U3D文件在PDF中的应用及其C＋＋编程实现

在探讨PDF文件格式的基础上,提出了一种通用三维(简称U3D)文件格式嵌入到PDF文件中的方法。这种方法具有可扩展性,对于如何在其他文件中支持U3D文件格式的应用研究也具有一定的参考价值。最后,还通过C++编程实现了在PDF文件中嵌入3D作品,并允许用户交互地观看显示效果。     

支持动态授权和文件评价的访问控制机制

针对传统的访问控制方法不支持动态授权和文件评价、且存在恶意再分享隐患,设计了一种支持动态授权和文件评价的访问控制机制(DAFE-AC)。DAFE-AC采用的动态授权机制能够对已授权用户进行实时监控,保证了用户之间的相互监督;采用的文件评价机制可以支持文件解锁阈值的动态更新。基于Hash/索引数据库,DAFE-AC确保了文件在系统中的唯一性。在DAFE-AC中,用户授权值会随着其他用户行为动态变化,且用户可以通过对文件进行评价以消除恶意再分享。     

基于机器学习算法的恶意PDF检测模型

随着互联网的高速发展和办公自动化的日益普及,PDF（portable document format）文件已经成为全球电子文档分发的开放式标准,由于PDF文档的高实用性和普遍适应性,使其成为有针对性钓鱼攻击的有效载体。恶意代码对计算机的严重破坏性,检测和防止含有恶意代码的PDF文档已日益成为计算机安全领域的重要目标。通过从文档中提取特征数据,提出了一个基于机器学习算法的恶意PDF检测框架,最后并通过实验验证了其检测模型的有效性。     

基于VMM的文件完整性监控系统的设计与实现

虚拟机监控器(VMM)具有强控制性、隔离性的特点。针对现有文件完整性监控系统中存在的缺陷,提出了一种新的基于VMM且与客户机相隔离的文件完整性保护方法,该方法能够保护用户的敏感文件,特别是文件完整性监控系统本身,使其免受恶意代码的攻击。这种基于虚拟机监控器的文件完整性保护解决方案,在虚拟机隔离层中通过设计和嵌入的"探测器"和"文件逆向定位器"两种关键技术,能够实时地探测到对被保护文件的所有访问企图,从而实现预置的保护策略。     

不可信环境下的客户端日志保护机制

现有的日志文件保护技术大多集中于保护日志文件不被外来攻击者攻击,而无法抵御恶意的合法用户的攻击。为此,在分析日志技术安全需求的基础上,提出一种在不可信环境下的客户端日志保护机制,基于USB Key对日志文件进行加密和签名处理。给出日志文件的生成、存储及上传过程。安全性与性能分析结果证明了该机制的有效性。     

一种面向BitTorrent的文件快速安全分发方案*

提出了一种能够很好利用BitTorrent快速传输特性的同时,也能增加文件下载安全控制的方案。BitTorrent是一种流行的快速传输分发文件的方式,但它存在一定的安全问题,如通过BitTorrent分发文件时,很容易被非法用户窃取获得明文文件。在面向BitTorrent协议基础上,结合使用对称加密技术和身份认证机制对其进行了改进：文件在提供下载前进行对称加密,然后通过BitTorrent进行传输分发;用户成功下载文件后需要进行身份认证,合法用户可以安全获得文件加密密钥,解密得到明文文件。实验结果表明该方     

基于图像纹理和卷积神经网络的恶意文件检测方法

在大数据环境下,针对传统恶意文件检测方法对经过代码变种和混淆后的恶意文件检测准确率低以及对跨平台恶意文件检测通用性弱等问题,提出一种基于图像纹理和卷积神经网络的恶意文件检测方法。首先,使用灰度图像生成算法将Android和Windows平台下可执行文件,即.dex和.exe文件,转换成相应的灰度图像;然后,通过卷积神经网络（CNN）算法自动提取这些灰度图像的纹理特征并加以学习训练,从而构建出一个恶意文件检测模型;最后,使用大量未知待检测的文件去验证模型检测准确率的高低。通过对大量的恶意样本进行实验,在Android和Windows平台下,模型检测最高准确率分别达到79.6%和97.6%,平均准确率分别约为79.3%和96.8%;与基于纹理指纹的恶意代码变种检测方法相比,基于图像纹理和卷积神经网络的恶意文件检测方法准确率提高了约20%。实验结果表明,所提方法能够有效避免人工筛选特征带来的问题,大幅提高检测的准确率和效率,成功解决跨平台检测问题,实现了一种端到端的恶意文件检测模型。     

信息战环境下基于数据依赖的文件可靠恢复

虽然现有的安全操作系统能够防止非授权用户的访问,但是它们不能阻止授权用户的恶意攻击行为。在信息战环境下,恶意授权用户(malicious authorized user)发起的数据篡改攻击是一种新的严重安全威胁。它通过被恶意修改的数据误导被攻击的组织做出错误的决策。针对恶意系统授权用户造成的文件数据篡改破坏问题,本文提出了一种基于数据依赖的文件数据可靠恢复算法。在发现系统授权用户的恶意攻击行为后,它能够通过对恶意用户所攻击的文件数据和非恶意用户所访问文件数据间存在的数据依赖关系的分析,自动发现被破坏的数据并对其进行自动修复。它的优点在于对受破坏的文件数据恢复时,能够保留未受恶意攻击影响的工作,从而提高系统的可用性,增强抗恶意攻击的能力。     

Wukong: A cloud-oriented file service for mobile Internet devices

Along with the rapid growth of heterogeneous cloud services and network technologies, an increasing number of mobile devices use cloud storage services to enlarge their capacity and share data in our daily lives. We commonly use cloud service client-side software in a straightforward fashion. However, when more devices and users participate in heterogeneous services, the difficulty of managing these services efficiently and conveniently increases. In this paper, we report a novel cloud-oriented file service, Wukong, which provides a user-friendly and highly available facilitative data access method for mobile devices in cloud settings. Wukong supports mobile applications, which may access local files only, transparently accessing cloud services with a relatively high performance. To the best of our knowledge, Wukong is the first file service that supports heterogeneous cloud services for mobile devices by using the innovative storage abstraction layer. We have implemented a prototype with several plugins and evaluated it in a systematic way. We find that this easily operable file service has a high usability and extensibility. It costs about 50 to 150 lines of code to implement a new backend service support plugin. Wukong achieves an acceptable throughput of 179.11 kB/s in an ADSL environment and 80.68 kB/s under a countryside EVDO 3G network with negligible overhead.     

一种PE文件加壳检测规则

在恶意代码自动分析系统中,对恶意样本进行文件格式检查,并判断其是否被加壳是对其进行自动分析的第一步。为了对加壳PE可执行文件实现更加准确的识别,提出一个基于文件头和部分文件内容的PE文件加壳检测规则(NFPS)。通过提取PE文件中5个方面的特征值,并按照NFPS规则进行计算,即可判定PE文件是否被加壳。经测试,其检测率高达95%以上,并支持多层壳的循环检测。     

Under storage constraints of epidemic backup node selection using HyMIS architecture for data replication in mobile peer-to-peer networks

The attainment of high reliability and availability is very difficult to be achieved in very complex wireless infrastructureless networks. Reliability concept describes essentially the transmission characteristics of infrastructureless networks, such as packet loss probability, packet duplication, data misinsertion, and corruption of packets. Some other metrics nowadays, aggregate and contribute to the aggravation of end to end reliability. In this work a new scheme for end to end reliable file/resource sharing is studied, among mobile peer-to-peer users. The proposed scheme uses the Hybrid Mobile Infostation System (HyMIS) to maintain and enhance the reliability of file/resource sharing process among wireless devices. Under various storage constraints the epidemic backup node selection is adopted, merging the advantages of epidemic file dissemination through purely mobile Infostations, using the HyMIS architecture. Examination through simulation is performed, taking into account many newly introduced storage metrics, for the performance evaluation of the proposed scheme. These storage metrics are tuned into certain bounded values to enable high packet delivery ratio. Results show that this scheme under certain storage requirements offer a reliable and robust solution for sharing resources of any capacity in dynamic mobile peer-to-peer wireless environments.     

Public integrity auditing for dynamic group cooperation files with efficient user revocation

With the rise of online cloud files, more and more online files are generated by group cooperation in recent years. However, there exist many security problems to be solved urgently for online cooperation files, such as how to verify the integrity of group cooperation files and realize its dynamic update and how to further trace the identity of signer (i.e., operator) who upload or update the group cooperation files. To address the above problems, we propose a secure public integrity auditing scheme for group cooperation files in this paper, named PAGCF. First, PAGCF not only can verify the integrity of group cooperation files, but also supports the dynamic update of group cooperation files via the skip list. Second, any legitimate user can trace the identity of signer to resist malicious tampering and workload disputes of group users. Additionally, PAGCF also achieves user stateless without requiring users to maintain a list locally. Third, PAGCF not only can realize effective group user revocation so that revoked users lose privileges to update the group cooperation file and trace the identity of signer, but also can resist the collusion attack of malicious adversaries and revoked users. Finally, numeric analyses and experiment results demonstrate the efficiency of our proposed scheme.     

基于ARM的文件浏览器实现

主要介绍以ARM Mini2440嵌入式开发板为核心,在移动设备中实现多种文件系统的硬件电路结构和软件实现方法。本系统是以ARM Mini2440系列开发板为主控制器,通过对USB接口的控制,从而可以对移动设备里面的多种格式的文件进行复制、粘贴、显示等操作,并通过触摸显示屏可以显示移动设备中部分格式文件的内容。经过实验测试,本系统能可靠地对移动设备中的文件进行读写和转移等操作。     

FARM: file annotation and retrieval on mobile devices

As the technology evolves, mobile phones and portable devices are equipped with advanced features like built-in cameras, audio/video recordings, and other applications. When a user starts utilizing such features and applications, usually a large number of files are generated, and as this number grows, it becomes a challenging task to find the requested files with limited user-interface capabilities. This article presents FARM, a framework for file annotation and retrieval on resource-limited mobile devices like mobile phones, PDAs, and other MIDP compliant devices. Once the annotation process is completed, user can easily retrieve the files on the device itself or on in a networked environment where a large number of mobile nodes are involved. The metadata for annotation is gathered from the underlying file system and stored locally, which gives this framework a two-fold gain. Firstly, this framework does not require any common repository and hence, does not require communication medium to store and retrieve metadata. Secondly, searches are performed in a distributed fashion when more than one device is searched. The proposed framework has been implemented with a full featured application, and experimental results show that files can be retrieved efficiently and accurately with annotated data.     

Comparing files using structural entropy

One of the main trends in the modern anti-virus industry is the development of algorithms that help estimate the similarity of files. Since malware writers tend to use increasingly complex techniques to protect their code such as obfuscation and polymorphism, anti-virus software vendors face problems of the increasing difficulty of file scanning, the considerable growth of anti-virus databases, and file storages overgrowth. For solving such problems, a static analysis of files appears to be of some interest. Its use helps determine those file characteristics that are necessary for their comparison without executing malware samples within a protected environment. The solution provided in this article is based on the assumption that different samples of the same malicious program have a similar order of code and data areas. Each such file area may be characterized not only by its length, but also by its homogeneity. In other words, the file may be characterized by the complexity of its data order. Our approach consists of using wavelet analysis for the segmentation of files into segments of different entropy levels and using edit distance between sequence segments to determine the similarity of the files. The proposed solution has a number of advantages that help detect malicious programs efficiently on personal computers. First, this comparison does not take into account the functionality of analysed files and is based solely on determining the similarity in code and data area positions which makes the algorithm effective against many ways of protecting executable code. On the other hand, such a comparison may result in false alarms. Therefore, our solution is useful as a preliminary test that triggers the running of additional checks. Second, the method is relatively easy to implement and does not require code disassembly or emulation. And, third, the method makes the malicious file record compact which is significant when compiling anti-virus databases.     

嵌入式系统中PDF格式的高效压缩算法

提出的算法可以解决在嵌入式系统上显示含有文本和图像的PDF文件的要求。该算法先将PDF文件分解成图像和文本两部分,然后依照原文件的显示格式将分解出来的元素合成一种新的格式文件,最终实现将PC机上的PDF格式文件转化为适合在嵌入式系统上正确显示的格式。该算法缩减了文件的大小,使之适应于嵌入式系统有限的硬件资源,也扩大了嵌入式系统的文件来源。     

A security monitoring method for malicious P2P event detection

Recently malicious code is spreading rapidly due to the use of P2P(peer to peer) file sharing. The malicious code distributed mostly transformed the infected PC as a botnet for various attacks by attackers. This can take important information from the computer and cause a large-scale DDos attack. Therefore it is extremely important to detect and block the malicious code in early stage. However a centralized security monitoring system widely used today cannot detect a sharing file on a P2P network. In this paper, to compensate the defect, P2P file sharing events are obtained and the behavior is analyzed. Based on the analysis a malicious file detecting system is proposed and synchronized with a security monitoring system on a virtual machine. In application result, it has been detected such as botnet malware using P2P. It is improved by 12 % performance than existing security monitoring system. The proposed system can detect suspicious P2P sharing files that were not possible by an existing system. The characteristics can be applied for security monitoring to block and respond to the distribution of malicious code through P2P.