Xixiang Lv

Renpeng Zou, Xixiang Lv

Increasing awareness of privacy-preserving has led to a strong focus on anonymous systems protecting anonymity. By studying early schemes, we summarize some intractable problems of anonymous systems. Centralization setting is a universal problem since most anonymous system rely on central proxies or presetting nodes to forward and mix messages, which compromises users' privacy in some way. Besides, availability becomes another important factor limiting the development of anonymous system due to the large requirement of additional additional resources (i.e. bandwidth and storage) and high latency. Moreover, existing anonymous systems may suffer from different attacks including abominable Man-in-the-Middle (MitM) attacks, Distributed Denial-of-service (DDoS) attacks and so on. In this context, we first come up with a BlockChain-based Mix-Net (BCMN) protocol and theoretically demonstrate its security and anonymity. Then we construct a concrete dynamic self-organizing BlockChain-based MIX anonymous system (BCMIX). In the system, users and mix nodes utilize the blockchain transactions and their addresses to negotiate keys with each other, which can resist the MitM attacks. In addition, we design an IP sharding algorithm to mitigate Sybil attacks. To evaluate the BCMIX system, we leverage the distribution of mining pools in the real world to test the system's performance and ability to resistant attacks. Compared with other systems, BCMIX provides better resilience to known attacks, while achieving low latency anonymous communication without significant bandwidth or storage resources.

Renpeng Zou, Xixiang Lv, Jingsong Zhao

The development of eHealth systems has brought great convenience to people's life. Researchers have been combining new technologies to make eHealth systems work better for patients. The Blockchain-based eHealth system becomes popular because of its unique distributed tamper-resistant and privacy-preserving features. However, due to the security issues of the blockchain system, there are many security risks in eHealth systems utilizing the blockchain technology. i.e. 51% attacks can destroy blockchain-based systems. Besides, trivial transactions and frequent calls of smart contracts in the blockchain system bring additional costs and security risks to blockchain-based eHealth systems. Worse still, electronic medical records (EMRs) are controlled by medical institutions rather than patients, which causes privacy leakage issues. In this paper, we propose a medical data Sharing and Privacy-preserving eHealth system based on blockChain technology (SPChain). We combine RepuCoin with the SNARKs-based chameleon hash function to resist underlying blockchain attacks, and design a new chain structure to make microblocks contribute to the weight of blockchain. The system allows patients to share their EMRs among different medical institutions in a privacy-preserving way. Besides, authorized medical institutions can label wrong EMRs with the patients' permissions in the case of misdiagnosis. Security analysis and performance evaluation demonstrate that the proposed system can provide a strong security guarantee with a high efficiency.

Bowen Zhang, Benedetta Tondi, Xixiang Lv et al.

The existence of adversarial examples and the easiness with which they can be generated raise several security concerns with regard to deep learning systems, pushing researchers to develop suitable defense mechanisms. The use of networks adopting error-correcting output codes (ECOC) has recently been proposed to counter the creation of adversarial examples in a white-box setting. In this paper, we carry out an in-depth investigation of the adversarial robustness achieved by the ECOC approach. We do so by proposing a new adversarial attack specifically designed for multi-label classification architectures, like the ECOC-based one, and by applying two existing attacks. In contrast to previous findings, our analysis reveals that ECOC-based networks can be attacked quite easily by introducing a small adversarial perturbation. Moreover, the adversarial examples can be generated in such a way to achieve high probabilities for the predicted target class, hence making it difficult to use the prediction confidence to detect them. Our findings are proven by means of experimental results obtained on MNIST, CIFAR-10 and GTSRB classification tasks.

Wei Rong, Bowen Zhang, Xixiang Lv

Web parameter injection attacks are common and powerful. In this kind of attacks, malicious attackers can employ HTTP requests to implement attacks against servers by injecting some malicious codes into the parameters of the HTTP requests. Against the web parameter injection attacks, most of the existing Web Intrusion Detection Systems (WIDS) cannot find unknown new attacks and have a high false positive rate (FPR), since they lack the ability of re-learning and rarely pay attention to the intrinsic relationship between the characters. In this paper, we propose a malicious requests detection system with re-learning ability based on an improved convolution neural network (CNN) model. We add a character-level embedding layer before the convolution layer, which makes our model able to learn the intrinsic relationship between the characters of the query string. Further, we modify the filters of CNN and the modified filters can extract the fine-grained features of the query string. The test results demonstrate that our model has lower FPR compared with support vector machine (SVM) and random forest (RF).

Qiang Zhu, Xixiang Lv

Machine Learning as a Service (MLaaS), such as Microsoft Azure, Amazon AWS, offers an effective DNN model to complete the machine learning task for small businesses and individuals who are restricted to the lacking data and computing power. However, here comes an issue that user privacy is ex-posed to the MLaaS server, since users need to upload their sensitive data to the MLaaS server. In order to preserve their privacy, users can encrypt their data before uploading it. This makes it difficult to run the DNN model because it is not designed for running in ciphertext domain. In this paper, using the Paillier homomorphic cryptosystem we present a new Privacy-Preserving Deep Neural Network model that we called 2P-DNN. This model can fulfill the machine leaning task in ciphertext domain. By using 2P-DNN, MLaaS is able to provide a Privacy-Preserving machine learning ser-vice for users. We build our 2P-DNN model based on LeNet-5, and test it with the encrypted MNIST dataset. The classification accuracy is more than 97%, which is close to the accuracy of LeNet-5 running with the MNIST dataset and higher than that of other existing Privacy-Preserving machine learning models