Visible to the public Biblio

Filters: Author is Li, X.  [Clear All Filters]
2019-06-10
Xue, S., Zhang, L., Li, A., Li, X., Ruan, C., Huang, W..  2018.  AppDNA: App Behavior Profiling via Graph-Based Deep Learning. IEEE INFOCOM 2018 - IEEE Conference on Computer Communications. :1475-1483.

Better understanding of mobile applications' behaviors would lead to better malware detection/classification and better app recommendation for users. In this work, we design a framework AppDNA to automatically generate a compact representation for each app to comprehensively profile its behaviors. The behavior difference between two apps can be measured by the distance between their representations. As a result, the versatile representation can be generated once for each app, and then be used for a wide variety of objectives, including malware detection, app categorizing, plagiarism detection, etc. Based on a systematic and deep understanding of an app's behavior, we propose to perform a function-call-graph-based app profiling. We carefully design a graph-encoding method to convert a typically extremely large call-graph to a 64-dimension fix-size vector to achieve robust app profiling. Our extensive evaluations based on 86,332 benign and malicious apps demonstrate that our system performs app profiling (thus malware detection, classification, and app recommendation) to a high accuracy with extremely low computation cost: it classifies 4024 (benign/malware) apps using around 5.06 second with accuracy about 93.07%; it classifies 570 malware's family (total 21 families) using around 0.83 second with accuracy 82.3%; it classifies 9,730 apps' functionality with accuracy 33.3% for a total of 7 categories and accuracy of 88.1 % for 2 categories.

Hu, Y., Li, X., Liu, J., Ding, H., Gong, Y., Fang, Y..  2018.  Mitigating Traffic Analysis Attack in Smartphones with Edge Network Assistance. 2018 IEEE International Conference on Communications (ICC). :1–6.

With the growth of smartphone sales and app usage, fingerprinting and identification of smartphone apps have become a considerable threat to user security and privacy. Traffic analysis is one of the most common methods for identifying apps. Traditional countermeasures towards traffic analysis includes traffic morphing and multipath routing. The basic idea of multipath routing is to increase the difficulty for adversary to eavesdrop all traffic by splitting traffic into several subflows and transmitting them through different routes. Previous works in multipath routing mainly focus on Wireless Sensor Networks (WSNs) or Mobile Ad Hoc Networks (MANETs). In this paper, we propose a multipath routing scheme for smartphones with edge network assistance to mitigate traffic analysis attack. We consider an adversary with limited capability, that is, he can only intercept the traffic of one node following certain attack probability, and try to minimize the traffic an adversary can intercept. We formulate our design as a flow routing optimization problem. Then a heuristic algorithm is proposed to solve the problem. Finally, we present the simulation results for our scheme and justify that our scheme can effectively protect smartphones from traffic analysis attack.

2019-05-01
Li, X., Kodera, Y., Uetake, Y., Kusaka, T., Nogami, Y..  2018.  A Consideration of an Efficient Arithmetic Over the Extension Field of Degree 3 for Elliptic Curve Pairing Cryptography. 2018 IEEE International Conference on Consumer Electronics-Taiwan (ICCE-TW). :1–2.

This paper presents an efficient arithmetic in extension field based on Cyclic Vector Multiplication Algorithm that reduces calculation costs over cubic extension for elliptic curve pairing cryptography. In addition, we evaluate the calculation costs compared to Karatsuba-based method.

2019-04-05
Li, X., Cui, X., Shi, L., Liu, C., Wang, X..  2018.  Constructing Browser Fingerprint Tracking Chain Based on LSTM Model. 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC). :213-218.
Web attacks have increased rapidly in recent years. However, traditional methods are useless to track web attackers. Browser fingerprint, as a stateless tracking technique, can be used to solve this problem. Given browser fingerprint changes easily and frequently, it is easy to lose track. Therefore, we need to improve the stability of browser fingerprint by linking the new one to the previous chain. In this paper, we propose LSTM model to learn the potential relationship of browser fingerprint evolution. In addition, we adjust the input feature vector to time series and construct training set to train the model. The results show that our model can construct the tracking chain perfectly well with average ownership up to 99.3%.
2019-04-01
Liu, F., Li, Z., Li, X., Lv, T..  2018.  A Text-Based CAPTCHA Cracking System with Generative Adversarial Networks. 2018 IEEE International Symposium on Multimedia (ISM). :192–193.
As a multimedia security mechanism, CAPTCHAs are completely automated public turing test to tell computers and humans apart. Although cracking CAPTCHA has been explored for many years, it is still a challenging problem for real practice. In this demo, we present a text based CAPTCHA cracking system by using convolutional neural networks(CNN). To solve small sample problem, we propose to combine conditional deep convolutional generative adversarial networks(cDCGAN) and CNN, which makes a tremendous progress in accuracy. In addition, we also select multiple models with low pearson correlation coefficients for majority voting ensemble, which further improves the accuracy. The experimental results show that the system has great advantages and provides a new mean for cracking CAPTCHAs.
2019-03-22
Liu, Y., Li, X., Xiao, L..  2018.  Service Oriented Resilience Strategy for Cloud Data Center. 2018 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C). :269-274.

As an information hinge of various trades and professions in the era of big data, cloud data center bears the responsibility to provide uninterrupted service. To cope with the impact of failure and interruption during the operation on the Quality of Service (QoS), it is important to guarantee the resilience of cloud data center. Thus, different resilience actions are conducted in its life circle, that is, resilience strategy. In order to measure the effect of resilience strategy on the system resilience, this paper propose a new approach to model and evaluate the resilience strategy for cloud data center focusing on its core part of service providing-IT architecture. A comprehensive resilience metric based on resilience loss is put forward considering the characteristic of cloud data center. Furthermore, mapping model between system resilience and resilience strategy is built up. Then, based on a hierarchical colored generalized stochastic petri net (HCGSPN) model depicting the procedure of the system processing the service requests, simulation is conducted to evaluate the resilience strategy through the metric calculation. With a case study of a company's cloud data center, the applicability and correctness of the approach is demonstrated.

2019-03-15
Ye, J., Yang, Y., Gong, Y., Hu, Y., Li, X..  2018.  Grey Zone in Pre-Silicon Hardware Trojan Detection. 2018 IEEE International Test Conference in Asia (ITC-Asia). :79-84.

Pre-Silicon hardware Trojan detection has been studied for years. The most popular benchmark circuits are from the Trust-Hub. Their common feature is that the probability of activating hardware Trojans is very low. This leads to a series of machine learning based hardware Trojan detection methods which try to find the nets with low signal probability of 0 or 1. On the other hand, it is considered that, if the probability of activating hardware Trojans is high, these hardware Trojans can be easily found through behaviour simulations or during functional test. This paper explores the "grey zone" between these two opposite scenarios: if the activation probability of a hardware Trojan is not low enough for machine learning to detect it and is not high enough for behaviour simulation or functional test to find it, it can escape from detection. Experiments show the existence of such hardware Trojans, and this paper suggests a new set of hardware Trojan benchmark circuits for future study.

2018-07-06
Sun, R., Yuan, X., Lee, A., Bishop, M., Porter, D. E., Li, X., Gregio, A., Oliveira, D..  2017.  The dose makes the poison \#x2014; Leveraging uncertainty for effective malware detection. 2017 IEEE Conference on Dependable and Secure Computing. :123–130.

Malware has become sophisticated and organizations don't have a Plan B when standard lines of defense fail. These failures have devastating consequences for organizations, such as sensitive information being exfiltrated. A promising avenue for improving the effectiveness of behavioral-based malware detectors is to combine fast (usually not highly accurate) traditional machine learning (ML) detectors with high-accuracy, but time-consuming, deep learning (DL) models. The main idea is to place software receiving borderline classifications by traditional ML methods in an environment where uncertainty is added, while software is analyzed by time-consuming DL models. The goal of uncertainty is to rate-limit actions of potential malware during deep analysis. In this paper, we describe Chameleon, a Linux-based framework that implements this uncertain environment. Chameleon offers two environments for its OS processes: standard - for software identified as benign by traditional ML detectors - and uncertain - for software that received borderline classifications analyzed by ML methods. The uncertain environment will bring obstacles to software execution through random perturbations applied probabilistically on selected system calls. We evaluated Chameleon with 113 applications from common benchmarks and 100 malware samples for Linux. Our results show that at threshold 10%, intrusive and non-intrusive strategies caused approximately 65% of malware to fail accomplishing their tasks, while approximately 30% of the analyzed benign software to meet with various levels of disruption (crashed or hampered). We also found that I/O-bound software was three times more affected by uncertainty than CPU-bound software.

2018-06-07
Li, W., Liu, K., Wang, S., Lei, J., Li, E., Li, X..  2017.  Full-duplex relay for enhancing physical layer security in Wireless Sensor Networks: Optimal power allocation for minimizing secrecy outage probability. 2017 IEEE 17th International Conference on Communication Technology (ICCT). :906–910.
In this paper, we address the physical layer security problem for Wireless Sensor Networks in the presence of passive eavesdroppers, i.e., the eavesdroppers' channels are unknown to the transmitter. We use a multi-antenna relay to guarantee physical layer security. Different from the existing work, we consider that the relay works in full duplex mode and transmits artificial noise (AN) in both stages of the decode-and-forward (DF) cooperative strategy. We proposed two optimal power allocation strategies for power constrained and power unconstrained systems respectively. For power constrained system, our aim is to minimize the secrecy rate outage probability. And for power unconstrained systems, we obtain the optimal power allocation to minimize the total power under the quality of service and secrecy constraints. We also consider the secrecy outage probability for different positions of eavesdropper. Simulation results are presented to show the performance of the proposed strategies.
2018-03-19
Chen, Z., Tondi, B., Li, X., Ni, R., Zhao, Y., Barni, M..  2017.  A Gradient-Based Pixel-Domain Attack against SVM Detection of Global Image Manipulations. 2017 IEEE Workshop on Information Forensics and Security (WIFS). :1–6.

We present a gradient-based attack against SVM-based forensic techniques relying on high-dimensional SPAM features. As opposed to prior work, the attack works directly in the pixel domain even if the relationship between pixel values and SPAM features can not be inverted. The proposed method relies on the estimation of the gradient of the SVM output with respect to pixel values, however it departs from gradient descent methodology due to the necessity of preserving the integer nature of pixels and to reduce the effect of the attack on image quality. A fast algorithm to estimate the gradient is also introduced to reduce the complexity of the attack. We tested the proposed attack against SVM detection of histogram stretching, adaptive histogram equalization and median filtering. In all cases the attack succeeded in inducing a decision error with a very limited distortion, the PSNR between the original and the attacked images ranging from 50 to 70 dBs. The attack is also effective in the case of attacks with Limited Knowledge (LK) when the SVM used by the attacker is trained on a different dataset with respect to that used by the analyst.

2018-02-28
Ma, G., Li, X., Pei, Q., Li, Z..  2017.  A Security Routing Protocol for Internet of Things Based on RPL. 2017 International Conference on Networking and Network Applications (NaNA). :209–213.

RPL is a lightweight IPv6 network routing protocol specifically designed by IETF, which can make full use of the energy of intelligent devices and compute the resource to build the flexible topological structure. This paper analyzes the security problems of RPL, sets up a test network to test RPL network security, proposes a RPL based security routing protocol M-RPL. The routing protocol establishes a hierarchical clustering network topology, the intelligent device of the network establishes the backup path in different clusters during the route discovery phase, enable backup paths to ensure data routing when a network is compromised. Setting up a test prototype network, simulating some attacks against the routing protocols in the network. The test results show that the M-RPL network can effectively resist the routing attacks. M-RPL provides a solution to ensure the Internet of Things (IoT) security.

2018-02-27
Guan, L., Zhang, J., Zhong, L., Li, X., Xu, Y..  2017.  Enhancing Security and Resilience of Bulk Power Systems via Multisource Big Data Learning. 2017 IEEE Power Energy Society General Meeting. :1–5.

In this paper, an advanced security and stability defense framework that utilizes multisource power system data to enhance the power system security and resilience is proposed. The framework consists of early warning, preventive control, on-line state awareness and emergency control, requires in-depth collaboration between power engineering and data science. To realize this framework in practice, a cross-disciplinary research topic — the big data analytics for power system security and resilience enhancement, which consists of data converting, data cleaning and integration, automatic labelling and learning model establishing, power system parameter identification and feature extraction using developed big data learning techniques, and security analysis and control based on the extracted knowledge — is deeply investigated. Domain considerations of power systems and specific data science technologies are studied. The future technique roadmap for emerging problems is proposed.

2018-02-06
Li, X., Smith, J. D., Thai, M. T..  2017.  Adaptive Reconnaissance Attacks with Near-Optimal Parallel Batching. 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS). :699–709.

In assessing privacy on online social networks, it is important to investigate their vulnerability to reconnaissance strategies, in which attackers lure targets into being their friends by exploiting the social graph in order to extract victims' sensitive information. As the network topology is only partially revealed after each successful friend request, attackers need to employ an adaptive strategy. Existing work only considered a simple strategy in which attackers sequentially acquire one friend at a time, which causes tremendous delay in waiting for responses before sending the next request, and which lack the ability to retry failed requests after the network has changed. In contrast, we investigate an adaptive and parallel strategy, of which attackers can simultaneously send multiple friend requests in batch and recover from failed requests by retrying after topology changes, thereby significantly reducing the time to reach the targets and greatly improving robustness. We cast this approach as an optimization problem, Max-Crawling, and show it inapproximable within (1 - 1/e + $ε$). We first design our core algorithm PM-AReST which has an approximation ratio of (1 - e-(1-1/e)) using adaptive monotonic submodular properties. We next tighten our algorithm to provide a nearoptimal solution, i.e. having a ratio of (1 - 1/e), via a two-stage stochastic programming approach. We further establish the gap bound of (1 - e-(1-1/e)2) between batch strategies versus the optimal sequential one. We experimentally validate our theoretical results, finding that our algorithm performs nearoptimally in practice and that this is robust under a variety of problem settings.

2018-01-16
Ding, Y., Li, X..  2017.  Policy Based on Homomorphic Encryption and Retrieval Scheme in Cloud Computing. 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC). 1:568–571.

Homomorphic encryption technology can settle a dispute of data privacy security in cloud environment, but there are many problems in the process of access the data which is encrypted by a homomorphic algorithm in the cloud. In this paper, on the premise of attribute encryption, we propose a fully homomorphic encrypt scheme which based on attribute encryption with LSSS matrix. This scheme supports fine-grained cum flexible access control along with "Query-Response" mechanism to enable users to efficiently retrieve desired data from cloud servers. In addition, the scheme should support considerable flexibility to revoke system privileges from users without updating the key client, it reduces the pressure of the client greatly. Finally, security analysis illustrates that the scheme can resist collusion attack. A comparison of the performance from existing CP-ABE scheme, indicates that our scheme reduces the computation cost greatly for users.

2017-12-12
Chow, J., Li, X., Mountrouidou, X..  2017.  Raising flags: Detecting covert storage channels using relative entropy. 2017 IEEE International Conference on Intelligence and Security Informatics (ISI). :25–30.

This paper focuses on one type of Covert Storage Channel (CSC) that uses the 6-bit TCP flag header in TCP/IP network packets to transmit secret messages between accomplices. We use relative entropy to characterize the irregularity of network flows in comparison to normal traffic. A normal profile is created by the frequency distribution of TCP flags in regular traffic packets. In detection, the TCP flag frequency distribution of network traffic is computed for each unique IP pair. In order to evaluate the accuracy and efficiency of the proposed method, this study uses real regular traffic data sets as well as CSC messages using coding schemes under assumptions of both clear text, composed by a list of keywords common in Unix systems, and encrypted text. Moreover, smart accomplices may use only those TCP flags that are ever appearing in normal traffic. Then, in detection, the relative entropy can reveal the dissimilarity of a different frequency distribution from this normal profile. We have also used different data processing methods in detection: one method summarizes all the packets for a pair of IP addresses into one flow and the other uses a sliding moving window over such a flow to generate multiple frames of packets. The experimentation results, displayed by Receiver Operating Characteristic (ROC) curves, have shown that the method is promising to differentiate normal and CSC traffic packet streams. Furthermore the delay of raising an alert is analyzed for CSC messages to show its efficiency.

2017-03-08
Li, X..  2015.  A Quantity-Flexibility Contract in Two-Stage Decision with Supply Chain Coordination. 2015 11th International Conference on Computational Intelligence and Security (CIS). :109–112.

We study a quantity-flexibility supply contract between a manufacturer and a retailer in two periods. The retailer can get a low wholesale price within a fixed quantity and adjust the quantity at the end of the first period. The retailer can adjust the order quantities after the first period based on updated inventory status by paying a higher per-unit price for the incremental units or obtaining a buyback price per-unit for the returning units. By developing a two-period dynamic programming model in this paper, we first obtain an optimal replenishment strategy for the retailer when the manufacturer's price scheme is known. Then we derive an proper pricing scheme for the manufacturer by assuming that the supply chain is coordinated. The numerical results show some managerial insights by comparing this coordination scheme with Stackelberg game.

2017-02-27
Li, X., He, Z., Zhang, S..  2015.  Robust optimization of risk for power system based on information gap decision theory. 2015 5th International Conference on Electric Utility Deregulation and Restructuring and Power Technologies (DRPT). :200–204.

Risk-control optimization has great significance for security of power system. Usually the probabilistic uncertainties of parameters are considered in the research of risk optimization of power system. However, the method of probabilistic uncertainty description will be insufficient in the case of lack of sample data. Thus non-probabilistic uncertainties of parameters should be considered, and will impose a significant influence on the results of optimization. To solve this problem, a robust optimization operation method of power system risk-control is presented in this paper, considering the non-probabilistic uncertainty of parameters based on information gap decision theory (IGDT). In the method, loads are modeled as the non-probabilistic uncertainty parameters, and the model of robust optimization operation of risk-control is presented. By solving the model, the maximum fluctuation of the pre-specified target can be obtained, and the strategy of this situation can be obtained at the same time. The proposed model is applied to the IEEE-30 system of risk-control by simulation. The results can provide the valuable information for operating department to risk management.