Bolt-Dumbo Transformer: Asynchronous Consensus As Fast As the Pipelined BFT
An urgent demand of deploying BFT consensus over the Internet is raised for implementing blockchain services. The deterministic (partial) synchronous protocols can be simple and fast in good network conditions, but are subject to denial-of-service when synchrony assumption fails. Asynchronous protocols, on the contrary, are robust against the adversarial network, but are substantially more complicated and slower for the inherent use of randomness. Facing the issues, optimistic asynchronous atomic broadcast ( Kursawe-Shoup, 2002; Ramasamy-Cachin, 2005) was proposed to improve the normal-case performance of the slow asynchronous consensus. They run a deterministic fastlane if the network condition remains good, and can fall back to a fully asynchronous protocol via a pace-synchronization mechanism if the fastlane fails. Unfortunately, existing pace-synchronization directly uses a heavy tool of asynchronous multi-valued validated Byzantine agreement (MVBA). We present Bolt-Dumbo Transformer (BDT), a generic framework for practical optimistic asynchronous atomic broadcast. At the core of BDT, we set forth a new fastlane abstraction that is simple and fast, while preparing honest parties to gracefully face potential fastlane failures caused by malicious leader or bad network. This enables a highly efficient pace-synchronization to handle fallback. The resulting design reduces a cumbersome MVBA to a variant of the conceptually simplest binary agreement only. Besides detailed security analyses, we also give concrete instantiations of our framework and implement them. Extensive experiments demonstrate that BDT can enjoy both the low latency of deterministic protocols (e.g. 2-chain version of HotStuff) and the robustness of state-of-the-art asynchronous protocols in practice.
Updated: 2022-08-31 22:09:26
标题: 螺栓-小飞象变压器:异步一致性与流水线式BFT一样快
摘要: 在实现区块链服务时,对在互联网上部署BFT共识提出了迫切需求。确定性(部分)同步协议在良好的网络条件下可能简单快速,但一旦同步假设失败就容易受到拒绝服务攻击。相反,异步协议虽然对抗网络攻击更为强大,但由于固有地使用随机性,更为复杂和缓慢。 面对这些问题,乐观的异步原子广播(Kursawe-Shoup,2002; Ramasamy-Cachin,2005)被提出以改善慢异步共识的正常情况性能。如果网络条件保持良好,它们将运行一个确定性的快车道,并且可以通过一个速率同步机制回退到完全异步协议,如果快车道失败。不幸的是,现有的速率同步直接使用了一种重型异步多值验证拜占庭协议(MVBA)工具。 我们提出了Bolt-Dumbo Transformer(BDT),一个用于实际乐观异步原子广播的通用框架。在BDT的核心,我们提出了一个新的快车道抽象,它简单快速,同时使诚实的参与方能够优雅地面对恶意领导者或恶劣网络造成的快车道失败。这使得高效的速率同步能够处理回退。由此设计将繁琐的MVBA简化为概念上最简单的二进制协议的变体。除了详细的安全分析,我们还提供了我们框架的具体实例化和实现。广泛的实验表明,BDT在实践中既能享受确定性协议(如HotStuff的2链版本)低延迟,又能享受最先进的异步协议的稳健性。
更新时间: 2022-08-31 22:09:26
领域: cs.CR,cs.DC
SSLGuard: A Watermarking Scheme for Self-supervised Learning Pre-trained Encoders
Self-supervised learning is an emerging machine learning paradigm. Compared to supervised learning which leverages high-quality labeled datasets, self-supervised learning relies on unlabeled datasets to pre-train powerful encoders which can then be treated as feature extractors for various downstream tasks. The huge amount of data and computational resources consumption makes the encoders themselves become the valuable intellectual property of the model owner. Recent research has shown that the machine learning model's copyright is threatened by model stealing attacks, which aim to train a surrogate model to mimic the behavior of a given model. We empirically show that pre-trained encoders are highly vulnerable to model stealing attacks. However, most of the current efforts of copyright protection algorithms such as watermarking concentrate on classifiers. Meanwhile, the intrinsic challenges of pre-trained encoder's copyright protection remain largely unstudied. We fill the gap by proposing SSLGuard, the first watermarking scheme for pre-trained encoders. Given a clean pre-trained encoder, SSLGuard injects a watermark into it and outputs a watermarked version. The shadow training technique is also applied to preserve the watermark under potential model stealing attacks. Our extensive evaluation shows that SSLGuard is effective in watermark injection and verification, and it is robust against model stealing and other watermark removal attacks such as input noising, output perturbing, overwriting, model pruning, and fine-tuning.
Updated: 2022-08-31 20:08:15
标题: SSLGuard:用于自监督学习预训练编码器的水印方案
摘要: 自监督学习是一种新兴的机器学习范例。与依赖高质量标记数据集的监督学习相比,自监督学习依赖未标记数据集来预训练强大的编码器,然后可以将其视为各种下游任务的特征提取器。大量数据和计算资源的消耗使编码器本身成为模型所有者的宝贵知识产权。最近的研究表明,机器学习模型的版权受到模型窃取攻击的威胁,这些攻击旨在训练一个替代模型来模仿给定模型的行为。我们实证证明,预训练编码器对模型窃取攻击非常脆弱。然而,目前大部分版权保护算法的努力,如水印技术,集中在分类器上。与此同时,预训练编码器版权保护的固有挑战仍然大部分未被研究。我们通过提出SSLGuard填补了这一空白,这是针对预训练编码器的第一个水印方案。给定一个干净的预训练编码器,SSLGuard将水印注入其中并输出一个带水印的版本。还应用了影子训练技术,以在潜在的模型窃取攻击下保留水印。我们的广泛评估显示,SSLGuard在水印注入和验证方面是有效的,并且对于模型窃取和其他水印删除攻击,如输入噪声、输出扰动、覆写、模型修剪和微调,也具有鲁棒性。
更新时间: 2022-08-31 20:08:15
领域: cs.CR,cs.LG
Wiggle: Physical Challenge-Response Verification of Vehicle Platooning
Autonomous vehicle platooning promises many benefits such as fuel efficiency, road safety, reduced traffic congestion, and passenger comfort. Platooning vehicles travel in a single file, in close distance, and at the same velocity. The platoon formation is autonomously maintained by a Cooperative Adaptive Cruise Control (CACC) system which relies on sensory data and vehicle-to-vehicle (V2V) communications. In fact, V2V messages play a critical role in shortening the platooning distance while maintaining safety. Whereas V2V message integrity and source authentication can be verified via cryptographic methods, establishing the truthfulness of the message contents is a much harder task. This work establishes a physical access control mechanism to restrict V2V messages to platooning members. Specifically, we aim at tying the digital identity of a candidate requesting to join a platoon to its physical trajectory relative to the platoon. We propose the {\em Wiggle} protocol that employs a physical challenge-response exchange to prove that a candidate requesting to be admitted into a platoon actually follows it. The protocol name is inspired by the random longitudinal movements that the candidate is challenged to execute. {\em Wiggle} prevents any remote adversary from joining the platoon and injecting fake CACC messages. Compared to prior works, {\em Wiggle} is resistant to pre-recording attacks and can verify that the candidate is directly behind the verifier at the same lane.
Updated: 2022-08-31 19:28:42
标题: 摇摆:车队编队的物理挑战-响应验证
摘要: 自主驾驶车队列化承诺带来许多好处,如燃油效率、道路安全、减少交通拥堵和乘客舒适性。车队列化车辆单行行驶,间距紧密,速度相同。车队形成由合作自适应巡航控制(CACC)系统自主维持,依赖传感器数据和车辆间(V2V)通信。实际上,V2V消息在缩短车队列化间距的同时保持安全起到了至关重要的作用。虽然V2V消息的完整性和源认证可以通过加密方法验证,但确立消息内容的真实性是一项更艰难的任务。 该研究建立了一种物理访问控制机制,将V2V消息限制在车队列化成员之间。具体而言,我们旨在将请求加入车队列化的候选者的数字身份与其相对于车队列化的物理轨迹联系起来。我们提出了“Wiggle”协议,该协议利用物理挑战-响应交换来证明请求加入车队列化的候选者实际上遵循它。该协议名称受到候选者被要求执行的随机纵向移动的启发。Wiggle防止任何远程对手加入车队列化并注入虚假的CACC消息。与先前的工作相比,Wiggle对预先录制攻击具有抵抗力,并可以验证候选者是否直接跟随验证者在同一车道后方。
更新时间: 2022-08-31 19:28:42
领域: cs.CR
Subverting Stateful Firewalls with Protocol States (Extended Version)
We analyzed the generation of protocol header fields in the implementations of multiple TCP/IP network stacks and found new ways to leak information about global protocol states. We then demonstrated new covert channels by remotely observing and modifying the system's global state via these protocol fields. Unlike earlier works, our research focuses on hosts that reside in firewalled networks (including source address validation -- SAV), which is a very common scenario nowadays. Our attacks are designed to be non-disruptive -- in the exfiltration scenario, this makes the attacks stealthier and thus extends their longevity, and in case of host alias resolution and similar techniques -- this ensures the techniques are ethical. We focused on ICMP, which is commonly served by firewalls, and on UDP, which is forecasted to take a more prominent share of the Internet traffic with the advent of HTTP/3 and QUIC, though we report results for TCP as well. The information leakage scenarios we discovered enable the construction of practical covert channels which directly pierce firewalls, or indirectly establish communication via hosts in firewalled networks that also employ SAV. We describe and test three novel attacks in this context: exfiltration via the firewall itself, exfiltration via a DMZ host, and exfiltration via co-resident containers. These are three generic, new use cases for covert channels that work around firewalling and enable devices that are not allowed direct communication with the Internet, to still exfiltrate data out of the network. In other words, we exfiltrate data from isolated networks to the Internet. We also explain how to mount known attacks such as host alias resolution, de-NATting and container co-residence detection, using the new information leakage techniques.
Updated: 2022-08-31 18:18:02
标题: 使用协议状态颠覆有状态防火墙(扩展版本)
摘要: 我们分析了多个TCP/IP网络堆栈实现中协议头字段的生成,并发现了泄漏全局协议状态信息的新方法。然后,我们通过这些协议字段远程观察和修改系统的全局状态,展示了新的隐蔽通道。与先前的研究不同,我们的研究重点放在了驻留在防火墙网络中的主机上(包括源地址验证--SAV),这是一种非常常见的情况。我们的攻击设计为非破坏性--在渗透场景中,这使得攻击更加隐蔽,从而延长了其寿命,并且在主机别名解析和类似技术的情况下--这确保了这些技术是符合道德的。我们关注了ICMP和UDP,ICMP通常由防火墙提供,UDP随着HTTP/3和QUIC的出现预计将占据更显著的互联网流量份额,尽管我们也报告了TCP的结果。 我们发现的信息泄漏场景使得可以构建实际的隐蔽通道,直接穿透防火墙,或通过也采用SAV的防火墙网络中的主机间接建立通信。在这个背景下,我们描述并测试了三种新的攻击:通过防火墙本身进行渗透,通过DMZ主机进行渗透,以及通过共存容器进行渗透。这是对隐蔽通道的三种通用的新用例,可以绕过防火墙,并使得不允许直接与互联网通信的设备仍然能够将数据从网络中渗透出去。换句话说,我们将数据从孤立网络中渗透到互联网上。我们还解释了如何利用新的信息泄漏技术发动已知的攻击,如主机别名解析、去NAT化和容器共存检测。
更新时间: 2022-08-31 18:18:02
领域: cs.CR
Zero-day DDoS Attack Detection
The ability to detect zero-day (novel) attacks has become essential in the network security industry. Due to ever evolving attack signatures, existing network intrusion detection systems often fail to detect these threats. This project aims to solve the task of detecting zero-day DDoS (distributed denial-of-service) attacks by utilizing network traffic that is captured before entering a private network. Modern feature extraction techniques are used in conjunction with neural networks to determine if a network packet is either benign or malicious.
Updated: 2022-08-31 17:14:43
标题: 标题翻译:零日DDoS攻击检测
摘要: 检测零日(新颖)攻击的能力已经成为网络安全行业中至关重要的一环。由于攻击特征不断演变,现有的网络入侵检测系统经常无法检测到这些威胁。本项目旨在通过利用进入私人网络之前捕获的网络流量来解决检测零日分布式拒绝服务(DDoS)攻击的任务。现代特征提取技术与神经网络结合使用,以确定网络数据包是良性还是恶意的。
更新时间: 2022-08-31 17:14:43
领域: cs.CR,cs.LG,cs.NI
Deep-Learning-Based Device Fingerprinting for Increased LoRa-IoT Security: Sensitivity to Network Deployment Changes
Deep-learning-based device fingerprinting has recently been recognized as a key enabler for automated network access authentication. Its robustness to impersonation attacks due to the inherent difficulty of replicating physical features is what distinguishes it from conventional cryptographic solutions. Although device fingerprinting has shown promising performances, its sensitivity to changes in the network operating environment still poses a major limitation. This paper presents an experimental framework that aims to study and overcome the sensitivity of LoRa-enabled device fingerprinting to such changes. We first begin by describing RF datasets we collected using our LoRa-enabled wireless device testbed. We then propose a new fingerprinting technique that exploits out-of-band distortion information caused by hardware impairments to increase the fingerprinting accuracy. Finally, we experimentally study and analyze the sensitivity of LoRa RF fingerprinting to various network setting changes. Our results show that fingerprinting does relatively well when the learning models are trained and tested under the same settings. However, when trained and tested under different settings, these models exhibit moderate sensitivity to channel condition changes and severe sensitivity to protocol configuration and receiver hardware changes when IQ data is used as input. However, with FFT data is used as input, they perform poorly under any change.
Updated: 2022-08-31 16:53:05
标题: 基于深度学习的设备指纹技术用于提高LoRa-IoT安全性:对网络部署变化的敏感性
摘要: 基于深度学习的设备指纹识别最近被认为是自动网络访问认证的关键推动因素。由于难以复制物理特征,其对伪装攻击的抗性使其与传统的加密解决方案有所区别。尽管设备指纹识别表现出有希望的性能,但其对网络操作环境变化的敏感性仍然是一个主要限制。本文提出了一个实验框架,旨在研究并克服LoRa设备指纹识别对这些变化的敏感性。我们首先描述了使用我们的LoRa无线设备测试平台收集的射频数据集。然后,我们提出了一种利用硬件损坏引起的带外失真信息来提高指纹识别准确性的新技术。最后,我们实验性地研究和分析了LoRa射频指纹识别对各种网络设置变化的敏感性。我们的结果表明,在相同设置下训练和测试学习模型时,指纹识别表现相对良好。然而,当在不同设置下训练和测试时,这些模型对信道条件变化表现出中等敏感性,对协议配置和接收器硬件变化表现出严重敏感性,当IQ数据作为输入时。然而,当使用FFT数据作为输入时,它们在任何变化下表现不佳。
更新时间: 2022-08-31 16:53:05
领域: cs.LG,cs.CR
Microwalk-CI: Practical Side-Channel Analysis for JavaScript Applications
Secret-dependent timing behavior in cryptographic implementations has resulted in exploitable vulnerabilities, undermining their security. Over the years, numerous tools to automatically detect timing leakage or even to prove their absence have been proposed. However, a recent study at IEEE S&P 2022 showed that, while many developers are aware of one or more analysis tools, they have major difficulties integrating these into their workflow, as existing tools are tedious to use and mapping discovered leakages to their originating code segments requires expert knowledge. In addition, existing tools focus on compiled languages like C, or analyze binaries, while the industry and open-source community moved to interpreted languages, most notably JavaScript. In this work, we introduce Microwalk-CI, a novel side-channel analysis framework for easy integration into a JavaScript development workflow. First, we extend existing dynamic approaches with a new analysis algorithm, that allows efficient localization and quantification of leakages, making it suitable for use in practical development. We then present a technique for generating execution traces from JavaScript applications, which can be further analyzed with our and other algorithms originally designed for binary analysis. Finally, we discuss how Microwalk-CI can be integrated into a continuous integration (CI) pipeline for efficient and ongoing monitoring. We evaluate our analysis framework by conducting a thorough evaluation of several popular JavaScript cryptographic libraries, and uncover a number of critical leakages.
Updated: 2022-08-31 16:20:16
标题: 微步-CI:JavaScript 应用程序的实用侧信道分析
摘要: 密码实现中的时序行为取决于秘密,导致存在可利用的漏洞,损害其安全性。多年来,已经提出了许多自动检测时序泄漏甚至证明其不存在的工具。然而,IEEE S&P 2022年的一项最新研究表明,虽然许多开发人员知道一个或多个分析工具,但他们在将这些工具整合到工作流程中时遇到了很大的困难,因为现有工具使用起来繁琐,将发现的泄漏映射到其源代码段需要专业知识。此外,现有工具专注于像C这样的编译语言,或者分析二进制文件,而行业和开源社区已经转向解释性语言,尤其是JavaScript。 在这项工作中,我们介绍了Microwalk-CI,这是一个新颖的侧信道分析框架,可以轻松集成到JavaScript开发工作流程中。首先,我们通过一个新的分析算法扩展了现有的动态方法,该算法允许有效地定位和量化泄漏,使其适用于实际开发。然后,我们提出了一种从JavaScript应用程序生成执行跟踪的技术,这些跟踪可以进一步使用我们和其他最初设计用于二进制分析的算法进行分析。最后,我们讨论了如何将Microwalk-CI集成到连续集成(CI)管道中进行高效和持续的监控。我们通过对几个流行的JavaScript密码库进行彻底评估来评估我们的分析框架,并揭示了一些关键的泄漏。
更新时间: 2022-08-31 16:20:16
领域: cs.CR,cs.SE
Deep Joint Source-Channel and Encryption Coding: Secure Semantic Communications
Deep learning driven joint source-channel coding (JSCC) for wireless image or video transmission, also called DeepJSCC, has been a topic of interest recently with very promising results. The idea is to map similar source samples to nearby points in the channel input space such that, despite the noise introduced by the channel, the input can be recovered with minimal distortion. In DeepJSCC, this is achieved by an autoencoder architecture with a non-trainable channel layer between the encoder and decoder. DeepJSCC has many favorable properties, such as better end-to-end distortion performance than its separate source and channel coding counterpart as well as graceful degradation with respect to channel quality. However, due to the inherent correlation between the source sample and channel input, DeepJSCC is vulnerable to eavesdropping attacks. In this paper, we propose the first DeepJSCC scheme for wireless image transmission that is secure against eavesdroppers, called DeepJSCEC. DeepJSCEC not only preserves the favorable properties of DeepJSCC, it also provides security against chosen-plaintext attacks from the eavesdropper, without the need to make assumptions about the eavesdropper's channel condition, or its intended use of the intercepted signal. Numerical results show that DeepJSCEC achieves similar or better image quality than separate source coding using BPG compression, AES encryption, and LDPC codes for channel coding, while preserving the graceful degradation of image quality with respect to channel quality. We also show that the proposed encryption method is problem agnostic, meaning it can be applied to other end-to-end JSCC problems, such as remote classification, without modification. Given the importance of security in modern wireless communication systems, we believe this work brings DeepJSCC schemes much closer to adoption in practice.
Updated: 2022-08-31 16:10:09
标题: 深度联合源通道和加密编码:安全语义通信
摘要: 最近,基于深度学习的联合源-信道编码(JSCC)用于无线图像或视频传输,也称为DeepJSCC,成为了一个备受关注的课题,取得了非常有希望的结果。其思想是将相似的源样本映射到信道输入空间中的附近点,使得尽管信道引入噪声,输入仍能以最小失真恢复。在DeepJSCC中,通过一个自动编码器架构,在编码器和解码器之间加入一个不可训练的信道层来实现这一目标。DeepJSCC具有许多有利的特性,如比其单独的源编码和信道编码对应物具有更好的端到端失真性能,以及对信道质量的优雅降级。然而,由于源样本和信道输入之间的固有相关性,DeepJSCC容易受到窃听攻击。在本文中,我们提出了第一个用于无线图像传输的安全防窃听的DeepJSCC方案,称为DeepJSCEC。DeepJSCEC不仅保留了DeepJSCC的有利特性,还能提供安全防范来自窃听者的选择明文攻击,而无需假设窃听者的信道条件或其拦截信号的意图。数值结果显示,DeepJSCEC在保持与信道质量相关的图像质量的优雅降级的同时,实现了与使用BPG压缩、AES加密和LDPC码进行信道编码的单独源编码相似或更好的图像质量。我们还表明,所提出的加密方法是问题不可知的,意味着它可以应用于其他端到端JSCC问题,如远程分类,而无需修改。考虑到现代无线通信系统中安全性的重要性,我们相信这项工作将使DeepJSCC方案更加接近实际应用。
更新时间: 2022-08-31 16:10:09
领域: cs.CR,eess.SP
Explainable Artificial Intelligence Applications in Cyber Security: State-of-the-Art in Research
This survey presents a comprehensive review of current literature on Explainable Artificial Intelligence (XAI) methods for cyber security applications. Due to the rapid development of Internet-connected systems and Artificial Intelligence in recent years, Artificial Intelligence including Machine Learning (ML) and Deep Learning (DL) has been widely utilized in the fields of cyber security including intrusion detection, malware detection, and spam filtering. However, although Artificial Intelligence-based approaches for the detection and defense of cyber attacks and threats are more advanced and efficient compared to the conventional signature-based and rule-based cyber security strategies, most ML-based techniques and DL-based techniques are deployed in the black-box manner, meaning that security experts and customers are unable to explain how such procedures reach particular conclusions. The deficiencies of transparency and interpretability of existing Artificial Intelligence techniques would decrease human users' confidence in the models utilized for the defense against cyber attacks, especially in current situations where cyber attacks become increasingly diverse and complicated. Therefore, it is essential to apply XAI in the establishment of cyber security models to create more explainable models while maintaining high accuracy and allowing human users to comprehend, trust, and manage the next generation of cyber defense mechanisms. Although there are papers reviewing Artificial Intelligence applications in cyber security areas and the vast literature on applying XAI in many fields including healthcare, financial services, and criminal justice, the surprising fact is that there are currently no survey research articles that concentrate on XAI applications in cyber security.
Updated: 2022-08-31 16:06:31
标题: 可解释的人工智能在网络安全中的应用:研究现状
摘要: 这项调查对当前文献中有关可解释人工智能(XAI)方法在网络安全应用中的综合回顾进行了介绍。由于近年来互联网连接系统和人工智能的迅速发展,包括机器学习(ML)和深度学习(DL)在网络安全领域,如入侵检测、恶意软件检测和垃圾邮件过滤等方面被广泛利用。然而,虽然基于人工智能的方法用于检测和防御网络攻击和威胁相比传统基于签名和规则的网络安全策略更为先进和高效,但大多数基于ML和DL的技术以黑盒方式部署,意味着安全专家和客户无法解释此类程序是如何得出特定结论的。现有人工智能技术的透明性和可解释性不足将降低人类用户对用于防御网络攻击的模型的信心,尤其是在当前网络攻击日益多样化和复杂化的情况下。因此,在建立网络安全模型时应用XAI是至关重要的,以创建更可解释的模型,同时保持高准确性,并使人类用户能够理解、信任和管理下一代网络防御机制。尽管有关人工智能在网络安全领域的应用的论文和关于将XAI应用于许多领域,包括医疗保健、金融服务和刑事司法的大量文献,令人惊讶的事实是目前没有专注于XAI在网络安全中应用的调查研究文章。
更新时间: 2022-08-31 16:06:31
领域: cs.CR
Membership Inference Attacks by Exploiting Loss Trajectory
Machine learning models are vulnerable to membership inference attacks in which an adversary aims to predict whether or not a particular sample was contained in the target model's training dataset. Existing attack methods have commonly exploited the output information (mostly, losses) solely from the given target model. As a result, in practical scenarios where both the member and non-member samples yield similarly small losses, these methods are naturally unable to differentiate between them. To address this limitation, in this paper, we propose a new attack method, called \system, which can exploit the membership information from the whole training process of the target model for improving the attack performance. To mount the attack in the common black-box setting, we leverage knowledge distillation, and represent the membership information by the losses evaluated on a sequence of intermediate models at different distillation epochs, namely \emph{distilled loss trajectory}, together with the loss from the given target model. Experimental results over different datasets and model architectures demonstrate the great advantage of our attack in terms of different metrics. For example, on CINIC-10, our attack achieves at least 6$\times$ higher true-positive rate at a low false-positive rate of 0.1\% than existing methods. Further analysis demonstrates the general effectiveness of our attack in more strict scenarios.
Updated: 2022-08-31 16:02:26
标题: 利用损失轨迹进行会员推理攻击
摘要: 机器学习模型容易受到成员推断攻击的影响,攻击者旨在预测特定样本是否包含在目标模型的训练数据集中。现有的攻击方法通常仅利用给定目标模型的输出信息(主要是损失)。因此,在实际场景中,如果成员和非成员样本产生的损失相似,则这些方法自然无法区分它们。为了解决这一局限性,本文提出了一种名为\system的新攻击方法,它可以利用目标模型整个训练过程中的成员信息来提高攻击性能。为了在常见的黑盒设置中发动攻击,我们利用知识蒸馏,并通过在不同蒸馏时期评估的一系列中间模型的损失来表示成员信息,即\emph{蒸馏损失轨迹},以及给定目标模型的损失。在不同数据集和模型架构上的实验证明了我们的攻击在不同指标方面的巨大优势。例如,在CINIC-10上,我们的攻击在0.1\%的低误报率下至少实现了6倍更高的真正阳性率,高于现有方法。进一步分析证明了我们的攻击在更严格场景下的普遍有效性。
更新时间: 2022-08-31 16:02:26
领域: cs.CR,cs.LG
A Secure and Efficient Data Deduplication Scheme with Dynamic Ownership Management in Cloud Computing
Encrypted data deduplication is an important technique for saving storage space and network bandwidth, which has been widely used in cloud storage. Recently, a number of schemes that solve the problem of data deduplication with dynamic ownership management have been proposed. However, these schemes suffer from low efficiency when the dynamic ownership changes a lot. To this end, in this paper, we propose a novel server-side deduplication scheme for encrypted data in a hybrid cloud architecture, where a public cloud (Pub-CSP) manages the storage and a private cloud (Pri-CSP) plays a role as the data owner to perform deduplication and dynamic ownership management. Further, to reduce the communication overhead we use an initial uploader check mechanism to ensure only the first uploader needs to perform encryption, and adopt an access control technique that verifies the validity of the data users before they download data. Our security analysis and performance evaluation demonstrate that our proposed server-side deduplication scheme has better performance in terms of security, effectiveness, and practicability compared with previous schemes. Meanwhile, our method can efficiently resist collusion attacks and duplicate faking attacks.
Updated: 2022-08-31 15:47:52
标题: 云计算中具有动态所有权管理的安全高效数据去重方案
摘要: 加密数据去重是一种重要的技术,可节省存储空间和网络带宽,在云存储中被广泛使用。最近,提出了一些解决动态所有权管理的数据去重问题的方案。然而,这些方案在动态所有权频繁变化时效率较低。因此,在本文中,我们提出了一种新颖的服务器端加密数据去重方案,应用于混合云架构中,其中公共云(Pub-CSP)负责管理存储,私有云(Pri-CSP)充当数据所有者执行去重和动态所有权管理。此外,为了减少通信开销,我们使用一个初始上传者检查机制以确保只有第一个上传者需要进行加密,并采用一个访问控制技术,在数据下载之前验证数据用户的有效性。我们的安全分析和性能评估表明,与先前的方案相比,我们提出的服务器端去重方案在安全性、有效性和实用性方面具有更好的性能。同时,我们的方法可以有效抵抗勾结攻击和重复伪造攻击。
更新时间: 2022-08-31 15:47:52
领域: cs.CR,cs.DC
An Anonymous Overlay Routing Protocol for Uplink-Intensive Applications
Sender anonymity in network communication is an important problem, widely addressed in the literature. Mixnets, combined with onion routing, represent certainly the most concrete and effective approach achieving the above goal. In general, the drawback of these approaches is that anonymity has a price in terms of traffic overhead and latency. On the Internet, to achieve scalability and not to require relevant infrastructure and network-protocol changes, only P2P overlay protocols can be adopted. Among these, the most representative proposal is certainly Tarzan, which is designed to obtain strong anonymity still preserving low-latency applications. In recent years, we are witnessing a change in Internet traffic. Due to IoT, cloud storage, WSN, M2M, uplink traffic is more and more increasing. An interesting question is whether this new traffic configuration may enable new strategies to improve the effectiveness of Tarzan-like approaches. In this paper, we investigate this problem, by proposing \textit{C-Tarzan}, an anonymous overlay P2P routing protocol. Through a deep experimental analysis, we show that C-Tarzan outperforms Tarzan in the case of uplink-intensive applications.
Updated: 2022-08-31 15:24:19
标题: 一个匿名的用于上行密集型应用的覆盖网络路由协议
摘要: 网络通信中的发件方匿名性是一个重要问题,在文献中得到广泛讨论。混合网络结合洋葱路由技术无疑是实现上述目标最具体和有效的方法。总的来说,这些方法的缺点是匿名性会以流量开销和延迟为代价。在互联网上,为了实现可扩展性并且不需要相关基础设施和网络协议的改变,只能采用P2P叠加协议。在这些协议中,最具代表性的提案无疑是Tarzan,它旨在获得强大的匿名性同时保持低延迟的应用程序。近年来,我们正在目睹互联网流量的变化。由于物联网、云存储、无线传感网络、机器对机器通信,上行流量越来越增加。一个有趣的问题是,这种新的流量配置是否可以启用新的策略来提高类似Tarzan方法的有效性。在这篇论文中,我们通过提出一种匿名叠加P2P路由协议C-Tarzan来研究这个问题。通过深入的实验分析,我们展示了在上行密集型应用程序的情况下,C-Tarzan优于Tarzan。
更新时间: 2022-08-31 15:24:19
领域: cs.NI,cs.CR
Protecting Critical Inter-Domain Communication through Flyover Reservations
To protect against naturally occurring or adversely induced congestion in the Internet, we propose the concept of flyover reservations, a fundamentally new approach for addressing the availability demands of critical low-volume applications. In contrast to path-based reservation systems, flyovers are fine-grained "hop-based" bandwidth reservations on the level of individual autonomous systems. We demonstrate the scalability of this approach experimentally through simulations on large graphs. Moreover, we introduce Helia, a protocol for secure flyover reservation setup and data transmission. We evaluate Helia's performance based on an implementation in DPDK, demonstrating authentication and forwarding of reservation traffic at 160 Gbps. Our security analysis shows that Helia can resist a large variety of powerful attacks against reservation admission and traffic forwarding. Despite its simplicity, Helia outperforms current state-of-the-art reservation systems in many key metrics.
Updated: 2022-08-31 14:34:39
标题: 通过飞越预订保护关键的跨域通信
摘要: 为了防止因自然发生或不利诱导而导致的互联网拥塞,我们提出了飞越保留的概念,这是一种根本上新的方法,用于解决关键低容量应用的可用性需求。与基于路径的保留系统相比,飞越是在单个自治系统级别上的细粒度“跳数”带宽保留。我们通过在大型图上进行模拟实验,展示了这种方法的可扩展性。此外,我们引入了Helia,一种用于安全飞越保留设置和数据传输的协议。我们基于在DPDK中的实现来评估Helia的性能,演示了160 Gbps的保留流量的认证和转发。我们的安全分析显示,Helia可以抵抗多种针对保留准入和流量转发的强大攻击。尽管其简单性,Helia在许多关键指标上优于当前最先进的保留系统。
更新时间: 2022-08-31 14:34:39
领域: cs.NI,cs.CR
A Finite-Automaton Based Stream Cipher As a Quasigroup Based Cipher
In this paper we show that a recently published finite automaton stream cipher can be considered as a quasigroup based stream cipher. Some additional properties of the discussed cipher are also given.
Updated: 2022-08-31 09:30:07
标题: 一个基于有限自动机的流密码作为基于夸群的密码
摘要: 在本文中,我们展示了最近发表的有限自动机流密码可以被视为基于夸群的流密码。还给出了讨论的密码的一些附加属性。
更新时间: 2022-08-31 09:30:07
领域: cs.CR,E.3
Be Your Own Neighborhood: Detecting Adversarial Example by the Neighborhood Relations Built on Self-Supervised Learning
Deep Neural Networks (DNNs) have achieved excellent performance in various fields. However, DNNs' vulnerability to Adversarial Examples (AE) hinders their deployments to safety-critical applications. This paper presents a novel AE detection framework, named BEYOND, for trustworthy predictions. BEYOND performs the detection by distinguishing the AE's abnormal relation with its augmented versions, i.e. neighbors, from two prospects: representation similarity and label consistency. An off-the-shelf Self-Supervised Learning (SSL) model is used to extract the representation and predict the label for its highly informative representation capacity compared to supervised learning models. For clean samples, their representations and predictions are closely consistent with their neighbors, whereas those of AEs differ greatly. Furthermore, we explain this observation and show that by leveraging this discrepancy BEYOND can effectively detect AEs. We develop a rigorous justification for the effectiveness of BEYOND. Furthermore, as a plug-and-play model, BEYOND can easily cooperate with the Adversarial Trained Classifier (ATC), achieving the state-of-the-art (SOTA) robustness accuracy. Experimental results show that BEYOND outperforms baselines by a large margin, especially under adaptive attacks. Empowered by the robust relation net built on SSL, we found that BEYOND outperforms baselines in terms of both detection ability and speed. Our code will be publicly available.
Updated: 2022-08-31 08:18:44
标题: 成为你自己的邻域:基于自监督学习构建的邻域关系检测对抗样本
摘要: 深度神经网络(DNNs)在各个领域取得了出色的表现。然而,DNNs对于对抗性样本(AE)的脆弱性阻碍了它们部署到安全关键应用程序中。本文提出了一种名为BEYOND的新型AE检测框架,用于可信的预测。BEYOND通过区分AE与其增强版本(即邻居)之间的异常关系来进行检测,从两个方面进行考虑:表示相似性和标签一致性。我们使用现成的自监督学习(SSL)模型来提取表示并预测标签,因为与监督学习模型相比,它具有更高的信息表示能力。对于干净样本,它们的表示和预测与它们的邻居紧密一致,而AE的表示和预测差异很大。此外,我们解释了这一观察结果,并展示了通过利用这种差异,BEYOND可以有效地检测AE。我们对BEYOND的有效性进行了严格的证明。此外,作为一种即插即用的模型,BEYOND可以轻松与对抗训练分类器(ATC)合作,实现最新的抗干扰准确性。实验结果表明,BEYOND在各方面都明显优于基线,特别是在自适应攻击下。基于SSL构建的强大关系网络的支持,我们发现BEYOND在检测能力和速度方面均优于基线。我们的代码将会公开发布。
更新时间: 2022-08-31 08:18:44
领域: cs.LG,cs.CR
A Survey of Security and Privacy Issues in V2X Communication Systems
Vehicle-to-Everything (V2X) communication is receiving growing attention from industry and academia as multiple pilot projects explore its capabilities and feasibility. With about 50\% of global road vehicle exports coming from the European Union (EU), and within the context of EU legislation around security and data protection, V2X initiatives must consider security and privacy aspects across the system stack, in addition to road safety. Contrary to this principle, our survey of relevant standards, research outputs, and EU pilot projects indicates otherwise; we identify multiple security and privacy related shortcomings and inconsistencies across the standards. We conduct a root cause analysis of the reasons and difficulties associated with these gaps, and categorize the identified security and privacy issues relative to these root causes. As a result, our comprehensive analysis sheds lights on a number of areas that require improvements in the standards, which are not explicitly identified in related work. Our analysis fills gaps left by other related surveys, which are focused on specific technical areas but not necessarily point out underlying root issues in standard specifications. We bring forward recommendations to address these gaps for the overall improvement of security and safety in vehicular communication.
Updated: 2022-08-31 08:00:59
标题: V2X通信系统安全与隐私问题调查
摘要: 交通工具到一切(V2X)通信正受到行业和学术界越来越多的关注,因为多个试点项目正在探索其能力和可行性。由于全球约50\%的道路车辆出口来自欧盟(EU),并且在围绕安全和数据保护的欧盟立法背景下,V2X倡议必须考虑系统堆栈中的安全和隐私方面,除了道路安全之外。与这一原则相反,我们对相关标准、研究成果和欧盟试点项目的调查表明,我们发现多个安全和隐私相关的缺陷和标准之间的不一致性。我们对这些差距的原因和困难进行根本原因分析,并将确定的安全和隐私问题相对于这些根本原因进行分类。因此,我们的全面分析揭示了一些需要在标准中进行改进的领域,这些领域在相关研究中没有明确标识。我们的分析填补了其他相关调查留下的空白,这些调查侧重于特定技术领域,但不一定指出标准规范中潜在的根本问题。我们提出建议,以解决这些差距,从而提高车辆通信的安全和安全性。
更新时间: 2022-08-31 08:00:59
领域: cs.CR
Unrestricted Adversarial Samples Based on Non-semantic Feature Clusters Substitution
Most current methods generate adversarial examples with the $L_p$ norm specification. As a result, many defense methods utilize this property to eliminate the impact of such attacking algorithms. In this paper,we instead introduce "unrestricted" perturbations that create adversarial samples by using spurious relations which were learned by model training. Specifically, we find feature clusters in non-semantic features that are strongly correlated with model judgment results, and treat them as spurious relations learned by the model. Then we create adversarial samples by using them to replace the corresponding feature clusters in the target image. Experimental evaluations show that in both black-box and white-box situations. Our adversarial examples do not change the semantics of images, while still being effective at fooling an adversarially trained DNN image classifier.
Updated: 2022-08-31 07:42:36
标题: 基于非语义特征簇替换的无限制对抗样本
摘要: 大多数当前的方法使用$L_p$范数规范生成对抗性样本。因此,许多防御方法利用这一特性消除这种攻击算法的影响。在本文中,我们引入了“无限制”的扰动,通过使用模型训练学到的虚假关系来创建对抗性样本。具体来说,我们发现在非语义特征中与模型判断结果强相关的特征簇,并将它们视为模型学习到的虚假关系。然后,我们使用它们替换目标图像中对应的特征簇来创建对抗性样本。实验评估显示,在黑盒和白盒情况下,我们的对抗性样本不会改变图像的语义,同时仍然能够欺骗对抗性训练的DNN图像分类器。
更新时间: 2022-08-31 07:42:36
领域: cs.CV,cs.CR
Application of Data Encryption in Chinese Named Entity Recognition
Recently, with the continuous development of deep learning, the performance of named entity recognition tasks has been dramatically improved. However, the privacy and the confidentiality of data in some specific fields, such as biomedical and military, cause insufficient data to support the training of deep neural networks. In this paper, we propose an encryption learning framework to address the problems of data leakage and inconvenient disclosure of sensitive data in certain domains. We introduce multiple encryption algorithms to encrypt training data in the named entity recognition task for the first time. In other words, we train the deep neural network using the encrypted data. We conduct experiments on six Chinese datasets, three of which are constructed by ourselves. The experimental results show that the encryption method achieves satisfactory results. The performance of some models trained with encrypted data even exceeds the performance of the unencrypted method, which verifies the effectiveness of the introduced encryption method and solves the problem of data leakage to a certain extent.
Updated: 2022-08-31 04:20:37
标题: 数据加密在中文命名实体识别中的应用
摘要: 最近,随着深度学习的持续发展,命名实体识别任务的性能得到了显著提高。然而,在某些特定领域,如生物医药和军事领域,数据的隐私和保密性导致数据不足,无法支持深度神经网络的训练。本文提出了一个加密学习框架,以解决某些领域中数据泄露和敏感数据不便披露的问题。我们首次引入多种加密算法,对命名实体识别任务中的训练数据进行加密。换句话说,我们使用加密数据来训练深度神经网络。我们在六个中文数据集上进行实验,其中三个是我们自己构建的。实验结果表明,加密方法取得了令人满意的结果。一些使用加密数据训练的模型的性能甚至超过了未加密方法的性能,这验证了引入的加密方法的有效性,并在一定程度上解决了数据泄露的问题。
更新时间: 2022-08-31 04:20:37
领域: cs.CR,cs.CL
PBAG: A Privacy-Preserving Blockchain-based Authentication Protocol with Global-updated Commitment in IoV
Internet of Vehicles(IoV) is increasingly used as a medium to propagate critical information via establishing connections between entities such as vehicles and infrastructures. During message transmission, privacy-preserving authentication is considered as the first line of defence against attackers and malicious information. To achieve a more secure and stable communication environment, ever-increasing numbers of blockchain-based authentication schemes are proposed. At first glance, existing approaches provide robust architectures and achieve transparent authentication. However, in these schemes, verifiers must connect to the blockchain network in advance and accomplish the authentication with smart contracts, which prolongs the latency. To remedy this limit, we propose a privacy-preserving blockchain-based authentication protocol(PBAG), where Root Authority(RA) generates a unique evaluation proof corresponding to the issued certificate for each authorized vehicle. Meanwhile, RA broadcasts a public global commitment based on all valid certificates. Instead of querying certificates stored in the blockchain, the vehicle will be efficiently proved to be an authorized user by utilizing the global commitment through bilinear pairing. Moreover, our scheme can prevent vehicles equipped with invalid certificates from accomplishing the authentication, thus avoiding the time-consuming for checking Certificate Revocation List (CRL). Finally, our scheme provides privacy properties such as anonymity and unlinkability. It allows anonymous authentication based on evaluation proofs and achieves traceability of identity in the event of a dispute. The simulation demonstrates that the average time of verification is 0.36ms under the batch-enabled mechanism, outperforming existing schemes by at least 63.7%.
Updated: 2022-08-31 03:30:38
标题: PBAG:一种在IoV中具有全局更新承诺的隐私保护区块链认证协议
摘要: 车联网(IoV)越来越被用作通过建立车辆和基础设施等实体之间的连接传播关键信息的媒介。在消息传输过程中,隐私保护认证被视为对抗攻击者和恶意信息的第一道防线。为了实现更安全和稳定的通信环境,提出了越来越多基于区块链的认证方案。乍一看,现有方法提供了强大的架构并实现了透明的认证。然而,在这些方案中,验证者必须提前连接到区块链网络并通过智能合约完成认证,这会延长延迟。为了纠正这一限制,我们提出了一种隐私保护的基于区块链的认证协议(PBAG),其中根权限机构(RA)为每辆授权车辆生成与发放证书对应的唯一评估证明。与此同时,RA基于所有有效证书广播一个公共全局承诺。车辆将通过双线性配对利用全局承诺,而不是查询存储在区块链中的证书,从而有效地证明自己是授权用户。此外,我们的方案可以防止配备无效证书的车辆完成认证,从而避免检查证书吊销列表(CRL)所需的耗时。最后,我们的方案提供了匿名性和不可链接性等隐私属性。它基于评估证明实现匿名认证,并在发生争议时实现身份的可追溯性。模拟结果表明,在启用批处理机制的情况下,验证的平均时间为0.36毫秒,至少比现有方案高出63.7%。
更新时间: 2022-08-31 03:30:38
领域: cs.CR
Data Breaches in Healthcare Security Systems
Providing security to Health Information is considered to be the topmost priority when compared to any other field. After the digitalization of the patient's records in the medical field, the healthcare/medical field has become a victim of several internal and external cyberattacks. Data breaches in the healthcare industry have been increasing rapidly. Despite having security standards such as HIPAA (Health Insurance Portability and Accountability Act), data breaches still happen on a daily basis. All various types of data breaches have the same harmful impact on healthcare data, especially on patients' privacy. The main objective of this paper is to analyze why healthcare data breaches occur and what is the impact of these breaches. The paper also presents the possible improvements that can be made in the current standards, such as HIPAA, to increase security in the healthcare field.
Updated: 2022-08-31 03:28:12
标题: 医疗保健安全系统中的数据泄露
摘要: 在与其他领域相比,为健康信息提供安全性被认为是最优先的任务。在医疗领域患者记录数字化之后,医疗/健康领域成为了多次内部和外部网络攻击的受害者。医疗行业数据泄露的情况正在迅速增加。尽管有诸如《健康保险便携与责任法案》(HIPAA)等安全标准,数据泄露仍然每天都在发生。所有类型的数据泄露对医疗数据,特别是患者隐私,都具有相同的有害影响。本文的主要目标是分析为什么会发生医疗数据泄露以及这些泄露的影响是什么。本文还提出了可以在当前标准(例如HIPAA)中进行的可能改进,以提高医疗领域的安全性。
更新时间: 2022-08-31 03:28:12
领域: cs.CR
Non-readily identifiable data collaboration analysis for multiple datasets including personal information
Multi-source data fusion, in which multiple data sources are jointly analyzed to obtain improved information, has considerable research attention. For the datasets of multiple medical institutions, data confidentiality and cross-institutional communication are critical. In such cases, data collaboration (DC) analysis by sharing dimensionality-reduced intermediate representations without iterative cross-institutional communications may be appropriate. Identifiability of the shared data is essential when analyzing data including personal information. In this study, the identifiability of the DC analysis is investigated. The results reveals that the shared intermediate representations are readily identifiable to the original data for supervised learning. This study then proposes a non-readily identifiable DC analysis only sharing non-readily identifiable data for multiple medical datasets including personal information. The proposed method solves identifiability concerns based on a random sample permutation, the concept of interpretable DC analysis, and usage of functions that cannot be reconstructed. In numerical experiments on medical datasets, the proposed method exhibits a non-readily identifiability while maintaining a high recognition performance of the conventional DC analysis. For a hospital dataset, the proposed method exhibits a nine percentage point improvement regarding the recognition performance over the local analysis that uses only local dataset.
Updated: 2022-08-31 03:19:17
标题: 多个数据集包括个人信息的非易识别数据协作分析
摘要: 多源数据融合是指联合分析多个数据源以获得改进信息的技术,在研究中备受关注。对于多个医疗机构的数据集,数据机密性和跨机构通信至关重要。在这种情况下,通过共享降维的中间表示进行数据协作(DC)分析,而无需迭代的跨机构通信可能是合适的。在分析包含个人信息的数据时,共享数据的可识别性是必不可少的。本研究调查了DC分析的可识别性。结果显示,对于监督学习,共享的中间表示很容易识别为原始数据。然后,本研究提出了一种非易识别的DC分析方法,仅共享包含个人信息的不易识别数据,用于多个医疗数据集。所提出的方法通过随机样本排列、可解释性DC分析概念和使用无法重建的函数来解决可识别性问题。在医疗数据集的数值实验中,所提出的方法展现了非易识别性,同时保持了传统DC分析的高识别性能。对于医院数据集,所提出的方法在识别性能方面比仅使用本地数据集的本地分析提高了九个百分点。
更新时间: 2022-08-31 03:19:17
领域: cs.LG,cs.CR