A5065178474- Advanced Malware Detection Techniques
- Blockchain Technology Applications and Security
- Spam and Phishing Detection
- Network Security and Intrusion Detection
- Security and Verification in Computing
- Digital and Cyber Forensics
- Internet Traffic Analysis and Secure E-voting
- Caching and Content Delivery
- Software Testing and Debugging Techniques
- Peer-to-Peer Network Technologies
- Cloud Computing and Resource Management
- Cybercrime and Law Enforcement Studies
- Software Engineering Research
- Advanced Optical Sensing Technologies
- Ocular and Laser Science Research
- Optical Systems and Laser Technology
- Crime, Illicit Activities, and Governance
- Advanced Algorithms and Applications
- Software System Performance and Reliability
- Data Stream Mining Techniques
- SARS-CoV-2 and COVID-19 Research
- Vehicular Ad Hoc Networks (VANETs)
- FinTech, Crowdfunding, Digital Finance
- Infrared Target Detection Methodologies
- Data Mining Algorithms and Applications
Zhejiang University
2020-2025
China Construction Bank
2025
Zhejiang University of Science and Technology
2019-2024
Sichuan University
2024
University of Electronic Science and Technology of China
2007-2024
China Academy of Information and Communications Technology
2024
Beijing Institute of Technology
2024
Jinan Central Hospital
2024
Shandong First Medical University
2024
North China University of Technology
2002-2022
The smartphone market has grown explosively in recent years, as more and consumers are attracted to the sensor-studded multipurpose devices. Android is particularly ascendant; an open platform, manufacturers free extend modify it, allowing them differentiate themselves from their competitors. However, vendor customizations will inherently impact overall security such still largely unknown.
One reason for the popularity of Bitcoin is due to its anonymity. Although several heuristics have been used break anonymity, new approaches are proposed enhance anonymity at same time. them mixing service. Unfortunately, services abused facilitate criminal activities, e.g., money laundering. As such, there an urgent need systematically understand services. In this paper, we take first step state-of-the-art Specifically, propose a generic abstraction model and observe that two mechanisms in...
Botnets have become one of the major attacks in internet today due to their illicit profitable financial gain. Meanwhile, honeypots been successfully deployed many computer security defence systems. Since set up by defenders can attract botnet compromises and spies exposing membership attacker behaviours, they are widely used defence. Therefore, attackers constructing maintaining botnets will be forced find ways avoid honeypot traps. In this paper, we present a hardware software independent...
"Botnet" is a network of computers that are compromised and controlled by an attacker. Botnets one the most serious threats to today's Internet. Most current botnets have centralized command control (C&C) architecture. However, peer-to-peer (P2P) structured gradually emerged as new advanced form botnets. Without central C&C servers, P2P more resilient defenses countermeasures than traditional In this paper, we systematically study along multiple dimensions: bot candidate selection,...
As COVID-19 has been spreading across the world since early 2020, a growing number of malicious campaigns are capitalizing topic COVID-19. themed cryptocurrency scams increasingly popular during pandemic. However, these newly emerging poorly understood by our community. In this paper, we present first measurement study scams. We create comprehensive taxonomy manually analyzing existing reported users from online resources. Then, propose hybrid approach to perform investigation by: 1)...
WebAssembly (Wasm) smart contracts have shown growing popularity across blockchains (e.g., EOSIO) recently. Similar to Ethereum contracts, Wasm suffer from various attacks exploiting their vulnerabilities. Even worse, few developers released the source code of for security review, raising bar uncovering vulnerable contracts. Although a approaches been proposed detect they several major limitations, e.g., low coverage, accuracy and lack scalability, unable produce exploit payloads, etc. To...
Domain squatting, the adversarial tactic where attackers register domain names that mimic popular ones, has been observed for decades. However, there growing anecdotal evidence this style of attack spread to other domains. In paper, we explore presence squatting attacks in mobile app ecosystem. "App Squatting", release apps with identifiers (e.g., name or package name) are confusingly similar those well-known Internet brands. This paper presents first in-depth measurement study showing its...
Ponzi schemes are financial scams that lure users under the promise of high profits. With prosperity Bitcoin and blockchain technologies, there has been growing anecdotal evidence this classic fraud emerged in ecosystem. Existing studies have proposed machine-learning based approaches for detecting schemes, i.e., either on operation codes (opcodes) smart contract binaries or transaction patterns addresses. However, state-of-the-art face several major limitations, including lacking...
The rapid growth of Decentralized Finance (DeFi) boosts the Ethereum ecosystem. At same time, attacks towards DeFi applications (apps) are increasing. However, to best our knowledge, existing smart contract vulnerability detection tools cannot be directly used detect attacks. That's because they lack capability recover and understand high-level semantics, e.g., a user trades token pair X Y in EXchange (DEX). In this work, we focus on two types new apps, including direct indirect price...
Machine learning has shown promise for improving the accuracy of Android malware detection in literature. However, it is challenging to (1) stay robust towards real-world scenarios and (2) provide interpretable explanations experts analyse. In this article, we propose <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">MsDroid</small> , an An <underline xmlns:xlink="http://www.w3.org/1999/xlink">droid</u> system that makes decisions by identifying...
Ethereum has been attracting lots of attacks, hence there is a pressing need to perform timely investigation and detect more attack instances. However, existing systems suffer from the scalability issue due following reasons. First, tight coupling between malicious contract detection blockchain data importing makes them infeasible repeatedly different attacks. Second, coarse-grained archive inefficient replay transactions. Third, separation runtime state recovery consumes storage. In this...
Recent years have witnessed explosive growth in blockchain smart contract applications. As contracts become increasingly popular and carry trillion dollars worth of digital assets, they more an appealing target for attackers, who exploited vulnerabilities to cause catastrophic economic losses. Notwithstanding a proliferation work that has been developed detect impressive list vulnerabilities, the bad randomness vulnerability is overlooked by many existing tools. In this article, we make...
Abstract- Computing power, integrating computation, network transport, and data storage, represents a new productivity paradigm. As AI models evolve, the demand for computing power intensifies, particularly within financial centers. However, traditional resources are often underutilized due to inadequate management, leading significant waste. This article proposes architecture optimization managing heterogeneous chip optimizing distributed algorithm training, enhancing resource utilization...
The energy efficiency of modern data centers has become a practical concern and attracted significant attention in recent years. In contract to existing solutions that primarily focuses on only one specific aspect management reduce consumption, this paper explores the balance between server consumption network present an energy-aware joint virtual machine (VM) placement. Given definition VM placement fairness, basic algorithm which fulfills constraints is conducted. Then, we further...
Developers often integrate third-party services into their apps. To access a service, an app must authenticate itself to the service with credential. However, credentials in apps are not properly or adequately protected, and might be easily extracted by attackers. A leaked credential could pose serious privacy security threats both developer users.
EOSIO has become one of the most popular blockchain platforms since its mainnet launch in June 2018. In contrast to traditional PoW-based systems (e.g., Bitcoin and Ethereum), which are limited by low throughput, is first high throughput Delegated Proof Stake system that been widely adopted many decentralized applications. Although millions accounts billions transactions, little known about ecosystem, especially related security fraud. this paper, we perform a large-scale measurement study...
The prosperity of Ethereum attracts many users to send transactions and trade crypto assets. However, this has also given rise a new form transaction-based phishing scam, named TxPhish. Specifically, tempted by high profits, are tricked into visiting fake websites signing that enable scammers steal their past year witnessed 11 large-scale TxPhish incidents causing total loss more than 70 million.
Beyond an emerging popular web applications runtime supported in almost all commodity browsers, WebAssembly (WASM) is further regarded to be the next-generation execution environment for blockchain-based applications. Indeed, many blockchain platforms such as EOSIO and NEAR have adopted WASM-based engines. Most recently, WASM has been favored by Ethereum, largest smart contract platform, replace state-of-the-art EVM. However, whether how well current outperforms EVM on clients still unknown....
In this paper, we present the first large-scale and systematic study to characterize code reuse practice in Ethereum smart contract ecosystem. We performed a detailed similarity comparison on dataset of 10 million contracts had harvested, then further conducted qualitative analysis diversity ecosystem, understand correlation between vulnerabilities, detect plagiarist DApps. Our revealed that over 96% duplicates, while large number them were similar, which suggests ecosystem is highly...
As the COVID-19 pandemic emerged in early 2020, a number of malicious actors have started capitalizing topic. Although few media reports mentioned existence coronavirus-themed mobile malware, research community lacks understanding landscape malware. In this paper, we present first systematic study Android We make efforts to create daily growing themed app dataset, which contains 4,322 apk samples (2,500 unique apps) and 611 potential malware (370 by time mid-November, 2020. then an analysis...
As the COVID-19 pandemic emerged in early 2020, a number of malicious actors have started capitalizing topic. Although few media reports mentioned existence coronavirus-themed mobile malware, research community lacks understanding landscape malware. In this paper, we present first systematic study Android We make efforts to create daily growing themed app dataset, which contains 4,322 apk samples (2,500 unique apps) and 611 potential malware (370 by time mid-November, 2020. then an analysis...