Internet of Things （IoT） device manufacturers often reuse a large number of open-source components compiled from open-source code in firmware development， with each firmware typically comprising hundreds of such components. If these components are not updated promptly， they may carry unpatched vulnerabilities to integrate into the firmware， thereby posing significant security risks to IoT devices. Therefore， identifying binary components in IoT firmware is crucial for ensuring the security of IoT devices. To address the difficulty of the existing methods in identifying binary components on a large scale， a large-scale IoT binary component identification method based on Named Entity Recognition （NER） was proposed. Firstly， internal binary components were extracted from firmware through decompression. Then， semantic information of the component was obtained through two ways： extraction of readable strings and execution of the component. Finally， the RoBERTa-BiLSTM-CRF’s NER model was utilized to identify component names and version numbers. Experimental results on 6 575 firmware samples released by 12 popular IoT manufacturers demonstrate that the proposed method achieves an F1 value of 87.67%， and identifying 163 binary components successfully. It can be seen that this method effectively expands the identification range of binary components in IoT firmware， enhancing firmware security from the perspective of software supply chain.

Data-free model extraction attacks are a class of machine learning security problems based on the fact that the attacker has no knowledge of the training data information required to carry out the attack. Aiming at the research gap of data-free model extraction attacks in the field of Graphical Neural Network （GNN）， a GNN model extraction attack method was proposed. The graph node feature information and edge information were optimized with the graph neural network interpretability method GNNExplainer and the graph data enhancement method GAUG-M， respectively， so as to generate the required graph data and achieve the final GNN model extraction. Firstly， the GNNExplainer method was used to obtain the important graph node feature information from the interpretable analysis of the response results of the target model. Secondly， the overall optimization of the graph node feature information was achieved by up weighting the important graph node features and downweighting the non-important graph node features. Then， the graph autoencoder was used as the edge information prediction module， which obtained the connection probability information between nodes according to the optimized graph node features. Finally， the edge information was optimized by adding or deleting the corresponding edges according to the probability. Three GNN model architectures trained on five graph datasets were experimented as the target models for extraction attacks， and the obtained alternative models achieve 73% to 87% accuracy in node classification task and 76% to 89% fidelity with the target model performance， which verifies the effectiveness of the proposed method.

Aiming at the problems of lack of Industrial Control System （ICS） data and poor detection of unknown attacks by industrial control intrusion detection systems， an unknown attack intrusion detection method for industrial control systems based on Generative Adversarial Transfer Learning network （GATL） was proposed. Firstly， causal inference and cross-domain feature mapping relations were introduced to reconstruct the data to improve its understandability and reliability. Secondly， due to the data imbalance between source domain and target domain， domain confusion-based conditional Generative Adversarial Network （GAN） was used to increase the size and diversity of the target domain dataset. Finally， the differences and commonalities of the data were fused through domain adversarial transfer learning to improve the detection and generalization capabilities of the industrial control intrusion detection model for unknown attacks in the target domain. The experimental results show that on the standard dataset of industrial control network， GATL has an average F1-score of 81.59% in detecting unknown attacks in the target domain while maintaining a high detection rate of known attacks， which is 63.21 and 64.04 percentage points higher than the average F1-score of Dynamic Adversarial Adaptation Network （DAAN） and Information-enhanced Adversarial Domain Adaptation （IADA） method， respectively.

After the introduction of federated learning technology in intrusion detection scenarios， there is a problem that the traffic data between nodes is non-independent and identically distributed （non-iid）， which makes it difficult for models to aggregate and obtain a high recognition rate. To solve this problem， an efficient federated learning algorithm named H?E?Fed was constructed， and a network intrusion detection model based on this algorithm was proposed. Firstly， a global model for traffic data was designed by the coordinator and was sent to the intrusion detection nodes for model training. Then， by the coordinator， the local models were collected and the skewness of the covariance matrix of the local models between nodes was evaluated， so as to measure the correlation of models between nodes， thereby reassigning model aggregation parameters and generating a new global model. Finally， multiple rounds of interactions between the coordinator and the nodes were carried out until the global model converged. Experimental results show that compared with the models based on FedAvg （Federated Averaging） algorithm and FedProx algorithm， under data non-iid phenomenon between nodes， the proposed model has the communication consumption relatively low. And on KDDCup99 dataset and CICIDS2017 dataset， compared with baseline models， the proposed model has the accuracy improved by 10.39%， 8.14% and 4.40%， 5.98% respectively.

Aiming at the problem that the existing adversarial example generation methods require a lot of queries to the target model， which leads to poor attack effects， a Text Adversarial Examples Generation Method based on BERT （Bidirectional Encoder Representations from Transformers） model （TAEGM） was proposed. Firstly， the attention mechanism was adopted to locate the keywords that significantly influence the classification results without query of the target model. Secondly， word-level perturbation of keywords was performed by BERT model to generate candidate adversarial examples. Finally， the candidate examples were clustered， and the adversarial examples were selected from the clusters that have more influence on the classification results. Experimental results on Yelp Reviews， AG News， and IMDB Review datasets show that compared to the suboptimal adversarial example generation method CLARE （ContextuaLized AdversaRial Example generation model） on Success Rate （SR）， TAEGM can reduce the Query Counts （QC） to the target model by 62.3% and time consumption by 68.6% averagely while ensuring the SR of adversarial attacks. Based on the above， further experimental results verify that the adversarial examples generated by TAEGM not only have good transferability， but also improve the robustness of the model through adversarial training.

On the basis of analyzing the mixed Client/Server (C/S) and Browser/Server (B/S) architecture pattern and AJAX technology, a novel mixed architecture pattern was proposed, which can unify the foreground interaction method of B/S and C/S and make the servers share effectively, thus enhance the scalability and maintainability of the system. According to the proposed pattern, the architecture of the spacecraft dynamical application platform was given, as a reference to the system with similar architecture.