10 June 2022, Volume 22 Issue 6 Previous Issue   

For Selected: Toggle Thumbnails
Auxiliary Entropy Reduction Based Intrusion Detection Model for Ordinary Differential Equations
ZHANG Xinglan, FU Juanjuan
2022, 22 (6):  1-8.  doi: 10.3969/j.issn.1671-1122.2022.06.001
Abstract ( 9 )   HTML ( 1 )   PDF (2145KB) ( 4 )  

In order to improve the detection efficiency and classification accuracy of the intrusion detection task of deep learning model, this paper proposes an intrusion detection model based on the auxiliary entropy subtraction of the divine ordinary differential equation (E-ODEnet). This intrusion detection model defines continuous hidden states by parametric ordinary differential equations, while does not require further hierarchical propagation of gradients with updated parameters, while reducing memory consumption and greatly improving efficiency. Feature dimensionality reduction is performed using information bottlenecks to extract the main information relevant to the classification task, while label smoothing and entropy reduction loss are used to improve the generalization ability and accuracy of the model. This experiment is trained and tested on the NSL-KDD dataset, and the accuracy rate of the experimental result is 99.76%, which is better than other intrusion detection models.

Figures and Tables | References | Related Articles | Metrics
Survey on Application of Machine Learning in Disassembly on x86 Binaries
WANG Juan, WANG Yunru, WENG Bin, GONG Jiaxin
2022, 22 (6):  9-25.  doi: 10.3969/j.issn.1671-1122.2022.06.002
Abstract ( 12 )   HTML ( 2 )   PDF (1393KB) ( 3 )  

Binary disassembly technology is the core of vulnerability finding, control flow integrity and code similarity measurement. Traditional disassembly techniques highly rely on predefined heuristics and expert knowledge, and its application effect of identifying function boundaries, variable types and reconstructing control flow graphs and other tasks are not good enough. The development of machine learning in handling sequential and graphical data has enabled machine learning to be applied to binary analysis and make up for the defects of the traditional disassembly techniques, thus promoting the researches of binary reverse analysis. This paper focused on the application of machine learning in disassembly on x86 binaries and analyzed in-depth the research work related to function identification, function signature recovery and data flow reconstruction. Firstly, the traditional methods and challenges of disassembly on x86 binaries were summarized comprehensively. Secondly, the general workflow of machine learning in disassembly on x86 binaries including binary feature extraction, vectorization, and model training was distilled. This paper classified the methodologies of feature extraction and vectorization based on the feature contents and embedded approaches respectively, and subsequently summarized the significant techniques of model training utilized in specific disassembly tasks. Finally, the limitations and challenges of current work were concluded, and the future research directions were elaborated.

Figures and Tables | References | Related Articles | Metrics
Research on Cooperative Security Technology of Side Channel in Processor Microarchitecture Storage System
HONG Sheng, LI Lei, YUAN Yidong, GAO Xinyan
2022, 22 (6):  26-37.  doi: 10.3969/j.issn.1671-1122.2022.06.003
Abstract ( 5 )   HTML ( 1 )   PDF (1122KB) ( 0 )  

Side-channel attack is a kind of attack that launched through the leakage of side-channel information during device running. Side-channel attack can bypass encryption algorithms and seriously threaten user’s privacy. Frequent memory access and program execution speed differences in processor microarchitecture storage systems provide natural side channels. Microarchitecture side channel attack can be carried out as long as the attacker and victim are in the same environment without physical contact, which is more harmful than traditional side channel attack. Firstly, based on the target, this research summarized side channel attacks and defensed technologies respectively from the Cache, MMU and TLB, put forward a cooperative security model framework. Secondly, this research built the cooperative security model of micro processor architecture side channel storage system refering to security-architecture center thoughts of detecting process risk, increasing difficulty of attacks and isolating secure area in order to guide the design of new architecture. Finally, the thesis prospected the future trend of technology to provide a reference for the development direction of side channel defense technology.

Figures and Tables | References | Related Articles | Metrics
Quantum Cheque Protocol Based on Bell States
JIA Hengyue, LIU Kangting, WU Xia, WANG Maoning
2022, 22 (6):  38-43.  doi: 10.3969/j.issn.1671-1122.2022.06.004
Abstract ( 8 )   HTML ( 2 )   PDF (2023KB) ( 16 )  

Based on Heisenberg’s uncertainty principle and non-cloning principle in quantum mechanics, quantum money with quantum states as the carrier has certain advantages in anti-counterfeiting, anti-double-spending and anti-quantum computing. In this paper, according to the scenarios of bank, cheque issuer and receiver for cheque generation, issuance and verification, a quantum cheque protocol using Bell state is proposed, and its correctness, verifiability, unforgeability, non-repudiation and tamper-proof are analyzed. Compared with the existing quantum cheque schemes, this protocol reduces the requirement of quantum entanglement and improves the feasibility of implementation.

Figures and Tables | References | Related Articles | Metrics
Security Resource Allocation Method for Internet of Things Based on Reinforcement Learning
ZHAO Hong, LI Shan, ZUO Peiliang, WEI Zhanzhen
2022, 22 (6):  44-52.  doi: 10.3969/j.issn.1671-1122.2022.06.005
Abstract ( 5 )   HTML ( 1 )   PDF (1363KB) ( 1 )  

As a decentralized computing structure, fog computing is applied in the Internet of things, and its inherent broadcast characteristics will make the network communication system to confront serious security threats. At the same time, in the dynamically changing fog Internet of things environment, the rational allocation of wireless resources is crucial to reduce the delay of communication services. Under the premise of the existence of untrusted nodes, this paper studies the security resource allocation problem of fog Internet of things. Based on the assumption that fog node receivers have simultaneous co-frequency full-duplex self-interference cancellation technology, a new method with physical layer security characteristics is proposed. It is an intelligent allocation method for radio resources in the fog layer. By constructing a deep reinforcement learning neural network and designing reasonable parameters such as state, action and reward, the method realizes the rapid upload of fog IoT perception data under the condition of security and confidentiality protection. The experimental results show that the method has a faster convergence speed and is significantly better than the comparison methods in performance.

Figures and Tables | References | Related Articles | Metrics
Design of E-mail Encryption System Based on SM9 Algorithm
WANG Shengwen, HU Aiqun
2022, 22 (6):  53-60.  doi: 10.3969/j.issn.1671-1122.2022.06.006
Abstract ( 7 )   HTML ( 1 )   PDF (1165KB) ( 2 )  

In recent years, problems such as email leaks have emerged one after another, which have caused a very bad impact. In order to solve the security problem during mail transmission, this paper designed a mail encryption system based on SM9 algorithm according to the national encryption standard of China. The system consisted of four parts: key generation and key distribution, email encryption and decryption, email signature, and key exchange. It could realize the email encryption transmission, email integrity verification, email signature, and key negotiation, etc. It effectively ensured the security of the mail during the transmission process. The email encryption system solved the problems of key spoofing and man-in-the-middle attacks in the traditional email encryption system, and ensured the authenticity and reliability of the public key. It had advantages over traditional email encryption systems.

Figures and Tables | References | Related Articles | Metrics
Research and Implementation of Cross-Chain Security Access and Identity Authentication Scheme of Blockchain
WANG Shushuang, MA Zhaofeng, LIU Jiawei, LUO Shoushan
2022, 22 (6):  61-72.  doi: 10.3969/j.issn.1671-1122.2022.06.007
Abstract ( 6 )   HTML ( 1 )   PDF (1399KB) ( 1 )  

This paper proposes a blockchain cross-chain secure access and identity authentication scheme. Aiming at the research on access chain secure access and cross-chain identity authentication in cross-chain technology, a secure cross-chain model architecture is designed. The digital identity is used as the global identifier of the whole cross chain network of the blockchain to complete the identity identification of cross-chain transactions. A cross-chain identity authentication scheme of IBE based on relay chain is proposed. The access chain security access and cross-chain identity authentication are carried out through relay chain. At the same time, the transaction information of the two chains carrying out cross-chain transactions is encrypted and transmitted by using security key negotiation strategy, so as to ensure the anonymity security of transaction information and solve the problems of security and isolated data island in the existing cross-chain model. Finally, the experimental analysis and evaluation show that the scheme is safe and feasible.

Figures and Tables | References | Related Articles | Metrics
The High-Value Data Sharing Model Based on Blockchain and Game Theory for Data Centers
YU Kechen, GUO Li, YIN Hongwei, YAN Xuesong
2022, 22 (6):  73-85.  doi: 10.3969/j.issn.1671-1122.2022.06.008
Abstract ( 4 )   HTML ( 1 )   PDF (1633KB) ( 0 )  

Despite the huge amount of high-value data in a data center, there exists the issue of isolated data island. High-value data sharing is an effective way to solve the isolated data island issue and exploit the potential value of data. However, the prerequisite to realizing the full sharing of high-value data is to ensure the security and trustworthiness of the data sharing process. Traditionally, data sharing models tend to adopt the centralized architecture, which are prone to trust and security issues. Blockchain is a distributed technology with features such as decentralized, hard to tamper, hard to forge, traceable and auditable. It provides a reliable solution for data security sharing. Nevertheless, limited application scenarios and lack of security guarantee are limitations of blockchain-based data sharing solutions. In response to the above problems, the high-value data sharing model based on blockchain and game theory for data centers was proposed in this thesis. Firstly, the model used blockchain technology to ensure the traceability, confidentiality and security of the sharing process. Secondly, the model mobilized data holders to share high-value data by applying the game theory to give the corresponding incentive scheme. Finally, the model was compared with other existing data sharing models. Through comparative analysis, it is verified that this model has full functionality, security and efficiency, and can be better applied to data center scenarios.

Figures and Tables | References | Related Articles | Metrics
Research on Dynamic Access Control Model of Sensitive Data Based on Zero Trust
GUO Baoxia, WANG Jiahui, MA Limin, ZHANG Wei
2022, 22 (6):  86-93.  doi: 10.3969/j.issn.1671-1122.2022.06.009
Abstract ( 5 )   HTML ( 1 )   PDF (1588KB) ( 0 )  

With the advent of the era of big data, the security of sensitive data has attracted increasing attention. At present, most of the existing systems consider the access subject’s identity to be trusted after successful authentication, but once the attacker uses the lost subject as a springboard to invade the network, he may steal or destroy sensitive data. Therefore, it is urgent to study a fine-grained and flexible access control mechanism to protect the sensitive information resources of the system. Based on zero trust architecture, this paper proposes a trust evaluation algorithm by analyzing the characteristics of access subject and access object of the current protected system. By acquiring multi-source attributes for dynamic trust evaluation, the algorithm can quickly reduce the trust value of the lost subject when it has abrupt behavior, and timely block the threat of the lost subject in the authentication. The system implements dynamic authorization through attribute encryption to reduce the possibility of excessive access to sensitive resources. Experimental results show that this model can realize dynamic control of access authorization, and ensure that the time and memory cost of the system are in a reasonable range.

Figures and Tables | References | Related Articles | Metrics