Many false positives are generated when an Android application is detected by static taint analysis to discover potential privacy-leak bugs. For that, a context-sensitive, path-sensitive and field-sensitive semi-auto analysis method was proposed to verify if a potential bug is a true positive by only traversing a few executable paths. Firstly, a seed Trace covering both Source and Sink was obtained manually by running the instrumented application. Then, a Trace-based taint analysis method was used to verify if there was a taint propagating path in the Trace. If there was a taint propagating path, it meaned a real privacy leak bug existed. If not, the conditioin set and taint information of the Trace were further collected, and by combining the live-variable analysis and the program transformation approach based on conditional inversion, a constraint selection policy was designed to prune most executable paths irrelevant to taint propagation. Finally, remaining executable paths were traversed and corresponding Traces were analyzed to verify if the bug is a false positive. Seventy-five applications of DroidBench and ten real applications were tested by a prototype system implemented on FlowDroid. Results show that only 15.09% paths traversed averagely in each application, the false positive rate decreases 58.17% averagely. Experimental results demonstrate the analysis can effectively reduce the false positives generated by static taint analysis.

With the development of large-scale network environments and big data-related technologies, traditional data fusion analysis technology faces new challenges. Focusing on poor flexibility and low processing efficiency in current multi-source data fusion analysis process, a multi-source data parallel preprocessing method based on similar connection was proposed, in which the idea of dividing and conquering and paralleling was adopted. Firstly, the preprocessing method was improved to increase the flexibility by unifying similar semantics in multi-source data and retaining personality semantics. Secondly, an improved parallel MapReduce framework was proposed to improve the efficiency of similar connections. The experimental results show that the proposed method reduces total data volume by 32% while ensuring data integrity. Compared with traditional MapReduce framework, the improved framework decreases 43.91% of time consumed; therefore, the proposed method can effectively improve the efficiency of multi-source data fusion analysis.

Focusing on the data lost or unavailable reference in cloud storage, a secure cloud storage method based on Three-Dimensional model (TD-model)was proposed. Firstly, base nodes of TD-model method were formed by encoding the data, which would be stored uniformly into two opposite sides in the TD-model. Secondly, normal nodes were formed in each side by mathematical computing, and the nodes of each side ensure connection. Finally, high data availability was achieved by the correlation of all the six sides. The experimental results show that compared with the traditional replica storage methods, the secure cloud storage method based on TD-model enhances data recovery efficiency and ensures data integrity. In addition, the proposed method can overcome the drawback of traditional methods that only the single node failure can be recovered.

The injection vulnerabilities of Web applications such as SQL injections and Cross Site Scripting (XSS) are mainly caused by external inputs which are not verified, while taint analysis can effectively locate these vulnerabilities. A dynamic analysis approach was presented by tracking all potentially tainted Java objects, which is different from existing approaches that only track characters or string objects. The approach used the hash code to represent the tainted object, defined the method node and method coordinates to record the location of the taint propagation, supported tracing the taint propagation path. The approach put forward a specific taint propagation analysis for stream-family objects according to the decorative pattern of Java stream objects. A language specification was also given to model Java libraries and user-defined methods related to taint propagation. The approach designed and formalized the taint propagation semantics of the methods according to the classification by taint introduction, taint propagation, taint sanitization and taint usage. The prototype system which implemented on SOOT used static analysis to collect reachable methods and instruments Java byte-code of the real Web sites, and the experimental results demonstrated the effect on detecting injection vulnerabilities.

Polymorphic worms signature extraction is a critical part of signature-based intrusion detection. Extracting precise signatures quickly plays an important role in preventing the spread of the worms. Since the classical Hierarchical Multi-Sequence Alignment (HMSA) algorithm has bad time performance in extracting signatures when multiple sequences alignment was used and the extracted signatures were not precise enough, a new automatic signature extraction method called antMSA was proposed based on the improved ant optimal algorithm. The search strategy of the ant group was improved, and then it was introduced to the Contiguous Matches Encouraging Needleman-Wunsch (CMENW) algorithm to get a better solution quickly in global range by using the rapid convergence ability of ant colony algorithm. The signature fragments were extracted and converted into the standard rules of the intrusion detection system for subsequent defense. The experimental results show that the new method solves the stagnation problem of the classical ant optimal algorithm, extends the search space, extracts signatures more efficiently and precisely, and reduces the false positive rate and the false negative rate.

Concerning the problem that untrusted sample can be easily introduced in traditional methods, an adaptive model was proposed in this paper. Based on the description of the structural feature of Request-URL, a whole sample set was divided into smaller subsets. The discreteness of a subset was calculated by its properties, which would determine whether the subset is normal. On basis of these, the detection model was created by the improved algorithm with the normal subsets, and dynamic update of model was achieved by Hidden Markov Model (HMM) merging. The experimental results show that the adaptive model built by the proposed method can effectively identify Web-based attacks and reduce false alert ratio.

Gabor uncertainty features fusion can solve the problem that multiscale Gabor features are unsuitable for ARM because of huge data and dimensions in the embedded face recognition system. Multiscale Gabor features were first extracted, and then the uncertain weight was calculated, at last multiscale Gabor features were integrated into one. The embedded face recognition system detected face by using Haar-like features of face, and reduced dimensions by using 2-Dimensional Principal Component Analysis (2DPCA) algorithm. Based on EELiod 270 development board, the performance of face recognition was tested on ORL and Yale. Comparative results with other face recognition algorithms show that a significant decline is got in the amount of arithmetic operations, and a good real-time recognition is obtained while ensuring the recognition rate.

An improved non-iterative Apriori algorithm was proposed to detect Distributed Denail of Service (DDoS) attacks. An one-step intersection operation was used to process network packets within the specific time range, and the strong correlation rules of the packets were studied so as to achieve the quick detection of DDoS atttacks. In comparison with current algorithms, it shows better performance in efficiency and storage space in detection of DDoS attacks. Experimental results on DARPA data-sets show the algorithm is able to detect DDoS effectively.