Android应用软件安全测评方法研究

Android是一种应用广泛、软件兼容性良好的操作系统。Android基于Linux内核,主要应用于触屏移动设备,如智能手机和平板电脑等。随着Android手机的快速发展和大量使用,其安全特性成为研究热点。文中以Android手机应用软件测评技术为主线,根据对实际工作经验的总结,详细分析了Android系统架构、安全机制以及Android手机应用软件在数据存储和数据传输中的安全问题。根据对Android安全机制和风险的分析,提出一种Android手机软件安全测评方法和流程,并简要说明了使用的测评工具软件。     

Blind velocities mitigation for MIMO GMTI radar with Doppler division multiple access waveforms

Multiple-input multiple-output (MIMO) radar with multiple transmitters and multiple receivers can achieve a larger virtual antenna array and more system degrees of freedom; thus applying it to ground moving target indication (GMTI) radar can improve the performance of GMTI. Doppler division multiple access (DDMA) waveforms are approximately orthogonal providing good minimum detectable velocity (MDV) performance. However, in such DDMA systems, a sufficient pulse repetition frequency (PRF) design freedom is required. Furthermore, these waveforms suffer from blind velocities which are serious problems, especially in radar systems with high carrier frequency or low PRF. This paper analyses the blind velocities problem and show that blind velocities are relative to variation of the PRF and/or the carrier frequency. Variable PRF techniques are widely used in conventional GMTI radar including multiple PRFs and variable pulse repetition intervals (PRI). Combined with the characteristics of the DDMA MIMO GMTI radar, this paper proposed two methods to mitigate blind velocities: “multi-PRF DDMA” which employs multiple PRFs over successive coherent processing intervals, and “PRI-dithered DDMA” which employs nonuniform sampling by dithered PRI in slow time. Simulation results demonstrate that both the methods are effective ways to mitigate blind velocities in DDMA MIMO GMTI radar systems.     

HTTP malicious traffic detection method based on hybrid structure deep neural network

In response to the HTTP malicious traffic detection problem,a preprocessing method based on cutting mechanism and statistical association was proposed to perform statistical information correlation as well as normalization processing of traffic.Then,a hybrid neural network was proposed based on the combination of raw data and empirical feature engineering.It combined convolutional neural network (CNN) and multilayer perceptron (MLP) to process text and statistical information.The effect of the model was significantly improved compared with traditional machine learning algorithms (e.g.,SVM).The F₁value reached 99.38% and had a lower time complexity.At the same time,a data set consisting of more than 450 000 malicious traffic and more than 20 million non-malicious traffic was created.In addition,prototype system based on model was designed with detection precision of 98.1%~99.99% and recall rate of 97.2%~99.5%.The application is excellent in real network environment.     

SiCsFuzzer:基于稀疏插桩的闭源软件模糊测试方法

传统的基于覆盖率反馈的模糊测试工具通过跟踪代码覆盖率来指导测试用例的变异,从而发现目标程序中潜在的漏洞。但在闭源软件的模糊测试过程中,跟踪覆盖率不仅带来额外的开销,而且在模糊测试开销中占据主导。本文通过对Windows平台闭源软件模糊测试开销的剖析,锁定其中两个主要来源,插桩开销和“预热”开销。基于上述分析,提出了一种基于稀疏插桩跟踪的模糊测试方法,在不影响覆盖率计算精度的前提下,采用基于稀疏插桩的跟踪策略,仅对目标程序中覆盖率不可推导的基本块或分支进行插桩跟踪,并根据跟踪结果推导其余基本块或分支的被覆盖情况;同时结合“预热”优化,避免因动态插桩平台反复启动以及对目标程序代码的重复翻译所引入的时间开销。基于上述方法实现的原型工具SiCsFuzzer,在Windows平台9个规模在286KB～19.3MB,类型涉及图片处理、视频处理、文件压缩、加密和文档处理等类型应用所组成的测试集上,跟踪覆盖率引入的额外开销为程序正常执行时间的1.1倍,比传统的基于覆盖率反馈的模糊测试工具快3倍,并发现PDFtk和XnView程序最新版本中的未知漏洞各1个。     

基于邻居节点预状态的无线传感器网络故障诊断算法

针对无线传感器网络（WSN）故障节点率高于50%时故障检测率降低的问题,提出一种基于邻居节点预状态及邻居节点数据的无线传感器节点故障诊断算法。首先利用节点自身历史数据对节点状态进行初步预判断;然后结合节点间相似性和邻居节点的预状态对节点状态进行最终的判断;最后利用移动传感器节点将故障节点信息通过最优路径发送给基站,有效地减少了通信次数。仿真实验在100 m×100 m的方形区域内模拟WSN。实验结果表明,与传统的分布式故障诊断（DFD）算法相比,诊断精度提升了9.84个百分点,并且当节点故障率高达50%时,该算法仍能达到95%的诊断精度。在实际应用中,所提算法在提高故障诊断精度的同时,能有效地减少能量消耗、延长网络寿命。     

An efficient privacy-preserving scheme for secure network coding based on compressed sensing

Network coding (NC) provides an elegant solution for improving capacity and robustness in computer networks. Different to traditional “store-and-forward” transmission paradigm, each intermediate node linearly combines received data packets, and the original files can be decoded at the sink nodes in NC settings. This brand-new paradigm is vulnerable to pollution attack, which means that some malicious nodes inject fake data packets into the network and this will lead to incorrect decoding. There are some information-theoretical solutions and cryptographic solutions for solving this security issue, and most existing schemes can thwart data pollution attacks. However, the privacy of the original files are vital to some application environments (e.g. military network). To the best of our knowledge, there is not a secure scheme which can thwart pollution attack and can protect the privacy of transmitted data simultaneously. In this paper, we present an efficient privacy-preserving scheme for secure network coding based on compressed sensing (CS), which has attracted considerable research interest in the signal processing community. Specifically, we embed CS into the general NC framework, i.e., the source node needs to compress each original data packet using the sensing matrix before creating the augmented vector and the sink nodes require to perform an additional CS reconstruction algorithm for reconstructing the original file. In addition, we construct a simple key distribution protocol and each intermediate node just needs two secret keys for verifying the integrity of received data packets. Such novel hybrid construction enables the privacy-preserving guarantee, and the performance comparison shows the high-efficiency of our scheme in terms of the computational complexity and communication overhead.     

面向小样本数据的机器学习方法研究综述

小样本学习是面向小样本数据的机器学习,旨在利用较少的有监督样本数据去构建能够解决实际问题的机器学习模型。小样本学习能够解决传统机器学习方法在样本数据不充分时性能严重下降的问题,可以为新型小样本任务实现低成本和快速的模型部署,缩小人类智能与人工智能之间的距离,对推动发展通用型人工智能具有重要意义。从小样本学习的概念、基础模型和实际应用入手,系统梳理当前小样本学习的相关工作,将小样本学习方法分类为基于模型微调、基于数据增强、基于度量学习和基于元学习,并具体阐述这4大类方法的核心思想、基本模型、细分领域和最新研究进展,以及每一类方法在科学研究或实际应用中存在的问题,总结目前小样本学习研究的常用数据集和评价指标,整理基于部分典型小样本学习方法在Omniglot和Mini-ImageNet数据集上的实验结果。最后对各种小样本学习方法及其优缺点进行总结,分别从数据层面、理论研究和应用研究3个方面对小样本学习的未来研究方向进行展望。     

基于物联网设备局部仿真的反馈式模糊测试技术

近几年物联网设备数量飞速增长,随着物联网的普及,物联网设备所面临的安全问题越来越多。与物联网设备相关的安全攻击事件中,危害最大的是利用设备漏洞获得设备最高权限,进而窃取用户敏感数据、传播恶意代码等。对物联网设备进行漏洞挖掘,及时发现物联网设备中存在的安全漏洞,是解决上述安全问题的重要方法之一。通过模糊测试可有效发现物联网设备中的安全漏洞,该方法通过向被测试目标发送大量非预期的输入,并监控其状态来发现潜在的漏洞。然而由于物联网设备动态执行信息难获取以及模糊测试固有的测试深度问题,使得当前流行的反馈式模糊测试技术在应用到物联网设备中面临困难。本文提出了一种基于物联网设备局部仿真的反馈式模糊测试技术。为了获取程序动态执行信息又保持一定的普适性,本文仅对于不直接与设备硬件交互的网络服务程序进行局部仿真和测试。该方法首先在物联网设备的固件代码中自动识别普遍存在并易存在漏洞的网络数据解析函数,针对以该类函数为入口的网络服务组件,生成高质量的组件级种子样本集合。然后对网络服务组件进行局部仿真,获取目标程序代码覆盖信息,实现反馈式模糊测试。针对6个厂商的9款物联网设备的实验表明,本文方法相比Firm ...