← 返回 Community

Yan Chen

教授 Electrical and Computer Engineering · Northwestern University  high

Professor of Computer Science

🏠 教授主页iD ORCID

研究方向

  • 网络安全
    • 高级持续性威胁
      • APT检测系统
        • 实时APT检测
        • APT样本生成
        • APT攻击预测
      • 端点检测与响应
        • EDR性能分析
        • 实时后利用攻击解释
    • 漏洞分析与模糊测试
      • 浏览器模糊测试
        • 浏览器模糊测试中的语义对齐
        • WebAssembly模糊测试
        • WebAudio模糊测试
      • 云原生平台漏洞分析
      • 渗透测试
        • 自动化渗透测试
    • 网络威胁情报
      • 攻击场景图重建
      • 实时网络威胁情报
    • 入侵检测
      • 基于来源的入侵检测
      • 去噪邻域聚合异常检测
    • 移动用户认证
      • 抗噪声、可转移认证系统
    • 安全配置空间搜索
  • 无服务器计算
    • 函数即服务
      • 高效无服务器链通信
      • 跨层来源跟踪
      • 无服务器应用中的隐私
      • 无服务器应用安全
    • 微分段策略生成
  • 数据传输与网络
    • 实时AI优化的DTN系统
    • 建筑信息模型同步
  • 机器学习与数据分析
    • 细粒度类别发现
      • 去噪邻域聚合
    • 编程知识追踪
    • 情感分析
      • 用于情感分析的BiGRU-注意力模型
    • 旅游规划路径分析
  • 信号处理与声学
    • 实时声音识别
      • 被动声学监测
    • 弯曲环传感器设计
  • 说话人识别系统
    • 针对说话人识别的后门攻击
高级持续性威胁APT检测端点检测与响应EDR性能实时网络威胁情报浏览器模糊测试WebAssembly模糊测试WebAudio模糊测试自动化渗透测试网络威胁情报报告攻击场景图入侵检测移动用户认证无服务器计算函数即服务无服务器应用安全微分段策略实时AI优化的DTN系统建筑信息模型细粒度类别发现编程知识追踪情感分析BiGRU-注意力模型旅游规划路径实时声音识别被动声学监测弯曲环传感器后门攻击说话人识别系统抗噪声认证基于来源的检测去噪邻域聚合云原生平台漏洞安全配置空间搜索

该校申请信息 · Northwestern University

ECE deadlineDec 15 (2025 Fall (legacy · deadline 需按新申请季重验))
申请费$95

近三年论文 · 29 篇 (点击展开摘要,时间倒序)

Poster: Obfuscating Function Activity States to Enhance Privacy in Serverless Applications
· 2025 · cited 0 · doi.org/10.1145/3719027.3760729
Serverless computing, also known as Function-as-a-Service (FaaS), is widely used in modern applications. Function instances share the underlying physical infrastructure, which makes co-location attacks possible and leads to the leakage of sensitive information such as function activity states. Existing work has respective limitations in serverless scenarios because of incomplete detection coverage, long training time, and intrusion into the function's runtime environment. In this paper, we propose FaaSGuard, an obfuscation framework to protect function activity states in network side-channels and enhance privacy in serverless applications. To be specific, we design an adaptive obfuscation strategy selection mechanism to make FaaSGuard flexible. We design a traffic camouflage method to make obfuscated traffic indistinguishable from normal traffic, making FaaSGuard invisible. In order not to affect normal traffic, we propose a tag-based obfuscation mechanism to identify obfuscated packets. The preliminary evaluation results show that FaaSGuard can conceal function activity states with negligible resource overhead.
Incorporating Gradients to Rules: Toward Online, Adaptive Provenance-Based Intrusion Detection
IEEE Transactions on Dependable and Secure Computing · 2025 · cited 1 · doi.org/10.1109/tdsc.2025.3611461
PentestAgent: Incorporating LLM Agents to Automated Penetration Testing
· 2025 · cited 23 · doi.org/10.1145/3708821.3733882
AutoSeg: Automatic micro-segmentation policy generation via configuration analysis
Computers & Security · 2025 · cited 0 · doi.org/10.1016/j.cose.2025.104591
CRUcialG: Reconstruct Integrated Attack Scenario Graphs by Cyber Threat Intelligence Reports
IEEE Transactions on Dependable and Secure Computing · 2025 · cited 4 · doi.org/10.1109/tdsc.2025.3584826
Cyber Threat Intelligence (CTI) reports are factual records compiled by security analysts through their observations of threat events or their own practical experience with attacks. In order to utilize CTI reports for attack detection, existing methods have attempted to map the content of reports onto system-level attack provenance graphs to clearly depict attack procedures. However, existing studies on constructing graphs from CTI reports suffer from problems such as weak Natural Language Processing (NLP) capabilities, discrete and fragmented graphs, and insufficient attack semantic representation. Therefore, we propose a system called CRUcialG for the automated reconstruction of Attack Scenario Graphs (ASGs) by CTI reports. First, we use NLP models to extract systematic attack knowledge from CTI reports to form preliminary ASGs. Then, we propose a four-phase attack rationality validation framework from the tactical phase with attack procedure to evaluate the reasonability of ASGs. Finally, we implement the relation repair and phase supplement of ASGs by adopting a serialized graph generation model. We collect a total of 10,607 CTI reports and generate 5,761 complete ASGs. Experimental results on CTI reports from 30 security vendors and DARPA show that the similarity of ASG reconstruction by CRUcialG can reach 84.54%. Compared with SOTA (EXTRACTOR and AttackG), the recall of CRUcialG (extraction of real attack events) can reach 88.13% and 94.46% respectively, which is 40% higher than SOTA on average. The F1-score of attack phase validation is able to reach 90.04%.
Real-Time Synchronization of Building Information Modelling (BIM) and Windows Forms Application (WFA)
Advances in transdisciplinary engineering · 2025 · cited 0 · doi.org/10.3233/atde250228
In order to promote the digital transformation of the AEC engineering industry towards data-driven high-quality development, efficient information integration and real-time synchronization of Building Information Modelling (BIM) are crucial. However, existing research, especially in the field of bridges, is not deep and mature enough. Therefore, this study aims to develop a Windows Forms Application (WFA) based system for rapid modelling and real-time synchronization in the BIM software. The four main objectives are as follows: the development of structural parameter acquisition application for steel box girder bridge; the secondary development of 3D modeling software; the development of the BIM co-design platform for steel box girder-bridge; and the study of the application of the BIM co-design platform for steel box girder bridge in the project. To achieve these objectives, a software development life cycle (SDLC) approach is used to develop a system applied to steel box girder bridges through five phases: planning, analysis, design, implementation, and testing. Fundamentally, the platform consisting of the developed WFA and BIM software saves resources, dramatically reduces repetitive work, ensures the effectiveness of model information transfer and real-time data update, improves information integration of steel box girder bridges, and realizes the construction of a digital city.
TAGAPT: Toward Automatic Generation of APT Samples With Provenance-Level Granularity
IEEE Transactions on Information Forensics and Security · 2025 · cited 4 · doi.org/10.1109/tifs.2025.3557742
Detecting advanced persistent threats (APTs) at a host via data provenance has emerged as a valuable yet challenging task. Compared with attack rule matching, machine learning approaches offer new perspectives for efficiently detecting attacks by leveraging their inherent ability to autonomously learn from data and adapt to dynamic environments. However, the scarcity of APT samples poses a significant limitation, rendering supervised learning methods that have demonstrated remarkable capabilities in other domains (e.g., malware detection) impractical. Therefore, we propose a system called TAGAPT, which is able to automatically generate numerous APT samples with provenance-level granularity. First, we introduce a deep graph generation model to generalize various graph structures that represent new attack patterns. Second, we propose an attack stage division algorithm to divide each generated graph structure into stage subgraphs. Finally, we design a genetic algorithm to find the optimal attack technique explanation for each subgraph and obtain fully instantiated APT samples. Experimental results demonstrate that TAGAPT can learn from existing attack patterns and generalize to novel attack patterns. Furthermore, the generated APT samples 1) exhibit the ability to help with efficient threat hunting and 2) provide additional assistance to the state-of-the-art (SOTA) attack detection system (Kairos) by filtering out 73% of the observed false positives. We have open-sourced the code and the generated samples to support the development of the security community.
Radiation Characteristics and Optimization Design of a Flexural Ring Transducer with Single-Mode Excitation
SSRN Electronic Journal · 2025 · cited 0 · doi.org/10.2139/ssrn.5393285
FaaSTracker: Efficient Cross-Layer Provenance Tracking of Serverless Applications With Multi-Source Correlation
IEEE Transactions on Information Forensics and Security · 2025 · cited 0 · doi.org/10.1109/tifs.2025.3634978
Serverless computing, also known as Function-as-a-Service (FaaS), has gained popularity due to its flexibility, scala bility, and transparent development. However, attacks against serverless are also increasing. Unfortunately, complex multi-layer FaaS architecture and frequently launched lightweight functions help attackers conceal their tracks. Specifically, (<italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">i</i>) fully tracking the behavior of a function requires crossing multiple layers of FaaS. (<italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">ii</i>) Intrusive auditing components in functions affect function startup latency and performance. (<italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">iii</i>) Accurately provenance cross-layer function invocations require integrating data from multiple sources. In this paper, we propose FAASTRACKER, a cross-layer, non-intrusive, efficient provenance framework for accurately tracking user function behaviors in FaaS. FAASTRACKER tracks function behaviors across layers using a non-intrusive agent without any modifications to the function. In addition, it correlates data from multiple sources to construct a provenance graph of function workflows to locate attackers. We implement FAASTRACKER on the OpenFaaS platform and evaluate its performance using real-world serverless applications. Compared with state-of-the-art serverless provenance systems, FAASTRACKER provides a more accurate and complete view of provenance graphs and reduces 54.0% CPU and 48.9% memory resources.
S$w$Fuzz: Structure-Sensitive WebAssembly Fuzzing
WebAssembly (WASM) has rapidly emerged as a ubiquitous target for web browsers, server-side applications, and blockchain platforms, with promising performance and portability. As WASM grows in popularity, ensuring its security and resilience becomes paramount. However, traditional fuzzing approaches struggle to detect potential security vulnerabilities in existing WebAssembly runtimes due to their lack of perception of the WASM file structure. In this paper, we introduce Sw Fuzz, a dedicated fuzzing framework tailored for WASM binaries. SwFuzz integrates comprehensive structure-sensitive policies that capture the nuances and intricacies within the WASM binaries. Our proposed fuzzing framework not only identifies vulnerabilities present in conventional binaries but also emphasizes the detection of WASM-specific bugs that have previously gone unnoticed. Experimental results demonstrate that Sw Fuzz has discovered numerous new bugs, with 17 CCVEs being assigned, underscoring the importance of a specialized fuzzing framework for evolving platforms like WASM. Our findings also highlight the critical requirement for a proactive approach to securing the WASM landscape.
Exploring Depths of WebAudio: Advancing Greybox Fuzzing for Vulnerability Detection in Safari
WebAudio is a widely used audio processing API in popular browsers, which provides rich audio support for the exclusive browser Safari on macOS. Given its widespread use, it is critical to thoroughly test WebAudio to ensure its reliability. Traditional fuzzing techniques typically lack awareness of the input structure and fail to accommodate the unique characteristics of audio file formats, and cannot generate effective fuzzing input, thus falling short of effectively detecting vulnerabilities within WebAudio. In this work, we introduce Proteus, an advanced greybox fuzzer designed to achieve structure awareness through the use of input templates. Moreover, Proteus is equipped with high-level mutation operators, diverging from traditional bit-level manipulations, and incorporates a post-processing stage that repairs format constraints disrupted during mutation. These enhancements enable Proteus to explore new input domains effectively while maintaining file validity, significantly improving the depth and efficiency of the fuzzing process. Our evaluation confirms the effectiveness of Proteus. In the experiment of fuzzing WebAudio using CAF files, our tool exposed significantly more vulnerabilities than the baseline Honggfuzz without compromising efficiency. Excitingly, we have identified a vulnerability that can be exploited to gain control of the browser. Generally, Proteus has discovered 36 zero-day vulnerabilities in WebAudio on macOS 10.15.3, with 11 of these assigned CVEs.
Property Guided Secure Configuration Space Search
Lecture notes in computer science · 2024 · cited 0 · doi.org/10.1007/978-3-031-75764-8_8
CRUcialG: Reconstruct Integrated Attack Scenario Graphs by Cyber Threat Intelligence Reports
arXiv (Cornell University) · 2024 · cited 0 · doi.org/10.48550/arxiv.2410.11209
Cyber Threat Intelligence (CTI) reports are factual records compiled by security analysts through their observations of threat events or their own practical experience with attacks. In order to utilize CTI reports for attack detection, existing methods have attempted to map the content of reports onto system-level attack provenance graphs to clearly depict attack procedures. However, existing studies on constructing graphs from CTI reports suffer from problems such as weak natural language processing (NLP) capabilities, discrete and fragmented graphs, and insufficient attack semantic representation. Therefore, we propose a system called CRUcialG for the automated reconstruction of attack scenario graphs (ASGs) by CTI reports. First, we use NLP models to extract systematic attack knowledge from CTI reports to form preliminary ASGs. Then, we propose a four-phase attack rationality verification framework from the tactical phase with attack procedure to evaluate the reasonability of ASGs. Finally, we implement the relation repair and phase supplement of ASGs by adopting a serialized graph generation model. We collect a total of 10,607 CTI reports and generate 5,761 complete ASGs. Experimental results on CTI reports from 30 security vendors and DARPA show that the similarity of ASG reconstruction by CRUcialG can reach 84.54%. Compared with SOTA (EXTRACTOR and AttackG), the recall of CRUcialG (extraction of real attack events) can reach 88.13% and 94.46% respectively, which is 40% higher than SOTA on average. The F1-score of attack phase verification is able to reach 90.04%.
Tacoma: Enhanced Browser Fuzzing with Fine-Grained Semantic Alignment
· 2024 · cited 3 · doi.org/10.1145/3650212.3680351
Browsers are responsible for managing and interpreting the diverse data coming from the web. Despite the considerable efforts of developers, however, it is nearly impossible to completely eliminate potential vulnerabilities in such complicated software. While a family of fuzzing techniques has been proposed to detect flaws in web browsers, they still face the inherent challenge of generating test inputs with low semantic correctness and poor diversity. In this paper, we propose Tacoma, a novel fuzzing framework tailored for web browsers. Tacoma comprises three main modules: a semantic parser, a semantic aligner, and an input generator. By taking advantage of fine-grained semantic alignment techniques, Tacoma is capable of generating semantically correct test inputs, which significantly improve the probability of a fuzzer in triggering a deep browser state. In particular, by integrating a scope-aware strategy into input generation, Tacoma is able to deal with asynchronous code generation, thereby substantially increasing the diversity of the generated test inputs. We conduct extensive experiments to evaluate Tacoma on three production-level browsers, i.e., Chromium, Safari, and Firefox. Empirical results demonstrate that Tacoma outperforms state-of-the-art browser fuzzers in both achieving code coverage and detecting unique crashes. So far, Tacoma has identified 32 previously unknown bugs, 10 of which have been assigned CVEs. It is worth noting that Tacoma unearthed two bugs in Chromium that have remained undetected for ten years.
Nip in the Bud: Forecasting and Interpreting Post- Exploitation Attacks in Real-Time Through Cyber Threat Intelligence Reports
IEEE Transactions on Dependable and Secure Computing · 2024 · cited 3 · doi.org/10.1109/tdsc.2024.3444781
Advanced Persistent Threat (APT) attacks have caused significant damage worldwide. Various Endpoint Detection and Response (EDR) systems are deployed by enterprises to fight against potential threats. However, EDR suffers from high false positives. In order not to affect normal operations, analysts need to investigate and filter detection results before taking countermeasures, in which heavy manual labor and alarm fatigue cause analysts miss optimal response time, thereby leading to information leakage and destruction. Therefore, we propose Endpoint Forecasting and Interpreting (EFI), a real-time attack forecast and interpretation system, which can automatically predict next move during post-exploitation and explain it in technique-level, then dispatch strategies to EDR for advance reinforcement. First, we use Cyber Threat Intelligence (CTI) reports to extract the attack scene graph (ASG) that can be mapped to low-level system logs to strengthen attack samples. Second, we build a serialized graph forecast model, which is combined with the attack provenance graph (APG) provided by EDR to generate an attack forecast graph (AFG) to predict the next move. Finally, we utilize the attack template graph (ATG) and <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">graph alignment plus algorithm</i> for technique-level interpretation to automatically dispatch strategies for EDR to reinforce system in advance. EFI can avoid the impact of existing EDR false positives, and can reduce the attack surface of system without affecting the normal operations. We collect a total of 3,484 CTI reports, generate 1,429 ASGs, label 8,000 sentences, tag 10,451 entities, and construct 256 ATGs. Experimental results on both DARPA Engagement and large scale CTI dataset show that the alignment score between the AFG predicted by EFI and the real attack graph is able to exceed 0.8, the forecast and interpretation precision of EFI can reach 91.8%.
Decoding the MITRE Engenuity ATT&amp;CK Enterprise Evaluation: An Analysis of EDR Performance in Real-World Environments
· 2024 · cited 7 · doi.org/10.1145/3634737.3645012
Endpoint detection and response (EDR) systems have emerged as a critical component of enterprise security solutions, effectively combating endpoint threats like APT attacks with extended lifecycles. In light of the growing significance of endpoint detection and response (EDR) systems, many cybersecurity providers have developed their own proprietary EDR solutions. It's crucial for users to assess the capabilities of these detection engines to make informed decisions about which products to choose. This is especially urgent given the market's size, which is expected to reach around 3.7 billion dollars by 2023 and is still expanding. MITRE is a leading organization in cyber threat analysis. In 2018, MITRE started to conduct annual APT emulations that cover major EDR vendors worldwide. Indicators include telemetry, detection and blocking capability, etc. Nevertheless, the evaluation results published by MITRE don't contain any further interpretations or suggestions.
Programming knowledge tracing based on heterogeneous graph representation
Knowledge-Based Systems · 2024 · cited 6 · doi.org/10.1016/j.knosys.2024.112161
TPARN: A Network for Enhancing Synthetic Video Quality After 3D-HEVC Encoding
3D-High Efficiency Video Coding (3D-HEVC), as an extension of HEVC in the realm of three-dimensional video, has brought significant coding performance improvements. However, traditional 3D video coding has faced many challenges such as compression distortion in texture and depth videos, as well as non-occlusion issues in Depth Image Based Rendering (DIBR) synthesis, which directly affected the visual quality of synthesized views. A Two-Stream Pyramid Attention Residual Network (TPARN) is proposed to achieve the quality enhancement of synthesized views. First of all, the Global Residual Attention (GRA) module and the Local Pyramid Attention (LPA) module are designed to extract global context information and intricate local texture details, which achieve a comprehensive scene understanding and preserve essential details across different scales. In addition, the Pyramid Attention Module (PAM) and skip connections are utilized to extract multiscale features, promoting seamless interaction among features. Experimental results demonstrate that the proposed method effectively reduces distortion caused by view synthesis, outperforming the latest methods in terms of performance.
DirectFaaS: A Clean-Slate Network Architecture for Efficient Serverless Chain Communications
· 2024 · cited 4 · doi.org/10.1145/3589334.3645333
Serverless computing, also known as Function-as-a-Service (FaaS), triggers web applications in the form of function chains. It uses a central orchestrator to route all requests from end-users and internal functions. Such architecture simplifies application deployment for developers. However, the convenient centralized network architecture compromises the efficiency of function chain communications. Specifically, (i) a centralized API gateway assists in routing requests between functions. This indirect routing scheme raises invocation latency. (ii) The control flow for invoking functions and the data flow for passing function data packets are both forwarded by the API gateway. This results in the API gateway consuming a significant amount of resources. (iii) All data packets of internal function communications go through the same API gateway. This expands the additional attack surface in multi-tenant scenarios.
Nip in the Bud: Forecasting and Interpreting Post-exploitation Attacks in Real-time through Cyber Threat Intelligence Reports
arXiv (Cornell University) · 2024 · cited 0 · doi.org/10.48550/arxiv.2405.02826
Advanced Persistent Threat (APT) attacks have caused significant damage worldwide. Various Endpoint Detection and Response (EDR) systems are deployed by enterprises to fight against potential threats. However, EDR suffers from high false positives. In order not to affect normal operations, analysts need to investigate and filter detection results before taking countermeasures, in which heavy manual labor and alarm fatigue cause analysts miss optimal response time, thereby leading to information leakage and destruction. Therefore, we propose Endpoint Forecasting and Interpreting (EFI), a real-time attack forecast and interpretation system, which can automatically predict next move during post-exploitation and explain it in technique-level, then dispatch strategies to EDR for advance reinforcement. First, we use Cyber Threat Intelligence (CTI) reports to extract the attack scene graph (ASG) that can be mapped to low-level system logs to strengthen attack samples. Second, we build a serialized graph forecast model, which is combined with the attack provenance graph (APG) provided by EDR to generate an attack forecast graph (AFG) to predict the next move. Finally, we utilize the attack template graph (ATG) and graph alignment plus algorithm for technique-level interpretation to automatically dispatch strategies for EDR to reinforce system in advance. EFI can avoid the impact of existing EDR false positives, and can reduce the attack surface of system without affecting the normal operations. We collect a total of 3,484 CTI reports, generate 1,429 ASGs, label 8,000 sentences, tag 10,451 entities, and construct 256 ATGs. Experimental results on both DARPA Engagement and large scale CTI dataset show that the alignment score between the AFG predicted by EFI and the real attack graph is able to exceed 0.8, the forecast and interpretation precision of EFI can reach 91.8%.
Enrollment-stage Backdoor Attacks on Speaker Recognition Systems via Adversarial Ultrasound
arXiv (Cornell University) · 2023 · cited 1 · doi.org/10.48550/arxiv.2306.16022
Automatic Speaker Recognition Systems (SRSs) have been widely used in voice applications for personal identification and access control. A typical SRS consists of three stages, i.e., training, enrollment, and recognition. Previous work has revealed that SRSs can be bypassed by backdoor attacks at the training stage or by adversarial example attacks at the recognition stage. In this paper, we propose Tuner, a new type of backdoor attack against the enrollment stage of SRS via adversarial ultrasound modulation, which is inaudible, synchronization-free, content-independent, and black-box. Our key idea is to first inject the backdoor into the SRS with modulated ultrasound when a legitimate user initiates the enrollment, and afterward, the polluted SRS will grant access to both the legitimate user and the adversary with high confidence. Our attack faces a major challenge of unpredictable user articulation at the enrollment stage. To overcome this challenge, we generate the ultrasonic backdoor by augmenting the optimization process with random speech content, vocalizing time, and volume of the user. Furthermore, to achieve real-world robustness, we improve the ultrasonic signal over traditional methods using sparse frequency points, pre-compensation, and single-sideband (SSB) modulation. We extensively evaluate Tuner on two common datasets and seven representative SRS models, as well as its robustness against seven kinds of defenses. Results show that our attack can successfully bypass speaker recognition systems while remaining effective to various speakers, speech content, etc. To mitigate this newly discovered threat, we also provide discussions on potential countermeasures, limitations, and future works of this new threat.
Sentiment analysis of Chinese microblog based on BiGRU-attention
· 2023 · cited 1 · doi.org/10.1117/12.2681590
Microblog short text usually contains rich emotional information. It is a hot research topic in network data mining to grasp the dynamics of network public opinion through microblog emotion analysis. In order to improve the effect of Chinese microblog sentiment analysis, this paper first uses word embedding technology to quantify microblog short text from high dimension to low dimension vector space; Then, the global features of microblog data are extracted through BiGRU, and the Attention mechanism is introduced to obtain important features to build a Chinese microblog emotion analysis model. The feasibility and superiority of the model were verified with the public data set released by SMP2020. The accuracy, recall and F1 values of the model reached 78.65%, 78.57% and 78.41% respectively. The experimental results show that the feature vector of BiGRU combined with attention mechanism contains more rich emotion information of short text of microblog, which can effectively improve the performance of sentiment analysis of Chinese microblog. The experimental results show that the feature vector of Bi-GRU combined with the attention mechanism contains richer semantic information of the text, which can effectively improve the performance of emotion recognition of online public opinions.
Tourism Planning Path Based on Ant Colony Optimization Algorithm
The development of tourism has led to the development of related industries. For the personalized travel recommendation platform, to be closer to the needs of users, we analyze the tourist data stored in the platform. We also select the basis of user behavior analysis to explore the quantitative relationship between database data and real-time information on tourist attractions, which is to guide and design personalized travel routes for tourists. However, the current personalized recommendation system has a low level of technology, and most of them are based on static data as external features, which can not meet the real-time needs of users. In this paper, for the traditional prediction navigation scheme of the optimal solution of straight-line distance, the real-time dynamic prediction analysis of user interest which is transformed into the optimal solution of time is innovatively used. The planning scheme is calculated by combining the relevant indicators of tourist attractions. The heuristic factor of the improved ant colony algorithm is adopted to calculate the travel path. The Dijkstra least square method is applied to solve the pheromone update law to customize the route planning for tourists during their travel. The simulation results indicate that the least square method of the optimal solution of the time trajectory has technical advantages in the tourism planning. It provides technical support for the individualized planning of tourism industry and contributes to the traditional navigation trajectory prediction research.
TrapCog: An Anti-Noise, Transferable, and Privacy-Preserving Real-Time Mobile User Authentication System With High Accuracy
IEEE Transactions on Mobile Computing · 2023 · cited 4 · doi.org/10.1109/tmc.2023.3265071
The authentication technology of mobile device users has been studied for decades. To balance security, privacy, and usability, motion sensors-based user authentication methods are widely investigated in recent years. However, existing studies meet the problems such as scarcity of training samples, underutilization of data, poor de-noising ability, insufficient transferability, privacy leakage, and low accuracy. To overcome these difficulties, we propose a system, called <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">TrapCog</small> , with the following capabilities: 1) In the phase of data collection, <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">TrapCog</small> can eliminate man-made noise (mislabeling) through differential training based on down-sampling. 2) In the model training stage, the siamese neural network with Long Short-Term Memory (LSTM) as the sub-network is used to achieve sufficient coverage of sample patterns and the transferability of the model. 3) In the phase of real-world authentication, the privacy of the user is tremendously protected through end-side model deployment and local authentication. Experimental results on a dataset composed of 1,513 users with real-world noise show that <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">TrapCog</small> has high accuracy and strong transferability, which is much better than state-of-the-art studies.
AIDTN: Towards a Real-Time AI Optimized DTN System With NVMeoF
IEEE Transactions on Parallel and Distributed Systems · 2023 · cited 2 · doi.org/10.1109/tpds.2023.3260806
Large-scale data transport for data-intensive sciences is a complex multidimensional challenge. The challenge includes optimizing the end-to-end Big Data movement performance in real-time, supporting direct remote data access using NVMe over Fabrics (NVMeoF) and deploying to existing research platforms. AIDTN is the first effort to provide a unique AI system designed to incorporate NVMe over Fabrics (NVMeoF) and optimize coordination among multiple components supporting large-scale, multi-domain Wide Area Network (WAN) data-intensive science. AIDTN's research objective is to integrate next-generation storage architecture using NVMeoF, specialized network design using high-performance network appliances, Data Transfer Nodes (DTNs), catalysts in driving data transport, and a unique AI system explicitly designed for high-performance data movement challenges. AIDTN is the first system that uses network and system features to predict the end-to-end performance of high-performance data movement and further extends the model with NVMe-specific features for NVMeoF remote data access. As a result, AIDTN improves data movement performance by up to 284% while minimizing packet loss compared to other heuristics approaches. It also has a prediction error rate as low as 0.16 compared to AI models with the only network (error rate = 0.29) or network and system features (error rate = 0.19).
Full-stack vulnerability analysis of the cloud-native platform
Computers & Security · 2023 · cited 25 · doi.org/10.1016/j.cose.2023.103173
APTSHIELD: A Stable, Efficient and Real-Time APT Detection System for Linux Hosts
IEEE Transactions on Dependable and Secure Computing · 2023 · cited 60 · doi.org/10.1109/tdsc.2023.3243667
Advanced Persistent Threat (APT) attacks have caused massive financial loss worldwide. Researchers thereby have proposed a series of solutions to detect APT attacks, such as dynamic/static code analysis, traffic detection, sandbox technology, endpoint detection and response (EDR), etc. However, existing defenses are failed to accurately and effectively defend against the current APT attacks that exhibit strong persistent, stealthy, diverse and dynamic characteristics due to the weak data source integrity, large data processing overhead and poor real-time performance in the process of real-world scenarios. To overcome these difficulties, in this paper we propose APTSHIELD, a stable, efficient and real-time APT detection system for Linux hosts. In the aspect of data collection, audit is selected to stably collect kernel data of the operating system so as to carry out a complete portrait of the attack based on comprehensive analysis and comparison of existing logging tools; In the aspect of data processing, redundant semantics skipping and non-viable node pruning are adopted to reduce the amount of data, so as to reduce the overhead of the detection system; In the aspect of attack detection, an APT attack detection framework based on ATT&CK model is designed to carry out real-time attack response and alarm through the transfer and aggregation of labels. Experimental results on both laboratory and Darpa Engagement show that our system can effectively detect web vulnerability attacks, file-less attacks and remote access trojan attacks, and has a low false positive rate, which adds far more value than the existing frontier work.
DNA: Denoised Neighborhood Aggregation for Fine-grained Category Discovery
Discovering fine-grained categories from coarsely labeled data is a practical and challenging task, which can bridge the gap between the demand for fine-grained analysis and the high annotation cost. Previous works mainly focus on instance-level discrimination to learn low-level features, but ignore semantic similarities between data, which may prevent these models learning compact cluster representations. In this paper, we propose Denoised Neighborhood Aggregation (DNA), a self-supervised framework that encodes semantic structures of data into the embedding space. Specifically, we retrieve k-nearest neighbors of a query as its positive keys to capture semantic similarities between data and then aggregate information from the neighbors to learn compact cluster representations, which can make fine-grained categories more separatable. However, the retrieved neighbors can be noisy and contain many false-positive keys, which can degrade the quality of learned embeddings. To cope with this challenge, we propose three principles to filter out these false neighbors for better representation learning. Furthermore, we theoretically justify that the learning objective of our framework is equivalent to a clustering loss, which can capture semantic similarities between data to form compact fine-grained clusters. Extensive experiments on three benchmark datasets show that our method can retrieve more accurate neighbors (21.31% accuracy improvement) and outperform state-of-the-art models by a large margin (average 9.96% improvement on three metrics). Our code and data are available at https://github.com/Lackel/DNA.
Lightweight and Fast Real-Time Sound Recognition Method for Hainan Gibbons Based on Passive Acoustic Monitoring
SSRN Electronic Journal · 2023 · cited 0 · doi.org/10.2139/ssrn.4466882