Visible to the public Biblio

Found 196 results

Filters: First Letter Of Last Name is X  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R S T U V W [X] Y Z   [Show ALL]
Xiang, Z., Cai, Y., Yang, W., Sun, X., Hu, Y..  2017.  Physical layer security of non-orthogonal multiple access in cognitive radio networks. 2017 9th International Conference on Wireless Communications and Signal Processing (WCSP). :1–6.

This paper investigates physical layer security of non-orthogonal multiple access (NOMA) in cognitive radio (CR) networks. The techniques of NOMA and CR have improved the spectrum efficiency greatly in the traditional networks. Because of the difference in principles of spectrum improving, NOMA and CR can be combined together, i.e. CR NOMA network, and have great potential to improving the spectrum efficiency. However the physical layer security in CR NOMA network is different from any single network of NOMA or CR. We will study the physical layer security in underlay CR NOMA network. Firstly, the wiretap network model is constructed according to the technical characteristics of NOMA and CR. In addition, new exact and asymptotic expressions of the security outage probability are derived and been confirmed by simulation. Ultimately, we have studied the effect of some critical factors on security outage probability after simulation.

Xianguo Zhang, Tiejun Huang, Yonghong Tian, Wen Gao.  2014.  Background-Modeling-Based Adaptive Prediction for Surveillance Video Coding. Image Processing, IEEE Transactions on. 23:769-784.

The exponential growth of surveillance videos presents an unprecedented challenge for high-efficiency surveillance video coding technology. Compared with the existing coding standards that were basically developed for generic videos, surveillance video coding should be designed to make the best use of the special characteristics of surveillance videos (e.g., relative static background). To do so, this paper first conducts two analyses on how to improve the background and foreground prediction efficiencies in surveillance video coding. Following the analysis results, we propose a background-modeling-based adaptive prediction (BMAP) method. In this method, all blocks to be encoded are firstly classified into three categories. Then, according to the category of each block, two novel inter predictions are selectively utilized, namely, the background reference prediction (BRP) that uses the background modeled from the original input frames as the long-term reference and the background difference prediction (BDP) that predicts the current data in the background difference domain. For background blocks, the BRP can effectively improve the prediction efficiency using the higher quality background as the reference; whereas for foreground-background-hybrid blocks, the BDP can provide a better reference after subtracting its background pixels. Experimental results show that the BMAP can achieve at least twice the compression ratio on surveillance videos as AVC (MPEG-4 Advanced Video Coding) high profile, yet with a slightly additional encoding complexity. Moreover, for the foreground coding performance, which is crucial to the subjective quality of moving objects in surveillance videos, BMAP also obtains remarkable gains over several state-of-the-art methods.

Xianqing Yu, P. Ning, M. A. Vouk.  2015.  Enhancing security of Hadoop in a public cloud. Information and Communication Systems (ICICS), 2015 6th International Conference on. :38-43.

Hadoop has become increasingly popular as it rapidly processes data in parallel. Cloud computing gives reliability, flexibility, scalability, elasticity and cost saving to cloud users. Deploying Hadoop in cloud can benefit Hadoop users. Our evaluation exhibits that various internal cloud attacks can bypass current Hadoop security mechanisms, and compromised Hadoop components can be used to threaten overall Hadoop. It is urgent to improve compromise resilience, Hadoop can maintain a relative high security level when parts of Hadoop are compromised. Hadoop has two vulnerabilities that can dramatically impact its compromise resilience. The vulnerabilities are the overloaded authentication key, and the lack of fine-grained access control at the data access level. We developed a security enhancement for a public cloud-based Hadoop, named SEHadoop, to improve the compromise resilience through enhancing isolation among Hadoop components and enforcing least access privilege for Hadoop processes. We have implemented the SEHadoop model, and demonstrated that SEHadoop fixes the above vulnerabilities with minimal or no run-time overhead, and effectively resists related attacks.

Xiao-Bing Hu, Ming Wang, Leeson, M.S..  2014.  Calculating the complete pareto front for a special class of continuous multi-objective optimization problems. Evolutionary Computation (CEC), 2014 IEEE Congress on. :290-297.

Existing methods for multi-objective optimization usually provide only an approximation of a Pareto front, and there is little theoretical guarantee of finding the real Pareto front. This paper is concerned with the possibility of fully determining the true Pareto front for those continuous multi-objective optimization problems for which there are a finite number of local optima in terms of each single objective function and there is an effective method to find all such local optima. To this end, some generalized theoretical conditions are firstly given to guarantee a complete cover of the actual Pareto front for both discrete and continuous problems. Then based on such conditions, an effective search procedure inspired by the rising sea level phenomenon is proposed particularly for continuous problems of the concerned class. Even for general continuous problems to which not all local optima are available, the new method may still work well to approximate the true Pareto front. The good practicability of the proposed method is especially underpinned by multi-optima evolutionary algorithms. The advantages of the proposed method in terms of both solution quality and computational efficiency are illustrated by the simulation results.

Xiao-Mei, Liu, Yong, Qian.  2019.  Research on LED lightweight cryptographic algorithm based on RFID tag of Internet of things. 2019 IEEE 8th Joint International Information Technology and Artificial Intelligence Conference (ITAIC). :1717–1720.
In recent years, with the rapid development of Internet of things, RFID tags have been widely used, in due to the chip used in radio frequency identification (RFID) tags is more demanding for resources, which also brings a great threat to the safety performance of cryptographic algorithms in differential power analysis (DPA). For this purpose, it is necessary to study the LED lightweight cryptography algorithm of RFID tags in the Internet of things, so as to explore a lightweight and secure cryptographic algorithm which can be applied to RFID Tags. In this paper, through the combination of Piccolo cryptographic algorithm and the new DPA protection technology threshold, we propose a LED lightweight cryptographic algorithm which can be applied to the RFID tag of the Internet of things. With the help of improve d exhaustive search and Boolean expression reconstruction, the two methods share the implementation of the S -box and the InvS-box, thereby effectively solves the burr threat problem of the S-box and the InvS-box in the sharing implementation process, the security performance of the algorithm is evaluated by the DPA attack of FPGA. The results show that the algorithm can achieve lightweight and security performance at the same time, can effectively meet the light and security requirements of RFID tag chip of Internet of things for cryptographic algorithms.
Xiao, Heng, Hatanaka, Toshiharu.  2018.  Hybrid Swarm of Particle Swarm with Firefly for Complex Function Optimization. Proceedings of the Genetic and Evolutionary Computation Conference Companion. :73–74.
Swarm intelligence is rather a simple implementation but has a good performance in function optimization. There are a variety of instances of swarm model and has its inherent dynamic property. In this study we consider a hybrid swarm model where agents complement each other using its native property. Employing popular swarm intelligence model Particle swarm and Firefly we consider hybridization methods in this study. This paper presents a hybridization that agents in Particle swarm selected by a simple rule or a random choice are changing its property to Firefly. Numerical studies are carried out by using complex function optimization benchmarks, the proposed method gives better performance compared with standard PSO.
Xiao, Jiaping, Jiang, Jianchun.  2018.  Real-time Security Evaluation for Unmanned Aircraft Systems under Data-driven Attacks*. 2018 13th World Congress on Intelligent Control and Automation (WCICA). :842—847.

With rapid advances in the fields of the Internet of Things and autonomous systems, the network security of cyber-physical systems(CPS) becomes more and more important. This paper focuses on the real-time security evaluation for unmanned aircraft systems which are cyber-physical systems relying on information communication and control system to achieve autonomous decision making. Our problem formulation is motivated by scenarios involving autonomous unmanned aerial vehicles(UAVs) working continuously under data-driven attacks when in an open, uncertain, and even hostile environment. Firstly, we investigated the state estimation method in CPS integrated with data-driven attacks model, and then proposed a real-time security scoring algorithm to evaluate the security condition of unmanned aircraft systems under different threat patterns, considering the vulnerability of the systems and consequences brought by data attacks. Our simulation in a UAV illustrated the efficiency and reliability of the algorithm.

Xiao, K., Forte, D., Tehranipoor, M. M..  2015.  Efficient and secure split manufacturing via obfuscated built-in self-authentication. 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). :14–19.

The threats of reverse-engineering, IP piracy, and hardware Trojan insertion in the semiconductor supply chain are greater today than ever before. Split manufacturing has emerged as a viable approach to protect integrated circuits (ICs) fabricated in untrusted foundries, but has high cost and/or high performance overhead. Furthermore, split manufacturing cannot fully prevent untargeted hardware Trojan insertions. In this paper, we propose to insert additional functional circuitry called obfuscated built-in self-authentication (OBISA) in the chip layout with split manufacturing process, in order to prevent reverse-engineering and further prevent hardware Trojan insertion. Self-tests are performed to authenticate the trustworthiness of the OBISA circuitry. The OBISA circuit is connected to original design in order to increase the strength of obfuscation, thereby allowing a higher layer split and lower overall cost. Additional fan-outs are created in OBISA circuitry to improve obfuscation without losing testability. Our proposed gating mechanism and net selection method can ensure negligible overhead in terms of area, timing, and dynamic power. Experimental results demonstrate the effectiveness of the proposed technique in several benchmark circuits.

Xiao, K., Forte, D., Jin, Y., Karri, R., Bhunia, S., Tehranipoor, M..  2016.  Hardware Trojans: Lessons Learned After One Decade of Research. ACM Trans. Des. Autom. Electron. Syst.. 22:6:1–6:23.

Given the increasing complexity of modern electronics and the cost of fabrication, entities from around the globe have become more heavily involved in all phases of the electronics supply chain. In this environment, hardware Trojans (i.e., malicious modifications or inclusions made by untrusted third parties) pose major security concerns, especially for those integrated circuits (ICs) and systems used in critical applications and cyber infrastructure. While hardware Trojans have been explored significantly in academia over the last decade, there remains room for improvement. In this article, we examine the research on hardware Trojans from the last decade and attempt to capture the lessons learned. A comprehensive adversarial model taxonomy is introduced and used to examine the current state of the art. Then the past countermeasures and publication trends are categorized based on the adversarial model and topic. Through this analysis, we identify what has been covered and the important problems that are underinvestigated. We also identify the most critical lessons for those new to the field and suggest a roadmap for future hardware Trojan research.

Xiao, Kaiming, Zhu, Cheng, Xie, Junjie, Zhou, Yun, Zhu, Xianqiang, Zhang, Weiming.  2018.  Dynamic Defense Strategy against Stealth Malware Propagation in Cyber-Physical Systems. IEEE INFOCOM 2018 - IEEE Conference on Computer Communications. :1790–1798.
Stealth malware, a representative tool of advanced persistent threat (APT) attacks, in particular poses an increased threat to cyber-physical systems (CPS). Due to the use of stealthy and evasive techniques (e.g., zero-day exploits, obfuscation techniques), stealth malwares usually render conventional heavyweight countermeasures (e.g., exploits patching, specialized ant-malware program) inapplicable. Light-weight countermeasures (e.g., containment techniques), on the other hand, can help retard the spread of stealth malwares, but the ensuing side effects might violate the primary safety requirement of CPS. Hence, defenders need to find a balance between the gain and loss of deploying light-weight countermeasures. To address this challenge, we model the persistent anti-malware process as a shortest-path tree interdiction (SPTI) Stackelberg game, and safety requirements of CPS are introduced as constraints in the defender's decision model. Specifically, we first propose a static game (SSPTI), and then extend it to a multi-stage dynamic game (DSPTI) to meet the need of real-time decision making. Both games are modelled as bi-level integer programs, and proved to be NP-hard. We then develop a Benders decomposition algorithm to achieve the Stackelberg Equilibrium of SSPTI. Finally, we design a model predictive control strategy to solve DSPTI approximately by sequentially solving an approximation of SSPTI. The extensive simulation results demonstrate that the proposed dynamic defense strategy can achieve a balance between fail-secure ability and fail-safe ability while retarding the stealth malware propagation in CPS.
Xiao, Lijun, Huang, Weihong, Deng, Han, Xiao, Weidong.  2019.  A hardware intellectual property protection scheme based digital compression coding technology. 2019 IEEE International Conference on Smart Cloud (SmartCloud). :75—79.

This paper presents a scheme of intellectual property protection of hardware circuit based on digital compression coding technology. The aim is to solve the problem of high embedding cost and low resource utilization of IP watermarking. In this scheme, the watermark information is preprocessed by dynamic compression coding around the idle circuit of FPGA, and the free resources of the surrounding circuit are optimized that the IP watermark can get the best compression coding model while the extraction and detection of IP core watermark by activating the decoding function. The experimental results show that this method not only expands the capacity of watermark information, but also reduces the cost of watermark and improves the security and robustness of watermark algorithm.

Xiao, Lili, Xuan, Guixin, Wu, Yongbin.  2018.  An Improved Digital Chaotic Encoder. Proceedings of the 3rd International Conference on Multimedia Systems and Signal Processing. :114–118.
Aiming at the defect that the decoder does not need to be initialized before decoding and the attackers can easily reconstruct the decoder structure, a new method of codec improvement is proposed. The improved decoder can restore the original information sequence correctly only when the initial state of the coder and decoder is the same. The simulation results show that the improved chaotic codec structure has better confidentiality than the original structure.
Xiao, Lili, Xiang, Shuangqing, Zhuy, Huibiao.  2018.  Modeling and Verifying SDN with Multiple Controllers. Proceedings of the 33rd Annual ACM Symposium on Applied Computing. :419-422.

SDN (Software Defined Network) with multiple controllers draws more attention for the increasing scale of the network. The architecture can handle what SDN with single controller is not able to address. In order to understand what this architecture can accomplish and face precisely, we analyze it with formal methods. In this paper, we apply CSP (Communicating Sequential Processes) to model the routing service of SDN under HyperFlow architecture based on OpenFlow protocol. By using model checker PAT (Process Analysis Toolkit), we verify that the models satisfy three properties, covering deadlock freeness, consistency and fault tolerance.

Xiao, Litian, Xiao, Nan, Li, Mengyuan, Liu, Zhanqing, Wang, Fei, Li, Yuliang, Hou, Kewen.  2019.  Intelligent Architecture and Hybrid Model of Ground and Launch System for Advanced Launch Site. 2019 IEEE Aerospace Conference. :1–12.
This paper proposes an intelligent functional architecture for an advanced launch site system that is composed of five parts: the intelligent technical area, the intelligent launching region, the intelligent flight and landing area, the intelligent command and control system, and the intelligent analysis assessment system. The five parts consist of the infrastructure, facilities, equipment, hardware and software and thus include the whole mission processes of ground and launch systems from flight articles' entry to launch. The architectural framework is designed for the intelligent elements of the parts. The framework is also defined as the interrelationship and the interface of the elements, including the launch vehicle and flight payloads. Based on the Internet of Things (IoT), the framework is integrated on four levels: the physical layer, the perception layer, the network layer, and the application layer. The physical layer includes the physical objects and actuators of the launch site. The perception layer consists of the sensors and data processing system. The network layer supplies the access gateways and backbone network. The application layer serves application systems through the middleware platform. The core of the intelligent system is the controller of the automatic control system crossing the four layers. This study builds the models of the IoT, cloud platform, middleware, integrated access gateway, and automatic control system for actual ground and launch systems. A formal approach describes and defines the architecture, models and autonomous control flows in the paper. The defined models describe the physical objects, intelligent elements, interface relations, status transformation functions, etc. The test operation and launch processes are connected with the intelligent system model. This study has been applied to an individual mission project and achieved good results. The architecture and the models of this study regulate the relationship between the elements of the intelligent system. The study lays a foundation for the architectural construction, the simulation and the verification of the intelligent systems at the launch site.
Xiao, R., Li, X., Pan, M., Zhao, N., Jiang, F., Wang, X..  2020.  Traffic Off-Loading over Uncertain Shared Spectrums with End-to-End Session Guarantee. 2020 IEEE 92nd Vehicular Technology Conference (VTC2020-Fall). :1–5.
As a promising solution of spectrum shortage, spectrum sharing has received tremendous interests recently. However, under different sharing policies of different licensees, the shared spectrum is heterogeneous both temporally and spatially, and is usually uncertain due to the unpredictable activities of incumbent users. In this paper, considering the spectrum uncertainty, we propose a spectrum sharing based delay-tolerant traffic off-loading (SDTO) scheme. To capture the available heterogeneous shared bands, we adopt a mesh cognitive radio network and employ the multi-hop transmission mode. To statistically guarantee the end-to-end (E2E) session request under the uncertain spectrum supply, we formulate the SDTO scheme into a stochastic optimization problem, which is transformed into a mixed integer nonlinear programming (MINLP) problem. Then, a coarse-fine search based iterative heuristic algorithm is proposed to solve the MINLP problem. Simulation results demonstrate that the proposed SDTO scheme can well schedule the network resource with an E2E session guarantee.
Xiao, Tianran, Tong, Wei, Lei, Xia, Liu, Jingning, Liu, Bo.  2019.  Per-File Secure Deletion for Flash-Based Solid State Drives. 2019 IEEE International Conference on Networking, Architecture and Storage (NAS). :1—8.

File update operations generate many invalid flash pages in Solid State Drives (SSDs) because of the-of-place update feature. If these invalid flash pages are not securely deleted, they will be left in the “missing” state, resulting in leakage of sensitive information. However, deleting these invalid pages in real time greatly reduces the performance of SSD. In this paper, we propose a Per-File Secure Deletion (PSD) scheme for SSD to achieve non-real-time secure deletion. PSD assigns a globally unique identifier (GUID) to each file to quickly locate the invalid data blocks and uses Security-TRIM command to securely delete these invalid data blocks. Moreover, we propose a PSD-MLC scheme for Multi-Level Cell (MLC) flash memory. PSD-MLC distributes the data blocks of a file in pairs of pages to avoid the influence of programming crosstalk between paired pages. We evaluate our schemes on different hardware platforms of flash media, and the results prove that PSD and PSD-MLC only have little impact on the performance of SSD. When the cache is disabled and enabled, compared with the system without the secure deletion, PSD decreases SSD throughput by 1.3% and 1.8%, respectively. PSD-MLC decreases SSD throughput by 9.5% and 10.0%, respectively.

Xiao, Tianrui, Khisti, Ashish.  2019.  Maximal Information Leakage based Privacy Preserving Data Disclosure Mechanisms. 2019 16th Canadian Workshop on Information Theory (CWIT). :1–6.
It is often necessary to disclose training data to the public domain, while protecting privacy of certain sensitive labels. We use information theoretic measures to develop such privacy preserving data disclosure mechanisms. Our mechanism involves perturbing the data vectors to strike a balance in the privacy-utility trade-off. We use maximal information leakage between the output data vector and the confidential label as our privacy metric. We first study the theoretical Bernoulli-Gaussian model and study the privacy-utility trade-off when only the mean of the Gaussian distributions can be perturbed. We show that the optimal solution is the same as the case when the utility is measured using probability of error at the adversary. We then consider an application of this framework to a data driven setting and provide an empirical approximation to the Sibson mutual information. By performing experiments on the MNIST and FERG data sets, we show that our proposed framework achieves equivalent or better privacy than previous methods based on mutual information.
Xiao, Y., Zhang, N., Lou, W., Hou, Y. T..  2020.  Modeling the Impact of Network Connectivity on Consensus Security of Proof-of-Work Blockchain. IEEE INFOCOM 2020 - IEEE Conference on Computer Communications. :1648—1657.

Blockchain, the technology behind the popular Bitcoin, is considered a "security by design" system as it is meant to create security among a group of distrustful parties yet without a central trusted authority. The security of blockchain relies on the premise of honest-majority, namely, the blockchain system is assumed to be secure as long as the majority of consensus voting power is honest. And in the case of proof-of-work (PoW) blockchain, adversaries cannot control more than 50% of the network's gross computing power. However, this 50% threshold is based on the analysis of computing power only, with implicit and idealistic assumptions on the network and node behavior. Recent researches have alluded that factors such as network connectivity, presence of blockchain forks, and mining strategy could undermine the consensus security assured by the honest-majority, but neither concrete analysis nor quantitative evaluation is provided. In this paper we fill the gap by proposing an analytical model to assess the impact of network connectivity on the consensus security of PoW blockchain under different adversary models. We apply our analytical model to two adversarial scenarios: 1) honest-but-potentially-colluding, 2) selfish mining. For each scenario, we quantify the communication capability of nodes involved in a fork race and estimate the adversary's mining revenue and its impact on security properties of the consensus protocol. Simulation results validated our analysis. Our modeling and analysis provide a paradigm for assessing the security impact of various factors in a distributed consensus system.

Xiao, Yonggang, Liu, Yanbing.  2019.  BayesTrust and VehicleRank: Constructing an Implicit Web of Trust in VANET. IEEE Transactions on Vehicular Technology. 68:2850–2864.
As Vehicular Ad hoc Network (VANET) features random topology and accommodates freely connected nodes, it is important that the cooperation among the nodes exists. This paper proposes a trust model called Implicit Web of Trust in VANET (IWOT-V) to reason out the trustworthiness of vehicles. Such that untrusted nodes can be identified and avoided when we make a decision regarding whom to follow or cooperate with. Furthermore, the performance of Cooperative Intelligent Transport System (C-ITS) applications improves. The idea of IWOT-V is mainly inspired by web page ranking algorithms such as PageRank. Although there does not exist explicit link structure in VANET because of random topology and dynamic connections, social trust relationship among vehicles exists and an implicit web of trust can be derived. To accomplish the derivation, two algorithms are presented, i.e., BayesTrust and VehicleRank. They are responsible for deriving the local and global trust relationships, respectively. The simulation results show that IWOT-V can accurately identify trusted and untrusted nodes if enough local trust information is collected. The performance of IWOT-V affected by five threat models is demonstrated, and the related discussions are also given.
Xiao, Yuan, Li, Mengyuan, Chen, Sanchuan, Zhang, Yinqian.  2017.  STACCO: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. :859–874.
Intel Software Guard Extension (SGX) offers software applications a shielded execution environment, dubbed enclave, to protect their confidentiality and integrity from malicious operating systems. As processors with this extended feature become commercially available, many new software applications are developed to enrich to the SGX-enabled ecosystem. One important primitive for these applications is a secure communication channel between the enclave and a remote trusted party. The SSL/TLS protocol, which is the de facto standard for protecting transport-layer network communications, has been broadly regarded a natural choice for such purposes. However, in this paper, we show that the marriage between SGX and SSL may not be smooth sailing. Particularly, we consider a category of side-channel attacks against SSL/TLS implementations in secure enclaves, which we call the control-flow inference attacks. In these attacks, the malicious operating system kernel may perform a powerful man-in-the-kernel attack to collect execution traces of the enclave programs at the page level, the cacheline level, or the branch level, while positioning itself in the middle of the two communicating parties. At the center of our work is a differential analysis framework, dubbed Stacco, to dynamically analyze the SSL/TLS implementations and detect vulnerabilities-discernible execution traces-that can be exploited as decryption oracles. Surprisingly, in spite of the prevailing constant-time programming paradigm adopted by many cryptographic libraries, we found exploitable vulnerabilities in the latest versions of all the SSL/TLS libraries we have examined. To validate the detected vulnerabilities, we developed a man-in-the-kernel adversary to demonstrate Bleichenbacher attacks against the latest OpenSSL library running in the SGX enclave (with the help of Graphene) and completely broke the PreMasterSecret encrypted by a 4096-bit RSA public key with only 57286 queries. We also conducted CBC padding oracle attacks against the latest GnuTLS running in Graphene-SGX and an open-source SGX implementation of mbedTLS (i.e., mbedTLS-SGX) that runs directly inside the enclave, and showed that it only needs 48388 and 25717 queries, respectively, to break one block of AES ciphertext. Empirical evaluation suggests these man-in-the-kernel attacks can be completed within 1 or 2 hours. Our results reveal the insufficient understanding of side-channel security in SGX settings, and our study will provoke discussions on the secure implementation and adoption of SSL/TLS in secure enclaves.
Xiao, Zeli, Zhou, Zhiguo, Yang, Wenwei, Deng, Chunyan.  2017.  An Approach for SQL Injection Detection Based on Behavior and Response Analysis - IEEE Conference Publication.

Nowadays the Internet is closely related to our daily life. We enjoy the quality of service the provided by The Internet at the same time, but also suffer from the threat of network security. Among the many threats, SQL injection attacks are ranked in the first place. SQL injection attack refers to “when the user sends a request to the server, the malicious SQL command will be inserted into the web form or request URL parameters, leading to the server to perform illegal SQL query. The existing SQL injection detection methods include static analysis, dynamic analysis, parameterized query, intrusion detection system, parameter filtering and so on. However, these methods have some defects. Static analysis method can only detect the type and grammatical errors of SQL. Dynamic analysis can only detect the vulnerability predefined by application developers. Parameter filtering is based on regular expressions and black list to filter invalid characters. This method needs predefined regular expressions, but due to the diversity of SQL syntax and user input, resulting in a regular expression can't meet the requirements of detection, and has the defects that the attackers bypass detection to inject by the way of encoding parameters. In this paper, we propose a new approach to detect and prevent SQL injection. Our approach is based on the attack behavior and the analysis of response and state of the web application under different attacks. Our method perfectly solves the problems existing in methods mentioned above, and has higher accuracy.

Xiaochun Cao, Na Liu, Ling Du, Chao Li.  2014.  Preserving privacy for video surveillance via visual cryptography. Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit International Conference on. :607-610.

The video surveillance widely installed in public areas poses a significant threat to the privacy. This paper proposes a new privacy preserving method via the Generalized Random-Grid based Visual Cryptography Scheme (GRG-based VCS). We first separate the foreground from the background for each video frame. These foreground pixels contain the most important information that needs to be protected. Every foreground area is encrypted into two shares based on GRG-based VCS. One share is taken as the foreground, and the other one is embedded into another frame with random selection. The content of foreground can only be recovered when these two shares are got together. The performance evaluation on several surveillance scenarios demonstrates that our proposed method can effectively protect sensitive privacy information in surveillance videos.

Xiaofan He, Mohammad M. Islam, Richeng Jin, Huaiyu Dai.  2017.  Foresighted Deception in Dynamic Security Games. IEEE International Conference on Communications (ICC).
Xiaofan He, Mohammad M. Islam, Richeng Jin, Huaiyu Dai.  2017.  Foresighted Deception in Dynamic Security Games. IEEE International Conference on Communications (ICC).
Xiaofan He, Huaiyu Dai, Peng Ning, Rudra Dutta.  2015.  Dynamic IDS Configuration in the Presence of Intruder Type Uncertainty. IEEE Global Conference on Communications (GLOBECOM).

Intrusion detection systems (IDSs) assume increasingly importance in past decades as information systems become ubiquitous. Despite the abundance of intrusion detection algorithms developed so far, there is still no single detection algorithm or procedure that can catch all possible intrusions; also, simultaneously running all these algorithms may not be feasible for practical IDSs due to resource limitation. For these reasons, effective IDS configuration becomes crucial for real-time intrusion detection. However, the uncertainty in the intruder’s type and the (often unknown) dynamics involved with the target system pose challenges to IDS configuration. Considering these challenges, the IDS configuration problem is formulated as an incomplete information stochastic game in this work, and a new algorithm, Bayesian Nash-Q learning, that combines conventional reinforcement learning with a Bayesian type identification procedure is proposed. Numerical results show that the proposed algorithm can identify the intruder’s type with high fidelity and provide effective configuration.