Computers & Security最新文献_第4页

HIDIM: A novel framework of network intrusion detection for hierarchical dependency and class imbalance HIDIM：分层依赖和类不平衡的新型网络入侵检测框架

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-10-20 DOI: 10.1016/j.cose.2024.104155

Weidong Zhou , Chunhe Xia , Tianbo Wang , Xiaopeng Liang , Wanshuang Lin , Xiaojian Li , Song Zhang

Deep learning-based network intrusion detection has been extensively explored as a data-driven approach. Therefore, paying attention to the data’s characteristics is essential. By analyzing the attribute dependence and sample distribution of intrusion data, there are the following problems: “hierarchical dependency omission” and “decision boundary discontinuity.” The former means the previous attribute embedding models failed to incorporate network protocol hierarchy. The latter indicates that the small disjuncts distribution leads to sub-concept fragmentation, exacerbating the difficulty in handling class imbalance. To address these problems, we propose a novel detection framework for Hierarchical Dependency and Class Imbalance (HIDIM). First, we treat semantic attributes as words and introduce the protocol hierarchy of attributes into a paragraph embedding model. Second, we design a synthetic oversampling method. It adopts a mutual nearest neighbor approach to determine the boundaries of each disjunct. Then, it synthesizes high-quality samples within those boundary areas by crossing or mutating features based on their importance. The experimental results on multiple real-world datasets demonstrate that the proposed framework is superior to other state-of-the-art models in terms of accuracy, F1-score, and false negative rate by 2.23%, 2.12%, and 1.43% on average, respectively.

作为一种数据驱动的方法，基于深度学习的网络入侵检测已经得到了广泛的探索。因此，关注数据的特性至关重要。通过分析入侵数据的属性依赖性和样本分布，存在以下问题："层次依赖遗漏 "和 "决策边界不连续"。前者意味着以往的属性嵌入模型未能将网络协议层次结构纳入其中。后者表明，小的不连续性分布导致子概念碎片化，加剧了处理类不平衡的难度。为了解决这些问题，我们提出了一个新颖的分层依赖和类不平衡（HIDIM）检测框架。首先，我们将语义属性视为词，并将属性的协议层次引入段落嵌入模型。其次，我们设计了一种合成超采样方法。它采用互为近邻的方法来确定每个分节的边界。然后，它根据特征的重要性，通过交叉或突变特征，在这些边界区域内合成高质量样本。在多个真实世界数据集上的实验结果表明，所提出的框架在准确率、F1 分数和假阴性率方面优于其他最先进的模型，平均分别提高了 2.23%、2.12% 和 1.43%。

{"title":"HIDIM: A novel framework of network intrusion detection for hierarchical dependency and class imbalance","authors":"Weidong Zhou , Chunhe Xia , Tianbo Wang , Xiaopeng Liang , Wanshuang Lin , Xiaojian Li , Song Zhang","doi":"10.1016/j.cose.2024.104155","DOIUrl":"10.1016/j.cose.2024.104155","url":null,"abstract":"<div><div>Deep learning-based network intrusion detection has been extensively explored as a data-driven approach. Therefore, paying attention to the data’s characteristics is essential. By analyzing the attribute dependence and sample distribution of intrusion data, there are the following problems: “hierarchical dependency omission” and “decision boundary discontinuity.” The former means the previous attribute embedding models failed to incorporate network protocol hierarchy. The latter indicates that the small disjuncts distribution leads to sub-concept fragmentation, exacerbating the difficulty in handling class imbalance. To address these problems, we propose a novel detection framework for <u>Hi</u>erarchical <u>D</u>ependency and Class <u>Im</u>balance (HIDIM). First, we treat semantic attributes as words and introduce the protocol hierarchy of attributes into a paragraph embedding model. Second, we design a synthetic oversampling method. It adopts a mutual nearest neighbor approach to determine the boundaries of each disjunct. Then, it synthesizes high-quality samples within those boundary areas by crossing or mutating features based on their importance. The experimental results on multiple real-world datasets demonstrate that the proposed framework is superior to other state-of-the-art models in terms of accuracy, F1-score, and false negative rate by 2.23%, 2.12%, and 1.43% on average, respectively.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104155"},"PeriodicalIF":4.8,"publicationDate":"2024-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142552115","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

WF-LDPSR: A local differential privacy mechanism based on water-filling for secure release of trajectory statistics data WF-LDPSR：基于注水的局部差分隐私机制，用于安全发布轨迹统计数据

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-10-19 DOI: 10.1016/j.cose.2024.104165

Yan-zi Li , Li Xu , Jing Zhang , Liao-ru-xing Zhang

Open Data Processing Services are used to solve the bottleneck of big data storage and operation. At the same time, massive trajectory data is generated, and the basic information of users’ spatio-temporal historical data is provided, including points of interest and movement patterns. Improving the availability of published trajectory statistics data without compromising user privacy is critical. Differential privacy technology is a standard technology to realize the secure release of trajectory statistics data. Several research efforts have focused on secure publication of trajectory statistics data in a central environment by adding noise to a trusted third-party server. However, this central approach is vulnerable to privacy breaches, where adversaries can access real data by locking down the third-party server. The local differential privacy, based on a distributed architecture, overcomes this form of attack by allowing users to scramble personal data records before they are sent to third-party server. However, the existing distributed privacy protection schemes still have the balance problem of poor availability of data when ensuring privacy, as well as the problem of excessive operation cost. Therefore, a local differential privacy mechanism based on water-filling for secure release of trajectory statistics data (WF-LDPSR) is proposed in this paper. Firstly, in order to protect user privacy individually, a user automatic personalized segmentation method is proposed to determine the effective user sensitivity level automatically. Secondly, a distributed privacy protection model based on local differential privacy is designed to resist the attacks on the third-party server. Finally, in order to achieve the optimal allocation of privacy budget, the water-filling theorem in the field of communication is introduced. An adaptive privacy budget allocation algorithm based on water-filling theorem is proposed to realize the adaptive privacy budget allocation. In addition, to further improve data availability, a group processing idea based on user set sampling is proposed, which divides users into multiple disjoint subsets randomly, thus reducing the differential privacy noise effectively. Experiments prove that compared with other advanced mechanisms, the WF-LDPSR mechanism can improve the availability of published data by 84.92% while protecting user privacy.

利用开放数据处理服务，解决大数据存储和运营的瓶颈。同时，生成海量轨迹数据，提供用户时空历史数据的基本信息，包括兴趣点和运动模式。在不损害用户隐私的前提下提高已发布轨迹统计数据的可用性至关重要。差分隐私技术是实现轨迹统计数据安全发布的标准技术。一些研究工作侧重于通过向可信第三方服务器添加噪声，在中央环境中安全发布轨迹统计数据。然而，这种中央方法很容易受到隐私泄露的影响，对手可以通过锁定第三方服务器来获取真实数据。基于分布式架构的本地差分隐私保护克服了这种形式的攻击，允许用户在个人数据记录发送到第三方服务器之前对其进行加扰处理。然而，现有的分布式隐私保护方案仍然存在确保隐私时数据可用性差的平衡问题，以及操作成本过高的问题。因此，本文提出了一种基于注水的轨迹统计数据安全发布局部差分隐私机制（WF-LDPSR）。首先，为了单独保护用户隐私，提出了一种用户自动个性化分割方法，自动确定有效的用户敏感度等级。其次，设计了一种基于局部差分隐私的分布式隐私保护模型，以抵御对第三方服务器的攻击。最后，为了实现隐私预算的最优分配，引入了通信领域的注水定理。提出了基于注水定理的自适应隐私预算分配算法，以实现自适应隐私预算分配。此外，为了进一步提高数据可用性，还提出了基于用户集抽样的分组处理思想，将用户随机分为多个不相邻的子集，从而有效降低了差异隐私噪声。实验证明，与其他先进机制相比，WF-LDPSR 机制在保护用户隐私的同时，能将发布数据的可用性提高 84.92%。

{"title":"WF-LDPSR: A local differential privacy mechanism based on water-filling for secure release of trajectory statistics data","authors":"Yan-zi Li , Li Xu , Jing Zhang , Liao-ru-xing Zhang","doi":"10.1016/j.cose.2024.104165","DOIUrl":"10.1016/j.cose.2024.104165","url":null,"abstract":"<div><div>Open Data Processing Services are used to solve the bottleneck of big data storage and operation. At the same time, massive trajectory data is generated, and the basic information of users’ spatio-temporal historical data is provided, including points of interest and movement patterns. Improving the availability of published trajectory statistics data without compromising user privacy is critical. Differential privacy technology is a standard technology to realize the secure release of trajectory statistics data. Several research efforts have focused on secure publication of trajectory statistics data in a central environment by adding noise to a trusted third-party server. However, this central approach is vulnerable to privacy breaches, where adversaries can access real data by locking down the third-party server. The local differential privacy, based on a distributed architecture, overcomes this form of attack by allowing users to scramble personal data records before they are sent to third-party server. However, the existing distributed privacy protection schemes still have the balance problem of poor availability of data when ensuring privacy, as well as the problem of excessive operation cost. Therefore, a local differential privacy mechanism based on water-filling for secure release of trajectory statistics data (WF-LDPSR) is proposed in this paper. Firstly, in order to protect user privacy individually, a user automatic personalized segmentation method is proposed to determine the effective user sensitivity level automatically. Secondly, a distributed privacy protection model based on local differential privacy is designed to resist the attacks on the third-party server. Finally, in order to achieve the optimal allocation of privacy budget, the water-filling theorem in the field of communication is introduced. An adaptive privacy budget allocation algorithm based on water-filling theorem is proposed to realize the adaptive privacy budget allocation. In addition, to further improve data availability, a group processing idea based on user set sampling is proposed, which divides users into multiple disjoint subsets randomly, thus reducing the differential privacy noise effectively. Experiments prove that compared with other advanced mechanisms, the WF-LDPSR mechanism can improve the availability of published data by 84.92% while protecting user privacy.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104165"},"PeriodicalIF":4.8,"publicationDate":"2024-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142532344","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

NTLFlowLyzer: Towards generating an intrusion detection dataset and intruders behavior profiling through network and transport layers traffic analysis and pattern extraction NTLFlowLyzer：通过网络和传输层流量分析和模式提取，生成入侵检测数据集和入侵者行为剖析

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-10-19 DOI: 10.1016/j.cose.2024.104160

MohammadMoein Shafi , Arash Habibi Lashkari , Arousha Haghighian Roudsari

Network security remains a critical concern in modern computing systems due to the constant emergence of threats and attacks. This paper introduces a comprehensive behavioral profiling solution to address the limitations of current intrusion detection methods in identifying zero-day attacks and novel malicious behaviors. Beginning with raw network data, the proposed framework progresses through multiple stages, ultimately culminating in the creation of activity-specific profiles. Central to this approach is NTLFlowLyzer, a novel network traffic analyzer, which generates an updated dataset, BCCC-CIC-IDS2017, for enhanced profile generation. The core of the profiling system leverages the distinct behaviors exhibited by individual features and the diverse correlations observed across various activities. The profiling procedure attains accuracy and robustness by integrating a novel feature selection algorithm and a pattern extraction process. Furthermore, behavior similarity is introduced to quantify the resemblance between activities based on their features and behaviors. We rigorously evaluate the effectiveness of our model by subjecting it to comprehensive testing, followed by meticulous comparison with previous works. Our proposed framework proficiently characterizes eight malicious activities with an accuracy rate surpassing 99.8%, while displaying promising performance in profiling various other activities. These findings, derived from our comprehensive experiments, provide valuable guidance for accurately implementing behavioral profiling.

由于威胁和攻击的不断出现，网络安全仍然是现代计算系统中的一个重要问题。本文介绍了一种全面的行为特征分析解决方案，以解决当前入侵检测方法在识别零日攻击和新型恶意行为方面的局限性。从原始网络数据开始，所提出的框架经过多个阶段，最终创建出针对特定活动的特征分析。NTLFlowLyzer 是这种方法的核心，它是一种新型网络流量分析器，可生成最新数据集 BCCC-CIC-IDS2017，用于增强剖析生成。剖析系统的核心是利用单个特征所表现出的独特行为以及在各种活动中观察到的不同相关性。通过整合新颖的特征选择算法和模式提取过程，剖析程序实现了准确性和鲁棒性。此外，还引入了行为相似性，根据活动的特征和行为量化活动之间的相似性。我们对模型进行了全面测试，并与之前的研究成果进行了细致比较，从而对模型的有效性进行了严格评估。我们所提出的框架能够熟练地描述八种恶意活动，准确率超过 99.8%，同时在描述其他各种活动时也表现出良好的性能。这些结论来自我们的全面实验，为准确实施行为特征分析提供了宝贵的指导。

{"title":"NTLFlowLyzer: Towards generating an intrusion detection dataset and intruders behavior profiling through network and transport layers traffic analysis and pattern extraction","authors":"MohammadMoein Shafi , Arash Habibi Lashkari , Arousha Haghighian Roudsari","doi":"10.1016/j.cose.2024.104160","DOIUrl":"10.1016/j.cose.2024.104160","url":null,"abstract":"<div><div>Network security remains a critical concern in modern computing systems due to the constant emergence of threats and attacks. This paper introduces a comprehensive behavioral profiling solution to address the limitations of current intrusion detection methods in identifying zero-day attacks and novel malicious behaviors. Beginning with raw network data, the proposed framework progresses through multiple stages, ultimately culminating in the creation of activity-specific profiles. Central to this approach is NTLFlowLyzer, a novel network traffic analyzer, which generates an updated dataset, BCCC-CIC-IDS2017, for enhanced profile generation. The core of the profiling system leverages the distinct behaviors exhibited by individual features and the diverse correlations observed across various activities. The profiling procedure attains accuracy and robustness by integrating a novel feature selection algorithm and a pattern extraction process. Furthermore, behavior similarity is introduced to quantify the resemblance between activities based on their features and behaviors. We rigorously evaluate the effectiveness of our model by subjecting it to comprehensive testing, followed by meticulous comparison with previous works. Our proposed framework proficiently characterizes eight malicious activities with an accuracy rate surpassing 99.8%, while displaying promising performance in profiling various other activities. These findings, derived from our comprehensive experiments, provide valuable guidance for accurately implementing behavioral profiling.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104160"},"PeriodicalIF":4.8,"publicationDate":"2024-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142532343","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A robust federated learning algorithm for partially trusted environments 适用于部分可信环境的稳健联合学习算法

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-10-19 DOI: 10.1016/j.cose.2024.104161

Yong Li , TongTong Liu , HaiChao Ling , Wei Du , XiangLin Ren

Due to the distributed nature of federated learning, it is vulnerable to poisoning attacks during the training process. The model’s resistance to poisoning attacks can be improved using robust aggregation algorithms. Current research on federated learning to resist poisoning attacks is mainly based on two settings: No trust or Byzantine robustness. However, both settings are not close enough to reality in practical scenarios. In many practical applications, some participants in federated learning are trustworthy. For example, participants who have participated in the training of this model before and performed very well, or participants with strong compliance and credibility such as governments and some national agencies participate in the training. In existing research, these trusted participants still have to accept the judgment of the aggregation node, which generates unnecessary computation, increases overhead, and does not take advantage of a trusted environment. Since there is no attack behavior on the trusted client, its training results are used to classify the trustworthiness of other untrusted clients and identify attack nodes with higher accuracy. Therefore, this paper proposes a robust federated learning algorithm for partially trusted environments. The proposed scheme uses the experimental results of trusted clients to judge the behavior of untrustworthy clients by the cosine similarity and the Local Outlier Factor and further identify and detect malicious clients. Experiments are performed on MNIST and CIFAR datasets. Comparison with other six aggregation algorithms under 30% attack scenario. And compared with the other four aggregation algorithms under 70% attack conditions. Our algorithm is more accurate than almost all of the other aggregation algorithms. The paper is the first to conduct robust research on federated learning in a partially trusted environment, and the proposed algorithm can more effectively resist poisoning attacks.

由于联合学习的分布式特性，它在训练过程中很容易受到中毒攻击。使用鲁棒聚合算法可以提高模型的抗中毒攻击能力。目前关于联合学习抵御中毒攻击的研究主要基于两种设置：无信任或拜占庭鲁棒性。然而，这两种设置在实际场景中都不够贴近现实。在许多实际应用中，联合学习中的一些参与者是值得信任的。例如，曾经参加过该模型培训并表现出色的参与者，或者是政府和一些国家机构等具有很强合规性和公信力的参与者参与培训。在现有的研究中，这些可信的参与者仍需接受聚合节点的判断，这会产生不必要的计算，增加开销，而且无法利用可信环境的优势。由于可信客户端不存在攻击行为，其训练结果可用于对其他不可信客户端的可信度进行分类，并以更高的准确率识别攻击节点。因此，本文提出了一种针对部分可信环境的鲁棒联合学习算法。所提方案利用可信客户端的实验结果，通过余弦相似度和局部离群因子来判断不可信客户端的行为，并进一步识别和检测恶意客户端。实验在 MNIST 和 CIFAR 数据集上进行。在 30% 的攻击场景下与其他六种聚合算法进行比较。在 70% 的攻击情况下，与其他四种聚合算法进行比较。我们的算法比几乎所有其他聚合算法都更准确。本文首次对部分可信环境下的联合学习进行了稳健研究，提出的算法能更有效地抵御中毒攻击。

{"title":"A robust federated learning algorithm for partially trusted environments","authors":"Yong Li , TongTong Liu , HaiChao Ling , Wei Du , XiangLin Ren","doi":"10.1016/j.cose.2024.104161","DOIUrl":"10.1016/j.cose.2024.104161","url":null,"abstract":"<div><div>Due to the distributed nature of federated learning, it is vulnerable to poisoning attacks during the training process. The model’s resistance to poisoning attacks can be improved using robust aggregation algorithms. Current research on federated learning to resist poisoning attacks is mainly based on two settings: No trust or Byzantine robustness. However, both settings are not close enough to reality in practical scenarios. In many practical applications, some participants in federated learning are trustworthy. For example, participants who have participated in the training of this model before and performed very well, or participants with strong compliance and credibility such as governments and some national agencies participate in the training. In existing research, these trusted participants still have to accept the judgment of the aggregation node, which generates unnecessary computation, increases overhead, and does not take advantage of a trusted environment. Since there is no attack behavior on the trusted client, its training results are used to classify the trustworthiness of other untrusted clients and identify attack nodes with higher accuracy. Therefore, this paper proposes a robust federated learning algorithm for partially trusted environments. The proposed scheme uses the experimental results of trusted clients to judge the behavior of untrustworthy clients by the cosine similarity and the Local Outlier Factor and further identify and detect malicious clients. Experiments are performed on MNIST and CIFAR datasets. Comparison with other six aggregation algorithms under 30% attack scenario. And compared with the other four aggregation algorithms under 70% attack conditions. Our algorithm is more accurate than almost all of the other aggregation algorithms. The paper is the first to conduct robust research on federated learning in a partially trusted environment, and the proposed algorithm can more effectively resist poisoning attacks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104161"},"PeriodicalIF":4.8,"publicationDate":"2024-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142552120","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A fine-grained approach for Android taint analysis based on labeled taint value graphs 基于标记污点值图的安卓污点分析精细方法

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-10-19 DOI: 10.1016/j.cose.2024.104162

Dongming Xiang , Shuai Lin , Ke Huang , Zuohua Ding , Guanjun Liu , Xiaofeng Li

Static taint analysis is a widely used method to identify vulnerabilities in Android applications. However, the existing tools for static analysis often struggle with processing times, particularly when dealing with complex real-world programs. To reduce time consumption, some tools choose to sacrifice analytical precision, e.g., FastDroid sets an upper limit for analysis iterations in Android applications. In this paper, we propose a labeled taint value graph (LTVG) to store taint flows, and implement a fine-grained analysis tool called LabeledDroid. This graph is constructed based on the taint value graph (TVG) of FastDroid, and takes into account both precision and time consumption. That is, we decompile an Android app into Jimple statements, develop fine-grained propagation rules to handle List, and construct LTVGs according to these rules. Afterwards, we traverse LTVGs to obtain high-precision taint flows. An analysis of 39 apps from the TaintBench benchmark shows that LabeledDroid is 0.87 s faster than FastDroid on average. Furthermore, if some common accuracy parameters are adapted in both LabeledDroid and FastDroid, the experiment demonstrates that the former is more scalable. Moreover, the maximum analysis time of LabeledDroid is less than 200 s and its average time is 46.25 s, while FastDroid sometimes experiences timeouts with durations longer than 600 s. Additionally, LabeledDroid achieves a precision of 70% in handling lists, while FastDroid and TaintSA achieve precisions of 38.9% and 41.2%, respectively.

静态污点分析是一种广泛应用于识别安卓应用程序漏洞的方法。然而，现有的静态分析工具在处理时间上往往很吃力，尤其是在处理复杂的现实世界程序时。为了减少时间消耗，一些工具选择牺牲分析精度，例如，FastDroid 为安卓应用程序的分析迭代设置了上限。在本文中，我们提出了一种标记污点值图（LTVG）来存储污点流，并实现了一种名为 LabeledDroid 的细粒度分析工具。该图基于 FastDroid 的污点值图（TVG）构建，同时考虑了精度和时间消耗。也就是说，我们将 Android 应用程序反编译为 Jimple 语句，制定细粒度传播规则来处理 List，并根据这些规则构建 LTVG。然后，我们遍历 LTVGs 以获得高精度的污点流。对 TaintBench 基准测试中 39 个应用程序的分析表明，LabeledDroid 比 FastDroid 平均快 0.87 秒。此外，如果在 LabeledDroid 和 FastDroid 中调整一些共同的精度参数，实验表明前者的可扩展性更高。此外，LabeledDroid 的最长分析时间小于 200 秒，平均分析时间为 46.25 秒，而 FastDroid 有时会出现超过 600 秒的超时。

{"title":"A fine-grained approach for Android taint analysis based on labeled taint value graphs","authors":"Dongming Xiang , Shuai Lin , Ke Huang , Zuohua Ding , Guanjun Liu , Xiaofeng Li","doi":"10.1016/j.cose.2024.104162","DOIUrl":"10.1016/j.cose.2024.104162","url":null,"abstract":"<div><div>Static taint analysis is a widely used method to identify vulnerabilities in Android applications. However, the existing tools for static analysis often struggle with processing times, particularly when dealing with complex real-world programs. To reduce time consumption, some tools choose to sacrifice analytical precision, e.g., FastDroid sets an upper limit for analysis iterations in Android applications. In this paper, we propose a labeled taint value graph (LTVG) to store taint flows, and implement a fine-grained analysis tool called <em>LabeledDroid</em>. This graph is constructed based on the <em>taint value graph</em> (TVG) of FastDroid, and takes into account both precision and time consumption. That is, we decompile an Android app into Jimple statements, develop fine-grained propagation rules to handle <em>List</em>, and construct LTVGs according to these rules. Afterwards, we traverse LTVGs to obtain high-precision taint flows. An analysis of 39 apps from the TaintBench benchmark shows that LabeledDroid is 0.87 s faster than FastDroid on average. Furthermore, if some common accuracy parameters are adapted in both LabeledDroid and FastDroid, the experiment demonstrates that the former is more scalable. Moreover, the maximum analysis time of LabeledDroid is less than 200 s and its average time is 46.25 s, while FastDroid sometimes experiences timeouts with durations longer than 600 s. Additionally, LabeledDroid achieves a precision of 70% in handling lists, while FastDroid and TaintSA achieve precisions of 38.9% and 41.2%, respectively.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104162"},"PeriodicalIF":4.8,"publicationDate":"2024-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142572074","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A secure routing and black hole attack detection system using coot Chimp Optimization Algorithm-based Deep Q Network in MANET 基于黑猩猩优化算法的城域网深度 Q 网络安全路由和黑洞攻击检测系统

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-10-18 DOI: 10.1016/j.cose.2024.104166

Sunitha D , Latha PH

A Mobile Ad hoc Network (MANET) is a widely used and vibrant network, which is unevenly distributed in the environment. It is a set of self-organized independent mobile nodes interconnected without any centralized infrastructure. However, this topology nature makes the network prompt to various network security attacks. To address this issue, this paper proposes a Coot Chimp Optimization Algorithm- Deep Q-Network (CChOA-DQN) for detecting the black hole attacks in MANET. Here, the designed CChOA is used for the identification of the optimal route in the MANET for transmitting data, which takes into fitness parameters, such as energy, distance, neighbourhood quality, link quality, and trust. The features are extracted using the Fisher score and augmented using the over-sampling technique, which is further allowed for the detection process using DQN. Also, the weights of the DQN are enhanced using the CChOA algorithmic technique to enhance the detection performance. Additionally, the results gathered from the experiment revealed that CChOA attained high performance with a maximum of 0.983 Mbps throughput, 93.70 % Packet Delivery Ratio (PDR), and minimum end-end delay of 0.096Sec, Residual energy of 0.119 J, and Control overhead of 4473.11. Also, the CChOA-DQN technique achieved the minimum False Positive Rate (FPR) of 0.122, False Negative Rate (FNR) of 0.121, Computation time of 0.153 and Run time of 0.094.

移动特设网络（MANET）是一种应用广泛、充满活力的网络，在环境中分布不均。它是一组自组织的独立移动节点，在没有任何集中基础设施的情况下相互连接。然而，这种拓扑性质使网络容易受到各种网络安全攻击。针对这一问题，本文提出了一种用于检测城域网黑洞攻击的 Coot Chimp 优化算法--深度 Q 网络（CChOA-DQN）。在这里，所设计的 CChOA 用于识别城域网中传输数据的最佳路径，该路径考虑了能量、距离、邻域质量、链路质量和信任度等适应性参数。使用 Fisher score 提取特征，并使用过度采样技术对特征进行增强，然后使用 DQN 进行检测。同时，使用 CChOA 算法技术增强 DQN 的权重，以提高检测性能。此外，实验结果表明，CChOA 实现了高性能，最高吞吐量为 0.983 Mbps，数据包传输率（PDR）为 93.70%，最小端点延迟为 0.096Sec，剩余能量为 0.119 J，控制开销为 4473.11。此外，CChOA-DQN 技术的误报率 (FPR) 最低为 0.122，误报率 (FNR) 最低为 0.121，计算时间最低为 0.153，运行时间最低为 0.094。

{"title":"A secure routing and black hole attack detection system using coot Chimp Optimization Algorithm-based Deep Q Network in MANET","authors":"Sunitha D , Latha PH","doi":"10.1016/j.cose.2024.104166","DOIUrl":"10.1016/j.cose.2024.104166","url":null,"abstract":"<div><div>A Mobile Ad hoc Network (MANET) is a widely used and vibrant network, which is unevenly distributed in the environment. It is a set of self-organized independent mobile nodes interconnected without any centralized infrastructure. However, this topology nature makes the network prompt to various network security attacks. To address this issue, this paper proposes a Coot Chimp Optimization Algorithm- Deep Q-Network (CChOA-DQN) for detecting the black hole attacks in MANET. Here, the designed CChOA is used for the identification of the optimal route in the MANET for transmitting data, which takes into fitness parameters, such as energy, distance, neighbourhood quality, link quality, and trust. The features are extracted using the Fisher score and augmented using the over-sampling technique, which is further allowed for the detection process using DQN. Also, the weights of the DQN are enhanced using the CChOA algorithmic technique to enhance the detection performance. Additionally, the results gathered from the experiment revealed that CChOA attained high performance with a maximum of 0.983 Mbps throughput, 93.70 % Packet Delivery Ratio (PDR), and minimum end-end delay of 0.096Sec, Residual energy of 0.119 J, and Control overhead of 4473.11. Also, the CChOA-DQN technique achieved the minimum False Positive Rate (FPR) of 0.122, False Negative Rate (FNR) of 0.121, Computation time of 0.153 and Run time of 0.094.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104166"},"PeriodicalIF":4.8,"publicationDate":"2024-10-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142592946","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

SecOnto: Ontological Representation of Security Directives SecOnto：安全指令的本体表示法

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-10-17 DOI: 10.1016/j.cose.2024.104150

Gianpietro Castiglione, Giampaolo Bella, Daniele Francesco Santamaria

The current digital landscape demands robust security requirements and, for doing so, the institutions enact complex security directives to protect the citizens and the infrastructures, particularly in the European Union. These directives aim to safeguard data and harmonise security across the European region, and institutions must navigate this evolving legal landscape in order to implement and keep up-to-date the prescribed security measures.

However, understanding and implementing these directives towards full compliance can be difficult and expensive. Ontological representation can be employed to represent and operationalise such security directives, ultimately contributing to the effectiveness and efficiency of the compliance process. Ontologies in fact promote a structured approach to represent knowledge, making the applicable directives more simply understandable by humans and more readily processable by machines.

This article introduces SecOnto, a novel methodology for representing security directives as ontologies. SecOnto breaks down the process of transforming the juridical language of modern security directives into full-fledged ontologies by means of five semi-automated steps: Preprocessing, Interpretation, Structuring, Representation and Verification. Each step is described and validated by means of operational examples based upon Directive 2022/2555 of the European Parliament and of the Council of the European Union on security of network and information systems, better known as NIS 2.

当前的数字环境需要强有力的安全要求，为此，各机构颁布了复杂的安全指令，以保护公民和基础设施，尤其是在欧盟。这些指令旨在保障数据安全并协调整个欧洲地区的安全，各机构必须驾驭这一不断变化的法律环境，以实施并更新规定的安全措施。然而，要理解并实施这些指令以实现完全合规可能既困难又昂贵。本体论表示法可用于表示和操作此类安全指令，最终有助于提高合规过程的有效性和效率。事实上，本体论促进了一种结构化的知识表示方法，使适用指令更容易被人类理解，也更容易被机器处理。本文介绍了 SecOnto，一种将安全指令表示为本体论的新方法。SecOnto 通过五个半自动化步骤，将现代安全指令的法律语言转化为成熟的本体：预处理、解释、结构化、表示和验证。每个步骤都通过基于欧洲议会和欧盟理事会关于网络和信息系统安全的第 2022/2555 号指令（即 NIS 2）的操作示例进行描述和验证。

{"title":"SecOnto: Ontological Representation of Security Directives","authors":"Gianpietro Castiglione, Giampaolo Bella, Daniele Francesco Santamaria","doi":"10.1016/j.cose.2024.104150","DOIUrl":"10.1016/j.cose.2024.104150","url":null,"abstract":"<div><div>The current digital landscape demands robust security requirements and, for doing so, the institutions enact complex security directives to protect the citizens and the infrastructures, particularly in the European Union. These directives aim to safeguard data and harmonise security across the European region, and institutions must navigate this evolving legal landscape in order to implement and keep up-to-date the prescribed security measures.</div><div>However, understanding and implementing these directives towards full compliance can be difficult and expensive. Ontological representation can be employed to represent and operationalise such security directives, ultimately contributing to the effectiveness and efficiency of the compliance process. Ontologies in fact promote a structured approach to represent knowledge, making the applicable directives more simply understandable by humans and more readily processable by machines.</div><div>This article introduces SecOnto, a novel methodology for representing security directives as ontologies. SecOnto breaks down the process of transforming the juridical language of modern security directives into full-fledged ontologies by means of five semi-automated steps: Preprocessing, Interpretation, Structuring, Representation and Verification. Each step is described and validated by means of operational examples based upon Directive 2022/2555 of the European Parliament and of the Council of the European Union on security of network and information systems, better known as NIS 2.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104150"},"PeriodicalIF":4.8,"publicationDate":"2024-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142532340","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Provenance-based APT campaigns detection via masked graph representation learning 通过掩码图表示学习检测基于出处的 APT 活动

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-10-16 DOI: 10.1016/j.cose.2024.104159

Jiafeng Ren, Rong Geng

Advanced Persistent Threats (APTs) are well-planned, persistent, and highly stealthy cyberattacks designed to steal confidential information or disrupt specific target systems. Recent studies have used system audit logs to construct provenance graphs that describe system interactions to detect potentially malicious activities. Although they are effective, they still suffer from problems such as the need for a priori knowledge, lack of attack data, and high computational overhead that limit their application. In this paper, we propose a self-supervised learning-based APT detection model, APT-MGL, which learns the embedded representations of nodes through a graph mask self-encoder and transforms the detection problem into an outlier detection problem for malicious nodes. APT-MGL characterizes the behavior of nodes based on node type, action, and interaction frequency, and fuses the features through a multi-head self-attention mechanism. Then the node embedding is obtained by combining graph features and structural information using masked graph representation learning. Finally, the unsupervised outlier detection method is used to analyze the computed embeddings and obtain the final detection results. The experimental results show that APT-MGL outperforms existing monitoring models and achieves a small overhead.

高级持续性威胁（APT）是一种精心策划、持续存在、高度隐蔽的网络攻击，旨在窃取机密信息或破坏特定目标系统。最近的研究利用系统审计日志来构建描述系统交互的出处图，以检测潜在的恶意活动。虽然这些方法很有效，但仍存在一些问题，如需要先验知识、缺乏攻击数据以及计算开销大，这些都限制了它们的应用。本文提出了一种基于自监督学习的 APT 检测模型 APT-MGL，它通过图掩码自编码器学习节点的嵌入式表示，并将检测问题转化为恶意节点的离群点检测问题。APT-MGL 根据节点类型、动作和交互频率来描述节点的行为特征，并通过多头自关注机制将这些特征融合在一起。然后，利用掩蔽图表示学习，结合图特征和结构信息，得到节点嵌入。最后，使用无监督离群点检测方法对计算出的嵌入进行分析，得到最终的检测结果。实验结果表明，APT-MGL 的性能优于现有的监控模型，且开销较小。

{"title":"Provenance-based APT campaigns detection via masked graph representation learning","authors":"Jiafeng Ren, Rong Geng","doi":"10.1016/j.cose.2024.104159","DOIUrl":"10.1016/j.cose.2024.104159","url":null,"abstract":"<div><div>Advanced Persistent Threats (APTs) are well-planned, persistent, and highly stealthy cyberattacks designed to steal confidential information or disrupt specific target systems. Recent studies have used system audit logs to construct provenance graphs that describe system interactions to detect potentially malicious activities. Although they are effective, they still suffer from problems such as the need for a priori knowledge, lack of attack data, and high computational overhead that limit their application. In this paper, we propose a self-supervised learning-based APT detection model, APT-MGL, which learns the embedded representations of nodes through a graph mask self-encoder and transforms the detection problem into an outlier detection problem for malicious nodes. APT-MGL characterizes the behavior of nodes based on node type, action, and interaction frequency, and fuses the features through a multi-head self-attention mechanism. Then the node embedding is obtained by combining graph features and structural information using masked graph representation learning. Finally, the unsupervised outlier detection method is used to analyze the computed embeddings and obtain the final detection results. The experimental results show that APT-MGL outperforms existing monitoring models and achieves a small overhead.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104159"},"PeriodicalIF":4.8,"publicationDate":"2024-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142532342","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

DMSCTS: Dynamic measurement scheme for the containers-hybrid-deployment based on trusted subsystem DMSCTS：基于可信子系统的集装箱混合部署动态测量方案

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-10-16 DOI: 10.1016/j.cose.2024.104158

Yufei Han , Chao Li , Jianbiao Zhang , Yifan Wang , Lehao Yu , Yihao Cao , Hong Shen , Weixing Hou , Hailin Luo

Hybrid deployment of containers with different kernel types offers a novel solution for cloud service providers. While extensive research has been conducted on shared kernel containers, the security risks associated with diverse kernel types in hybrid deployment scenarios present more complex challenges. Establishing trusted relationships from hardware to containers for hybrid deployment has become a primary concern. Additional challenges include the lack of measurement and communication methods for independent kernel containers and insufficient dynamic measurement capabilities for containers. To address these issues, we propose a novel approach of achieving secure hybrid deployment of containers through the provision of trusted assurance in three layers: container infrastructure, container application environment, and container runtime. We propose the corresponding measurement schemes for each trust layer. Through functional verification and performance evaluation, we demonstrate that our architecture exhibits improved feasibility and effectiveness.

不同内核类型容器的混合部署为云服务提供商提供了一种新颖的解决方案。虽然对共享内核容器进行了广泛的研究，但混合部署场景中与不同内核类型相关的安全风险带来了更复杂的挑战。为混合部署建立从硬件到容器的可信关系已成为首要问题。其他挑战还包括缺乏针对独立内核容器的测量和通信方法，以及容器的动态测量能力不足。为了解决这些问题，我们提出了一种新方法，通过在容器基础架构、容器应用环境和容器运行时这三层提供可信保证来实现容器的安全混合部署。我们为每个信任层提出了相应的测量方案。通过功能验证和性能评估，我们证明了我们的架构具有更高的可行性和有效性。

{"title":"DMSCTS: Dynamic measurement scheme for the containers-hybrid-deployment based on trusted subsystem","authors":"Yufei Han , Chao Li , Jianbiao Zhang , Yifan Wang , Lehao Yu , Yihao Cao , Hong Shen , Weixing Hou , Hailin Luo","doi":"10.1016/j.cose.2024.104158","DOIUrl":"10.1016/j.cose.2024.104158","url":null,"abstract":"<div><div>Hybrid deployment of containers with different kernel types offers a novel solution for cloud service providers. While extensive research has been conducted on shared kernel containers, the security risks associated with diverse kernel types in hybrid deployment scenarios present more complex challenges. Establishing trusted relationships from hardware to containers for hybrid deployment has become a primary concern. Additional challenges include the lack of measurement and communication methods for independent kernel containers and insufficient dynamic measurement capabilities for containers. To address these issues, we propose a novel approach of achieving secure hybrid deployment of containers through the provision of trusted assurance in three layers: container infrastructure, container application environment, and container runtime. We propose the corresponding measurement schemes for each trust layer. Through functional verification and performance evaluation, we demonstrate that our architecture exhibits improved feasibility and effectiveness.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104158"},"PeriodicalIF":4.8,"publicationDate":"2024-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142532345","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

MIDAS: Multi-layered attack detection architecture with decision optimisation MIDAS：具有决策优化功能的多层攻击检测架构

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-10-16 DOI: 10.1016/j.cose.2024.104154

Kieran Rendall , Alexios Mylonas , Stilianos Vidalis , Dimitris Gritzalis

The proliferation of cyber attacks has led to the use of data-driven detection countermeasures, in an effort to mitigate this threat. Machine learning techniques, such as the use of neural networks, have become mainstream and proven effective in attack detection. However, these data-driven solutions are limited by: a) high computational overhead associated with data pre-processing and inference cost, b) inability to scale beyond a centralised deployment to cope with environmental variances, and c) requirement to use multiple bespoke detection models for effective attack detection coverage across the cyber kill chain. In this context, this paper introduces MIDAS, a cost-effective framework for attack detection, which introduces a dynamic decision boundary that is used in a multi-layered detection architecture. This is achieved by modelling the decision confidence of the participating detection models and judging its benefits using a novel reward policy. Specifically, a reward is assigned to a set of available actions, corresponding to a decision boundary, based on its cost-to-performance, where an overall cost-saving is prioritised. We evaluate our approach on two widely used datasets representing two of the most common threats today, i.e., phishing and malware. MIDAS shows that it effectively reduces the expenditure on detection inference and processing costs by controlling the frequency of expensive detection operations. This is achieved without significant sacrifice of attack detection performance.

网络攻击的激增促使人们使用数据驱动的检测对策，以努力减轻这种威胁。机器学习技术（如使用神经网络）已成为主流，并在攻击检测中被证明是有效的。然而，这些数据驱动型解决方案受到以下限制：a) 与数据预处理和推理成本相关的计算开销较高；b) 无法超越集中部署的范围以应对环境变化；c) 需要使用多个定制检测模型才能有效覆盖整个网络杀伤链的攻击检测。在此背景下，本文介绍了 MIDAS，这是一种经济高效的攻击检测框架，它引入了动态决策边界，用于多层检测架构。这是通过模拟参与检测模型的决策置信度，并使用新颖的奖励政策来判断其效益来实现的。具体来说，根据成本-性能为一组与决策边界相对应的可用行动分配奖励，其中优先考虑总体成本节约。我们在两个广泛使用的数据集上评估了我们的方法，这两个数据集代表了当今最常见的两种威胁，即网络钓鱼和恶意软件。结果表明，MIDAS 通过控制昂贵的检测操作频率，有效降低了检测推理和处理成本。在实现这一点的同时，并没有明显牺牲攻击检测性能。

{"title":"MIDAS: Multi-layered attack detection architecture with decision optimisation","authors":"Kieran Rendall , Alexios Mylonas , Stilianos Vidalis , Dimitris Gritzalis","doi":"10.1016/j.cose.2024.104154","DOIUrl":"10.1016/j.cose.2024.104154","url":null,"abstract":"<div><div>The proliferation of cyber attacks has led to the use of data-driven detection countermeasures, in an effort to mitigate this threat. Machine learning techniques, such as the use of neural networks, have become mainstream and proven effective in attack detection. However, these data-driven solutions are limited by: <em>a)</em> high computational overhead associated with data pre-processing and inference cost, <em>b)</em> inability to scale beyond a centralised deployment to cope with environmental variances, and c) requirement to use multiple bespoke detection models for effective attack detection coverage across the cyber kill chain. In this context, this paper introduces MIDAS, a cost-effective framework for attack detection, which introduces a dynamic decision boundary that is used in a multi-layered detection architecture. This is achieved by modelling the decision confidence of the participating detection models and judging its benefits using a novel reward policy. Specifically, a reward is assigned to a set of available actions, corresponding to a decision boundary, based on its cost-to-performance, where an <em>overall</em> cost-saving is prioritised. We evaluate our approach on two widely used datasets representing two of the most common threats today, <em>i.e.,</em> phishing and malware. MIDAS shows that it effectively reduces the expenditure on detection inference and processing costs by controlling the frequency of expensive detection operations. This is achieved without significant sacrifice of attack detection performance.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104154"},"PeriodicalIF":4.8,"publicationDate":"2024-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142532339","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0