A Hybrid Analysis-Based Approach to Android Malware Family Classification

With the popularity of Android, malware detection and family classification have also become a research focus. Many excellent methods have been proposed by previous authors, but static and dynamic analyses inevitably require complex processes. A hybrid analysis method for detecting Android malware and classifying malware families is presented in this paper, and is partially optimized for multiple-feature data. For static analysis, we use permissions and intent as static features and use three feature selection methods to form a subset of three candidate features. Compared with various models, including k-nearest neighbors and random forest, random forest is the best, with a detection rate of 95.04%, while the chi-square test is the best feature selection method. After using feature selection to explore the critical static features contained in this dataset, we analyzed a subset of important features to gain more insight into the malware. In a dynamic analysis based on network traffic, unlike those that focus on a one-way flow of traffic and work on HTTP protocols and transport layer protocols, we focused on sessions and retained protocol layers. The Res7LSTM model is then used to further classify the malicious and partially benign samples detected in the static detection. The experimental results show that our approach can not only work with fewer static features and guarantee sufficient accuracy, but also improve the detection rate of Android malware family classification from 71.48% in previous work to 99% when cutting the traffic in terms of the sessions and protocols of all layers.     

An Efficient DenseNet-Based Deep Learning Model for Malware Detection

Recently, there has been a huge rise in malware growth, which creates a significant security threat to organizations and individuals. Despite the incessant efforts of cybersecurity research to defend against malware threats, malware developers discover new ways to evade these defense techniques. Traditional static and dynamic analysis methods are ineffective in identifying new malware and pose high overhead in terms of memory and time. Typical machine learning approaches that train a classifier based on handcrafted features are also not sufficiently potent against these evasive techniques and require more efforts due to feature-engineering. Recent malware detectors indicate performance degradation due to class imbalance in malware datasets. To resolve these challenges, this work adopts a visualization-based method, where malware binaries are depicted as two-dimensional images and classified by a deep learning model. We propose an efficient malware detection system based on deep learning. The system uses a reweighted class-balanced loss function in the final classification layer of the DenseNet model to achieve significant performance improvements in classifying malware by handling imbalanced data issues. Comprehensive experiments performed on four benchmark malware datasets show that the proposed approach can detect new malware samples with higher accuracy (98.23% for the Malimg dataset, 98.46% for the BIG 2015 dataset, 98.21% for the MaleVis dataset, and 89.48% for the unseen Malicia dataset) and reduced false-positive rates when compared with conventional malware mitigation techniques while maintaining low computational time. The proposed malware detection solution is also reliable and effective against obfuscation attacks.     

Hfinger: Malware HTTP Request Fingerprinting

Malicious software utilizes HTTP protocol for communication purposes, creating network traffic that is hard to identify as it blends into the traffic generated by benign applications. To this aim, fingerprinting tools have been developed to help track and identify such traffic by providing a short representation of malicious HTTP requests. However, currently existing tools do not analyze all information included in the HTTP message or analyze it insufficiently. To address these issues, we propose Hfinger, a novel malware HTTP request fingerprinting tool. It extracts information from the parts of the request such as URI, protocol information, headers, and payload, providing a concise request representation that preserves the extracted information in a form interpretable by a human analyst. For the developed solution, we have performed an extensive experimental evaluation using real-world data sets and we also compared Hfinger with the most related and popular existing tools such as FATT, Mercury, and p0f. The conducted effectiveness analysis reveals that on average only 1.85% of requests fingerprinted by Hfinger collide between malware families, what is 8–34 times lower than existing tools. Moreover, unlike these tools, in default mode, Hfinger does not introduce collisions between malware and benign applications and achieves it by increasing the number of fingerprints by at most 3 times. As a result, Hfinger can effectively track and hunt malware by providing more unique fingerprints than other standard tools.     

A Modified FlowDroid Based on Chi-Square Test of Permissions

Android devices are currently widely used in many fields, such as automatic control, embedded systems, the Internet of Things and so on. At the same time, Android applications (apps) always use multiple permissions, and permissions can be abused by malicious apps that disclose users’ privacy or breach the secure storage of information. FlowDroid has been extensively studied as a novel and highly precise static taint analysis for Android applications. Aiming at the problem of complex detection and false alarms in FlowDroid, an improved static detection method based on feature permission and risk rating is proposed. Firstly, the Chi-square test is used to extract correlated permissions related to malicious apps, and mutual information is used to cluster the permissions to generate feature permission clusters. Secondly, risk calculation method based on permissions and combinations of permissions are proposed to identify dangerous data flows. Experiments show that this method can significantly improve detection efficiency while maintaining the accuracy of dangerous data flow detection.     

A Study on Railway Surface Defects Detection Based on Machine Vision

The detection of rail surface defects is an important tool to ensure the safe operation of rail transit. Due to the complex diversity of track surface defect features and the small size of the defect area, it is difficult to obtain satisfying detection results by traditional machine vision methods. The existing deep learning-based methods have the problems of large model sizes, excessive parameters, low accuracy and slow speed. Therefore, this paper proposes a new method based on an improved YOLOv4 (You Only Look Once, YOLO) for railway surface defect detection. In this method, MobileNetv3 is used as the backbone network of YOLOv4 to extract image features, and at the same time, deep separable convolution is applied on the PANet layer in YOLOv4, which realizes the lightweight network and real-time detection of the railway surface. The test results show that, compared with YOLOv4, the study can reduce the amount of the parameters by 78.04%, speed up the detection by 10.36 frames per second and decrease the model volume by 78%. Compared with other methods, the proposed method can achieve a higher detection accuracy, making it suitable for the fast and accurate detection of railway surface defects.     

基于Android平台的USB通信技术研究

针对Android平台的USB通信技术的广阔应用前景,对Android 设备与单片机的USB通信技术进行了研究;搭建了Android设备与单片机进行USB通信的硬件平台;以Android USB Host通信技术为核心,开发了Android端与单片机端的USB应用程序;着重阐述了Android端USB应用程序的完整开发过程,给出了其所需API类的功能描述、使用方法以及程序的开发流程图、主要功能实现的关键代码;对Android开发板与单片机之间的数据通信过程进行了测试,结果表明两者通信正常,实现了Android平台下的USB通信功能。     

一种识别病毒和蠕虫的算法

对现有的恶意软件检测算法进行研究之后发现,某些检测算法只能检测一种恶意软件,并且部分传统的检测算法在检测恶意程序时漏检率偏高。针对目前现有的检测算法缺乏综合性检测能力的短板,在此文中提出了一种新的检测算法,该检测算法具有一定的综合检测能力。新算法的思路如下：第一步区分某种软件是恶意软件还是非恶意软件,如果是恶意软件则提取其特征码,然后使用决策树根据恶意软件的特征码对恶意软件进行识别和分类,如果存在特征码不能识别的恶意软件,那么再根据病毒和蠕虫的特征使用相似性计算算法对未知的恶意软件进行相似性计算,最后使用决策系统对相似性算法计算的结果进行决策,该恶意软件是病毒还是蠕虫。将相似性计算算法,决策树和决策系统在检测恶意软件算法中进行应用是本文的创新之处。     

A robust watermarking algorithm based on salient image features

A feature-based robust watermarking algorithm against geometric attacks is proposed in this paper. It is well-known that geometric attacks such as rotation, scaling, and translation on a watermarked image will destroy the synchronization between the processes of watermark embedding and detection. In other words, the locations for embedding the watermark are lost due to geometric attacks, which results in the failure of watermark detection. Since salient features in an image are relatively stable under geometric attacks, they may serve as reference points to synchronize the embedding and detection processes and the detection rate of the watermark could be increased significantly. Another problem for feature-based watermarking is that the repeatability of feature detection tends to be low; that is, the features detected during the embedding process may not be detected again during the detection process. To overcome such a problem, a novel feature enhancement technique is developed to increase the repeatability rate of feature detection, in which image moments are used to achieve geometric invariance between the embedding and detection processes. Experimental results demonstrate that the proposed watermarking algorithm is able to survive various geometric attacks and common image processing operations. And the visual quality of the watermarked image is well preserved as well.     

Getting Ahead of the Arms Race: Hothousing the Coevolution of VirusTotal with a Packer

Malware detection is in a coevolutionary arms race where the attackers and defenders are constantly seeking advantage. This arms race is asymmetric: detection is harder and more expensive than evasion. White hats must be conservative to avoid false positives when searching for malicious behaviour. We seek to redress this imbalance. Most of the time, black hats need only make incremental changes to evade them. On occasion, white hats make a disruptive move and find a new technique that forces black hats to work harder. Examples include system calls, signatures and machine learning. We present a method, called Hothouse, that combines simulation and search to accelerate the white hat’s ability to counter the black hat’s incremental moves, thereby forcing black hats to perform disruptive moves more often. To realise Hothouse, we evolve EEE, an entropy-based polymorphic packer for Windows executables. Playing the role of a black hat, EEE uses evolutionary computation to disrupt the creation of malware signatures. We enter EEE into the detection arms race with VirusTotal, the most prominent cloud service for running anti-virus tools on software. During our 6 month study, we continually improved EEE in response to VirusTotal, eventually learning a packer that produces packed malware whose evasiveness goes from an initial 51.8% median to 19.6%. We report both how well VirusTotal learns to detect EEE-packed binaries and how well VirusTotal forgets in order to reduce false positives. VirusTotal’s tools learn and forget fast, actually in about 3 days. We also show where VirusTotal focuses its detection efforts, by analysing EEE’s variants.     

Time-resolved imaging of latent fingerprints with nanosecond resolution

Imaging of latent fingerprints using time-resolved (TR) method offers a broader platform to eliminate the unwanted background emission. In this paper, a novel TR imaging technique is demonstrated and implemented, which facilitates the detection of latent fingerprints with nanosecond resolution. Simulated experiments were carried out with two overlapping fingerprints treated with two fluorescent powders having different lifetimes in nanosecond range. The dependence of the fluorescence emission intensity in nanosecond resolution of TR imaging is also revealed.     

Efficient quantum private comparison protocol based on one direction discrete quantum walks on the circle

We propose an efficient quantum private comparison protocol firstly based on one direction quantum walks. With the help of one direction quantum walk, we develop a novel method that allows the semi-honest third party to set a flag to judge the comparing result, which improves the qubit efficiency and the maximum quantity of the participants' secret messages. Besides, our protocol can judge the size of the secret messages, not only equality. Furthermore, the quantum walks particle is disentangled in the initial state. It only requires a quantum walks operator to move, making our proposed protocol easy to implement and reducing the quantum resources. Through security analysis, we prove that our protocol can withstand well-known attacks and brute-force attacks. Analyses also reveal that our protocol is correct and practical.     

基于可视化图形特征的入侵检测方法

入侵检测是保障网络安全的重要措施,网络攻击手段的多样性和隐蔽性不断增强导致入侵检测愈加困难,迫切需要研究新的入侵检测方法。结合可视化技术和k近邻分类算法,提出一种基于图形特征的入侵检测方法。采用信息增益方法对原始特征进行排序选择,并进行雷达图可视化表示,提取雷达图的图形特征构成新的数据集并送入k近邻分类器进行训练和测试。通过KDDCUP99数据集仿真实验表明,该方法不仅能直观显示攻击行为,而且获得较好的攻击检测性能,对DOS攻击的检测率可达97.9%,误报率为1.5%。     

J-TEXT Զ�̲���ʵ��ϵͳ�������ʵ��

设计了一个开放平台使研究者能够远程参与J-TEXT装置实验,应用Representational State Transfer(RESTful)软件架构模式实现Web应用,提供大量的开放API给开发者开发托卡马克应用软件。认证和授权功能避免了开放的API被用户恶意使用。J-TEXT装置远程参与实验Web应用使用了ASP.NET Signal R框架,在实时刷新界面状态方面取得良好的效果,还实现了多种服务器推送信息的策略。系统具有良好的灵活性,兼容Experimental Physics and Industrial Control System(EPICS)软件,目前已经集成到J-TEXT Control,Data Access and Communication(CODAC)系统中使用。Web应用和Android应用的测试和使用结果表明,系统能够连续稳定运行,可以满足装置远程参与实验的需求。     

J-TEXT 远程参与实验系统的设计与实现

设计了一个开放平台使研究者能够远程参与J-TEXT 装置实验,应用Representational State Transfer (RESTful)软件架构模式实现Web 应用,提供大量的开放API 给开发者开发托卡马克应用软件。认证和授权功能避免了开放的API 被用户恶意使用。J-TEXT 装置远程参与实验Web 应用使用了ASP.NET SignalR 框架,在实时刷新界面状态方面取得良好的效果,还实现了多种服务器推送信息的策略。系统具有良好的灵活性,兼容 Experimental Physics and Industrial Control System (EPICS)软件,目前已经集成到J-TEXT Control, Data Access and Communication (CODAC)系统中使用。Web 应用和Android 应用的测试和使用结果表明,系统能够连续稳定运行,可以满足装置远程参与实验的需求。     

基于相位敏感谱域光学相干层析术的潜指纹获取方法

本文提出一种基于相位敏感谱域光学相干层析术 (spectral domain optical coherence tomography, SD-OCT) 的遗留指纹获取方法, 该方法具有非接触、无损、快速和高灵敏度优势. 实验结果显示, 即使在低对比度条件下, 本方法也能较好地再现遗留指纹, 证明相位敏感谱域光学相干层析术可以准确、可靠地识别潜指纹. 关键词： 潜指纹 谱域光学相干层析术 相位敏感     

Detection of infrared small target based on fusion of multi-filters北大核心CSCD

Aiming at solving accuracy problem of infrared small target detection in sky and ocean background scenarios of infrared image sequences, a novel infrared small target detection based on multi-filters algorithm fusion method is presented in this paper. Firstly infrared small target and imaging, time and space characteristics of the corresponding background noise are analyzed. Tophat algorithm with improved Robinson guard filter are then integrated to highlight target and suppress clutter background by using infrared small target imaging features. Adaptive threshold segmentation is used to extract candidate targets, while Unger smoothing filter and multi-objects association filter are used to eliminate random noise and false targets in the candidate targets. Multiple experiments of infrared small target image sequences are implemented, and experimental results show that proposed method can detect infrared small targets at 99% detection rate with high reliability and good real-time performance. © 2017, Editorial Board, Journal of Applied Optics. All right reserved.     

Using feature vectors to detect frog calls in wireless sensor networks

A method for detecting vocalization of giant barred frogs (Mixophyes iteratus) in noisy audio is proposed. Audio recordings from remote wireless sensor nodes were segmented into individual sounds and from each sound a small set of features was extracted. Feature vectors were compared to those of example calls using a Euclidean distance formula as a detection system. The system achieved a sensitivity of 0.85 with specificity of 0.92 when distinguishing M. iteratus calls from other species' calls and sensitivity of 0.88 with specificity 0.82 against background noise.     

基于中心点的遥感图像多方向舰船目标检测

针对目前基于深度学习的舰船目标斜框检测方法存在计算量大、效率低的问题,提出一种基于目标中心点的单阶段检测模型.由于舰船中心点不受舰船分布方向影响,模型主要思想是以目标中心点检测为基础,回归中心点处目标斜框的尺度和方向.首先设计特征提取网络,将卷积神经网络细节信息丰富的底层特征与语义信息丰富的高层特征融合起来形成特征图;然后将特征图输入到三个检测分支,分别预测目标中心点、中心点偏移值以及斜框的尺度与方向;设计组合损失函数对网络进行训练,并改进非极大值抑制算法以适应目标斜框检测的需要.在公开的SAR图像舰船目标检测数据集与光学遥感图像上进行了实验,实验结果表明,测试集平均准确率达0.906,检测精度与速度均优于其它检测模型,充分验证了所提算法的有效性.     

化学成像技术在手印显现和增强中的应用

化学成像技术结合光谱分析和成像技术从而同时获得物质的光谱和空间各点的组成和结构信息。振动光谱方法(红外和拉曼光谱)与成像相结合,具有灵敏、快速、无损检验等优点,能够为检验鉴定提供定性定量的准确信息,近年来在物证鉴定领域获得了重要的应用。手印的显现和增强有多种方法,化学成像技术作为一种潜力巨大的方法可以显现多种客体上的潜在手印而不需要任何前处理。该技术还可以增强用其他方法显现后的手印,使之与背景形成较大反差。随着成像仪器的发展,化学成像技术在手印显现领域的应用将会一步拓展。文章介绍了化学成像技术的基本原理和仪器,综述了化学成像技术在潜在手印的显现和增强方面的具体应用,展望了化学成像技术的发展前景。