User Identity Linkage (UIL) across social networks refers to the recognition of the accounts belonging to the same individual among multiple social network platforms. The most existing methods usually apply network embedding to map the network structure space to the low-dimensional vector space and then use linear models or standard neural network layers to measure the correlations between users across social networks. However, they can hardly model the complicated interactions between users. In this paper, we propose a novel Neural Tensor Network-based model for UIL, called NUIL. Firstly, we use the Random Walks and Skip-gram model to learn the vector representations of users. Then, we apply the Neural Tensor Network, which has a stronger ability to express the interactions between entities, to mine relationships between users from a higher dimension. A series of experiments conducted on a real-world dataset show that NUIL outperforms the state-of-the-art network structure-based methods in terms of precision, recall, and F1-measure, specifically the F1-measure exceeds 0.66, with an increase of more than 20%. © 2021, ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering.

Network topology is one of the most important parts in network security situation awareness tasks. Considering that the topology may change due to network intrusion, adjustment of routing policies, etc., the traditional static topology analysis methods cannot capture the dynamic change of network topology with time, which leads to the problem of weak early warning ability. To find out the small trend changes of the network topology over time, a network topology change detection method is proposed based on statistical process control: 1) to simplify the continuous dynamics of network topology, the observation network is regarded as a sampling sequence of the topological networks that dynamically change with time, a longitudinal topological network is constructed; 2) to quantify the differences of network structure from multiple perspectives, network structure parameters of each period are selected and measured; 3) to find out the trendy structural change in the longitudinal topological network, the cumulative sum method in industrial control is introduced to evaluate the change of topological parameters and further track to the starting time of change. Extensive experiments are performed on the simulation data, showing that compared with simple parameter statistics method, the method proposed can be sensitive to network changes and trace back to the beginning of the trend change. © 2020 ACM.

Social network user location inference technology has been widely used in various geospatial applications like public health monitoring and local advertising recommendation. Due to insufficient consideration of relationships between users and location indicative words, most of existing inference methods estimate label propagation probabilities solely based on statistical features, resulting in large location inference error. In this paper, a Twitter user location inference method based on representation learning and label propagation is proposed. Firstly, the heterogeneous connection relation graph is constructed based on relationships between Twitter users and relationships between users and location indicative words, and relationships unrelated to geographic attributes are filtered. Then, vector representations of users are learnt from the connection relation graph. Finally, label propagation probabilities between adjacent users are calculated based on vector representations, and the locations of unknown users are predicted through iterative label propagation. Experiments on two representative Twitter datasets - GeoText and TwUs, show that the proposed method can accurately calculate label propagation probabilities based on vector representations and improve the accuracy of location inference. Compared with existing typical Twitter user location inference methods - GCN and MLP-TXT+NET, the median error distance of the proposed method is reduced by 18% and 16%, respectively. © 2020 ACM.

The development of multimedia and deep learning technology bring new challenges to steganography and steganalysis techniques. Meanwhile, robust steganography, as a class of new techniques aiming to solve the problem of covert communication under lossy channels, has become a new research hotspot in the field of information hiding. To improve the communication reliability and efficiency for current real-time robust steganography methods, a concatenated code, composed of Syndrome–Trellis codes (STC) and cyclic redundancy check (CRC) codes, is proposed in this paper. The enhanced robust adaptive steganography framework proposed is this paper is characterized by a strong error detection capability, high coding efficiency, and low embedding costs. On this basis, three adaptive steganographic methods resisting JPEG compression and detection are proposed. Then, the fault tolerance of the proposed steganography methods is analyzed using the residual model of JPEG compression, thus obtaining the appropriate coding parameters. Experimental results show that the proposed methods have a significantly stronger robustness against compression, and are more difficult to be detected by statistical based steganalytic methods.
© 2019, Springer-Verlag GmbH Germany, part of Springer Nature.

Due to the widespread use of the JPEG format, non-aligned double JPEG (NA-DJPEG) compression is very common in image tampering. Therefore, non-aligned double JPEG compression detection has attracted significant attention in digital forensics in recent years. In most of the previous detection algorithms, grayscale images are used directly, or color images are first converted into grayscale images and then processed. However, it is worth noting that most tampered images are color images. To make full use of the color information in images, a detection algorithm, which uses color images directly, is put forward in this paper. The algorithm based on refined Markov in quaternion discrete cosine transform (QDCT) domain is proposed for NA-DJPEG compression detection. Firstly, color information of a given JPEG image is extracted from blocked images to construct quaternion, and then block image QDCT coefficient matrices, including amplitude and three angles (ψ, ϕ, and θ) can be obtained. Secondly, the refined Markov features are generated from the transition probability matrix in the corresponding refinement process. Our proposed refinement method not only reduces redundant features but also makes the acquired features more efficient in detection. Therefore, the refined Markov features can not only capture the intra-block correlation between block QDCT coefficients but also improve computing efficiency in real-time. Finally, support vector machine (SVM) method is employed for NA-DJPEG compression detection. The experiment results demonstrate that the proposed algorithm not only make use of color information of images, but also can achieve better detection performance with small size images (i.e., 64 × 64) outperforming state-of-the-art detection methods tested on the same dataset.
© 2019, Springer-Verlag GmbH Germany, part of Springer Nature.

Result-sensitive function is a typical type of security-sensitive function. The misuse of result-sensitive functions often leads to a lot kinds of software defects. Existing defect detection methods based on code mining for result-sensitive functions usually require a gived security rule or an inferred security rule as input. Based on the principle of consistency, we propose a defect detection method based on information entropy. Firstly, the feature vector about usage of function is extracted from every function instance. Then, the information entropy is introduced to measure the abnormal degree of the feature vector. The function instances with high degree of abnormality is regarded as dangerous instances. Experiments show that the proposed method can effectively detect dangerous instances of security defects without a gived security rule. © Springer Nature Singapore Pte Ltd 2020.

Factorization Machine (FM) has been a popular approach in supervised predictive tasks, such as click-through rate prediction and recommender systems, due to its great performance and efficiency. Recently, several variants of FM have been proposed to improve its performance. However, most of the state-of-the-art prediction algorithms neglected the field information of features, and they also failed to discriminate the importance of feature interactions due to the problem of redundant features. In this paper, we present a novel algorithm called Attention-over-Attention Field-aware Factorization Machine (AoAFFM) for better capturing the characteristics of feature interactions. Specifically, we propose the field-aware embedding layer to exploit the field information of features, and combine it with the attention-over-attention mechanism to learn both feature-level and interaction-level attention to estimate the weight of feature interactions. Experimental results show that the proposed AoAFFM improves FM and FFM with large margin, and outperforms state-of-the-art algorithms on three public benchmark datasets. Copyright © 2020, Association for the Advancement of Artificial Intelligence (www.aaai.org). All rights reserved.

Network topology is one of the most important parts in network security situation awareness tasks. Considering that the topology may change due to network intrusion, adjustment of routing policies, etc., the traditional static topology analysis methods cannot capture the dynamic change of network topology with time, which leads to the problem of weak early warning ability. To find out the small trend changes of the network topology over time, a network topology change detection method is proposed based on statistical process control: 1) to simplify the continuous dynamics of network topology, the observation network is regarded as a sampling sequence of the topological networks that dynamically change with time, a longitudinal topological network is constructed; 2) to quantify the differences of network structure from multiple perspectives, network structure parameters of each period are selected and measured; 3) to find out the trendy structural change in the longitudinal topological network, the cumulative sum method in industrial control is introduced to evaluate the change of topological parameters and further track to the starting time of change. Extensive experiments are performed on the simulation data, showing that compared with simple parameter statistics method, the method proposed can be sensitive to network changes and trace back to the beginning of the trend change. © 2020 ACM.

In this paper, a feature based on the Markov model in quaternion discrete cosine transform (QDCT) domain is proposed for double JPEG compression detection. Firstly, a given JPEG image is extracted from blocked images to obtain amplitude and three angles (ψ, φ, and θ). Secondly, when extracting the Markov features, we process the transition probability matrix with the corresponding refinement. Our proposed refinement method not only reduces redundant features, but also makes the acquired features more efficient for detection. Finally, a support vector machine (SVM) is employed for NA-DJPEG compression detection. It is well known that detecting NA-DJPEG compressed images with (Formula Presented) is a challenging task, and when the images with small size (i.e., 64 × 64), the detection will be more difficult. The experimental result indicates that our method can still achieve a high classification accuracy in this case. © 2020, Springer Nature Switzerland AG.