GraphMoco:a Graph Momentum Contrast Model that Using Multimodel Structure Information for Large-scale Binary Function Representation Learning

In the field of cybersecurity, the ability to compute similarity scores at the function level is import. Considering that a single binary file may contain an extensive amount of functions, an effective learning framework must exhibit both high accuracy and efficiency when handling substantial volumes of data. Nonetheless, conventional methods encounter several limitations. Firstly, accurately annotating different pairs of functions with appropriate labels poses a significant challenge, thereby making it difficult to employ supervised learning methods without risk of overtraining on erroneous labels. Secondly, while SOTA models often rely on pre-trained encoders or fine-grained graph comparison techniques, these approaches suffer from drawbacks related to time and memory consumption. Thirdly, the momentum update algorithm utilized in graph-based contrastive learning models can result in information leakage. Surprisingly, none of the existing articles address this issue. This research focuses on addressing the challenges associated with large-scale BCSD. To overcome the aforementioned problems, we propose GraphMoco: a graph momentum contrast model that leverages multimodal structural information for efficient binary function representation learning on a large scale. Our approach employs a CNN-based model and departs from the usage of memory-intensive pre-trained models. We adopt an unsupervised learning strategy that effectively use the intrinsic structural information present in the binary code. Our approach eliminates the need for manual labeling of similar or dissimilar information.Importantly, GraphMoco demonstrates exceptional performance in terms of both efficiency and accuracy when operating on extensive datasets. Our experimental results indicate that our method surpasses the current SOTA approaches in terms of accuracy.Comment: 22 pages,7 figure

Improved Side Channel Cube Attacks on PRESENT

The paper presents several improved side channel cube attacks on PRESENT based on single bit leakage model. Compared with the previous study of Yang et al in CANS 2009 [30], based on the same model of single bit leakage in the 3rd round, we show that: if the PRESENT cipher structure is unknown, for the leakage bit 0, 32-bit key can be recovered within $2^{7.17}$ chosen plaintexts; if the cipher structure is known, for the leakage bit 4,8,12, 48-bit key can be extracted by $2^{11.92}$ chosen plaintexts, which is less than $2^{15}$ in [30]; then, we extend the single bit leakage model to the 4th round, based on the two level “divide and conquer” analysis strategy, we propose a sliding window side channel cube attack on PRESENT, for the leakage bit 0, about $2^{15.14}$ chosen plaintexts can obtain 60-bit key; in order to obtain more key bits, we propose an iterated side channel cube attack on PRESENT, about $2^{8.15}$ chosen plaintexts can obtain extra 12 equivalent key bits, so overall $2^{15.154}$ chosen plaintexts can reduce the PRESENT-80 key searching space to $2^{8}$; finally, we extend the attack to PRESENT-128, about $2^{15.156}$ chosen plaintexts can extract 85 bits key, and reduce the PRESENT-128 key searching space to $2^{43}$. Compared with the previous study of Abdul-Latip et al in ASIACCS 2011 [31] based on the Hamming weight leakage model, which can extract 64-bit key of PRESENT-80/128 by $2^{13}$ chosen plaintexts, our attacks can extract more key bits, and have certain advantages over [31]

An improved signal detection algorithm for a mining-purposed MIMO-OFDM IoT-based system

The coal mine internet of things (IoT) communication system is used for real-time monitoring of mining production to ensure the safety and reliability of personnel and equipment in the mine. To eliminate multipath fading in the process of wireless communication in mines, multiple-output multiplexing (MIMO) and orthogonal frequency division multiplexing (OFDM) technologies are introduced. In this paper, a wireless communication system architecture of IoT in mining based on MIMO-OFDM is constructed. Aiming to solve the problems of intersymbol interference and frequency selective fading at the receiver, an improved minimum mean square error ordered successive interferences cancellation (MMSE-OSIC) signal detection algorithm is proposed. First, the signal-to-interference plus noise ratio of the received signal is calculated and the calculation results are sorted. The lowest signal-to-noise ratio is selected as the weakest signal layer. Then, the MMSE-OSIC algorithm is used to extract all of the signals, except the weakest layer. Finally, a maximum likelihood (ML) algorithm is used to traverse the whole signal domain; the signal symbol with the smallest distance from the weakest signal layer is found as the original signal of the weakest signal layer, and it is combined with the signal detected by MMSE-OSIC; then, the final signal detection result is obtained. The simulation results show that, compared with three benchmark algorithms, the proposed MMSE-OSIC algorithm has better signal detection performance under the conditions of different modulation methods and different channel numbers

A DNS Tunnel Sliding Window Differential Detection Method Based on Normal Distribution Reasonable Range Filtering

A covert attack method often used by APT organizations is the DNS tunnel, which is used to pass information by constructing C2 networks. And they often use the method of frequently changing domain names and server IP addresses to evade monitoring, which makes it extremely difficult to detect them. However, they carry DNS tunnel information traffic in normal DNS communication, which inevitably brings anomalies in some statistical characteristics of DNS traffic, so that it would provide security personnel with the opportunity to find them. Based on the above considerations, this paper studies the statistical discovery methodology of typical DNS tunnel high-frequency query behavior. Firstly, we analyze the distribution of the DNS domain name length and times and finds that the DNS domain name length and times follow the normal distribution law. Secondly, based on this distribution law, we propose a method for detecting and discovering high-frequency DNS query behaviors of non-single domain names based on the statistical rules of domain name length and frequency and we also give three theorems as theoretical support. Thirdly, we design a sliding window difference scheme based on the above method. Experimental results show that our method has a higher detection rate. At the same time, since our method does not need to construct a data set, it has better practicability in detecting unknown DNS tunnels. This also shows that our detection method based on mathematical models can effectively avoid the dilemma for machine learning methods that must have useful training data sets, and has strong practical significance

Cluster Analysis Based Arc Detection in Pantograph-Catenary System

The pantograph-catenary system, which ensures the transmission of electrical energy, is a critical component of a high-speed electric multiple unit (EMU) train. The pantograph-catenary arc directly affects the power supply quality. The Chinese Railway High-speed (CRH) is equipped with a 6C system to obtain pantograph videos. However, it is difficult to automatically identify the arc image information from the vast amount of videos. This paper proposes an effective approach with which pantograph video can be separated into continuous frame-by-frame images. Because of the interference from the complex operating environment, it is unreasonable to directly use the arc parameters to detect the arc. An environmental segmentation algorithm is developed to eliminate the interference. Time series in the same environment is analyzed via cluster analysis technique (CAT) to find the abnormal points and simplified arc model to find arc events accurately. The proposed approach is tested with real pantograph video and performs well