Search Results (6)

With the rapid development of the Internet, malicious URL detection has emerged as a critical challenge in the field of cyberspace security. Traditional machine-learning techniques and subsequent deep-learning frameworks have shown limitations in handling the complex malicious URL data generated by contemporary phishing attacks. This paper proposes a novel detection framework, HSSLC-CharGRU (Hybrid Spatial–Sequential Attention Logically constrained neural network CharGRU), which balances high efficiency and accuracy while enhancing the generalization capability of detection frameworks. The core of HSSLC-CharGRU is the Gated Recurrent Unit (Gated Recurrent Unit, GRU), integrated with the HSSA (Hybrid Spatial–Sequential Attention, HSSA) module. The HSSLC-CharGRU framework proposed in this paper integrates symmetry concepts into its design. The HSSA module extracts URL sequence features across scales, reflecting multi-scale invariance. The interaction between the GRU and HSSA modules provides functional complementarity and symmetry, enhancing model robustness. In addition, the LCNN module incorporates logical rules and prior constraints to regulate the pattern-learning process during feature extraction, reducing the model’s sensitivity to noise and anomalous patterns. This enhances the structural symmetry of the feature space. Such logical constraints further improve the model’s generalization capability across diverse data distributions and strengthen its stability in handling complex URL patterns. These symmetries boost the model’s generalization across datasets and its adaptability and robustness in complex URL patterns. In the experimental part, HSSLC-CharGRU shows excellent detection accuracy compared with the current character-level malicious URL detection models. Full article

Anomaly detection systems are being studied to detect cyberattacks in industrial control systems (ICSs). Existing ICS anomaly detection systems monitor network packets or operational data. However, these anomaly detection systems cannot detect control logic targeted attacks such as Stuxnet. Control logic tampering detection studies also exist, but they detect code modifications rather than determining whether the logic is normal. These tampering detection methods classify control logic as abnormal if any code modifications occur, even if the logic represents normal behavior. For this reason, this paper proposes an anomaly detection method that considers the structure of control logic. The proposed embedding method performs embedding based on control logic Instruction List (IL) code. The opcode and operand of IL code use separate embedding models. The embedded vectors are then sequentially combined to preserve the IL structure. The proposed method was validated using Long Short-Term Memory (LSTM), LSTM-Autoencoder, and Transformer models with a dataset of normal and malicious control logic. All models achieved an anomaly detection performance with an F1 score of at least 0.81. Additionally, models adopting the proposed embedding method outperformed those using conventional embedding methods by 0.088259. The proposed control logic anomaly detection method enables the model to learn the context and structure of control logic and identify code with inherent vulnerabilities. Full article

Design-for-test/debug (DfT/D) introduces scan chain testing to increase testability and fault coverage by inserting scan flip-flops. However, these scan chains are also known to be a liability for security primitives. In previous research, the dynamically obfuscated scan chain (DOSC) was introduced to protect logic-locking keys from scan-based attacks by obscuring test patterns and responses. In this paper, we present DOSCrack, an oracle-guided attack to de-obfuscate DOSC using symbolic execution and binary clustering, which significantly reduces the candidate seed space to a manageable quantity. Our symbolic execution engine employs scan mode simulation and satisfiability modulo theories (SMT) solvers to reduce the possible seed space, while obfuscation key clustering allows us to effectively rule out a group of seeds that share similarities. An integral component of our approach is the use of sequential equivalence checking (SEC), which aids in identifying distinct simulation patterns to differentiate between potential obfuscation keys. We experimentally applied our DOSCrack framework on four different sizes of DOSC benchmarks and compared their runtime and complexity. Finally, we propose a low-cost countermeasure to DOSCrack which incorporates a nonlinear feedback shift register (NLFSR) to increase the effort of symbolic execution modeling and serves as an effective defense against our DOSCrack framework. Our research effectively addresses a critical vulnerability in scan-chain obfuscation methodologies, offering insights into DfT/D and logic locking for both academic research and industrial applications. Our framework highlights the need to craft robust and adaptable defense mechanisms to counter evolving scan-based attacks. Full article

Damage is the main form of conflict, and the characterization of damage information is an important component of conflict evaluation. In the existing research, damage mainly refers to the damage effect of a damage load on the target structure. However, in the actual conflict environment, damage is a complex process that includes the entire process from the initial introduction of the damage load to the target function. Therefore, in this paper, the transfer logic of the damage process is analyzed, and the damage process is sequentially divided into being discovered, being attacked, being hit, and being destroyed in succession. Specifically, first considering the multiple types of each process, the transmission of damage is likened to the flow of damage, a network model to characterize damage information based on heterogeneous network meta-path and network flow theory (HF-MCDI) is established. Then, the characteristics of damage information are analyzed based on the capacity of the damage network, the correlation of the damage path, and the importance of the damage node. In addition, HF-MCDI can not only represent the complete damage information and the transmission characteristics of the damage load but also the structural characteristics of the target. Finally, the feasibility and effectiveness of the established HF-MCDI method are fully demonstrated by the example analysis of the launch platform. Full article

The SCADA system, which is widely used in the continuous monitoring and control of the physical process of modern critical infrastructure, relies on the feedback control loop. The remote state estimation system triggers the control algorithm or control condition of the controller according to the monitoring data returned by the sensor. The controller sends the control command to the actuator, and the actuator executes the command to control the physical process. Since SCADA system monitoring and control data are usually transmitted through unprotected wireless communication networks, attackers can use false sensor data to trigger control algorithms to make wrong decisions, disrupt the physical processing of the SCADA system, and cause huge economic losses, even casualties. We found an attack strategy based on the sequential logic of sensor data. This kind of attack changes the time logic or sequence logic of the response data, so that the false data detector can be successfully deceived. This would cause the remote state estimation system to trigger wrong control algorithms or control conditions, and eventually disrupt or destroy the physical process. This paper proposes a sequential signature scheme based on the one-time signature to secure the sequential logic and transmission of sensor data. The security analysis proves that the proposed scheme can effectively resist counterfeiting, forgery, denial, replay attacks, and selective forwarding attacks. Full article

Integrated circuit (IC) piracy and overproduction are serious issues that threaten the security and integrity of a system. Logic locking is a type of hardware obfuscation technique where additional key gates are inserted into the circuit. Only the correct key can unlock the functionality of that circuit; otherwise, the system produces the wrong output. In an effort to hinder these threats on ICs, we have developed a probability-based logic-locking technique to protect the design of a circuit. Our proposed technique, called “ProbLock”, can be applied to both combinational and sequential circuits through a critical selection process. We used a filtering process to select the best location of key gates based on various constraints. Each step in the filtering process generates a subset of nodes for each constraint. We also analyzed the correlation between each constraint and adjusted the strength of the constraints before inserting key gates. We tested our algorithm on 40 benchmarks from the ISCAS ’85 and ISCAS ’89 suites. We evaluated ProbLock against a SAT attack and measured how long the attack took to successfully generate a key value. The SAT attack took longer for most benchmarks using ProbLock which proves viable security in hardware obfuscation. Full article