CoCo：基于 CBOW 的下一代通信部分和不连续日志协同漏洞检测框架

IF 6.3 Q1 ENGINEERING, ELECTRICAL & ELECTRONIC

IEEE Open Journal of the Communications Society Pub Date : 2024-10-01 DOI:10.1109/OJCOMS.2024.3471709

Yifeng Peng;Xinyi Li;Sudhanshu Arya;Ying Wang

{"title":"CoCo：基于 CBOW 的下一代通信部分和不连续日志协同漏洞检测框架","authors":"Yifeng Peng;Xinyi Li;Sudhanshu Arya;Ying Wang","doi":"10.1109/OJCOMS.2024.3471709","DOIUrl":null,"url":null,"abstract":"With the development of communication technology, protocol design, and infrastructure implementation have become more complex, bringing significant security challenges to 5G and NextG systems. Fuzz testing is widely used to detect system vulnerabilities and the health status under the condition of abnormal input. In this paper, we generate fuzz testing via the Man In The Middle Model (MITM) at various locations of the time sequence in the 5G authentication and authorization process and analyze the communication state transitions, which are recorded in the log files of fuzz testing cases. CoCo introduces a novel CBOW-based framework for synergistic vulnerability detection, addressing the challenge of partial log data and scalability in real-time environments, a significant advancement in the field of NextG communication security. CoCo can be applied to identifying the type of attacks or abnormal inputs from partial system profiling for the impacted behaviors. In particular, we show, for the first time, that by utilizing the CoCo, we can precisely detect the fuzzed layer using only a partial segment of the log file in real-time and identify the root cause of vulnerabilities with high accuracy. The results show that when we get only 40% portion of the entire log file, applying convolutional neural network (CNN) in the machine learning models can reach the Area under Curve (AUC) value of 92%. Furthermore, by strategically combining these segments, we enhanced the efficacy of vulnerability detection, demonstrating a synergistic effect where the combined impact is greater than the sum of individual parts, meanwhile reducing the time complexity by 6%.","PeriodicalId":33803,"journal":{"name":"IEEE Open Journal of the Communications Society","volume":"5 ","pages":"6381-6403"},"PeriodicalIF":6.3000,"publicationDate":"2024-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10701039","citationCount":"0","resultStr":"{\"title\":\"CoCo: A CBOW-Based Framework for Synergistic Vulnerability Detection in Partial and Discontinuous Logs for NextG Communications\",\"authors\":\"Yifeng Peng;Xinyi Li;Sudhanshu Arya;Ying Wang\",\"doi\":\"10.1109/OJCOMS.2024.3471709\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the development of communication technology, protocol design, and infrastructure implementation have become more complex, bringing significant security challenges to 5G and NextG systems. Fuzz testing is widely used to detect system vulnerabilities and the health status under the condition of abnormal input. In this paper, we generate fuzz testing via the Man In The Middle Model (MITM) at various locations of the time sequence in the 5G authentication and authorization process and analyze the communication state transitions, which are recorded in the log files of fuzz testing cases. CoCo introduces a novel CBOW-based framework for synergistic vulnerability detection, addressing the challenge of partial log data and scalability in real-time environments, a significant advancement in the field of NextG communication security. CoCo can be applied to identifying the type of attacks or abnormal inputs from partial system profiling for the impacted behaviors. In particular, we show, for the first time, that by utilizing the CoCo, we can precisely detect the fuzzed layer using only a partial segment of the log file in real-time and identify the root cause of vulnerabilities with high accuracy. The results show that when we get only 40% portion of the entire log file, applying convolutional neural network (CNN) in the machine learning models can reach the Area under Curve (AUC) value of 92%. Furthermore, by strategically combining these segments, we enhanced the efficacy of vulnerability detection, demonstrating a synergistic effect where the combined impact is greater than the sum of individual parts, meanwhile reducing the time complexity by 6%.\",\"PeriodicalId\":33803,\"journal\":{\"name\":\"IEEE Open Journal of the Communications Society\",\"volume\":\"5 \",\"pages\":\"6381-6403\"},\"PeriodicalIF\":6.3000,\"publicationDate\":\"2024-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10701039\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Open Journal of the Communications Society\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10701039/\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"ENGINEERING, ELECTRICAL & ELECTRONIC\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Open Journal of the Communications Society","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/10701039/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

摘要

随着通信技术的发展，协议设计和基础设施的实现变得更加复杂，给 5G 和 NextG 系统带来了巨大的安全挑战。模糊测试被广泛用于检测系统漏洞和异常输入条件下的健康状态。在本文中，我们通过中间人模型（MITM）在 5G 认证和授权过程中的不同时序位置生成模糊测试，并分析模糊测试用例日志文件中记录的通信状态转换。CoCo 引入了一种新颖的基于 CBOW 的协同漏洞检测框架，解决了部分日志数据和实时环境下可扩展性的难题，是 NextG 通信安全领域的一大进步。CoCo 可用于从部分系统剖析中识别受影响行为的攻击类型或异常输入。特别是，我们首次展示了利用 CoCo，我们可以仅使用部分日志文件实时精确地检测模糊层，并高精度地识别出漏洞的根本原因。结果表明，当我们只获取整个日志文件的 40% 部分时，在机器学习模型中应用卷积神经网络（CNN），其曲线下面积（AUC）值可达到 92%。此外，通过有策略地组合这些片段，我们提高了漏洞检测的效率，显示出协同效应，即综合影响大于单个部分的总和，同时将时间复杂度降低了 6%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

CoCo: A CBOW-Based Framework for Synergistic Vulnerability Detection in Partial and Discontinuous Logs for NextG Communications

With the development of communication technology, protocol design, and infrastructure implementation have become more complex, bringing significant security challenges to 5G and NextG systems. Fuzz testing is widely used to detect system vulnerabilities and the health status under the condition of abnormal input. In this paper, we generate fuzz testing via the Man In The Middle Model (MITM) at various locations of the time sequence in the 5G authentication and authorization process and analyze the communication state transitions, which are recorded in the log files of fuzz testing cases. CoCo introduces a novel CBOW-based framework for synergistic vulnerability detection, addressing the challenge of partial log data and scalability in real-time environments, a significant advancement in the field of NextG communication security. CoCo can be applied to identifying the type of attacks or abnormal inputs from partial system profiling for the impacted behaviors. In particular, we show, for the first time, that by utilizing the CoCo, we can precisely detect the fuzzed layer using only a partial segment of the log file in real-time and identify the root cause of vulnerabilities with high accuracy. The results show that when we get only 40% portion of the entire log file, applying convolutional neural network (CNN) in the machine learning models can reach the Area under Curve (AUC) value of 92%. Furthermore, by strategically combining these segments, we enhanced the efficacy of vulnerability detection, demonstrating a synergistic effect where the combined impact is greater than the sum of individual parts, meanwhile reducing the time complexity by 6%.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Open Journal of the Communications Society Multiple-

CiteScore

13.70

自引率

3.80%

发文量

审稿时长

10 weeks

期刊介绍： The IEEE Open Journal of the Communications Society (OJ-COMS) is an open access, all-electronic journal that publishes original high-quality manuscripts on advances in the state of the art of telecommunications systems and networks. The papers in IEEE OJ-COMS are included in Scopus. Submissions reporting new theoretical findings (including novel methods, concepts, and studies) and practical contributions (including experiments and development of prototypes) are welcome. Additionally, survey and tutorial articles are considered. The IEEE OJCOMS received its debut impact factor of 7.9 according to the Journal Citation Reports (JCR) 2023. The IEEE Open Journal of the Communications Society covers science, technology, applications and standards for information organization, collection and transfer using electronic, optical and wireless channels and networks. Some specific areas covered include: Systems and network architecture, control and management Protocols, software, and middleware Quality of service, reliability, and security Modulation, detection, coding, and signaling Switching and routing Mobile and portable communications Terminals and other end-user devices Networks for content distribution and distributed computing Communications-based distributed resources control.