Lu Ou

Malware Variant Detection Using Opcode Image Recognition with Small Training Sets

Malware detection becomes mission critical as its threats spread from personal computers to industrial control systems. Modern malware generally equips with sophisticated anti-detection mechanisms such as code-morphism, which allows the malware to evolve into many variants and bypass traditional code feature based detection systems. In this paper, we propose to disassemble binary executables into opcodes sequences, and then convert the opcodes into images. By comparing the opcode images generated from binary targets with the opcode images generated from known malware sample codes, we can detect if the target binary executables contain variants of these known malwares. Theoretical analysis and real-life experiments results show that malware detection using visualized analysis is comparable in terms of accuracy, our approach can significantly improve 15\% of detection accuracy when the detection set contains a large quantity of binaries and the training set is small.

A query privacy-enhanced and secure search scheme over encrypted data in cloud computing

Abstract With the emerging of the cloud computing, secure search over encrypted cloud data has become a hot research spot. Previous schemes achieve weaker query privacy-preserving ability due to the limitations of query trapdoor generation mechanisms. In these schemes, a data owner usually knows fully well the query contents of data users and a data user can also easily analyze query contents of another data user. In some application scenarios, the data user may be unwilling to leak their query privacy to anyone else except himself. We propose a privacy-enhanced search scheme by allowing the data user to generate random query trapdoor every time. We leverage Bloom filter and bilinear pairing operation to construct secure index for each data file, which enables the cloud to perform search without obtaining any useful information. We prove that our scheme is secure and extensive experiments demonstrate the correctness and practicality of the proposed scheme.

Achieving Secure, Universal, and Fine-Grained Query Results Verification for Secure Search Scheme over Encrypted Cloud Data

Secure search techniques over encrypted cloud data allow an authorized user to query data files of interest by submitting encrypted query keywords to the cloud server in a privacy-preserving manner. However, in practice, the returned query results may be incorrect or incomplete in the dishonest cloud environment. For example, the cloud server may intentionally omit some qualified results to save computational resources and communication overhead. Thus, a well-functioning secure query system should provide a query results verification mechanism that allows the data user to verify results. In this paper, we design a secure, easily integrated, and fine-grained query results verification mechanism, by which, given an encrypted query results set, the query user not only can verify the correctness of each data file in the set but also can further check how many or which qualified data files are not returned if the set is incomplete before decryption. The verification scheme is loose-coupling to concrete secure search techniques and can be very easily integrated into any secure query scheme. We achieve the goal by constructing secure verification object for encrypted cloud data. Furthermore, a short signature technique with extremely small storage cost is proposed to guarantee the authenticity of verification object and a verification object request technique is presented to allow the query user to securely obtain the desired verification object. Performance evaluation shows that the proposed schemes are practical and efficient.

Secure Conjunctive Multi-Keyword Search for Multiple Data Owners in Cloud Computing

Recently, secure search over encrypted cloud data has become a hot research spot and challenging task. Some secure search schemes have been proposed to try to meet this challenge. In this paper, we propose a conjunctive multi-keyword secure search scheme for multiple data owners. To guarantee data security and system flexibility in the multiple data owners environment, we design an ingenious secure query scheme that allows each data owner to adopt randomly chosen temporary keys to build secure indexes for different data files. An authorized data user does not need to know these temporary keys of constructing indexes and can instead randomly choose another temporary query keys to encrypt query keywords while the cloud can correctly perform keywords matching over encrypted data files. Extensive experiments demonstrate the correctness and practicality of the proposed scheme.

An Efficient and Privacy-Preserving Multiuser Cloud-Based LBS Query Scheme

Location-based services (LBSs) are increasingly popular in today’s society. People reveal their location information to LBS providers to obtain personalized services such as map directions, restaurant recommendations, and taxi reservations. Usually, LBS providers offer user privacy protection statement to assure users that their private location information would not be given away. However, many LBSs run on third-party cloud infrastructures. It is challenging to guarantee user location privacy against curious cloud operators while still permitting users to query their own location information data. In this paper, we propose an efficient privacy-preserving cloud-based LBS query scheme for the multiuser setting. We encrypt LBS data and LBS queries with a hybrid encryption mechanism, which can efficiently implement privacy-preserving search over encrypted LBS data and is very suitable for the multiuser setting with secure and effective user enrollment and user revocation. This paper contains security analysis and performance experiments to demonstrate the privacy-preserving properties and efficiency of our proposed scheme.

An Approach to Rule Placement in Software-Defined Networks

Software-Defined Networks (SDN) is a trend of research in networks. Rule placement, a common operation for network administrators, has become more complicated due to the capacity limitation of devices in which the large number of rules are deployed. Prior works on rule placement mostly consider the influence on rule placement incurred by the rules in a single device. However, the position relationships between neighbor devices have influences on rule placement. Our basic idea is to classify the position relationships into two categories: the serial relationship and the parallel relationship, and we present a novel strategy for rule placement based on the two different position relationships. There are two challenges of implementing our strategies: to check whether a rule is contained by a rule set or not and to check whether a rule can be merged by other rules or not.To overcome the challenges, we propose a novel data structure called OPTree to represent the rules, which is convenient to check whether a rule is covered by other rules. We design the insertion algorithm and search algorithm for OPTree. Extensive experiments show that our approach can effectively reduce the number of rules while ensuring placed rules work. On the other hand, the experimental results also demonstrate that it is necessary to consider the position relationships between neighbor devices when placing rules.

A Secure and Fine-Grained Query Results Verification Scheme for Private Search Over Encrypted Cloud Data

In a secure query scheme over the encrypted cloud data, an authorized cloud user can obtain data files of interest by submitting encrypted query keywords to the cloud server, which performs a certain secure search algorithm and returns back the corresponding data file set. In practice, the returned query results may be incorrect or incomplete due to possible data corruption, software bugs, or intermediate attackers who maliciously tamper with results; moreover, the cloud server may also intentionally omit some qualified results to save computational resources and communication overhead. Thus, a well-functioning secure query system should provide the query results verification mechanism that allows the data user to verify results. In this paper, we design three varigrained and secure query results verification constructions leveraging the Bloom filter and cryptographic hash functions, for a query result set R, by which the data user can verify: (1) the correctness of each data file in R, (2) how many qualified data files are not returned by the cloud, and (3) which qualified data files are not returned by the cloud, respectively. Furthermore, our proposed verification mechanism can be very easily integrated into all secure query schemes for cloud computing. Performance evaluation shows that the proposed schemes are practical and efficient.