The message blinding method is the most efficient and secure countermeasure against first-order differential power analysis(DPA).Although cross correlation attacks(CCAs) were given for defeating message blinding metho...The message blinding method is the most efficient and secure countermeasure against first-order differential power analysis(DPA).Although cross correlation attacks(CCAs) were given for defeating message blinding methods,however searching for correlation points is difficult for noise,misalignment in practical environment.In this paper,we propose an optimized cross correlation power attack for message blinding exponentiation algorithms.The attack method can select the more correlative power points of share one operation in the modular multiplication by comparing variances between correlation coefficients.Further we demonstrate that the attack method is more efficient in experiments with hardware implementation of RSA on a crypto chip card.In addition to the proposed CCA method can recovery all 1024 bits secret key and recognition rate increases to 100%even when the recorded signals are noisy.展开更多
A simple fast correlation attack is used to analysis the security of Bluetooth combiner in this paper. This attack solves the tradeoff between the length of the keystream and the computing complexity needed to recover...A simple fast correlation attack is used to analysis the security of Bluetooth combiner in this paper. This attack solves the tradeoff between the length of the keystream and the computing complexity needed to recover the secret key. We give the computing complexities of the attack algorithm according to different lengths of the known keystream. The result is less time-consuming than before. It is also shown that the secu-rity of the modified Bluetooth combiner by Hermelin and Nyberg is not significantly enhanced.展开更多
With the continuous development of network technology,various large-scale cyber-attacks continue to emerge.These attacks pose a severe threat to the security of systems,networks,and data.Therefore,how to mine attack p...With the continuous development of network technology,various large-scale cyber-attacks continue to emerge.These attacks pose a severe threat to the security of systems,networks,and data.Therefore,how to mine attack patterns from massive data and detect attacks are urgent problems.In this paper,an approach for attack mining and detection is proposed that performs tasks of alarm correlation,false-positive elimination,attack mining,and attack prediction.Based on the idea of CluStream,the proposed approach implements a flow clustering method and a two-step algorithm that guarantees efficient streaming and clustering.The context of an alarm in the attack chain is analyzed and the LightGBM method is used to perform falsepositive recognition with high accuracy.To accelerate the search for the filtered alarm sequence data to mine attack patterns,the PrefixSpan algorithm is also updated in the store strategy.The updated PrefixSpan increases the processing efficiency and achieves a better result than the original one in experiments.With Bayesian theory,the transition probability for the sequence pattern string is calculated and the alarm transition probability table constructed to draw the attack graph.Finally,a long-short-term memory network and embedding word-vector method are used to perform online prediction.Results of numerical experiments show that the method proposed in this paper has a strong practical value for attack detection and prediction.展开更多
Detection of thewormhole attacks is a cumbersome process,particularly simplex and duplex over thewireless sensor networks(WSNs).Wormhole attacks are characterized as distributed passive attacks that can destabilize or...Detection of thewormhole attacks is a cumbersome process,particularly simplex and duplex over thewireless sensor networks(WSNs).Wormhole attacks are characterized as distributed passive attacks that can destabilize or disable WSNs.The distributed passive nature of these attacks makes them enormously challenging to detect.The main objective is to find all the possible ways in which how the wireless sensor network’s broadcasting character and transmission medium allows the attacker to interrupt network within the distributed environment.And further to detect the serious routing-disruption attack“Wormhole Attack”step by step through the different network mechanisms.In this paper,a new multi-step detection(MSD)scheme is introduced that can effectively detect the wormhole attacks for WSN.The MSD consists of three algorithms to detect and prevent the simplex and duplex wormhole attacks.Furthermore,the proposed scheme integrated five detection modules to systematically detect,recover,and isolate wormhole attacks.Simulation results conducted inOMNET++show that the proposedMSDhas lower false detection and false toleration rates.Besides,MSDcan effectively detect wormhole attacks in a completely distributed network environment,as suggested by the simulation results.展开更多
Traffic flow prediction is an important part of the intelligent transportation system. Accurate multi-step traffic flow prediction plays an important role in improving the operational efficiency of the traffic network...Traffic flow prediction is an important part of the intelligent transportation system. Accurate multi-step traffic flow prediction plays an important role in improving the operational efficiency of the traffic network. Since traffic flow data has complex spatio-temporal correlation and non-linearity, existing prediction methods are mainly accomplished through a combination of a Graph Convolutional Network (GCN) and a recurrent neural network. The combination strategy has an excellent performance in traffic prediction tasks. However, multi-step prediction error accumulates with the predicted step size. Some scholars use multiple sampling sequences to achieve more accurate prediction results. But it requires high hardware conditions and multiplied training time. Considering the spatiotemporal correlation of traffic flow and influence of external factors, we propose an Attention Based Spatio-Temporal Graph Convolutional Network considering External Factors (ABSTGCN-EF) for multi-step traffic flow prediction. This model models the traffic flow as diffusion on a digraph and extracts the spatial characteristics of traffic flow through GCN. We add meaningful time-slots attention to the encoder-decoder to form an Attention Encoder Network (AEN) to handle temporal correlation. The attention vector is used as a competitive choice to draw the correlation between predicted states and historical states. We considered the impact of three external factors (daytime, weekdays, and traffic accident markers) on the traffic flow prediction tasks. Experiments on two public data sets show that it makes sense to consider external factors. The prediction performance of our ABSTGCN-EF model achieves 7.2%–8.7% higher than the state-of-the-art baselines.展开更多
In Wireless Body Area Networks(WBANs)with respect to health care,sensors are positioned inside the body of an individual to transfer sensed data to a central station periodically.The great challenges posed to healthca...In Wireless Body Area Networks(WBANs)with respect to health care,sensors are positioned inside the body of an individual to transfer sensed data to a central station periodically.The great challenges posed to healthcare WBANs are the black hole and sink hole attacks.Data from deployed sensor nodes are attracted by sink hole or black hole nodes while grabbing the shortest path.Identifying this issue is quite a challenging task as a small variation in medicine intake may result in a severe illness.This work proposes a hybrid detection framework for attacks by applying a Proportional Coinciding Score(PCS)and an MK-Means algorithm,which is a well-known machine learning technique used to raise attack detection accuracy and decrease computational difficulties while giving treatments for heartache and respiratory issues.First,the gathered training data feature count is reduced through data pre-processing in the PCS.Second,the pre-processed features are sent to the MK-Means algorithm for training the data and promoting classification.Third,certain attack detection measures given by the intrusion detection system,such as the number of data packages trans-received,are identified by the MK-Means algorithm.This study demonstrates that the MK-Means framework yields a high detection accuracy with a low packet loss rate,low communication overhead,and reduced end-to-end delay in the network and improves the accuracy of biomedical data.展开更多
In the era of global Internet security threats,there is an urgent need for different organizations to cooperate and jointly fight against cyber attacks.We present an algorithm that combines a privacy-preserving techni...In the era of global Internet security threats,there is an urgent need for different organizations to cooperate and jointly fight against cyber attacks.We present an algorithm that combines a privacy-preserving technique and a multi-step attack-correlation method to better balance the privacy and availability of alarm data.This algorithm is used to construct multi-step attack scenarios by discovering sequential attack-behavior patterns.It analyzes the time-sequential characteristics of attack behaviors and implements a support-evaluation method.Optimized candidate attack-sequence generation is applied to solve the problem of pre-defined association-rule complexity,as well as expert-knowledge dependency.An enhanced k-anonymity method is applied to this algorithm to preserve privacy.Experimental results indicate that the algorithm has better performance and accuracy for multi-step attack correlation than other methods,and reaches a good balance between efficiency and privacy.展开更多
Correlation power analysis(CPA) has become a successful attack method about crypto-graphic hardware to recover the secret keys. However, the noise influence caused by the random process interrupts(RPIs) becomes an imp...Correlation power analysis(CPA) has become a successful attack method about crypto-graphic hardware to recover the secret keys. However, the noise influence caused by the random process interrupts(RPIs) becomes an important factor of the power analysis attack efficiency, which will cost more traces or attack time. To address the issue, an improved method about empirical mode decomposition(EMD) was proposed. Instead of restructuring the decomposed signals of intrinsic mode functions(IMFs), we extract a certain intrinsic mode function(IMF) as new feature signal for CPA attack. Meantime, a new attack assessment is proposed to compare the attack effectiveness of different methods. The experiment shows that our method has more excellent performance on CPA than others. The first and the second IMF can be chosen as two optimal feature signals in CPA. In the new method, the signals of the first IMF increase peak visibility by 64% than those of the tradition EMD method in the situation of non-noise. On the condition of different noise interference, the orders of attack efficiencies are also same. With external noise interference, the attack effect of the first IMF based on noise with 15dB is the best.展开更多
Building attack scenario is one of the most important aspects in network security.This paper pro-posed a system which collects intrusion alerts,clusters them as sub-attacks using alerts abstraction,ag-gregates the sim...Building attack scenario is one of the most important aspects in network security.This paper pro-posed a system which collects intrusion alerts,clusters them as sub-attacks using alerts abstraction,ag-gregates the similar sub-attacks,and then correlates and generates correlation graphs.The scenarios wererepresented by alert classes instead of alerts themselves so as to reduce the required rules and have the a-bility of detecting new variations of attacks.The proposed system is capable of passing some of the missedattacks.To evaluate system effectiveness,it was tested with different datasets which contain multi-stepattacks.Compressed and easily understandable Correlation graphs which reflect attack scenarios were gen-erated.The proposed system can correlate related alerts,uncover the attack strategies,and detect newvariations of attacks.展开更多
ABC v3 is a stream cipher submitted to the ECRYPT eStream project and has entered the second evaluation phase. Its key length is 128 bits. In this paper, we find large numbers of new weak keys of ABC family and introd...ABC v3 is a stream cipher submitted to the ECRYPT eStream project and has entered the second evaluation phase. Its key length is 128 bits. In this paper, we find large numbers of new weak keys of ABC family and introduce a method to search for them, and then apply a fast correlation attack to break ABC v3 with weak keys. We show that there are at least 2^103.71 new weak keys in ABC v3. Recovering the internal state of a weak key requires 236.05 keystream words and 2^50.56 operations. The attack can be applied to ABC vl and v2 with the same complexity as that of ABC v3. However, the number of weak keys of ABC vl as well as ABC v2 decreases to 2^97 + 20^95.19,It reveals that ABC v3 incurs more weak keys than that of ABC vl and v2.展开更多
Hash-based message authentication code(HMAC)is widely used in authentication and message integrity.As a Chinese hash algorithm,the SM3 algorithm is gradually winning domestic market value in China.The side channel sec...Hash-based message authentication code(HMAC)is widely used in authentication and message integrity.As a Chinese hash algorithm,the SM3 algorithm is gradually winning domestic market value in China.The side channel security of HMAC based on SM3(HMAC-SM3)is still to be evaluated,especially in hardware implementation,where only intermediate values stored in registers have apparent Hamming distance leakage.In addition,the algorithm structure of SM3 determines the difficulty in HMAC-SM3 side channel analysis.In this paper,a skillful bit-wise chosen-plaintext correlation power attack procedure is proposed for HMAC-SM3 hardware implementation.Real attack experiments on a field programmable gate array(FPGA)board have been performed.Experimental results show that we can recover the key from the hypothesis space of 2256 based on the proposed procedure.展开更多
基金supported in part by National Natural Science Foundation of China Project(Grant No.60873216) Scientific and Technological Research Priority Projects of Sichuan Province(Grant No. 2012GZ0017)
文摘The message blinding method is the most efficient and secure countermeasure against first-order differential power analysis(DPA).Although cross correlation attacks(CCAs) were given for defeating message blinding methods,however searching for correlation points is difficult for noise,misalignment in practical environment.In this paper,we propose an optimized cross correlation power attack for message blinding exponentiation algorithms.The attack method can select the more correlative power points of share one operation in the modular multiplication by comparing variances between correlation coefficients.Further we demonstrate that the attack method is more efficient in experiments with hardware implementation of RSA on a crypto chip card.In addition to the proposed CCA method can recovery all 1024 bits secret key and recognition rate increases to 100%even when the recorded signals are noisy.
基金Supported by the National Key Foundation Research "973" project (No.G1999035802) and the National Natural Science Foundation of China (No.60273027).
文摘A simple fast correlation attack is used to analysis the security of Bluetooth combiner in this paper. This attack solves the tradeoff between the length of the keystream and the computing complexity needed to recover the secret key. We give the computing complexities of the attack algorithm according to different lengths of the known keystream. The result is less time-consuming than before. It is also shown that the secu-rity of the modified Bluetooth combiner by Hermelin and Nyberg is not significantly enhanced.
基金This work is supported by the National Key R&D Program of China(2016QY05X1000)the National Natural Science Foundation of China(Grant No.201561402137).
文摘With the continuous development of network technology,various large-scale cyber-attacks continue to emerge.These attacks pose a severe threat to the security of systems,networks,and data.Therefore,how to mine attack patterns from massive data and detect attacks are urgent problems.In this paper,an approach for attack mining and detection is proposed that performs tasks of alarm correlation,false-positive elimination,attack mining,and attack prediction.Based on the idea of CluStream,the proposed approach implements a flow clustering method and a two-step algorithm that guarantees efficient streaming and clustering.The context of an alarm in the attack chain is analyzed and the LightGBM method is used to perform falsepositive recognition with high accuracy.To accelerate the search for the filtered alarm sequence data to mine attack patterns,the PrefixSpan algorithm is also updated in the store strategy.The updated PrefixSpan increases the processing efficiency and achieves a better result than the original one in experiments.With Bayesian theory,the transition probability for the sequence pattern string is calculated and the alarm transition probability table constructed to draw the attack graph.Finally,a long-short-term memory network and embedding word-vector method are used to perform online prediction.Results of numerical experiments show that the method proposed in this paper has a strong practical value for attack detection and prediction.
文摘Detection of thewormhole attacks is a cumbersome process,particularly simplex and duplex over thewireless sensor networks(WSNs).Wormhole attacks are characterized as distributed passive attacks that can destabilize or disable WSNs.The distributed passive nature of these attacks makes them enormously challenging to detect.The main objective is to find all the possible ways in which how the wireless sensor network’s broadcasting character and transmission medium allows the attacker to interrupt network within the distributed environment.And further to detect the serious routing-disruption attack“Wormhole Attack”step by step through the different network mechanisms.In this paper,a new multi-step detection(MSD)scheme is introduced that can effectively detect the wormhole attacks for WSN.The MSD consists of three algorithms to detect and prevent the simplex and duplex wormhole attacks.Furthermore,the proposed scheme integrated five detection modules to systematically detect,recover,and isolate wormhole attacks.Simulation results conducted inOMNET++show that the proposedMSDhas lower false detection and false toleration rates.Besides,MSDcan effectively detect wormhole attacks in a completely distributed network environment,as suggested by the simulation results.
基金supported by the Nation Natural Science Foundation of China(NSFC)under Grant No.61462042 and No.61966018.
文摘Traffic flow prediction is an important part of the intelligent transportation system. Accurate multi-step traffic flow prediction plays an important role in improving the operational efficiency of the traffic network. Since traffic flow data has complex spatio-temporal correlation and non-linearity, existing prediction methods are mainly accomplished through a combination of a Graph Convolutional Network (GCN) and a recurrent neural network. The combination strategy has an excellent performance in traffic prediction tasks. However, multi-step prediction error accumulates with the predicted step size. Some scholars use multiple sampling sequences to achieve more accurate prediction results. But it requires high hardware conditions and multiplied training time. Considering the spatiotemporal correlation of traffic flow and influence of external factors, we propose an Attention Based Spatio-Temporal Graph Convolutional Network considering External Factors (ABSTGCN-EF) for multi-step traffic flow prediction. This model models the traffic flow as diffusion on a digraph and extracts the spatial characteristics of traffic flow through GCN. We add meaningful time-slots attention to the encoder-decoder to form an Attention Encoder Network (AEN) to handle temporal correlation. The attention vector is used as a competitive choice to draw the correlation between predicted states and historical states. We considered the impact of three external factors (daytime, weekdays, and traffic accident markers) on the traffic flow prediction tasks. Experiments on two public data sets show that it makes sense to consider external factors. The prediction performance of our ABSTGCN-EF model achieves 7.2%–8.7% higher than the state-of-the-art baselines.
基金funded by Stefan cel Mare University of Suceava,Romania.
文摘In Wireless Body Area Networks(WBANs)with respect to health care,sensors are positioned inside the body of an individual to transfer sensed data to a central station periodically.The great challenges posed to healthcare WBANs are the black hole and sink hole attacks.Data from deployed sensor nodes are attracted by sink hole or black hole nodes while grabbing the shortest path.Identifying this issue is quite a challenging task as a small variation in medicine intake may result in a severe illness.This work proposes a hybrid detection framework for attacks by applying a Proportional Coinciding Score(PCS)and an MK-Means algorithm,which is a well-known machine learning technique used to raise attack detection accuracy and decrease computational difficulties while giving treatments for heartache and respiratory issues.First,the gathered training data feature count is reduced through data pre-processing in the PCS.Second,the pre-processed features are sent to the MK-Means algorithm for training the data and promoting classification.Third,certain attack detection measures given by the intrusion detection system,such as the number of data packages trans-received,are identified by the MK-Means algorithm.This study demonstrates that the MK-Means framework yields a high detection accuracy with a low packet loss rate,low communication overhead,and reduced end-to-end delay in the network and improves the accuracy of biomedical data.
基金This work is supported by the Ordinary University Innovation Project of Guangdong Province(Nos.2014KTSCX212,2014KQNCX24).
文摘In the era of global Internet security threats,there is an urgent need for different organizations to cooperate and jointly fight against cyber attacks.We present an algorithm that combines a privacy-preserving technique and a multi-step attack-correlation method to better balance the privacy and availability of alarm data.This algorithm is used to construct multi-step attack scenarios by discovering sequential attack-behavior patterns.It analyzes the time-sequential characteristics of attack behaviors and implements a support-evaluation method.Optimized candidate attack-sequence generation is applied to solve the problem of pre-defined association-rule complexity,as well as expert-knowledge dependency.An enhanced k-anonymity method is applied to this algorithm to preserve privacy.Experimental results indicate that the algorithm has better performance and accuracy for multi-step attack correlation than other methods,and reaches a good balance between efficiency and privacy.
基金supported by The National Natural Science Foundation of China under Grants 61571063,61501100 and 61472357
文摘Correlation power analysis(CPA) has become a successful attack method about crypto-graphic hardware to recover the secret keys. However, the noise influence caused by the random process interrupts(RPIs) becomes an important factor of the power analysis attack efficiency, which will cost more traces or attack time. To address the issue, an improved method about empirical mode decomposition(EMD) was proposed. Instead of restructuring the decomposed signals of intrinsic mode functions(IMFs), we extract a certain intrinsic mode function(IMF) as new feature signal for CPA attack. Meantime, a new attack assessment is proposed to compare the attack effectiveness of different methods. The experiment shows that our method has more excellent performance on CPA than others. The first and the second IMF can be chosen as two optimal feature signals in CPA. In the new method, the signals of the first IMF increase peak visibility by 64% than those of the tradition EMD method in the situation of non-noise. On the condition of different noise interference, the orders of attack efficiencies are also same. With external noise interference, the attack effect of the first IMF based on noise with 15dB is the best.
基金the National High Technology Research and Development Programme of China(2006AA01Z452)
文摘Building attack scenario is one of the most important aspects in network security.This paper pro-posed a system which collects intrusion alerts,clusters them as sub-attacks using alerts abstraction,ag-gregates the similar sub-attacks,and then correlates and generates correlation graphs.The scenarios wererepresented by alert classes instead of alerts themselves so as to reduce the required rules and have the a-bility of detecting new variations of attacks.The proposed system is capable of passing some of the missedattacks.To evaluate system effectiveness,it was tested with different datasets which contain multi-stepattacks.Compressed and easily understandable Correlation graphs which reflect attack scenarios were gen-erated.The proposed system can correlate related alerts,uncover the attack strategies,and detect newvariations of attacks.
基金the National Natural Science Foundation of China (Grant Nos.90604036 and 60525201)the 973 Project (Grant No.2007CB807902)
文摘ABC v3 is a stream cipher submitted to the ECRYPT eStream project and has entered the second evaluation phase. Its key length is 128 bits. In this paper, we find large numbers of new weak keys of ABC family and introduce a method to search for them, and then apply a fast correlation attack to break ABC v3 with weak keys. We show that there are at least 2^103.71 new weak keys in ABC v3. Recovering the internal state of a weak key requires 236.05 keystream words and 2^50.56 operations. The attack can be applied to ABC vl and v2 with the same complexity as that of ABC v3. However, the number of weak keys of ABC vl as well as ABC v2 decreases to 2^97 + 20^95.19,It reveals that ABC v3 incurs more weak keys than that of ABC vl and v2.
基金Project supported by the Major Program of the Ministry of Industry and Information Technology of China(No.2017ZX01030301)the Beijing Natural Science Foundation of China(No.4162053)
文摘Hash-based message authentication code(HMAC)is widely used in authentication and message integrity.As a Chinese hash algorithm,the SM3 algorithm is gradually winning domestic market value in China.The side channel security of HMAC based on SM3(HMAC-SM3)is still to be evaluated,especially in hardware implementation,where only intermediate values stored in registers have apparent Hamming distance leakage.In addition,the algorithm structure of SM3 determines the difficulty in HMAC-SM3 side channel analysis.In this paper,a skillful bit-wise chosen-plaintext correlation power attack procedure is proposed for HMAC-SM3 hardware implementation.Real attack experiments on a field programmable gate array(FPGA)board have been performed.Experimental results show that we can recover the key from the hypothesis space of 2256 based on the proposed procedure.
