针对许多研究注重于用户个体行为分析，忽略了用户之间潜在关联关系的问题，提出一种基于双通道特征加权融合的企业内部网络威胁检测方法。首先，在Intra通道采用CSAtt分析用户个体行为特征的内在联系和增强关键特征的表达能力；其次，在Inter通道将用户行为特征与用户关联关系抽象成异构图，并借助GraphSAGE捕捉图中关联用户节点间的群体行为模式；然后，引入可学习因子将不同通道获取的特征信息进行加权融合，使后续分类任务不仅能关注到与恶意操作相关的关键特征，还补充了对群体行为模式的分析，以提高整体模型检测性能。在CMU-CERTr4.2数据集上的实验表明，提出的双通道特征加权融合方法在解决企业内部网络威胁检测问题上具备有效性和普遍适用性，最终检测效果在准确率、精确率和F1值分别达到95.67%、96.32% 和95.37%。

Featured Application Classification of encrypted traffic. Abstract Encrypted network traffic classification remains a critical component in network security monitoring. However, existing approaches face two fundamental limitations: (1) conventional methods rely on manual feature engineering and are inadequate in handling high-dimensional features; and (2) they lack the capability to capture dynamic temporal patterns. This paper introduces TransECA-Net, a novel hybrid deep learning architecture that addresses these limitations through two key innovations. First, we integrate ECA-Net modules with CNN architecture to enable automated feature extraction and efficient dimension reduction via channel selection. Second, we incorporate a Transformer encoder to model global temporal dependencies through multi-head self-attention, supplemented by residual connections for optimal gradient flow. Extensive experiments on the ISCX VPN-nonVPN dataset demonstrate the superiority of our approach. TransECA-Net achieved an average accuracy of 98.25% in classifying 12 types of encrypted traffic, outperforming classical baseline models such as 1D-CNN, CNN + LSTM, and TFE-GNN by 6.2-14.8%. Additionally, it demonstrated a 37.44-48.84% improvement in convergence speed during the training process. Our proposed framework presents a new paradigm for encrypted traffic feature disentanglement and representation learning. This paradigm enables cybersecurity systems to achieve fine-grained service identification of encrypted traffic (e.g., 98.9% accuracy in VPN traffic detection) and real-time responsiveness (48.8% faster than conventional methods), providing technical support for combating emerging cybercrimes such as monitoring illegal transactions on darknet networks and contributing significantly to adaptive network security monitoring systems.

Security analysis of public-key cryptosystems is of fundamental significance for both theoretical research and applications in cryptography. In particular, the security of widely used public-key cryptosystems merits deep research to protect against new types of attacks. It is therefore highly meaningful to research cryptanalysis in the quantum computing environment. Shor proposed a well-known factoring algorithm by finding the prime factors of a number n = pq, which is exponentially faster than the best known classical algorithm. The idea behind Shor's quantum factoring algorithm is a straightforward programming consequence of the following proposition: to factor n, it suffices to find the order r; once such an r is found, one can compute gcd (a(r/2) +/- 1,n) = p or q. For odd values of r it is assumed that the factors of n cannot be found (since a(r/2) is not generally an integer). That is, the order r must be even. This restriction can be removed, however, by working from another angle. Based on the quantum inverse Fourier transform and phase estimation, this paper presents a new polynomial-time quantum algorithm for breaking RSA, without explicitly factoring the modulus n. The probability of success of the new algorithm is greater than 4 phi(r) / pi(2)r, exceeding that of the existing quantum algorithm for attacking RSA based on factorization. In constrast to the existing quantum algorithm for attacking RSA, the order r of the fixed point C for RSA does not need to be even. It changed the practices that cryptanalysts try to recover the private-key, directly from recovering the plaintext M to start, a ciphertext-only attack attacking RSA is proposed.

Though improving the efficiency of urban land use, high-rise buildings greatly increase the difficulty in search and rescue during fires. Therefore, effective search and rescue in high-rise building fires has always been a hot and difficult issue in emergency management. Starting from the characteristics of high-rise building fires and the difficulties in addressing them, this paper introduced unmanned aerial vehicle (UAV) technology into search and rescue operations in fires. Based on the influences of dynamic factors on wireless signal (WS) states in a static environment, it investigated the techniques for extracting and sensing wireless channel state features when indoor personnel waves for help and proposed a method for indoor personnel detection based on channel state information (CSI) sensing. In the article, a single source wireless device (common Wi-Fi router) is used as the detection terminal to collect the wireless channel state, and the signal sampling, support vector machine (SVM), and other technologies are combined to realize the wireless channel state sensing and classification. The outcomes of the experiment revealed that the suggested approach can effectively succeed in through-wall detection and sensing for indoor personnel calling for help in the event of a fire, with an accuracy of 94.6%. Incorporating the non-invasive, robust, universal, and low-cost characteristics, the method promises broad application values in improving the search and rescue efficiency of firefighters. © 2024, Strojarski Facultet. All rights reserved.

可信执行环境（Trusted Execution Environment,TEE）技术常用于保证云服务器上用户关键任务数据的机密性和完整性，考虑云服务器的负载均衡以及服务响应延迟，往往需要对TEE下的用户关键任务数据进行迁移。为了解决TEE下任务数据迁移中如何确认迁移双方身份可信性、保证迁移数据传输安全性和提高迁移速度等问题，文章提出一种高效的TEE下任务数据安全迁移方案。该方案使用软件防护扩展（Software Guard Extension,SGX）远程认证功能对迁移双方进行身份可信性验证，并基于SM2密钥协商算法和SM4分组密码算法保证迁移数据安全传输。安全性分析表明，该方案可以确保迁移双方身份可信性和迁移数据传输安全性；仿真实验结果表明，该迁移方案能够提高TEE下任务数据迁移速度。

信息安全的重要性日益提高,信息系统上层的应用越来越依赖和信任下层的固件和硬件。信息系统底层的任何硬件漏洞都可能严重降低其安全性,因此,为了确保信息的安全,在硬件物理层实施更好的安全措施这一必要性正在变得越来越明显。伴随着更精密、更廉价的检测设备的发展,利用芯片工作时向外辐射的电磁特性,以此对物理层面的高级攻击威胁已从军事和政府领域扩展到商业产品,是不容忽视的重大安全问题。随着互联网和芯片技术的飞速发展,各种嵌入式智能电子设备、软件、传感器、执行部件等通过网络彼此互联,从而能够便捷地互相交换数据。经过二十多年的发展,在这些智能设备深入人们生产生活的同时,安全隐患也频繁出现。嵌入式设备所面临的安全问题比传统的信息安全更为复杂,它们往往由于能耗、功能、体积受限等问题而不能运行过于复杂的保护系统。这些设备的物理层安全问题,已成为信息系统物理层安全研究中的重点。智能设备安全保护机制相对薄弱,在目前的情况下已经无法确保系统运行过程中的安全性、可用性和可靠性。本文基于电磁辐射的物理特性,从硬件设备底层,对开关电源电磁辐射数据泄露、嵌入式设备异常行为检测和持续认证做了相应研究。针对包含机密数据的计算机系统,现有的保护方案采取物理网络的隔离方法,将计算节点通过“物理隔离”的方式切除一切可疑连接。然而,这些隔离方法忽视了开关电源这一重要装置,开关电源是很多计算设备必备的电能提供装置,开关电源最重要的特征是它可以在全开和全关开关状态下工作,并且可以发射一些高振幅、高频能量的电磁辐射。开关电源产生的电磁辐射信号可以用作泄露秘密数据的隐蔽信道。本文针对开关电源隐蔽信道的问题进行攻击研究,提出了一种对抗性攻击模型Powermitter,可以通过计算节点的电源适配器建立隐蔽信道,秘密地将数据传输到外部设备。在对开关电源产生的电磁辐射建立隐蔽通讯信道后,本文进一步思考电磁辐射带来的信息安全问题,电磁辐射不光存在于开关电源这一种单一设备上,该现象普遍存在于各类电子设备中。本文将CPU负载波动导致的开关电源辐射频率变化这一现象延伸到嵌入式芯片领域,进而发现芯片辐射频谱的变化也会跟随主芯片的负载变化。本文又从防御的角度来思考芯片的代码行为与辐射之间的对应关系,采用了一类支持向量机对芯片辐射进行分类的方法,比较好的达到了异常检测的目的。传统的基于入侵检测的安全机制在应用于嵌入式设备时存在局限性,本文针对嵌入式设备资源受限、系统异构、实时性要求高的特点,提出了一种基于芯片辐射的嵌入式设备异常检测方法。通过分析给定时间窗口的芯片辐射能量序列,判断其是否为异常行为。这是一种无侵入式的检测方式,基于芯片在工作时辐射能量的物理特征,具有普适性,不依赖于硬件架构,也不受限于操作系统,且嵌入式设备对检测过程不可预知、不可篡改、不可抵赖。在基于芯片辐射的异常检测研究完成之后,本文又基于LSTM神经网络,对芯片细粒度工作状态进行判定,实现了对嵌入式设备持续认证的目的。嵌入式设备的身份认证问题关系到所有连接到系统的设备安全,传统的认证方式只在登录时刻进行验证,对无人值守长期运行的嵌入式设备来说,有极大的安全隐患。针对嵌入式设备在运行过程中的“合法性”验证问题,本文提出了PATRIo T（Persistent Authentication Through Radiation of Io T devices）持续认证方案。在前期CREBAD工作的基础上,对设备主芯片工作时产生的电磁辐射进行了更精细的分析,能够多维度、细粒度的刻画嵌入式设备的工作模式。综上,针对物联网设备面临的安全问题,本文从攻击和防御两个方面,以设备物理层电磁辐射特性作为切入点,对物联网设备展开了安全研究。先从攻击的角度,对关键设备的物理隔离安全性进行了评估,发现了其中的脆弱性。随后,又从防御角度,对嵌入式设备难以进行异常检测的问题,提出了一种基于电磁辐射特征的异常检测方案;对嵌入式设备持续身份认证缺失的问题,提出了一种基于细粒度电磁辐射特征的持续认证方案。本文对关键设备的安全性、可用性和可靠性三个方面面临的安全与隐私问题都给出了相应的解决方案,对物联网设备安全评估和防护提供了有力的理论支撑,对推动物联网设备安全的研究具有一定的理论和应用意义。

针对嵌入式系统面临的安全威胁日益严重的问题,分析了嵌入式系统的特性与脆弱性.从基于硬件的侧信道、硬件木马、错误注入、微探针、硬件逆向工程等攻击和以破坏、篡改、窃取为目的的软件攻击两大层面,对嵌入式系统面临的安全威胁作了细致的阐述.分析了国内外现有的安全对策,并指出了其中的不足之处.基于可信计算思想,从理论研究模型、可信度量、可信报告、资源的可信共享与可信隔离等方面,给出了未来研究的建议.最后,提出了理想的全域联合安全增强方案,并讨论了未来的研究方向.

针对传统的室内WiFi定位方法难以解决大型活动及区域间流动人群轨迹分析需要这一问题,提出了基于三边测量定位和信号强度（RSSI）的应用于大型场馆、复杂环境下的人群定位新方法,实现区域内人员定位、区域内外人群划分、区域内人群流量分析。使用基于一种概率统计预测算法进行人群轨迹预测,建立了WiFi区域内人群轨迹模型,通过进一步建立的跨区域人群移动轨迹模型,实现大跨度区域间人群流动分析。通过搭建WiFi区域人群轨迹模型验证系统,使用2016年贵阳数博会数据,进行了数据可视化分析,证明了模型的有效性。

随着信息技术与产业的高速发展和广泛应用,人类社会进入信息化时代。在信息化时代,人类生活工作在网络空间中,因此确保网络空间安全成为信息时代的基本需求。我国已经发展形成了完整的网络空间安全学科体系,因此,全面论述网络空间安全学科的体系结构与理论基础成为网络空间安全学科建设和人才培养的当务之急,内容包括:网络空间与网络空间安全的概念,网络空间安全学科的内涵,网络空间安全学科的主要研究方向及研究内容,网络空间安全学科的理论基础和方法论基础。因此,正确理解和掌握网络空间安全学科理论与体系结构,不仅对我国网络空间安全学科建设和人才培养具有十分重要的指导意义,而且对我国网络空间安全领域的科学研究和产业发展也具有十分重要的指导意义。