ABSTRACT
Network security situational awareness (NSSA) aims to capture, understand, and display security elements in large-scale network environments in order to predict security trends in the relevant network environment. With the internet's increasingly large scale, increasingly complex structure, and gradual diversification of components, the traditional single-layer network topology model can no longer meet the needs of network security analysis. Therefore, we conduct research based on a multi-layer network model for network security situational awareness, which is characterized by the three-layer network structure of a physical device network, a business application network, and a user role network. Its network characteristics require new assessment methods, so we propose a multi-layer network link importance assessment metric: the multi-layer-dependent link entropy (MDLE). On the one hand, the MDLE comprehensively evaluates the connectivity importance of links by fitting the link-local betweenness centrality and mapping entropy. On the other hand, it relies on the link-dependent mechanism to better aggregate the link importance contributions in each network layer. The experimental results show that the MDLE has better ordering monotonicity during critical link discovery and a higher destruction efficacy in destruction simulations compared to classical link importance metrics, thus better adapting to the critical link discovery requirements of a multi-layer network topology.
ABSTRACT
The network intrusion detection system (NIDS) plays a crucial role as a security measure in addressing the increasing number of network threats. The majority of current research relies on feature-ready datasets that heavily depend on feature engineering. Conversely, the increasing complexity of network traffic and the ongoing evolution of attack techniques lead to a diminishing distinction between benign and malicious network behaviors. In this paper, we propose a novel end-to-end intrusion detection framework based on a contrastive learning approach. We design a hierarchical Convolutional Neural Network (CNN) and Gated Recurrent Unit (GRU) model to facilitate the automated extraction of spatiotemporal features from raw traffic data. The integration of contrastive learning amplifies the distinction between benign and malicious network traffic in the representation space. The proposed method exhibits enhanced detection capabilities for unknown attacks in comparison to the approaches trained using the cross-entropy loss function. Experiments are carried out on the public datasets CIC-IDS2017 and CSE-CIC-IDS2018, demonstrating that our method can attain a detection accuracy of 99.9% for known attacks, thus achieving state-of-the-art performance. For unknown attacks, a weighted recall rate of 95% can be achieved.
ABSTRACT
Coil-rod copolymers with a dendritic polyethylene (DPE) core and multiple helical poly(γ-benzyl-L-glutamate) (PBLG) arms (DPE-(PBLG)n) were prepared by palladium-catalyzed copolymerization in tandem with ring-opening polymerization (ROP). Macroinitiator (DPE-(NH2)11) was firstly prepared by the group transformation of DPE-(OH)11 generated from palladium-catalyzed copolymerization of ethylene and acrylate comonomer. Coil-helical DPE-(PBLG)11 copolymers were prepared by ROP of γ-benzyl-L-glutamate-N-carboxyanhydride (BLG-NCA). These DPE-(PBLG)11 copolymers could form thermoreversible gels in toluene solvent, and the dendritic topology of the DPE core increased the critical gelation concentrations. The self-assembled nanostructure of gels was fully characterized by transmission electron microscopy (TEM), atomic force microscopy (AFM), small-angle X-ray scattering (SAXS), and wide-angle X-ray diffraction (WAXD), and the morphology of the fibrous structure was a twisted flat ribbon through a self-assembled nanoribbon mechanism. The self-assembled fibers formed by DPE-(PBLG45)11 are more heterogeneous and ramified than previously observed fibers formed by PBLG homopolymer and block copolymers.
ABSTRACT
The Internet creates multidimensional and complex relationships in terms of the composition, application and mapping of social users. Most of the previous related research has focused on the single-layer topology of physical device networks but ignored the study of service access relationships and the social structure of users on the Internet. Here, we propose a composite framework to understand how the interaction between the physical devices network, business application network, and user role network affects the robustness of the entire Internet. In this paper, a multilayer network consisting of a physical device layer, business application layer and user role layer is constructed by collecting experimental network data. We characterize the disturbance process of the entire multilayer network when a physical entity device fails by designing nodal disturbance to investigate the interactions that exist between the different network layers. Meanwhile, we analyze the characteristics of the Internet-oriented multilayer network structure and propose a heuristic multilayer network topology generation algorithm based on the initial routing topology and networking pattern, which simulates the evolution process of multilayer network topology. To further analyze the robustness of this multilayer network model, we combined a total of six target node ranking indicators including random strategy, degree centrality, betweenness centrality, closeness centrality, clustering coefficient and network constraint coefficient, performed node deletion simulations in the experimental network, and analyzed the impact of component types and interactions on the robustness of the overall multilayer network based on the maximum component change in the network. These results provide new insights into the operational processes of the Internet from a multi-domain data fusion perspective, reflecting that the coupling relationships that exist between the different interaction layers are closely linked to the robustness of multilayer networks.
ABSTRACT
For (k, n)-threshold secret image sharing (SIS) scheme, only k or more than k complete parts can recover the secret information, and the correct image cannot be obtained if the count of shadow images is not enough or the shadow images are damaged. The existing schemes are weak in resisting large-area shadow image tampering. In this paper, we propose a robust secret image sharing scheme resisting to maliciously tampered shadow images by Absolute Moment Block Truncation Coding (AMBTC) and quantization (RSIS-AQ). The secret image is successively compressed in two ways: AMBTC and quantization. The sharing shadow images contain the sharing results of both compressed image from different parts, so that even the shadow images are faced with large-scale area of malicious tampering, the secret image can be recovered with acceptable visual quality. Compared with related works, our scheme can resist larger area of tampering and yield better recovered image visual quality. The experimental results prove the effectiveness of our scheme.
Subject(s)
Algorithms , Computer SecurityABSTRACT
Improving the effectiveness of target link importance assessment strategy has become an important research direction within the field of complex networks today. The reasearch shows that the link importance assessment strategy based on betweenness centrality is the current optimal solution, but its high computational complexity makes it difficult to meet the application requirements of large-scale networks. The k-core decomposition method, as a theoretical tool that can effectively analyze and characterize the topological properties of complex networks and systems, has been introduced to facilitate the generation of link importance assessment strategy and, based on this, a link importance assessment indicator link shell has been developed. The strategy achieves better results in numerical simulations. In this study, we incorporated topological overlap theory to further optimize the attack effect and propose a new link importance assessment indicator link topological shell called t-shell. Simulations using real world networks and scale-free networks show that t-shell based target link importance assessment strategies perform better than shell based strategies without increasing the computational complexity; this can provide new ideas for the study of large-scale network destruction strategies.
Subject(s)
Models, TheoreticalABSTRACT
Generative linguistic steganography encodes candidate words with conditional probability when generating text by language model, and then, it selects the corresponding candidate words to output according to the confidential message to be embedded, thereby generating steganographic text. The encoding techniques currently used in generative text steganography fall into two categories: fixed-length coding and variable-length coding. Because of the simplicity of coding and decoding and the small computational overhead, fixed-length coding is more suitable for resource-constrained environments. However, the conventional text steganography mode selects and outputs a word at one time step, which is highly susceptible to the influence of confidential information and thus may select words that do not match the statistical distribution of the training text, reducing the quality and concealment of the generated text. In this paper, we inherit the decoding advantages of fixed-length coding, focus on solving the problems of existing steganography methods, and propose a multi-time-step-based steganography method, which integrates multiple time steps to select words that can carry secret information and fit the statistical distribution, thus effectively improving the text quality. In the experimental part, we choose the GPT-2 language model to generate the text, and both theoretical analysis and experiments prove the effectiveness of the proposed scheme.
ABSTRACT
In recent years, the wide application of deep neural network models has brought serious risks of intellectual property rights infringement. Embedding a watermark in a network model is an effective solution to protect intellectual property rights. Although researchers have proposed schemes to add watermarks to models, they cannot prevent attackers from adding and overwriting original information, and embedding rates cannot be quantified. Therefore, aiming at these problems, this paper designs a high embedding rate and tamper-proof watermarking scheme. We employ wet paper coding (WPC), in which important parameters are regarded as wet blocks and the remaining unimportant parameters are regarded as dry blocks in the model. To obtain the important parameters more easily, we propose an optimized probabilistic selection strategy (OPSS). OPSS defines the unimportant-level function and sets the importance threshold to select the important parameter positions and to ensure that the original function is not affected after the model parameters are changed. We regard important parameters as an unmodifiable part, and only modify the part that includes the unimportant parameters. We selected the MNIST, CIFAR-10, and ImageNet datasets to test the performance of the model after adding a watermark and to analyze the fidelity, robustness, embedding rate, and comparison schemes of the model. Our experiment shows that the proposed scheme has high fidelity and strong robustness along with a high embedding rate and the ability to prevent malicious tampering.
Subject(s)
Algorithms , Computer Security , Neural Networks, ComputerABSTRACT
Directed greybox fuzzing (DGF) is an effective method to detect vulnerabilities of the specified target code. Nevertheless, there are three main issues in the existing DGFs. First, the target vulnerable code of the DGFs needs to be manually selected, which is tedious. Second, DGFs mainly leverage distance information as feedback, which neglects the unequal roles of different code snippets in reaching the targets. Third, most of the existing DGFs need the source code of the test programs, which is not available for binary programs. In this paper, we propose a vulnerability-oriented directed binary fuzzing framework named VDFuzz, which automatically identifies the targets and leverages dynamic information to guide the fuzzing. In specific, VDFuzz consists of two components, a target identifier and a directed fuzzer. The target identifier is designed based on a neural-network, which can automatically locate the target code areas that are similar to the known vulnerabilities. Considering the inequality of code snippets in reaching the given target, the directed fuzzer assigns different weights to basic blocks and takes the weights as feedback to generate test cases to reach the target code. Experimental results demonstrate that VDFuzz outperformed the state-of-the-art fuzzers and was effective in vulnerability detection of real-world programs.
Subject(s)
Neural Networks, Computer , SoftwareABSTRACT
Program-wide binary code diffing is widely used in the binary analysis field, such as vulnerability detection. Mature tools, including BinDiff and TurboDiff, make program-wide diffing using rigorous comparison basis that varies across versions, optimization levels and architectures, leading to a relatively inaccurate comparison result. In this paper, we propose a program-wide binary diffing method based on neural network model that can make diffing across versions, optimization levels and architectures. We analyze the target comparison files in four different granularities, and implement the diffing by both top down process and bottom up process according to the granularities. The top down process aims to narrow the comparison scope, selecting the candidate functions that are likely to be similar according to the call relationship. Neural network model is applied in the bottom up process to vectorize the semantic features of candidate functions into matrices, and calculate the similarity score to obtain the corresponding relationship between functions to be compared. The bottom up process improves the comparison accuracy, while the top down process guarantees efficiency. We have implemented a prototype PBDiff and verified its better performance compared with state-of-the-art BinDiff, Asm2vec and TurboDiff. The effectiveness of PBDiff is further illustrated through the case study of diffing and vulnerability detection in real-world firmware files.
Subject(s)
Neural Networks, Computer , Semantics , Data CollectionABSTRACT
Secret sharing based on Absolute Moment Block Truncation Coding (AMBTC) has been widely studied. However, the management of stego images is inconvenient as they seem indistinguishable. Moreover, there exists a problem of pixel expansion, which requires more storage space and higher transmission bandwidth. To conveniently manage the stego images, we use multiple cover images to make the stego images seem to be visually different from with each other. Futhermore, the stego images are different, which will not cause the attacker's suspicion and increase the security of the scheme. And traditional Visual Secret Sharing (VSS) is fused to eliminate pixel expansion. After images are compressed by AMBTC algorithm, the quantization levels and the bitmap corresponding to each block are obtained. At the same time, when the threshold is (k,k), bitmaps can be recovered losslessly, and the slight degradation of image quality is only caused by the compression itself. When the threshold is another value, the recovered image and the cover images can be recovered with satisfactory image quality. The experimental results and analyses show the effectiveness and advantages of our scheme.
Subject(s)
Computer Security , Data Compression , Algorithms , ConfidentialityABSTRACT
OBJECTIVE: We aimed to explain the operational mechanism of China National Patient Safety Incidents Reporting System, analyze patterns and trends of incidents reporting, and discuss the implication of the incidents reporting to improve hospital patient safety. DESIGN: A nationwide, registry-based, observational study design. DATA SOURCE: The database of China National Patient Safety Incidents Reporting System. OUTCOME MEASURES: Outcome measures of this study included the temporal, regional, and hospital distribution of the reports, as well as the incident type, location, parties, and possible reasons for frequently occurring incidents. RESULTS: During 2012-2017, 36,498 patient safety incidents were reported. By analyzing the time trends, we found that there was a significant upward trend on incidents reporting in China. The most common type of incidents was drug-related incidents, followed by nursing-related incidents and surgery-related incidents. The three most frequent locations of incident occurrence were Patient's Room (65.4%), Ambulatory Care Unit (8.4%), and Intensive Care Unit (7.4%). The majority of the incidents involved nurses (40.7%), followed by physicians (29.5%) and medical technologist (13.6%). About 44.4% of the incidents were attributed to the junior staff (work experience ≤5 years). In addition, incidents triggered by the senior staff (work experience >5 years) were more often associated with severe patient harm. CONCLUSION: To strengthen the incidents reporting system and generate useful evidence through learning from incidents reporting will be important to China's success in improving the nation's patient safety status.
ABSTRACT
Based on field measurements of throughfall and stemflow in combination with climatic data collected from the meteorological station adjacent to the studied sub-alpine dark coniferous forest in Wolong, Sichuan Province, canopy interception of sub-alpine dark coniferous forests was analyzed and modeled at both stand scale and catchment scale. The results showed that monthly interception rate of Fargesia nitida, Bashania fangiana--Abies faxoniana old-growth ranged from 33% Grass to 72%, with the average of 48%. In growing season, there was a linear or powerful or exponential relationship between rainfall and interception an. a negative exponential relationship between rainfall and interception rate. The mean maximum canopy interception by the vegetation in the catchment of in.44 km was 1.74 ment and the significant differences among the five communities occurred in the following sequence: Moss-Fargesia nitida, Bashan afanglana-A. faxoniana stand > Grass-F. nitida, B. fangiana-A. faxoniana stand > Moss-Rhododendron spp.-A. faxoniana stand > Grass-Rh. spp.-A. faxoniana stand > Rh. spp. shrub. In addition, a close linear relationship existed between leaf area index (LAI) and maximum canopy interception. The simulated value of canopy interception rate, maximum canopy interception rate and addition interception rate of the vegetation in the catchment were 39%, 25% and 14%, respectively. Simulation of the canopy interception model was better at the overall growing season scale, that the mean relative error was 9%-14%.
