基于Yosys的硬件信息流安全验证与漏洞检测

针对基于功能验证和侧信道分析的硬件安全漏洞检测方法的不足,提出了一种结合Yosys形式化验证能力和门级信息流追踪方法对集成电路设计进行安全验证和漏洞检测的方案.首先,使用Yosys对硬件电路设计进行逻辑综合,生成门级网表.其次,为电路设计中各信号的每个比特位添加污染标签,并采用二进制位粒度的污染标签传播策略为基本逻辑单元生成门级信息流模型,进而以此为基本单元构建整个电路的信息流模型.然后,描述电路设计中关键数据的机密性和完整性属性,并将其映射为Yosys可识别的安全约束.最后,结合Yosys和电路的信息流模型对电路设计的安全属性进行验证,安全验证中捕捉到违反安全属性的事件,即表明硬件设计中存在安全漏洞.实验表明,该方法能够准确检测到AES加密电路中植入的一种可满足性无关项木马.实验结果验证了该方法能够在不依赖功能验证和侧信道分析的前提下检测到安全漏洞,因而适用范围更广.     

Face presentation attack detection using guided scale texture

Multimedia Tools and Applications - Aiming to counter presentation attack (also known as spoofing attack) in face recognition system, a face presentation attack detection (also known as spoofing...     

A fast and accurate palmprint recognition system based on minutiae

Palmprint recognition is a challenging problem, mainly due to low quality of the pattern, large nonlinear distortion between different impressions of the same palm and large image size, which makes feature extraction and matching computationally demanding. This paper introduces a high-resolution palmprint recognition system based on minutiae. The proposed system follows the typical sequence of steps used in fingerprint recognition, but each step has been specifically designed and optimized to process large palmprint images with a good tradeoff between accuracy and speed. A sequence of robust feature extraction steps allows to reliably detect minutiae; moreover, the matching algorithm is very efficient and robust to skin distortion, being based on a local matching strategy and an efficient and compact representation of the minutiae. Experimental results show that the proposed system compares very favorably with the state of the art.     

模拟攻击测试方式的漏洞检测系统的设计与实现

扫描方式的漏洞检测工具往往因为无法得到目标系统的准确信息而无法准确判断目标系统的安全状况,而模拟攻击测试方法可以准确判断目标系统是否存在测试的漏洞。大部分新漏洞发布的同时也会发布相应的测试程序,但是测试程序参数的复杂多样造成了集成的困难,把参数分为DR(运行时决定的类型)、DL(运行时查表决定的类型)和DV(默认值参数)三种类型,利用XML在数据结构描述方面的灵活性解决了这个问题。介绍了一个利用XML描述测试程序接口参数的模拟攻击测试方式的漏洞检测系统。     

Robust palmprint verification using 2D and 3D features

This paper presents a new personal authentication system that simultaneously exploits 2D and 3D palmprint features. The objective of our work is to improve accuracy and robustness of existing palmprint authentication systems using 3D palmprint features. The proposed multilevel framework for personal authentication efficiently utilizes the robustness (against spoof attacks) of the 3D features and the high discriminating power of the 2D features. The developed system uses an active stereo technique, structured light, to simultaneously capture 3D image or range data and a registered intensity image of the palm. The surface curvature feature based method is investigated for 3D palmprint feature extraction while Gabor feature based competitive coding scheme is used for 2D representation. We comparatively analyze these representations for their individual performance and attempt to achieve performance improvement using the proposed multilevel matcher that utilizes fixed score level combination scheme to integrate information. Our experiments on a database of 108 subjects achieved significant improvement in performance with the integration of 3D features as compared to the case when 2D palmprint features alone are employed. We also present experimental results to demonstrate that the proposed biometric system is extremely difficult to circumvent, as compared to the currently proposed palmprint authentication approaches in the literature.     

抵抗共谋攻击的服务器辅助验证签名方案

为了使服务器辅助验证算法一次能够验证由不同私钥签名的多个消息,提出了一个基于聚合签名的服务器辅助验证方案,由服务器执行验证算法中计算代价大的对运算,有效的减少了验证阶段的计算量。在服务器可知道签名密钥的假设下,证明了该方案在共谋和选择性消息攻击下是安全的。     

A study on cyber threat prediction based on intrusion detection event for APT attack detection

A number of APT(Advanced Persistent Threat) attack malwares are being detected as of late together with attempts by the state and enterprises to leak personal information. To detect and respond to them, malwares must first be detected by security monitoring system. In particular, availability of a method to detect and predict such malwares in advance will lead to preventing security incidents. This study will propose a method of prediction based on intrusion detection event and a functional configuration to realize the method and will assess the prediction model based on intrusion detection events proposed through a test consisting of the stages of learning, prediction and evaluation.     

Iris presentation attack detection based on best-k feature selection from YOLO inspired RoI

Neural Computing and Applications - Obfuscating an iris recognition system through forged iris samples has been a major security threat in iris-based authentication. Therefore, a detection...     

基于抽象语法树的智能化漏洞检测系统

源代码漏洞的自动检测是一个重要的研究课题。目前现有的解决方案大多是基于线性模型,依赖于源代码的文本信息而忽略了语法结构信息,从而造成了源代码语法和语义信息的丢失,同时也遗漏了许多漏洞特征。提出了一种基于结构表征的智能化漏洞检测系统Astor,致力于使用源代码的结构信息进行智能化漏洞检测,所考虑的结构信息是抽象语法树（Abstract Syntax Tree,AST）。首先,构建了一个从源代码转化而来且包含源码语法结构信息的数据集,提出使用深度优先遍历的机制获取AST的语法表征。最后,使用神经网络模型学习AST的语法表征。为了评估Astor的性能,对多个基于结构化数据和基于线性数据的漏洞检测系统进行比较,实验结果表明Astor能有效提升漏洞检测能力,降低漏报率和误报率。此外,还进一步总结出结构化模型更适用于长度大,信息量丰富的数据。     

A study on three-dimensional vision system for machining setup verification

In computerized numerical control (CNC) machine tools, it is often a time-consuming and error-prone process to verify the Euclidean position accordance between the actual machining setup and its designed three-dimensional (3D) digital model. The model mainly contains the work piece and jigs. The mismatch between them will cause a failure of simulation to precisely detect the collision. The paper presents an on-machine 3D vision system to quickly verify the similarity between the actual setup and its digital model by real and virtual image processing. In this paper, the system is proposed first. Afterwards, a simple on-machine camera calibration process is presented. This calibration process determines all the camera's parameters with respect to the machine tool's coordinate frame. The accurate camera mathematical model (or virtual camera) is derived according to the actual imaging projection. Both camera-captured real images and system-generated virtual images are compensated to make them theoretically and practically identical. The mathematical equations have been derived. Using the virtual image as a reference and then superimposing the real image onto it, the operator can intuitively verify the Euclidean position in accordance to the actual setup and its 3D digital model.     

基于空洞单流ViT网络的灵活模态人脸呈现攻击检测方法

灵活模态人脸呈现攻击检测突破传统多模态方法对于模型训练与部署的模态一致性限制,可将统一模型按需灵活部署到多样模态的现实场景,但仍存在模型性能有待提升、计算资源需求高的问题。为此,提出一种以视觉Transformer(ViT)结构为基础的单流灵活模态人脸呈现攻击检测网络。提出空洞块嵌入模块以减少运算冗余,降低输入向量维度;为区分不同模态特征,设计模态编码标记;采用非补齐策略处理模态缺失问题。在公开多模态数据集上的实验结果表明,该方法在域内和跨域评估中分别获得2.69%和33.81%的最佳平均ACER值,相较于现有的三种方法,具有更优的域内和域外泛化性能,在不同子协议上的性能表现较为均衡,且其模型计算量与参数量均远低于多流方法,更加适合模态缺失场景下的灵活、高效部署。     

基于复杂网络的网络系统脆弱点发现方法研究

利用复杂网络寻找网络系统中的脆弱点可以从网络拓扑结构的角度出发,利用节点的拓扑性质研究其脆弱性,这可以有效的解决攻击图等脆弱性评估手段无法处理规模过大的网络的问题。通过对李鹏翔等的节点删除方法进行改进,计算动态删除节点后网络平均最短路径变化,模拟网络中节点在受到攻击后无法使用,从而导致的网络整体性能的变化。使得评估时不仅考虑删除节点对网络破坏程度,同时兼顾了对网络的效率的影响,从而可以更有效的针对脆弱点布置防御措施。     

基于Oracleweb环境漏洞攻击与防护技术简

本文从概念、原理以及日常生活中的运用对Oracle web环境注射技术进行阐述,从一个web安全的角度来看如何入侵一台被防火墙防护的Oracle数据库,对一些入侵技术做了web入侵上的总结和延伸。尽量展现一些SQL注射入侵的思路以及如何利用数据库的一些特性,在web上做最大的入侵与防护。     

Two novel characteristics in palmprint verification: datum point invariance and line feature matching

As the first attempt of automatic personal identification by palmprint, in this paper, two novel characteristics, datum point invariance and line feature matching, are presented in palmprint verification. The datum points of palmprint, which have the remarkable advantage of invariable location, are defined and their determination using the directional projection algorithm is developed. Then, line feature extraction and line matching are proposed to detect whether a couple of palmprints are from the same palm. Various palmprint images have been tested to illustrate the effectiveness of the palmprint verification with both characteristics.     

车联网环境下女巫攻击检测方案

提出一种新型高效的女巫攻击检测方案,方案采用椭圆曲线密码构建轻量级的安全认证模式,利用信任节点协同计算,实现对攻击者的位置定位有效追溯。安全分析验证了该方案满足车联网认证的安全需求。仿真实验的性能分析表明,方案在恶意节点检出率上较其他方案有明显提升,方便了交通权威中心对攻击者的取证和采取相应的事后管制措施。     

基于图结构源代码切片的智能化漏洞检测系统

针对智能化漏洞检测,从源代码程序依赖图中根据漏洞特征提取图结构源代码切片,将图结构切片信息表征后利用图神经网络模型进行漏洞检测工作。实现了切片级的漏洞检测,并在代码行级预测漏洞行位置。为了验证系统的有效性,分别与静态漏洞检测系统、基于序列化文本信息和基于图结构化信息的漏洞检测系统做比较,实验结果表明,所提系统在漏洞检测能力上有较高准确性,并且在漏洞代码行预测工作上有较好表现。     

基于SDN构架的DoS/DDoS攻击检测与防御体系

针对Do S/DDo S的攻击检测算法大多应用于攻击的目的端,只能实现检测效果、并不能缓解攻击的问题,提出利用SDN架构的集中控制等特点,在攻击的源头实现流量实时监控,使用源IP防伪、接入层异常检测、链路流量异常检测形成多重防御体系,尽可能早地发现攻击,逐渐过滤异常流量,实现网络层DDo S攻击在源端的检测和防御。提出防御体系概念,便于应用更先进的检测算法完善防御体系。     

VulnerGAN: a backdoor attack through vulnerability amplification against machine learning-based network intrusion detection systems

Machine learning-based network intrusion detection systems(ML-NIDS) are extensively used for network security against unknown attacks. Existing intrusion detection systems can effectively defend traditional network attacks, however, they face AI based threats. The current known AI attacks cannot balance the escape rate and attack effectiveness. In addition, the time cost of existing AI attacks is very high. In this paper, we propose a backdoor attack called VulnerGAN, which features high conceal...