SiCsFuzzer:基于稀疏插桩的闭源软件模糊测试方法

传统的基于覆盖率反馈的模糊测试工具通过跟踪代码覆盖率来指导测试用例的变异,从而发现目标程序中潜在的漏洞。但在闭源软件的模糊测试过程中,跟踪覆盖率不仅带来额外的开销,而且在模糊测试开销中占据主导。本文通过对Windows平台闭源软件模糊测试开销的剖析,锁定其中两个主要来源,插桩开销和“预热”开销。基于上述分析,提出了一种基于稀疏插桩跟踪的模糊测试方法,在不影响覆盖率计算精度的前提下,采用基于稀疏插桩的跟踪策略,仅对目标程序中覆盖率不可推导的基本块或分支进行插桩跟踪,并根据跟踪结果推导其余基本块或分支的被覆盖情况;同时结合“预热”优化,避免因动态插桩平台反复启动以及对目标程序代码的重复翻译所引入的时间开销。基于上述方法实现的原型工具SiCsFuzzer,在Windows平台9个规模在286KB～19.3MB,类型涉及图片处理、视频处理、文件压缩、加密和文档处理等类型应用所组成的测试集上,跟踪覆盖率引入的额外开销为程序正常执行时间的1.1倍,比传统的基于覆盖率反馈的模糊测试工具快3倍,并发现PDFtk和XnView程序最新版本中的未知漏洞各1个。     

Android应用软件安全测评方法研究

Android是一种应用广泛、软件兼容性良好的操作系统。Android基于Linux内核,主要应用于触屏移动设备,如智能手机和平板电脑等。随着Android手机的快速发展和大量使用,其安全特性成为研究热点。文中以Android手机应用软件测评技术为主线,根据对实际工作经验的总结,详细分析了Android系统架构、安全机制以及Android手机应用软件在数据存储和数据传输中的安全问题。根据对Android安全机制和风险的分析,提出一种Android手机软件安全测评方法和流程,并简要说明了使用的测评工具软件。     

HTTP malicious traffic detection method based on hybrid structure deep neural network

In response to the HTTP malicious traffic detection problem,a preprocessing method based on cutting mechanism and statistical association was proposed to perform statistical information correlation as well as normalization processing of traffic.Then,a hybrid neural network was proposed based on the combination of raw data and empirical feature engineering.It combined convolutional neural network (CNN) and multilayer perceptron (MLP) to process text and statistical information.The effect of the model was significantly improved compared with traditional machine learning algorithms (e.g.,SVM).The F₁value reached 99.38% and had a lower time complexity.At the same time,a data set consisting of more than 450 000 malicious traffic and more than 20 million non-malicious traffic was created.In addition,prototype system based on model was designed with detection precision of 98.1%~99.99% and recall rate of 97.2%~99.5%.The application is excellent in real network environment.     

基于邻居节点预状态的无线传感器网络故障诊断算法

针对无线传感器网络（WSN）故障节点率高于50%时故障检测率降低的问题,提出一种基于邻居节点预状态及邻居节点数据的无线传感器节点故障诊断算法。首先利用节点自身历史数据对节点状态进行初步预判断;然后结合节点间相似性和邻居节点的预状态对节点状态进行最终的判断;最后利用移动传感器节点将故障节点信息通过最优路径发送给基站,有效地减少了通信次数。仿真实验在100 m×100 m的方形区域内模拟WSN。实验结果表明,与传统的分布式故障诊断（DFD）算法相比,诊断精度提升了9.84个百分点,并且当节点故障率高达50%时,该算法仍能达到95%的诊断精度。在实际应用中,所提算法在提高故障诊断精度的同时,能有效地减少能量消耗、延长网络寿命。     

Blind velocities mitigation for MIMO GMTI radar with Doppler division multiple access waveforms

Multiple-input multiple-output (MIMO) radar with multiple transmitters and multiple receivers can achieve a larger virtual antenna array and more system degrees of freedom; thus applying it to ground moving target indication (GMTI) radar can improve the performance of GMTI. Doppler division multiple access (DDMA) waveforms are approximately orthogonal providing good minimum detectable velocity (MDV) performance. However, in such DDMA systems, a sufficient pulse repetition frequency (PRF) design freedom is required. Furthermore, these waveforms suffer from blind velocities which are serious problems, especially in radar systems with high carrier frequency or low PRF. This paper analyses the blind velocities problem and show that blind velocities are relative to variation of the PRF and/or the carrier frequency. Variable PRF techniques are widely used in conventional GMTI radar including multiple PRFs and variable pulse repetition intervals (PRI). Combined with the characteristics of the DDMA MIMO GMTI radar, this paper proposed two methods to mitigate blind velocities: “multi-PRF DDMA” which employs multiple PRFs over successive coherent processing intervals, and “PRI-dithered DDMA” which employs nonuniform sampling by dithered PRI in slow time. Simulation results demonstrate that both the methods are effective ways to mitigate blind velocities in DDMA MIMO GMTI radar systems.     

An efficient privacy-preserving scheme for secure network coding based on compressed sensing

Network coding (NC) provides an elegant solution for improving capacity and robustness in computer networks. Different to traditional “store-and-forward” transmission paradigm, each intermediate node linearly combines received data packets, and the original files can be decoded at the sink nodes in NC settings. This brand-new paradigm is vulnerable to pollution attack, which means that some malicious nodes inject fake data packets into the network and this will lead to incorrect decoding. There are some information-theoretical solutions and cryptographic solutions for solving this security issue, and most existing schemes can thwart data pollution attacks. However, the privacy of the original files are vital to some application environments (e.g. military network). To the best of our knowledge, there is not a secure scheme which can thwart pollution attack and can protect the privacy of transmitted data simultaneously. In this paper, we present an efficient privacy-preserving scheme for secure network coding based on compressed sensing (CS), which has attracted considerable research interest in the signal processing community. Specifically, we embed CS into the general NC framework, i.e., the source node needs to compress each original data packet using the sensing matrix before creating the augmented vector and the sink nodes require to perform an additional CS reconstruction algorithm for reconstructing the original file. In addition, we construct a simple key distribution protocol and each intermediate node just needs two secret keys for verifying the integrity of received data packets. Such novel hybrid construction enables the privacy-preserving guarantee, and the performance comparison shows the high-efficiency of our scheme in terms of the computational complexity and communication overhead.     

中文领域命名实体识别综述

命名实体识别（Named Entity Recognition,NER）作为自然语言处理领域经典的研究主题,是智能问答、知识图谱等任务的基础技术。领域命名实体识别（Domain Named Entity Recognition,DNER）是面向特定领域的NER方案。在深度学习技术的推动下,中文DNER取得了突破性进展。概括了中文DNER的研究框架,从领域数据源的确定、领域实体类型及规范制定、领域数据集的标注规范、中文DNER评估指标四个角度对国内外已有研究成果进行了综合评述;总结了目前常见的中文DNER的技术框架,介绍了基于词典和规则的模式匹配方法、统计机器学习方法、基于深度学习的方法、多方融合的深度学习方法,并重点分析了基于词向量表征和深度学习的中文DNER方法;讨论了中文DNER的典型应用场景,对未来发展方向进行了展望。