Hfinger: Malware HTTP Request Fingerprinting

Malicious software utilizes HTTP protocol for communication purposes, creating network traffic that is hard to identify as it blends into the traffic generated by benign applications. To this aim, fingerprinting tools have been developed to help track and identify such traffic by providing a short representation of malicious HTTP requests. However, currently existing tools do not analyze all information included in the HTTP message or analyze it insufficiently. To address these issues, we propose Hfinger, a novel malware HTTP request fingerprinting tool. It extracts information from the parts of the request such as URI, protocol information, headers, and payload, providing a concise request representation that preserves the extracted information in a form interpretable by a human analyst. For the developed solution, we have performed an extensive experimental evaluation using real-world data sets and we also compared Hfinger with the most related and popular existing tools such as FATT, Mercury, and p0f. The conducted effectiveness analysis reveals that on average only 1.85% of requests fingerprinted by Hfinger collide between malware families, what is 8–34 times lower than existing tools. Moreover, unlike these tools, in default mode, Hfinger does not introduce collisions between malware and benign applications and achieves it by increasing the number of fingerprints by at most 3 times. As a result, Hfinger can effectively track and hunt malware by providing more unique fingerprints than other standard tools.     

The epistemic gossip problem

In the gossip problem information (‘secrets’) must be shared among a certain number of agents using the minimum number of calls. We extend the gossip problem to arbitrary epistemic depths. For example, we may require not only that all agents know all secrets but also that all agents know that all agents know all secrets. We give optimal protocols for various versions of this epistemic gossip problem, depending on the graph of communication links, in the case of two-way communication, one-way communication and parallel communication. We show, among other things, that increasing epistemic depth from 1 (all agents know all secrets) to 2 (so that all agents know that all agents know all secrets) does not double the required number of calls but increases this number by $3∕2$ (for a complete graph). We also show that the following counter-intuitive result generalises to the epistemic gossip problem: asymptotically the same number of calls are required whether calls are two-way or one-way.     

Expandable quantum key distribution networks based on secret bits comparison

A scheme of quantum network based on multiuser differential phase shift quantum key distribution system (DPS-QKD) is proposed. In this quantum network, arbitrary two users can achieve secret bits sharing by point-to-multipoint quantum key distribution and secret bits comparison. A protocol of secret bits sharing between arbitrary two users is presented. This network can implement secret bits distribution over 200 km with higher key generation rate by today's technologies. In theory, the capacity of user numbers in this network is unlimited. Hence, our proposed quantum network can serve for a metropolitan QKD network. A wide area QKD network can be constructed with this metropolitan QKD network.     

Nonfragile dynamic output-feedback control for positive singular systems under the switched mechanism and Round-Robin protocol

In this paper, the singular positive system with uncertain parameters and switched structure is analyzed. First of all, a nonfragile dynamic output-feedback controller with Round-Robin protocol is constructed so as to decrease the occupancy of the communication channels and overcome the phenomenon of controller gain fluctuations. Then, the regularity, causality, positivity, and robustly exponential stability of the resultant closed-loop system are discussed respectively by utilizing the method of mode dependent minimum dwell time, mode dependent ranged dwell time, and mode dependent constant dwell time. The explicit design mechanisms of the related controller parameters are simultaneously presented. Finally, two simulation examples are provided to show feasibility of the theoretical results obtained.     

一种基于GMR-1 3G协议栈的自动测试方法

国际标准ISO/IEC9646定义了四种端系统抽象测试方法,其导出的测试框架无法满足第三代对地球同步轨道移动无线接口( Geostationary Earth Orbit Mobile Radio Interface,GMR-1 3G)协议栈测试关于实时性和跨平台性的要求。为了解决这一问题,对中科院提出的“钳形渡口测试法”进行研究,提出了基于GMR-1 3G协议栈的扩展“钳形渡口测试法”,并在实际的协议栈开发中得到应用。在总计与实时性相关的255个测试例执行中,测试通过率为100%。同时,由于利用统一测试框架和统一测试例脚本,既服务于仅有主机的协议逻辑流程测试又服务于仿真真实环境的板级测试,体现了较好的经济性。     

一种链式无线路由协议的液压支架压力监测系统设计

本文研究并设计了一种基于无线传感器网络的液压支架压力信息采集节点,并以此为基础搭建了监测系统平台。首先对无线网络拓扑结构分析,以提高网络整体生命周期为目的,设计了一种链式结构的简单无线路由协议。在此基础上,以CC2530为主处理器完成压力采集节点软、硬件设计。最后,给出了系统采集到的液压支架工作阻力数据。测试结果表明,系统能够实现液压支架压力实时监测功能,满足应用需求。     

基于XCP协议的ECU标定系统开发

为了方便汽车发动机电子控制单元的研发,开发一套性能稳定、功能强大、通用性好的标定软件十分重要。采用国际通用的XCP标定协议,给出使用XCP协议做实时监测和在线标定的方法,基于TI公司的微控制器TMS320F28035,开发了一套发动机标定软件。开发的软件结构清晰,模块化较好,便于移植到其他控制器上,具有一定的实用性和推广价值。     

移动Ad Hoc中基于位置辅助的链路稳定性预测算法

在移动Ad Hoc网络中,随着拓扑的动态变化,路由会发生断裂。传统的稳定路由协议通常定性地考虑链路的质量,并未对链路的稳定性进行有效预测。为了适应网络拓扑的变化,建立稳定性较高的路由,提出了基于位置信息辅助的链路稳定性预测算法,并在AODV协议上进行实现,得到了基于位置辅助的按需距离矢量路由协议,即PB-AODV。在路由发现过程中,协议在节点的稳定区内选择稳定度较高的路由进行数据传送;而在路由维护阶段,PB-AODV采取链路中断预测机制,对即将中断的链路进行通告,在路由中断之前进行路由修复,建立起备份路由。实验表明：具有稳定预测算法的PB-AODV协议在综合性能上优于其他两种性能优良的路由协议,提升了网络的性能。     

KTP倍频器件温度适应性扩展研究

针对目前最常用的KTP倍频晶体, 综合考虑其有效非线性系数和温度半宽度, 采用折中设计有效扩展KTP倍频器件适用温度范围. 对大适用温度范围的KTP倍频器件的设计方法进行了详细的理论分析, 并设计了一种温度半宽度为-20 ℃到50 ℃的KTP倍频器件. 实验结果表明该器件在15 ℃时达到峰值转换效率22.7%, 温度半宽度为70 ℃. 和通常情况下设计的KTP倍频器件相比, 尽管倍频转换效率有所下降, 但显著提高了适用温度范围. 且在温度半宽度高达70 ℃情况下, 其有效非线性系数仍大于LBO, BBO等倍频器件. 该方法对于扩展倍频器件的温度适应性具有普适性.     

Comment on “Deterministic six states protocol for quantum communication” [Phys. Lett. A 358 (2006) 85]

In [J.S. Shaari, M. Lucamarini, M.R.B. Wahiddin, Phys. Lett. A 358 (2006) 85] the deterministic six states protocol (6DP) for quantum communication has been developed. This protocol is based on three mutually unbiased bases and four encoding operators. Information is transmitted between the users via two qubits from different bases. Three attacks have been studied; namely intercept-resend attack (IRA), double-CNOT attack (2CNOTA) and quantum man-in-the-middle attack. In this Letter, we show that the IRA and 2CNOTA are not properly addressed. For instance, we show that the probability of detecting Eve in the control mode of the IRA is 70% instead of 50% in the previous study. Moreover, in the 2CNOTA, Eve can only obtain 50% of the data not all of it as argued earlier.