Wen-yuan LIU,Gang WEI,Ya-li SI

DOI: https://doi.org/10.3969/j.issn.1001-3695.2012.05.026

2012-01-01

Abstract:At this stage,the process of electronic commerce protocol formal analysis is chaotic;description have low versatility and accuracy,usually has some unreasonable assumptions.This paper presented a model—knowledge and faith model—used modern theory of morden modal logic according to knowledge and faith.The model contained the security environment,knowledge sets,faith sets,capability set,the tangent point and toknowledge.The model put forward a good solution to those problems,could formal descript different electronic commerce protocols precisely,and provided a support for different analysis method.

Haixiao Chi,Yiwei Lu,Beishui Liao,Liaosa Xu,Yaqi Liu

DOI: https://doi.org/10.1109/mis.2021.3071751

IF: 6.744

2021-01-01

IEEE Intelligent Systems

Abstract:Since the existing machine-learning-based approaches for fraud detection are incapable of providing explanations, we propose a fraud detection method based on quantitative argumentation, which is intrinsically interpretable. First, we construct an argumentative tree by combining human-level knowledge and the knowledge learned from data. Second, we extend the existing quantitative argumentation debates (QuAD) frameworks by adding correlation strength between arguments and exploit the particle swarm optimization algorithm (PSO) to identify the correlation strength between arguments. Third, the performance of the new method is investigated by an empirical study, using the data from Ant Financial, the Alibaba Group's financial services provider. The results show that the new method has better performance than the existing DF-QuAD algorithm and is competitive with other machine learning methods, including Xgboost, ANN, SVM, and LR.

Clark Thomborson,Gerald Weber

2001-01-01

Abstract:Despite the flourishing research on formal modeling and analysis of privacy and authentication issues in E-commerce, little research concentrates on the possible security risk due to business logic specification. In E-commerce systems, an aspect of this logic is to promise fairness. As the feature ensuring parties conduct their business to their mutual moral standards, fairness is one of the paramount features for E-commerce payment systems. In this case study of the AARN payment system, we apply form-oriented analysis to formally model the simple business logic behind this way of arranging payment. The model solves a fair exchange issue for security purposes at the business logic level, which changes further design and implementation for the payment system. It is the first time that Data Type Interchange Model diagram and other models in form-oriented analysis method have been applied in security analysis. This form-oriented analysis method helps designers not only on security analysis, but also on understanding and communication between business experts and software designers.

Qingkai Shi,Xiangzhe Xu,Xiangyu Zhang

2024-07-01

Abstract:Reverse engineering of protocol message formats is critical for many security applications. Mainstream techniques use dynamic analysis and inherit its low-coverage problem -- the inferred message formats only reflect the features of their inputs. To achieve high coverage, we choose to use static analysis to infer message formats from the implementation of protocol parsers. In this work, we focus on a class of extremely challenging protocols whose formats are described via constraint-enhanced regular expressions and parsed using finite-state machines. Such state machines are often implemented as complicated parsing loops, which are inherently difficult to analyze via conventional static analysis. Our new technique extracts a state machine by regarding each loop iteration as a state and the dependency between loop iterations as state transitions. To achieve high, i.e., path-sensitive, precision but avoid path explosion, the analysis is controlled to merge as many paths as possible based on carefully-designed rules. The evaluation results show that we can infer a state machine and, thus, the message formats, in five minutes with over 90% precision and recall, far better than state of the art. We also applied the state machines to enhance protocol fuzzers, which are improved by 20% to 230% in terms of coverage and detect ten more zero-days compared to baselines.

Cryptography and Security,Programming Languages,Software Engineering

Yi Tang,Tianfan Xue,Junchen Jiang,Bin Liu

DOI: https://doi.org/10.1109/ICC.2010.5501976

2010-01-01

Abstract:There is an increasing demand for network devices to perform deep packet inspection (DPI) to enhance network security. In DPI the packet payload is compared against a set of predefined patterns which can be specified using regular expressions (regexes). It is well-known that mapping regexes to deterministic finite automata (DFA) will suffer from the state explosion problem. Through observation, we attribute DFA explosion to the necessity of remembering matching history. In this paper, we investigate how to record the matching history efficiently and propose an extended DFA approach for regex matching called fcq-FA, which can make a memory size reduction of about 1000 times with a fully automated approach. In fcq-FA, we use pipeline queues and counters to help recording the matching history. Hence, state explosion caused by Kleene closure and repetitions can be definitely avoided. Further, it achieves a fully automated signature compilation with polynomial running time and space.

Ting Shu,Shouqian Sun,HaiNing Wang

DOI: https://doi.org/10.1109/CAIDCD.2009.5374861

2009-01-01

Abstract:The existence of predicate and conditional statements of the protocol transition specified in EFSM model results in the generation of infeasible State Identification Sequence using traditional methods. Thus, how to automatically generate executable State Identification Sequences, in an efficient and effective way, becomes the critical issue for protocol conformance testing. In this paper, we present a novel method of executable state identification sequence generation used to preferably solve the executability problem of state identification sequences. Specifically, in terms of an executable analysis tree (EAT), the proposed method can ensure the executability of the generated state identification sequence. In a specific state identification scene, we can use a state projection subspace to simplify, the state identification work. At last, an example was performed to show that the new method is how to work effectively.

Hongli Yang,Liang Zhou,Kang He,Chen Deng,Xiangpeng Zhao,Zongyan Qiu

DOI: https://doi.org/10.1109/QSIC.2010.39

2010-01-01

Abstract:Dynamic routing protocol involves the purchase order management among six participants which cooperate by multiple service interactions. Due to the complexities of interactions, it is important to check if the protocol will be stuck due to the fact that some required channels are not available (i.e. channel-absence) when an interaction is executed. Moreover, the quality of service (QoS) of the protocol is also important to decide the success of the purchase order business. In order to model checking the functional and non-functional properties of this protocol, this paper uses Web service choreography language Chor_r to describe the protocol. Since Chor_r is annotated with execution rate for each interaction, we can translate Chor_r into the input language of the probabilistic model checker PRISM for stochastic analysis of the protocol.

Yang Xu,Junchen Jiang,Yang Song,Tang Jiang,H Jonothan Chao

2010-01-01

Abstract:Deterministic Finite Automatons (DFAs) and ondeterministic Finite Automatons (FAs) are two typical automatons used in etwork Intrusion Detection System (IDS). Although they both perform regular expression matching, they have quite different performance and memory usage properties. DFAs provide fast and deterministic matching performance, but suffer from the well-known state explosion problem. FAs are compact, but their matching performance is non-deterministic and difficult to bound. In this paper, we propose a new automaton representation of regular expressions, called i-DFA, to resolve DFAs’ state explosion problem. Different from a DFA, which has only one active state, an i-DFA allows multiple concurrent active states. Thus, the total number of states required to track real-time matching information is much smaller than that required by the DFA. Different from an FA, an i-DFA can guarantee the number …

Jie Tang,Juan-zi Li,Ke-Hong Wang,Yue-ru Cai

DOI: https://doi.org/10.1007/978-3-540-24680-0_55

2004-01-01

Abstract:Atomicity and anonymity are two important attributes for electronic commerce, especially in payment systems. Atomicity guarantees justice and coincidence for each participant. However traditional atomicity either bias to SELLER or CUSTOMER. Anonymity is also intractable, unanonymous or anonymity both leads to dissatisfying ending. Therefore, it is important to design a system in which satisfying atomicity and revocable anonymity are both enabled. In this paper, based on AFAP(Atomic and Fair Anonymous Protocol), we propose an approach to realize satisfying atomicity. In this method, not only SELLER's satisfying atomicity but also CUSTOMER's satisfying atomicity is supported. At the same time, based on Brands' fair signature model, this method satisfies both anonymity and owner-trace or money-trace.

Yi Tang,Junchen Jiang,Chengchen Hu,Bin Liu

DOI: https://doi.org/10.1007/s10922-010-9179-4

2011-01-01

Journal of Network and Systems Management

Abstract:There is an increasing demand for network devices to perform deep packet inspection (DPI) in order to enhance network security. In DPI, the packet payload is compared against a set of predefined patterns that can be specified using regular expressions (regexes). It is well-known that mapping regexes to deterministic finite automaton (DFA) may suffer from the state explosion problem. Through observation, we attribute DFA explosion to the necessity of remembering matching history. In this paper, we investigate how to manage matching history efficiently and propose an extended DFA approach for regex matching called fcq-FA, which can make a memory size reduction of about 1,000 times with a fully automated approach. In fcq-FA, we use pipeline queues and counters to help record the matching history. Hence, state explosion caused by Kleene closure and length restriction can be completely avoided. Furthermore, it achieves a fully automated signature compilation with polynomial running time and space. The equivalence between fcq-FA and the traditional DFA is guaranteed by a strict theoretical proof, which means fcq-FA can process all the regexes supported by the traditional DFA.

Bao-wen WANG,Bei LU,Ya-li SI,Wen-yuan LIU

DOI: https://doi.org/10.3969/j.issn.1000-1220.2013.11.036

2013-01-01

Abstract:An E-Commerce protocols analysis method based on Colored Petri Nets is proposed which has improved the timeliness disadvantage of the existing CPN methods. This method can analyze three important security properties which are accountability,fairness,and timeliness. Status color sets which represent whether an entity successfully receives another entity' s messages or not and timeliness color sets which represent the entity's self-defined time factor are established. Full consideration of timeliness is given when analyzing fairness in order to make the analysis results more accurate and effective. KZG protocol is taken as an example and a hierarchical Colored Petri Net model is established. CPN Tools are used to simulate the protocol and state space analysis and query functions are taken to analyze it. At the same time,the method we proposed has been proven to be correct and effective.

Yi Tang,Junchen Jiang,Xiaofei Wang,Yi Wang,Bin Liu

DOI: https://doi.org/10.1109/glocom.2010.5683142

2010-01-01

Abstract:Regular expression (Regex) becomes the standard signature language for security and application detection. Deterministic finite automata (DFAs) are widely used to perform regex matching in linear time. Previously researches mostly focus on how to compress DFA to reduce memory requirements in recent years. However, memory requirement is not the only problem caused by DFA explosion when implementation DFA matching system. In this paper, we propose a new issue in DFA matching procedure. We notice that the DFA produced from regex never considers the physical locality of logical neighbor, which results in a low cache hit rate when using cache as matching accelerator. This problem becomes severe for current increasingly complex security regex which producing huge DFA with nearly no locality in physical location. We propose to solve this problem through reordering the state number of existing DFA and further put forward two methods on reordering DFA from different viewpoints. In our algorithms, we achieve more than twice cache hit rate compared with traditional method. Moreover, our methods will not affect the existing matching system. Hence, all the cache hit rate improvement is achieved without any cost in wire speed matching.

WEI Zhen,LU Yang,TANG Jun,BAO Hong-jie

DOI: https://doi.org/10.3321/j.issn:0372-2112.2009.05.019

2009-01-01

Abstract:Flat shunting is a type of discrete event systems in the process of railway dispatching.It is very important that software of any flat shunting system have high reliability and high testability for ensuring transportation safety.For that goal,it is necessary to build a kind of regular design methods for software of flat shunting systems.In this paper,the complexity of event driving in the process of flat shunting and the limitation of description with natural language are analyzed.Therefore new descriptions of some processes in a flat shunting system with automaton models are proposed.In detail,the relationships between a flat shunting system and timed automata(TA),pushdown automata(PDA) and the structure of layered automata are discussed.On the basis of explaining the partition of states,the data structure and the flow of state transition,a design method of flat shunting systems based on automaton models is built.

CHEN Qiang,HUANG Lian-sheng,ZHAO Xiu-wen

DOI: https://doi.org/10.3969/j.issn.1001-3695.2006.06.033

2006-01-01

Abstract:This paper presents a combined analysis method for security protocols.By specifying security protocols using Common Authentication Protocol Specification Language,then convert CAPSL specification into formal inputs for other analysis tools by connector.This method can utilize the advantage of various analysis tools and ensure the accuracy of formal analysis.Meanwhile,it is convenient for analyzer.We design two CAPSL connector and give an instance.

GUO Wei,WU Jiangxing,ZHANG Fan,SHEN Jianliang

DOI: https://doi.org/10.19363/j.cnki.cn10-1380/tn.2016.04.003

2016-01-01

Abstract:The incompletion of current automata model for system state expression and the singleness of angle on mod-eling cannot meet the requirement for characterization of cyberspace attack and defense. To address the problem, this pa-per proposes an angle-variable Zooming Finite Automaton (ZFA) structure. In ZFA, a complete set of parameters is used to identify the status of the state, and the observation coefficient it set up to enhance the ability of system analysis in a multi angle. The cyberspace attack and defense model and the security performance analysis method are given by means of the ZFA structure. The analysis reveals the natural disadvantage of the traditional security methods and the limitations of the moving target defense technology. Finally, the core components of the Cyberspace Mimic Defense (CMD) theory--ex-ecutive isomer architecture is discussed, and theoretically proved that the super linear growth of uncertainty can be ob-tained by construction at“Multi parameter”.

Xiaokai Xia,Jing Shi,Zhiqiang Fan,Zhongliang Ai,Yancen Dong

DOI: https://doi.org/10.1109/syscon.2016.7490554

2016-01-01

Abstract:In the model driven system engineering, architecture plays an important role in the quality of the developed complex system. In some extend, the quality of the architecture determines the developed system's quality. The system's architecture is usually described from different views, including static views and dynamic views, like DoDAF (Department of Defense Architecture). Then how to ensure the consistency of the models from different views becomes a great challenge. This paper proposes a predicate logic based approach for checking the consistency of the system models described by UML models. The case study of the consistency checking of the class diagram and state machine diagram models of a flight control system shows the feasibility and effectiveness of the proposed approach.

Haiyang Wei,Zhengjie Du,Haohui Huang,Yue Liu,Guang Cheng,Linzhang Wang,Bing Mao

DOI: https://doi.org/10.48550/arxiv.2405.00393

2024-01-01

Abstract:State machines play a pivotal role in augmenting the efficacy of protocolanalyzing to unveil more vulnerabilities. However, the task of inferring statemachines from network protocol implementations presents significant challenges.Traditional methods based on dynamic analysis often overlook crucial statetransitions due to limited coverage, while static analysis faces difficultieswith complex code structures and behaviors. To address these limitations, wepropose an innovative state machine inference approach powered by LargeLanguage Models (LLMs). Utilizing text-embedding technology, this method allowsLLMs to dissect and analyze the intricacies of protocol implementation code.Through targeted prompt engineering, we systematically identify and infer theunderlying state machines. Our evaluation across six protocol implementationsdemonstrates the method's high efficacy, achieving an accuracy rate exceeding90implementations of the same protocol. Importantly, integrating this approachwith protocol fuzzing has notably enhanced AFLNet's code coverage by 10RFCNLP, showcasing the considerable potential of LLMs in advancing networkprotocol security analysis. Our proposed method not only marks a significantstep forward in accurate state machine inference but also opens new avenues forimproving the security and reliability of protocol implementations.

Junchen Jiang,Yang Xu,Tian Pan,Yi Tang,Bin Liu

DOI: https://doi.org/10.1109/icc.2010.5501973

2010-01-01

Abstract:In Network Intrusion Detection System, De-terministic Finite Automaton (DFA) is widely used to compare packet content at a constant speed against a set of patterns specified in regular expressions (regex patterns). However, combining many regex patterns into a single DFA causes a serious state explosion. Partitioning the pat-tern set into several subsets, each of which produces a small DFA, is a practical way to deflate the state explosion. In this paper, we propose a regex pattern grouping scheme based on a new DFA model called Pattern-Based DFA (P-DFA) which supports efficient pattern-based op-erations, such as insertion, deletion, and etc. By using these basic operations, one can easily measure the state explo-sion when combining a set of regex patterns into a single DFA. Based on the privilege, we develop regex grouping algorithms for mitigating the state explosion in parallel and sequential matching environments, respectively. The evaluation shows that under the same constraints, our ap-proach requires only half the number of groups compared with the most well-known algorithms.

Yafeng Yin,Lei Xie,Sanglu Lu,Daoxu Chen

DOI: https://doi.org/10.1109/icccn.2013.6614129

2013-01-01

Abstract:With the rapid proliferation of RFID technologies, RFID has been introduced to the applications like safety inspection and warehouse management. Conventionally a number of deployment rules are specified for these applications. This paper studies a practically important problem of rule checking over a large set of RFID tags, i.e., checking whether the specified rules are satisfied according to the RFID tags within the monitoring area. This rule checking function may need to be executed frequently over a large number of tags and therefore should be made efficient in terms of execution time. Aiming to achieve time efficiency, we propose two efficient protocols based on the collision detection and the logical features of rules, respectively. Simulation results indicate that our protocols achieve much better performance than other solutions in terms of time efficiency.

LI Juan-Zi,TANG Jie,WANG Ke-Hong

DOI: https://doi.org/10.3969/j.issn.1002-137X.2005.08.036

2005-01-01

Computer Science

Abstract:Although the ontology languages like OWL include a relatively rich set of class constructors, it provides much weaker constructors for roles. One way to overcome this expressive limitation of OWL would be to extend it with rules. Motik presented a decidable combination of SHIQ(D)with rules, where decidability is due to restricting the rules to so-called DL-safe ones. In the paper, an approach for extracting new DL-safe rules is proposed. The approach makes use of the disjunctive constructor in SHIQ(D)to satisfy some kinds of rules with disjunction in their antecedents. And the new rules are DL-safe ones too.