In the field of intelligent system security, the anomaly detection domain, especially the identification of insider threats, is a challenging task. Existing methods usually rely on predefined rules or temporal modelling learning, but are prone to limitations when facing unknown threat patterns, and it is difficult to fully explore the deep features of log data. To address this problem, this paper proposed an insider threat detection method based on the fusion of Transformer Encoder (Trans-Encoder) and Long Short-Term Memory (LSTM) networks, aiming to achieve efficient identification of hidden anomalies in logs by using only normal class data for training. Firstly, the method proposed in this paper enhanced the ability to extract features from multi-source log data by improving the Transformer encoder structure and adding a masking mechanism. Then LSTM was applied for time series modelling to capture the temporal correlation between the extracted features, which improved the model’s ability to analyze sequential dependencies. Finally, the degree of difference between the predicted value and the corresponding feature value was calculated and compared with the threshold value to determine whether the operation was anomalous or not. The experimental results show that the method outperforms the existing state-of-the-art methods on the insider threat detection task, with a 1.5% improvement in Precision, a 4.8% improvement in Recall, a 1.3% improvement in F1-score, and a stable performance with only 10% training data. In addition, the computational efficiency is higher than that of MTSAD in both the training and testing phases, which verifies its potential application in intelligent system security and provides an efficient and reliable solution for improving system protection.

With the rapid development of intelligent medical systems, the lack of labeled data has become a key factor restricting research progress. Knowledge distillation, as an effective data utilization strategy, can alleviate this problem. However, in intelligent medical field, models are usually used to replace manual diagnosis of images and data. This not only puts forward higher requirements for the protection of medical information privacy, but also emphasizes the decisive impact of model accuracy on the accuracy of diagnostic results.Therefore, this paper proposed a knowledge distillation scheme combined with differential privacy, and applied it to graph neural network models, aiming to protect users’ sensitive information in the knowledge distillation process while ensuring high medical diagnostic accuracy. To verify the effectiveness of the proposed method, this paper constructed a graph attention network (GAT) model and a convolutional neural network (CNN) model as control groups, and conducted experimental verification using three practical medical image datasets. The experimental results show that the accuracy of the GAT model proposed in this paper is higher than that of the CNN model, which is improved from 61% to 68%, 83% to 93%, and 67% to 80% on the three datasets respectively. Given the high resource overhead of the GAT model, this paper further designed a lightweight GAT model architecture. The lightweight model significantly reduces resource consumption while maintaining classification performance superior to the CNN model, thereby effectively improving medical diagnostic outcomes under the premise of differential privacy protection.

With the collaborative development of 5G/6G wireless communication technologies and novel intelligent networking technologies, three-dimensional distributed network architectures are gradually achieving full-domain coverage across space, air, land, and sea. In this network system, a large number of intelligent communication nodes form an autonomous multi-hop routing system through wireless interconnection, enabling dynamic information sharing. However, due to the broadcast nature of wireless channels, attackers can eavesdrop on network communication behaviors and perform correlation analysis to accurately reconstruct the message transmission path topology. Such path inference attacks directly expose the location privacy of the source node, destination node, and key relay nodes, posing a serious threat to network security. To address the need for path privacy protection in three-dimensional distributed wireless networks, this paper proposed a data transmission path obfuscation scheme based on spatial information obfuscation. Firstly, the three-dimensional Delaunay triangulation algorithm was adopted to discretize the network space into several irregular tetrahedral units, constructing the communication neighborhood set and the delaunay neighborhood set of nodes. Secondly, an optimal virtual relay position selection mechanism was designed, and a virtual position-guided directional message forwarding algorithm was developed by combining the topological features of the communication neighborhood and the Delaunay neighborhood. This algorithm, through distributed computation, precisely routed the data packet to the physical node closest to the virtual relay position (i.e., the randomized relay node), effectively decoupling the transmission path from the physical topology. Finally, the randomized relay node acted as a pseudo-source node to complete data delivery, enhancing the difficulty of path tracing through dual obfuscation in spatial and temporal dimensions. Simulation experiments show that by introducing a dynamic virtual relay mechanism, the proposed scheme reduces the density of effective packets in the channel by 42.7%, and decreases the success rate of path reconstruction attacks to below 12.3%, significantly enhancing the unlinkability of data transmission paths. This work provides a lightweight location privacy protection solution for three-dimensional distributed networks.

Source code vulnerabilities in intelligent systems are an important factor affecting their security, and source code vulnerability detection based on deep learning faces the problems of insufficient model ability of detection and generalization caused by imbalanced, small-scale and low-quality datasets. While sampling techniques and data augmentation techniques could alleviate some of these problems, they didn’t work well on real datasets. To solve these problems, this paper proposed a data enhancement method based on graph node centrality and large model for vulnerability detection. The source code was abstracted into a graph structure by using the code attribute graph firstly, and then calculating the code priority value with the help of graph node centrality analysis. Code lines corresponding to nodes with their maximum value was taken as key code statements which can be located without original datasets of known vulnerability statement information. Second, defining a mutation instruction template containing comprehensive mutation rules, and generating enhanced code samples after inputting templates filled with original samples and key codes into different large models. Finally, enhanced code samples and original samples were jointly trained to build a vulnerability detection model. Experiments results show that the proportion of effective samples generated by proposed methods is 73.82%. Compared with different sampling techniques and sample augmentation methods in two mainstream graph neural network-based vulnerability detection models, this method has optimization in all evaluation indicators, among which the F1 value is increased by 168.85% on average compared with non-enhanced methods and 8.21% on average compared with the best baseline method.

With the rapid development of internet technology, cybersecurity threats have become increasingly severe. Malicious websites, serving as primary carriers of cyberattacks, pose significant threats to user information security and digital asset safety through phishing scams, malware distribution, and other means. The purpose of this paper was to enhance the accuracy of malicious websites assessment, taking malicious websites as the research object, covering the research scope of multi-dimensional feature analysis and PageRank algorithm optimization. This study employed various research methods and theories, including domain name feature analysis, registration information inquiry, domain name inclusion search, traffic behavior analysis, content quality assessment, user behavior data collection, and time decay factor integration. This paper combined natural language processing technology, machine learning algorithms and time decay mechanisms, proposed a comprehensive malicious websites assessment system and verified its effectiveness in improving the accuracy of malicious websites assessment. Experimental results demonstrate that this method achieves a comprehensive accuracy rate to 99.99%, which represents a significant improvement over traditional methods. The research findings presented in this paper provide robust support for cybersecurity protection and remain significant for constructing a safer and more trustworthy online environment.

With the growth of renewable energy, the application of distributed generation (DG) systems has expanded, offering advantages in energy efficiency and environmental sustainability. However, the decentralized and complex nature of DG systems makes them vulnerable to False Data Injection Attacks (FDIAs), which tamper with real-time measurements, disrupt state estimation, and compromise scheduling decisions. These attacks can lead to instability, operational errors, and even power outages. To enhance system security, this paper proposed DACDiff, a defense method against FDIAs in DG control. Based on an improved conditional diffusion model, DACDiff employed DACformer as a denoising network with a dual-attention mechanism to capture dependencies in time series data. Through upsampling and a multi-scale design, the model preserved data features, generating realistic replacements for compromised data to maintain state estimation and control accuracy. Simulation results on power system datasets show that DACDiff achieves high data generation quality and strong defense capability, effectively restoring DG control systems and enhancing security and stability.

With the widespread adoption of application softwares in intelligent systems, ensuring software security is crucial for enhancing the reliability of these systems. Although existing fuzz testing techniques can reveal software security vulnerabilities to some extent, they are often hindered by issues related to testing effectiveness and efficiency. To address these challenges, this paper proposed a mutation-sensitive fuzz testing method (Seq2Seq-Fuzzer). First, we introduced four Seq2Seq models based on improved LSTM and Transformer architectures, and trained the proposed models using byte vector datasets constructed from programs such as objdump, readelf, and others. Next, we appled the Seq2Seq model to optimize american fuzzy lop (AFL) by predicting effective mutation strategies and mutation position pairs, aiming to address the high randomness and low efficiency inherent in AFL fuzz testing. Finally, we evaluated the proposed AFL optimization method. Experimental results show that, in tests on objdump, readelf, and nm, the code coverage of Seq2Seq-Fuzzer surpasses that of AFL by up to 56.8%, and it successfully identifies 21 crashes in programs related to objdump.

For the dynamic interaction problem of safety and security in complex cyber-physical systems, the existing S&S co-analysis methods have insufficient depth and accuracy in analyzing the attack-fault interaction at the component level, making it difficult to comprehensively identify integrated risk scenarios and accurately quantify risks. This leads to potential contradictions in subsequent risk mitigation measures, thereby reducing the effectiveness of comprehensive risk assessment. This paper proposed a safety and security co-analysis and assessment method for intelligent connected vehicles based on ontology and attack-fault tree (Onto-AFT). By constructing an ontology model of the hierarchical dependency relationship between business, function, and component, it standardized the representation of the macroscopic functional architecture and microscopic component interaction logic of cyber-physical systems. Using the Datalog language, dynamic interaction rules for system components, functions, attacks, and faults were designed to achieve joint reasoning of attack paths and fault propagation paths and quantification of failure risks. This method combined the systematic knowledge representation ability of ontology with the multi-logic gate expression ability of attack-fault trees, supporting failure path reasoning in complex interaction scenarios (such as attacks triggering faults, redundant components suppressing failures), and integrating CVSS vulnerability scores and failure rate data to achieve dynamic risk calculation. Experimetation on the autonomous emergency braking system of intelligent connected vehicles, experiments prove that compared with traditional safety and security co-analysis and evaluation methods, Onto-AFT significantly improves the comprehensiveness of risk identification and quantification accuracy, and has high scalability with dynamic rule updates.

Modern information systems are increasingly large, and their behavior is reflected in diverse multi-source logs. The semantics of log parameters represent entity information within the system, which is crucial for the joint analysis of multi-source logs. However, existing parsing methods inadequately capture the semantic features of log parameters, leading to issues such as semantic gaps, limited coverage, and insufficient accuracy in semantic recognition. To address this, this paper proposed a parameter semantics-based log parsing method, (PS-Parser), which captured the semantic features of log context using a BERT model, extracted the semantics of log parameters, and complemented the semantics at different levels through a conventional parameter semantic feature library. Ultimately, it represented system entities based on parameter semantics to achieve joint analysis of multi-source logs. Experiments on six multi-source real datasets show an average accuracy of 94.7% for log parameter parsing, an average semantic coverage of 81.7%, and an average F1 score of 0.991 for semantic parsing, significantly improving upon existing methods and validating the effectiveness of the proposed approach. Finally, the support of the parameter semantics-based log parsing method for joint analysis of multi-source logs in big data system scenarios is verified.

: This paper proposeed an HDPAttack, a hidden backdoor prompt attack method based on fake demonstrations. This method used the overall semantics of natural language prompts as a trigger. By inserting carefully crafted fake demonstrations into the training data, these fake demonstrations generated fake examples with high semantic consistency by semantically re-expressing the prompts, guiding the model to learn specific trigger patterns in deep representations. Unlike traditional backdoor attack methods, HDPAttack did not rely on rare words, special characters, or abnormal tokens. Instead, it generated fake examples by altering the linguistic expression of prompts without significantly changing the semantics or labels of the input data, thereby evading detection techniques based on explicit abnormal features. This enabled the model to activate hidden backdoor behaviors in seemingly normal inputs, improving the stealth and success rate of the attack. This method has great potential in the field of stealthy attacks and provides a new research direction for enhancing backdoor defense technologies.

With the rapid development of artificial intelligence technologies, intelligent systems have been widely applied in various fields such as healthcare and industry. However, once a large amount of user data stored in intelligent systems is maliciously attacked, it will pose a serious threat to user privacy. To protect user data privacy, many countries have introduced relevant laws and regulations to ensure “the right to be forgotten”. Machine unlearning methods are typically divided into exact unlearning and approximate unlearning, aims to adjust model parameters to remove the influence of specific data from a trained model. Exact unlearning methods use the remaining data to retrain the model to achieve unlearning, but this approach is computationally expensive. Approximate unlearning methods use a smaller number of parameter updates to achieve unlearning, but existing approximate unlearning methods suffer from issues such as poor unlearning performance and long unlearning times. This paper proposed an adaptive sampling-based machine unlearning method, the method first sampled the gradients during the model training process, and then used a small amount of gradient information to complete unlearning. It had wide applicability and could be adapted to various machine forgetting methods. The experimental results show that the “sample first, unlearn later” approach can effectively improve the performance of approximate unlearning, while reducing the time for exact unlearning by about 22.9% and the time for approximate unlearning by about 38.6%.

Public Key Infrastructure Certificate Authority (PKI-CA) is a framework used to manage digital certificates and public-private key pairs. Traditional PKI-CA systems, due to their centralized management nature, faced risks of single points of failure and security vulnerabilities. To address these issues, this paper designed a decentralized PKI-CA system based on blockchain smart contracts, where certificate addition, deletion, modification and querying were achieved through smart contracts. Each node assumed the role of a Certificate Authority (CA) or Registration Authority (RA). To improve efficiency, the system adopted a certificate indexing algorithm based on IPFS, using Content Identifiers (CID) for fast certificate retrieval. Considering the transparency of blockchain, the system incorporated China’s cryptographic algorithm and fully homomorphic encryption to encrypt sensitive data, ensuring the identity and privacy of certificate holders. Testing results showed that the system could handle 50 operations per second, with the issuance of 100 certificates taking only 2.39 seconds, demonstrating better performance and security compared to traditional PKI-CA systems. Security analysis results showed that the China commercial cryptographic algorithm and full homomorphic encryption technology adopted by the system effectively protect the system’s key data and sensitive information. The decentralization and consensus mechanism in the blockchain enhance the system’s anti-attack capability and effectively prevent the malicious generation and forgery of certificates.

Gray-box fuzzing is an effective way to conduct vulnerability analysis and exploit discovery on general software programs, but it cannot be directly applied to firmware devices. This paper first systematically summarized the basic technical requirements of gray-box fuzzing from the perspectives of functionality, effectiveness, and sustainability. Then it pointed out that existing firmware gray-box fuzzing methods for firmware suffer from complex configuration, poor generality, and significant overhead from the virtual machine introspection system. Subsequently, an efficient gray-box fuzzing approach for firmware network applications was proposed, which monitored the guest machine’s network-related system calls and leveraged the page directory address to identify the target process and collect code coverage information. The approach could meet the three basic technical requirements of gray-box fuzzing without the support of any complex virtual machine introspection system. Based on the proposed approach, the author developed a prototype system called FAN (FirmAFLNet), which supported various network protocols and was used to test two firmware network applications. Compared to using a virtual machine introspection system, the time overhead introduced by the approach has decreased from 12% to about 4%. The experimental results fully demonstrate the effectiveness of the approach.

With the rapid development of blockchain trading platforms, the deployment of smart contracts has increased significantly. However, in recent years, vulnerabilities in smart contracts have led to substantial economic losses for block-chain transaction platforms, drawing considerable attention from researchers to the field of smart contract security. Existing methods either heavily rely on expert rules or complex data processing steps, or employ models or learning strategies that are misaligned with the objectives of this field, resulting in poor detection performance. Therefore, this paper proposed PC-Detector, a vulnerability detection method for smart contracts utilizing prompt fine-tuning of large language models. By introducing task-specific prompt knowledge, this method ensured consistency between the target task and the model’s pretraining tasks, thereby enhancing model adaptability and improving detection performance. Specifically, the paper proposed four prompt design strategies tailored to smart contract vulnerability detection and examined the impact of embedding prompts at different positions on detection performance. Furthermore, the paper prompt-tuning on the CodeT5 series models using code-embedded prompts to detect vulnerabilities in smart contracts. Extensive experiments demonstrate that this method significantly improved detection performance.