Top Read Articles

Published in last 1 year |

In last 2 years |

In last 3 years |

All

Please wait a minute...


For Selected: Download Citations EndNote Ris BibTeX Toggle Thumbnails

Select

Review of Fuzzing Based on Machine Learning WANG Juan, ZHANG Chong, GONG Jiaxin, LI Jun’e Netinfo Security    2023, 23 (8): 1-16.   DOI: 10.3969/j.issn.1671-1122.2023.08.001 Abstract （833）   HTML （209）    PDF （20467KB）（577）       Knowledge map    Fuzzing is one of the most popular vulnerability discovering techniques today. Traditional fuzzing often requires a lot of labor, which increases the application cycle of fuzzing. Besides, expert experience determines the effect of fuzzing. The wide application of machine learning has enabled machine learning techniques to be applied to software security testing. Many research works use machine learning to optimize the fuzzing process, making up for many defects of traditional fuzzing technology. This paper provided a review of fuzzing based on machine learning. Firstly, common vulnerability discovery methods, fuzzing process and classification, and the shortcomings of traditional fuzzing were summarized. Then, from the perspective of test case generation, mutation, screening, and scheduling of fuzzing, this paper focused on the application research of machine learning methods in fuzzing, as well as the research work on combining machine learning and fuzzing to realize other functions. Finally, based on the existing work, this paper analyzed and summarized the limitations and challenges in the current research work, and prospected the future development directions of this field. Table and Figures | Reference | Related Articles | Metrics

Select

A Survey of Cyber Security Open-Source Intelligence Knowledge Graph WANG Xiaodi, HUANG Cheng, LIU Jiayong Netinfo Security    2023, 23 (6): 11-21.   DOI: 10.3969/j.issn.1671-1122.2023.06.002 Abstract （645）   HTML （83）    PDF （13519KB）（392）       Knowledge map    With the development of informatization, a large amount of cyber security information is generated online every day. However, the majority of security intelligence consists of multi-source and heterogeneous text data that are challenging to directly analyze and apply. Therefore, the introduction of a knowledge graph assumes paramount significance in order to facilitate profound semantic knowledge mining and enable intelligent reasoning analysis. On this basis, this paper first described how the cybersecurity knowledge graph was built. Then, it outlined the core technologies of the knowledge graph and related research work, including information extraction and knowledge reasoning. Finally, the challenges of building a cybersecurity knowledge graph were discussed, and some directions for further research were suggested. Table and Figures | Reference | Related Articles | Metrics

Select

A Large Language Model Based SQL Injection Attack Detection Method HUANG Kaijie, WANG Jian, CHEN Jiongyi Netinfo Security    2023, 23 (11): 84-93.   DOI: 10.3969/j.issn.1671-1122.2023.11.009 Abstract （633）   HTML （85）    PDF （12178KB）（357）       Knowledge map    The SQL injection attack, widely employed by attackers, poses a significant threat to cyberspace security. Traditional detection methods for SQL injection attacks include rule-based and machine learning-based method, suffering from limited applicability and high false positive rates. This paper proposed a large language model-based method for detecting SQL injection attacks. By applying prompt engineering and instruction fine-tuning techniques, a specialized large language model for SQL injection attack detection was developed; Additionally, the impact of iteration rounds, the number of fine-tuning samples and inference parameters on model performance was analyzed to enhance the detection capability of large language models; Leveraging the robust semantic understanding capability of the large language model significantly reduced the false positive rate. This paper conduct experimental analysis on a specialized large language model for SQL injection attack detection that we proposed, using the Kaggle dataset. The model achievedes an accuracy rate of over 99.85%, a false alarm rate of less than 0.2%, and an F1 score of 0.999. Compared to the current state-of-the-art methods for SQL injection attack detection, our model demonstrates a significant improvement in detection performance. Table and Figures | Reference | Related Articles | Metrics

Select

A Survey of Large Language Models in the Domain of Cybersecurity ZHANG Changlin, TONG Xin, TONG Hui, YANG Ying Netinfo Security    2024, 24 (5): 778-793.   DOI: 10.3969/j.issn.1671-1122.2024.05.011 Abstract （606）   HTML （279）    PDF （20073KB）（445）       Knowledge map    In recent years, with the rapid advancement of large language model technology, its application potential in various fields such as healthcare and law has become evident, simultaneously pointing to new directions for progress in the field of cybersecurity. This paper began by providing an overview of the foundational theories behind the design principles, training mechanisms, and core characteristics of large language models, offering the necessary background knowledge to readers. It then delved into the role of large language models in enhancing the capabilities to identify and respond to the growing threats online, detailing research progress in areas such as penetration testing, code security audit, social engineering attacks, and the assessment of professional cybersecurity knowledge. Finally, it analyzed the challenges related to security, cost, and interpretability of this technology, and looked forward to the future development direction. Table and Figures | Reference | Related Articles | Metrics

Select

Data Augmentation Method via Large Language Model for Relation Extraction in Cybersecurity LI Jiao, ZHANG Yuqing, WU Yabiao Netinfo Security    2024, 24 (10): 1477-1483.   DOI: 10.3969/j.issn.1671-1122.2024.10.001 Abstract （513）   HTML （1829）    PDF （8545KB）（272）       Knowledge map    Relationship extraction technology can be used for threat intelligence mining and analysis, providing crucial information support for network security defense. However, relationship extraction tasks in cybersecurity face the problem of dataset deficiency. In recent years, large language model has shown its superior text generation ability, providing powerful technical support for data augmentation tasks. In order to compensate for the shortcomings of traditional data augmentation methods in terms of accuracy and diversity, this paper proposed a data augmentation method via large language model for relation extraction in cybersecurity named MGDA. MGDA used large language model to enhance the original data from four granularities of words, phrases, grammar, and semantics in order to ensure accuracy while improving diversity. The experimental results show that the proposed data augmentation method in this paper effectively improves the effectiveness of relationship extraction tasks in cybersecurity and diversity of generated data. Table and Figures | Reference | Related Articles | Metrics

Select

Security Analysis of Cryptographic Application Code Generated by Large Language Model GUO Xiangxin, LIN Jingqiang, JIA Shijie, LI Guangzheng Netinfo Security    2024, 24 (6): 917-925.   DOI: 10.3969/j.issn.1671-1122.2024.06.009 Abstract （508）   HTML （60）    PDF （19521KB）（237）       Knowledge map    With the extensive application of large language model(LLM) in software development, the role in enhancing development efficiency has also introduced new security risks, particularly in the field of cryptography applications that demand high security. This paper proposed an open-source prompt dataset named LLMCryptoSE, containing 460 natural language description prompts of cryptographic scenarios. It aimed to assess the security of code generated by LLM for cryptographic applications. At the same time, through an in-depth analysis of code snippets generated by LLM, this paper primarily evaluated the misuse of cryptographic API, employing the methodology that combined the static analysis tool CryptoGuard with manual review to conduct a detailed evlatuation of 1380 code snippets. The assessment of three mainstream LLM, including ChatGPT 3.5, ERNIE 3.5, and Spark 3.5, revealed that 52.90% of the code snippets contained at least one instance of cryptographic misuse, with Spark 3.5 showing a relatively better performance with a misuse rate of 48.48%. Based on these findings, the study not only reveals the current challenges in cryptographic application security faced by LLM, but also offers a series of recommendations for LLM users and developers to enhance security. These are aims at providing practical guidance for improving the application of LLM in cryptographic fields. Table and Figures | Reference | Related Articles | Metrics

Select

New Research Progress on Intrusion Detection Techniques for the Internet of Things FENG Guangsheng, JIANG Shunpeng, HU Xianlang, MA Mingyu Netinfo Security    2024, 24 (2): 167-178.   DOI: 10.3969/j.issn.1671-1122.2024.02.001 Abstract （499）   HTML （305）    PDF （15179KB）（587）       Knowledge map    Compared to traditional intrusion detection mechanisms, the intelligent intrusion detection technology can fully extract data features, demonstrating higher detection efficiency, however, it also imposes greater demands on data sample labels. Considering data sample labels, this article provided a comprehensive review of the latest developments in the intrusion detection technology for the Internet of things(IoT) from the perspectives of supervised and unsupervised learning. Firstly, it outlined signature-based intrusion detection methods and analyzed recent traditional machine learning based intrusion detection methods based on the classification of supervised and unsupervised learning. Then, it analyzed recent deep learning based intrusion detection methods based on supervised, unsupervised, generative adversarial network, and deep reinforcement learning, respectively. Finally, it summarized the research challenges and future trends in the IoT intrusion detection technology. Table and Figures | Reference | Related Articles | Metrics

Select

Research on Anonymous Traffic Classification Method Based on Machine Learning ZHAO Xiaolin, WANG Qiyao, ZHAO Bin, XUE Jingfeng Netinfo Security    2023, 23 (5): 1-10.   DOI: 10.3969/j.issn.1671-1122.2023.05.001 Abstract （496）   HTML （66）    PDF （10333KB）（420）       Knowledge map    Anonymous communication tools not only protect users’ privacy, but also provide shelter for crimes, making it more difficult to purify and supervise the network environment. Classification of anonymous traffic generated during information exchange in anonymous networks can refine the scope of network supervision. Aiming at the problems of insufficient granularity of traffic classification and low accuracy of anonymous traffic classification in the application layer in the existing anonymous traffic classification field, this paper proposed an application layer multi classification method for anonymous traffic based on machine learning. It included the feature extraction model based on auto-encoder and random forest, and the anonymous traffic multi classification model based on convolutional neural networks and XGBoost. The classification effect is improved through feature reconstruction and model combination, and is verified on Anon17 public anonymous traffic dataset, proving the usability, effectiveness and accuracy of the designed model. Table and Figures | Reference | Related Articles | Metrics

Select

A False Data Injection Attack Detecting and Compensating Method XIE Ying, ZENG Zhu, HU Wei, DING Xuyang Netinfo Security    2023, 23 (6): 22-33.   DOI: 10.3969/j.issn.1671-1122.2023.06.003 Abstract （473）   HTML （33）    PDF （15071KB）（235）       Knowledge map    To accurately detect false data injection attacks in industrial control networks and quickly compensate for their impact on the system, this paper proposed an attack detecting and compensating method based on state estimation. The method constructed a sequence Kalman filter to optimally estimate the state vector based on the mathematical model of the industrial control system. Additionally, a double-judgment mechanism was designed to eliminate unstable states caused by noise and perturbation. Furthermore, the paper proposed a multi-step estimating attack compensation strategy that utilized the previously measured data in the safe state to provide a compensation control signal for the system. The experimental results conducted on the load frequency control system of the dual-area interconnected power system demonstrate the effectiveness of the proposed method in detecting and compensating for false data injection attacks. Moreover, the method outperforms the comparison algorithms in terms of frequency deviation control and control signal compensation. Table and Figures | Reference | Related Articles | Metrics

Select

A Hybrid Method of Joint Entropy and Multiple Clustering Based DDoS Detection in SDN WANG Zhi, ZHANG Hao, Jason GU Netinfo Security    2023, 23 (10): 1-7.   DOI: 10.3969/j.issn.1671-1122.2023.10.001 Abstract （452）   HTML （60）    PDF （8370KB）（319）       Knowledge map    Software Defined Networking (SDN), an emerging networking paradigm, has introduced more severe Distributed Denial of Service attacks (DDoS) along with convenience. Existing works typically use machine learning models to detect DDoS attacks, but ignore the additional overhead that models impose on SDN controllers. In order to detect DDoS attacks more efficiently and accurately, this paper adoptd a strategy of multi-level detection modules: the first-level module detectd suspicious traffic by calculating the joint entropy of the traffic in the current window; the second-level module used a semi- supervised model that used techniques such as feature selection, multi-training algorithms, and multiple clustering to improve detection performance by training multiple local models. Compared with other existing models, this model performs best on multiple data sets and has better detection accuracy and generalization ability. Table and Figures | Reference | Related Articles | Metrics

Select

HTTP Payload Covert Channel Detection Method Based on Deep Learning YUAN Wenxin, CHEN Xingshu, ZHU Yi, ZENG Xuemei Netinfo Security    2023, 23 (7): 53-63.   DOI: 10.3969/j.issn.1671-1122.2023.07.006 Abstract （445）   HTML （31）    PDF （13136KB）（139）       Knowledge map    Aiming at the problem that existing network traffic statistical features and packet payload features cannot effectively detect HTTP payload covert channels, this article proposed a convolutional neural network detection method based on session flow payload representation. First, packets generated by HTTP communication were aggregated into bidirectional session flows based on five-tuple and expiration time conditions. Then, selected a set of packets that can reflect the communication interaction behavior and session flow structure, extract the original byte sequence of their transport layer payload, forming a session flow payload representing each HTTP session flow. Finally, the detection model was constructed using 2D-CNN that can fully mine temporal and spatial dimensional information in byte sequences. Experimental results show that the proposed session flow payload representation method can depict HTTP traffic from more perspectives than the session flow packet payload representation method, thereby providing more useful information for the detection task. The detection rate of the proposed method is as high as 99%, which is better than traditional machine learning detection methods based on network flow behavior statistical features. Table and Figures | Reference | Related Articles | Metrics

Select

Network Anomaly Detection Based on Dual Graph Convolutional Network and Autoencoders QIN Zhongyuan, MA Nan, YU Yacong, CHEN Liquan Netinfo Security    2023, 23 (9): 1-11.   DOI: 10.3969/j.issn.1671-1122.2023.09.001 Abstract （441）   HTML （255）    PDF （13563KB）（242）       Knowledge map    Considering the application of graph neural networks in the field of network anomaly detection mostly focused on the extraction of single point features, while ignoring the correlation features between continuous messages. This paper proposed a network anomaly detection method based on dual graph convolutional networks and autoencoders. This method first constructed the graph and divided the subgraph of the communication data, then sent the subgraph into the two-layer graph convolution neural network to extract the features of points and edges respectively, and finally used the unsupervised learning method to train the divided subgraph. In the experimental part, through the iterative experiment on the subgraph division time interval and iteration times, the subgraph division time interval and iteration times with the best effect were obtained. Comparative experiments with traditional algorithms on three data sets showed that our scheme is more accurate and has stronger generalization. Table and Figures | Reference | Related Articles | Metrics

Select

A Review of Network Anomaly Detection Based on Semi-Supervised Learning ZHANG Hao, XIE Dazhi, HU Yunsheng, YE Junwei Netinfo Security    2024, 24 (4): 491-508.   DOI: 10.3969/j.issn.1671-1122.2024.04.001 Abstract （437）   HTML （60）    PDF （22842KB）（313）       Knowledge map    The acquisition of network traffic data is relatively easy, while marking the traffic data is comparatively challenging. Semi-supervised learning utilizes a small amount of labeled data and a large amount of unlabeled data for training, reducing the demand for labeled data and effectively adapting to anomaly detection in massive network traffic data. This paper conducted an in-depth investigation into the field of semi-supervised network anomaly detection in recent years. Firstly, it introduced some basic concepts and thoroughly analyzes the necessity of using semi-supervised learning strategies in network anomaly detection. Then, from the perspectives of semi-supervised machine learning, semi-supervised deep learning, and the combination of semi-supervised learning with other paradigms, it analyzed and compared the recent literature on semi-supervised network anomaly detection and summarized the findings. Finally, the current status and future prospects of the field of semi-supervised network anomaly detection were analyzed. Table and Figures | Reference | Related Articles | Metrics

Select

Anomaly Traffic Detection Based on Deep Metric Learning ZHANG Qiang, HE Junjiang, LI Wenshan, LI Tao Netinfo Security    2024, 24 (3): 462-472.   DOI: 10.3969/j.issn.1671-1122.2024.03.011 Abstract （430）   HTML （59）    PDF （13232KB）（289）       Knowledge map    The identification of network anomalous traffic is one of the important tasks of cyber security nowadays. However, traditional traffic classification models are trained based on traffic data, and most of the traffic data are unevenly distributed, leading to fuzzy classification boundaries, which will greatly limits the classification performance of the model. In order to solve the above problems, this paper proposed a deep metric learning based abnormal traffic detection method. Firstly, a new double-proxy mechanism was designed to improve the efficiency of model training by guiding the optimization direction of updateable proxy through the target proxy compared with the traditional deep metric learning algorithm of single proxy for each category, and to enhance the ability of aggregating traffic data of the same category and separating traffic data of different categories to minimize the intra-class distance and maximized the inter-class distance, which in turn maked the classification of data boundaries more clearly, breaking the performance bottleneck of traditional traffic classification models. Secondly, this paper built neural networks based on 1D-CNN and Bi-LSTM, which can efficiently extract traffic features from spatial and temporal perspectives. The experimental results show that the intra-class distance of NSL-KDD traffic data is significantly reduced and the inter-class distance is significantly increased after the model processing. The intra-class distance decreased by 73.5% compared to the original intra-class distance and the inter-class distance increased by 52.7% compared to the original inter-class distance. And the neural network built in this paper is compared to the widely used deep residual network for deep metric learning with shorter training time and better results. Applying the model proposed in this paper to the traffic classification task on the NSL-KDD and CICIDS2017 datasets, the classification effect is also significantly improved compared to the traditional traffic classification algorithms. Table and Figures | Reference | Related Articles | Metrics

Select

Research of New Forms of Pseudorandom Random Function LI Zengpeng, WANG Mei, CHEN Mengjia Netinfo Security    2023, 23 (5): 11-21.   DOI: 10.3969/j.issn.1671-1122.2023.05.002 Abstract （427）   HTML （31）    PDF （12958KB）（182）       Knowledge map    The outsourcing of computing and data storage services has become a common practice with the rise in popularity of the cloud computing model, and concerns about data security and privacy protection are receiving more and more attention from business community and academic community. One of the current research topics in cryptography is new forms of Pseudorandom Function (PRF), a tool for retrieval and a solution to one of the problems with ciphertext security. Many cryptographic primitives are currently being investigated to target encrypted data secure computing, such as fully homomorphic encryption (FHE), lattice-based cryptography, threshold cryptography, secure multiparty computing and PRF. The study of new forms of PRF is now primarily focused on three aspects: 1) lattice-based private constrained PRF with verifiability; 2) lattice-based constrained PRF with adaptive security; and 3) lattice-based multi-point puncturable PRF with applicability. In a nutshell, this paper thoroughly analyzed the significant research findings in this area. Table and Figures | Reference | Related Articles | Metrics

Select

Review of Federal Learning and Offensive-Defensive Confrontation YANG Li, ZHU Lingbo, YU Yueming, MIAO Yinbin Netinfo Security    2023, 23 (12): 69-90.   DOI: 10.3969/j.issn.1671-1122.2023.12.008 Abstract （421）   HTML （154）    PDF （26484KB）（259）       Knowledge map    With the continuous development of machine learning technology, personal privacy issues have attracted widespread attention. Centralized learning is subject to a considerable degree of constraints due to the fact that user data is sent to the central node. Therefore, federal learning as a data can be completed locally. The framework of model training came into being. However, the federated learning mechanism will still be affected by various attacks and reduce the security and privacy. This paper started with the basic definition of federal learning, and then analyzed and summarized the threats and defense means in federal learning from two aspects of confidentiality and integrity. Finally, through these problems, the future development direction of this field was discussed. Table and Figures | Reference | Related Articles | Metrics

Select

Federated Learning Incentive Scheme Based on Zero-Knowledge Proofs and Blockchain WU Haotian, LI Yifan, CUI Hongyan, DONG Lin Netinfo Security    2024, 24 (1): 1-13.   DOI: 10.3969/j.issn.1671-1122.2024.01.001 Abstract （421）   HTML （248）    PDF （15951KB）（261）       Knowledge map    In cross-silo federated learning, participants contribute differently to the final trained model. Evaluating their contributions and providing appropriate incentives has become a key issue in federated learning research. Current incentive methods primarily focus on rewarding participants who provide valid model updates while penalizing dishonest ones, emphasizing incentivizing computational behavior. However, the quality of data provided by participants also affects learning outcomes, yet existing methods inadequately consider data quality and lack means to verify data authenticity. To enhance incentive accuracy, it is necessary to evaluate the quality of participants' data. This paper introduced, for the first time, a protocol for assessing the quality of participants' data by integrating zero-knowledge proofs and blockchain technology, leading to a novel federated learning incentive scheme. This scheme can assess the quality of participants' datasets without disclosing plaintext data, utilizing blockchain systems to provide incentives to eligible participants while excluding those who don't meet the criteria. Experimental results confirm that even in scenarios where some users provide falsified data, this scheme remains capable of delivering accurate incentive results, while simultaneously improving the accuracy of the federated learning model. Table and Figures | Reference | Related Articles | Metrics

Select

Survey on Byzantine Fault Tolerance Accountability Mechanisms SUN Huiping, ZHOU Jinjue, LIU Shuxuan, CHEN Zhong Netinfo Security    2024, 24 (1): 14-23.   DOI: 10.3969/j.issn.1671-1122.2024.01.002 Abstract （408）   HTML （29）    PDF （12038KB）（188）       Knowledge map    The Byzantine Fault Tolerance (BFT) protocol plays a crucial role in ensuring the consistency and reliability of blockchain or distributed systems in the face of node failures and malicious behavior. The BFT accountability mechanism aims to identify Byzantine nodes by recording and sharing the behavior of consensus nodes during the consensus process. It is designed to effectively address the security and liveness issues that traditional BFT protocols cannot guarantee when the number of Byzantine nodes exceeds 1/3. This paper systematically summarized existing BFT accountability protocols, including server-side accountability mechanisms, client-side accountability mechanisms, and embedded BFT accountability mechanisms. Through a comprehensive comparison and analysis of these involved mechanisms, this paper delved into the challenges and anticipated possible future directions. Table and Figures | Reference | Related Articles | Metrics

Select

Review of Adversarial Samples for Modulation Recognition JIANG Zenghui, ZENG Weijun, CHEN Pu, WU Shitao Netinfo Security    2023, 23 (6): 74-90.   DOI: 10.3969/j.issn.1671-1122.2023.06.008 Abstract （404）   HTML （28）    PDF （20260KB）（184）       Knowledge map    Modulation recognition is a key component in the fields of cognitive radio, electronic warfare, and other related areas. It is also an important prerequisite for efficient signal processing in receivers. Due to the unique advantages of deep learning, such as autonomous analysis, automatic feature extraction, and nonlinear fitting, which traditional methods cannot match, it has great potential in modulation recognition. However, deep learning models are vulnerable to adversarial attacks, which seriously affect the task of modulation recognition. Although adversarial sample attacks have been widely studied in the fields of computer vision and natural language processing, research results in the field of modulation recognition are relatively scattered. This article introduced the modulation recognition technology based on deep learning, established the problem model of modulation recognition, and elaborated on the application status of common neural networks in modulation recognition, as well as listed and compared commonly used datasets and simulation results of modulation recognition. By reviewing attack types, adversarial sample generation, and defense strategies, we summarized the latest research results, established a classification system for different types of attacks and defence, and discussed the future prospects of adversarial samples in wireless communication. Table and Figures | Reference | Related Articles | Metrics

Select

Blockchain Access Control Scheme with SM9-Based Attribute Encryption ZHOU Quan, CHEN Minhui, WEI Kaijun, ZHENG Yulong Netinfo Security    2023, 23 (9): 37-46.   DOI: 10.3969/j.issn.1671-1122.2023.09.004 Abstract （372）   HTML （29）    PDF （10985KB）（176）       Knowledge map    The issue of secure sharing of data in the information society has attracted a lot of attention. The key to secure data sharing is to control the access or use of data through cryptography. However, traditional access control or public key encryption systems have gradually revealed their shortcomings in data sharing, such as the number of access control policies tends to increase with the size of users, which is not easy to manage; the traditional public key encryption system needs to obtain the public key information of each user and send the cipher text one-to-one, which is costly to communicate; relying on third-party service providers to store data carries the risk of a single point of failure, etc. To solve the above problems, the paper introduced distributed technology blockchain and Interplanetary File System (IPFS), and proposed a blockchain access control scheme with SM9-based attribute encryption, which achieved secure and efficient one-to-many data sharing and fine-grained access control, while the blockchain made user data uncompiled and achieved secure storage and auditable data. Finally, the safety of the proposed scheme is proved by the deterministic q-parallel BDHE assumption. Table and Figures | Reference | Related Articles | Metrics