[PhD Reading Essays] Things about system security and thesis writing - don’t forget your original intention, see you again in the world

It’s hard to imagine what these four years of studying for a Ph.D. mean. I miss my wife and son deeply. I read at night under the Luojia Mountain, while you took care of your young son alone at home in Guiyang. What I'm afraid of is not being alone, but being accustomed to two people and having to move forward separately, like a warrior fighting alone. Thinking that there is someone thousands of miles away who shares the same fate with me, I am not alone in my journey to study. I still remember that when I couldn’t publish my thesis, the most encouragement my wife gave me was, “Just try your best, even if the color of study is gray, the love in your heart is red, and the warmth of your family is color! You will always be in our hearts. He is a good example for Luoluo." We have been married for five years and lived apart for four and a half years. I traveled day and night, and she raised her children alone. We never complained at all, and even saying "missing" would become a burden that discouraged the other party. It’s hard to get a Ph.D., but it’s even harder for her from afar. Thank you!

In the blink of an eye, some important things have been completed, and the author's sharing will gradually return. I would like to express my gratitude to readers for their twelve years of companionship and support. I would also like to thank all teachers, family members, classmates, friends, bloggers and readers for their care and encouragement along the way. . At the same time, this article will talk about system security and paper writing. It will also be my last sharing in the group meeting. Please forgive me for the poor writing. Sincere thanks to everyone who remembers a blog sharer named "Eastmount". The bustling place is surrounded by family, and a pot of old wine is drunk on the spring embankment. A new journey, a new life, a new beginning. Don’t forget the path you walked on when you came here, and don’t forget your original intention of studying. Thank you for your efforts and keep up the good work!

---

1. Review of PhD career

I still remember the doctoral re-examination on May 13, 2019 as if it was yesterday. Since I had not contacted my supervisor before, I felt that there was no chance. On the day I arrived in Wuhan, I visited the Yellow Crane Tower and the museum, thinking that I would never come to this heroic city again. . Life is so interesting. Thank you to Teacher Peng for accepting me. I am very honored to join the research group and have met many outstanding and struggling friends. Thank you!

Looking back, I successfully passed my PhD defense on May 25, 2023. I closed my eyes and four years of hard work and life flashed through my mind. Technology, courses, projects, papers, competitions, sharing, work, family, down to earth, Only thanksgiving!

In four years, I have written a total of more than 400 blogs, from 87 in 2019, to 132 and 106 in 2020 and 2021 when I was crazy about learning security technologies, and then I only wrote 61 and 30 papers after bidding farewell to blogs. These words record my safe learning experience. Representative columns include:

• Self-study on network security (120 articles)
• System security and malicious code analysis (55 articles)
• AI security paper reading (36 articles)

I changed my major in those years, and the unfamiliar term system security continued to bother me, and I took many detours. I wanted to learn security knowledge well, so I participated in CTF, DataCon and other competitions, and participated in DataCon four times in a row. The big data security competition has also achieved some results, and can convert some content into academic research. It is recommended that beginners also try it. However, system security is really difficult, and I feel like I haven’t gotten started yet.

In the follow-up, I will introduce the content of the three key stages respectively. Because there is too much content, I will not share it in detail like a group meeting, but mainly describe the methods and key points. I hope you like it!

• Phase One: Safe Learning
• Phase Two: Scientific Research
• The third stage: final writing

---

2. Safety technology learning and exchange

This is a simple introduction to the learning routes in these three directions for beginners. It is also a summary of what I have experienced and what I will learn in the future.

1.Web Penetration

Specific content of basic knowledge of web penetration:

• Common security websites, public accounts, classic books, resources and group sharing
• Web penetration basic tools (BurpSuite\Nmap\Kali\Wireshark\Sqlmap\CS\MFS…)
• Basic knowledge of Web penetration (information collection \ SQL injection \ XSS \ file upload \ unauthorized access \ CSRF \ payment vulnerability \ privilege escalation and traversal \ intranet)
• CTF competition and training (typical cases hack the box, Vulnhub)
• Vulnerability Exploitation and Reproduction
• Be proficient in using various tools and organize them into your own tool library
• Practical combat: SRC list, HVV action, vulnerability mining, CVE and CNVD, internship and work

Recommended author’s previous blogs:

• [Self-Study on Network Security] 1. Introductory Notes: Kanxue Web Security Learning
• [Self-study on Network Security] Fifty-six. Teacher i Chunqiu shares the newbie’s penetration path and summary of Web penetration technology

---

2. Malicious code analysis and threat intelligence perception

Malicious code analysis:

• Basic tools: dynamic and static analysis (IDA\OD\Capa\Cape\Cuckoo\Online Sandbox)
• Reverse analysis classic books
• PE file basics
• Windows kernel driver development
• Feature extraction: API sequence, CFG, ICFG, Call Graph, binary grayscale image, string, PE structure
• Malicious code origin analysis => BinDiff \ DeepBinDiff \ DeepReflect
• Malicious family classification
• Packing\Obfuscation\Escape\Disguise (Powershell\APT) => Unpacking\Deobfuscation (AST)\Escape Detection\Code Gene
• LLVM-IR (compilation impact on binary)
• Traceability diagram (audit log)
• top conference paper

Threat intelligence awareness:

• Multi-source heterogeneous data extraction
• NLP+NER+RR
• knowledge integration
• Traceability graph + pruning optimization
• Knowledge graph construction
• knowledge reasoning
• LLM combination

Reverse engineering strongly recommends in-depth analysis of Panda Incense-burning virus and WannaCry samples.

---

3.IOT vulnerability mining

IoT Vulnerability Mining—Future Learning and Exploration

• NTU "Program Analysis"
• Fuzzing101：https://github.com/antonio-morales/Fuzzing101
• AFL (source code interpretation)
• angr
• Fuzz testing, taint analysis, symbolic execution (dynamic and static analysis)
• Ghidra (binary, open source representative tool)
• Kernel fuzz testing tool: syzkaller
• EASY
• codeql
• Top conference paper reading
• Practical combat: firmware vulnerability analysis, protocol vulnerability analysis, IoT vulnerability analysis

---

3. Academic paper writing and communication

Next, I will introduce my experience in writing a short paper, including the art of research, suggestions for doctoral studies, paper framework and writing skills, paper feedback and rebuttal.

1. The art of research——Teacher Li Mu

First of all, I would like to share Mr. Li Mu’s understanding and summary of "The Art of Research". It will be helpful for beginners to write papers. My previous blog also introduced it in detail. Here I will focus on condensation.

Part One: Connect with Readers

• Writing an article is about communicating with an imaginary reader. You need to establish a connection with the reader and put your own "voice" into the text.
• When writing, you always need to know who your readers are. Have a dialogue with your readers, and the readers will also judge your article.
• The core of writing is to find a topic, then answer the question, and convince them of what you have written.

Part 2: Find the problem and understand the importance of the problem

• The core is Topic, Question and So What., how to find your research problem and understand its importance
• How to rise from the topic of interest to the problem you are researching, how to reduce the big topic into something that can be studied or controlled
  – How to achieve the effect of a work Come out and make it bigger, cheaper, better and safer
• What is the motivation for the paper? The key is to ask more questionsSo What, what problems has my work solved? Do others care about it? And I need to be very tough to ask myself So What, can it solve a certain pain point? Will others still care about it half a year later?
  – Name your topic \ Add an indirect question \ Answer so what? by Motivating Your Question
• How to find topics: big problems vs small problems=> Learn to weigh
  – Read more highly cited papers in top conferences, top journals (future work | limitations | prospects), and participate in academic reports , discuss more, ask tutors, search online, industry issues
• Before doing any work, you should think about the significance and ceiling of what you are doing, and whether it is worth it. Don’t think about whether it can be done first.
  – Even though you only solved one problem Small problems, but learn to expand to larger problems, abstract problems and their research significance
• Don’t wait until the research is done and the thesis is written before you think about whether the work is worth doing; you can do a small report or WP for half of the work.

Part Three: Tell Good Stories and Arguments

• how to tell a story,Make readers believe what I say (tell the selling points of the paper well), how to present arguments and arguments to support the story I want to tell. You cannot wait until all the information is collected and the experiment is completed before you think about how to write the story
  - It is recommended to tell the story while doing the experiment and write the outline. If the story changes, the experiment can change accordingly< /span>
• The paper does not necessarily require readers to agree that your method is the best. More readers think the issue is important and will think about it.
• Why should I believe that? (The arguments and arguments that prove your story are convincing)
• How to use reasons and arguments to support your arguments. You can use statements to increase the layering of your paper and make your arguments more credible.

Part 4: Write the story down

• Write according to the principles, and the whole writing should be at least one level higher in terms of readability.

---

2. Summary of suggestions for doctoral studies

The following is my personal experience of studying for a Ph.D. in the past few years. I am just trying to do my best in front of the big guys. I hope it will be helpful to you. In addition, don’t compare when studying for a Ph.D., follow your own plan, everyone has his own life.

Paper reading suggestions

• Read more and write more, read more good papers in top conferences and journals (tracking top security teams), learn to summarize, and analyze the paper framework, motivation, contribution and experiments (extract beautiful sentences and record "jargon")
• As soon as I enroll for a Ph.D. or consider studying for a Ph.D., I start reading papers and doing experiments, and learn to reflect (I studied safety technology as a Ph.D. & I am ignorant)
• I know a lot about small fields and try to submit to high-quality conferences and journals (although I didn’t do it). The review comments are very helpful
  – Security conference deadline: https:/ /sec-deadlines.github.io/
  – AI conference deadline: https://aideadlin.es
• Go to Zhihu, Bilibili and academic forums to find some academic advice, summarize the basic writing methods of security papers, and communicate more with laboratory partners (foreign cooperation)
• Learn to actively experiment and reproduce Dinghui code, gain from little bits, use them in comparative experiments, and keep relevant records
• Learn to observe some security issues (actually quite difficult), elevate the issues to phenomena and then summarize them (threat model), and highlight the contributions and selling points of the paper.

Essay Writing Advice

• I usually submit one article (including revisions), write one article, and think about and layout the next article (although the quality is average)
• Submit as soon as you finish writing. After submitting an article, start working and experimenting on the next one immediately. Don’t wait or relax.
• Try to complete the paper in a complete time period. If the project is too busy, learn to use scattered time (such as taking a bath and thinking & multi-threading work)
• System security is difficult, and it is even harder to settle down. I hope you can persevere and gain something (I am a mixed-discipline student ¬ recommended&a shallow learner)
• Commonly used paper management, writing (LaTeX), and proofreading tools must be mastered (everyone knows it, and it depends on personal habits)
  – Deepl + Grammarly + Quillbot/easyessay + Obsidian + Zotero + ChatGPT
• A good picture and a good representation are worth a thousand words, especially the four top conference papers (I personally feel that the pictures in my paper help the paper hit the mark)
• Compare experiments and consider all aspects: performance, robustness, innovation, and effectively demonstrate the contribution of the article (remember simple model improvement and accuracy comparison for system security papers)
• It is recommended that the review paper be written last (for deeper understanding & trend prediction), but the relevant notes of the previous work should be organized. Try to be new to this field and make relevant records when reading the paper.

Paper submission suggestions

• Understand the graduation requirements and plan your time accordingly. When you are confused, you can try to apply for several Chinese university newspapers (my English is poor) or CCF C\B to increase your confidence (it will be difficult)
• Understand the basic review process, learn to review before writing a paper, especially review feedback and battle, there are many skills in it (many thanks to the review teacher & can satisfy the best & cannot reasonably express to persuade the review teacher)
• state of mind, state of mind, state of mind

Finally, this PPT page is given.

---

3. Paper framework and writing skills

Common paper frameworks include theoretical research and systematic research, as shown in the figure below. It is very important to plan the layout and tell a good story.

Paper innovation can be defined as shown in the figure below.

Suggestion 1: Be familiar with small fields, read more and write more, and excerpt "jargon".

• Example: How to write an introduction, common structures
• 举例：has caused catastrophic consequences、novel、crucial

Suggestion 2: Good pictures and good tables are worth a thousand words (especially system framework diagrams and implementation process details diagrams)

• Example: my thesis
• Example: conference paper

Suggestion 3: Tell the selling point and story of the paper well, something that makes people’s eyes shine.

Suggestion 4: Correct expression is more important than grammatical show. How to express it authentically? Read more and learn more papers in top conferences and journals.

Suggestion 5: Charts highlight the work and highlights of this article, and comparative experiments can adequately support the selling points and methods.

---

4. Paper feedback and rebuttal

(1) Submission and review process
First, let’s take a look at the paper submission process.

Secondly, if you want to publish a good article, you also need to learn to review manuscripts and understand the taste and focus of the reviewer, so that you can better condense the selling points and motivations of the paper.

---

(2) Review Opinions of the Editorial Department
Next are the common opinions of the Editorial Department, mainly whether the format and theme of the journal are consistent.

---

(3) Opinions of the reviewer
The following are the opinions of the reviewer, which is also the key content of this part. It is combined with the opinions of Professor Tian Lai of Nanchang University, Dr. Kudo Zhihu and mine. Introduction to personal understanding. Common reviewer questions are as follows:

Basic principles for replying to reviewers 1:

• Understanding editor feedback
• Thank you to the reviewers and editor (thanks for your suggestion), both for their sharp comments and for the sake of the paper.
• The core of a humble reply attitude and gratitude is to be polite and polite, sincere and sincere, and humble and humble.

Basic principles for replying to reviewers 2:

• Review comments should be responded to in a comprehensive manner one by one. Same issues mentioned by different reviewers should be responded to separately.

Basic principle 3 for replying to reviewers:

• Avoid using the opinion of one reviewer to negate the opinion of another reviewer
• Learn to argue wisely when reviewers have conflicting opinions
• Repeat the review comments when replying
• When replying, it is recommended to emphasize the key points and include as many details as possible
• Reference supplement

The difficulty of replying is mainly as follows:

The following is a real example of my own paper, which usually includes the original text of the revised manuscript, the revised manuscript (with color standards), revision instructions and cover letter.

The following questions are relatively difficult to answer:

The following questions are relatively easy to answer:

Finally, I gave the advice shared by Huake Teacher Zhou Wei on InforSec, which is very suitable for students who are interested in system security.

---

4. Large paper writing and exchange

I will not take any detailed screenshots of this part, but only give some key points.

• Suggestion 1: The framework and overall ideas of the paper should be sorted out clearly, and small papers should be connected in series through a structure diagram (with its own perspective and main line)
• Suggestion 2: Try to have four jobs in your thesis. If your thesis is good enough, you can also have three jobs.
• Suggestion 3: The format of the paper must be standardized, including charts, no typos, and blank pages (Latex FAQ)
• Suggestion 4: Try to connect each chapter as much as possible. For example, the end can lead to the next chapter. It is recommended that there be a discussion of the scalability and limitations of existing work.
• Recommendation 5: The specific description of the chapter should reflect the work you have done as much as possible. Especially the English translation of the small paper must be accurate. Remember that the AI ​​model needs to solve security issues when modifying the AI ​​model. The framework and connections of the entire work must be clearly described.
• Suggestion 6: In the pre-defense, it is recommended that the teacher provide more opinions and improve the revision (one-on-one reply). The title and research content should be consistent, and the PPT should be carefully written and the ideas should be clear, etc.

---

5. Gratitude and blessings

In addition, I have little talent and knowledge. I only talk about system security and paper writing based on my personal understanding. I have not published a very good article after four years of studying for a Ph.D., but every paper is like my own child and is the fruit of my own efforts. . In short, if the writing is not good or wrong, please criticize and correct it. Life is a long road, and there are still many things to do in the future. I hope that one day I will be able to win an article safely, come on!

Thank you to Teacher Peng and my friends for their help and companionship. Looking at my three pages of acknowledgments again, I feel quite emotional. The ones I am most grateful to are my wife and son. Best wishes and see you in the world!

(By:Eastmount 2023-10-11 Night at Guizhou Provincial Libraryhttp://blog.csdn.net/eastmount )

---