剖析缓冲区溢出攻击

本文从程序设计语言的特征、程序编写、数据结构以及程序执行控制等多个角度对缓冲区溢出漏洞攻击的原理进行深入剖析,最后提出了遏制利用缓冲区溢出漏洞进行攻击的一些措施。     

浅析ARP攻击及其防御方法

本文分析了ARP协议工作原理、攻击原理,并提出了ARP攻击的防御方法.     

蓄意流量攻击下基于确定网络演算的互联电网自适应负荷频率控制策略

蓄意流量攻击通过抢占有限的网络带宽降低正常数据流的时效性。对于网络化负荷频率控制(load frequency control, LFC),流量攻击将造成稳定裕度下降、频率偏差幅度上升甚至越限事故。现有控制方案一般采用单一且固定的控制器保证最大攻击强度下的渐进稳定性,存在设计约束多、保守性大的缺点。因此提出了一种跟随攻击强度自适应调整控制器增益的LFC策略。首先,基于确定性网络演算,得到了无攻击场景下数据流传输延时上边界,并预设了一系列表征不同攻击强度的传输延时范围。其次,通过构造Lyapunov泛函,推导了针对每个攻击强度的控制器设计准则。最后,基于切换控制理论,确定了所提自适应方案所能容忍的最大攻击强度变化频率。仿真表明,与现有控制方案相比,所提方法的频率偏差幅度可下降12.60%,区域控制误差的绝对值误差积分可下降10.85%。     

A survey on privacy inference attacks and defenses in cloud-based Deep Neural Network

Deep Neural Network (DNN), one of the most powerful machine learning algorithms, is increasingly leveraged to overcome the bottleneck of effectively exploring and analyzing massive data to boost advanced scientific development. It is not a surprise that cloud computing providers offer the cloud-based DNN as an out-of-the-box service. Though there are some benefits from the cloud-based DNN, the interaction mechanism among two or multiple entities in the cloud inevitably induces new privacy risks. This survey presents the most recent findings of privacy attacks and defenses appeared in cloud-based neural network services. We systematically and thoroughly review privacy attacks and defenses in the pipeline of cloud-based DNN service, i.e., data manipulation, training, and prediction. In particular, a new theory, called cloud-based ML privacy game, is extracted from the recently published literature to provide a deep understanding of state-of-the-art research. Finally, the challenges and future work are presented to help researchers to continue to push forward the competitions between privacy attackers and defenders.     

Chosen plaintext attack on JPEG image encryption with adaptive key and run consistency

A JPEG image encryption with the adaptive key and run consistency of MCUs is proposed. The chosen-plaintext attack (CPA) is given here on this encryption scheme. First, the adaptive key can be reproduced from the encrypted image, so that the plaintext images with the same adaptive key can be constructed. Second, the existence of run consistency of MCUs (RCM) between the original image and the encrypted image facilitates rapid estimation. In addition, the single swap for the runs of MCUs with RCM is designed for more accurate estimation. Detailed cryptanalytic results suggest that this encryption scheme can only be used to realize perceptual encryption but not to provide content protection for digital images. Furthermore, applications of the CPA to break other encryption schemes with RCM are presented.     

Alpha Fusion Adversarial Attack Analysis Using Deep Learning

The deep learning model encompasses a powerful learning ability that integrates the feature extraction, and classification method to improve accuracy. Convolutional Neural Networks (CNN) perform well in machine learning and image processing tasks like segmentation, classification, detection, identification, etc. The CNN models are still sensitive to noise and attack. The smallest change in training images as in an adversarial attack can greatly decrease the accuracy of the CNN model. This paper presents an alpha fusion attack analysis and generates defense against adversarial attacks. The proposed work is divided into three phases: firstly, an MLSTM-based CNN classification model is developed for classifying COVID-CT images. Secondly, an alpha fusion attack is generated to fool the classification model. The alpha fusion attack is tested in the last phase on a modified LSTM-based CNN (CNN-MLSTM) model and other pre-trained models. The results of CNN models show that the accuracy of these models dropped greatly after the alpha-fusion attack. The highest F1 score before the attack was achieved is 97.45 And after the attack lowest F1 score recorded is 22%. Results elucidate the performance in terms of accuracy, precision, F1 score and Recall.     

可信执行环境软件侧信道攻击研究综述

为保护计算设备中安全敏感程序运行环境的安全,研究人员提出了可信执行环境(TEE)技术,通过对硬件和软件进行隔离为安全敏感程序提供一个与通用计算环境隔离的安全运行环境.侧信道攻击从传统的需要昂贵设备发展到现在仅基于微体系结构状态就能通过软件方式获取机密信息的访问模式,从而进一步推测出机密信息.TEE架构仅提供隔离机制,无法抵抗这类新出现的软件侧信道攻击.深入调研了ARM TrustZone、Intel SGX和AMD SEV这3种TEE架构的软件侧信道攻击及相应防御措施,并探讨其攻击和防御机制的发展趋势.首先,介绍了ARM TrustZone、Intel SGX和AMD SEV的基本原理,并详细阐述了软件侧信道攻击的定义以及缓存侧信道攻击的分类、方法和步骤;之后从处理器指令执行的角度,提出一种TEE攻击面分类方法,利用该方法对TEE软件侧信道攻击进行分类,并阐述了软件侧信道攻击与其他攻击相结合的组合攻击;然后详细讨论TEE软件侧信道攻击的威胁模型;最后全面总结业界对TEE软件侧信道攻击的防御措施,并从攻击和防御两方面探讨TEE软件侧信道攻击未来的研究趋势.     

隐蔽图像后门攻击

目的 图像后门攻击是一种经典的对抗性攻击形式,后门攻击使被攻击的深度模型在正常情况下表现良好,而当隐藏的后门被预设的触发器激活时就会出现恶性结果。现有的后门攻击开始转向为有毒样本分配干净标签或在有毒数据中隐蔽触发器以对抗人类检查,但这些方法在视觉监督下很难同时具备这两种安全特性,并且它们的触发器可以很容易地通过统计分析检测出来。因此,提出了一种隐蔽有效的图像后门攻击方法。方法 首先通过信息隐藏技术隐蔽图像后门触发,使标签正确的中毒图像样本(标签不可感知性)和相应的干净图像样本看起来几乎相同(图像不可感知性)。其次,设计了一种全新的后门攻击范式,其中毒的源图像类别同时也是目标类。提出的后门攻击方法不仅视觉上是隐蔽的,同时能抵御经典的后门防御方法(统计不可感知性)。结果 为了验证方法的有效性与隐蔽性,在ImageN et、MNIST、CIFAR-10数据集上与其他3种方法进行了对比实验。实验结果表明,在3个数据集上,原始干净样本分类准确率下降均不到1%,中毒样本分类准确率都超过94%,并具备最好的图像视觉效果。另外,验证了所提出的触发器临时注入的任意图像样本都可以发起有效的后门攻击。结论 ...     

Kinematic Control of Serial Manipulators Under False Data Injection Attack

With advanced communication technologies, cyber-physical systems such as networked industrial control systems can be monitored and controlled by a remote control center via communication networks. While lots of benefits can be achieved with such a configuration, it also brings the concern of cyber attacks to the industrial control systems, such as networked manipulators that are widely adopted in industrial automation. For such systems, a false data injection attack on a control-center-to-manipulator (CC-M) communication channel is undesirable, and has negative effects on the manufacture quality. In this paper, we propose a resilient remote kinematic control method for serial manipulators undergoing a false data injection attack by leveraging the kinematic model. Theoretical analysis shows that the proposed method can guarantee asymptotic convergence of the regulation error to zero in the presence of a type of false data injection attack. The efficacy of the proposed method is validated via simulations.      

应用引导积分梯度的对抗样本生成

给图片添加特定扰动可以生成对抗样本, 误导深度神经网络输出错误结果, 更加强力的攻击方法可以促进网络模型安全性和鲁棒性的研究. 攻击方法分为白盒攻击和黑盒攻击, 对抗样本的迁移性可以借已知模型生成结果来攻击其他黑盒模型. 基于直线积分梯度的攻击TAIG-S可以生成具有较强迁移性的样本, 但是在直线路径中会受噪声影响, 叠加与预测结果无关的像素梯度, 影响了攻击成功率. 所提出的Guided-TAIG方法引入引导积分梯度, 在每一段积分路径计算上采用自适应调整的方式, 纠正绝对值较低的部分像素值, 并且在一定区间内寻找下一步的起点, 规避了无意义的梯度噪声累积. 基于ImageNet数据集上的实验表明, Guided-TAIG在CNN和Transformer架构模型上的白盒攻击性能均优于FGSM、C&W、TAIG-S等方法, 并且制作的扰动更小, 黑盒模式下迁移攻击性能更强, 表明了所提方法的有效性.