ID-based threshold decryption secure against adaptive chosen-ciphertext attack

This paper proposes an identity-based threshold decryption scheme IB-ThDec and reduces its security to the Bilinear Diffie-Hellman problem. Compared with previous work, this conceals two pairing computations in the ciphertext validity verification procedure. The formal proof of security of this scheme is provided in the random oracle model. Additionally, we show that IB-ThDec can be applied to the threshold key escrow and the mediated cryptosystems.     

房地产开发企业会计核算问题探讨

本文就房地产开发企业会计核算的现状及特点进行了分析,并提出了完善房地产开发企业会计核算规范的对策。     

电子邮件目录收割攻击的防御

为了更好地解决垃圾邮件的问题,提高对垃圾邮件的防御效果,本文从造成垃圾邮件的其中一个原因———子邮件目录收割攻击(DHA)入手,通过对DHA攻击原理的分析,提出基于黑名单同时以邮件地址阈值和IP地址阈值为锁定条件的防御策略,并在攻击资源有限的条件下对防御策略进行模拟测试。分析结果表明该防御策略能对DHA进行有效的防御,同时得出防御策略中的过滤阈值和锁定时间的设置是防御DHA的关键点。     

网络攻击过程剖析

了解网络攻击的过程,有利于用户采取适当的防护措施,减少受到攻击的可能性。本文描述并分析网络攻击过程的三个阶段,以及各个阶段所采取的不同方法。     

基于卡尔曼滤波的电力虚假数据注入攻击检测方法

能源互联网的主体是基于状态估计下的电力系统。虚假数据注入攻击（FDIA）通过恶意篡改或注入电力数据,进而引发错误的状态估计结果。这种攻击方式存在引发大面积停电事故的风险,严重影响能源互联网的正常运行。在matpower 4.0中的IEEE-14节点系统上,利用以残差方程为基础的标准残差检测法和目标函数极值法,对FDIA进行了检测实验。提出了一种基于卡尔曼滤波的FDIA检测方法,并在MATLAB上进行了验证。实验结果表明,该方法可以在短时间内发现FDIA的发生。     

基于改进自注意力机制生成对抗网络的智能电网GPS欺骗攻击防御方法

为了避免全球定位系统欺骗攻击(GSA)对相量测量装置造成的危害,提出了一种基于改进自注意力机制生成对抗网络(SAGAN)的智能电网GSA防御方法.首先,通过引入深度学习参数,构建了改进网络-物理模型,利用历史数据计算得到当前时刻的量测值.然后,在SAGAN的生成器和判别器网络中分别融入一个时间注意力模块,提出了一种用于实现网络-物理模型的改进SAGAN防御方法.通过训练改进SAGAN,得到一对判别器和生成器,利用判别器检测采集的量测值是否遭受GSA,当检测到攻击时,利用生成器生成的数据替换欺骗数据,从而实现智能电网对GSA的主动防御.最后,基于IEEE 14节点和IEEE 118节点系统进行仿真测试,结果验证了所提方法的可行性和有效性.     

几种添加剂对模型石膏性能的影响

研究了N型减水剂、硅溶胶等添加剂对模型石膏凝结时间、强度、吸水率、溶蚀率等性能的影响,并确定了有关性能与添加量之间的关系,得出了最佳添加量。     

Long-term performance of cement paste during combined calcium leaching-sulfate attack: kinetics and size effect

This paper presents experimental results obtained on cement paste samples (water/cement ratio of 0.4) subjected to a low-concentration (15 mmol/l) external sulfate attack during several weeks. Chemical and microstructural analyses include the continuous monitoring of calcium loss and sulfate consumption within the cement paste, periodic layer by layer X-ray diffraction (XRD)/energy-dispersive spectrometer (EDS) analyses of the solid constituents of the cement matrix (ettringite, portlandite, gypsum) within the calcium-depleted part of the samples. Scanning electron microscopy (SEM) and visual observations are used to follow the crack pattern evolution during the external sulfate attack. The relation between the size of the specimen and crack initiation/development is investigated experimentally by performing tests on samples with different thickness/diameter ratios.     

Data-mining based SQL injection attack detection using internal query trees

Detecting SQL injection attacks (SQLIAs) is becoming increasingly important in database-driven web sites. Until now, most of the studies on SQLIA detection have focused on the structured query language (SQL) structure at the application level. Unfortunately, this approach inevitably fails to detect those attacks that use already stored procedure and data within the database system. In this paper, we propose a framework to detect SQLIAs at database level by using SVM classification and various kernel functions. The key issue of SQLIA detection framework is how to represent the internal query tree collected from database log suitable for SVM classification algorithm in order to acquire good performance in detecting SQLIAs. To solve the issue, we first propose a novel method to convert the query tree into an n-dimensional feature vector by using a multi-dimensional sequence as an intermediate representation. The reason that it is difficult to directly convert the query tree into an n-dimensional feature vector is the complexity and variability of the query tree structure. Second, we propose a method to extract the syntactic features, as well as the semantic features when generating feature vector. Third, we propose a method to transform string feature values into numeric feature values, combining multiple statistical models. The combined model maps one string value to one numeric value by containing the multiple characteristic of each string value. In order to demonstrate the feasibility of our proposals in practical environments, we implement the SQLIA detection system based on PostgreSQL, a popular open source database system, and we perform experiments. The experimental results using the internal query trees of PostgreSQL validate that our proposal is effective in detecting SQLIAs, with at least 99.6% of the probability that the probability for malicious queries to be correctly predicted as SQLIA is greater than the probability for normal queries to be incorrectly predicted as SQLIA. Finally, we perform additional experiments to compare our proposal with syntax-focused feature extraction and single statistical model based on feature transformation. The experimental results show that our proposal significantly increases the probability of correctly detecting SQLIAs for various SQL statements, when compared to the previous methods.     

基于FPGA实现AES的侧信道碰撞攻击

为了解决攻击点在能量迹中具体位置的识别问题,在对侧信道碰撞攻击技术研究的基础上,提出了通过计算能量迹中每个采样点的方差来识别攻击点的方差检查技术。并利用基于相关系数的碰撞检测方法,对一种AES的FPGA实现实施了攻击。实验结果表明,方差检查技术可以有效地识别攻击点在能量迹中的具体位置。