Yueming Lu

Jiachen Zhang, Yueming Lu, Fan Feng et al.

Effective detection of unknown network security threats in multi-class imbalanced environments is critical for maintaining cyberspace security. Current methods focus on learning class representations but face challenges with unknown threat detection, class imbalance, and lack of interpretability, limiting their practical use. To address this, we propose RPM-Net, a novel framework that introduces reciprocal point mechanism to learn "non-class" representations for each known attack category, coupled with adversarial margin constraints that provide geometric interpretability for unknown threat detection. RPM-Net++ further enhances performance through Fisher discriminant regularization. Experimental results show that RPM-Net achieves superior performance across multiple metrics including F1-score, AUROC, and AUPR-OUT, significantly outperforming existing methods and offering practical value for real-world network security applications. Our code is available at:https://github.com/chiachen-chang/RPM-Net

Lingzi Kong, Daoqi Han, Junmei Ding et al.

Recognizing the type of connected devices to a network helps to perform security policies. In smart grids, identifying massive number of grid metering terminals based on network traffic analysis is almost blank and existing research has not proposed a targeted end-to-end model to solve the flow classification problem. Therefore, we proposed a hierarchical terminal recognition approach that applies the details of grid data. We have formed a two-level model structure by segmenting the grid data, which uses the statistical characteristics of network traffic and the specific behavior characteristics of grid metering terminals. Moreover, through the selection and reconstruction of features, we combine three algorithms to achieve accurate identification of terminal types that transmit network traffic. We conduct extensive experiments on a real dataset containing three types of grid metering terminals, and the results show that our research has improved performance compared to common recognition models. The combination of an autoencoder, K-Means and GradientBoost algorithm achieved the best recognition rate with F1 value of 98.3%.

Ruohan Cao, Ruohan Cao, Tan F. Wong et al.

We consider a channel separation approach to counter the pilot attack in a massive MIMO system, where malicious users (MUs) perform pilot spoofing and jamming attack (PSJA) in uplink by sending symbols to the basestation (BS) during the channel estimation (CE) phase of the legitimate users (LUs). More specifically, the PSJA strategies employed by the MUs may include (i) sending the random symbols according to arbitrary stationary or non-stationary distributions that are unknown to the BS; (ii) sending the jamming symbols that are correlative to those of the LUs. We analyze the empirical distribution of the received pilot signals (ED-RPS) at the BS, and prove that its characteristic function (CF) asymptotically approaches to the product of the CFs of the desired signal (DS) and the noise, where the DS is the product of the channel matrix and the signal sequences sent by the LUs/MUs. These observations motivate a novel two-step blind channel separation method, wherein we first estimate the CF of DS from the ED-RPS and then extract the alphabet of the DS to separate the channels. Both analysis and simulation results show that the proposed method achieves good channel separation performance in massive MIMO systems.