10 November 2022, Volume 22 Issue 11 Previous Issue   

For Selected: Toggle Thumbnails
Design of Log-Based Anomaly Detection System Based on Temporal and Logical Relationship
NIU Yinuo, ZHANG Yifei, GAO Neng, MA Cunqing
2022, 22 (11):  1-6.  doi: 10.3969/j.issn.1671-1122.2022.11.001
Abstract ( 59 )   HTML ( 17 )   PDF (7249KB) ( 48 )  

With the development of computer systems, logs have become an important data source for maintaining stable operation of computer systems. System logs record the status and important event information of key points during system operation, which can help technicians locate system faults and analyze their causes, provide data support for problem solving, and monitor illegal operations and provide help for system recovery, so log anomaly detection is of great significance. However, most of the existing researches only utilize a single feature of logs for anomaly detection. To this end, the paper designed a machine learning-based log anomaly detection system, which implemented a complete process of log collection, log parsing, log feature extraction and log anomaly detection; a machine learning method that incorporates log temporal and logical relationships is proposed to make better use of log features to increase the accuracy of detection results.

Figures and Tables | References | Related Articles | Metrics
Role Mining Scheme with Abnormal Permission Configuration
SHEN Zhuowei, FAN Linli, HUA Tong, WANG Kexiang
2022, 22 (11):  7-16.  doi: 10.3969/j.issn.1671-1122.2022.11.002
Abstract ( 41 )   HTML ( 11 )   PDF (10011KB) ( 36 )  

Role mining is a common method to build RBAC system. However, the current role mining schemes don’t detect the abnormal permission configuration in the original system, so that the result of role mining may contain the wrong role permission configuration, which brings security risks to the system. To solve the above problem, role mining scheme tolerating abnormal permission configuration is proposed. First, Canopy preclustering is introduced to reduce the subsequent spectral clustering calculation in the user clustering part by extracting the subset overlapping data. Then, the initial value selection of spectral clustering was optimized by combining the preclustering results, and the distance of Canopy preclustering and spectral clustering was measured by combining Jakard distance and Hamming distance, aiming at the characteristics that access control data are represented by Boolean values, so as to improve user clustering effect. Finally, the abnormal permission configuration detection rules are refined, and the modified user clustering results are used for role mining. Experimental results show that the scheme can find abnormal permission configuration effectively and improve the efficiency of role mining.

Figures and Tables | References | Related Articles | Metrics
Data Sharing Scheme Based on Consortium Blockchain and Asmuth-Bloom Secret Sharing Algorithm
ZHANG Xuewang, YAO Yaning, LI Zhihong, ZHANG Hao
2022, 22 (11):  17-23.  doi: 10.3969/j.issn.1671-1122.2022.11.003
Abstract ( 39 )   HTML ( 8 )   PDF (8272KB) ( 46 )  

Aiming at the problems of low efficiency of data sharing scheme and high storage pressure on the consortium blockchain, an attribute-encrypted data-sharing scheme based on Asmuth-Bloom secret sharing algorithm is proposed. The scheme solves the leakage problem of sensitive data through fine-grained access control and improves the efficiency of secret reconstruction in the sharing process. At the same time, it realizes the secure storage of through interstellar file system and effectively reduces the storage pressure on the consortium blockchain network. Meanwhile, it realizes the secure storage of data through the inter planetary file system and effectively reduces the storage pressure of each node on the consortium blockchain network. The analysis and experimental results show that the scheme is correct, safe and efficient.

Figures and Tables | References | Related Articles | Metrics
Proportional Differential Privacy Budget Allocation Method for Partition and Publishing of Statistical Big Data
YAN Yan, ZHANG Xiong, FENG Tao
2022, 22 (11):  24-35.  doi: 10.3969/j.issn.1671-1122.2022.11.004
Abstract ( 32 )   HTML ( 15 )   PDF (11177KB) ( 12 )  

In view of the problem of privacy budget allocation method for the existing big data differential privacy statistical partition and publishing, this paper proposed a proportional differential privacy budget allocation method. The hierarchical allocation formula of the proportional privacy budget allocation method was derived through the analysis of the statistical partitioning structure and publishing error of big data. The proposed method was compared with other existing privacy budget allocation methods to prove its advantages theoretically in terms of privacy budget allocation results for each partition layer and the overall publishing error. The experimental results show that the proposed proportional differential privacy budget allocation method has better range counting query accuracy than other existing privacy budget allocation methods, which is helpful to improve the availability of big data statistical partitioning and publishing results.

Figures and Tables | References | Related Articles | Metrics
Moving Target Defense Mechanism Research Based on Device Address in SD-IoT
HAN Li, SONG Jixiang, SUN Shimin
2022, 22 (11):  36-46.  doi: 10.3969/j.issn.1671-1122.2022.11.005
Abstract ( 34 )   HTML ( 6 )   PDF (13152KB) ( 16 )  

The limited resources and static configuration of Internet of Things(IoT) terminal devices can lead to sniffing attack which causes theft and tampering of the device address (IP address or MAC address). The address hopping strategy defends against attackers by dynamically randomizing the address of the network device. In this paper, a weighted random selection of device address hopping method is proposed in the software defined Internet of things(SD-IoT) environment. By adding repeated constraints to the selection of virtual addresses in the hopping process, it can enhance the unpredictability of the device address hopping process and defend the occurrence of sniffing behavior. At the same time, the characteristics of centralized control of the SDN controller are used to detect the terminal equipment of the IoT to ensure the normal deployment of the address hopping strategy. According to the detection results, the address hopping period is dynamically adjusted to improve the performance of the service capability of network and security. Simulation results show that, within 5% of the system load, the proposed method can enhance the unpredictability of device addresses, and resist sniffing and spoofing behaviors in the IoT.

Figures and Tables | References | Related Articles | Metrics
Analysis of SM2 Encryption and Decryption Vulnerability in OpenSSL
LIU Zhenya, LIN Jingqiang
2022, 22 (11):  47-54.  doi: 10.3969/j.issn.1671-1122.2022.11.006
Abstract ( 26 )   HTML ( 6 )   PDF (7879KB) ( 13 )  

OpenSSL is a popular open source library for cryptography. On August 26,2021 a buffer overflow vulnerability was patched in OpenSSL, which is caused by the fact that the buffer size calculated by the SM2 decryption function could be smaller than the actual plaintext size. This paper firstly analyzed the principle of buffer overflow based on the OpenSSL source code, and then analyzed the feasibility of overflow attack according to the overflow principle. Finally this paper designed an experiment to verify the feasibility of overflow attack. It’s concluded that when SM2 decryption function calculates the size of the buffer to accommodate the plaintext, it doesn’t consider the encoding of the points on the elliptic curve, when the encoding length is smaller than the preset length, resulting in the buffer size being smaller than the actual plaintext size. Attacker can obtain appropriate points by exhaustion and further construct appropriate ciphertext for buffer overflow attack according the above feature and can use the same point to perform buffer overflow attacks on SM2 decryptors holding different key pairs.

Figures and Tables | References | Related Articles | Metrics
A Secure Container Management Approach Based on Virtual Machine Introspection
HUANG Zilong, ZHAN Dongyang, YE Lin, ZHANG Hongli
2022, 22 (11):  55-61.  doi: 10.3969/j.issn.1671-1122.2022.11.007
Abstract ( 16 )   HTML ( 4 )   PDF (7657KB) ( 14 )  

With the development of containers, container-based cloud native has been popularized by cloud service providers. Compared with virtual machines, containers are lighter, but exists the problem of insufficient isolation capability. However, if the attacker escapes from the container inside the virtual machine, the container management tools running inside the virtual machine may also be attacked and can no longer be trusted. This paper proposed a secure container management method based on virtual machine introspection to manage the container in the virtual machine, which could automatically obtain and change the execution state of the container in the virtual machine from the hypervisor layer. Since the management tool run in the virtual machine monitor layer, it is secure even if the virtual machine is controlled by an attacker. In order to automatically control the execution state of the target container, this paper proposed a clientless system call injection method, which could efficiently reuse the system calls of the target virtual machine. Furthermore, a high-performance kernel protection and recovery method for performing management operations in untrusted virtual machine operating systems was proposed. Experimental results show that our approach can perform lots of common container management operations.

Figures and Tables | References | Related Articles | Metrics
Design and Implementation of Abnormal Behavior Detection System for Virtualization Platform
LIN Faxin, ZHANG Jian
2022, 22 (11):  62-67.  doi: 10.3969/j.issn.1671-1122.2022.11.008
Abstract ( 32 )   HTML ( 7 )   PDF (6823KB) ( 20 )  

This paper proposed an abnormal behavior detection method implemented of virtualization platform based on image and deep learning, designed and implemented the system prototype. This method used the Xen virtualization platform to dump the system memory of VMS running normal software and malicious software respectively and collects 1100 memory dump files containing normal behaviors and 2200 memory dump files containing abnormal behaviors. For each file, the first 10 MB of system sensitive area is extracted and then converted into a 2-dimensional image using SFC. Finally, convolutional neural network is used to classify the memory images to judge whether there are abnormal behaviors in the virtualization platform. Experimental results show that the system achieves 98.78% classification accuracy and can effectively detect abnormal behaviors in virtualization platform.

Figures and Tables | References | Related Articles | Metrics
The Optimization Method of Industrial Control System Functional Safety and Information Security Policy
SONG Jing, DIAO Run, ZHOU Jie, QI Jianhuai
2022, 22 (11):  68-76.  doi: 10.3969/j.issn.1671-1122.2022.11.009
Abstract ( 33 )   HTML ( 12 )   PDF (10956KB) ( 18 )  

In view of the problem that is difficult to solve in current industrial control security compatibility, at the essential level of the competition between functional safety and information security resource consumption, a formal model supporting the conflict between functional safety and information security is proposed. The functional safety degree, information security degree, CPU occupation, and memory occupation of the security policy of the industrial control system are mathematically described. This paper took four mathematical functions as objective functions to measure the advantages and disadvantages of the security policy for multi-objective optimization. It fully considered the key factors of industrial control systems such as functional safety, information security, time delay, and resource consumption, constructed the parameter space of the objective function, and used the space interval to select the optimal strategy. This paper overcomes the limitation that the traditional contradiction shielding method can only be qualitatively configured without affecting functional safety, and provides a complete set of policy optimization schemes and algorithms for industrial control systems. The strategy optimization algorithm is applied to the train control system to obtain the optimal safety strategy scheme of the Automatic Train Protection (ATP) system.Experimental results show that the security strategy optimization method proposed in this paper can quantify the advantages and disadvantages of security strategies, and effectively select the optimal scheme of security strategy to ensure the security of industrial control systems.

Figures and Tables | References | Related Articles | Metrics
Deepfake Detection Algorithm Based on Image Fine-Grained Features
PENG Shufan, CAI Manchun, LIU Xiaowen, MA Rui
2022, 22 (11):  77-84.  doi: 10.3969/j.issn.1671-1122.2022.11.010
Abstract ( 31 )   HTML ( 13 )   PDF (10244KB) ( 10 )  

With the development of deep learning, deepfake generation models have overcome the drawback of having obvious artifacts in the generated images, but the difference between deepfake images and real images is often subtle and partial. Therefore, a detection model FGDD based on fine-grained features of images was constructed in this paper. To address the shortcomings of using only coarse-grained features, FGDD fully learned the fine-grained features of the sample images by multi-branch, and improved the accuracy of locating sensitive facial regions by introducing a channel attention mechanism and an optimized activation map mask localization strategy. In the activation graph, the multi-level sliding windows were used to extract the highly differentiated subtle features in the samples, and the robustness of the model for fine-grained features was improved by using AugMix data enhancement strategy. The experimental results show that the tested accuracy of FGDD on several datasets outperform the mainstream algorithms, proving the effectiveness of the detection method based on fine-grained features of images.

Figures and Tables | References | Related Articles | Metrics