstract investigates the integration of AI methods for identifying and mitigating security threats associated with QR code usage. By assessing the current state of QR code security and evaluating the effectiveness of AI-driven solutions, this research aims to propose comprehensive strategies for strengthening QR code technology’s resilience. The study contributes to discussions on secure data encoding and retrieval, providing valuable insights into the evolving synergy between QR codes and AI for the advancement of secure digital communication.

LibPass:基于包结构和签名的第三方库检测方法

第三方库检测是Android应用安全分析领域的上游任务,其检测精度对于恶意应用检测、重打包检测、隐私泄露等下游任务有显著影响.为了提升检测精度和效率,采用相似性比较的思想,提出一种基于包结构和签名的第三方库检测方法,命名为LibPass.LibPass以流水线式模式组合主模块识别、第三方库候选识别和细粒度检测等3个组件.主模块识别方法区分主程序二进制代码与引入的第三方库二进制代码,旨在提升方法检测效率.在此基础上,提出由第三方库候选识别和细粒度检测构成的两阶段检测方法.前者利用包结构特征的稳定性来应对应用程序的混淆行为以提升混淆情形下的检测精度,并利用包结构签名完成快速比对以识别候选第三方库,达到显著降低成对比较次数、提升检测效率的目的;后者在前者涮选出的候选中,通过更细粒度但代价更高的相似性分析精确地识别第三方库及其对应的版本.为了验证方法的性能和效率,构建3个评估不同检测能力的基准数据集,在这些基准数据集上开展实验验证,从检测性能、检测效率和抗混淆性等方面对实验结果进行深入分析,结果表明LibPass具备较高的检测精度,检测效率,以及应对多种常用混淆操作的能力.

基于混沌系统和喷泉码的DNA加密编码方法

在这个海量数据时代,DNA是一种很好的新信息存储媒介。与传统的物理存储介质相比,它具有能耗低、存储密度高、存储寿命长等固有的优点。随着DNA存储技术的快速发展,如何保障新技术下的信息安全至关重要。为此,该文结合加密领域研究和DNA编码领域研究,提出了一种基于混沌系统和喷泉码的DNA加密编码方法,利用混沌系统加密原理,在DNA喷泉码编码过程中进行加密,在保留DNA喷泉码特性的同时,保障了编码信息的安全性。该方法可用于任意类型数据,可实现高信息密度和任意约束条件的DNA编码。同时,通过仿真实验证明,该方法可以有效抵抗多种密码学攻击,并对DNA存储过程产生的数据错误有一定纠错能力。

Proof of Activity Protocol for IoMT Data Security

The Internet of Medical Things(IoMT)is an online device that senses and transmits medical data from users to physicians within a time interval.In,recent years,IoMT has rapidly grown in the medicalfield to provide healthcare services without physical appearance.With the use of sensors,IoMT applications are used in healthcare management.In such applications,one of the most important factors is data security,given that its transmission over the network may cause obtrusion.For data security in IoMT systems,blockchain is used due to its numerous blocks for secure data storage.In this study,Blockchain-assisted secure data management framework(BSDMF)and Proof of Activity(PoA)protocol using malicious code detection algorithm is used in the proposed data security for the healthcare system.The main aim is to enhance the data security over the networks.The PoA protocol enhances high security of data from the literature review.By replacing the malicious node from the block,the PoA can provide high security for medical data in the blockchain.Comparison with existing systems shows that the proposed simulation with BSD-Malicious code detection algorithm achieves higher accuracy ratio,precision ratio,security,and efficiency and less response time for Blockchain-enabled healthcare systems.

Intrusion Detection Model Using Chaotic MAP for Network Coding Enabled Mobile Small Cells

Wireless Network security management is difficult because of the ever-increasing number of wireless network malfunctions,vulnerabilities,and assaults.Complex security systems,such as Intrusion Detection Systems(IDS),are essential due to the limitations of simpler security measures,such as cryptography and firewalls.Due to their compact nature and low energy reserves,wireless networks present a significant challenge for security procedures.The features of small cells can cause threats to the network.Network Coding(NC)enabled small cells are vulnerable to various types of attacks.Avoiding attacks and performing secure“peer”to“peer”data transmission is a challenging task in small cells.Due to the low power and memory requirements of the proposed model,it is well suited to use with constrained small cells.An attacker cannot change the contents of data and generate a new Hashed Homomorphic Message Authentication Code(HHMAC)hash between transmissions since the HMAC function is generated using the shared secret.In this research,a chaotic sequence mapping based low overhead 1D Improved Logistic Map is used to secure“peer”to“peer”data transmission model using lightweight H-MAC(1D-LM-P2P-LHHMAC)is proposed with accurate intrusion detection.The proposed model is evaluated with the traditional models by considering various evaluation metrics like Vector Set Generation Accuracy Levels,Key Pair Generation Time Levels,Chaotic Map Accuracy Levels,Intrusion Detection Accuracy Levels,and the results represent that the proposed model performance in chaotic map accuracy level is 98%and intrusion detection is 98.2%.The proposed model is compared with the traditional models and the results represent that the proposed model secure data transmission levels are high.

Artificial Noise Aided Polar Codes for Physical LayerSecurity

The secrecy rates of the existing practical secrecy coding methods are relative low to satisfy the security requirement of 5 G communications.We propose an artificial noise(AN) aided polar coding algorithm to improve the secrecy rate.Firstly,a secrecy coding model based on AN is presented,where the confidential bits of last transmission code block are adopted as AN to inject into the current codeword.In this way,the AN can only be eliminated from the jammed codeword by the legitimate users.Since the AN is shorter than the codeword,we then develop a suboptimal jamming positions selecting algorithm with the goal of maximizing the bit error rate of the eavesdropper.Theoretical and simulation results demonstrate that the proposed algorithm outperforms the random selection method and the method without AN.

Code mechanical solidification and verification in MEMS security devices

The virtual machine of code mechanism （VMCM） as a new concept for code mechanical solidification and verification is proposed and can be applied in MEMS （micro-electromechanical systems） security device for high consequence systems. Based on a study of the running condition of physical code mechanism, VMCM＇s configuration, ternary encoding method, running action and logic are derived. The cases of multi-level code mechanism are designed and verified with the VMCM method, showing that the presented method is effective.

基于FPGA软件安全性的HDL编码规范分析与研究

随着FPGA的广泛应用,FPGA的运行代码的安全性也越来越重要。文章从HDL编码的角度,研究了影响FPGA软件功能安全性的几个重要因素,分析了信号跨时钟域处理、状态机设计、信号毛刺等因素在编码阶段对软件安全性的影响,并提出了对应的防范措施;形成了基于FPGA软件功能安全性的HDL编码和设计规范,为规避在编码阶段引入软件功能安全性问题提供了一定的依据和参考。

一种使用ChatGPT的源代码安全漏洞检测方法

随着软件及信息系统的安全问题越来越突出,作为重要组成部分,源代码的安全是最底层的关键点,如何快速准确地对源代码进行安全漏洞检测显得尤为重要。本文提出一种基于ChatGPT的源代码安全漏洞检测方法,利用ChatGPT在自然语言处理领域的优势,将源代码转换为自然语言形式,然后利用ChatGPT对其进行处理,识别潜在的安全漏洞。该方法可以检测出多种类型的安全漏洞,如不安全的设计、SQL注入等。通过在公开数据集的源代码上进行安全漏洞检测的实验分析,验证了该方法的优越性和准确性。

网络环境下基于Erasure Codes的高可靠性存储体系设计

设计了一种基于Erasure Codes的网络环境下的分布式文件存储系统。初步的实验结果证明这种存储体系可以较好地解决人们当前所面临的文件存储的可靠性、安全性等问题。

Physical Layer Security with Its Applications in 5GNetworks： A Review

5G network is expected to support massive user connections and exponentially increasing wireless services,which makes network security unprecedentedly important.Unlike traditional security-guaranteeing techniques which rely heavily on cryptographic approaches at upper layers of the protocol stack,physical-layer security(PLS) solutions fully take advantages of the characteristics of wireless channels to degrade the received signal qualities at the malicious users,and realize keyless secure transmission via signal design and signal processing techniques.PLS avoids the difficulties in the distribution and management of secret keys,and provides flexible security levels through adaptive transmission protocol design.Moreover,PLS techniques match the features of 5G networks well.Therefore,the application of PLS to 5G networks is a promising solution to address the security threats.This article presents a comprehensive review of the state-of-the-art PLS techniques,and discusses their applications in 5G networks.We first summarize the principle and advantages of PLS techniques,and point out the reasons why PLS is suitable for 5G networks.Then,we review the existing PLS methods in literature,and highlight severalPLS solutions that are expected to be applied in 5G networks.Finally,we conclude this article and figure out some further research directions.

Reversible Video Steganography Using Quick Response Codes and Modified ElGamal Cryptosystem

The rapid transmission of multimedia information has been achieved mainly by recent advancements in the Internet’s speed and information technology.In spite of this,advancements in technology have resulted in breaches of privacy and data security.When it comes to protecting private information in today’s Internet era,digital steganography is vital.Many academics are interested in digital video because it has a great capability for concealing important data.There have been a vast number of video steganography solutions developed lately to guard against the theft of confidential data.The visual imperceptibility,robustness,and embedding capacity of these approaches are all challenges that must be addressed.In this paper,a novel solution to reversible video steganography based on Discrete Wavelet Transform(DWT)and Quick Response(QR)codes is proposed to address these concerns.In order to increase the security level of the suggested method,an enhanced ElGamal cryptosystem has also been proposed.Prior to the embedding stage,the suggested method uses the modified ElGamal algorithm to encrypt secret QR codes.Concurrently,it applies two-dimensional DWT on the Y-component of each video frame resulting in Approximation(LL),Horizontal(LH),Vertical(HL),and Diagonal(HH)sub-bands.Then,the encrypted Low(L),Medium(M),Quantile(Q),and High(H)QR codes are embedded into the HL sub-band,HHsub-band,U-component,and V-component of video frames,respectively,using the Least Significant Bit(LSB)technique.As a consequence of extensive testing of the approach,it was shown to be very secure and highly invisible,as well as highly resistant to attacks from Salt&Pepper,Gaussian,Poisson,and Speckle noises,which has an average Structural Similarity Index(SSIM)of more than 0.91.Aside from visual imperceptibility,the suggested method exceeds current methods in terms of Peak Signal-to-Noise Ratio(PSNR)average of 52.143 dB,and embedding capacity 1 bpp.

Secure Transmission in Downlink Non-Orthogonal Multiple Access Based on Polar Codes

Non-orthogonal multiple access(NOMA)is deemed to have a superior spectral efficiency and polar codes have became the channel coding scheme for control channel of enhanced mobile broadband(eMBB)in the fifth generation(5G)communication systems.In this paper,NOMA combined with polar codes is used to achieve secure transmission.Both degraded wiretap channel and non-degraded wiretap channel are considered,where an eavesdropper intercepts the communication between base station(BS)and users.For the degraded wiretap channel scenario,a secure polar encoding scheme is proposed in NOMA systems with power allocation to achieve the maximum secrecy capacity.With regard to the nondegraded wiretap channel,a polar encoding scheme with multiple-input-single-output(MISO)system is proposed,where artificial noise is generated at BS to confuse the eavesdropper’s channel via transmit beamforming.The security and the secure rate are employed respectively in order to measure the secrecy performance.We prove that the proposed schemes for each scenario can achieve the secure rate and can transmit the signal securely and reliably.The simulation results show that the eavesdropper hardly decoding the secure signal when the legitimate receiver can decode the signal with very low block error rate(BLER).

基于Adam梯度数学模型的计算机网络安全检测研究

为解决因攻击性信息频繁入侵而造成的计算机网络非安全运行的问题,给互联网数据提供更加安全的传输环境,设计了一种基于Adam梯度数学模型的计算机网络安全检测技术.根据Adam算法相关参数设置情况,对梯度目标进行融合处理,从而确定应用行为序列表达式,实现对计算机网络安全事件等级的评估.在此基础上,建立集中式B/S架构体系,通过获取One-Hot编码的方式,得到数据归一化处理结果,完成基于Adam梯度数学模型的计算机网络安全检测方法的设计.对比实验结果表明,Adam梯度数学模型的应用,可以有效控制攻击性信息的入侵能力,从而解决计算机网络非安全运行的问题,符合保障网络数据传输环境安全性的实际应用需求.

Mechanism and Defense on Malicious Code

With the explosive growth of network applications, the threat of the malicious code against network security becomes increasingly serious. In this paper we explore the mechanism of the malicious code by giving an attack model of the malicious code, and discuss the critical techniques of implementation and prevention against the malicious code. The remaining problems and emerging trends in this area are also addressed in the paper.

Authentication masking code against DoS of T-MAC protocol

Security vulnerability of denial of service (DoS) in time out-medium access control (T-MAC) protocol was discussed and analysis of power consumption at each stage of T-MAC protocol was carried out. For power efficient authentication scheme which can provide reliability, efficiency, and security for a general T-MAC communication, a novel synchronization and authentication scheme using authentication masking code was proposed. Authentication data were repeated and masked by PN sequence. The simulation results show that the proposed approach can provide synchronization and authentication simultaneously for nodes in wireless sensor network (WSN). 63 bits AMC code gives above 99.97% synchronization detection and 93.98% authentication data detection probability in BER 0.031 7.

Homomorphic Hashing Verification for Wireless Sensor Networks Rateless Codes Over-the-Air Programming

The homomorphic hash algorithm(HHA)is introduced to help on-the-fly verify the vireless sensor network(WSN)over-the-air programming(OAP)data based on rateless codes.The receiver calculates the hash value of a group of data by homomorphic hash function,and then it compares the hash value with the receiving message digest.Because the feedback channel is deliberately removed during the distribution process,the rateless codes are often vulnerable when they face security issues such as packets contamination or attack.This method prevents contaminating or attack on rateless codes and reduces the potential risks of decoding failure.Compared with the SHA1 and MD5,HHA,which has a much shorter message digest,will deliver more data.The simulation results show that to transmit and verify the same amount of OAP data,HHA method sends 17.9% to 23.1%fewer packets than MD5 and SHA1 under different packet loss rates.

Development of Hybrid ARQ Protocol for the Quantum Communication System on Stabilizer Codes

In this paper,we develop a novel hybrid automatic-repeat-request(ARQ)protocol for the quantum communication system using quantum stabilizer codes.The quantum information is encoded by stabilizer codes to against the channel noise.The twophoton entangled state is prepared for codeword secure transmission.Hybrid ARQ protocol rules the recognition and retransmission of error codewords.In this protocol,the property of quantum entangled state ensures the security of information,the theory of hybrid ARQ system improves the reliability of transmission,the theory of quantum stabilizer codes corrects the flipping errors of codewords.Finally,we verify the security and throughput efficiency of this protocol.

Five Basic Types of Insider DoS Attacks of Code Dissemination in Wireless Sensor Networks

Code dissemination is one of the important services of wireless sensor networks (WSNs). Securing the process of code dissemination is essential in some certain WSNs applications, state-of-the-art secure code dissemination protocols for WSNs aim for the efficient source authentication and integrity verification of code image, however, due to the resource constrains of WSNs and the epidemic behavior of the code dissemination system, existing secure code dissemination protocols are vulnerable to Denial of Service (DoS) attacks when sensor nodes can be compromised (insider DoS attacks). In this paper, we identify five different basic types of DoS attacks exploiting the epidemic propagation strategies used by Deluge. They are (1) Higher-version Advertisement attack, (2) False Request attack, (3) Larger-numbered Page attack, (4) Lower-version Adv attack, and (5) Same-version Adv attack. Simulation shows these susceptibilities caused by above insider DoS attacks. Some simple models are also proposed which promote understanding the problem of insider DoS attacks and attempt to quantify the severity of these attacks in the course of code dissemination in WSNs.