Method to generate cyber deception traffic based on adversarial sample by Yongjin HU, Yuanbo GUO, Jun MA, Han ZHANG, Xiuqing MAO

“…In order to prevent attacker traffic classification attacks,a method for generating deception traffic based on adversarial samples from the perspective of the defender was proposed.By adding perturbation to the normal network traffic,an adversarial sample of deception traffic was formed,so that an attacker could make a misclassification when implementing a traffic analysis attack based on a deep learning model,achieving deception effect by causing the attacker to consume time and energy.Several different methods for crafting perturbation were used to generate adversarial samples of deception traffic,and the LeNet-5 deep convolutional neural network was selected as a traffic classification model for attackers to deceive.The effectiveness of the proposed method is verified by experiments,which provides a new method for network traffic obfuscation and deception.…”
Get full text

Research on deception defense techniques based on network characteristics obfuscation by Jinlong ZHAO, Guomin ZHANG, Changyou XING

“…There is usually a reconnaissance stage before a network attack, the attacker obtains the key information of the target system through techniques such as traffic analysis and active scanning, to formulate a targeted network attack.Deception defense techniques based on network characteristics obfuscation is an effective strategy to confront network reconnaissance, which makes the attacker launch an ineffective attack by thwarting the attacker's reconnaissance stage.The technical principle of the existing obfuscation defense solutions was analyzed, the formal definition of network obfuscation was given, the existing research works were discussed from three aspects, and finally the development trend of the obfuscation deception defense technique were analyzed.…”
Get full text

Rational analysis of authentication protocols based on NGUYEN L H scheme by Xing-hua LI, Ling-juan DENG, Yuan ZHANG, Jian-feng MA

“…Using the ideas of game theory,NGUYEN L H transformed two families of authentication protocols where the honest party transmitted some useless data with probability α before the normal protocol run,so that even if an attacker attacks a protocol,the attacker’s payoff will still be lower than that when it does not.In such a way,the security of the protocol was guaranteed.However,this scheme suffers from two shortcomings:the considered is too attacker powerful,and only its payoff was considered and the cost of the attacks was ignored; the situation in which the honest node would choose to send useless data was not considered.To improve this scheme,the value of α,with the consideration of the attack cost,of which the value is more general was given.What’s more,the attack probability β was introduced.Based on this,the precondition that the honest node transmits the useless data was presented,as well as the value of α under the different β values.Compared with the original scheme,this results are more generic and comprehensive.Meanwhile,through a case analysis in the P2P network,the correctness of the conclusion is proved.…”
Get full text

Defending Against Advanced Persistent Threats Using Game-Theory. by Stefan Rass, Sandra König, Stefan Schauer

“…Advanced persistent threats (APT) combine a variety of different attack forms ranging from social engineering to technical exploits. …”
Get full text

Secure control plane for SDN using Bayesian Stackelberg games by Zhen-ping LU, Fu-cai CHEN, Guo-zhen CHENG

“…A dynamic scheduling controller in SDN control layer was proposed by dynamically transform heteroge-neous controlled in order to increase the difficulty of the attacker.Firstly,a dynamic scheduling method based on Bayesian Stackelberg games the attacker and defender were game participation on both sides,obtained the equili-brium,which guided the scheduling strategy.Secondly,introducing a self-cleaning mechanism,it improved the gain of the control layer security combined with game strategy form closed-loop defense mechanism.The experiments described quantitatively based on the game strategy compared with traditional safety control layer to deploy a single controller and adopt the strategy of random scheduling profit gain of the controller,and self-cleaning mechanism could make the control plane to be in a higher level of security.…”
Get full text

Active deception defense method based on dynamic camouflage network by Shuo WANG, Jianhua WANG, Qingqi PEI, Guangming TANG, Yang WANG, Xiaohu LIU

“…In view of the problem that the existing honeypots often fail to resist the penetration attack due to the lack of confidentiality,an active deception defense method based on dynamic camouflage network (DCN) was presented.The definition of DCN was given firstly,and then the attacker-defender scenario of active deception based on DCN was described.Next,the interaction process of the attacker-defender scenario was modeled by using a signaling game,whose equilibrium can guide the selection of optimal deception strategy.Furthermore,to quantify the payoffs accurately,the two-layer threat penetration graph (TLTPG) was introduced.Finally,the solution for game equilibrium was designed,through which pure strategy and mixed strategy could be calculated simultaneously.The experimental results show that,based on the dynamic camouflage network,the perfect Bayesian equilibrium can provide effective guidance for the defender to implement the optimal defense strategy and maximize the benefits of the defender.In addition,the characteristics and rules of active deception defense DCN-based are summarized.…”
Get full text

Secure data sharing scheme supporting efficient synchronous evolution for ciphertext and key by Xincheng YAN, Yue CHEN, Hongyong JIA, Yanru CHEN, Xinyue ZHANG

“…The static property of stored ciphertext in cloud increases the probability that an attacker can crack the ciphertext by obtaining a key,while ciphertext and key updates based on key distribution and re-encryption are excessively expensive.For this problem,a secure data sharing scheme supporting efficient synchronous evolution for ciphertext and key (CKSE-SDS) was proposed.By introducing cryptography accumulator in broadcast encryption,mimicry transformation factor could be constructed supporting time-hopping periodically and efficient synchronous evolution for ciphertext and key could be achieved based on dynamic segmentation and fusion of ciphertext and key,which reduced certainty in the process of encryption and key distribution and increased the difficulty for attackers exploiting security vulnerabilities to obtain key to crack ciphertext as well.Theoretical analysis and security proofs show that the proposed scheme can support secure and efficient data access as well as reduce the probability of a successful attack effectively for an attacker,which can also enhance the system’s active security defense capability.…”
Get full text

Anonymous whistleblowers reply scheme based on secret sharing by HE Kun, HUANG Yajing, DU Ruiying, SHI Min, LI Siqin, CHEN Jing

“…Existing anonymous communication systems that resisted traffic analysis could hide the identities of the communicating parties from the attacker. However, the identities of the communicating parties couldn’t be hidden from each other, and thus these systems did not apply to the scenario of anonymous whistleblowing and replying, where it was necessary to protect the identity of the whistleblower. …”
Get full text

Universal patching method for side-channel vulnerabilities based on atomic obfuscation by Deqing ZOU, Pan ZHANG, Wei LIU, Weijie CHEN, Yifan LU

“…Executing code containing side-channel vulnerabilities exhibits different non-functional behaviors related to inputs.Attackers can obtain these behaviors by leveraging micro architecture side-channel attacks and then analyze the pattern between the behaviors and the inputs to access sensitive data.Vulnerability repairing at the software layer brings low overheads to a program’s execution.Besides, it does not require modifying hardware or system, which enables fast patching and widespread deployment.It becomes the mainstream strategy applied to the current cryptographic implementations.However, existing solutions are deeply bound to the program’s implementation and requires manual intervention.This brings challenge to implement and is not versatile enough.A general patching method was proposed for side-channel vulnerabilities that combined dynamic obfuscated execution with hardware atomic transaction.To hide the real accesses of the side-channel vulnerabilities of a program, the proposed method inserted dynamic confusing accesses into the vulnerabilities.To avoid an attacker using fine-grained side-channel attack to distinguish the real access and the confusing access, both of them were encapsulated as transactions and they were guaranteed to be uninterrupted during the running period.In addition, a prototype system called SC-Patcher was implemented based on the LLVM compiler.Various optimization strategies were supported, including secure springboard and transaction aggregation, to further improve system security and performance.Experimental results show that the proposed method makes it impossible for an attacker to restore accurate sensitive data through side-channel attack, and it also brings almost no additional performance overhead to the program.…”
Get full text

An optimal defensive deception framework for the container‐based cloud with deep reinforcement learning by Huanruo Li, Yunfei Guo, Penghao Sun, Yawen Wang, Shumin Huo

“…Abstract Defensive deception is emerging to reveal stealthy attackers by presenting intentionally falsified information. …”
Get full text

Multi-party summation query method based on differential privacy by Xianmang HE

“…Differential privacy is considered to be a very reliable protection mechanism because it does not require the a prior knowledge for the attacker.However,differential privacy is rarely used in a multi-party environment.In view of this,the differential privacy is applied to the data summation query in multi-party environment.This method was described in detail and proved the security of the method.…”
Get full text

Novel mobile agent dynamic data integrity protection protocol by LI Peng-fei1, QING Si-han2, MA Heng-tai1, DENG Yong1

“…Integrity characteristics of dynamic data was redefined and classified by attacker capability,and then it was analyzed how to protect truncation attack with collusion.After that,a data protection protocol of free-roaming agent was presented.The protocol used a reverse chained signature to protect the integrity of roaming path,and protected the dy-namic data integrity based on this.Specially,the protocol provided truncation resilience in collusion condition,and its secure property was proved by formal method.…”
Get full text

Clustering-based dynamic privacy preserving method for social networks by Yong-hao GU, Jiu-chuan LIN, Da GUO

“…Due to the dynamic characteristics of the social network graph structure,an effective dynamic privacy preserving method was needed.To solve the problems of the existing dynamic privacy preservation methods,such as attacker’s too little background knowledge and the low adaptability to the dynamic characteristics of graph structure,a clustering-based dynamic privacy preservation method was provided.The analysis shows that the proposed method can resist many kinds of background knowledge attacks and has good adaptability to the dynamic characteristics of the social network graph structure.…”
Get full text

Study on user’s identification system in insider threats by PEI Qing-qi1, ZHAO Peng2, ZHANG Hong-bin3, WANG Chao2, YIN Hao1

“…Monitoring user’s abnormal behaviors, which is an effective method to detect impersonation, is used for im-personation detection in insider threats.A model is built by using TAN-based Bayesian network to reflect the characteris-tics of user’s behavior.When the deviation from the model is found, the system can determine the identity of the user.As a result, experiments show that the monitoring numbers of processes called by users can be very effective on detecting impersonation and can identify the identity of the attacker.…”
Get full text

KAP:location privacy-preserving approach in location services by Yu-hang WANG, Hong-li ZHANG, Xiang-zhan YU

“…Preserving location privacy is an essential requirement in mobile internet.A location privacy protection approach named KAP was proposed which aimed at the privacy issue of location service under the mobile Internet.Through the analysis on locating technology，a weighted adjacent graph-based topology model was given in order to describe the positional relationship between hot spots.Meanwhile，with the help of the model，combining the concept of k-anonymity，three privacy algorithms was shown to make sure the location can not be obtained precisely by attacker.The simulation results verified the correctness and performance of the approach.…”
Get full text

Evolution game model of offense-defense for network security based on system dynamics by Jian-ming ZHU, Biao SONG, Qi-fa HUANG

“…An offense-defense game model with learning mechanism in the case of asymmetric information was proposed based on non-cooperation evolution game theory.Combined with utility function,the existence and uniqueness of Nash equilibrium in the offense-defense process were proved.Simulation by system dynamics shows that there is Nash equilibrium in evolutionary game model after introducing the dynamic penalty strategy of the third party.Therefore,when improving all kinds of security technology,promoting attacker tracing technology,enhancing the censorship of network attack behaviors and dynamic penalty are fundamental ways to information security.…”
Get full text

Service function chain deployment scheme based on heterogeneous backup and remapping by Jichao XIE, Peng YI, Zhen ZHANG, Chuanhao ZHANG, Yunjie GU

“…Network function virtualization technology improves the flexibility of service function chains' deployment.However,the virtual network functions are under the pressure of uncertain failures and malicious attacks.The existing redundant backup methods can solve the problem of VNF failures to some extent,it does not consider the defects of node homogeneity in the face of malicious attacks.A deployment method considering the heterogeneity of nodes was proposed,guaranteeing the heterogeneity of nodes when perform redundant backup and remapping.Simulation experiments demonstrate that the proposed method significantly increases attacker's attack time cost under the cost of the request acceptance rate decreases by 3.8% and the bandwidth consumption increase by 9.2% comparing to the homogeneity backup method.…”
Get full text

Location-semantic-based location privacy protection for road network by Hui CHEN, Xiao-lin QIN

“…Mobile users suffer location privacy leakage threat as enjoy location-based services (LBS).Therefore,it was important to provide effective policy for location privacy protection.Conventional protection approaches were mainly based on spatial cloaking,which leads to the anonymous effectiveness suffer great reduction if the attacker obtains more background knowledge with respect to the cloaking region,especially semantic information of the location.To prevent sensitive location information leakage for the location semantics being analyzed,and consider the characteristic that most users move on road networks,a location-semantic-based location privacy protection method for road networks was pro-posed.The proposed method considers users' personalized privacy requirements well.The feasibility and effectiveness of the proposed method are verified through experiments for many scenarios.…”
Get full text

Virtual machine co-residency method on cloud computing platform by Weijie LIU, Li’na WANG, Danlei WANG, Zhengguang YIN, Nan FU

“…If the attacker wants to compromise a target virtual machine on a cloud platform,the malicious virtual machine must be co-resident with the target.Based on this,a virtual machine co-residency method was proposed.The method combined a co-residency detection scheme based on covert channel construction and an automatic virtual machine flooding strategy,and was evaluated on a well-known domestic cloud platform.Experiment shows that the adaptive covert channel can achieve accuracies of 95%,the proposed detection scheme has strong robustness whose false positive rate is less than 5 ‰,the proposed method is versatile and keeps the virtualization isolation barrier intact,which has great potential threat and should be paid great attention and precaution.…”
Get full text

Provable secure mutual authentication protocol for RFID in the standard model by Feng XIAO, Ya-jian, ZHOU, Jing-xian ZHOU, Xin-xin NIU

“…The security issue of RFID is becoming more and more serious,in order to protect the RFID's information security and privacy,a mutual authentication protocol for RFID based on HB protocol was proposed in the standard model.The security proofs for this novel protocol was given by using the reduction method,and attacker's hardness was reduced to the indistinguishability between pseudo-random function and real random function.The implementation of proposed protocol only required lightweight pseudo-random generator and vector dot product operation and provided higher security and efficiency.The comparisons of security and performance were also given with other authentication protocols,the results show that the proposed protocol is feasible for RFID tags which are low cost and resource-constrained.…”
Get full text