Jin Yang,Cilin Wang,Le Yu,Caiming Liu,Lingxi Peng

DOI: https://doi.org/10.1007/978-3-642-34041-3_68

2012-01-01

Abstract:Cloud computing is an important innovation in the current computing model. The critical problem of cloud computing faced at present is the security issue. In the current network environment, that relying on a single terminal to check the Trojan virus is considered increasingly unreliable. Based on the correspondence between the artificial immune system antibody and pathogen invasion intensity, this paper is to establish a real-time network risk evaluation model in cloud computing. This paper builds a hierarchical, quantitative measurement indicator system, and a unified evaluation information base and knowledge base. The paper also combines assets evaluation system and network integration evaluation system, considering from the application layer, the host layer, network layer may be factors that affect the network risks. The experimental results show that the new model improves the ability of intrusion detection and prevention than that of the traditional intrusion prevention systems.

Sun Bin,Wang Yongjie

DOI: https://doi.org/10.1088/1742-6596/1982/1/012204

2021-07-01

Journal of Physics: Conference Series

Abstract:Abstract The development of network technology has changed the traditional network application mode to coordinate all kinds of data and resources effectively. It brings about the improvement of computer computing ability, data processing ability and storage ability, and offers users a new and optimized usage experience by improving the ability of computer network service. However, the construction of cloud computing technology environment also causes people to worry about the network security, and the problem of computer network security under cloud computing technology environment can not be underestimated. The top priority is to speed up the research and development of defense technology, improve the risk response system, consciously enhance the awareness of security protection, and be answerable for dealing with network risk with multi-pronged measures. This work mainly discussed the problems of computer network security under cloud computing technology environment from aspects of encryption technology, authorized accessing, network monitoring, and consciousness awakening, expecting to provide guidance and reference for computer network security response under the background of cloud computing.

Gang He,Xiaochen Liu,Xiaochun Wu,Decheng Yu

DOI: https://doi.org/10.1109/ihmsc.2014.111

2014-01-01

Abstract:In recent years, with the rapid development of the Internet on a global scale and the prompt popularization of various App applications, the Internet is increasingly becoming an integral part of people's lives. Meanwhile various network problems caused by abnormal network behavior have become more prominent than any time before. Furthermore we also have a lot of personal information on the Internet, which will bring us significant losses if are gave away. For that, to find an effective method to detect the abnormal network behavior is becoming more and more important. This paper first introduces a new detection method based on compound session, and then shows the effectiveness of the proposed method. A further objective of this method is to identify the infected host.

Xurong Li,Shouling Ji,Meng Han,Juntao Ji,Zhenyu Ren,Yushan Liu,Chunming Wu

DOI: https://doi.org/10.48550/arXiv.1901.01223

2019-09-14

Abstract:Deep learning has been broadly leveraged by major cloud providers, such as Google, AWS and Baidu, to offer various computer vision related services including image classification, object identification, illegal image detection, etc. While recent works extensively demonstrated that deep learning classification models are vulnerable to adversarial examples, cloud-based image detection models, which are more complicated than classifiers, may also have similar security concern but not get enough attention yet. In this paper, we mainly focus on the security issues of real-world cloud-based image detectors. Specifically, (1) based on effective semantic segmentation, we propose four attacks to generate semantics-aware adversarial examples via only interacting with black-box APIs; and (2) we make the first attempt to conduct an extensive empirical study of black-box attacks against real-world cloud-based image detectors. Through the comprehensive evaluations on five major cloud platforms: AWS, Azure, Google Cloud, Baidu Cloud, and Alibaba Cloud, we demonstrate that our image processing based attacks can reach a success rate of approximately 100%, and the semantic segmentation based attacks have a success rate over 90% among different detection services, such as violence, politician, and pornography detection. We also proposed several possible defense strategies for these security challenges in the real-life situation.

Computer Vision and Pattern Recognition,Cryptography and Security,Machine Learning

Jianlin Xu,Yifan Yu,Zhen Chen,Bin Cao,Wenyu Dong,Yu Guo,Junwei Cao

DOI: https://doi.org/10.1109/tst.2013.6574680

2013-01-01

Tsinghua Science & Technology

Abstract:With the explosive increase in mobile apps, more and more threats migrate from traditional PC client to mobile device. Compared with traditional Win+Intel alliance in PC, Android+ARM alliance dominates in Mobile Internet, the apps replace the PC client software as the major target of malicious usage. In this paper, to improve the security status of current mobile apps, we propose a methodology to evaluate mobile apps based on cloud computing platform and data mining. We also present a prototype system named MobSafe to identify the mobile app's virulence or benignancy. Compared with traditional method, such as permission pattern based method, MobSafe combines the dynamic and static analysis methods to comprehensively evaluate an Android app. In the implementation, we adopt Android Security Evaluation Framework (ASEF) and Static Android Analysis Framework (SAAF), the two representative dynamic and static analysis methods, to evaluate the Android apps and estimate the total time needed to evaluate all the apps stored in one mobile app market. Based on the real trace from a commercial mobile app market called AppChina, we can collect the statistics of the number of active Android apps, the average number apps installed in one Android device, and the expanding ratio of mobile apps. As mobile app market serves as the main line of defence against mobile malwares, our evaluation results show that it is practical to use cloud computing platform and data mining to verify all stored apps routinely to filter out malware apps from mobile app markets. As the future work, MobSafe can extensively use machine learning to conduct automotive forensic analysis of mobile apps based on the generated multifaceted data in this stage.

Xueying Wang,Jun Zhang,Mingbo Wang,Lijun Zu,ZhiHui Lu,Jie Wu

DOI: https://doi.org/10.1109/SCC.2014.85

2014-01-01

Abstract:With the increasing acceptance of cloud data center and virtualization technology by enterprises and industries, the security concern becomes the key hindrance to the development and deployment of cloud computing. Security auditing is a good way to deal with the threats faced by a cloud data center. But traditional auditing is no longer suitable for the new cloud environment. In this paper, we design, implement and evaluate the CDCAS, a novel cloud data center auditing system, which matches the demand of the scalability and efficiency of a cloud data center. In this system, we design one distributed and autonomous agent model which can be controlled by a set of rules dynamically generated to fit its use scenario. We then build the log analysis model which uses the signature based method and correlative analysis algorithm to extract security events from collected log with agreeable false positives. We evaluate our system both on real world and simulation to validate its efficiency. And our system is also deployed by the cloud data center of a well-known financial institution, and performs well.

Yanli Liu,Meng Cui

DOI: https://doi.org/10.1007/978-3-030-51431-0_39

2020-07-24

Abstract:Since the new century, with the gradual popularization of computer networks around the world, network security defense methods have become more sophisticated and comprehensive, but they are still unable to defend against increasingly sophisticated and increasingly globalized virus attacks. In the process of network use and promotion, the influence of viruses on the network and hackers’ attacks have become an important factor threatening network security. Especially when people use the Internet to pay funds, remittances and other online financial activities, network security has become a constant topic. Establishing an efficient network security incident response system is of great significance for the network to better play its role. Based on the research of network security monitoring, network attack defense, network data backup and recovery theory and technology, this paper studies the strategy model of network security incident response, and uses relevant theories and methods of software engineering, combined with programming languages, to achieve Related application modules of this model. This article implements a low-cost, high-performance multi-data backup and recovery system that works in conjunction with other security devices and systems in the network. The overall structure and workflow are analyzed and designed to achieve multi-point backup and Fast recovery, efficient synchronization strategy for remote data, etc. The experimental research found that the network security incident response system can effectively reduce the security risk of the internal network, with a security proportion of more than 92%.

Ruihua Ji,Zhong Li,Shouyu Chen,Minxue Pan,Tian Zhang,Shaukat Ali,Tao Yue,Xuandong Li

DOI: https://doi.org/10.1109/icst.2018.00029

2018-01-01

Abstract:Modern software systems rely on information networks for communication. Such information networks are inherently unpredictable and unreliable. Consequently, software systems behave in an unstipulated manner in uncertain network conditions. Discovering unknown behaviors of these software systems in uncertain network conditions is essential to ensure their correct behaviors. Such discovery requires the development of systematic and automated methods. We propose an online and iterative model-based testing approach to evolve test models with search algorithms. Our ultimate aim is to discover unknown expected behaviors that can only be observed in uncertain network conditions. Also, we have implemented an adaptive search-based test case generation strategy to generate test cases that are executed on the system under test. We evaluated our approach with an open source video conference application-Jitsi with three search algorithms in comparison with random search. Results show that our approach is efficient in discovering unknown system behaviors. In particular, (1+1) Evolutionary Algorithm outperformed the other algorithms.

Hongwei Jiang

DOI: https://doi.org/10.12694/scpe.v24i4.2069

2023-11-17

Abstract:Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources. User’s data is stored in large database. The stored data can be accessed and modified by the clients over the Internet. The data is monitored by the Third Party Auditor (TPA) on behalf of the client. Therefore, integrity is lacked by the data stored on the servers. The data integrity is ensured by the cloud services that provide trust to the privacy of users. Aiming at the urgent problem of network data security in cloud computing operations, this paper proposed a security situation assessment system to grasp the security situation in real time. A set of cloud computing network data storage security is proposed. Through this model, the extraction of network data storage security situation elements, the design of network data storage security situation assessment scheme and the calculation method of network data storage security situation value are completed. The experimental results show the error of the predicted value obtained by the network data storage security situation assessment system. The effectiveness of the system model and the superiority of the improved algorithm is verified by the experimental results. This paper uses the cloud model to predict the cloud computing network security situation. On the other hand, the security situation value obtained by the situation assessment process can be used directly without training the original situation value. Performance improvement by the proposed technique over existing technique is seen and it is observe that the proposed technique is 23% and 34% better than the existing techniques.

English Else

Sixian Sun,Xiao Fu,Hao Ruan,Xiaojiang Du,Bin Luo,Mohsen Guizani

DOI: https://doi.org/10.1109/access.2018.2853121

IF: 3.9

2018-01-01

IEEE Access

Abstract:The number of applications based on the Android platform is increasing rapidly now. However, as the supervision and review of Android applications are inadequate, a reasonable chance exists that users will download malware. This malware can lead to information leakage, monetary loss, and other damages. At present, a variety of applications exist for detecting malware, but most of these applications cannot show specific malicious behaviors. Moreover, the operation of this detection software is based on the database of viruses, and thus, it cannot identify unknown malware. To solve these problems, we implemented a system to detect the behaviors of Android applications and identify known or unknown malware. Our system can monitor specified applications utilizing loading a kernel module. After the detection process, the related documents are uploaded to the server, and the dynamic behaviors are reconstructed. As a result, a behavior diagram is generated. In addition, if the user needs to know whether the application is malware, the related Android package is sent to the server and analyzed. Then, the server calculates the results and the results are returned to the client.

Mansaf Alam,Shuchi Sethi

DOI: https://doi.org/10.48550/arXiv.1504.03539

2015-04-14

Distributed, Parallel, and Cluster Computing

Abstract:Recent research shows that colluded malware in different VMs sharing a single physical host may use a resource as a channel to leak critical information. Covert channels employ time or storage characteristics to transmit confidential information to attackers leaving no trail.These channels were not meant for communication and hence control mechanisms do not exist. This means these remain undetected by traditional security measures employed in firewalls etc in a network. The comprehensive survey to address the issue highlights that accurate methods for fast detection in cloud are very expensive in terms of storage and processing. The proposed framework builds signature by extracting features which accurately classify the regular from covert traffic in cloud and estimates difference in distribution of data under analysis by means of scores. It then adds context to the signature and finally using machine learning (Support Vector Machines),a model is built and trained for deploying in cloud. The results show that the framework proposed is high in accuracy while being low cost and robust as it is tested after adding noise which is likely to exist in public cloud environments.

Chao Wang,Tianyu Ren,Qun Li,Xiaohu Wang,Guangxin Guo,Jiahan Dong

DOI: https://doi.org/10.1088/1757-899x/750/1/012155

2020-02-01

IOP Conference Series: Materials Science and Engineering

Abstract:Abstract With the development of computer technology and communication technology, computer network will increasingly become an important means of information exchange, and permeate into every field of social life. However, the network has the potential threat and the reality existence each kind of security question, therefore we must take the strong security policy to ensure the network security. The purpose of this paper is to study the network computer security hidden trouble and vulnerability mining technology. In this paper, the types of security hidden dangers are analyzed, and the vulnerability detection technology Fuzzing technology is deeply studied. Then, the inspection and test time is analyzed for the existing vulnerability detection tools. The experimental results prove that vulnerability detection technology can protect network security with high efficiency of vulnerability detection. In this paper, three vulnerability detection tools WS Fuzzer, Web Fuzz and Webvul Scan were used to analyze the detection time of open source system, personal blog, shopping mall and forum. The average detection time was 1.9s, 8.7s, 20.5s and 59.7s, respectively. It can be seen that the vulnerability mining technology has a certain practical role.

Li-qin Tian,Chuang Lin,Yang Ni

DOI: https://doi.org/10.1109/iccasm.2010.5620636

2010-01-01

Abstract:Currently, the cloud computing is hot research both in scholars and enterprise, because of its good features such as low investment, easy maintenance, Flexibility and fast deployment, reliable service. But to truly implement cloud computing, we need to gradually improve it in academic, legal and institutional. Especially, the issue of trust is one of the biggest obstacles for the development of cloud computing. In the cloud computing, due to users directly use and operate the software and OS, and even basic programming environment and network infrastructure which provided by the cloud services providers, so the impact and destruction for the software and hardware cloud resources in cloud computing are worse than the current Internet users who use it to share resources. Therefore, that whether user behavior is trusted, how to evaluate user behavior trust is an important research content in cloud computing. mainly discusses evaluation importance of user behavior trust and evaluation strategy, in the cloud computing, including trust object analysis, principle on evaluating user behavior trust, basic idea of evaluating user behavior trust, evaluation strategy of behavior trust for each access, and long access, which laid the theoretical foundation about trust for the practical cloud computing application.

Jianhua Che,Yamin Duan,Tao Zhang,Jie Fan

DOI: https://doi.org/10.1016/j.proeng.2011.11.2551

2011-01-01

Procedia Engineering

Abstract:Cloud computing is introducing many huge changes to people's lifestyle and working pattern recently for its multitudinous benefits. However, the security of cloud computing is always the focus of numerous potential cloud customers, and a big barrier for its widespread applications. In this paper, to facilitate customers to understand the security status quo of cloud computing and contribute some efforts to improving the security level of cloud computing, we surveyed the existing popular security models of cloud computing, e.g. multiple-tenancy model, risk accumulation model, cube model of cloud computing, and summarized the main security risks of cloud computing deriving from different organizations. Finally, we gave some security strategies from the perspective of construction, operation and security incident response to relieve the common security issues of cloud computing.

English Else

Zhaoli Liu,Xiaohong Guan,Shancang Li,Tao Qin,Chao He

DOI: https://doi.org/10.1109/access.2018.2882812

IF: 3.9

2018-01-01

IEEE Access

Abstract:The widespread use of social media, cloud computing, and Internet of Things generates massive behavior data recorded by system logs, and how to utilize these data to improve the stability and security of these systems becomes more and more difficult due to the increasing number of users and amount of data. In this paper, we propose a novel model named behavior rhythm (BR) to characterize and visualize the user's behaviors from the massive logs and apply it to the system security management. Based on the BR model, we conduct the clustering analysis to mine the user clusters. Different management and access control policies can be applied to different clusters to improve the management efficiency. Then, we apply the non-negative matrix factorization method to analyze the BRs and perform abnormal detection, and employ the BR similarity calculation to perform fast potential anomaly tracking. The detection and tracing results can help the administrators to control the threats efficiently. Experimental results based on the datasets collected from the campus network center of Xi'an Jiaotong University verify the accuracy and efficiency of our method in user behavior profiling and security management, which lay a solid foundation for improving system stability and quality of service.

Meixi Zheng,Xuanchen Yan,Zihao Zhu,Hongrui Chen,Baoyuan Wu

DOI: https://doi.org/10.48550/arXiv.2312.16979

2023-12-28

Abstract:Adversarial examples are well-known tools to evaluate the vulnerability of deep neural networks (DNNs). Although lots of adversarial attack algorithms have been developed, it is still challenging in the practical scenario that the model's parameters and architectures are inaccessible to the attacker/evaluator, i.e., black-box adversarial attacks. Due to the practical importance, there has been rapid progress from recent algorithms, reflected by the quick increase in attack success rate and the quick decrease in query numbers to the target model. However, there is a lack of thorough evaluations and comparisons among these algorithms, causing difficulties of tracking the real progress, analyzing advantages and disadvantages of different technical routes, as well as designing future development roadmap of this field. Thus, in this work, we aim at building a comprehensive benchmark of black-box adversarial attacks, called BlackboxBench. It mainly provides: 1) a unified, extensible and modular-based codebase, implementing 25 query-based attack algorithms and 30 transfer-based attack algorithms; 2) comprehensive evaluations: we evaluate the implemented algorithms against several mainstreaming model architectures on 2 widely used datasets (CIFAR-10 and a subset of ImageNet), leading to 14,106 evaluations in total; 3) thorough analysis and new insights, as well analytical tools. The website and source codes of BlackboxBench are available at <a class="link-external link-https" href="https://blackboxbench.github.io/" rel="external noopener nofollow">this https URL</a> and <a class="link-external link-https" href="https://github.com/SCLBD/BlackboxBench/" rel="external noopener nofollow">this https URL</a>, respectively.

Cryptography and Security

Seoungmo An,Taehoon Eom,Jong Sou Park,Jin B. Hong,Armstrong Nhlabatsi,Noora Fetais,Khaled M. Khan,Dong Seong Kim

DOI: https://doi.org/10.48550/arXiv.1903.04271

2019-03-11

Abstract:Cloud computing has been adopted widely, providing on-demand computing resources to improve perfornance and reduce the operational costs. However, these new functionalities also bring new ways to exploit the cloud computing environment. To assess the security of the cloud, graphical security models can be used, such as Attack Graphs and Attack Trees. However, existing models do not consider all types of threats, and also automating the security assessment functions are difficult. In this paper, we propose a new security assessment tool for the cloud named CloudSafe, an automated security assessment for the cloud. The CloudSafe tool collates various tools and frameworks to automate the security assessment process. To demonstrate the applicability of the CloudSafe, we conducted security assessment in Amazon AWS, where our experimental results showed that we can effectively gather security information of the cloud and carry out security assessment to produce security reports. Users and cloud service providers can use the security report generated by the CloudSafe to understand the security posture of the cloud being used/provided.

Cryptography and Security

Leiting Tao,Xiaofeng Wang,Yuan Liu,Jie Wu

DOI: https://doi.org/10.3390/s22010044

IF: 3.9

2021-12-22

Sensors

Abstract:Cyber-physical systems (CPSs) based on space-ground integrated networks (SGINs) enable CPSs to break through geographical restrictions in space. Therefore, providing a test platform is necessary for new technical verification and network security strategy evaluations of SGINs. User behavior emulation technology can effectively support the construction of a test platform. Given the inherent dynamic changes, diverse behaviors, and large-scale characteristics of SGIN users, we propose user behavior emulation technology based on a cloud platform. First, the dynamic emulation architecture for user behavior for SGINs is designed. Then, normal user behavior emulation strategy driven by the group user behavior model in real time is proposed, which can improve the fidelity of emulation. Moreover, rogue user behavior emulation technology is adopted, based on traffic replay, to perform the security evaluation. Specifically, virtual Internet Protocol (IP) technology and the epoll model are effectively integrated in this investigation to resolve the contradiction between large-scale emulation and computational overhead. The experimental results demonstrate that the strategy meets the requirement of a diverse and high-fidelity dynamic user behavior emulation and reaches the emulation scale of 100,000-level concurrent communication for normal users and 100,000-level concurrent attacks for rogue users.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Tao Qin,Xiaohong Guan,Yi Long,Wei Li

DOI: https://doi.org/10.1109/icis.2009.104

2009-01-01

Abstract:Users' character analysis and control are important for enterprise network management and security. In this paper, we propose a novel method to classify the users' behaviors into different security levels and control their behaviors with corresponding strategies. Firstly, Dflow model and several traffic features, including the number of packets, number of flows, flow durations, etc., are proposed to capture the users' characters. They are obtained from different layers of the OSI communication model, such as the network layer and transport layer. Secondly, we define scores for users' behaviors according to their traffic patterns using a flexible method with adjustable weight factors, and different monitoring aims can be achieved by adjusting the weight factors. Based on the behavior score, the users' behaviors are classified into three security levels: low-dangerous, mid-dangerous and high-dangerous levels. Finally, the mid (high)-dangerous users' behaviors are controlled by a dynamic quarantine method based on the principle of "assume guilty before proven innocent". We quarantine a user whenever its behavior is classified into the mid (high)-dangerous levels by blocking its traffic. Then the quarantine is released after a short time, even if the users have not been inspected by security managers yet. In this way, we can remove the potential threats from the monitoring network without interfering the users' normal activities severely. The experimental results based on actual traffic data show that the methods proposed in this paper are simple, flexible and of high accuracy, which can be used for real-time enterprise network monitoring and management.

Wu Liu,Ping Ren,Ke Liu,Hai-xin Duan

DOI: https://doi.org/10.1109/IWCDM.2011.17

2011-01-01

Abstract:Malware, such as Trojan Horse, Worms and Spy ware severely threatens Internet. We observed that although malware and its variants may vary a lot from content signatures, they share some behavior features at a higher level which are more precise in revealing the real intent of malware. This paper investigates the technique of malware behavior extraction, presents the formal Malware Behavior Feature (MBF) extraction method, and proposes the malicious behavior feature based malware detection algorithm. Finally we designed and implemented the MBF based malware detection system, and the experimental results show that it can detect newly appeared unknown malwares.