Optimal mixed block withholding attacks based on reinforcement learning

The vulnerabilities in cryptographic currencies facilitate the adversarial attacks. Therefore, the attackers have incentives to increase their rewards by strategic behaviors. Block withholding attacks (BWH) are such behaviors that attackers withhold blocks in the target pools to subvert the blockchain ecosystem. Furthermore, BWH attacks may dwarf the countermeasures by combining with selfish mining attacks or other strategic behaviors, for example, fork after withholding (FAW) attacks and power adaptive withholding (PAW) attacks. That is, the attackers may be intelligent enough such that they can dynamically gear their behaviors to optimal attacking strategies. In this paper, we propose mixed-BWH attacks with respect to intelligent attackers, who leverage reinforcement learning to pin down optimal strategic behaviors to maximize their rewards. More specifically, the intelligent attackers strategically toggle among BWH, FAW, and PAW attacks. Their main target is to fine-tune the optimal behaviors, which incur maximal rewards. The attackers pinpoint the optimal attacking actions with reinforcement learning, which is formalized into a Markov decision process. The simulation results show that the rewards of the mixed strategy are much higher than that of honest strategy for the attackers. Therefore, the attackers have enough incentives to adopt the mixed strategy.     

Adversarial attacks on text classification models using layer-wise relevance propagation

Due to the nested nonlinear structure inside neural networks, most existing deep learning models are treated as black boxes, and they are highly vulnerable to adversarial attacks. On the one hand, adversarial examples shed light on the decision-making process of these opaque models to interrogate the interpretability. On the other hand, interpretability can be used as a powerful tool to assist in the generation of adversarial examples by affording transparency on the relative contribution of each input feature to the final prediction. Recently, a post-hoc explanatory method, layer-wise relevance propagation (LRP), shows significant value in instance-wise explanations. In this paper, we attempt to optimize the recently proposed explanation-based attack algorithms (EAAs) on text classification models with LRP. We empirically show that LRP provides good explanations and benefits existing EAAs notably. Apart from that, we propose a LRP-based simple but effective EAA, LRPTricker. LRPTricker uses LRP to identify important words and subsequently performs typo-based perturbations on these words to generate the adversarial texts. The extensive experiments show that LRPTricker is able to reduce the performance of text classification models significantly with infinitesimal perturbations as well as lead to high scalability.     

Fooling intrusion detection systems using adversarially autoencoder

Due to the increasing cyber-attacks, various Intrusion Detection Systems (IDSs) have been proposed to identify network anomalies. Most existing machine learning-based IDSs learn patterns from the features extracted from network traffic flows, and the deep learning-based approaches can learn data distribution features from the raw data to differentiate normal and anomalous network flows. Although having been used in the real world widely, the above methods are vulnerable to some types of attacks. In this paper, we propose a novel attack framework, Anti-Intrusion Detection AutoEncoder (AIDAE), to generate features to disable the IDS. In the proposed framework, an encoder transforms features into a latent space, and multiple decoders reconstruct the continuous and discrete features, respectively. Additionally, a generative adversarial network is used to learn the flexible prior distribution of the latent space. The correlation between continuous and discrete features can be kept by using the proposed training scheme. Experiments conducted on NSL-KDD, UNSW-NB15, and CICIDS2017 datasets show that the generated features indeed degrade the detection performance of existing IDSs dramatically.     

DoS攻击下网络化控制系统基于观测器的记忆型事件触发预测控制

本文研究了DoS攻击下网络化控制系统记忆型事件触发预测补偿控制问题. 首先, 由于网络带宽资源有限 和系统状态不完全可观测性, 引入了记忆型事件触发函数, 为观测器提供离散事件触发传输方案. 然后, 分析了网络 传输通道上发生的DoS攻击. 结合上述记忆型事件触发方案, 在控制节点设计一类新颖的预测控制算法, 节省网络 带宽资源并主动补偿DoS攻击. 同时, 建立了基于观测器的记忆型事件触发预测控制的闭环系统, 并且分析稳定性. 通过线性矩阵不等式(LMI)和Lyapunov稳定性理论, 建立了控制器、观测器和记忆型事件触发矩阵的联合设计方案, 并验证了该方案的可行性. 仿真结果表明, 该方案结合记忆型事件触发机制可以有效补偿DoS攻击, 节约网络带宽 资源.     

Kernel-based template attacks of cryptographic circuits using static power

Side-channel attacks using static power have been shown to be successful against cryptographic circuits in different environments. This class of attacks exploits the power leakage when the circuit is in a static state, during which the power leakage is expected to be a fixed value. Due to the low signal-to-noise ratio of static power, usually more traces are needed for a static power attack to reach the same success rate as a dynamic power attack. The probabilistic distribution pattern of static power varies significantly in different devices, which further poses challenges to the accurate modeling of static power. In this paper we propose non-parametric template attacks which use a kernel methodology to improve the accuracy of modeling static power consumption. The proposed template attacks are tested using transistor-level simulations of circuits designed with a 45-nm standard cell library. Our test results show that our approach improves the success rate of template attacks using static power in cases where the distribution of static power consumption cannot be accurately modeled by Gaussian models.     

基于公私属性的多授权中心加密方案

基于属性的加密方法可以简化云计算环境中的密钥管理和访问控制问题,是适用于云环境的加密方案。文中提出了一种基于公私属性的多授权中心加密方案。该方案将属性分为公有属性和私有属性,将用户的角色权限信息等作为用户的公有属性,将用户登录密码、设备上的标识码等作为用户的私有属性。利用公有属性实现访问控制,在云服务器上安全地共享数据;利用私有属性实现信息流的安全控制,确保只有特定用户在特定设备上使用数据。提出的方案可以实现密钥追踪和属性撤销,基于私有属性的加密还可以实现抗合谋攻击。     

基于进化博弈论的工业无线传感网能耗攻防研究

无线传感器节点由于部署、维护简单易行被广泛应用在工业网络中,并形成了工业无线传感器网络(Industrial Wireless Sensor Network,IWSN).针对在工业控制网络中的能量耗尽攻击的内部机理进行了详尽的分析,提出了基于进化博弈理论的能量耗尽攻防模型,将各个博弈方的收益函数定义为信誉值的函数,从而通过收益函数来约束博弈方的行为,并在理论上证明了该博弈的进化稳定策略的存在性.选取了策略选择概率作为算法的评价指标,设计并实施了大量仿真实验对算法进行验证.实验结果表明无论博弈双方的初始策略集概率分布如何,最终能达到有效防止能耗攻击的目的.     

机器学习中成员推理攻击和防御研究综述

机器学习被广泛应用于各个领域, 已成为推动各行业革命的强大动力, 极大促进了人工智能的繁荣与发展。同时, 机器学习模型的训练和预测均需要大量数据, 而这些数据可能包含隐私信息, 导致其隐私安全面临严峻挑战。成员推理攻击主要通过推测一个数据样本是否被用于训练目标模型来破坏数据隐私, 其不仅可以破坏多种机器学习模型(如, 分类模型和生成模型)的数据隐私, 而且其隐私泄露也渗透到图像分类、语音识别、自然语言处理、计算机视觉等领域, 这对机器学习的长远发展产生了极大的安全威胁。因此, 为了提高机器学习模型对成员推理攻击的安全性, 本文从机器学习隐私安全攻防角度, 全面系统性分析和总结了成员推理攻击和防御的基本原理和特点。首先, 介绍了成员推理攻击的定义、威胁模型, 并从攻击原理、攻击场景、背景知识、攻击的目标模型、攻击领域、攻击数据集大小六个方面对成员推理攻击进行分类, 比较不同攻击的优缺点; 然后, 从目标模型的训练数据、模型类型以及模型的过拟合程度三个角度分析成员推理攻击存在原因, 并从差分隐私、正则化、数据增强、模型堆叠、早停、信任分数掩蔽和知识蒸馏七个层面对比分析不同防御措施; 接着, 归纳总结了成员推理攻击和防御常用的评估指标和数据集, 以及其在其他方面的应用。最后, 通过对比分析已有成员推理攻击和防御的优缺点, 对其面临的挑战和未来研究方向进行了展望。     

Efficient chosen ciphertext secure key encapsulation mechanism in standard model over ideal lattices

Key encapsulation mechanism (KEM) is an important key distribution mechanism that not only allows both sender and receiver to safely share a random session key, but also can be mainly applied to construct a hybrid public key encryption scheme. In this paper, we give an positive answer to the question of if it is possible to build an efficient KEM over lattices. More precisely, we design an efficient KEM scheme in standard model based on ideal lattices. We prove that the proposed scheme captures indistinguishability against active chosen ciphertext attacks (IND-CCA) under the ring learning with errors problem, or more formally, IND-CCA security. Compared with the current CCA secure KEM schemes based on lattices in the standard model, our scheme has shorter public key, secret key and encapsulation ciphertext. In addition, our KEM scheme realizes IND-CCA security in the standard model.     

防窃听攻击的安全网络编码*

现有的防窃听安全网络编码的研究中,所采用的方法主要有信息论和密码学方法。按照所采用方法的不同,从两方面对现有的防窃听安全网络编码研究中的主要工作进行总结,进而从三个角度对现有的方法进行了分析和比较,对现有方法的优缺点进行了阐述。