Entity

Time filter

Source Type


Sha H.-Z.,Beijing University of Posts and Telecommunications | Sha H.-Z.,Chinese Academy of Sciences | Sha H.-Z.,National Engineering Laboratory for Information Security Technology | Zhou Z.,Chinese Academy of Sciences | And 5 more authors.
Tongxin Xuebao/Journal on Communications | Year: 2014

A self-learning light-wight (SLW) is proposed. SLW is the first to introduce access relations and have the characteristics of feedback and self-learning. SLW approach starts from the seed set which includes known malicious pages. Then, it automatically figures out users with low credibility based on the seed set and the visit relation database. Finally, the access records of these users are used to identify other malicious pages. Experimental results indicate that SLW approach can significantly improve the efficiency of malicious pages detection and reduce the average detection time compared with other conventional methods.


Zang T.-N.,Harbin Engineering University | Yun X.-C.,Harbin Engineering University | Yun X.-C.,CAS Institute of Computing Technology | Yun X.-C.,National Engineering Laboratory for Information Security Technology | And 5 more authors.
Tongxin Xuebao/Journal on Communications | Year: 2011

A potential hidden relationship may exist among different zombie groups. A method to analyze the relationship among botnets was proposed based on the communication activities. The method extracted several communication features of botnet, including the number of flows per hour, the number of packets per flow, the number of flows per IP and the packet payloads. It defined similarity statistical functions of the communication features, and built the analysis model of botnets relationship based on the advanced dempster-shafer (D-S) evidence theory to synthetically evaluate the similarities between different zombie groups. The experiments were conducted using several botnet traces. The results show that the method is valid and efficient, even in the case of encrypted botnet communication messages. Moreover, the ideal processing results is achieved by applying our method to analyze the data captured from the security monitoring platform of computer network, as well as compare with similar work.


Zang T.,Chinese Academy of Sciences | Zang T.,Harbin Engineering University | Zang T.,National Engineering Laboratory for Information Security Technology | Yun X.,Chinese Academy of Sciences | And 5 more authors.
Wuhan Daxue Xuebao (Xinxi Kexue Ban)/Geomatics and Information Science of Wuhan University | Year: 2012

An approach for analyzing the relationship among botnets was presented. Several botnet communication characteristics were extracted, including the amount of data flows within a botnet, the number of packets per data flow, the payload of communication and data packets in the master hosts. Statistical similarity functions of botnet characteristics were defined. Based on the cloud model and the defined statistical similarity functions, the analysis model of botnet relationship was build, and the similarities of botnet characteristics were synthetically evaluated. The analysis experiments were conducted based on a simulation network environment. The experimental results show that the presented method was valid and efficient, even in the case of encrypted botnet communication messages. The result is better than the research production in the report on the interrelated research achievements.


Sha H.-Z.,Chinese Academy of Sciences | Sha H.-Z.,Beijing University of Posts and Telecommunications | Sha H.-Z.,National Engineering Laboratory for Information Security Technology | Liu Q.-Y.,Chinese Academy of Sciences | And 9 more authors.
Jisuanji Xuebao/Chinese Journal of Computers | Year: 2016

In recent years, with the rapid development of Internet and the increasing growth of network services and security needs, the existence of malicious web pages have become a much more serious problem for personal privacy and property safety. As one of the key technologies to resist network attacks, the detection techniques for malicious web pages can effectively help people avoid potential security threats and thus ensure the network security. In this paper, we describe the latest research achievements from theory to practice. It starts from the introduction of the formal definition of malicious web pages, and followed by concluding the detection techniques' application scenarios, basic framework and evaluation principles. Then, it introduces several typical detection schemes, classifies them into categories, and finally puts them to a horizontal comparison. Based on the understanding of the research status in malicious web page detection schemes, this paper presents an in-depth discussion of the current challenges in which people have to face, including both dynamical changes of the objective environments and upgrades of the escape techniques. Finally, it looks into the future of this field. © 2016, Science Press. All right reserved.


Li B.-H.,Beijing University of Posts and Telecommunications | Li B.-H.,Chinese Academy of Sciences | Li B.-H.,National Engineering Laboratory for Information Security Technology | Xu K.-F.,Chinese Academy of Sciences | And 10 more authors.
Ruan Jian Xue Bao/Journal of Software | Year: 2016

Virtual machine introspection (VMI) has received much attention from both academic and industrial community, and plays an important role in intrusion detection, kernel integrity protection and many other areas. However, the semantic gap has greatly limited the development of this technology. In this respect, this paper divides existing VMI technologies into four categories based on the methods of semantic reconstruction, followed by the problems and their corresponding researches. Analysis results reveal the difficulties in meeting all the requirements. The paper therefore details the relevant applied research in security based on VMI. Finally, it presents the future research directions that need in-depth study, such as VMI's security, availability and transparency. © Copyright 2016, Institute of Software, the Chinese Academy of Sciences. All rights reserved.

Discover hidden collaborations