An Efficient DenseNet-Based Deep Learning Model for Malware Detection

Recently, there has been a huge rise in malware growth, which creates a significant security threat to organizations and individuals. Despite the incessant efforts of cybersecurity research to defend against malware threats, malware developers discover new ways to evade these defense techniques. Traditional static and dynamic analysis methods are ineffective in identifying new malware and pose high overhead in terms of memory and time. Typical machine learning approaches that train a classifier based on handcrafted features are also not sufficiently potent against these evasive techniques and require more efforts due to feature-engineering. Recent malware detectors indicate performance degradation due to class imbalance in malware datasets. To resolve these challenges, this work adopts a visualization-based method, where malware binaries are depicted as two-dimensional images and classified by a deep learning model. We propose an efficient malware detection system based on deep learning. The system uses a reweighted class-balanced loss function in the final classification layer of the DenseNet model to achieve significant performance improvements in classifying malware by handling imbalanced data issues. Comprehensive experiments performed on four benchmark malware datasets show that the proposed approach can detect new malware samples with higher accuracy (98.23% for the Malimg dataset, 98.46% for the BIG 2015 dataset, 98.21% for the MaleVis dataset, and 89.48% for the unseen Malicia dataset) and reduced false-positive rates when compared with conventional malware mitigation techniques while maintaining low computational time. The proposed malware detection solution is also reliable and effective against obfuscation attacks.     

Vulnerability of network of networks

Our dependence on networks – be they infrastructure, economic, social or others – leaves us prone to crises caused by the vulnerabilities of these networks. There is a great need to develop new methods to protect infrastructure networks and prevent cascade of failures (especially in cases of coupled networks). Terrorist attacks on transportation networks have traumatized modern societies. With a single blast, it has become possible to paralyze airline traffic, electric power supply, ground transportation or Internet communication. How, and at which cost can one restructure the network such that it will become more robust against malicious attacks? The gradual increase in attacks on the networks society depends on – Internet, mobile phone, transportation, air travel, banking, etc. – emphasize the need to develop new strategies to protect and defend these crucial networks of communication and infrastructure networks. One example is the threat of liquid explosives a few years ago, which completely shut down air travel for days, and has created extreme changes in regulations. Such threats and dangers warrant the need for new tools and strategies to defend critical infrastructure. In this paper we review recent advances in the theoretical understanding of the vulnerabilities of interdependent networks with and without spatial embedding, attack strategies and their affect on such networks of networks as well as recently developed strategies to optimize and repair failures caused by such attacks.     

Attacks and Improvement of Quantum Sealed-Bid Auction with EPR Pairs

Recently, an experimentally feasible three-party quantum sealed-bid auction protocol based on EPR pairs [Z.Y. Wang, Commun. Theor. Phys. 54 （2010） 997] was proposed. However, this study points out Wang＇s protocol cannot resist some internal bidders＇ attacks, such as the Twiee-CNOT attack, the collusion attack. A malicious bidder can launch the Twice-CNOT attack to obtain the other＇s bid, or the dishonest auctioneer may collude with one bidder and help him/her win the action by changing his/her bid. For preventing against these attacks, a simple solution by using the QKD-based message encryption and a post-confirmation mechanism by adopting the hash function are proposed.     

Cryptanalysis and improvement of several quantum private comparison protocols

Recently, Wu et al(2019 Int. J. Theor. Phys. 58 1854) found a serious information leakage problem in Ye and Ji's quantum private comparison protocol(2017 Int. J. Theor. Phys. 561517), that is, a malicious participant can steal another's secret data without being detected through an active attack means. In this paper, we show that Wu et al's active attack is also effective for several other existing protocols, including the ones proposed by Ji et al and Zha et al(2016 Commun. Theor. Phys. 65 711; 2018 Int. J. Theor. Phys. 57 3874). In addition,we propose what a passive attack means, which is different from Wu et al's active attack in that the malicious participant can easily steal another's secret data only by using his own secret data after finishing the protocol, instead of stealing the data by forging identities when executing the protocol. Furthermore, we find that several other existing quantum private comparison protocols also have such an information leakage problem. In response to the problem, we propose a simple solution, which is more efficient than the ones proposed by Wu et al, because it does not consume additional classical and quantum resources.     

Attacks and Improvement on “Quantum Direct Communication with Mutual Authentication”

In 2009, Yen et al. [Quantum Inf. Comput. 9(5–6):376–394, 2009] proposed a quantum direct communication along with an authentication protocol using Einstein-Podolsky-Rosen states. This study points out several attacks on Yen et al.’s protocol, in which a malicious Trent can launch either an intercept-resend attack to reveal the secret information of a sender or an impersonation attack to impersonate a sender to send forged secret information to a receiver. Furthermore, an outsider can launch a modification attack to modify the secret information of a sender. A possible solution is proposed herein to avoid these security attacks.     

An interpretable intrusion detection method based on few-shot learning in cloud-ground interconnection

An enterprise’s private cloud may be attacked by attackers when communicating with the public cloud. Although traffic detection methods based on deep learning have been widely used, these methods rely on a large amount of sample data and cannot quickly detect new attacks such as Zero-day Attacks. Moreover, deep learning has a black-box nature and cannot interpret the detection results, which has certain security risks. This paper proposes an interpretable abnormal traffic detection method, which can complete the detection task with only a few malicious traffic samples. Specifically, it uses the covariance matrix to characterize each traffic category and then calculates the similarity between the query traffic and each category according to the covariance metric function to realize the traffic detection based on few-shot learning. After that, the traffic images processed by the random masks are input into the model to obtain the predicted probability of the corresponding traffic category. Finally, the predicted probability is linearly summed with each mask to generate the final saliency map to interpret and analyze the model decision. In this paper, experiments are carried out by simulating only 15 and 25 malicious traffic samples. The results show that the proposed method can obtain good accuracy and recall, and the interpretation analysis shows that the model is reliable and interpretable.     

A block-based watermarking scheme for image tamper detection and self-recovery

In this paper, we present an effective block-based digital fragile watermarking scheme for image tamper detection and recovery. The proposed scheme embeds watermarks consisting of the authentication data and the recovery data into image blocks. It adopts parity check and the intensity-relation check to thwart various malicious attacks. In the tamper detection process, instead of independently testing the embedded authentication data of each block, we take the block-neighbourhood into account and utilize a hierarchical structure to determine the legitimacy of image blocks. Experimental results show that the proposed scheme can effectively resist collage attack, vector quantization (VQ) attack and constant-average attack, while sustaining superior accuracy of tamper localization. Furthermore, the results reveal that the tampered images can be successfully self-recovered with acceptable visual quality.     

基于Android网络恶意行为检测系统的应用研究

目前Android系统是当今网络用户最对的应用系统之一,而随着科学技术的发展,对于Android系统的恶意行为软件也逐渐增多,给当前的应用用户的财产以及私人信息安全带来了很大的威胁,严重的迟缓了当前移动通信网络技术以及相关于应用客户端的推广。为此本文根据Android系统的特有机构设计出一种基于Binder信息流的自动检测恶意行为系统,以此来解决对于当前网络安全对于Android系统用户带来的负面影响。根据目前网络中的应用通信信息,检测可能存在的泄露用户信息的应用软件为目标,建立信息矢量图以此来分析当前网络中的恶意行为。通过对软件进行检测,研究可实用性和检测效果,结果显示其识别率可以达到100%,并且软件运行只占有内存的7%,结果可以达到当前的Android用户的使用范围。     

分布式网络异常攻击检测模型仿真分析

针对传统的异常攻击检测方法主要以异常攻击行为规则与网络数据隶属度大小进行判别,只能针对已知异常攻击进行检测,对新型异常攻击,检测算法率低,计算数据量大的问题。提出一种新的分布式网络异常攻击检测方式,通过对分布式网络内数据进行迭代聚类将正常和异常数据进行分类,建立矩阵映射模型进行数据矩阵对比,初步对异常攻击数据进行判断。在矩阵中建立粒子密度函数,通过粒子密度变化计算其异常攻击概率,最后对其数据进行加权和波滤确定数据异常攻击特征,建立攻击检测模型。仿真实验表明,优化的分布式网络异常攻击检测模型提高了异常数据攻击检测的自适应性,在网络信号受到攻击信号干扰情况下,仍然能够准确检测出带有攻击特征的小网络异常数据。有效提高了分布式网络的检测正确率,加快了检测速度和稳定性。     

一种公共网络攻击数据挖掘智能算法研究

公共网络的开放性和自组织特性导致网络容易受到病毒干扰和入侵攻击,对攻击数据的准确高效挖掘能确保网络安全。传统方法采用时频指向性波束特征聚类方法实现攻击数据挖掘,在信噪比较低时攻击数据准确挖掘概率较低。提出一种基于自适应滤波检测和时频特征提取的公共网络攻击数据挖掘智能算法。首先进行公共网络攻击数据的信号拟合和时间序列分析,对含噪的攻击数据拟合信号进行自适应滤波检测,提高信号纯度,对滤波输出数据进行时频特征提取,实现攻击数据的准确挖掘。仿真结果表明,采用该算法进行网络攻击数据挖掘,对攻击数据特征的准确检测性能较高,对干扰的抑制性能较强,能有效实现网络安全防御。     

Privacy-Preserving Image Template Sharing Using Contrastive Learning

With the recent developments of Machine Learning as a Service (MLaaS), various privacy concerns have been raised. Having access to the user’s data, an adversary can design attacks with different objectives, namely, reconstruction or attribute inference attacks. In this paper, we propose two different training frameworks for an image classification task while preserving user data privacy against the two aforementioned attacks. In both frameworks, an encoder is trained with contrastive loss, providing a superior utility-privacy trade-off. In the reconstruction attack scenario, a supervised contrastive loss was employed to provide maximal discrimination for the targeted classification task. The encoded features are further perturbed using the obfuscator module to remove all redundant information. Moreover, the obfuscator module is jointly trained with a classifier to minimize the correlation between private feature representation and original data while retaining the model utility for the classification. For the attribute inference attack, we aim to provide a representation of data that is independent of the sensitive attribute. Therefore, the encoder is trained with supervised and private contrastive loss. Furthermore, an obfuscator module is trained in an adversarial manner to preserve the privacy of sensitive attributes while maintaining the classification performance on the target attribute. The reported results on the CelebA dataset validate the effectiveness of the proposed frameworks.     

Single decision reporting for cooperative spectrum sensing under erroneous feedback channels with Byzantine attack

Spectrum sensing based on a single user suffers from low detection performance due to fading, shadowing, and hidden node problems. Cooperative spectrum sensing (CSS) is thought to be a potential method to overcome these issues and improve detection performance in determining the available spectrum in cognitive radio (CR). However, CSS suffers in case of erroneous reporting channels, and it is also susceptible to Byzantine attacks by malicious users (MUs). In this paper, we first analyze the traditional CSS under erroneous feedback channels. And then, we extend the analysis to include erroneous reporting channels in the presence of the Byzantine attack. We propose a single decision reporting (SD-R) algorithm immune to erroneous reporting channels. The proposed algorithm also improves the performance under the Byzantine attack. With the proposed algorithm, MUs can attempt only false alarm attacks, whereas the miss detection attack is not possible. An extensive analysis is carried out, and the plots are shown to prove the superiority of the proposed algorithm.     

Splitting Unknown Qubit State Using Five-Qubit Entangled State

In this paper, we demonstrate how a five-qubit entangled state can be used to realize the deterministic Quantum State Sharing (QSTS) of a single and two-qubit state among three parties by performing von-Neumann measurement and bell-state measurements. In our scheme, any of the two agents has the ability to reconstruct the original state if he/she collaborates with the other agent,otherwise an individual agent does not have enough information to reconstruct the original state. The paper also outlines the various measurements and mathematical framework of the scheme. The security analysis of our scheme against two attacks scenarios prove that the scheme is secure against an eavesdropper attack and a malicious attacks.     

Blind Speech Watermarking Method with Frame Self-Synchronization Based on Spread-Spectrum Using Linear Prediction Residue

State-of-the-art speech watermarking techniques enable speech signals to be authenticated and protected against any malicious attack to ensure secure speech communication. In general, reliable speech watermarking methods must satisfy four requirements: inaudibility, robustness, blind-detectability, and confidentiality. We previously proposed a method of non-blind speech watermarking based on direct spread spectrum (DSS) using a linear prediction (LP) scheme to solve the first two issues (inaudibility and robustness) due to distortion by spread spectrum. This method not only effectively embeds watermarks with small distortion but also has the same robustness as the DSS method. There are, however, two remaining issues with blind-detectability and confidentiality. In this work, we attempt to resolve these issues by developing an approach called the LP-DSS scheme, which takes two forms of data embedding for blind detection and frame synchronization. We incorporate blind detection with frame synchronization into the scheme to satisfy blind-detectability and incorporate two forms of data embedding process, front-side and back-side embedding for blind detection and frame synchronization, to satisfy confidentiality. We evaluated these improved processes by carrying out four objective tests (PESQ, LSD, Bit-error-rate, and accuracy of frame synchronization) to determine whether inaudibility and blind-detectability could be satisfied. We also evaluated all combinations with the two forms of data embedding for blind detection with frame synchronization by carrying out BER tests to determine whether confidentiality could be satisfied. Finally, we comparatively evaluated the proposed method by carrying out ten robustness tests against various processing and attacks. Our findings showed that an inaudible, robust, blindly detectable, and confidential speech watermarking method based on the proposed LP-DSS scheme could be achieved.     

Comment on “Deterministic six states protocol for quantum communication” [Phys. Lett. A 358 (2006) 85]

In [J.S. Shaari, M. Lucamarini, M.R.B. Wahiddin, Phys. Lett. A 358 (2006) 85] the deterministic six states protocol (6DP) for quantum communication has been developed. This protocol is based on three mutually unbiased bases and four encoding operators. Information is transmitted between the users via two qubits from different bases. Three attacks have been studied; namely intercept-resend attack (IRA), double-CNOT attack (2CNOTA) and quantum man-in-the-middle attack. In this Letter, we show that the IRA and 2CNOTA are not properly addressed. For instance, we show that the probability of detecting Eve in the control mode of the IRA is 70% instead of 50% in the previous study. Moreover, in the 2CNOTA, Eve can only obtain 50% of the data not all of it as argued earlier.     

Approaching Adversarial Example Classification with Chaos Theory

Adversarial examples are one of the most intriguing topics in modern deep learning. Imperceptible perturbations to the input can fool robust models. In relation to this problem, attack and defense methods are being developed almost on a daily basis. In parallel, efforts are being made to simply pointing out when an input image is an adversarial example. This can help prevent potential issues, as the failure cases are easily recognizable by humans. The proposal in this work is to study how chaos theory methods can help distinguish adversarial examples from regular images. Our work is based on the assumption that deep networks behave as chaotic systems, and adversarial examples are the main manifestation of it (in the sense that a slight input variation produces a totally different output). In our experiments, we show that the Lyapunov exponents (an established measure of chaoticity), which have been recently proposed for classification of adversarial examples, are not robust to image processing transformations that alter image entropy. Furthermore, we show that entropy can complement Lyapunov exponents in such a way that the discriminating power is significantly enhanced. The proposed method achieves 65% to 100% accuracy detecting adversarials with a wide range of attacks (for example: CW, PGD, Spatial, HopSkip) for the MNIST dataset, with similar results when entropy-changing image processing methods (such as Equalization, Speckle and Gaussian noise) are applied. This is also corroborated with two other datasets, Fashion-MNIST and CIFAR 19. These results indicate that classifiers can enhance their robustness against the adversarial phenomenon, being applied in a wide variety of conditions that potentially matches real world cases and also other threatening scenarios.     

Reinforcement learning for performance improvement in cooperative spectrum sensing

Cognitive radio (CR) can provide a promising solution to the spectrum scarcity issue for upcoming wireless communication technologies. Cooperative spectrum sensing (CSS) is generally adopted to improve spectrum utilization and minimize interference to primary users (PUs). The performance of CSS is significantly affected by imperfect reporting channels, and it is an easy target for Byzantine attackers. This paper studies CSS under imperfect reporting channels and Byzantine attacks. We have considered centralized CSS with a hard combining fusion rule. The binary symmetric channel (BSC) is used to model the imperfect reporting channels, and a centralized independent probabilistic small scale attack model is chosen to model Byzantine attackers. We first analyze the traditional CSS (T-CSS) under the imperfect reporting channel and the Byzantine attack. The performance of T-CSS is found to be greatly affected in the considered scenarios. We propose a reinforcement learning-based algorithm to detect cooperating secondary users (CSUs) experiencing weak reporting channels and Byzantine attackers. Generally, in literature, the detected malicious users (MUs) are removed to improve the performance. However, in case there are CSUs with weak reporting channels, the genuine CSUs may be detected as Byzantine attackers and hence removed. To overcome this issue, we propose a weighted sum-based CSS (WS-CSS) algorithm that can improve the CSS performance under weak reporting channels and attacks from Byzantine attackers. It is demonstrated using plots that the proposed WS-CSS algorithm significantly improves the CSS performance.     

Analyzing mechanism-based attacks in privacy-preserving data publishing

Privacy-preserving data publishing (PPDP) deals with data publishing while preserving individual's privacy in the data. Recent researches show that knowledge of mechanism of anonymization provides a loophole for attacks [1], [2], we call this kind of attack a mechanism-based attack. In this paper, we first give a comprehensive study of mechanism-based attack and point out that the range of mechanism-based disclosure is much broader than ever said. Then, we analyze the rationale of mechanism-based attack and give the definition of mechanism-based attack formally. To counteract mechanism-based attack, we introduce a model called e-secrecy and corresponding solution algorithm MAIA. We conduct a comprehensive set of experiments to show mechanism-based attacks are practical concern in the real-world data sets and that our method introduces better data utility and very minor computation than the existing algorithms.     

Injection attack detection using machine learning for smart IoT applications

Smart cities are a rapidly growing IoT application. These smart cities mainly rely on wireless sensors to connect their different components (smart devices) together. Smart cities rely on the integration of IoT and 5G technologies, and this has created a demand for a massive IoT network of connected devices. The data traffic coming from indoor wireless networks (e.g., smart homes, smart hospitals, smart factories , or smart school buildings) contributes to over 80% of the total data traffic of the current IoT network. As smart cities and their applications grow, security and privacy challenges have become a major concern for billions of IoT smart devices. One reason for this could be the oversight of handling security issues of IoT devices by their manufacturers, which enables attackers to exploit the vulnerabilities in these devices by performing different types of attacks, e.g., DDoS and injection attacks. Intrusion detection is one way to detect and mitigate the risk of such attacks. In this paper, an intrusion detection method was proposed to detect injection attacks in IoT applications (e.g. smart cities). In this method, two types of feature selection techniques (constant removal and recursive feature elimination) were used and tested by a number of machine learning classifiers (i.e., SVM, Random Forest, and Decision Tree). The T-Test was conducted to evaluate the quality of this proposed feature selection method. Using the public dataset, AWID, the evaluation results showed that the decision tree classifier can be used to detect injection attacks with an accuracy of 99% using only 8 features, which were selected using the proposed feature selection method. Also, the comparison with the most related work showed the advantages of the proposed intrusion detection method.     

双随机相位加密系统的选择明文攻击

在光学信息安全领域,双随机相位加密方法最引人注目并得到广泛研究,但由于双随机相位加密系统是基于傅里叶变换的系统,其本质上是一种线性变换系统,明文、密文之间的函数依赖关系比较简单,这就为其安全性留下了很大的隐患。双随机相位加密方法可以用光学和数字的方式实现,提出了一种选择明文攻击的方法,利用多个冲击函数作为选择的明文,成功破解了基于数字方法实现的双随机相位加密系统,并给出了恢复密钥的解析式,此方法最大的优点在于解密图像的无损性,并从理论上加以证明,给出了实验结果。