Trusted execution environment (TEE) is widely used, and its kernel security has become a significant area of focus. Fuzzing, a powerful technique for detecting vulnerabilities in operating system, has increasingly been applied to the security analysis of TEE. However, conventional fuzzing tools cannot be directly used for TEE kernels due to their isolation. Coverageguided fuzzers often discard test cases that trigger new states but cover the same code, which limits their effectiveness in discovering vulnerabilities. To address these challenges, a stateaware fuzzing method tailored for TEE kernels is proposed. Initially, a modeling and tracing approach is developed to represent the program state through statevariable values and retaining the test cases that trigger new states, overcoming the limitations of coverageguided fuzzers. Subsequently, we introduce an innovative communication scheme to tackle issues arising from TEE isolation. New seed retention and selection algorithms are proposed to better guide the fuzzer in exploring vulnerabilities. Finally, the NGram model is employed to enhance test case generation and optimize the framework’s performance. A prototype, named TrustyStatefuzz, has been implemented and evaluated on fuchsia, the selfdeveloped microkernel operating system Nebula, and OPTEE. The evaluation results show that TrustyStatefuzz is effective at detecting both new code and vulnerabilities. TrustyStatefuzz discovers 9 unknown vulnerabilities and 23 known vulnerabilities. Additionally, it achieves 13% higher code coverage and 27% higher state coverage than the stateoftheart fuzzer Syzkaller.

Federated learning, as a distributed machine learning framework, enables multiparty collaborative training with data isolation and privacy protection, However, its decentralized architecture makes it vulnerable to backdoor attacks. This paper proposes a federated learning backdoor attack method based on the constrained perturbation and loss regulation (CPR). The method realizes backdoor implantation and proliferation through three modules: input perturbation, dynamic weight regulation, and secondary perturbation reinforcement. Input perturbation introduces constraintbased noise to poison the training samples. Dynamic weight regulation dynamically adjusts the task weights by introducing cosine annealing, which realizes the balance between backdoor feature learning and main task performance. Secondary perturbation reinforcement utilizes dynamic loss values to further perturb the poisoned samples and reinforce its backdoor features. The CPR backdoor attack is evaluated on MNIST, FashionMNIST and CIFAR10 datasets, and the experimental results show that the CPR backdoor attack is able to significantly improve the success rate of the attack while maintaining the accuracy of the model’s primary task and exhibits higher stealth and persistence under a variety of data distribution conditions, as compared to pixel, labelflipping and hybrid attacks.

Deep learning models enhance performance by memorizing training data, but this also poses a risk of training data leakage. Differential privacy, as a mainstream privacy protection method, effectively mitigates this risk. However, existing differentially private data synthesis approaches suffer from slow model convergence and low data usability. To address these issues, we propose the TVDPSGDLM_D framework. This approach introduces TVDPSGD, a thresholdvalidated differentially private optimization algorithm that incorporates a validation mechanism to filter gradient directions during differentially private model training. By discarding ineffective updates, this approach accelerates model convergence. TVDPSGDLM embeds TVDPSGD into a language generation model to synthesize labeled text datasets that maintain statistical similarity to the original data. Additionally, a pretrained classifier is used to filter the generated text, removing samples where the classification results do not match the assigned labels, thereby improving the quality of the synthetic dataset. Experimental results on public datasets demonstrate that the proposed method preserves data privacy while achieving a classification accuracy of 89.4% on the processed synthetic dataset.

Secure multiparty computation (SMPC) enables joint computation while keeping private data undisclosed, positioning it as a core technology in privacypreserving computing. However, its high computational complexity and substantial overhead render practical deployment reliant on cloud providers for computational resources. To meet the requirement of realtime protocol monitoring in privacypreserving computing scenarios on cloud platforms, this paper proposes a neural networkbased protocol identification scheme for SMPC. By collecting performance data from computation nodes, including CPU usage and network bandwidth usage, a 3D convolutional neural network (CNN) model integrating spatiotemporal feature extraction capabilities is constructed. This model, along with a dynamic threshold mechanism, enables highaccuracy classification of known protocols and anomaly detection of unknown protocols. Experimental results show that the model attains an accuracy of 98% on the validation dataset and a detection rate exceeding 98% for unknown protocols, thereby significantly improving the operational security and reliability of SMPC systems.

In response to the limitations of poor feature extraction, insufficient consideration of topological features, class imbalance, and lack of interpretability in existing anomaly encrypted traffic detection methods, this paper proposes an encrypted traffic detection model EGARNet that integrates a graph attention network  (GAT) with edge feature embedding and residual networks. First, traffic data is preprocessed, and the network’s fivetuple information is used to construct graph nodes, with the remaining flow features treated as edge features, transforming encrypted traffic data into graph data. To adapt to the GAT algorithm, a new network traffic graph is constructed where new nodes correspond to edges in the original graph, and shared vertices in the original graph correspond to edges between two nodes, transforming the traffic detection problem into a node classification problem. Next, the attention coefficient for each node is calculated through the GAT algorithm to aggregate and update features. Finally, residual connections of the original nodes are added to the algorithm to improve the performance for minority classes. Experimental results on the CICDarkNet dataset demonstrate that the method effectively addresses the class imbalance issue in anomaly detection of encrypted traffic, with significant improvements in detection metrics for both binary and multiclass scenarios.

Log anomaly detection plays a crucial role in the field of cybersecurity, yet existing methods still face significant challenges. Supervised learning approaches depend on large amounts of labeled data, making the annotation process timeconsuming and costly. Although unsupervised learning methods do not require labeled data, they struggle to effectively extract key features in complex log environments, which negatively impacts detection performance. To address these issues, this paper proposes a novel knowledge distillation approachcollaborative learningand introduces a log anomaly detection model based on this approach, CoLogGNN. The model first converts log data into a directed graph to comprehensively preserve the structural relationships between logs. During the early stages of training, CoLogGNN performs unsupervised learning on normal samples to explore the intrinsic structure of logs. In the mixedsample training phase, the graph attention network and the graph convolution module collaborate with each other and guide one another. When the graph attention network excels at processing certain samples, it transfers key knowledge to the graph convolutional network through collaborative learning, and vice versa. Through this dynamic mutual learning process, both modules improve their accuracy. Compared to existing models, CoLogGNN achieves effective training using only normal samples, significantly reducing the cost of data annotation. Experimental results on five public datasets demonstrate that the proposed model exhibits superior detection performance, improving the F1score by approximately 5% over previous methods.

WebShell attack, a type of network attack, can control the website completely for a long time after a successful attack, which is extremely harmful. Most of the previous studies have concentrated on detecting and alerting WebShell attack traffic without distinguishing whether the attack is ultimately successful. As a result, in actual network security protection and monitoring work, security personnel are overwhelmed by a large number of WebShell attack alerts and are prone to alert fatigue, making it difficult to filter out successful WebShell attacks which are truly threatening. To address the problem, this paper proposes an anomaly detection method based on Web page structural similarity to quickly determine whether WebShell attacks are successful. Based on the structural information of the response pages of failed WebShell attack traffic, this method uses the HuntSzymanski algorithm to calculate structural similarity and then generate Web page templates. During the detection phase, this method uses the generated Web page templates for pattern matching and similarity assessment to determine whether the WebShell attacks are successful. It can well distinguish between successful and failed WebShell attack traffic, achieving an accuracy rate of 99.02% and a recall rate of 99.37%. This method has been applied to Wukong network security defense system and realizes rapid identification of successful WebShell attacks.

Existing network intrusion detection systems are typically trained under a closedset setting, and are prone to misclassification in practical applications for new attacks that do not appear in the training data. In order to improve the accuracy of unknown attack detection and known attack classification, a twostage intrusion detection method based on the combination of convolutional neural network and bidirectional long and shortterm memory network is proposed on the basis of existing network intrusion detection systems—twostage confidence intrusion detection (TSCID) method. In the first stage, the outofdistribution data detector categorizes input data into indistribution and outofdistribution samples by evaluating their confidence scores; in the second stage, the m+1 classifier performs open intrusion detection on the indistribution data as well as part of the outofdistribution data obtained in the first stage, which can realize the fine classification of the known attacks and the further identification of the unknown attacks. The method is experimentally evaluated on the KDDCUP’99 dataset and the CICIDS2017 dataset. The experimental results show that the AUROC and AUPR of the model on the data have increased and the false positive rate has decreased when compared with other methods for open intrusion detection. The study shows that the twostage network intrusion detection method that introduces an outofdistribution data detector ensures the fine classification of known attacks and effectively improves the identification capability of the intrusion detection system for unknown threats, providing a new idea for building a comprehensive network security defense system.

With the rapid development of the digital economy, efficiently utilizing data while preserving privacy has become a critical challenge in modern technological advancement. Privacy computing, as a critical technical framework to address the contradiction between data availability and invisibility, is gradually transitioning from theory to practical application. Among its core technologies, homomorphic encryption, zeroknowledge proofs, and secure multiparty computation have made significant progress in both theoretical development and engineering implementation, demonstrating broad applicability in highperformance computing environments. This paper presents a comprehensive review of these three categories of highperformance encryption algorithms, focusing on their research progress and analyzing them across three dimensions: computational efficiency, communication overhead, and adaptability to highperformance computing environments. The analysis results indicate that homomorphic encryption is wellsuited for noninteractive data processing tasks with strong autonomy, although it incurs high computational and communication costs; zeroknowledge proofs exhibit high verification efficiency, making them suitable for highconcurrency scenarios, but still face performance bottlenecks in proof generation; secure multiparty computation excels in multiparty collaborative computing and has recently become feasible for deployment through protocol optimization and hardware support. This paper compares the performance and applicability of these algorithms, and explores future research directions, including the dynamic balance between generality and specialization of algorithms, as well as the multidimensional tradeoffs among performance, security, and interpretability, providing guidance for the future design and deployment of highperformance encryption algorithms.

As one of the countries with a relatively high level of digitalization in Asia, studying the successful experience of Singapore’s data security governance model is of great significance for improving China’s data security governance system. By using the methods of literature review and comparative research, this paper sorts out Singapore’s data security governance model from the aspects of institutional system, development process and collaborative mechanism, and finds the following characteristics: Singapore leads data security governance with the national innovation strategy, promotes data security governance with personal data rights, and builds an open crossborder data transmission rule system, forming a “rightspromoting” data security governance model. In light of China’s current circumstances, this paper proposes the optimization path of the data security governance model, including coordinating data security governance with an overall strategy, continuously deepening the personal data rights protection system, strengthening the multiparty collaborative governance system, and building a safe and effective crossborder data flow system.