Android platform has been the target of attackers due to its openness and increasing popularity. Android malware has explosively increased in recent years, which poses serious threats to Android ...security. Thus proposing efficient Android malware detection methods is curial in defeating malware. Various features extracted from static or dynamic analysis using machine learning have played an important role in malware detection recently. However, existing code obfuscation, code encryption, and dynamic code loading techniques can be employed to hinder systems that single based on static analysis, purely dynamic analysis systems cannot detect all potential code execution paths. To address these issues, we propose CoDroid, a sequence‐based hybrid Android malware detection method, which utilizes the sequences of static opcode and dynamic system call. We treat one sequence as a sentence in the natural language processing and construct a CNN–BiLSTM–Attention classifier which consists of Convolutional Neural Networks (CNNs), the Bidirectional Long Short‐Term Memory (BiLSTM) with an attention language model. We extensively evaluate CoDroid under a real‐world data set and perform comprehensive analysis against other existing related detection methods. The evaluations show the effectiveness and flexibility of CoDroid across a variety of experimental settings.
Full text
Available for:
FZAB, GIS, IJS, KILJ, NLZOH, NUK, OILJ, SAZU, SBCE, SBMB, UL, UM, UPUK
Machine learning (ML) methods have demonstrated impressive performance in many application fields such as autopilot, facial recognition, and spam detection. Traditionally, ML models are trained and ...deployed in a benign setting, in which the testing and training data have identical statistical characteristics. However, this assumption usually does not hold in the sense that the ML model is designed in an adversarial setting, where some statistical properties of the data can be tampered with by a capable adversary. Specifically, it has been observed that adversarial examples (also known as adversarial input perambulations) elaborately crafted during training/test phases can seriously undermine the ML performance. The susceptibility of ML models in adversarial settings and the corresponding countermeasures have been studied by many researchers in both academic and industrial communities. In this work, we present a comprehensive overview of the investigation of the security properties of ML algorithms under adversarial settings. First, we analyze the ML security model to develop a blueprint for this interdisciplinary research area. Then, we review adversarial attack methods and discuss the defense strategies against them. Finally, relying upon the reviewed work, we provide prospective relevant future works for designing more secure ML models.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NLZOH, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UILJ, UL, UM, UPCLJ, UPUK, ZAGLJ, ZRSKP
Secure Multi-Party Computation (SMPC) is a generic cryptographic primitive that enables distributed parties to jointly compute an arbitrary functionality without revealing their own private inputs ...and outputs. Since Yao’s seminal work in 1982, 30 years of research on SMPC has been conducted, proceeding from pure theoretical research into real-world applications. Recently, the increasing prevalence of the newly emerging technologies such as cloud computing, mobile computing and the Internet of Thing has resulted in a re-birth of SMPC’s popularity. This has occurred mainly because, as a generic tool for computing on private data, SMPC has a natural advantage in solving security and privacy issues in these areas. Accordingly, many application-oriented SMPC protocols have been constructed. This paper presents a comprehensive survey on the theoretical and practical aspects of SMPC protocols. Specifically, we start by demonstrating the underlying concepts of SMPC, including its security requirements and basic construction techniques. Then, we present the research advances regarding construction techniques for generic SMPC protocols, and also the cutting-edge approaches to cloud-assisted SMPC protocols. Then, we summarize the concrete application-oriented protocols that are currently available, and finally, we present a discussion of the current literature and conclude this survey.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NLZOH, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UILJ, UL, UM, UPCLJ, UPUK, ZAGLJ, ZRSKP
With the widespread application of Industrial Internet of Things (IIoT) technology in the industry, the security threats are also increasing. To ensure the safe sharing of resources in IIoT, this ...paper proposes a data security sharing model based on privacy protection (DSS‐PP) for blockchain‐enabled IIoT. Compared with previous works, DSS‐PP has obvious advantages in several important aspects: (1) In the process of identity authentication, it protects users' personal information by using authentication technology with hidden attributes; (2) the encrypted shared resources are stored in off‐chain database of the blockchain, while only the ciphertext index information is stored in the block. It reduces the storage load of the blockchain; (3) it uses blockchain logging technology to trace and account for illegal access. Under the hardness assumption of Inverse Computational Diffe–Hellman (ICDH) problem, this model is proven to be correct and safe. Through the analysis of performance, DSS‐PP has better performance than the referred works.
Full text
Available for:
FZAB, GIS, IJS, KILJ, NLZOH, NUK, OILJ, SAZU, SBCE, SBMB, UL, UM, UPUK
Video surveillance requires storing massive amounts of video data, which results in the rapid increasing of storage energy consumption. With the popularization of video surveillance, green storage ...for video surveillance is very attractive. The existing energy-saving methods for massive storage mostly concentrate on the data centers, mainly with random access, whereas the storage of video surveillance has inherent workload characteristics and access pattern, which can be fully exploited to save more energy. A dynamic partial-parallel data layout (DPPDL) is proposed for green video surveillance storage. It adopts a dynamic partial-parallel strategy, which dynamically allocates the storage space with an appropriate degree of partial parallelism according to performance requirement. Partial parallelism benefits energy conservation by scheduling only partial disks to work; a dynamic degree of parallelism can provide appropriate performances for various intensity workloads. DPPDL is evaluated by a simulated video surveillance consisting of 60-300 cameras with <inline-formula> <tex-math notation="LaTeX">1920 \times 1080 </tex-math></inline-formula> pixels. The experiment shows that DPPDL is most energy efficient, while tolerating single disk failure and providing more than 20% performance margin. On average, it saves 7%, 19%, 31%, 36%, 56%, and 59% more energy than a CacheRAID, Semi-RAID, Hibernator, MAID, eRAID5, and PARAID, respectively.
Secure data‐sharing technology is a bridge for various collaborative operations among intelligent terminals in the edge‐cloud collaborative application scenario. For the shared data ...involves different levels of confidentiality, intelligent terminals for collaborative operations may be distributed in multiple management domains, and the private information of intelligent terminals is easy to be leaked in edge‐cloud collaboration scenarios, the security of data sharing is severely threatened. To solve these problems, this paper proposed a fine‐grained and traceable multidomain secure data‐sharing model for intelligent terminals. In this model, a key self‐certification algorithm is proposed, which avoids potential security threats of key leakage during the key distribution process. The model combines attribute encryption and threshold function to achieve more fine‐grained and more flexible secure data sharing; it uses blockchain technology to achieve integrity verification of stored data and traceability of shared data, and it combines on‐chain and off‐chain databases to achieve rapid retrieval and positioning of shared data distributed among multiple domains, which improves the efficiency of data sharing among domains. The security of the model proposed by us is proved, and compared with the cited literature, it is shown that the proposed model has certain advantages in terms of computational complexity and time consumption.
Full text
Available for:
FZAB, GIS, IJS, KILJ, NLZOH, NUK, OILJ, SAZU, SBCE, SBMB, UL, UM, UPUK
Searching on remote encrypted data (commonly known as searchable encryption) has become an important issue in secure data outsourcing, since it allows users to outsource encrypted data to an ...untrusted third party while maintains the capability of keyword search on the data.
Searchable encryption can be achieved using the classical method called oblivious RAM, but the resultant schemes are too inefficient to be applied in the real-world scenarios (e.g., cloud computing). Recently, a number of efficient searchable encryption schemes have been proposed under weaker security guarantees. Such schemes, however, still leak statistical information about the users’ search pattern.
In this paper, we first present two concrete attack methods to show that the search pattern leakage will result in such a situation: an adversary who has some auxiliary knowledge can uncover the underlying keywords of user queries. To address this issue, we then develop a grouping-based construction (GBC) to transform an existing searchable encryption scheme to a new scheme hiding the search pattern. Finally, experiments based on the real-world dataset demonstrate the effectiveness of our attack methods and the feasibility of our construction.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UL, UM, UPCLJ, UPUK
Android mobile devices and applications are widely deployed and used in industry and smart city. Malware detection is one of the most powerful and effective approaches to guarantee security of ...Android systems, especially for industrial platform and smart city. Recently, researches using machine learning-based techniques for Android malware detection increased rapidly. Nevertheless, most of the appeared approaches have to perform feature analysis and selection, so-called feature engineering, which is time-consuming and relies on artificial experience. To solve the inefficiency problem of feature engineering, we propose TC-Droid, an automatic framework for Android malware detection based on text classification method. The core idea of TC-Droid is derived from the field of text classification. TC-Droid feeds on the text sequence of APPs analysis reports generated by AndroPyTool, applies a convolutional neural network (CNN) to explore significant information (or knowledge) under original report text, instead of manual feature engineering. In an evaluation with different number of real-world samples, TC-Droid outperforms state-of-the-art model (Drebin) and several classic models (NB, LR, KNN, RF) as well. With multiple experimental settings and corresponding comparisons, TC-Droid achieves effective and flexible performance in Android malware detection task.
•Android Malware Detection Using Text Classification Method of NLP.•Non-essential feature selection. Automatic word-based sensitive feature engineering instead of hand feature engineering (including feature selection).•A prototype of TC-Droid with performance evaluation on real-world dataset. High and stable performance under extensive experiments on real-world samples.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NLZOH, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UILJ, UL, UM, UPCLJ, UPUK, ZAGLJ, ZRSKP
Federated learning has a distributed collaborative training mode, widely used in IoT scenarios of edge computing intelligent services. However, federated learning is vulnerable to malicious attacks, ...mainly backdoor attacks. Once an edge node implements a backdoor attack, the embedded backdoor mode will rapidly expand to all relevant edge nodes, which poses a considerable challenge to security-sensitive edge computing intelligent services. In the traditional edge collaborative backdoor defense method, only the cloud server is trusted by default. However, edge computing intelligent services have limited bandwidth and unstable network connections, which make it impossible for edge devices to retrain their models or update the global model. Therefore, it is crucial to detect whether the data of edge nodes are polluted in time. This paper proposes a layered defense framework for edge-computing intelligent services. At the edge, we combine the gradient rising strategy and attention self-distillation mechanism to maximize the correlation between edge device data and edge object categories and train a clean model as much as possible. On the server side, we first implement a two-layer backdoor detection mechanism to eliminate backdoor updates and use the attention self-distillation mechanism to restore the model performance. Our results show that the two-stage defense mode is more suitable for the security protection of edge computing intelligent services. It can not only weaken the effectiveness of the backdoor at the edge end but also conduct this defense at the server end, making the model more secure. The precision of our model on the main task is almost the same as that of the clean model.
Full text
Available for:
IZUM, KILJ, NUK, PILJ, PNG, SAZU, UL, UM, UPUK
Wireless communication is the most important carrier for covert channels because increasing security threats have made covert channels an alternative to transmitting confidential information in ...untrusted wireless communications. As a solution for next-generation mobile communication, voice over LTE (VoLTE) is developed using a high-speed packet-switched core network to provide high-quality end-to-end communication services. Unlike traditional circuit-switched communication technologies, both inter-packet delays and packet orders in VoLTE traffic are limited by specific rules. Even minor modifications to the overt traffic can be detected, so the existing solutions do not apply to VoLTE. To solve this problem, we build a robust packet-dropout covert timing channel through parity casecade coding. Hash-based inter-codewords verification, cyclic redundancy check based codeword self-verification, and an adaptive mapping matrix are designed to ensure robustness and undetectability. In our scheme, the covert message is modulated into the sequence numbers of the actively dropped packets, which can be retrieved by the receiver. With the help of the verification section, the actual codewords combination can be identified to retrieve the embedded covert message. Several experiments are performed to evaluate the performance of the scheme, and the parameters of the covert timing channel (CTC) are adjusted to estimate robustness and throughput. Finally, the CTC scheme is proved to be feasible since both average bit error rate and throughput are acceptable while the covert message is stealthily transmitted.
PDF
