Detection of malicious and non-malicious website visitors using unsupervised neural network learning

Distributed denials of service (DDoS) attacks are recognized as one of the most damaging attacks on the Internet security today. Recently, malicious web crawlers have been used to execute automated DDoS attacks on web sites across the WWW. In this study, we examine the use of two unsupervised neural network (NN) learning algorithms for the purpose web-log analysis: the Self-Organizing Map (SOM) and Modified Adaptive Resonance Theory 2 (Modified ART2). In particular, through the use of SOM and modified ART2, our work aims to obtain a better insight into the types and distribution of visitors to a public web-site based on their browsing behavior, as well as to investigate the relative differences and/or similarities between malicious web crawlers and other non-malicious visitor groups. The results of our study show that, even though there is a pretty clear separation between malicious web-crawlers and other visitor groups, 52% of malicious crawlers exhibit very ‘human-like’ browsing behavior and as such pose a particular challenge for future web-site security systems. Also, we show that some of the feature values of malicious crawlers that exhibit very ‘human-like’ browsing behavior are not significantly different than the features values of human visitors. Additionally, we show that Google, MSN and Yahoo crawlers exhibit distinct crawling behavior.     

基于Android系统的恶意程序原理分析

随着Android系统市场占有率的不断扩大,Android系统恶意软件造成的危害也越来越大,加之各种AppMarket良莠不齐,Android系统安全问题日益突出。虽然Android系统具有几种安全机制,但其并不足以抵御当下的一些攻击。文章以四类恶意程序为实例,阐述了Android安全机制的漏洞以及恶意程序攻击方式,然后通过实例来实现恶意程序的攻击,最后总结各个攻击方式的不足和优点,为恶意程序的防治工作做了铺垫。     

A comparison between Fama and French's model and artificial neural networks in predicting the Chinese stock market

Evidence exists that emerging market stock returns are influenced by a different set of factors than those that influence the returns for stocks traded in developed countries. This study uses artificial neural networks to predict stock price movement (i.e., price returns) for firms traded on the Shanghai stock exchange. We compare the predictive power using linear models from financial forecasting literature to the predictive power of the univariate and multivariate neural network models. Our results show that neural networks outperform the linear models compared. These results are statistically significant across our sample firms, and indicate neural networks are a useful tool for stock price prediction in emerging markets, like China.     

Estimating the market impact of security breach announcements on firm values

Security breaches can have a significant economic impact on a firm. With public disclosure laws passed, security breaches involving disclosure of private client information can both damage the firms’ reputation and lead to fines by US government agencies. We examined the impact of security breaches of US firms, as measured by their impact on the firm's market value. Data on security breaches were collected over the period 2004–2008. Reports and news articles corresponding to these breaches were obtained from public sources. Using event-study methodology, we estimate the impact of security breaches on the market value of publicly traded firms. Daily stock returns for firms impacted were obtained. Our results indicated that, on average, the announcement of a corporate security breach had a negative impact of about 1% of the market value of the firm during the days surrounding the event.     

Did IT consulting firms gain when their clients were breached?

Despite all the research investigating the impact of data and information technology (IT) breaches to the market value of the breached firms, few studies explore the effects of breach events on the stock price of consulting firms that supplies the know-how and infrastructure to create, implement and maintain those information systems that were hacked. Information transfer theory and capital market expectation suggest that as more data breaches occur every year, investors, clients and customers may well look beyond the faults of the individual firms, and place some responsibility on the shoulders of these IT providers. In this study, we investigated a total of 83 breach events affecting a wide range of US firms in various industries in year 2006 and 2007. We found that the market value of the IT consulting firms is positively associated with the disclosure of IT security breaches. The IT consulting firms realized an average abnormal return of 4.01% during the 2-day period after the announcement. Using the event-study method and Ordinary Least Squares Regression to calculate and analyze these firms’ abnormal returns, we found evidence that as the number of breached records increased, the IT consulting firms tended to suffer negative returns. In addition, the observed impact was more salient for breaches that affect technology intensive firms than retailing or other firms. In other words, generally speaking, the IT consulting firms have similar experiences with the attacked firms.     

基于人工智能理论的网络安全管理关键技术的研究

网络安全对网络应用具有非常重要性的现实意义,其中,网络异常检测和泛化能力是网络安全管理中的关键环节。以基于人工智能理论的网络安全管理关键技术为研究对象,提出基于克隆选择模糊聚类算法的异常检测方法,解决异常检测效率低、误报率高等问题;提出基于交补分担准则的证据组合规则方法,解决信息融合证据组合冲突和规则缺陷等问题;提出基于改进证据组合规则的P2P信任管理模型,解决P2P系统难以有效处理恶意节点攻击、不能有效处理不确定性信息等问题。     

Flow-based anomaly detection in high-speed links using modified GSA-optimized neural network

Ever growing Internet causes the availability of information. However, it also provides a suitable space for malicious activities, so security is crucial in this virtual environment. The network intrusion detection system (NIDS) is a popular tool to counter attacks against computer networks. This valuable tool can be realized using machine learning methods and intrusion datasets. Traditional datasets are usually packet-based in which all network packets are analyzed for intrusion detection in a time-consuming process. On the other hand, the recent spread of 1–10-Gbps-technologies have clearly pointed out that scalability is a growing problem. In this way, flow-based solutions can help to solve the problem by reduction of data and processing time, opening the way to high-speed detection on large infrastructures. Besides, NIDS should be capable of detecting new malicious activities. Artificial neural network-based NIDSs can detect unseen attacks, so a multi-layer perceptron (MLP) neural classifier is used in this study to distinguish benign and malicious traffic in a flow-based NIDS. In this way, a modified gravitational search algorithm (MGSA), as a modern heuristic technique, is employed to optimize the interconnection weights of the neural anomaly detector. The proposed scheme is trained using an enhanced version of the first labeled flow-based dataset for intrusion detection introduced in 2009. In addition, the particle swarm optimization (PSO) algorithm and traditional error back-propagation (EBP) algorithm are employed to train MLP, so performance comparison becomes possible. The experimental results based on the actual network data show that the MGSA-optimized neural anomaly detector is effective for monitoring abnormal traffic flows in the gigabytes traffic environment, and the accuracy is about 97.8 %.     

基于动态信息流追踪技术的运行时安全隐患监测模块设计

威胁计算机安全的主要途径是通过操作系统或者应用程序的漏洞来获取对系统的非授权访问,进而达到恶意攻击的目的。针对这一问题,实现一种运行时安全隐患监测模块,该模块在动态信息流追踪技术的基础上,通过分析程序运行时内存和寄存器中的内容,动态地检测和记录程序的信息流,从而实现对恶意攻击的定位和预防。     

Knowledge discovery in corporate events by neural network rule extraction

Over the last two decades, artificial neural networks (ANN) have been applied to solve a variety of problems such as pattern classification and function approximation. In many applications, it is desirable to extract knowledge from trained neural networks for the users to gain a better understanding of the network’s solution. In this paper, we use a neural network rule extraction method to extract knowledge from 2222 dividend initiation and resumption events. We find that the positive relation between the short-term price reaction and the ratio of annualized dividend amount to stock price is primarily limited to 96 small firms with high dividend ratios. The results suggest that the degree of short-term stock price underreaction to dividend events may not be as dramatic as previously believed. The results also show that the relations between the stock price response and firm size is different across different types of firms. Thus, drawing the conclusions from the whole dividend event data may leave some important information unexamined. This study shows that neural network rule extraction method can reveal more knowledge from the data.     

电力移动智能终端安全技术研究

电力移动智能终端中存储的用户身份、电力运维数据、电网管理数据等大量重要信息使其具有巨大的攻击价值。Android作为目前全球最广泛使用的移动终端操作系统,也为相当规模的电力移动智能终端所应用,然而,其开放性（第三方开发）等特征在增强其功能和提升应用灵活性的同时也为系统漏洞、恶意应用等多种类型的攻击提供了渠道。文章通过对Android系统安全模型和安全威胁的研究,总结了针对Android平台上的电力移动智能终端的远程和本地攻击、隐私窃取、通信劫持和远程控制技术及方法。最后,提出了在基于Android系统的电力移动智能终端上加载恶意代码检测模块和操作系统加固的建议方案。     

The dark side of social networking sites:Understanding phishing risks

LinkedIn, with over 1.5 million Groups, has become a popular place for business employees to create private groups to exchange information and communicate. Recent research on social networking sites (SNSs) has widely explored the phenomenon and its positive effects on firms. However, social networking's negative effects on information security were not adequately addressed. Supported by the credibility, persuasion and motivation theories, we conducted 1) a field experiment, demonstrating how sensitive organizational data can be exploited, followed by 2) a qualitative study of employees engaged in SNSs activities; and 3) interviews with Chief Information Security Officers (CISOs). Our research has resulted in four main findings: 1) employees are easily deceived and susceptible to victimization on SNSs where contextual elements provide psychological triggers to attackers; 2) organizations lack mechanisms to control SNS online security threats, 3) companies need to strengthen their information security policies related to SNSs, where stronger employee identification and authentication is needed, and 4) SNSs have become important security holes where, with the use of social engineering techniques, malicious attacks are easily facilitated.     

Management and applications of trust in Wireless Sensor Networks: A survey

Wireless Sensors Networks (WSNs) are susceptible to many security threats, and because of communication, computation and delay constraints of WSNs, traditional security mechanisms cannot be used. Trust management models have been recently suggested as an effective security mechanism for WSNs. Considerable research has been done on modeling and managing trust. In this paper, we present a detailed survey on various trust models that are geared towards WSNs. Then, we analyze various applications of trust models. They are malicious attack detection, secure routing, secure data aggregation, secure localization and secure node selection. In addition, we categorize various types of malicious attacks against trust models and analyze whether the existing trust models can resist these attacks or not. Finally, based on all the analysis and comparisons, we list several trust best practices that are essential for developing a robust trust model for WSNs.     

Building semantic kernels for cross-document knowledge discovery using Wikipedia

The age of Internet technology has introduced new types of attacks to new assets that did not exist before. Databases that represent information assets are subject to attacks that have malicious intentions, such as stealing sensitive data, deleting records or violating the integrity of the database. Many counter measures have been designed and implemented to protect the databases and the information they host from attacks. While preventive measures could be overcome and detection measures could detect an attack late after damage has occurred, there is a need for a recovery algorithm that will recover the database to its correct previous state before the attack. Numerous damage assessment and recovery algorithms have been proposed by researchersIn this work, we present an efficient lightweight detection and recovery algorithm that is based on the matrix approach and that can be used to recover from malicious attacks. We compare our algorithm with other approaches and show the performance results.     

Economic incentives in security information sharing: the effects of market structures

The past few years have witnessed numerous information security incidents throughout the world, which unfortunately become increasingly tough to be completely addressed just by technology solutions such as advanced firewalls and intrusion detection systems. In addition to technology components, Internet environment can be viewed as a complex economic system consisting of firms, hackers, government sectors and other participants, whose economic incentives should be taken into account carefully when security solutions are formulated. In order to better protect information assets, information security economics as an emerging and thriving research branch emerges aiming at attempting to solve the problems of distorted incentives of such stakeholders by means of economic approaches. However, how these participants’ economic incentives for information security improvement change when they evolve between different market structures has remained unknown yet. Using game theory, we develop an analytical framework to investigate the effects of market structures on security investments, information sharing, attack investments, expected profits, expected consumer surplus and expected social welfare. We demonstrate that the levels of security investments, information sharing, attack investments, and expected profits are higher while expected consumer surplus and expected social welfare are lower under Cournot competition than under Bertrand competition. In particular, we surprisingly find that under either type of competition, the demand switch ratio caused by security breaches may benefit firms, consumers, government sectors and harm hackers. Our results provide some relevant managerial insights into formulating the strategies of security investments and information sharing for the firms transforming from one type of competition to the other.     

Malicious actions against the GPRS technology

This paper presents the malicious actions (attacks), which threaten the general packet radio services (GPRS) network, the GPRS mobile users, and the data that either reside at the network or are transferred through it. These attacks may be performed by malicious third parties, mobile users, network operators or network operator personnel, which exploit the security weaknesses of the GPRS security architecture. Moreover, the attackers take advantage of the lack of adequate security measures that should protect certain parts of the GPRS architecture. The possible attacks against GPRS targets the equipment of mobile users, the radio access network, the GPRS backbone network, and the interfaces that connect the latter to other GPRS networks or the public Internet. The results of these attacks might be the compromise of end-users security, the users over billing, the disclosure or alteration of critical information, the services unavailability, the network breakdown, etc. The analyzed attacks and their consequences increase the risks associated with the usage of GPRS, and, thus, influence its deployment that realizes the concept mobile Internet. In order to defeat certain attacks and enhance the level of security provided by GPRS, specific security measures are proposed.     

Application of reinforcement learning for security enhancement in cognitive radio networks

Cognitive radio network (CRN) enables unlicensed users (or secondary users, SUs) to sense for and opportunistically operate in underutilized licensed channels, which are owned by the licensed users (or primary users, PUs). Cognitive radio network (CRN) has been regarded as the next-generation wireless network centered on the application of artificial intelligence, which helps the SUs to learn about, as well as to adaptively and dynamically reconfigure its operating parameters, including the sensing and transmission channels, for network performance enhancement. This motivates the use of artificial intelligence to enhance security schemes for CRNs. Provisioning security in CRNs is challenging since existing techniques, such as entity authentication, are not feasible in the dynamic environment that CRN presents since they require pre-registration. In addition these techniques cannot prevent an authenticated node from acting maliciously. In this article, we advocate the use of reinforcement learning (RL) to achieve optimal or near-optimal solutions for security enhancement through the detection of various malicious nodes and their attacks in CRNs. RL, which is an artificial intelligence technique, has the ability to learn new attacks and to detect previously learned ones. RL has been perceived as a promising approach to enhance the overall security aspect of CRNs. RL, which has been applied to address the dynamic aspect of security schemes in other wireless networks, such as wireless sensor networks and wireless mesh networks can be leveraged to design security schemes in CRNs. We believe that these RL solutions will complement and enhance existing security solutions applied to CRN To the best of our knowledge, this is the first survey article that focuses on the use of RL-based techniques for security enhancement in CRNs.     

针对恶意用户的安全聚合协议设计与实现

安全聚合协议在过去的二十年里得到了深入广泛的研究,此类协议的基本设置由多方与一个聚合器协调组成,该聚合器的目标是计算各方输入的总和,而不会泄露除聚合值本身之外的任何有关各方私有输入的信息。在现有文献中有许多安全聚合解决方案,这些解决方案主要关注数据隐私问题,即在使聚合器能够计算和显示输入总和的同时,对各方的个人输入保密;另一方面,在输入的正确性和完整性方面,假定所有涉及聚合协议的各方都是完全可信的,虽然很少有解决方案将聚合器视为潜在的恶意对手,但在本文中,考虑了恶意方的存在,他们可以发送虚假的输入,从而导致计算无用。针对恶意用户可以在不被检测到的情况下生成模型中毒或后门注入攻击,本文提出一个将用户视为潜在恶意的安全聚合协议,这种新协议允许以隐私保护的方式正确计算聚合结果。为了实现该解决方案,作者开发了一个机器学习模型的构造,在这个模型中,多方使用他们的私有局部模型参数协作来训练模型,而不向包括聚合器在内的其他各方透露这些参数,并使用了一个新设计的可编程伪随机函数,在存在潜在后门注入攻击的联邦学习场景下,将解决方案作为概念证明进行了验证,实验结果表明,所提议的安全聚合协议确实可以帮助检测后门攻击,并通过与现有的安全聚合协议比较,所拟议的安全聚合协议是目前性能较好的聚合协议,在网络安全应用中,安全聚合协议用作异常检测是可以值得信赖的。     

利用改进灰狼算法优化BP神经网络的入侵检测

神经网络技术被广泛应用于网络安全领域,在入侵检测中能够实现网络攻击的主动检测和攻击分类.然而随着恶意攻击的不断演化,神经网络技术存在的弊端日益显现.针对BP神经网络在入侵检测过程中存在的初始值随机性较大以及易陷入局部最优的问题,本文提出一种改进灰狼算法优化BP神经网络的入侵检测模型(IGWO-BP).首先,使用混沌映射初始化种群、设计非线性收敛因子以及动态权重策略对传统灰狼算法进行改进,并以此优化BP神经网络的初始权值和阈值,并运用改进BP神经网络对网络安全数据集进行实际检测.实验结果表明,IGWO-BP模型在NSL-KDD和UNSW-NB15数据集上取得了较优的检测结果,与其它现有模型相比性能也有较大提升.     

A hybrid genetic-neural architecture for stock indexes forecasting

In this paper, a new approach for time series forecasting is presented. The forecasting activity results from the interaction of a population of experts, each integrating genetic and neural technologies. An expert of this kind embodies a genetic classifier designed to control the activation of a feedforward artificial neural network for performing a locally scoped forecasting activity. Genetic and neural components are supplied with different information: The former deal with inputs encoding information retrieved from technical analysis, whereas the latter process other relevant inputs, in particular past stock prices. To investigate the performance of the proposed approach in response to real data, a stock market forecasting system has been implemented and tested on two stock market indexes, allowing for account realistic trading commissions. The results pointed to the good forecasting capability of the approach, which repeatedly outperformed the “Buy and Hold” strategy.     

一种基于PUF的超轻量级RFID标签所有权转移协议

针对RFID标签所有权转移协议中存在的数据完整性受到破坏、物理克隆攻击、去同步攻击等多种安全隐私问题,新提出一种基于物理不可克隆函数(PUF)的超轻量级RFID标签所有权转移协议—PUROTP.该协议中标签所有权的原所有者和新所有者之间直接进行通信完成所有权转移,从而不需要引入可信第三方,主要涉及的运算包括左循环移位变换(Rot(X,Y))和异或运算($\oplus$)以及标签中内置的物理不可克隆函数(PUF),并且该协议实现了两重认证,即所有权转移之前的标签原所有者与标签之间的双向认证、所有权转移之后的标签新所有者与标签之间的双向认证.通过使用BAN(Burrows-Abadi-Needham)逻辑形式化安全性分析以及协议安全分析工具Scyther对PUROTP协议的安全性进行验证,结果表明该协议的通信过程是安全的,Scyther没有发现恶意攻击,PUROTP协议能够保证通信过程中交互信息的安全性及数据隐私性.通过与现有部分经典RFID所有权转移协议的安全性及性能对比分析,结果表明该协议不仅能够满足标签所有权转移过程中的数据完整性、前向安全性、双向认证性等安全要求,而且能够抵抗物理克隆攻击、重放攻击、中间人攻击、去同步攻击等多种恶意攻击.在没有额外增加计算代价和存储开销的同时克服了现有方案存在的安全和隐私隐患,具有一定的社会经济价值.