The network security situation of campus networks on CERNET (China Education and Research Network) has received great concern. However, most network managers have no complete picture of the network security because of its special management and the rapid growth of network assets. In this investigation, the security of campus networks belonging to seven universities in Wuhan was investigated. A tool called “WebHunt” was designed for campus networks, and with its help, the network security risks were found. Differently from existing tools for network probing, WebHunt can adopt the network scale and special rules of the campus network. According to the characteristics of campus websites, a series of functions were integrated into WebHunt, including reverse resolution of domain names, active network detection and fingerprint identification for software assets. Besides, WebHunt builds its vulnerability intelligence database with a knowledge graph structure and locates the vulnerabilities through matching knowledge graph information. Security assessments of seven universities presents WebHunt’s applicability for campus networks. Besides, it also shows that many security risks are concealed in campus networks, such as non-compliance IP addresses and domain names, system vulnerabilities and so on. The security reports containing risks have been sent to the relevant universities, and positive feedback was received.
Miner malware has been steadily increasing in recent years as the value of cryptocurrency rises, which poses a considerable threat to users’ device security. Miner malware has obvious behavior patterns in order to participate in blockchain computing. However, most miner malware detection methods use raw bytes feature and sequential opcode as detection features. It is difficult for these methods to obtain better detection results due to not modeling robust features. In this paper, a miner malware identification method based on graph classification network is designed by analyzing the features of function call graph and control flow graph of miner malware, called MBGINet. MBGINet can model the behavior graph relationship of miner malware by extracting the connection features of critical nodes in the behavior graph. Finally, MBGINet transforms these node features into the feature vectors of the graph for miner malware identification. In the test experiments, datasets with different volumes are used for simulating real-world scenarios. The experimental results show that the MBGINet method achieves a leading and stable performance compared to the dedicated opcode detection method and obtains an accuracy improvement of 3.08% on the simulated in-the-wild dataset. Meanwhile, MBGINet gains an advantage over the general malware detection method Malconv. These experimental results demonstrate the superiority of the MBGINet method, which has excellent characteristics in adapting to realistic scenarios.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.