Paper |
[1] Guozhu Chen, Fanping
Zeng, Jian Zhang, Tingting Lu, Jingfei Shen, Wenjuan Shu. An
adaptive trust model based on recommendation filtering algorithm
for the Internet of Things systems[J]. Computer Networks, 2021,
190(15): 107952.
Abstract—The Internet of Things (IoT) is growing rapidly and
brings great convenience to humans. But it also causes some security
issues which may have negative impacts on humans. Trust management is an
effective method to solve these problems by establishing trust
relationships among interconnected IoT objects. In this paper, we
propose an adaptive trust model based on recommendation filtering
algorithm for the IoT systems. The utilization of sliding window and
time decay function when calculating direct trust can greatly accelerate
the convergence rate of trust evaluation.
We design a recommendation filtering algorithm to effectively filter out
bad recommendations and minimize the impact of malicious objects. An
adaptive weight is developed to better combine direct trust and
recommendation trust into synthesis trust so as to adapt to the
dynamically hostile environment. In the simulation experiments, we
compare our adaptive trust model with three related models: TBSM, NRB
and NTM. The experimental results indicate that our trust model
converges fast and the mean absolute error is always less than 0.05 when
the proportion of malicious nodes is from 10% to 70%. The comparative
experiments further verify the effectiveness of our trust model in terms
of accuracy, convergence rate and resistance to trust related attacks.
Full Paper:
An adaptive trust model based on recommendation filtering algorithm for
the Internet of Things systems
[2] Tingting Lu, Fanping Zeng#*, Guozhu Chen,
Wenjuan Shu, Jingfei Shen, Weikang Zhang. A Novel Hybrid Model
for Task Dependent Scheduling in Container-based Edge
Computing[C]. 2021 IEEE International Conference on
Communications Workshops (ICC Workshops)
Abstract—The
capability leak of Android applications is one kind of serious
vulnerability. It causes other apps to leverage its functions to achieve
their illegal goals. In this paper, we propose a tool which can
automatically generate capability leaks’ exploits of Android
applications with path-sensitive symbolic execution-based static
analysis and test. It can aid in reducing false positives of
vulnerability analysis and help engineers find bugs. We utilize control
flow graph (CFG) reduction and call graph (CG) search optimization to
optimize symbolic execution, which make our tool applicable for
practical apps. By applying our tool to 439 popular applications of the
Wandoujia (a famous app market in China) in 2017, we found 2239
capability leaks of 16 kinds of permissions. And the average analysis
time was 4 minutes per app. A demo video can be found at the website
https://youtu.be/dXFMNZWxEc0.
Full Paper:
A_Novel_Hybrid_Model_for_Task_Dependent_Scheduling_in_Container-based_Edge_Computing
[3] Mingsong Zhou, Fanping Zeng, Yu Zhang,
Chengcheng Lv, Zhao Chen, Guozhu Chen. Automatic Generation
of Capability Leaks’ Exploits for Android Applications. 2019
IEEE International Conference on Software Testing, Verification
and Validation Workshops (ICSTW). ICSTW 2019 (April 22-27, 2019,
Xian, Shaanxi, China), 291-295.
Abstract—The
capability leak of Android applications is one kind of serious
vulnerability. It causes other apps to leverage its functions to achieve
their illegal goals. In this paper, we propose a tool which can
automatically generate capability leaks’ exploits of Android
applications with path-sensitive symbolic execution-based static
analysis and test. It can aid in reducing false positives of
vulnerability analysis and help engineers find bugs. We utilize control
flow graph (CFG) reduction and call graph (CG) search optimization to
optimize symbolic execution, which make our tool applicable for
practical apps. By applying our tool to 439 popular applications of the
Wandoujia (a famous app market in China) in 2017, we found 2239
capability leaks of 16 kinds of permissions. And the average analysis
time was 4 minutes per app. A demo video can be found at the website
https://youtu.be/dXFMNZWxEc0.
Full Paper:
2019-04-ICSTW2019.pdf
[4] Chengcheng Lv, Long Zhang, Fanping Zeng, Jian
Zhang. Adaptive Random Testing for XSS Vulnerability. The 26th
Asia-Pacific Software Engineering Conference. APSEC 2019 (Dec 2-5,
2019, Putrajaya, Malaysia), 63-69.
Abstract—XSS is one of the common vulnerabilities in web
applications. Many black-box testing tools may collect a large number of
payloads and traverse them to find a payload that can be successfully
injected, but they are not very efficient. Previous research has paid
less attention to how to improve the efficiency of black-box testing to
detect XSS vulnerability. To improve the efficiency of testing, we
develop an XSS testing tool. It collects 6128 payloads and uses a
headless browser to detect XSS vulnerability. The tool can discover XSS
vulnerability quickly with adaptive random testing method. We conduct an
experiment using 3 extensively adopted open source vulnerable benchmarks
and 2 actual websites to evaluate the adaptive random testing method.
The experimental results indicate that the adaptive random testing
method can effectively improve the fuzzing method by more than 27.1% in
reducing the number of attempts before accomplishing a successful
injection.
Full Paper: 2019-12-Adaptive
Random Testing for XSS Vulnerability.pdf
[5] Mingsong Zhou, Fanping Zeng, Zhao Chen. Capability
Leakage Detection Between Android Applications Based on Dynamic
Feedback. The 25th International Conference on Parallel and
Distributed Systems. ICPADS 2019 (December 4-6, 2019, Tianjin,
China), 943-948.
Abstract—The capability leakage of Android applications is one
kind of serious vulnerabilities. It can cause other applications to
leverage its functions to achieve their illegal goals. In this paper, we
propose a tool which can automatically detect and confirm capability
leakages of Android applications with dynamic-feedback testing. The tool
utilizes context-sensitive, flow-sensitive inter-procedural data flow
analysis to find key variables and instrumentation points, then it tests
the application continuously by test cases generated from test log. We
have made experiments on 607 most popular applications of Wandoujia in
2017, and found a total of 6,070 in 16 kinds of capability leakages.
Compared with the famous IntentFuzzer, our tool is 19.38% better on the
average ability to detect permission capability leakage.
Full Paper:
2019-12-CapabilityLeakageDetection.pdf
[6]
Zhao Chen, Fanping Zeng, Tingting Lu, Wenjuan Shu.
Multi-platform Application Interaction Extraction for IoT Devices.
The 25th International Conference on Parallel and Distributed
Systems. ICPADSW 2019 (December 4-6, 2019, Tianjin, China), 990-995.
Abstract—IoT devices used in smart home have become a fundamental
part of modern society. Such devices enable our living space to be more
convenient. This enables human interaction with physical environment,
also happens between two applications or others third-party rules in
addition, and causes some unexpected automation, even causes safety
concerns. What’s worse is that attackers can leverage stealthy physical
interactions to launch attacks against IoT systems or steal user
privacy. In this paper, we propose a tool called IoTIE that discovers
any possible physical interactions and extract all potential
interactions across applications and rules in the IoT environment. And
we present a comprehensive system evaluation on the Samsung SmartThings
and IFTTT platform. We study 187 official SmartThings applications and
98 IFTTT rules, and find they can form 231 hidden inter-app interactions
through physical environments. In particular, our experiment reveals
that 74 interactions are highly risky and could be potentially exploited
to impact the security and safety of the IoT environment. Index Terms—IoT,
multi-platform, application analysis and interaction extraction
Full Paper:
2019-12-Multi-platformApplicationInteractionExtractionforIoTDevices.pdf
[7] Niannian Xie, Fanping Zeng, Xiaoxia Qin, Yu Zhang,
Mingsong Zhou and Chengcheng Lv. RepassDroid: Automatic Detection of
Android Malware Based on Essential Permissions and Semantic Features
of Sensitive APIs. The 12th International Symposium on Theoretical
Aspects of Software Engineering. TASE 2018 (August 29-31, 2018,
Guangzhou, Guangdong, China), 52-59.
Abstract—Most current literature on Android malware pays
particular attention to the features of applications. Much of them focus
on permissions or APIs, neglecting the behavioral semantics of
applications, and the literature considering behavioral semantics is
often expensive and weak in extendibility. In this paper, we introduce
RepassDroid – a relatively coarse-grained but faster tool for automatic
Android malware detection. We define Generalized-sensitive API and
emphasize on considering if the trigger points of generalized sensitive
APIs are UI-related or not. It analyzes the application by abstracting
the generalized sensitive API with its trigger point as the semantic
feature, with the addition of Really essential Permission as the syntax
feature. Then it utilizes machine learning to automatically determine
whether an application is benign or malicious. We evaluate RepassDroid
on 24288 samples in total, 20000 for training and 4288 for test. With
the comparative experiments, we find that Random Forest is the optimal
classification technique for our feature set, achieving 97.7% accuracy
and 0.99 AUC, along with a malware classification precision as high as
99.3%. Our evaluation results confirm that our approach and the feature
set are logical and effective for Android malware detection.
Full Paper:
2018-08-RepassDroid-TASE2018.pdf
[8] Xingqiu Zhong, Fanping Zeng, Zhichao Cheng,
Niannian Xie, Xiaoxia Qin, Shuli Guo. Privilege Escalation Detecting
in Android Applications[C]. The 3rd International Conference on Big
Data Computing and Communications. BigCom2017 (August 10th-11th,
2017, Chengdu, Sichuan, China).
Abstract—As the most popular mobile operating system, there are
large amount of applications developed for Android. Considering
security issues, developers are forced to declare relative permissions
in manifest file when they need to use sensitive APIs. With the ability
of inter-component communication (ICC) provided by Android, malicious
applications can indirectly call sensitive APIs through components
exposed by other applications, leading to privilege escalation. To
address this problem, we propose a method to detect this kind of
privilege escalation between two applications. First, we compare the
permission sets of both applications. Then, if necessary we identify
call links between two applications and perform inter-application
control flow analysis. Finally, according to the result of control flow
analysis, we can judge whether the privilege escalation exists. As the
experiment result shows, our method can accurately detect privilege
escalation between two applications.
[9] Zhichao Cheng, Fanping Zeng, Xingqiu Zhong,
Mingsong Zhou, Chengcheng Lv, Shuli Guo. Resolving Reflection
Methods in Android Applications [C]. 2017 IEEE International
Conference on Intelligence and Security Informatics. IEEEISI2017
(July 22-24, 2017, Beijing, China).
Abstract—Although reflection methods in Android can facilitate
developing applications, they will block control flow and data flow in
static analysis, making its precision decreased. To solve this problem,
we trigger applications to execute reflection methods and record its
reflection targets at runtime. Reflection targets may be a method
invocation, field setting or instantiating of some classes. Considering
many static analysis’ input is apk file, we further transform reflection
methods in apk into explicit method invocation, field setting and class
initiating according to the recorded reflection targets. Our experiment
result shows that, based on our method, some static analysis can perform
better on these transformed apk and produce more precise results.
-
吕成成, 张龙, 邓茜, 曾凡平,
严俊,张健.
针对 WEB
应用程序搜索功能的组合测试[J],
计算机科学与探索, 2019, 13(11): 1839-1851.
摘要—为了方便用户查询感兴趣的资源,许多
WEB 应用程序会提供搜索功能。如果搜索功能存在故障,将会导致 WEB
应用程序的功能异常,甚至会引发安全问题,因而需要对其进行充分地测试。可以使用组合测试的方法生成测试用例测试 WEB
应用程序的搜索功能,其中每一个测试用例是由特殊字符组成的字符串。对于引起系统错误的测试用例,使用组合测试错误定位的方法找到系统错误是由哪些字符组合引起的。使用该方法对学校、政府和事业单位的
96 个网站进行了测试,发现其中 23
个网站在搜索某些特殊字符组合时,会引起服务器错误响应。错误定位结果表明,56%的服务器错误响应是由”%”、”<”、”’”、”\”和其他字符的组合引起的。
Full Paper: 2019-11-JournalOfFrontiersOfComputerScienceAndTechnology.pdf
-
谢念念,
曾凡平,
周明松,
秦晓霞,
吕成成,
陈钊.
多维敏感特征的Android恶意应用检测[J],
计算机科学,
2019, 46(2): 95-101.
摘要—应用程序的行为语义在Android恶意应用检测中起着关键作用。为了区分应用的行为语义,文中提出适合用于Android恶意应用检测的特征和方法。首先定义广义敏感API,强调要考虑广义敏感API的触发点是否与UI事件相关,并且要结合应用实际使用的权限。该方法将广义敏感API及其触发点抽象为语义特征,将应用实际使用的权限作为语法特征,再利用机器学习分类方法自动检测应用是否具有恶意性。在13226个样本上进行了对比实验,实验结果表明,该方法的分析速度快且开销小,选取的特征集使Android恶意应用检测得到很好的结果;经机器学习分类技术的比较,我们选择随机森林作为检测方案中的分类技术,所提特征策略的分类准确率达到96.5%,AUC达到0.99,恶意应用的分类精度达到98.8%。
-
陈钊, 曾凡平, 陈国柱, 张燕咏, 李向阳. 物联网安全测评技术综述[J], 信息安全学报,
2019, 4(3): 2-16.
摘要—近年来,物联网大规模应用于智能制造、智能家居、智慧医疗等产业,物联网的安全问题日益突出,给物联网的发展带来了前所未有的挑战。安全测评技术是保障物联网安全的重要手段,在物联网应用的整个开发生命周期都需要进行安全测评工作,以保证物联网服务的安全性和健壮性。物联网节点面临计算能力、体积和功耗受限等挑战,智慧城市等应用场景提出了大规模泛在异构连接和复杂跨域的需求。本文首先总结了目前物联网中常用的安全测评方法和风险管理技术;然后从绿色、智能和开放三个方面分析物联网安全技术的发展现状和存在的安全问题,并总结了物联网安全测评面临的挑战以及未来的研究方向。
Full Paper: 2019-05-JournalofCyberSecurity.pdf
-
彭凌, 曾凡平, 严俊, 汤杨.
一种有效的Android应用隐式权限提取方法[J], 小型微型计算机系统, 2016, 37(3): 515-519.
[摘要]
隐式权限在Android应用开发中有大量的应用。针对隐式权限审核与资源关联的特性,本文提出一种基于程序静态分析与过程内数据流分析技术的隐式权限检测方法。该方法首先根据函数调用在引发权限审核的过程中是否与系统资源关联分类为显式和隐式;然后借助过程内数据流分析技术对隐式调用提取参数值,构建包含资源信息的完整函数调用;最后与事先收集的权限-函数映射关系比对后得到权限信息。实验结果表明,方法可以有效地检测程序中的隐式权限,漏误报数目少,在性能上相比同类型工具有极大的提升。此外,本文收集的隐式权限-资源映射关系相比其他相关工作更完整,将其与开源的显式权限映射表结合,本文实现了权限自动提取工具UpsetEx。
[Abstract] Implicit permissions are often used in Android
application development. Concerning the feature of implicit permissions
associated with the target resources, this paper proposes a novel
implicit permission detecting method based on static analysis and
procedural data flow analysis technique. Firstly, the function calls are
classified to explicit or implicit according to whether the permission
approval process is related to the system resource. Then, the resource
parameter’s value of implicit function calls is obtained by procedural
data flow analysis, and a complete function calls are built. Finally,
the permissions are found by comparing the function calls with a
pre-requisite permission specification. The experimental results show
that our method can effectively detect implicit permissions with
relatively few false positive and false negative, much better than
similar analysis tools. What’s more, the implicit permission
specification that we have collected is more complete than other related
works did. Combined with an open source explicit permission
specification, we have developed the automated permission extraction
tool UpsetEx.
-
朱正欣, 曾凡平, 黄心依.
动态符号化污点分析研究及实现[J], 计算机科学, 2016, 43(2): 155-158, 187.
[摘要]
动态污点分析技术常用于跟踪二进制程序的信息流及检测安全漏洞,通过程序的动态执行来检测出程序中由测试用例触发的漏洞.它的误报率很低,但是漏报率较高,效率较低.针对动态污点分析的这一问题,动态符号化污点分析方法对污点分析进行了改进,通过将污点分析符号化来降低漏报率及提高效率.根据基于指令的污点传播来获得相关污点数据的信息,同时制定符号化的风险分析规则,通过检测污点信息是否违反风险规则来发现存在的风险.实验结果表明,该方法不仅具有污点分析低误报率的优点,而且克服了污点分析高漏报率的缺点.在污点分析过程中产生的漏洞、风险及相关污点信息还可用于指导测试用例的生成,提高测试效率以及降低测试用例的冗余.
-
王建敏, 曾凡平, 王健康.
用优化的正则表达式引擎进行快速网络流分类[J], 小型微型计算机系统, 2015, 36(12): 2690-2695.
[摘要]
依赖于正则表达式匹配的深度包检测技术因准确率高成为网络流分类广泛使用的技术.为了能在线性时间内对网络流进行快速分类,需采用时间高效的确定性有限自动机(DFA)匹配引擎,但DFA存在空间爆炸问题,无法满足实际需求.为了解决这个问题,本文从DFA中每个状态在不同的输入字符转换下到达的目的状态特性出发,提出了一种基于默认目的状态和位图技术的DFA压缩算法(对应的自动机模型称为DBDFA),该算法能够将有着相同目的状态的多条转移边压缩为只需一个默认目的状态或只需一个时空高效的位图.实验表明,DBDFA能达到平均99%的压缩效率,优于目前大多数的DFA压缩技术,且压缩后的总体匹配效率是原有DFA的3~5倍,这是目前大部分的压缩技术所不能达到的。
|