Famous Teachers' Recommendations of Editorial Committee of the "Automation Vulnerability Excavation and Attack Detection" in the 7th issue of 2022

"Automated vulnerability mining and attack detection" is the seventh special direction of "Information Security Research" 2022. The teacher of the responsibility of the topic of this issue is Professor Wen Weiping, a doctorate instructor at Peking University. Teacher Wen recommends this special thesis for everyone. Welcome everyone to read a message.

---

▶ Special recommendation thesis

"Analysis of the Visualization of Multi -level Control Relationships in Zombie Network" (Author: Fu Boyang, Yake Bing, Unit: Beijing University of Aeronautics and Astronautics University, National Computer Network Emergency Technology Treatment Coordination Center)

"Summary of Virtual Machine Software Protection Technology" (Author: Li Chengyang, Chen Xiarun, Zhang Han, Wen Weiping, unit: Peking University Software and Microelectronics Institute, Wuhan October Technology Co., Ltd. Strategic Planning Department)

---

"Analysis of Visualization of Multi -level Control Relationships in Zombie Network"

▶ Thesis recommendation reason

In recent years, informatization has developed rapidly, and Internet devices have penetrated into life. As of 2018, China has established a huge network of nearly 3.3 billion connections. It is expected that the number will reach nearly 16 billion by 2025, which has also led to a significant increase in the number of controlled devices in the zombie network. It is getting more rampant. In the large -scale zombie network attacks on online streaming applications in 2019, the number of controlled devices in just 13 days was as high as 400,000 units. The hosts in the zombie network are often hidden in the network, which causes to detect abnormalities if only the single node traffic on the network is detected only, so that it is not feasible to detect the behavior of zombie network. Causes the entire zombie network. Therefore, how to find the zombie springboard network used by suspicious attackers has become an important step in establishing effective defense means.

The visual analysis system of a multi -level control relationship proposed by the paper can determine which nodes in the zombie network are non -top -level nodes in the multi -level control network, so as to find that the multi -level control relationship between network devices may be in The C & C server node of the position is helpful for subsequent traceability analysis and found hidden host nodes.

▶ Responsible editorial board comment

The thesis studies the hidden behavior in the network attack, especially the hidden host nodes in the zombie network. The limitations of zombie network testing for the current abnormal flow of a single node were analyzed; the control nodes were screened through flow features, and the control behavior was sorted out. Based on the graph database, the multi -level control relationship of the zombie network was analyzed. Multi -level control relationships, find a springboard node, trace the zombie network, so as to find the hidden host node; propose the introduction of the behavior of the introduction method to further distinguish the node, divide different clusters, and choose the true zombie network community The zombie network community and further judge the role played by each node in the zombie network community. The paper provides a new visual detection analysis method for zombie network detection.

▶ The main content

The thesis is mainly divided into 4 parts: introducing the traceability of zombie network hosts and the challenges faced by positioning analysis; analysis of the relevant research of the current zombie network behavior detection; studying and designing a multi -level control relationship visual analysis system for zombie networks; Further analysis and exploration of multi -level control networks.

---

"Summary of Virtual Machine Software Protection Technology"

▶ Thesis recommendation reason

During the distribution of software, the static and dynamic analysis of the software always exist. Virtual machine software protection provides possibilities for the extension of code confusion, which provides possibilities for resisting Mate attacks. In the face of the state of blankness of the comprehensive article in this field, the outstanding results of the relevant results are urgently needed.

The thesis sorted out and summarized the current status of domestic and foreign virtual machine software protection. It gave a detailed explanation of the structure and security of the protection of virtual machine software, and contributed to the further research of this field.

▶ Responsible editorial board comment

The paper analyzes the results of the protection of virtual machine software at home and abroad. Explaining the problems of the current virtual machine software protection research and the challenges faced: on the one hand, the protection level needs to be proposed at the new theory, a breakthrough in reducing performance overhead and enhancing the protection effect; on the other hand The construction of the indicator, the characteristics of the combination of the method itself give the quantitative assessment solution. Introduce relevant research directions and methods, and give intuitive summary and analysis. Analysis of the safety of virtual machines, starting from the two security entities of the protected procedures and the protection procedure, explaining the relevant safety guarantee. For future prospects, further research is proposed from the aspects of unified evaluation indicators, expenses and protected granularity, and cross -platform.

▶ The main content

The thesis is mainly divided into 4 parts: pointing out the problems in the protection of existing virtual machines; introducing the structure of the protection of virtual machine software; quoting relevant articles to analyze and summarize its security; look forward to the future research direction.

---

[Editorial Committee of responsibility in this issue · Personal profile]

Wen Weiping, a professor at Peking University, a doctoral supervisor. The core member of the National Network Information Security Engineer Senior Vocational Education Project Team, the principals of the Software Security Research Group of Peking University, member of the Communications Network Security Specialty Committee, director of the Beijing Computer Society Network Security and Legal Committee, First Research Institute and the First Institute of Public Security Expert group expert group of China Aerospace Science and Industry Group Software Evaluation Center. The main research areas are systems and network security, big data and cloud security and intelligent computing security research.

- END -