Baojiang Cui

An improved payload-based anomaly detector for web applications

Abstract Payload-based anomaly detection can find out the malicious behavior hidden in network packets rather efficiently. It is quite suitable for securing web applications, which are used widely and a major concern of cyber security nowadays. Our research is based on McPAD. We argue that the assumption about the probability distribution of features in outlier class is not appropriate and figure out a more suitable distribution by analyzing the common types of web attacks. Furthermore, we propose a new mapping algorithm for dimensionality reduction in order to improve the performance of the original one. Finally, we try to speed up the training process without significantly affect the detection performance. The experimental results show that the training time can be reduced by an average of 24.75%.

A program behavior recognition algorithm based on assembly instruction sequence similarity

The analysis on assembly instruction sequence plays a vital role in the field of measuring software similarity, malware recognition and software analysis, etc. This paper summarizes the features of assembly instructions, builds a six-group model and puts forward an algorithm of calculating similarity of assembly instructions. On that base a set of methods of calculating similarity of assembly instruction sequence are summarized. The preliminary experimental results show that it has high efficiency and good effect.

Searchable symmetric encryption based on the inner product for cloud storage

Searchable encryption enables the data owner to store their own data after encrypting them in the cloud. Searchable encryption also allows the client to search over the data without leaking any information about it. In this paper, we first introduce a searchable symmetric encryption scheme based on the inner product: it is more efficient to compute the inner product of two vectors. In our construction, the parties can be data owners, clients or the cloud server. Three parties communicate with each other through the inner product to achieve the goal that client can search the data in cloud without leaking any information on the data the owner stored in the cloud. We then perform a security analysis and performance evaluation, which show that our algorithm and construction are secure and efficient.

A Malware Detection Method Based on Sandbox, Binary Instrumentation and Multidimensional Feature Extraction

With the development of software security technology, more and more malicious programs constantly uses new confusion and feature hiding techniques, the malware detection technology need to upgrade urgently. This paper presents a malware detection method based on sandbox, binary instrumentation and multidimensional feature extraction. We introduced the design and implementation of sandbox, feature extractor and the classifier. Finally, we merged multiple models and get a pretty well classifier for the malware detection.

Hinge Classification Algorithm Based on Asynchronous Gradient Descent.

With the advent of the era of big data, the application of Machine Learning (ML) is widely applied to the abnormal traffic detection. Detecting network anomalies plays an important role in network security. However, the large-scale traffic data detection is still a difficult problem at present. In this paper, we design a new algorithm that we called hinge classification algorithm based on mini-batch gradient descent (HCA-BAGD) to detect network anomalies. Compared with traditional traffic classification methods, such as Neural Network, Decision Tree, Logistic Regression, the algorithm can significantly boost the scale and speed of deep network training. We also solve the problem of data skew in Shuffle phase which has plagued the industry for a long time.

Research on UPnP Protocol Security of Gateway Device

UPnP (Universal Plug and Play) protocol has been frequently applied to the Internet gateway device. However, with the gateway device becoming intelligent, UPnP generated more and more security issues. Therefore, the current research aims to introduce the workflow of UPnP protocol in gateway equipment, analyze the security problems existing in some workflows and realize a set of UPnP detection and utilization system for UPnP in the application of gateway device.

Mocov: Model Based Fuzzing Through Coverage Guided Technology

Fuzzing is an effective and widely used technique to find bugs and vulnerabilities in program. It triggers the vulnerable condition in program execution by inputting randomly-mutated seeds into program to be tested. It is difficult for random fuzzing to find bugs hided deeply in the target program with complex structured input formats due to its blindly emitting random data. In this paper, we propose an effective model-based fuzzing system, named Mocov, which leverages the coverage-guided technology. Mocov uses model-based technology to find deeply-hided bugs in the target program and uses instrumentation approach to feedback the runtime information in order to avoid blindness. It has the advantages and avoids the disadvantages of both technologies. We test the Mocov using a program elaborately designed. The result showed that it can generate fine seeds and improve the code coverage compared with Peach.

Embedded System Vulnerability Mining Technology Based on In-memory Fuzzing Test

For embedded system vulnerability mining technology, due to the dependence of the program on the hardware environment, the efficiency of traditional fuzz embedded program is very low, and it is difficult to cover some program execution path, which seriously affects the efficiency and quality of the embedded program for vulnerability mining. The paper presented an embedded system vulnerability mining technology based on a memory fuzz test. It can directly test any part of program without the restrictions. In addition, the fuzzing test is done directly in memory, without any unrelated interface, which can greatly improve the efficiency of fuzzing test for the embedded procedures.

The generation of XSS attacks developing in the detect detection

In recent years, the web security events emerge in endlessly, web security has been widely concerned. Cross-site scripting (XSS) attack is one of the most foremost threats which using malicious scripts injected into Web applications and executing the scripts in the client browsers. Moreover, attacker could also combine other means of attack with XSS vulnerabilities to do further attacks, which would lead to disclosure of user privacy and even property damage. Common detect detection methods include black-box testing and white-box testing. Black-box testing scans faster while it can not locate the specific codes which cause the vulnerabilities. White-box audit tools can locate the specific codes while it spends lots of time to analyze all codes. We propose a novel approach to locate the vulnerabilities which combines Fuzzing test and dynamic taint analysis, and design system prototype, then verification and testing.

Design and implementation of software consistency detection system based on Netty framework

For studying the consistent detection problem of software code deployed on the server, analysing the existing domestic and foreign consistency detection technology, based on the Netty framework and consistent hash comparison, achieved a software consistency detecting system for remote server. The system can effectively detect software’s consistency information which deployed on the server, and realize communication between server and client by Netty, including comparing task management, comparing information interaction, and through with traditional IO, asynchronous NIO of comparative tests proved the effectiveness and efficiency of the system.