Visible to the public Biblio

Filters: Author is Li, X.  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 
A
Li, X., Smith, J. D., Thai, M. T..  2017.  Adaptive Reconnaissance Attacks with Near-Optimal Parallel Batching. 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS). :699–709.

In assessing privacy on online social networks, it is important to investigate their vulnerability to reconnaissance strategies, in which attackers lure targets into being their friends by exploiting the social graph in order to extract victims' sensitive information. As the network topology is only partially revealed after each successful friend request, attackers need to employ an adaptive strategy. Existing work only considered a simple strategy in which attackers sequentially acquire one friend at a time, which causes tremendous delay in waiting for responses before sending the next request, and which lack the ability to retry failed requests after the network has changed. In contrast, we investigate an adaptive and parallel strategy, of which attackers can simultaneously send multiple friend requests in batch and recover from failed requests by retrying after topology changes, thereby significantly reducing the time to reach the targets and greatly improving robustness. We cast this approach as an optimization problem, Max-Crawling, and show it inapproximable within (1 - 1/e + $ε$). We first design our core algorithm PM-AReST which has an approximation ratio of (1 - e-(1-1/e)) using adaptive monotonic submodular properties. We next tighten our algorithm to provide a nearoptimal solution, i.e. having a ratio of (1 - 1/e), via a two-stage stochastic programming approach. We further establish the gap bound of (1 - e-(1-1/e)2) between batch strategies versus the optimal sequential one. We experimentally validate our theoretical results, finding that our algorithm performs nearoptimally in practice and that this is robust under a variety of problem settings.

Xue, S., Zhang, L., Li, A., Li, X., Ruan, C., Huang, W..  2018.  AppDNA: App Behavior Profiling via Graph-Based Deep Learning. IEEE INFOCOM 2018 - IEEE Conference on Computer Communications. :1475-1483.

Better understanding of mobile applications' behaviors would lead to better malware detection/classification and better app recommendation for users. In this work, we design a framework AppDNA to automatically generate a compact representation for each app to comprehensively profile its behaviors. The behavior difference between two apps can be measured by the distance between their representations. As a result, the versatile representation can be generated once for each app, and then be used for a wide variety of objectives, including malware detection, app categorizing, plagiarism detection, etc. Based on a systematic and deep understanding of an app's behavior, we propose to perform a function-call-graph-based app profiling. We carefully design a graph-encoding method to convert a typically extremely large call-graph to a 64-dimension fix-size vector to achieve robust app profiling. Our extensive evaluations based on 86,332 benign and malicious apps demonstrate that our system performs app profiling (thus malware detection, classification, and app recommendation) to a high accuracy with extremely low computation cost: it classifies 4024 (benign/malware) apps using around 5.06 second with accuracy about 93.07%; it classifies 570 malware's family (total 21 families) using around 0.83 second with accuracy 82.3%; it classifies 9,730 apps' functionality with accuracy 33.3% for a total of 7 categories and accuracy of 88.1 % for 2 categories.

C
Li, X., Kodera, Y., Uetake, Y., Kusaka, T., Nogami, Y..  2018.  A Consideration of an Efficient Arithmetic Over the Extension Field of Degree 3 for Elliptic Curve Pairing Cryptography. 2018 IEEE International Conference on Consumer Electronics-Taiwan (ICCE-TW). :1–2.

This paper presents an efficient arithmetic in extension field based on Cyclic Vector Multiplication Algorithm that reduces calculation costs over cubic extension for elliptic curve pairing cryptography. In addition, we evaluate the calculation costs compared to Karatsuba-based method.

Li, X., Cui, X., Shi, L., Liu, C., Wang, X..  2018.  Constructing Browser Fingerprint Tracking Chain Based on LSTM Model. 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC). :213-218.
Web attacks have increased rapidly in recent years. However, traditional methods are useless to track web attackers. Browser fingerprint, as a stateless tracking technique, can be used to solve this problem. Given browser fingerprint changes easily and frequently, it is easy to lose track. Therefore, we need to improve the stability of browser fingerprint by linking the new one to the previous chain. In this paper, we propose LSTM model to learn the potential relationship of browser fingerprint evolution. In addition, we adjust the input feature vector to time series and construct training set to train the model. The results show that our model can construct the tracking chain perfectly well with average ownership up to 99.3%.
D
Mao, J., Li, X., Lin, Q., Guan, Z..  2020.  Deeply understanding graph-based Sybil detection techniques via empirical analysis on graph processing. China Communications. 17:82–96.
Sybil attacks are one of the most prominent security problems of trust mechanisms in a distributed network with a large number of highly dynamic and heterogeneous devices, which expose serious threat to edge computing based distributed systems. Graphbased Sybil detection approaches extract social structures from target distributed systems, refine the graph via preprocessing methods and capture Sybil nodes based on the specific properties of the refined graph structure. Graph preprocessing is a critical component in such Sybil detection methods, and intuitively, the processing methods will affect the detection performance. Thoroughly understanding the dependency on the graph-processing methods is very important to develop and deploy Sybil detection approaches. In this paper, we design experiments and conduct systematic analysis on graph-based Sybil detection with respect to different graph preprocessing methods on selected network environments. The experiment results disclose the sensitivity caused by different graph transformations on accuracy and robustness of Sybil detection methods.
Shang, F., Li, X., Zhai, D., Lu, Y., Zhang, D., Qian, Y..  2020.  On the Distributed Jamming System of Covert Timing Channels in 5G Networks. 2020 IEEE International Conference on Artificial Intelligence and Computer Applications (ICAICA). :1107—1111.
To build the fifth generation (5G) mobile network, the sharing structure in the 5G network adopted in industries has gained great research interesting. However, in this structure data are shared among diversity networks, which introduces the threaten of network security, such as covert timing channels. To eliminate the covert timing channel, we propose to inject noise into the covert timing channel. By analyzing the modulation method of covert timing channels, we design the jamming strategy on the covert channel. According to the strategy, the interference algorithm of the covert timing channel is designed. Since the interference algorithm depends heavily on the memory, we construct a distributing jammer. Experiments results show that these covert time channel can be blocked under the distributing jammer.
Sun, R., Yuan, X., Lee, A., Bishop, M., Porter, D. E., Li, X., Gregio, A., Oliveira, D..  2017.  The dose makes the poison \#x2014; Leveraging uncertainty for effective malware detection. 2017 IEEE Conference on Dependable and Secure Computing. :123–130.

Malware has become sophisticated and organizations don't have a Plan B when standard lines of defense fail. These failures have devastating consequences for organizations, such as sensitive information being exfiltrated. A promising avenue for improving the effectiveness of behavioral-based malware detectors is to combine fast (usually not highly accurate) traditional machine learning (ML) detectors with high-accuracy, but time-consuming, deep learning (DL) models. The main idea is to place software receiving borderline classifications by traditional ML methods in an environment where uncertainty is added, while software is analyzed by time-consuming DL models. The goal of uncertainty is to rate-limit actions of potential malware during deep analysis. In this paper, we describe Chameleon, a Linux-based framework that implements this uncertain environment. Chameleon offers two environments for its OS processes: standard - for software identified as benign by traditional ML detectors - and uncertain - for software that received borderline classifications analyzed by ML methods. The uncertain environment will bring obstacles to software execution through random perturbations applied probabilistically on selected system calls. We evaluated Chameleon with 113 applications from common benchmarks and 100 malware samples for Linux. Our results show that at threshold 10%, intrusive and non-intrusive strategies caused approximately 65% of malware to fail accomplishing their tasks, while approximately 30% of the analyzed benign software to meet with various levels of disruption (crashed or hampered). We also found that I/O-bound software was three times more affected by uncertainty than CPU-bound software.

E
Guan, L., Zhang, J., Zhong, L., Li, X., Xu, Y..  2017.  Enhancing Security and Resilience of Bulk Power Systems via Multisource Big Data Learning. 2017 IEEE Power Energy Society General Meeting. :1–5.

In this paper, an advanced security and stability defense framework that utilizes multisource power system data to enhance the power system security and resilience is proposed. The framework consists of early warning, preventive control, on-line state awareness and emergency control, requires in-depth collaboration between power engineering and data science. To realize this framework in practice, a cross-disciplinary research topic — the big data analytics for power system security and resilience enhancement, which consists of data converting, data cleaning and integration, automatic labelling and learning model establishing, power system parameter identification and feature extraction using developed big data learning techniques, and security analysis and control based on the extracted knowledge — is deeply investigated. Domain considerations of power systems and specific data science technologies are studied. The future technique roadmap for emerging problems is proposed.

F
Zhang, T., Wang, R., Ding, J., Li, X., Li, B..  2018.  Face Recognition Based on Densely Connected Convolutional Networks. 2018 IEEE Fourth International Conference on Multimedia Big Data (BigMM). :1–6.
The face recognition methods based on convolutional neural network have achieved great success. The existing model usually used the residual network as the core architecture. The residual network is good at reusing features, but it is difficult to explore new features. And the densely connected network can be used to explore new features. We proposed a face recognition model named Dense Face to explore the performance of densely connected network in face recognition. The model is based on densely connected convolutional neural network and composed of Dense Block layers, transition layers and classification layer. The model was trained with the joint supervision of center loss and softmax loss through feature normalization and enabled the convolutional neural network to learn more discriminative features. The Dense Face model was trained using the public available CASIA-WebFace dataset and was tested on the LFW and the CAS-PEAL-Rl datasets. Experimental results showed that the densely connected convolutional neural network has achieved higher face verification accuracy and has better robustness than other model such as VGG Face and ResNet model.
Guo, H., Wang, Z., Wang, B., Li, X., Shila, D. M..  2020.  Fooling A Deep-Learning Based Gait Behavioral Biometric System. 2020 IEEE Security and Privacy Workshops (SPW). :221—227.

We leverage deep learning algorithms on various user behavioral information gathered from end-user devices to classify a subject of interest. In spite of the ability of these techniques to counter spoofing threats, they are vulnerable to adversarial learning attacks, where an attacker adds adversarial noise to the input samples to fool the classifier into false acceptance. Recently, a handful of mature techniques like Fast Gradient Sign Method (FGSM) have been proposed to aid white-box attacks, where an attacker has a complete knowledge of the machine learning model. On the contrary, we exploit a black-box attack to a behavioral biometric system based on gait patterns, by using FGSM and training a shadow model that mimics the target system. The attacker has limited knowledge on the target model and no knowledge of the real user being authenticated, but induces a false acceptance in authentication. Our goal is to understand the feasibility of a black-box attack and to what extent FGSM on shadow models would contribute to its success. Our results manifest that the performance of FGSM highly depends on the quality of the shadow model, which is in turn impacted by key factors including the number of queries allowed by the target system in order to train the shadow model. Our experimentation results have revealed strong relationships between the shadow model and FGSM performance, as well as the effect of the number of FGSM iterations used to create an attack instance. These insights also shed light on deep-learning algorithms' model shareability that can be exploited to launch a successful attack.

Li, W., Liu, K., Wang, S., Lei, J., Li, E., Li, X..  2017.  Full-duplex relay for enhancing physical layer security in Wireless Sensor Networks: Optimal power allocation for minimizing secrecy outage probability. 2017 IEEE 17th International Conference on Communication Technology (ICCT). :906–910.
In this paper, we address the physical layer security problem for Wireless Sensor Networks in the presence of passive eavesdroppers, i.e., the eavesdroppers' channels are unknown to the transmitter. We use a multi-antenna relay to guarantee physical layer security. Different from the existing work, we consider that the relay works in full duplex mode and transmits artificial noise (AN) in both stages of the decode-and-forward (DF) cooperative strategy. We proposed two optimal power allocation strategies for power constrained and power unconstrained systems respectively. For power constrained system, our aim is to minimize the secrecy rate outage probability. And for power unconstrained systems, we obtain the optimal power allocation to minimize the total power under the quality of service and secrecy constraints. We also consider the secrecy outage probability for different positions of eavesdropper. Simulation results are presented to show the performance of the proposed strategies.
G
Chen, Z., Tondi, B., Li, X., Ni, R., Zhao, Y., Barni, M..  2017.  A Gradient-Based Pixel-Domain Attack against SVM Detection of Global Image Manipulations. 2017 IEEE Workshop on Information Forensics and Security (WIFS). :1–6.

We present a gradient-based attack against SVM-based forensic techniques relying on high-dimensional SPAM features. As opposed to prior work, the attack works directly in the pixel domain even if the relationship between pixel values and SPAM features can not be inverted. The proposed method relies on the estimation of the gradient of the SVM output with respect to pixel values, however it departs from gradient descent methodology due to the necessity of preserving the integer nature of pixels and to reduce the effect of the attack on image quality. A fast algorithm to estimate the gradient is also introduced to reduce the complexity of the attack. We tested the proposed attack against SVM detection of histogram stretching, adaptive histogram equalization and median filtering. In all cases the attack succeeded in inducing a decision error with a very limited distortion, the PSNR between the original and the attacked images ranging from 50 to 70 dBs. The attack is also effective in the case of attacks with Limited Knowledge (LK) when the SVM used by the attacker is trained on a different dataset with respect to that used by the analyst.

Gao, Y., Li, X., Li, J., Gao, Y., Guo, N..  2018.  Graph Mining-based Trust Evaluation Mechanism with Multidimensional Features for Large-scale Heterogeneous Threat Intelligence. 2018 IEEE International Conference on Big Data (Big Data). :1272–1277.
More and more organizations and individuals start to pay attention to real-time threat intelligence to protect themselves from the complicated, organized, persistent and weaponized cyber attacks. However, most users worry about the trustworthiness of threat intelligence provided by TISPs (Threat Intelligence Sharing Platforms). The trust evaluation mechanism has become a hot topic in applications of TISPs. However, most current TISPs do not present any practical solution for trust evaluation of threat intelligence itself. In this paper, we propose a graph mining-based trust evaluation mechanism with multidimensional features for large-scale heterogeneous threat intelligence. This mechanism provides a feasible scheme and achieves the task of trust evaluation for TISP, through the integration of a trust-aware intelligence architecture model, a graph mining-based intelligence feature extraction method, and an automatic and interpretable trust evaluation algorithm. We implement this trust evaluation mechanism in a practical TISP (called GTTI), and evaluate the performance of our system on a real-world dataset from three popular cyber threat intelligence sharing platforms. Experimental results show that our mechanism can achieve 92.83% precision and 93.84% recall in trust evaluation. To the best of our knowledge, this work is the first to evaluate the trust level of heterogeneous threat intelligence automatically from the perspective of graph mining with multidimensional features including source, content, time, and feedback. Our work is beneficial to provide assistance on intelligence quality for the decision-making of human analysts, build a trust-aware threat intelligence sharing platform, and enhance the availability of heterogeneous threat intelligence to protect organizations against cyberspace attacks effectively.
Ye, J., Yang, Y., Gong, Y., Hu, Y., Li, X..  2018.  Grey Zone in Pre-Silicon Hardware Trojan Detection. 2018 IEEE International Test Conference in Asia (ITC-Asia). :79-84.

Pre-Silicon hardware Trojan detection has been studied for years. The most popular benchmark circuits are from the Trust-Hub. Their common feature is that the probability of activating hardware Trojans is very low. This leads to a series of machine learning based hardware Trojan detection methods which try to find the nets with low signal probability of 0 or 1. On the other hand, it is considered that, if the probability of activating hardware Trojans is high, these hardware Trojans can be easily found through behaviour simulations or during functional test. This paper explores the "grey zone" between these two opposite scenarios: if the activation probability of a hardware Trojan is not low enough for machine learning to detect it and is not high enough for behaviour simulation or functional test to find it, it can escape from detection. Experiments show the existence of such hardware Trojans, and this paper suggests a new set of hardware Trojan benchmark circuits for future study.

H
Song, W., Li, X., Lou, L., Hua, Y., Zhang, Q., Huang, G., Hou, F., Zhang, X..  2018.  High-Temperature Magnetic Properties of Anisotropic SmCo7/Fe(Co) Bulk Nanocomposite Magnets. IEEE Transactions on Magnetics. 54:1–5.
High-temperature magnetic properties of the anisotropic bulk SmCo7/Fe(Co) nanocomposite magnets prepared by multistep deformation have been investigated and compared with the corresponding isotropic nanocomposites. The anisotropic SmCo7/Fe(Co) nanocomposites with a Fe(Co) fraction of 28% exhibit much higher energy products than the corresponding isotropic nanocomposites at both room and high temperatures. These magnets show a small remanence (α = -0.022%/K) and a coercivity (β = -0.25%/K) temperature coefficient which can be comparable to those of the conventional SmCo5 and Sm2Co17 high-temperature magnets. The magnetic properties of these nanocomposites at high temperatures are sensitive to the weight fractions of the Fe(Co) phase. This paper demonstrates that the anisotropic bulk SmCo7/Fe(Co) nanocomposites have better high-temperature magnetic properties than the corresponding isotropic ones.
M
Wu, Y., Li, X., Zou, D., Yang, W., Zhang, X., Jin, H..  2019.  MalScan: Fast Market-Wide Mobile Malware Scanning by Social-Network Centrality Analysis. 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). :139—150.

Malware scanning of an app market is expected to be scalable and effective. However, existing approaches use either syntax-based features which can be evaded by transformation attacks or semantic-based features which are usually extracted by performing expensive program analysis. Therefor, in this paper, we propose a lightweight graph-based approach to perform Android malware detection. Instead of traditional heavyweight static analysis, we treat function call graphs of apps as social networks and perform social-network-based centrality analysis to represent the semantic features of the graphs. Our key insight is that centrality provides a succinct and fault-tolerant representation of graph semantics, especially for graphs with certain amount of inaccurate information (e.g., inaccurate call graphs). We implement a prototype system, MalScan, and evaluate it on datasets of 15,285 benign samples and 15,430 malicious samples. Experimental results show that MalScan is capable of detecting Android malware with up to 98% accuracy under one second which is more than 100 times faster than two state-of-the-art approaches, namely MaMaDroid and Drebin. We also demonstrate the feasibility of MalScan on market-wide malware scanning by performing a statistical study on over 3 million apps. Finally, in a corpus of dataset collected from Google-Play app market, MalScan is able to identify 18 zero-day malware including malware samples that can evade detection of existing tools.

Hu, Y., Li, X., Liu, J., Ding, H., Gong, Y., Fang, Y..  2018.  Mitigating Traffic Analysis Attack in Smartphones with Edge Network Assistance. 2018 IEEE International Conference on Communications (ICC). :1–6.

With the growth of smartphone sales and app usage, fingerprinting and identification of smartphone apps have become a considerable threat to user security and privacy. Traffic analysis is one of the most common methods for identifying apps. Traditional countermeasures towards traffic analysis includes traffic morphing and multipath routing. The basic idea of multipath routing is to increase the difficulty for adversary to eavesdrop all traffic by splitting traffic into several subflows and transmitting them through different routes. Previous works in multipath routing mainly focus on Wireless Sensor Networks (WSNs) or Mobile Ad Hoc Networks (MANETs). In this paper, we propose a multipath routing scheme for smartphones with edge network assistance to mitigate traffic analysis attack. We consider an adversary with limited capability, that is, he can only intercept the traffic of one node following certain attack probability, and try to minimize the traffic an adversary can intercept. We formulate our design as a flow routing optimization problem. Then a heuristic algorithm is proposed to solve the problem. Finally, we present the simulation results for our scheme and justify that our scheme can effectively protect smartphones from traffic analysis attack.

P
Makarfi, A. U., Rabie, K. M., Kaiwartya, O., Li, X., Kharel, R..  2020.  Physical Layer Security in Vehicular Networks with Reconfigurable Intelligent Surfaces. 2020 IEEE 91st Vehicular Technology Conference (VTC2020-Spring). :1—6.

This paper studies the physical layer security (PLS) of a vehicular network employing a reconfigurable intelligent surface (RIS). RIS technologies are emerging as an important paradigm for the realisation of smart radio environments, where large numbers of small, low-cost and passive elements, reflect the incident signal with an adjustable phase shift without requiring a dedicated energy source. Inspired by the promising potential of RIS-based transmission, we investigate two vehicular network system models: One with vehicle-to-vehicle communication with the source employing a RIS-based access point, and the other model in the form of a vehicular adhoc network (VANET), with a RIS-based relay deployed on a building. Both models assume the presence of an eavesdropper to investigate the average secrecy capacity of the considered systems. Monte-Carlo simulations are provided throughout to validate the results. The results show that performance of the system in terms of the secrecy capacity is affected by the location of the RIS-relay and the number of RIS cells. The effect of other system parameters such as source power and eavesdropper distances are also studied.

Ding, Y., Li, X..  2017.  Policy Based on Homomorphic Encryption and Retrieval Scheme in Cloud Computing. 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC). 1:568–571.

Homomorphic encryption technology can settle a dispute of data privacy security in cloud environment, but there are many problems in the process of access the data which is encrypted by a homomorphic algorithm in the cloud. In this paper, on the premise of attribute encryption, we propose a fully homomorphic encrypt scheme which based on attribute encryption with LSSS matrix. This scheme supports fine-grained cum flexible access control along with "Query-Response" mechanism to enable users to efficiently retrieve desired data from cloud servers. In addition, the scheme should support considerable flexibility to revoke system privileges from users without updating the key client, it reduces the pressure of the client greatly. Finally, security analysis illustrates that the scheme can resist collusion attack. A comparison of the performance from existing CP-ABE scheme, indicates that our scheme reduces the computation cost greatly for users.

Q
Li, X..  2015.  A Quantity-Flexibility Contract in Two-Stage Decision with Supply Chain Coordination. 2015 11th International Conference on Computational Intelligence and Security (CIS). :109–112.

We study a quantity-flexibility supply contract between a manufacturer and a retailer in two periods. The retailer can get a low wholesale price within a fixed quantity and adjust the quantity at the end of the first period. The retailer can adjust the order quantities after the first period based on updated inventory status by paying a higher per-unit price for the incremental units or obtaining a buyback price per-unit for the returning units. By developing a two-period dynamic programming model in this paper, we first obtain an optimal replenishment strategy for the retailer when the manufacturer's price scheme is known. Then we derive an proper pricing scheme for the manufacturer by assuming that the supply chain is coordinated. The numerical results show some managerial insights by comparing this coordination scheme with Stackelberg game.

R
Chow, J., Li, X., Mountrouidou, X..  2017.  Raising flags: Detecting covert storage channels using relative entropy. 2017 IEEE International Conference on Intelligence and Security Informatics (ISI). :25–30.

This paper focuses on one type of Covert Storage Channel (CSC) that uses the 6-bit TCP flag header in TCP/IP network packets to transmit secret messages between accomplices. We use relative entropy to characterize the irregularity of network flows in comparison to normal traffic. A normal profile is created by the frequency distribution of TCP flags in regular traffic packets. In detection, the TCP flag frequency distribution of network traffic is computed for each unique IP pair. In order to evaluate the accuracy and efficiency of the proposed method, this study uses real regular traffic data sets as well as CSC messages using coding schemes under assumptions of both clear text, composed by a list of keywords common in Unix systems, and encrypted text. Moreover, smart accomplices may use only those TCP flags that are ever appearing in normal traffic. Then, in detection, the relative entropy can reveal the dissimilarity of a different frequency distribution from this normal profile. We have also used different data processing methods in detection: one method summarizes all the packets for a pair of IP addresses into one flow and the other uses a sliding moving window over such a flow to generate multiple frames of packets. The experimentation results, displayed by Receiver Operating Characteristic (ROC) curves, have shown that the method is promising to differentiate normal and CSC traffic packet streams. Furthermore the delay of raising an alert is analyzed for CSC messages to show its efficiency.

Li, X., He, Z., Zhang, S..  2015.  Robust optimization of risk for power system based on information gap decision theory. 2015 5th International Conference on Electric Utility Deregulation and Restructuring and Power Technologies (DRPT). :200–204.

Risk-control optimization has great significance for security of power system. Usually the probabilistic uncertainties of parameters are considered in the research of risk optimization of power system. However, the method of probabilistic uncertainty description will be insufficient in the case of lack of sample data. Thus non-probabilistic uncertainties of parameters should be considered, and will impose a significant influence on the results of optimization. To solve this problem, a robust optimization operation method of power system risk-control is presented in this paper, considering the non-probabilistic uncertainty of parameters based on information gap decision theory (IGDT). In the method, loads are modeled as the non-probabilistic uncertainty parameters, and the model of robust optimization operation of risk-control is presented. By solving the model, the maximum fluctuation of the pre-specified target can be obtained, and the strategy of this situation can be obtained at the same time. The proposed model is applied to the IEEE-30 system of risk-control by simulation. The results can provide the valuable information for operating department to risk management.

S
Ma, G., Li, X., Pei, Q., Li, Z..  2017.  A Security Routing Protocol for Internet of Things Based on RPL. 2017 International Conference on Networking and Network Applications (NaNA). :209–213.

RPL is a lightweight IPv6 network routing protocol specifically designed by IETF, which can make full use of the energy of intelligent devices and compute the resource to build the flexible topological structure. This paper analyzes the security problems of RPL, sets up a test network to test RPL network security, proposes a RPL based security routing protocol M-RPL. The routing protocol establishes a hierarchical clustering network topology, the intelligent device of the network establishes the backup path in different clusters during the route discovery phase, enable backup paths to ensure data routing when a network is compromised. Setting up a test prototype network, simulating some attacks against the routing protocols in the network. The test results show that the M-RPL network can effectively resist the routing attacks. M-RPL provides a solution to ensure the Internet of Things (IoT) security.

Liu, Y., Li, X., Xiao, L..  2018.  Service Oriented Resilience Strategy for Cloud Data Center. 2018 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C). :269-274.

As an information hinge of various trades and professions in the era of big data, cloud data center bears the responsibility to provide uninterrupted service. To cope with the impact of failure and interruption during the operation on the Quality of Service (QoS), it is important to guarantee the resilience of cloud data center. Thus, different resilience actions are conducted in its life circle, that is, resilience strategy. In order to measure the effect of resilience strategy on the system resilience, this paper propose a new approach to model and evaluate the resilience strategy for cloud data center focusing on its core part of service providing-IT architecture. A comprehensive resilience metric based on resilience loss is put forward considering the characteristic of cloud data center. Furthermore, mapping model between system resilience and resilience strategy is built up. Then, based on a hierarchical colored generalized stochastic petri net (HCGSPN) model depicting the procedure of the system processing the service requests, simulation is conducted to evaluate the resilience strategy through the metric calculation. With a case study of a company's cloud data center, the applicability and correctness of the approach is demonstrated.

Yang, Z., Li, X., Wei, L., Zhang, C., Gu, C..  2020.  SGX-ICN: A Secure and Privacy-Preserving Information-Centric Networking with SGX Enclaves. 2020 3rd International Conference on Hot Information-Centric Networking (HotICN). :142–147.
As the next-generation network architecture, Information-Centric Networking (ICN) has emerged as a novel paradigm to cope with the increasing demand for content delivery on the Internet. In contrast to the conventional host-centric architectures, ICN focuses on content retrieval based on their name rather than their storage location. However, ICN is vulnerable to various security and privacy attacks due to the inherent attributes of the ICN architectures. For example, a curious ICN node can monitor the network traffic to reveal the sensitive data issued by specific users. Hence, further research on privacy protection for ICN is needed. This paper presents a practical approach to effectively enhancing the security and privacy of ICN by utilizing Intel SGX, a commodity trusted execution environment. The main idea is to leverage secure enclaves residing on ICN nodes to do computations on sensitive data. Performance evaluations on the real-world datasets demonstrate the efficiency of the proposed scheme. Moreover, our scheme outperforms the cryptography based method.