scispace - formally typeset
Search or ask a question
Author

Min Luo

Bio: Min Luo is an academic researcher from Wuhan University. The author has contributed to research in topics: Computer science & Computer security. The author has an hindex of 7, co-authored 31 publications receiving 312 citations. Previous affiliations of Min Luo include Qilu University of Technology & Anhui University.

Papers published on a yearly basis

Papers
More filters
Proceedings ArticleDOI
18 May 2014
TL;DR: In this paper, a systematic evaluation of a large number of probabilistic password models, including Markov models using different normalization and smoothing methods, and found that, among other things, when done correctly, they perform significantly better than the Probabilistic Context-Free Grammar model proposed in Weir et al., which has been used as the state of the art password model in recent research.
Abstract: A probabilistic password model assigns a probability value to each string. Such models are useful for research into understanding what makes users choose more (or less) secure passwords, and for constructing password strength meters and password cracking utilities. Guess number graphs generated from password models are a widely used method in password research. In this paper, we show that probability-threshold graphs have important advantages over guess-number graphs. They are much faster to compute, and at the same time provide information beyond what is feasible in guess-number graphs. We also observe that research in password modeling can benefit from the extensive literature in statistical language modeling. We conduct a systematic evaluation of a large number of probabilistic password models, including Markov models using different normalization and smoothing methods, and found that, among other things, Markov models, when done correctly, perform significantly better than the Probabilistic Context-Free Grammar model proposed in Weir et al., which has been used as the state-of-the-art password model in recent research.

248 citations

Journal ArticleDOI
TL;DR: This article performs a comprehensive review of how blockchain technology has been, and can be, deployed in energy applications, ranging from energy management to peer-to-peer trading to electric vehicle-related applications to carbon emissions trading, and others.
Abstract: As our fossil fuel reserves are rapidly depleting, there has been an increased focus to explore the utility of renewable energy (e.g., solar energy and wind energy) in replacing fossil fuel. One resulting trend is the energy market gradually shifting toward a distributed market, where renewable energy can be traded, partly evidenced by the number of blockchain-based solutions designed for the (distributed) energy sector. The interest in blockchain is also due to blockchain's underpinning characteristics such as anonymity, decentralized, and transparency. Therefore, in this article, we perform a comprehensive review of how blockchain technology has been, and can be, deployed in energy applications, ranging from energy management to peer-to-peer trading to electric vehicle-related applications to carbon emissions trading, and others. We also study the existing architectures and solutions, and existing and emerging security and privacy challenges, as well as exploring other potential applications of blockchain in the energy sector.

99 citations

Journal ArticleDOI
TL;DR: An improved scheme to overcome the identified security flaws in a secure and accountable data transmission scheme based on blockchain is put forward and performance analysis shows that it reduces 15.34% computation costs and 40.68% communication costs compared with Hong et al.

34 citations

Journal ArticleDOI
TL;DR: A vote is a formal expression of opinion or choice, either positive or negative, made by an individual or a group of individuals, and conventional voting systems tend to be centralized.
Abstract: Voting is a formal expression of opinion or choice, either positive or negative, made by an individual or a group of individuals. However, conventional voting systems tend to be centralized, which are known to suffer from security and efficiency limitations. Hence, there has been a trend of moving to decentralized voting systems, such as those based on blockchain. The latter is a decentralized digital ledger in a peer-to-peer network, where a copy of the append-only ledger of digitally signed and encrypted transactions is maintained by each participant. Therefore, in this article, we perform a comprehensive review of blockchain-based voting systems and classify them based on a number of features (e.g., the types of blockchain used, the consensus approaches used, and the scale of participants). By systematically analyzing and comparing the different blockchain-based voting systems, we also identify a number of limitations and research opportunities. Hopefully, this survey will provide an in-depth insight into the potential utility of blockchain in voting systems and device future research agenda.

28 citations

Journal ArticleDOI
TL;DR: The current situation of language learning in universities and the related works on blockchain-based online language learning system are introduced and the system is detailed in its structure and smart contracts are implemented.
Abstract: To check students’ daily language learning tasks and give students corresponding reasonable scores based on their daily behavior is hard for teachers. The existing online language learning systems are vulnerable and easy to be modified by teachers or system managers. Blockchain can provide immutable and trusted storage service and automatic calculation service. Therefore, a blockchain-based online language learning system is proposed in this paper to monitor students’ daily study and automatically evaluate their behavior so as to save teachers from tedious and complex homework verification workload and provide trusted and reliable evaluation on students’ behavior. This paper first introduces the current situation of language learning in universities and the related works on blockchain-based online language learning system. Then the system is detailed in its structure and smart contracts. At last, we implement this system and do the analysis and summary.

22 citations


Cited by
More filters
Journal ArticleDOI

[...]

08 Dec 2001-BMJ
TL;DR: There is, I think, something ethereal about i —the square root of minus one, which seems an odd beast at that time—an intruder hovering on the edge of reality.
Abstract: There is, I think, something ethereal about i —the square root of minus one. I remember first hearing about it at school. It seemed an odd beast at that time—an intruder hovering on the edge of reality. Usually familiarity dulls this sense of the bizarre, but in the case of i it was the reverse: over the years the sense of its surreal nature intensified. It seemed that it was impossible to write mathematics that described the real world in …

33,785 citations

Journal ArticleDOI
TL;DR: A novel fuzziness based semi-supervised learning approach by utilizing unlabeled samples assisted with supervised learning algorithm to improve the classifier's performance for the IDSs is proposed.

460 citations

Proceedings ArticleDOI
24 Oct 2016
TL;DR: TarGuess, a framework that systematically characterizes typical targeted guessing scenarios with seven sound mathematical models, each of which is based on varied kinds of data available to an attacker, is proposed to design novel and efficient guessing algorithms.
Abstract: While trawling online/offline password guessing has been intensively studied, only a few studies have examined targeted online guessing, where an attacker guesses a specific victim's password for a service, by exploiting the victim's personal information such as one sister password leaked from her another account and some personally identifiable information (PII). A key challenge for targeted online guessing is to choose the most effective password candidates, while the number of guess attempts allowed by a server's lockout or throttling mechanisms is typically very small. We propose TarGuess, a framework that systematically characterizes typical targeted guessing scenarios with seven sound mathematical models, each of which is based on varied kinds of data available to an attacker. These models allow us to design novel and efficient guessing algorithms. Extensive experiments on 10 large real-world password datasets show the effectiveness of TarGuess. Particularly, TarGuess I~IV capture the four most representative scenarios and within 100 guesses: (1) TarGuess-I outperforms its foremost counterpart by 142% against security-savvy users and by 46% against normal users; (2) TarGuess-II outperforms its foremost counterpart by 169% on security-savvy users and by 72% against normal users; and (3) Both TarGuess-III and IV gain success rates over 73% against normal users and over 32% against security-savvy users. TarGuess-III and IV, for the first time, address the issue of cross-site online guessing when given the victim's one sister password and some PII.

304 citations

Journal ArticleDOI
TL;DR: Li et al. as discussed by the authors proposed two Zipf-like models (i.e., PDF-Zipf and CDF-ZipF) to characterize the distribution of passwords and proposed a new metric for measuring the strength of password data sets.
Abstract: Despite three decades of intensive research efforts, it remains an open question as to what is the underlying distribution of user-generated passwords. In this paper, we make a substantial step forward toward understanding this foundational question. By introducing a number of computational statistical techniques and based on 14 large-scale data sets, which consist of 113.3 million real-world passwords, we, for the first time, propose two Zipf-like models (i.e., PDF-Zipf and CDF-Zipf) to characterize the distribution of passwords. More specifically, our PDF-Zipf model can well fit the popular passwords and obtain a coefficient of determination larger than 0.97; our CDF-Zipf model can well fit the entire password data set, with the maximum cumulative distribution function (CDF) deviation between the empirical distribution and the fitted theoretical model being 0.49%~4.59% (on an average 1.85%). With the concrete knowledge of password distributions, we suggest a new metric for measuring the strength of password data sets. Extensive experimental results show the effectiveness and general applicability of the proposed Zipf-like models and security metric.

300 citations

Journal ArticleDOI
TL;DR: Investigation of the suitability of deep learning approaches for anomaly-based intrusion detection system based on different deep neural network structures found promising results for real-world application in anomaly detection systems.
Abstract: Due to the monumental growth of Internet applications in the last decade, the need for security of information network has increased manifolds. As a primary defense of network infrastructure, an intrusion detection system is expected to adapt to dynamically changing threat landscape. Many supervised and unsupervised techniques have been devised by researchers from the discipline of machine learning and data mining to achieve reliable detection of anomalies. Deep learning is an area of machine learning which applies neuron-like structure for learning tasks. Deep learning has profoundly changed the way we approach learning tasks by delivering monumental progress in different disciplines like speech processing, computer vision, and natural language processing to name a few. It is only relevant that this new technology must be investigated for information security applications. The aim of this paper is to investigate the suitability of deep learning approaches for anomaly-based intrusion detection system. For this research, we developed anomaly detection models based on different deep neural network structures, including convolutional neural networks, autoencoders, and recurrent neural networks. These deep models were trained on NSLKDD training data set and evaluated on both test data sets provided by NSLKDD, namely NSLKDDTest+ and NSLKDDTest21. All experiments in this paper are performed by authors on a GPU-based test bed. Conventional machine learning-based intrusion detection models were implemented using well-known classification techniques, including extreme learning machine, nearest neighbor, decision-tree, random-forest, support vector machine, naive-bays, and quadratic discriminant analysis. Both deep and conventional machine learning models were evaluated using well-known classification metrics, including receiver operating characteristics, area under curve, precision-recall curve, mean average precision and accuracy of classification. Experimental results of deep IDS models showed promising results for real-world application in anomaly detection systems.

289 citations