主办:西安交通大学网络空间安全学院
协办:网安国际论坛(InForSec)
陕西省计算机学会网络空间安全专委会
北京信息科学与技术国家研究中心
时间:12月14日(周六)下午13:30~18:10
地点:西安交通大学兴庆校区科学馆101
会议日程
嘉宾简介
1、演讲嘉宾:洪晓鹏 西安交通大学特聘研究员,博士生导师
演讲题目: 智能安防之自动微表情分析:从手工特征到深度学习
内容摘要:微表情是一种持续时间非常简短的自发人类脸部表情。它是一种自发性的非自愿表情动作,往往反映了人们希望隐藏的真实情感所以不容易假冒。因此自动检测并识别这些转瞬即逝的信息在安防、医疗、商业等领域都具有广泛的应用前景。微表情是人类表达自身情感的一种常见方式,却由于其动作幅度小和持续时间短,难以察觉而常被忽视。这也为自动微表情分析带来了极大的挑战。针对这些挑战,报告人在自动微表情分析方向上开展了多年研究。本次报告将简要汇报其在相关方面的主要工作,包括(一)微表情识别和分析的数据库采集和测试标准建立、(二)微表情识别框架、(三)基于深度学习的微表情检测与识别算法、(四)利用多模态、跨数据集等研究范式解决小样本问题的尝试并探讨未来的研究趋势。
演讲嘉宾介绍:
洪晓鹏博士,西安交通大学网络空间安全学院特聘研究员、博导。曾获芬兰奥卢大学Docent(芬兰副高、博士生导师)头衔。在如TPAMI、TIP等IEEE/ACM会刊和CVPR、ICCV等CCF A类学术会议上发表文章30余篇。所发表文章谷歌学术引用逾千次,单篇所载刊物最高影响因子17.73。其在微表情分析方面的相关工作见诸美国《麻省理工技术评论》和英国《每日邮报》等国际权威媒体专文报道。自2011年起主持芬兰信息技术学会(Infotech)博士后科研基金项目一项,共同主持芬兰科学院ICT2023专题项目一项。他是IEEE会员,多次受邀担任如IEEE T-PAMI、T-IP、T-NN及IJCV等重要国际学术期刊和ICCV及CVPR等重要国际学术会议的审稿人。此外,与同行在主流国际会议上先后举办了多场专题研讨会,并受邀担任多个国际会议及专题的分会主席和程序委员会成员。
2、演讲嘉宾:李一 南洋理工大学助理教授
演讲主题: Towards Secure and Robust Stateful Deep Learning Systems
内容摘要:
Despite the tremendous success in cutting-edge applications, Deep Learning (DL) still suffers from quality and security issues. While some recent progress has been made on analyzing feed-forward DL systems, limited analysis has been done on stateful DL systems such as the Recurrent Neural Network (RNN), which are widely used in audio, natural languages and video processing, etc. In this talk, I will present our recent research results on the quantitative analysis of RNN-based DL systems, with DeepStellar focusing on the security properties and MARBLE on the robustness properties. We demonstrate through experimental evaluation that DeepStellar and MARBLE can boost the effectiveness and efficiency of fuzz testing, adversarial example detection and generation for RNNs.
演讲嘉宾简介:
Yi Li is an Assistant Professor from the School of Computer Science and Engineering at the Nanyang Technological University, Singapore. He received his M.Sc. and Ph.D. in Computer Science from the University of Toronto in 2013 and 2018, respectively. Yi’s research interests are in software engineering, software security, and software sustainability. He was the recipient of the Chinese Government Award for Outstanding Students Abroad in 2018. His recent work on software history analysis won an ACM Distinguished Paper Award at the 30th International Conference on Automated Software Engineering (ASE’15). He was co-chair of the ICFEM’19 Doctoral Symposium and served as a member of the program committee for ICDCS’20, VSTTE’19, ASE’19, SANER’19, SANER’20 and MOBILESoft’20 tool track.
3、演讲嘉宾:刘保君 清华大学网络科学与网络空间研究院
演讲主题:域名协议安全测量研究:从域名劫持到域名加密
内容摘要:
公共DNS服务器由于其良好的安全性被一些互联网用户所信任。 我们研究发现,这层信任关系会轻易地被域名解析路径劫持所破坏。网络中的旁路设备可能会伪装成公共DNS服务器的地址,进而劫持用户的域名解析流量,并转发到第三方服务器。通过全球范围内大规模的测量研究,我们观测到全球两百余个自治域内存在这种现象;而在中国,近三成谷歌公共DNS的域名解析流量被劫持。这一现象给用户带来了多种安全隐患。
为解决DNS明文传输中的安全与隐私问题,近年来,安全社区提出多种加密DNS方案。DNS-over-TLS和DNS-over-HTTPS作为其中的两种标准化协议,得到了业界广泛的关注与部署。我们从全球用户的视角出发,对当前的加密DNS生态系统进行了大规模的测量研究。我们发现,公共加密DNS服务器具有良好的可达性,且加密环节并未引入显著的性能开销,与此同时,加密服务提供者存在大量不规范的实现及误配置问题。此外,尽管实际网络中加密DNS流量仍然较少,但存在显著上升的趋势。研究工作分别发表于 USENIX Security 及 IMC,并提名IMC最佳论文奖与社区贡献奖。
演讲嘉宾简介:
刘保君是清华大学计算机系五年级直博生,导师为刘莹老师与段海新老师,2018年于伯克利国际计算机科学研究所访问。主要研究方向为网络基础设施安全。博士期间学术论文发表于IEEE S&P、USENIX Security、CCS、NDSS、IMC等国际网络安全领域重要会议,获得清华大学博士生国家奖学金、NDSS 2019最佳论文奖,IMC 2019最佳论文奖与安全社区贡献奖提名。
4、演讲嘉宾:王海军 蚂蚁金服
演讲主题: Typestate-Guided Fuzzer for Discovering Use-after-Free Vulnerabilities
内容摘要:
Existing coverage-based fuzzers usually use the individual control flow graph (CFG) edge coverage to guide the fuzzing process, which has shown great potential in finding vulnerabilities. However, CFG edge coverage is not effective in discovering vulnerabilities such as use-after-free (UaF). This is because, to trigger UaF vulnerabilities, one needs not only to cover individual edges, but also to traverse some long sequence of edges in a particular order, which is challenging for existing fuzzers. To this end, we first propose to model UaF vulnerabilities as typestate properties, then develop a typestate-guided fuzzer, named UAFL, for discovering vulnerabilities violating typestate properties. Given a typestate property, we first perform a static typestate analysis to find operation sequences potentially violating the property. Then, the fuzzing process is guided by the operation sequences in order to progressively generate test cases triggering property violations. In addition, we alsoadopt the information flow analysis to improve the efficiency of the fuzzing process. We performed a thorough evaluation of UAFL on 14 widely-used real-world programs. The experiment results show that UAFL substantially outperforms the state-of-the-art fuzzers,including AFL, AFLFast, FairFuzz, MOpt, Angora and QSYM, in terms of the time taken to discover vulnerabilities. We discovered 10 previously unknown vulnerabilities, and received 5 new CVEs.
演讲嘉宾简介:
Haijun Wang is working in Ant Finacial, China. He received the Ph.D degree in School of Electronic and Information from Xi’an Jiaotong University, China, in 2016, and worked as PostDoc in school of computer science and engineering of Nanyang Technological University, Singapore. His research interests include program analysis, regression testing, reverse engineering, software security, blockchain security. His work has appeared at top-tier conference and journal, such as FSE, ICSE, ASE and TSE.
5、演讲嘉宾:诸世通 加州大学河滨分校
演讲主题:广告拦截(adblocking):一场没有硝烟的网络军备竞赛
内容摘要:
近年来,伴随着网络广告产业的崛起和扩张,越来越多侵入式、恼人的在线广告和与之相伴的在线用户追踪已经严重影响和侵犯了用户的冲浪体验和隐私。在这种情况下,越来越多的用户选择使用广告拦截软件(adblocker)来改善上网体验。截至2016年9月,据第三方公司统计,全球已有超过6亿的设备在拦截广告。作为回击,越来越多的广告服务提供商,甚至第三方公司,开始部署和提供广告拦截反制器(anti-adblocker)。在这次的报告中,我将会介绍在过去几年里我们和我们的合作研究团队对于自动化检测、拦截和绕开在线广告和追踪器资源,以及广告拦截反制器代码的相关工作。我们采用了动态程序分析、机器学习和浏览器插桩等技术方法来分析和推进这场不断升级的网络军备竞赛。相关工作的成果已经发表在包括NDSS、WWW、Oakland等业内顶级会议上。我们也开源了相关代码,并且被Brave — 一家隐私导向的浏览器创业公司所使用。
演讲嘉宾简介
Shitong Zhu is currently a 4th-year CS Ph.D. candidate at UC Riverside, advised by Professor Zhiyun Qian. He has a broad interest in computer security and web privacy, with the general theme of analyzing and improving privacy and security on the web. Specifically, his past research projects have focused on adblocking. The techniques he applies include program analysis, browser modification/instrumentation and machine learning. His work has appeared at top-tier venues in the field (NDSS/WWW/Oakland), and received a wide range of media coverage (e.g. TechCrunch).
6、演讲嘉宾:李强 华为数字技术有限公司
演讲主题:
从产业到学术再到产业,重新认识威胁情报
内容摘要:
和云计算一样,威胁情报的概念最早也是由产业界提出,学术界跟进研究,并随着威胁情报逐步演变成为一个独立领域,产业界和学术界相互促进,共同推动威胁情报的发展和落地。
本议题首先从产业的角度分析威胁情报提出的背景和解决问题的思路;再从学术的角度分析当前的威胁情报研究方向和内容;然后从威胁情报领域全景和解决安全业务中实际问题的角度,介绍当前华为安全开发部在威胁情报领域的研究内容,以及未来的研究方向。
演讲嘉宾简介
李强,2018年博士毕业于中国科学院信息工程研究所,现就职于华为数字技术有限公司,主要从事威胁情报业务的规划和预研工作,主要兴趣点:威胁情报、ATT&CK、SOAR等。
