网络与系统安全实验室

中国科学技术大学 计算机科学与技术学院

(更新时间:2021-07-21)  Fanping Zeng's Homepage in English

曾凡平

曾凡平,男,博士,副教授,ACM会员,中国计算机学会(CCF)高级会员。本科毕业于哈尔滨工业大学,2009年获得中国科学技术大学博士学位。自2001起,面向国家高科技方面的重大需求,主要从事智能物联网、网络与系统安全等方面的研究工作。作为课题负责人或主要技术骨干,参加并完成了10余项包括国家自然科学基金、国家863计划和国家科技部重点专项在内的国家级科研项目。

近期主要研究智能物联网的云边端资源协同优化,物联网安全分析、测试与评估

Fanping Zeng

Associate Professor,
CCF Senior Member,

ACM Member
 

E-Mail: billzeng@ustc.edu.cn

教学

主讲“网络与信息安全”,“计算机网络”和“信息安全导论”

研究生课程:网络安全

本科生课程:信息安全导论

本科生课程:计算机网络

专著

曾凡平编著. 网络信息安全. 北京:机械工业出版社, 2016.
内容简介:本书从网络攻击与防护的角度讨论网络安全原理与技术。在网络防护方面,介绍了密码学、虚拟专用网、防火墙、入侵检测和操作系统的安全防护;在网络攻击方面,详细讨论了缓冲区溢出攻击、格式化字符串攻击、拒绝服务攻击和恶意代码攻击。本书的最大特点是理论与实践紧密结合,书中的例子代码只需经过少量修改即可用于工程实践。本书可以作为信息安全、信息对抗、计算机、信息工程或相近专业的本科生和研究生教材,也可作为网络安全从业人员的参考书。

网络信息安全(2016)

近期主要论文

[1] Guozhu Chen, Fanping Zeng, Jian Zhang, Tingting Lu, Jingfei Shen, Wenjuan Shu. An adaptive trust model based on recommendation filtering algorithm for the Internet of Things systems[J]. Computer Networks, 2021, 190(15): 107952.

Abstract—The Internet of Things (IoT) is growing rapidly and brings great convenience to humans. But it also causes some security issues which may have negative impacts on humans. Trust management is an effective method to solve these problems by establishing trust relationships among interconnected IoT objects. In this paper, we propose an adaptive trust model based on recommendation filtering algorithm for the IoT systems. The utilization of sliding window and time decay function when calculating direct trust can greatly accelerate the convergence rate of trust evaluation.
We design a recommendation filtering algorithm to effectively filter out bad recommendations and minimize the impact of malicious objects. An adaptive weight is developed to better combine direct trust and recommendation trust into synthesis trust so as to adapt to the dynamically hostile environment. In the simulation experiments, we compare our adaptive trust model with three related models: TBSM, NRB and NTM. The experimental results indicate that our trust model converges fast and the mean absolute error is always less than 0.05 when the proportion of malicious nodes is from 10% to 70%. The comparative experiments further verify the effectiveness of our trust model in terms of accuracy, convergence rate and resistance to trust related attacks.

Full Paper:  An adaptive trust model based on recommendation filtering algorithm for the Internet of Things systems 

[2] Tingting Lu, Fanping Zeng#*, Guozhu Chen, Wenjuan Shu, Jingfei Shen, Weikang Zhang. A Novel Hybrid Model for Task Dependent Scheduling in Container-based Edge Computing[C]. 2021 IEEE International Conference on Communications Workshops (ICC Workshops)

AbstractThe capability leak of Android applications is one kind of serious vulnerability. It causes other apps to leverage its functions to achieve their illegal goals. In this paper, we propose a tool which can automatically generate capability leaks’ exploits of Android applications with path-sensitive symbolic execution-based static analysis and test. It can aid in reducing false positives of vulnerability analysis and help engineers find bugs. We utilize control flow graph (CFG) reduction and call graph (CG) search optimization to optimize symbolic execution, which make our tool applicable for practical apps. By applying our tool to 439 popular applications of the Wandoujia (a famous app market in China) in 2017, we found 2239 capability leaks of 16 kinds of permissions. And the average analysis time was 4 minutes per app. A demo video can be found at the website https://youtu.be/dXFMNZWxEc0.

Full Paper:  A_Novel_Hybrid_Model_for_Task_Dependent_Scheduling_in_Container-based_Edge_Computing

[3] Mingsong Zhou, Fanping Zeng, Yu Zhang, Chengcheng Lv, Zhao Chen, Guozhu Chen. Automatic Generation of Capability Leaks’ Exploits for Android Applications. 2019 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW). ICSTW 2019 (April 22-27, 2019, Xian, Shaanxi, China), 291-295.

AbstractThe capability leak of Android applications is one kind of serious vulnerability. It causes other apps to leverage its functions to achieve their illegal goals. In this paper, we propose a tool which can automatically generate capability leaks’ exploits of Android applications with path-sensitive symbolic execution-based static analysis and test. It can aid in reducing false positives of vulnerability analysis and help engineers find bugs. We utilize control flow graph (CFG) reduction and call graph (CG) search optimization to optimize symbolic execution, which make our tool applicable for practical apps. By applying our tool to 439 popular applications of the Wandoujia (a famous app market in China) in 2017, we found 2239 capability leaks of 16 kinds of permissions. And the average analysis time was 4 minutes per app. A demo video can be found at the website https://youtu.be/dXFMNZWxEc0.

Full Paper:  2019-04-ICSTW2019.pdf 

[4] Chengcheng Lv, Long Zhang, Fanping Zeng, Jian Zhang. Adaptive Random Testing for XSS Vulnerability. The 26th Asia-Pacific Software Engineering Conference. APSEC 2019 (Dec 2-5, 2019, Putrajaya, Malaysia), 63-69.

Abstract—XSS is one of the common vulnerabilities in web applications. Many black-box testing tools may collect a large number of payloads and traverse them to find a payload that can be successfully injected, but they are not very efficient. Previous research has paid less attention to how to improve the efficiency of black-box testing to detect XSS vulnerability. To improve the efficiency of testing, we develop an XSS testing tool. It collects 6128 payloads and uses a headless browser to detect XSS vulnerability. The tool can discover XSS vulnerability quickly with adaptive random testing method. We conduct an experiment using 3 extensively adopted open source vulnerable benchmarks and 2 actual websites to evaluate the adaptive random testing method. The experimental results indicate that the adaptive random testing method can effectively improve the fuzzing method by more than 27.1% in reducing the number of attempts before accomplishing a successful injection.

Full Paper: 2019-12-Adaptive Random Testing for XSS Vulnerability.pdf  

[5] Mingsong Zhou, Fanping Zeng, Zhao Chen. Capability Leakage Detection Between Android Applications Based on Dynamic Feedback. The 25th International Conference on Parallel and Distributed Systems. ICPADS 2019 (December 4-6, 2019, Tianjin, China), 943-948.

Abstract—The capability leakage of Android applications is one kind of serious vulnerabilities. It can cause other applications to leverage its functions to achieve their illegal goals. In this paper, we propose a tool which can automatically detect and confirm capability leakages of Android applications with dynamic-feedback testing. The tool utilizes context-sensitive, flow-sensitive inter-procedural data flow analysis to find key variables and instrumentation points, then it tests the application continuously by test cases generated from test log. We have made experiments on 607 most popular applications of Wandoujia in 2017, and found a total of 6,070 in 16 kinds of capability leakages. Compared with the famous IntentFuzzer, our tool is 19.38% better on the average ability to detect permission capability leakage.

Full Paper:  2019-12-CapabilityLeakageDetection.pdf

[6] Zhao Chen, Fanping Zeng, Tingting Lu, Wenjuan Shu. Multi-platform Application Interaction Extraction for IoT Devices. The 25th International Conference on Parallel and Distributed Systems. ICPADSW 2019 (December 4-6, 2019, Tianjin, China), 990-995.

Abstract—IoT devices used in smart home have become a fundamental part of modern society. Such devices enable our living space to be more convenient. This enables human interaction with physical environment, also happens between two applications or others third-party rules in addition, and causes some unexpected automation, even causes safety concerns. What’s worse is that attackers can leverage stealthy physical interactions to launch attacks against IoT systems or steal user privacy. In this paper, we propose a tool called IoTIE that discovers any possible physical interactions and extract all potential interactions across applications and rules in the IoT environment. And we present a comprehensive system evaluation on the Samsung SmartThings and IFTTT platform. We study 187 official SmartThings applications and 98 IFTTT rules, and find they can form 231 hidden inter-app interactions through physical environments. In particular, our experiment reveals that 74 interactions are highly risky and could be potentially exploited to impact the security and safety of the IoT environment. Index Terms—IoT, multi-platform, application analysis and interaction extraction

Full Paper:  2019-12-Multi-platformApplicationInteractionExtractionforIoTDevices.pdf

[7] Niannian Xie, Fanping Zeng, Xiaoxia Qin, Yu Zhang, Mingsong Zhou and Chengcheng Lv. RepassDroid: Automatic Detection of Android Malware Based on Essential Permissions and Semantic Features of Sensitive APIs. The 12th International Symposium on Theoretical Aspects of Software Engineering. TASE 2018 (August 29-31, 2018, Guangzhou, Guangdong, China), 52-59.

Abstract—Most current literature on Android malware pays particular attention to the features of applications. Much of them focus on permissions or APIs, neglecting the behavioral semantics of applications, and the literature considering behavioral semantics is often expensive and weak in extendibility. In this paper, we introduce RepassDroid – a relatively coarse-grained but faster tool for automatic Android malware detection. We define Generalized-sensitive API and emphasize on considering if the trigger points of generalized sensitive APIs are UI-related or not. It analyzes the application by abstracting the generalized sensitive API with its trigger point as the semantic feature, with the addition of Really essential Permission as the syntax feature. Then it utilizes machine learning to automatically determine whether an application is benign or malicious. We evaluate RepassDroid on 24288 samples in total, 20000 for training and 4288 for test. With the comparative experiments, we find that Random Forest is the optimal classification technique for our feature set, achieving 97.7% accuracy and 0.99 AUC, along with a malware classification precision as high as 99.3%. Our evaluation results confirm that our approach and the feature set are logical and effective for Android malware detection.

Full Paper:  2018-08-RepassDroid-TASE2018.pdf 

[8] Xingqiu Zhong, Fanping Zeng, Zhichao Cheng, Niannian Xie, Xiaoxia Qin, Shuli Guo. Privilege Escalation Detecting in Android Applications[C]. The 3rd International Conference on Big Data Computing and Communications. BigCom2017 (August 10th-11th, 2017, Chengdu, Sichuan, China).

Abstract—As the most popular mobile operating system, there are large amount of applications developed for  Android. Considering security issues, developers are forced to declare relative permissions in manifest file when they need to use sensitive APIs. With the ability of inter-component communication (ICC) provided by Android, malicious applications can indirectly call sensitive APIs through components exposed by other applications, leading to privilege escalation. To address this problem, we propose a method to detect this kind of privilege escalation between two applications. First, we compare the permission sets of both applications. Then, if necessary we identify call links between two applications and perform inter-application control flow analysis. Finally, according to the result of control flow analysis, we can judge whether the privilege escalation exists. As the experiment result shows, our
method can accurately detect privilege escalation between two applications.
 

[9] Zhichao Cheng, Fanping Zeng, Xingqiu Zhong, Mingsong Zhou, Chengcheng Lv, Shuli Guo. Resolving Reflection Methods in Android Applications [C]. 2017 IEEE International Conference on Intelligence and Security Informatics. IEEEISI2017 (July 22-24, 2017, Beijing, China).

Abstract—Although reflection methods in Android can facilitate developing applications, they will block control flow and data flow in static analysis, making its precision decreased. To solve this problem, we trigger applications to execute reflection methods and record its reflection targets at runtime. Reflection targets may be a method invocation, field setting or instantiating of some classes. Considering many static analysis’ input is apk file, we further transform reflection methods in apk into explicit method invocation, field setting and class initiating according to the recorded reflection targets. Our experiment result shows that, based on our method, some static analysis can perform better on these transformed apk and produce more precise results.

 


 

  • 吕成成, 张龙, 邓茜, 曾凡平, 严俊,张健. 针对 WEB 应用程序搜索功能的组合测试[J], 计算机科学与探索, 2019, 13(11): 1839-1851.

摘要为了方便用户查询感兴趣的资源,许多 WEB 应用程序会提供搜索功能。如果搜索功能存在故障,将会导致 WEB 应用程序的功能异常,甚至会引发安全问题,因而需要对其进行充分地测试。可以使用组合测试的方法生成测试用例测试 WEB 应用程序的搜索功能,其中每一个测试用例是由特殊字符组成的字符串。对于引起系统错误的测试用例,使用组合测试错误定位的方法找到系统错误是由哪些字符组合引起的。使用该方法对学校、政府和事业单位的 96 个网站进行了测试,发现其中 23 个网站在搜索某些特殊字符组合时,会引起服务器错误响应。错误定位结果表明,56%的服务器错误响应是由”%”、”<”、”’”、”\”和其他字符的组合引起的。

Full Paper: 2019-11-JournalOfFrontiersOfComputerScienceAndTechnology.pdf

  • 谢念念, 曾凡平, 周明松, 秦晓霞, 吕成成, 陈钊. 多维敏感特征的Android恶意应用检测[J], 计算机科学, 2019, 46(2): 95-101.

摘要应用程序的行为语义在Android恶意应用检测中起着关键作用。为了区分应用的行为语义,文中提出适合用于Android恶意应用检测的特征和方法。首先定义广义敏感API,强调要考虑广义敏感API的触发点是否与UI事件相关,并且要结合应用实际使用的权限。该方法将广义敏感API及其触发点抽象为语义特征,将应用实际使用的权限作为语法特征,再利用机器学习分类方法自动检测应用是否具有恶意性。在13226个样本上进行了对比实验,实验结果表明,该方法的分析速度快且开销小,选取的特征集使Android恶意应用检测得到很好的结果;经机器学习分类技术的比较,我们选择随机森林作为检测方案中的分类技术,所提特征策略的分类准确率达到96.5%,AUC达到0.99,恶意应用的分类精度达到98.8%。

  • 陈钊, 曾凡平, 陈国柱, 张燕咏, 李向阳. 物联网安全测评技术综述[J], 信息安全学报, 2019, 4(3): 2-16.

摘要近年来,物联网大规模应用于智能制造、智能家居、智慧医疗等产业,物联网的安全问题日益突出,给物联网的发展带来了前所未有的挑战。安全测评技术是保障物联网安全的重要手段,在物联网应用的整个开发生命周期都需要进行安全测评工作,以保证物联网服务的安全性和健壮性。物联网节点面临计算能力、体积和功耗受限等挑战,智慧城市等应用场景提出了大规模泛在异构连接和复杂跨域的需求。本文首先总结了目前物联网中常用的安全测评方法和风险管理技术;然后从绿色、智能和开放三个方面分析物联网安全技术的发展现状和存在的安全问题,并总结了物联网安全测评面临的挑战以及未来的研究方向。

Full Paper: 2019-05-JournalofCyberSecurity.pdf

  • 彭凌, 曾凡平, 严俊, 汤杨. 一种有效的Android应用隐式权限提取方法[J], 小型微型计算机系统, 2016, 37(3): 515-519.

[摘要] 隐式权限在Android应用开发中有大量的应用。针对隐式权限审核与资源关联的特性,本文提出一种基于程序静态分析与过程内数据流分析技术的隐式权限检测方法。该方法首先根据函数调用在引发权限审核的过程中是否与系统资源关联分类为显式和隐式;然后借助过程内数据流分析技术对隐式调用提取参数值,构建包含资源信息的完整函数调用;最后与事先收集的权限-函数映射关系比对后得到权限信息。实验结果表明,方法可以有效地检测程序中的隐式权限,漏误报数目少,在性能上相比同类型工具有极大的提升。此外,本文收集的隐式权限-资源映射关系相比其他相关工作更完整,将其与开源的显式权限映射表结合,本文实现了权限自动提取工具UpsetEx。

[Abstract] Implicit permissions are often used in Android application development. Concerning the feature of implicit permissions associated with the target resources, this paper proposes a novel implicit permission detecting method based on static analysis and procedural data flow analysis technique. Firstly, the function calls are classified to explicit or implicit according to whether the permission approval process is related to the system resource. Then, the resource parameter’s value of implicit function calls is obtained by procedural data flow analysis, and a complete function calls are built. Finally, the permissions are found by comparing the function calls with a pre-requisite permission specification. The experimental results show that our method can effectively detect implicit permissions with relatively few false positive and false negative, much better than similar analysis tools. What’s more, the implicit permission specification that we have collected is more complete than other related works did. Combined with an open source explicit permission specification, we have developed the automated permission extraction tool UpsetEx.

  • 朱正欣, 曾凡平, 黄心依. 动态符号化污点分析研究及实现[J], 计算机科学, 2016, 43(2): 155-158, 187.

[摘要] 动态污点分析技术常用于跟踪二进制程序的信息流及检测安全漏洞,通过程序的动态执行来检测出程序中由测试用例触发的漏洞.它的误报率很低,但是漏报率较高,效率较低.针对动态污点分析的这一问题,动态符号化污点分析方法对污点分析进行了改进,通过将污点分析符号化来降低漏报率及提高效率.根据基于指令的污点传播来获得相关污点数据的信息,同时制定符号化的风险分析规则,通过检测污点信息是否违反风险规则来发现存在的风险.实验结果表明,该方法不仅具有污点分析低误报率的优点,而且克服了污点分析高漏报率的缺点.在污点分析过程中产生的漏洞、风险及相关污点信息还可用于指导测试用例的生成,提高测试效率以及降低测试用例的冗余.

  • 王建敏, 曾凡平, 王健康. 用优化的正则表达式引擎进行快速网络流分类[J], 小型微型计算机系统, 2015, 36(12): 2690-2695.

[摘要] 依赖于正则表达式匹配的深度包检测技术因准确率高成为网络流分类广泛使用的技术.为了能在线性时间内对网络流进行快速分类,需采用时间高效的确定性有限自动机(DFA)匹配引擎,但DFA存在空间爆炸问题,无法满足实际需求.为了解决这个问题,本文从DFA中每个状态在不同的输入字符转换下到达的目的状态特性出发,提出了一种基于默认目的状态和位图技术的DFA压缩算法(对应的自动机模型称为DBDFA),该算法能够将有着相同目的状态的多条转移边压缩为只需一个默认目的状态或只需一个时空高效的位图.实验表明,DBDFA能达到平均99%的压缩效率,优于目前大多数的DFA压缩技术,且压缩后的总体匹配效率是原有DFA的3~5倍,这是目前大部分的压缩技术所不能达到的。