Biblio

Cyber threat intelligence (CTI) necessitates automated monitoring of dark web platforms (e.g., Dark Net Markets and carding shops) on a large scale. While there are existing methods for collecting data from the surface web, large-scale dark web data collection is commonly hindered by anti-crawling measures. Text-based CAPTCHA serves as the most prohibitive type of these measures. Text-based CAPTCHA requires the user to recognize a combination of hard-to-read characters. Dark web CAPTCHA patterns are intentionally designed to have additional background noise and variable character length to prevent automated CAPTCHA breaking. Existing CAPTCHA breaking methods cannot remedy these challenges and are therefore not applicable to the dark web. In this study, we propose a novel framework for breaking text-based CAPTCHA in the dark web. The proposed framework utilizes Generative Adversarial Network (GAN) to counteract dark web-specific background noise and leverages an enhanced character segmentation algorithm. Our proposed method was evaluated on both benchmark and dark web CAPTCHA testbeds. The proposed method significantly outperformed the state-of-the-art baseline methods on all datasets, achieving over 92.08% success rate on dark web testbeds. Our research enables the CTI community to develop advanced capabilities of large-scale dark web monitoring.

Personally identifiable information (PII) has become a major target of cyber-attacks, causing severe losses to data breach victims. To protect data breach victims, researchers focus on collecting exposed PII to assess privacy risk and identify at-risk individuals. However, existing studies mostly rely on exposed PII collected from either the dark web or the surface web. Due to the wide exposure of PII on both the dark web and surface web, collecting from only the dark web or the surface web could result in an underestimation of privacy risk. Despite its research and practical value, jointly collecting PII from both sources is a non-trivial task. In this paper, we summarize our effort to systematically identify, collect, and monitor a total of 1,212,004,819 exposed PII records across both the dark web and surface web. Our effort resulted in 5.8 million stolen SSNs, 845,000 stolen credit/debit cards, and 1.2 billion stolen account credentials. From the surface web, we identified and collected over 1.3 million PII records of the victims whose PII is exposed on the dark web. To the best of our knowledge, this is the largest academic collection of exposed PII, which, if properly anonymized, enables various privacy research inquiries, including assessing privacy risk and identifying at-risk populations.

Increasing number of Internet-scale applications, such as video streaming, incur huge amount of wide area traffic. Such traffic over the unreliable Internet without bandwidth guarantee suffers unpredictable network performance. This result, however, is unappealing to the application providers. Fortunately, Internet giants like Google and Microsoft are increasingly deploying their private wide area networks (WANs) to connect their global datacenters. Such high-speed private WANs are reliable, and can provide predictable network performance. In this paper, we propose a new type of service-inter-datacenter network as a service (iDaaS), where traditional application providers can reserve bandwidth from those Internet giants to guarantee their wide area traffic. Specifically, we design a bandwidth trading market among multiple iDaaS providers and application providers, and concentrate on the essential bandwidth pricing problem. The involved challenging issue is that the bandwidth price of each iDaaS provider is not only influenced by other iDaaS providers, but also affected by the application providers. To address this issue, we characterize the interaction between iDaaS providers and application providers using a Stackelberg game model, and analyze the existence and uniqueness of the equilibrium. We further present an efficient bandwidth pricing algorithm by blending the advantage of a geometrical Nash bargaining solution and the demand segmentation method. For comparison, we present two bandwidth reservation algorithms, where each iDaaS provider's bandwidth is reserved in a weighted fair manner and a max-min fair manner, respectively. Finally, we conduct comprehensive trace-driven experiments. The evaluation results show that our proposed algorithms not only ensure the revenue of iDaaS providers, but also provide bandwidth guarantee for application providers with lower bandwidth price per unit.

Photo service providers are facing critical challenges of dealing with the huge amount of photo storage, typically in a magnitude of billions of photos, while ensuring national-wide or world-wide satisfactory user experiences. Distributed photo caching architecture is widely deployed to meet high performance expectations, where efficient still mysterious caching policies play essential roles. In this work, we present a comprehensive study on internet-scale photo caching algorithms in the case of QQPhoto from Tencent Inc., the largest social network service company in China. We unveil that even advanced cache algorithms can only perform at a similar level as simple baseline algorithms and there still exists a large performance gap between these cache algorithms and the theoretically optimal algorithm due to the complicated access behaviors in such a large multi-tenant environment. We then expound the reasons behind this phenomenon via extensively investigating the characteristics of QQPhoto workloads. Finally, in order to realistically further improve QQPhoto cache efficiency, we propose to incorporate a prefetcher in the cache stack based on the observed immediacy feature that is unique to the QQPhoto workload. The prefetcher proactively prefetches selected photos into cache before they are requested for the first time to eliminate compulsory misses and promote hit ratios. Our extensive evaluation results show that with appropriate prefetching we improve the cache hit ratio by up to 7.4 percent, while reducing the average access latency by 6.9 percent at a marginal cost of 4.14 percent backend network traffic compared to the original system that performs no prefetching.

The rapid development of the Internet and ecommerce has brought a lot of convenience to people's life. Personalized recommendation technology provides users with services that they may be interested according to users' information such as personal characteristics and historical behaviors. The research of personalized recommendation has been a hot point of data mining and social networks. In this paper, we focus on resolving the problem of data sparsity based on users' rating data and social network information, introduce a set of new measures for social trust and propose a novel personalized recommendation algorithm based on matrix factorization combining trust relevancy. Our experiments were performed on the Dianping datasets. The results show that our algorithm outperforms traditional approaches in terms of accuracy and stability.

Return Oriented Programming is one of the most important software security challenges nowadays. It exploits memory vulnerabilities to control the state of the program and hijacks its control flow. Existing defenses usually focus on how to protect the control flow or face the challenge of how to maintain the taint markings for memory data. In this paper, we directly focus on the adversary-controlled states, simplify the classic dynamic taint analysis method to only track registers and propose Hardware-based Adversary-controlled States Tracking (HAST). HAST dynamically tracks registers that may be controlled by the adversary to detect ROP attack. It is transparent to user application and makes few modifications to existing hardware. Our evaluation demonstrates that HAST will introduce almost no performance overhead and can effectively detect ROP attacks without false positives on the tested common Linux applications.

Return Oriented Programming is one of the major challenges for software security nowadays. It can bypass Data Execution Prevention (DEP) mechanism by chaining short instruction sequences from existing code together to induce arbitrary code execution. Existing defenses are usually trade-offs between practicality, security, and performance. In this paper, we propose PMUe, a low-cost hardware ROP detection approach that detects ROP attack based on three inherent properties of ROP. It is transparent to user applications and can be regarded as a small extension to existing Performance Monitoring Unit in commodity processors. Our evaluation demonstrates that PMUe can effectively detect ROP attack with negligible performance overhead.

Mobile Ad Hoc Networks are dynamic in nature and have no rigid or reliable network infrastructure by their very definition. They are expected to be self-governed and have dynamic wireless links which are not entirely reliable in terms of connectivity and security. Several factors could cause their degradation, such as attacks by malicious and selfish nodes which result in data carrying packets being dropped which in turn could cause breaks in communication between nodes in the network. This paper aims to address the issue of remedy and mitigation of the damage caused by packet drops. We proposed an improvement on the EAACK protocol to reduce the network overhead packet delivery ratio by using hybrid cryptography techniques DES due to its higher efficiency in block encryption, and RSA due to its management in key cipher. Comparing to the existing approaches, our simulated results show that hybrid cryptography techniques provide higher malicious behavior detection rates, and improve the performance. This research can also lead to more future efforts in using hybrid encryption based authentication techniques for attack detection/prevention in MANETs.

Aiming at the phenomenon that the urban traffic is complex at present, the optimization algorithm of the traditional logistic distribution path isn't sensitive to the change of road condition without strong application in the actual logistics distribution, the optimization algorithm research of logistics distribution path based on the deep belief network is raised. Firstly, build the traffic forecast model based on the deep belief network, complete the model training and conduct the verification by learning lots of traffic data. On such basis, combine the predicated road condition with the traffic network to build the time-share traffic network, amend the access set and the pheromone variable of ant algorithm in accordance with the time-share traffic network, and raise the optimization algorithm of logistics distribution path based on the traffic forecasting. Finally, verify the superiority and application value of the algorithm in the actual distribution through the optimization algorithm contrast test with other logistics distribution paths.

With the development of Internet technology, software vulnerabilities have become a major threat to current computer security. In this work, we propose the vulnerability detection for source code using Contextual LSTM. Compared with CNN and LSTM, we evaluated the CLSTM on 23185 programs, which are collected from SARD. We extracted the features through the program slicing. Based on the features, we used the natural language processing to analysis programs with source code. The experimental results demonstrate that CLSTM has the best performance for vulnerability detection, reaching the accuracy of 96.711% and the F1 score of 0.96984.

Due to the increasing concerns of securing private information, context-aware Internet of Things (IoT) applications are in dire need of supporting data privacy preservation for users. In the past years, game theory has been widely applied to design secure and privacy-preserving protocols for users to counter various attacks, and most of the existing work is based on a two-player game model, i.e., a user/defender-attacker game. In this paper, we consider a more practical scenario which involves three players: a user, an attacker, and a service provider, and such a complicated system renders any two-player model inapplicable. To capture the complex interactions between the service provider, the user, and the attacker, we propose a hierarchical two-layer three-player game framework. Finally, we carry out a comprehensive numerical study to validate our proposed game framework and theoretical analysis.

In this paper, we address the physical layer security problem for Wireless Sensor Networks in the presence of passive eavesdroppers, i.e., the eavesdroppers' channels are unknown to the transmitter. We use a multi-antenna relay to guarantee physical layer security. Different from the existing work, we consider that the relay works in full duplex mode and transmits artificial noise (AN) in both stages of the decode-and-forward (DF) cooperative strategy. We proposed two optimal power allocation strategies for power constrained and power unconstrained systems respectively. For power constrained system, our aim is to minimize the secrecy rate outage probability. And for power unconstrained systems, we obtain the optimal power allocation to minimize the total power under the quality of service and secrecy constraints. We also consider the secrecy outage probability for different positions of eavesdropper. Simulation results are presented to show the performance of the proposed strategies.

Recent years, the issue of cyber security has become ever more prevalent in the analysis and design of electrical cyber-physical systems (ECPSs). In this paper, we present the TrueTime Network Library for modeling the framework of ECPSs and focuses on the vulnerability analysis of ECPSs under DoS attacks. Model predictive control algorithm is used to control the ECPS under disturbance or attacks. The performance of decentralized and distributed control strategies are compared on the simulation platform. It has been proved that DoS attacks happen at dada collecting sensors or control instructions actuators will influence the system differently.

This paper proposed a feedback shift register structure which can be split, it is based on a research of operating characteristics about 70 kinds of cryptographic algorithms and the research shows that the “different operations similar structure” reconfigurable design is feasible. Under the configuration information, the proposed structure can implement the multiplication in finite field GF(2n), the multiply/divide linear feedback shift register and other operations. Finally, this paper did a logic synthesis based on 55nm CMOS standard-cell library and the results show that the proposed structure gets a hardware resource saving of nearly 32%, the average power consumption saving of nearly 55% without the critical delay increasing significantly. Therefore, the “different operations similar structure” reconfigurable design is a new design method and the proposed feedback shift register structure can be an important processing unit for coarse-grained reconfigurable cryptologic array.

A5-1 algorithm is a stream cipher used to encrypt voice data in GSM, which needs to be realized with high performance due to real-time requirements. Traditional implementation on FPGA or ASIC can't obtain a trade-off among performance, cost and flexibility. To this aim, this paper introduces CGRCA to implement A5-1, and in order to optimize the performance and resource consumption, this paper proposes a resource-based path seeking (RPS) algorithm to develop an advanced implementation. Experimental results show that final optimal throughput of A5-1 implemented on CGRCA is 162.87Mbps when the frequency is 162.87MHz, and the set-up time is merely 87 cycles, which is optimal among similar works.

In this paper, we introduce an optical network with cross-layer security, which can enhance security performance. In the transmitter, the user's data is encrypted at first. After that, based on optical encoding, physical layer encryption is implemented. In the receiver, after the corresponding optical decoding process, decryption algorithm is used to restore user's data. In this paper, the security performance has been evaluated quantitatively.

Word representation is one of the basic word repressentation methods in natural language processing, which mapped a word into a dense real-valued vector space based on a hypothesis: words with similar context have similar meanings. Models like NNLM, C&W, CBOW, Skip-gram have been designed for word embeddings learning, and get widely used in many NLP tasks. However, these models assume that one word had only one semantics meaning which is contrary to the real language rules. In this paper we pro-pose a new word unit with multiple meanings and an algorithm to distinguish them by it's context. This new unit can be embedded in most language models and get series of efficient representations by learning variable embeddings. We evaluate a new model MCBOW that integrate CBOW with our word unit on word similarity evaluation task and some downstream experiments, the result indicated our new model can learn different meanings of a word and get a better result on some other tasks.

Security and privacy issues of the Internet of Things (IoT in short, hereafter) attracts the hot topic of researches through these years. As the relationship between user and server become more complicated than before, the existing security solutions might not provide exhaustive securities in IoT environment and novel solutions become new research challenges, e.g., the solutions based on symmetric cryptosystems are unsuited to handle with the occasion that decryption is only allowed in specific time range. In this paper, a new scalable one-time file encryption scheme combines reliable cryptographic techniques, which is named OTFEP, is proposed to satisfy specialized security requirements. One of OTFEP's key features is that it offers a mechanism to protect files in the database from arbitrary visiting from system manager or third-party auditors. OTFEP uses two different approaches to deal with relatively small file and stream file. Moreover, OTFEP supports good node scalability and secure key distribution mechanism. Based on its practical security and performance, OTFEP can be considered in specific IoT devices where one-time file encryption is necessary.

Cybersecurity is a problem of growing relevance that impacts all facets of society. As a result, many researchers have become interested in studying cybercriminals and online hacker communities in order to develop more effective cyber defenses. In particular, analysis of hacker community contents may reveal existing and emerging threats that pose great risk to individuals, businesses, and government. Thus, we are interested in developing an automated methodology for identifying tangible and verifiable evidence of potential threats within hacker forums, IRC channels, and carding shops. To identify threats, we couple machine learning methodology with information retrieval techniques. Our approach allows us to distill potential threats from the entirety of collected hacker contents. We present several examples of identified threats found through our analysis techniques. Results suggest that hacker communities can be analyzed to aid in cyber threat detection, thus providing promising direction for future work.