Your search keyword '"Dawei Zhao"' showing total 4 results

1. A Novel Network Protocol Syntax Extracting Method for Grammar-Based Fuzzing

Author

Huashan Li, Lei Zhang, Dawei Zhao, Lijuan Xu, Xin Li, Shumian Yang, and Xiaohui Han

Subjects

network security, Wireshark, fuzzing, network protocol, protocol syntax extraction, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999

Abstract

Network protocol syntax information plays a crucial role in grammar-based fuzzing. Current network protocol syntax extraction methods are less versatile, inefficient, and the extracted information is not comprehensive. This paper proposes a novel method for extracting syntax information, which innovatively extracts network protocol syntax from Wireshark protocol dissector files. The extracted syntax information includes packet types of the protocol, the constituent fields of each packet type, and detailed attributes of each field. Based on this method, an automated system for network protocol syntax information extraction was developed. The experiment was conducted with this system on a variety of protocols including DCCP, DNP3.0, Modbus TCP, and S7COMM. The experimental results show that compared with the current methods, our method has a better performance in terms of efficiency and versatility and at the same time ensures the comprehensiveness and accuracy of the extracted syntax information.

Published

2024

2. A Malware Detection Framework Based on Semantic Information of Behavioral Features

Author

Yuxin Zhang, Shumian Yang, Lijuan Xu, Xin Li, and Dawei Zhao

Subjects

network security, dynamic analysis, API sequences, deep learning, malware detection, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999

Abstract

As the amount of malware has grown rapidly in recent years, it has become the most dominant attack method in network security. Learning execution behavior, especially Application Programming Interface (API) call sequences, has been shown to be effective for malware detection. However, it is troublesome in practice to adequate mining of API call features. Among the current research methods, most of them only analyze single features or inadequately analyze the features, ignoring the analysis of structural and semantic features, which results in information loss and thus affects the accuracy. In order to deal with the problems mentioned above, we propose a novel method of malware detection based on semantic information of behavioral features. First, we preprocess the sequence of API function calls to reduce redundant information. Then, we obtain a vectorized representation of the API call sequence by word embedding model, and encode the API call name by analyzing it to characterize the API name’s semantic structure information and statistical information. Finally, a malware detector consisting of CNN and bidirectional GRU, which can better understand the local and global features between API calls, is used for detection. We evaluate the proposed model in a publicly available dataset provided by a third party. The experimental results show that the proposed method outperforms the baseline method. With this combined neural network architecture, our proposed model attains detection accuracy of 0.9828 and an F1-Score of 0.9827.

Published

2023

3. A New Framework for Visual Classification of Multi-Channel Malware Based on Transfer Learning

Author

Zilin Zhao, Shumian Yang, and Dawei Zhao

Subjects

network security, deep learning, transfer learning, convolutional neural networks, malware classification, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999

Abstract

With the continuous development and popularization of the Internet, there has been an increasing number of network security problems appearing. Among them, the rapid growth in the number of malware and the emergence of variants have seriously affected the security of the Internet. Traditional malware detection methods require heavy feature engineering, which seriously affects the efficiency of detection. Existing deep-learning-based malware detection methods have problems such as poor generalization ability and long training time. Therefore, we propose a malware classification method based on transfer learning for multi-channel image vision features and ResNet convolutional neural networks. Firstly, the features of malware samples are extracted and converted into grayscale images of three different types. Then, the grayscale image sizes are processed using the bilinear interpolation algorithm to make them uniform in size. Finally, the three grayscale images are synthesized into three-dimensional RGB images, and the RGB images processed using data enhancement are used for training and classification. For the classification model, we used the previous ImageNet dataset (>10 million) and trained all the parameters of ResNet after loading the weights. For the evaluations, an experiment was conducted using the Microsoft BIG benchmark dataset. The experimental results showed that the accuracy on the Microsoft dataset reached 99.99%. We found that our proposed method can better extract the texture features of malware, effectively improve the accuracy and detection efficiency, and outperform the compared models on all performance metrics.

Published

2023

4. Optimal Defense Strategy Selection Algorithm Based on Reinforcement Learning and Opposition-Based Learning

Author

Yiqun Yue, Yang Zhou, Lijuan Xu, and Dawei Zhao

Subjects

industrial control systems, optimal protection strategy, reinforcement learning, differential evolution algorithms, opposition-based learning, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999

Abstract

Industrial control systems (ICS) are facing increasing cybersecurity issues, leading to enormous threats and risks to numerous industrial infrastructures. In order to resist such threats and risks, it is particularly important to scientifically construct security strategies before an attack occurs. The characteristics of evolutionary algorithms are very suitable for finding optimal strategies. However, the more common evolutionary algorithms currently used have relatively large limitations in convergence accuracy and convergence speed, such as PSO, DE, GA, etc. Therefore, this paper proposes a hybrid strategy differential evolution algorithm based on reinforcement learning and opposition-based learning to construct the optimal security strategy. It greatly improved the common problems of evolutionary algorithms. This paper first scans the vulnerabilities of the water distribution system and generates an attack graph. Then, in order to solve the balance problem of cost and benefit, a cost–benefit-based objective function is constructed. Finally, the optimal security strategy set is constructed using the algorithm proposed in this paper. Through experiments, it is found that in the problem of security strategy construction, the algorithm in this paper has obvious advantages in convergence speed and convergence accuracy compared with some other intelligent strategy selection algorithms.

Published

2022