Visible to the public Biblio

Found 652 results

Filters: First Letter Of Last Name is X  [Clear All Filters]
In Press
Welk, A., Zielinska, O., Tembe, R., Xe, G., Hong, K. W., Murphy-Hill, E., Mayhorn, C. B..  In Press.  Will the “Phisher-men” Reel you in? Assessing Individual Differences in a Phishing Detection Task International Journal of Cyber Behavior, Psychology, and Learning. .

Phishing is an act of technology-based deception that targets individuals to obtain information. To minimize the number of phishing attacks, factors that influence the ability to identify phishing attempts must be examined. The present study aimed to determine how individual differences relate to performance on a phishing task. Undergraduate students completed a questionnaire designed to assess impulsivity, trust, personality characteristics, and Internet/security habits. Participants performed an email task where they had to discriminate between legitimate emails and phishing attempts. Researchers assessed performance in terms of correctly identifying all email types (overall accuracy) as well as accuracy in identifying phishing emails (phishing accuracy). Results indicated that overall and phishing accuracy each possessed unique trust, personality, and impulsivity predictors, but shared one significant behavioral predictor. These results present distinct predictors of phishing susceptibility that should be incorporated in the development of anti-phishing technology and training.

Xu, J., Howard, A..  2020.  How much do you Trust your Self-Driving Car? Exploring Human-Robot Trust in High-Risk Scenarios 2020 IEEE International Conference on Systems, Man, and Cybernetics (SMC). :4273—4280.

Trust is an important characteristic of successful interactions between humans and agents in many scenarios. Self-driving scenarios are of particular relevance when discussing the issue of trust due to the high-risk nature of erroneous decisions being made. The present study aims to investigate decision-making and aspects of trust in a realistic driving scenario in which an autonomous agent provides guidance to humans. To this end, a simulated driving environment based on a college campus was developed and presented. An online and an in-person experiment were conducted to examine the impacts of mistakes made by the self-driving AI agent on participants’ decisions and trust. During the experiments, participants were asked to complete a series of driving tasks and make a sequence of decisions in a time-limited situation. Behavior analysis indicated a similar relative trend in the decisions across these two experiments. Survey results revealed that a mistake made by the self-driving AI agent at the beginning had a significant impact on participants’ trust. In addition, similar overall experience and feelings across the two experimental conditions were reported. The findings in this study add to our understanding of trust in human-robot interaction scenarios and provide valuable insights for future research work in the field of human-robot trust.

Wang, W., Zhang, X., Dong, L., Fan, Y., Diao, X., Xu, T..  2020.  Network Attack Detection based on Domain Attack Behavior Analysis. 2020 13th International Congress on Image and Signal Processing, BioMedical Engineering and Informatics (CISP-BMEI). :962—965.

Network security has become an important issue in our work and life. Hackers' attack mode has been upgraded from normal attack to APT( Advanced Persistent Threat, APT) attack. The key of APT attack chain is the penetration and intrusion of active directory, which can not be completely detected via the traditional IDS and antivirus software. Further more, lack of security protection of existing solutions for domain control aggravates this problem. Although researchers have proposed methods for domain attack detection, many of them have not yet been converted into effective market-oriented products. In this paper, we analyzes the common domain intrusion methods, various domain related attack behavior characteristics were extracted from ATT&CK matrix (Advanced tactics, techniques, and common knowledge) for analysis and simulation test. Based on analyzing the log file generated by the attack, the domain attack detection rules are established and input into the analysis engine. Finally, the available domain intrusion detection system is designed and implemented. Experimental results show that the network attack detection method based on the analysis of domain attack behavior can analyze the log file in real time and effectively detect the malicious intrusion behavior of hackers , which could facilitate managers find and eliminate network security threats immediately.

Zhang, H., Zhang, D., Chen, H., Xu, J..  2020.  Improving Efficiency of Pseudonym Revocation in VANET Using Cuckoo Filter. 2020 IEEE 20th International Conference on Communication Technology (ICCT). :763–769.
In VANETs, pseudonyms are often used to replace the identity of vehicles in communication. When vehicles drive out of the network or misbehave, their pseudonym certificates need to be revoked by the certificate authority (CA). The certificate revocation lists (CRLs) are usually used to store the revoked certificates before their expiration. However, using CRLs would incur additional storage, communication and computation overhead. Some existing schemes have proposed to use Bloom Filter to compress the original CRLs, but they are unable to delete the expired certificates and introduce the false positive problem. In this paper, we propose an improved pseudonym certificates revocation scheme, using Cuckoo Filter for compression to reduce the impact of these problems. In order to optimize deletion efficiency, we propose the concept of Certificate Expiration List (CEL) which can be implemented with priority queue. The experimental results show that our scheme can effectively reduce the storage and communication overhead of pseudonym certificates revocation, while retaining moderately low false positive rates. In addition, our scheme can also greatly improve the lookup performance on CRLs, and reduce the revocation operation costs by allowing deletion.
Luo, Yukui, Gongye, Cheng, Ren, Shaolei, Fei, Yunsi, Xu, Xiaolin.  2020.  Stealthy-Shutdown: Practical Remote Power Attacks in Multi - Tenant FPGAs. 2020 IEEE 38th International Conference on Computer Design (ICCD). :545–552.
With the deployment of artificial intelligent (AI) algorithms in a large variety of applications, there creates an increasing need for high-performance computing capabilities. As a result, different hardware platforms have been utilized for acceleration purposes. Among these hardware-based accelerators, the field-programmable gate arrays (FPGAs) have gained a lot of attention due to their re-programmable characteristics, which provide customized control logic and computing operators. For example, FPGAs have recently been adopted for on-demand cloud services by the leading cloud providers like Amazon and Microsoft, providing acceleration for various compute-intensive tasks. While the co-residency of multiple tenants on a cloud FPGA chip increases the efficiency of resource utilization, it also creates unique attack surfaces that are under-explored. In this paper, we exploit the vulnerability associated with the shared power distribution network on cloud FPGAs. We present a stealthy power attack that can be remotely launched by a malicious tenant, shutting down the entire chip and resulting in denial-of-service for other co-located benign tenants. Specifically, we propose stealthy-shutdown: a well-timed power attack that can be implemented in two steps: (1) an attacker monitors the realtime FPGA power-consumption detected by ring-oscillator-based voltage sensors, and (2) when capturing high power-consuming moments, i.e., the power consumption by other tenants is above a certain threshold, she/he injects a well-timed power load to shut down the FPGA system. Note that in the proposed attack strategy, the power load injected by the attacker only accounts for a small portion of the overall power consumption; therefore, such attack strategy remains stealthy to the cloud FPGA operator. We successfully implement and validate the proposed attack on three FPGA evaluation kits with running real-world applications. The proposed attack results in a stealthy-shutdown, demonstrating severe security concerns of co-tenancy on cloud FPGAs. We also offer two countermeasures that can mitigate such power attacks.
Xie, J., She, H., Chen, X., Zhang, H., Niu, Y..  2020.  Test Method for Automatic Detection Capability of Civil Aviation Security Equipment Using Bayesian Estimation. 2020 IEEE 2nd International Conference on Civil Aviation Safety and Information Technology (ICCASIT. :831–835.
There are a lot of emerging security equipment required to be tested on detection rate (DR) and false alarm rate (FAR) for prohibited items. This article imports Bayesian approach to accept or reject DR and FAR. The detailed quantitative predictions can be made through the posterior distribution obtained by Markov chain Monte Carlo method. Based on this, HDI + ROPE decision rule is established. For the tests that need to make early decision, HDI + ROPE stopping rule is presented with biased estimate value, and criterial precision rule is presented with unbiased estimate value. Choosing the stopping rule according to the test purpose can achieve the balance of efficiency and accuracy.
Liu, Y., Lin, F. Y., Ahmad-Post, Z., Ebrahimi, M., Zhang, N., Hu, J. L., Xin, J., Li, W., Chen, H..  2020.  Identifying, Collecting, and Monitoring Personally Identifiable Information: From the Dark Web to the Surface Web. 2020 IEEE International Conference on Intelligence and Security Informatics (ISI). :1—6.

Personally identifiable information (PII) has become a major target of cyber-attacks, causing severe losses to data breach victims. To protect data breach victims, researchers focus on collecting exposed PII to assess privacy risk and identify at-risk individuals. However, existing studies mostly rely on exposed PII collected from either the dark web or the surface web. Due to the wide exposure of PII on both the dark web and surface web, collecting from only the dark web or the surface web could result in an underestimation of privacy risk. Despite its research and practical value, jointly collecting PII from both sources is a non-trivial task. In this paper, we summarize our effort to systematically identify, collect, and monitor a total of 1,212,004,819 exposed PII records across both the dark web and surface web. Our effort resulted in 5.8 million stolen SSNs, 845,000 stolen credit/debit cards, and 1.2 billion stolen account credentials. From the surface web, we identified and collected over 1.3 million PII records of the victims whose PII is exposed on the dark web. To the best of our knowledge, this is the largest academic collection of exposed PII, which, if properly anonymized, enables various privacy research inquiries, including assessing privacy risk and identifying at-risk populations.

Wu, Xiaohe, Xu, Jianbo, Huang, Weihong, Jian, Wei.  2020.  A new mutual authentication and key agreement protocol in wireless body area network. 2020 IEEE International Conference on Smart Cloud (SmartCloud). :199—203.

Due to the mobility and openness of wireless body area networks (WBANs), the security of WBAN has been questioned by people. The patient's physiological information in WBAN is sensitive and confidential, which requires full consideration of user anonymity, untraceability, and data privacy protection in key agreement. Aiming at the shortcomings of Li et al.'s protocol in terms of anonymity and session unlinkability, forward/backward confidentiality, etc., a new anonymous mutual authentication and key agreement protocol was proposed on the basis of the protocol. This scheme only uses XOR and the one-way hash operations, which not only reduces communication consumption but also ensures security, and realizes a truly lightweight anonymous mutual authentication and key agreement protocol.

Xing, Hang, Zhou, Chunjie, Ye, Xinhao, Zhu, Meipan.  2020.  An Edge-Cloud Synergy Integrated Security Decision-Making Method for Industrial Cyber-Physical Systems. 2020 IEEE 9th Data Driven Control and Learning Systems Conference (DDCLS). :989–995.
With the introduction of new technologies such as cloud computing and big data, the security issues of industrial cyber-physical systems (ICPSs) have become more complicated. Meanwhile, a lot of current security research lacks adaptation to industrial system upgrades. In this paper, an edge-cloud synergy framework for security decision-making is proposed, which takes advantage of the huge convenience and advantages brought by cloud computing and edge computing, and can make security decisions on a global perspective. Under this framework, a combination of Bayesian network-based risk assessment and stochastic game model-based security decision-making is proposed to generate an optimal defense strategy to minimize system losses. This method trains models in the clouds and infers at the edge computing nodes to achieve rapid defense strategy generation. Finally, a case study on the hardware-in-the-loop simulation platform proves the feasibility of the approach.
Wang, M., Xiao, J., Cai, Z..  2020.  An effective technique preventing differential cryptanalysis attack. 2020 IEEE 29th Asian Test Symposium (ATS). :1—6.
In this paper, an adaptive scan chain structure based plaintext analysis technique is proposed. The technology is implemented by three circuits, including adaptive scan chain circuit, plaintext analysis circuit and controller circuit. The plaintext is analyzed whether meet the characteristics of the differential cryptanalysis in the plaintext analysis module. The adaptive scan chain contains MUX, XOR and traditional scan chain, which is easy to implement. If the last bit of two plaintexts differs by one, the adaptive scan chain is controlled to input them into different scan chain. Compared with complicated scan chain, the structure of adaptive scan chain is variable and can mislead attackers who use differential cryptanalysis attack. Through experimental analysis, it is proved that the security of the adaptive scan chain structure is greatly improved.
Lu, Chang, Lei, Xiaochun, Xie, Junlin, Wang, Xiaolong, Mu, XiangBoge.  2020.  Panoptic Feature Pyramid Network Applications In Intelligent Traffic. 2020 16th International Conference on Computational Intelligence and Security (CIS). :40–43.
Intelligenta transportation is an important part of urban development. The core of realizing intelligent transportation is to master the urban road condition. This system processes the video of dashcam based on the Panoptic Segmentation network and adds a tracking module based on the comparison of front and rear frames and KM algorithm. The system mainly includes the following parts: embedded device, Panoptic Feature Pyramid Network, cloud server and Web site.
Xiao, R., Li, X., Pan, M., Zhao, N., Jiang, F., Wang, X..  2020.  Traffic Off-Loading over Uncertain Shared Spectrums with End-to-End Session Guarantee. 2020 IEEE 92nd Vehicular Technology Conference (VTC2020-Fall). :1–5.
As a promising solution of spectrum shortage, spectrum sharing has received tremendous interests recently. However, under different sharing policies of different licensees, the shared spectrum is heterogeneous both temporally and spatially, and is usually uncertain due to the unpredictable activities of incumbent users. In this paper, considering the spectrum uncertainty, we propose a spectrum sharing based delay-tolerant traffic off-loading (SDTO) scheme. To capture the available heterogeneous shared bands, we adopt a mesh cognitive radio network and employ the multi-hop transmission mode. To statistically guarantee the end-to-end (E2E) session request under the uncertain spectrum supply, we formulate the SDTO scheme into a stochastic optimization problem, which is transformed into a mixed integer nonlinear programming (MINLP) problem. Then, a coarse-fine search based iterative heuristic algorithm is proposed to solve the MINLP problem. Simulation results demonstrate that the proposed SDTO scheme can well schedule the network resource with an E2E session guarantee.
Zhengbo, Chen, Xiu, Liu, Yafei, Xing, Miao, Hu, Xiaoming, Ju.  2020.  Markov Encrypted Data Prefetching Model Based On Attribute Classification. 2020 5th International Conference on Computer and Communication Systems (ICCCS). :54—59.

In order to improve the buffering performance of the data encrypted by CP-ABE (ciphertext policy attribute based encryption), this paper proposed a Markov prefetching model based on attribute classification. The prefetching model combines the access strategy of CP-ABE encrypted file, establishes the user relationship network according to the attribute value of the user, classifies the user by the modularity-based community partitioning algorithm, and establishes a Markov prefetching model based on attribute classification. In comparison with the traditional Markov prefetching model and the classification-based Markov prefetching model, the attribute-based Markov prefetching model is proposed in this paper has higher prefetch accuracy and coverage.

Zhang, Z., Li, N., Xia, S., Tao, X..  2020.  Fast Cross Layer Authentication Scheme for Dynamic Wireless Network. 2020 IEEE Wireless Communications and Networking Conference (WCNC). :1—6.
Current physical layer authentication (PLA) mechanisms are mostly designed for static communications, and the accuracy degrades significantly when used in dynamic scenarios, where the network environments and wireless channels change frequently. To improve the authentication performance, it is necessary to update the hypothesis test models and parameters in time, which however brings high computational complexity and authentication delay. In this paper, we propose a lightweight cross-layer authentication scheme for dynamic communication scenarios. We use multiple characteristics based PLA to guarantee the reliability and accuracy of authentication, and propose an upper layer assisted method to ensure the performance stability. Specifically, upper layer authentication (ULA) helps to update the PLA models and parameters. By properly choosing the period of triggering ULA, a balance between complexity and performance can be easily obtained. Simulation results show that our scheme can achieve pretty good authentication performance with reduced complexity.
Xu, Meng, Kashyap, Sanidhya, Zhao, Hanqing, Kim, Taesoo.  2020.  Krace: Data Race Fuzzing for Kernel File Systems. 2020 IEEE Symposium on Security and Privacy (SP). :1643—1660.
Data races occur when two threads fail to use proper synchronization when accessing shared data. In kernel file systems, which are highly concurrent by design, data races are common mistakes and often wreak havoc on the users, causing inconsistent states or data losses. Prior fuzzing practices on file systems have been effective in uncovering hundreds of bugs, but they mostly focus on the sequential aspect of file system execution and do not comprehensively explore the concurrency dimension and hence, forgo the opportunity to catch data races.In this paper, we bring coverage-guided fuzzing to the concurrency dimension with three new constructs: 1) a new coverage tracking metric, alias coverage, specially designed to capture the exploration progress in the concurrency dimension; 2) an evolution algorithm for generating, mutating, and merging multi-threaded syscall sequences as inputs for concurrency fuzzing; and 3) a comprehensive lockset and happens-before modeling for kernel synchronization primitives for precise data race detection. These components are integrated into Krace, an end-to-end fuzzing framework that has discovered 23 data races in ext4, btrfs, and the VFS layer so far, and 9 are confirmed to be harmful.
Xia, Yusheng, Chen, Rongmao, Su, Jinshu, Pan, Chen, Su, Han.  2020.  Hybrid Routing: Towards Resilient Routing in Anonymous Communication Networks. ICC 2020 - 2020 IEEE International Conference on Communications (ICC). :1—7.

Anonymous communication networks (ACNs) are intended to protect the metadata during communication. As classic ACNs, onion mix-nets are famous for strong anonymity, in which the source defines a static path and wraps the message multi-times with the public keys of nodes on the path, through which the message is relayed to the destination. However, onion mix-nets lacks in resilience when the static on-path mixes fail. Mix failure easily results in message loss, communication failure, and even specific attacks. Therefore, it is desirable to achieve resilient routing in onion mix-nets, providing persistent routing capability even though node failure. The state-of-theart solutions mainly adopt mix groups and thus need to share secret keys among all the group members which may cause single point of failure. To address this problem, in this work we propose a hybrid routing approach, which embeds the onion mix-net with hop-by-hop routing to increase routing resilience. Furthermore, we propose the threshold hybrid routing to achieve better key management and avoid single point of failure. As for experimental evaluations, we conduct quantitative analysis of the resilience and realize a local T-hybrid routing prototype to test performance. The experimental results show that our proposed routing strategy increases routing resilience effectively, at the expense of acceptable latency.

Xie, J., Chen, Y., Wang, L., Wang, Z..  2020.  A Network Covert Timing Channel Detection Method Based on Chaos Theory and Threshold Secret Sharing. 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC). 1:2380—2384.

Network covert timing channel(NCTC) is a process of transmitting hidden information by means of inter-packet delay (IPD) of legitimate network traffic. Their ability to evade traditional security policies makes NCTCs a grave security concern. However, a robust method that can be used to detect a large number of NCTCs is missing. In this paper, a NCTC detection method based on chaos theory and threshold secret sharing is proposed. Our method uses chaos theory to reconstruct a high-dimensional phase space from one-dimensional time series and extract the unique and stable channel traits. Then, a channel identifier is constructed using the secret reconstruction strategy from threshold secret sharing to realize the mapping of the channel features to channel identifiers. Experimental results show that the approach can detect varieties of NCTCs with a guaranteed true positive rate and greatly improve the versatility and robustness.

Yu, Z., Fang, X., Zhou, Y., Xiao, L., Zhang, L..  2020.  Chaotic Constellation Scrambling Method for Security-Enhanced CO-OFDM/OQAM Systems. 2020 12th International Conference on Communication Software and Networks (ICCSN). :192–195.
With the deep research on coherent optical OFDM offset quadrature amplitude modulation OFDM/OQAM in these years, and the communication system exposed to potential threat from various capable attackers, which prompt people lay emphasis on encryption methods for transmission. Therefore, in this paper, we systematically discuss an encryption project with the main purpose of improving security in coherent optical OFDM/OQAM (CO-OFDM/OQAM) system, and the scheme applied the chaotic constellation scrambling (CCS) which founded on chaotic cross mapping to encrypt transmitted information. Besides, we also systematically discuss the basic principle of the encryption scheme for CO-OFDM/OQAM system. According to numerous studies and analysis on experiment data with caution, such as the performance of entropy, bit error rate (BER). It's conforms that the security of CO-OFDM/OQAM system have been enhanced.
Xu, S., Ouyang, Z., Feng, J..  2020.  An Improved Multi-objective Particle Swarm Optimization. 2020 5th International Conference on Computational Intelligence and Applications (ICCIA). :19–23.
For solving multi-objective optimization problems, this paper firstly combines a multi-objective evolutionary algorithm based on decomposition (MOEA/D) with good convergence and non-dominated sorting genetic algorithm II (NSGA-II) with good distribution to construct. Thus we propose a hybrid multi-objective optimization solving algorithm. Then, we consider that the population diversity needs to be improved while applying multi-objective particle swarm optimization (MOPSO) to solve the multi-objective optimization problems and an improved MOPSO algorithm is proposed. We give the distance function between the individual and the population, and the individual with the largest distance is selected as the global optimal individual to maintain population diversity. Finally, the simulation experiments are performed on the ZDT\textbackslashtextbackslashDTLZ test functions and track planning problems. The results indicate the better performance of the improved algorithms.
Materzynska, Joanna, Xiao, Tete, Herzig, Roei, Xu, Huijuan, Wang, Xiaolong, Darrell, Trevor.  2020.  Something-Else: Compositional Action Recognition With Spatial-Temporal Interaction Networks. 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). :1046–1056.
Human action is naturally compositional: humans can easily recognize and perform actions with objects that are different from those used in training demonstrations. In this paper, we study the compositionality of action by looking into the dynamics of subject-object interactions. We propose a novel model which can explicitly reason about the geometric relations between constituent objects and an agent performing an action. To train our model, we collect dense object box annotations on the Something-Something dataset. We propose a novel compositional action recognition task where the training combinations of verbs and nouns do not overlap with the test set. The novel aspects of our model are applicable to activities with prominent object interaction dynamics and to objects which can be tracked using state-of-the-art approaches; for activities without clearly defined spatial object-agent interactions, we rely on baseline scene-level spatio-temporal representations. We show the effectiveness of our approach not only on the proposed compositional action recognition task but also in a few-shot compositional setting which requires the model to generalize across both object appearance and action category.
Zhang, J., Ji, X., Xu, W., Chen, Y.-C., Tang, Y., Qu, G..  2020.  MagView: A Distributed Magnetic Covert Channel via Video Encoding and Decoding. IEEE INFOCOM 2020 - IEEE Conference on Computer Communications. :357—366.

Air-gapped networks achieve security by using the physical isolation to keep the computers and network from the Internet. However, magnetic covert channels based on CPU utilization have been proposed to help secret data to escape the Faraday-cage and the air-gap. Despite the success of such cover channels, they suffer from the high risk of being detected by the transmitter computer and the challenge of installing malware into such a computer. In this paper, we propose MagView, a distributed magnetic cover channel, where sensitive information is embedded in other data such as video and can be transmitted over the air-gapped internal network. When any computer uses the data such as playing the video, the sensitive information will leak through the magnetic covert channel. The "separation" of information embedding and leaking, combined with the fact that the covert channel can be created on any computer, overcomes these limitations. We demonstrate that CPU utilization for video decoding can be effectively controlled by changing the video frame type and reducing the quantization parameter without video quality degradation. We prototype MagView and achieve up to 8.9 bps throughput with BER as low as 0.0057. Experiments under different environment are conducted to show the robustness of MagView. Limitations and possible countermeasures are also discussed.

Xiao, Y., Zhang, N., Lou, W., Hou, Y. T..  2020.  Modeling the Impact of Network Connectivity on Consensus Security of Proof-of-Work Blockchain. IEEE INFOCOM 2020 - IEEE Conference on Computer Communications. :1648—1657.

Blockchain, the technology behind the popular Bitcoin, is considered a "security by design" system as it is meant to create security among a group of distrustful parties yet without a central trusted authority. The security of blockchain relies on the premise of honest-majority, namely, the blockchain system is assumed to be secure as long as the majority of consensus voting power is honest. And in the case of proof-of-work (PoW) blockchain, adversaries cannot control more than 50% of the network's gross computing power. However, this 50% threshold is based on the analysis of computing power only, with implicit and idealistic assumptions on the network and node behavior. Recent researches have alluded that factors such as network connectivity, presence of blockchain forks, and mining strategy could undermine the consensus security assured by the honest-majority, but neither concrete analysis nor quantitative evaluation is provided. In this paper we fill the gap by proposing an analytical model to assess the impact of network connectivity on the consensus security of PoW blockchain under different adversary models. We apply our analytical model to two adversarial scenarios: 1) honest-but-potentially-colluding, 2) selfish mining. For each scenario, we quantify the communication capability of nodes involved in a fork race and estimate the adversary's mining revenue and its impact on security properties of the consensus protocol. Simulation results validated our analysis. Our modeling and analysis provide a paradigm for assessing the security impact of various factors in a distributed consensus system.

Tang, R., Yang, Z., Li, Z., Meng, W., Wang, H., Li, Q., Sun, Y., Pei, D., Wei, T., Xu, Y. et al..  2020.  ZeroWall: Detecting Zero-Day Web Attacks through Encoder-Decoder Recurrent Neural Networks. IEEE INFOCOM 2020 - IEEE Conference on Computer Communications. :2479—2488.

Zero-day Web attacks are arguably the most serious threats to Web security, but are very challenging to detect because they are not seen or known previously and thus cannot be detected by widely-deployed signature-based Web Application Firewalls (WAFs). This paper proposes ZeroWall, an unsupervised approach, which works with an existing WAF in pipeline, to effectively detecting zero-day Web attacks. Using historical Web requests allowed by an existing signature-based WAF, a vast majority of which are assumed to be benign, ZeroWall trains a self-translation machine using an encoder-decoder recurrent neural network to capture the syntax and semantic patterns of benign requests. In real-time detection, a zero-day attack request (which the WAF fails to detect), not understood well by self-translation machine, cannot be translated back to its original request by the machine, thus is declared as an attack. In our evaluation using 8 real-world traces of 1.4 billion Web requests, ZeroWall successfully detects real zero-day attacks missed by existing WAFs and achieves high F1-scores over 0.98, which significantly outperforms all baseline approaches.

Xia, H., Gao, N., Peng, J., Mo, J., Wang, J..  2020.  Binarized Attributed Network Embedding via Neural Networks. 2020 International Joint Conference on Neural Networks (IJCNN). :1—8.
Traditional attributed network embedding methods are designed to map structural and attribute information of networks jointly into a continuous Euclidean space, while recently a novel branch of them named binarized attributed network embedding has emerged to learn binary codes in Hamming space, aiming to save time and memory costs and to naturally fit node retrieval task. However, current binarized attributed network embedding methods are scarce and mostly ignore the local attribute similarity between each pair of nodes. Besides, none of them attempt to control the independency of each dimension(bit) of the learned binary representation vectors. As existing methods still need improving, we propose an unsupervised Neural-based Binarized Attributed Network Embedding (NBANE) approach. Firstly, we inherit the Weisfeiler-Lehman proximity matrix from predecessors to aggregate high-order features for each node. Secondly, we feed the aggregated features into an autoencoder with the attribute similarity penalizing term and the orthogonality term to make further dimension reduction. To solve the problem of integer optimization we adopt the relaxation-quantization method during the process of training neural networks. Empirically, we evaluate the performance of NBANE through node classification and clustering tasks on three real-world datasets and study a case on fast retrieval in academic networks. Our method achieves better performance over state- of-the-art baselines methods of various types.
Dong, X., Kang, Q., Yao, Q., Lu, D., Xu, Y., Liu, J..  2020.  Towards Primary User Sybil-proofness for Online Spectrum Auction in Dynamic Spectrum Access. IEEE INFOCOM 2020 - IEEE Conference on Computer Communications. :1439–1448.
Dynamic spectrum access (DSA) is a promising platform to solve the spectrum shortage problem, in which auction based mechanisms have been extensively studied due to good spectrum allocation efficiency and fairness. Recently, Sybil attacks were introduced in DSA, and Sybil-proof spectrum auction mechanisms have been proposed, which guarantee that each single secondary user (SU) cannot obtain a higher utility under more than one fictitious identities. However, existing Sybil-poof spectrum auction mechanisms achieve only Sybil-proofness for SUs, but not for primary users (PUs), and simulations show that a cheating PU in those mechanisms can obtain a higher utility by Sybil attacks. In this paper, we propose TSUNAMI, the first Truthful and primary user Sybil-proof aUctioN mechAnisM for onlIne spectrum allocation. Specifically, we compute the opportunity cost of each SU and screen out cost-efficient SUs to participate in spectrum allocation. In addition, we present a bid-independent sorting method and a sequential matching approach to achieve primary user Sybil-proofness and 2-D truthfulness, which means that each SU or PU can gain her maximal utility by bidding with her true valuation of spectrum. We evaluate the performance and validate the desired properties of our proposed mechanism through extensive simulations.