- Liang He;Zhixiang Li;Chao Shen;
Keystroke dynamics is the process to identify or authenticate individuals based on their typing rhythm behaviors. Several classifications have been proposed to verify a user's legitimacy, and the performances of these classifications should be confirmed to identify the most promising research direction. However, classification research contains several experiments with different conditions such as datasets and methodologies. This study aims to benchmark the algorithms to the same dataset and features to equally measure all performances. Using a dataset that contains the typing rhythm of 51 subjects, we implement and evaluate 15 classifiers measured by F1-measure, which is the harmonic mean of a false-negative identification rate and false-positive identification rate.We also develop a methodology to process the typing data. By considering a case in which the model will reject the outsider, we tested the algorithms on an open set. Additionally, we tested different parameters in random forest and k nearest neighbors classifications to achieve better results and explore the cause of their high performance. We also tested the dataset on one-class classification and explained the results of the experiment. The top-performing classifier achieves an F1-measure rate of 92% while using the normalized typing data of 50 subjects to train and the remaining data to test. The results, along with the normalization methodology, constitute a benchmark for comparing the classifiers and measuring the performance of keystroke dynamics for insider detection.
2018年05期 v.23 513-525页 [查看摘要][在线阅读][下载 31182K] [下载次数:57 ] |[网刊下载次数:0 ] |[引用频次:3 ] |[阅读次数:0 ] - Liang He;Zhixiang Li;Chao Shen;
Keystroke dynamics is the process to identify or authenticate individuals based on their typing rhythm behaviors. Several classifications have been proposed to verify a user's legitimacy, and the performances of these classifications should be confirmed to identify the most promising research direction. However, classification research contains several experiments with different conditions such as datasets and methodologies. This study aims to benchmark the algorithms to the same dataset and features to equally measure all performances. Using a dataset that contains the typing rhythm of 51 subjects, we implement and evaluate 15 classifiers measured by F1-measure, which is the harmonic mean of a false-negative identification rate and false-positive identification rate.We also develop a methodology to process the typing data. By considering a case in which the model will reject the outsider, we tested the algorithms on an open set. Additionally, we tested different parameters in random forest and k nearest neighbors classifications to achieve better results and explore the cause of their high performance. We also tested the dataset on one-class classification and explained the results of the experiment. The top-performing classifier achieves an F1-measure rate of 92% while using the normalized typing data of 50 subjects to train and the remaining data to test. The results, along with the normalization methodology, constitute a benchmark for comparing the classifiers and measuring the performance of keystroke dynamics for insider detection.
2018年05期 v.23 513-525页 [查看摘要][在线阅读][下载 31182K] [下载次数:57 ] |[网刊下载次数:0 ] |[引用频次:3 ] |[阅读次数:0 ] - Shuang Liang;Yue Zhang;Bo Li;Xiaojie Guo;Chunfu Jia;Zheli Liu;
The leakage of sensitive data occurs on a large scale and with increasingly serious impact. It may cause privacy disclosure or even property damage. Password leakage is one of the fundamental reasons for information leakage, and its importance is must be emphasized because users are likely to use the same passwords for different Web application accounts. Existing approaches use a password manager and encrypted Web application to protect passwords and other sensitive data; however, they may be compromised or lack accessibility. The paper presents Secure Web, which is a secure, practical, and user-controllable framework for mitigating the leakage of sensitive data. Secure Web protects users' passwords and aims to provide a unified protection solution to diverse sensitive data. The efficiency of the developed schemes is demonstrated and the results indicate that it has a low overhead and are of practical use.
2018年05期 v.23 526-538页 [查看摘要][在线阅读][下载 1768K] [下载次数:128 ] |[网刊下载次数:0 ] |[引用频次:9 ] |[阅读次数:0 ] - Shuang Liang;Yue Zhang;Bo Li;Xiaojie Guo;Chunfu Jia;Zheli Liu;
The leakage of sensitive data occurs on a large scale and with increasingly serious impact. It may cause privacy disclosure or even property damage. Password leakage is one of the fundamental reasons for information leakage, and its importance is must be emphasized because users are likely to use the same passwords for different Web application accounts. Existing approaches use a password manager and encrypted Web application to protect passwords and other sensitive data; however, they may be compromised or lack accessibility. The paper presents Secure Web, which is a secure, practical, and user-controllable framework for mitigating the leakage of sensitive data. Secure Web protects users' passwords and aims to provide a unified protection solution to diverse sensitive data. The efficiency of the developed schemes is demonstrated and the results indicate that it has a low overhead and are of practical use.
2018年05期 v.23 526-538页 [查看摘要][在线阅读][下载 1768K] [下载次数:128 ] |[网刊下载次数:0 ] |[引用频次:9 ] |[阅读次数:0 ] - Dawei Li;Jianwei Liu;Zongyang Zhang;Qianhong Wu;Weiran Liu;
Hierarchical Identity-Based Broadcast Encryption(HIBBE) organizes users into a tree-like structure, and it allows users to delegate their decryption ability to subordinates and enable encryption to any subset of users while only intended users can decrypt. However, current HIBBE schemes do not support efficient revocation of private keys. Here, a new primitive called Revocable Hierarchical Identity-Based Broadcast Encryption(RHIBBE) is formalized that allows revocation of the HIBBE. Ciphertext indistinguishability is defined against the selectively Bounded Revocable Identity-Vector-Set and Chosen-Plaintext Attack(IND-s BRIVS-CPA). An IND-s BRIVS-CPA secure RHIBBE scheme is constructed with efficient revocation on prime-order bilinear groups. The unbounded version of the scheme is also shown to be secure but a little weaker than the former under the decisional n-Weak Bilinear Diffie-Hellman inversion assumption.
2018年05期 v.23 539-549页 [查看摘要][在线阅读][下载 347K] [下载次数:46 ] |[网刊下载次数:0 ] |[引用频次:5 ] |[阅读次数:0 ] - Dawei Li;Jianwei Liu;Zongyang Zhang;Qianhong Wu;Weiran Liu;
Hierarchical Identity-Based Broadcast Encryption(HIBBE) organizes users into a tree-like structure, and it allows users to delegate their decryption ability to subordinates and enable encryption to any subset of users while only intended users can decrypt. However, current HIBBE schemes do not support efficient revocation of private keys. Here, a new primitive called Revocable Hierarchical Identity-Based Broadcast Encryption(RHIBBE) is formalized that allows revocation of the HIBBE. Ciphertext indistinguishability is defined against the selectively Bounded Revocable Identity-Vector-Set and Chosen-Plaintext Attack(IND-s BRIVS-CPA). An IND-s BRIVS-CPA secure RHIBBE scheme is constructed with efficient revocation on prime-order bilinear groups. The unbounded version of the scheme is also shown to be secure but a little weaker than the former under the decisional n-Weak Bilinear Diffie-Hellman inversion assumption.
2018年05期 v.23 539-549页 [查看摘要][在线阅读][下载 347K] [下载次数:46 ] |[网刊下载次数:0 ] |[引用频次:5 ] |[阅读次数:0 ] - Jianchao Tang;Ming Xu;Shaojing Fu;Kai Huang;
Advanced Persistent Threat(APT) attack, an attack option in recent years, poses serious threats to the security of governments and enterprises data due to its advanced and persistent attacking characteristics. To address this issue, a security policy of big data analysis has been proposed based on the analysis of log data of servers and terminals in Spark. However, in practical applications, Spark cannot suitably analyze very huge amounts of log data. To address this problem, we propose a scheduling optimization technique based on the reuse of datasets to improve Spark performance. In this technique, we define and formulate the reuse degree of Directed Acyclic Graphs(DAGs) in Spark based on Resilient Distributed Datasets(RDDs). Then, we define a global optimization function to obtain the optimal DAG sequence, that is, the sequence with the least execution time. To implement the global optimization function, we further propose a novel cost optimization algorithm based on the traditional Genetic Algorithm(GA). Our experiments demonstrate that this scheduling optimization technique in Spark can greatly decrease the time overhead of analyzing log data for detecting APT attacks.
2018年05期 v.23 550-560页 [查看摘要][在线阅读][下载 611K] [下载次数:65 ] |[网刊下载次数:0 ] |[引用频次:7 ] |[阅读次数:0 ] - Jianchao Tang;Ming Xu;Shaojing Fu;Kai Huang;
Advanced Persistent Threat(APT) attack, an attack option in recent years, poses serious threats to the security of governments and enterprises data due to its advanced and persistent attacking characteristics. To address this issue, a security policy of big data analysis has been proposed based on the analysis of log data of servers and terminals in Spark. However, in practical applications, Spark cannot suitably analyze very huge amounts of log data. To address this problem, we propose a scheduling optimization technique based on the reuse of datasets to improve Spark performance. In this technique, we define and formulate the reuse degree of Directed Acyclic Graphs(DAGs) in Spark based on Resilient Distributed Datasets(RDDs). Then, we define a global optimization function to obtain the optimal DAG sequence, that is, the sequence with the least execution time. To implement the global optimization function, we further propose a novel cost optimization algorithm based on the traditional Genetic Algorithm(GA). Our experiments demonstrate that this scheduling optimization technique in Spark can greatly decrease the time overhead of analyzing log data for detecting APT attacks.
2018年05期 v.23 550-560页 [查看摘要][在线阅读][下载 611K] [下载次数:65 ] |[网刊下载次数:0 ] |[引用频次:7 ] |[阅读次数:0 ] - Xiaoming Ye;Xingshu Chen;Dunhu Liu;Wenxian Wang;Li Yang;Gang Liang;Guolin Shao;
Extracting and analyzing network traffic feature is fundamental in the design and implementation of network behavior anomaly detection methods. The traditional network traffic feature method focuses on the statistical features of traffic volume. However, this approach is not sufficient to reflect the communication pattern features. A different approach is required to detect anomalous behaviors that do not exhibit traffic volume changes,such as low-intensity anomalous behaviors caused by Denial of Service/Distributed Denial of Service(Do S/DDo S)attacks, Internet worms and scanning, and Bot Nets. We propose an efficient traffic feature extraction architecture based on our proposed approach, which combines the benefit of traffic volume features and network communication pattern features. This method can detect low-intensity anomalous network behaviors and conventional traffic volume anomalies. We implemented our approach on Spark Streaming and validated our feature set using labelled real-world dataset collected from the Sichuan University campus network. Our results demonstrate that the traffic feature extraction approach is efficient in detecting both traffic variations and communication structure changes.Based on our evaluation of the MIT-DRAPA dataset, the same detection approach utilizes traffic volume features with detection precision of 82.3% and communication pattern features with detection precision of 89.9%. Our proposed feature set improves precision by 94%.
2018年05期 v.23 561-573页 [查看摘要][在线阅读][下载 1302K] [下载次数:96 ] |[网刊下载次数:0 ] |[引用频次:6 ] |[阅读次数:0 ] - Xiaoming Ye;Xingshu Chen;Dunhu Liu;Wenxian Wang;Li Yang;Gang Liang;Guolin Shao;
Extracting and analyzing network traffic feature is fundamental in the design and implementation of network behavior anomaly detection methods. The traditional network traffic feature method focuses on the statistical features of traffic volume. However, this approach is not sufficient to reflect the communication pattern features. A different approach is required to detect anomalous behaviors that do not exhibit traffic volume changes,such as low-intensity anomalous behaviors caused by Denial of Service/Distributed Denial of Service(Do S/DDo S)attacks, Internet worms and scanning, and Bot Nets. We propose an efficient traffic feature extraction architecture based on our proposed approach, which combines the benefit of traffic volume features and network communication pattern features. This method can detect low-intensity anomalous network behaviors and conventional traffic volume anomalies. We implemented our approach on Spark Streaming and validated our feature set using labelled real-world dataset collected from the Sichuan University campus network. Our results demonstrate that the traffic feature extraction approach is efficient in detecting both traffic variations and communication structure changes.Based on our evaluation of the MIT-DRAPA dataset, the same detection approach utilizes traffic volume features with detection precision of 82.3% and communication pattern features with detection precision of 89.9%. Our proposed feature set improves precision by 94%.
2018年05期 v.23 561-573页 [查看摘要][在线阅读][下载 1302K] [下载次数:96 ] |[网刊下载次数:0 ] |[引用频次:6 ] |[阅读次数:0 ] - Ming Tang;Yuguang Li;Yanbin Li;Pengbo Wang;Dongyan Zhao;Weigao Chen;Huanguo Zhang;
Masking is one of the most commonly used Side-Channel Attack(SCA) countermeasures and is built on a security framework, such as the ISW framework, and ensures theoretical security through secret sharing.Unfortunately, the theoretical security cannot guarantee practical security, because several possible weaknesses may exist in the actual implementation. These weaknesses likely come from the masking schemes or are introduced by the implementation methods. Finding the possible weakness of the masking scheme is an interesting and important issue for real applications. In this paper, the possible weaknesses for masking schemes in FieldProgrammable Gate Array(FPGA) design are discussed. It was found that the combinational circuit is the key to the security of masking schemes. The Toggle Count(TC) method and its extension are utilized to evaluate the security of masking schemes in the design phase and the implementation phase separately. Comparing different logic-level simulators for the Xilinx FPGA platform, the behavioral and post-translate simulations are considered as the analysis method in the design phase, while the post-map and the post-route simulations are used to find the weakness during the implementation phase. Moreover, a Standard Delay Format(SDF) based improvement scheme is proposed to significantly increase the effectiveness of the TC model.
2018年05期 v.23 574-585页 [查看摘要][在线阅读][下载 2238K] [下载次数:20 ] |[网刊下载次数:0 ] |[引用频次:0 ] |[阅读次数:0 ] - Ming Tang;Yuguang Li;Yanbin Li;Pengbo Wang;Dongyan Zhao;Weigao Chen;Huanguo Zhang;
Masking is one of the most commonly used Side-Channel Attack(SCA) countermeasures and is built on a security framework, such as the ISW framework, and ensures theoretical security through secret sharing.Unfortunately, the theoretical security cannot guarantee practical security, because several possible weaknesses may exist in the actual implementation. These weaknesses likely come from the masking schemes or are introduced by the implementation methods. Finding the possible weakness of the masking scheme is an interesting and important issue for real applications. In this paper, the possible weaknesses for masking schemes in FieldProgrammable Gate Array(FPGA) design are discussed. It was found that the combinational circuit is the key to the security of masking schemes. The Toggle Count(TC) method and its extension are utilized to evaluate the security of masking schemes in the design phase and the implementation phase separately. Comparing different logic-level simulators for the Xilinx FPGA platform, the behavioral and post-translate simulations are considered as the analysis method in the design phase, while the post-map and the post-route simulations are used to find the weakness during the implementation phase. Moreover, a Standard Delay Format(SDF) based improvement scheme is proposed to significantly increase the effectiveness of the TC model.
2018年05期 v.23 574-585页 [查看摘要][在线阅读][下载 2238K] [下载次数:20 ] |[网刊下载次数:0 ] |[引用频次:0 ] |[阅读次数:0 ] - Ming Tang;Maixing Luo;Junfeng Zhou;Zhen Yang;Zhipeng Guo;Fei Yan;Liang Liu;
Existing Side-Channel Attacks(SCAs) have several limitations and, rather than to be real attack methods,can only be considered to be security evaluation methods. Their limitations are mainly related to the sampling conditions, such as the trigger signal embedded in the source code of the encryption device, and the acquisition device that serves as the encryption-device controller. Apart from it being very difficult for an attacker to add a trigger into the original design before making an attack or to control the encryption device, there is a big gap in the capacity of existing SCAs to pose real threats to cipher devices. In this paper, we propose a new method, the sliding window SCA(SW-SCA), which can be applied in scenarios in which the acquisition device is independent of the encryption device and for which the encryption source code requires no trigger signal or modification. First,we describe the main issues in existing SCAs, then we theoretically analyze the effectiveness and complexity of our proposed SW-SCA —a method that can incorporate a sliding-window mechanism into almost all of the existing non-profiled SCAs. The experimental results for both simulated and physical traces verify the effectiveness of the SW-SCA and the appropriateness of its theoretical complexity.
2018年05期 v.23 586-598页 [查看摘要][在线阅读][下载 2711K] [下载次数:32 ] |[网刊下载次数:0 ] |[引用频次:2 ] |[阅读次数:0 ] - Ming Tang;Maixing Luo;Junfeng Zhou;Zhen Yang;Zhipeng Guo;Fei Yan;Liang Liu;
Existing Side-Channel Attacks(SCAs) have several limitations and, rather than to be real attack methods,can only be considered to be security evaluation methods. Their limitations are mainly related to the sampling conditions, such as the trigger signal embedded in the source code of the encryption device, and the acquisition device that serves as the encryption-device controller. Apart from it being very difficult for an attacker to add a trigger into the original design before making an attack or to control the encryption device, there is a big gap in the capacity of existing SCAs to pose real threats to cipher devices. In this paper, we propose a new method, the sliding window SCA(SW-SCA), which can be applied in scenarios in which the acquisition device is independent of the encryption device and for which the encryption source code requires no trigger signal or modification. First,we describe the main issues in existing SCAs, then we theoretically analyze the effectiveness and complexity of our proposed SW-SCA —a method that can incorporate a sliding-window mechanism into almost all of the existing non-profiled SCAs. The experimental results for both simulated and physical traces verify the effectiveness of the SW-SCA and the appropriateness of its theoretical complexity.
2018年05期 v.23 586-598页 [查看摘要][在线阅读][下载 2711K] [下载次数:32 ] |[网刊下载次数:0 ] |[引用频次:2 ] |[阅读次数:0 ] - Chun Shan;Liyuan Liu;Jingfeng Xue;Changzhen Hu;Hongjin Zhu;
The analysis of software system evolution is highly significant in software research as the evolution runs throughout the lifecycle of a software system. Considering a software system as an algebraic engineering system,we propose a software system evolution analysis method based on algebraic topology. First, from a complex network perspective, we abstract a software system into the software structural topology diagram. Then, based on the algebraic topology principle, we abstract each node in the software structural topology diagram into an algebraic component represented by a 6-tuple. We propose three kinds of operation relationships between two algebraic components, so that the software system can be abstracted into an algebraic expression of components.In addition, we propose three forms of software system evolution, which help to analyze the structure and evolution of system software and facilitate its maintenance and reconfiguration.
2018年05期 v.23 599-609页 [查看摘要][在线阅读][下载 2061K] [下载次数:36 ] |[网刊下载次数:0 ] |[引用频次:3 ] |[阅读次数:0 ] - Chun Shan;Liyuan Liu;Jingfeng Xue;Changzhen Hu;Hongjin Zhu;
The analysis of software system evolution is highly significant in software research as the evolution runs throughout the lifecycle of a software system. Considering a software system as an algebraic engineering system,we propose a software system evolution analysis method based on algebraic topology. First, from a complex network perspective, we abstract a software system into the software structural topology diagram. Then, based on the algebraic topology principle, we abstract each node in the software structural topology diagram into an algebraic component represented by a 6-tuple. We propose three kinds of operation relationships between two algebraic components, so that the software system can be abstracted into an algebraic expression of components.In addition, we propose three forms of software system evolution, which help to analyze the structure and evolution of system software and facilitate its maintenance and reconfiguration.
2018年05期 v.23 599-609页 [查看摘要][在线阅读][下载 2061K] [下载次数:36 ] |[网刊下载次数:0 ] |[引用频次:3 ] |[阅读次数:0 ] - Kai Fan;Hui Li;Wei Jiang;Chengsheng Xiao;Yintang Yang;
With the increasing popularity of fintech, i.e., financial technology, the e-commerce market has grown rapidly in the past decade, such that mobile devices enjoy unprecedented popularity and are playing an everincreasing role in e-commerce. This is especially true of mobile payments, which are attracting increasing attention.However, the occurrence of many traditional financial mishaps has exposed the challenges inherent in online authentication technology that is based on traditional modes of realizing the healthy and stable development of mobile payment. In addition, this technology ensures user account security and privacy. In this paper, we propose a Secure Mutual Authentication Protocol(SMAP) based on the Universal 2 nd Factor(U2 F) protocol for mobile payment. To guarantee reliable service, we use an asymmetric cryptosystem for achieving mutual authentication between the server and client, which can resist fake servers and forged terminals. Compared to the modes currently used, the proposed protocol strengthens the security of user account information as well as individual privacy throughout the mobile-payment transaction process. Practical application has proven the security and convenience of the proposed protocol.
2018年05期 v.23 610-620页 [查看摘要][在线阅读][下载 817K] [下载次数:96 ] |[网刊下载次数:0 ] |[引用频次:9 ] |[阅读次数:0 ] - Kai Fan;Hui Li;Wei Jiang;Chengsheng Xiao;Yintang Yang;
With the increasing popularity of fintech, i.e., financial technology, the e-commerce market has grown rapidly in the past decade, such that mobile devices enjoy unprecedented popularity and are playing an everincreasing role in e-commerce. This is especially true of mobile payments, which are attracting increasing attention.However, the occurrence of many traditional financial mishaps has exposed the challenges inherent in online authentication technology that is based on traditional modes of realizing the healthy and stable development of mobile payment. In addition, this technology ensures user account security and privacy. In this paper, we propose a Secure Mutual Authentication Protocol(SMAP) based on the Universal 2 nd Factor(U2 F) protocol for mobile payment. To guarantee reliable service, we use an asymmetric cryptosystem for achieving mutual authentication between the server and client, which can resist fake servers and forged terminals. Compared to the modes currently used, the proposed protocol strengthens the security of user account information as well as individual privacy throughout the mobile-payment transaction process. Practical application has proven the security and convenience of the proposed protocol.
2018年05期 v.23 610-620页 [查看摘要][在线阅读][下载 817K] [下载次数:96 ] |[网刊下载次数:0 ] |[引用频次:9 ] |[阅读次数:0 ] - Zhenge Guo;Xueguang Gao;Qiang Ma;Jizhong Zhao;
Multi-party applications are becoming popular due to the development of mobile smart devices. In this work, we explore Secure Device Pairing(SDP), a novel pairing mechanism, which allows users to use smart watches to detect the handshake between users, and use the shaking information to create security keys that are highly random. Thus, we perform device pairing without complicated operations. SDP dynamically adjusts the sensor's sampling frequency and uses different classifiers at varying stages to save the energy. A multi-level quantization algorithm is used to maximize the mutual information between two communicating entities without information leakage. We evaluate the main modules of SDP with 1800 sets of handshake data. Results show that the recognition accuracy of the handshake detection algorithm is 98.2%, and the power consumption is only 1/3 of that of the single sampling frequency classifier.
2018年05期 v.23 621-633页 [查看摘要][在线阅读][下载 1282K] [下载次数:20 ] |[网刊下载次数:0 ] |[引用频次:1 ] |[阅读次数:0 ] - Zhenge Guo;Xueguang Gao;Qiang Ma;Jizhong Zhao;
Multi-party applications are becoming popular due to the development of mobile smart devices. In this work, we explore Secure Device Pairing(SDP), a novel pairing mechanism, which allows users to use smart watches to detect the handshake between users, and use the shaking information to create security keys that are highly random. Thus, we perform device pairing without complicated operations. SDP dynamically adjusts the sensor's sampling frequency and uses different classifiers at varying stages to save the energy. A multi-level quantization algorithm is used to maximize the mutual information between two communicating entities without information leakage. We evaluate the main modules of SDP with 1800 sets of handshake data. Results show that the recognition accuracy of the handshake detection algorithm is 98.2%, and the power consumption is only 1/3 of that of the single sampling frequency classifier.
2018年05期 v.23 621-633页 [查看摘要][在线阅读][下载 1282K] [下载次数:20 ] |[网刊下载次数:0 ] |[引用频次:1 ] |[阅读次数:0 ]