Top Read Articles

Published in last 1 year |

In last 2 years |

In last 3 years |

All

Please wait a minute...


For Selected: Download Citations EndNote Ris BibTeX Toggle Thumbnails

Select

Review of Research on Misbehavior Detection in VANET CAO Yue, LYU Chenchen, SUN Yaping, ZHANG Yu’ang Netinfo Security    2023, 23 (4): 10-19.   DOI: 10.3969/j.issn.1671-1122.2023.04.002 Abstract （807）   HTML （92）    PDF （13558KB）（346）       Knowledge map    The Internet of vehicles (IoV) has gradually penetrated into the lives of urban residents, while security threats such as remote malicious control of vehicles and leakage of personal information of vehicle owners have gradually been exposed in recent years. Compared with the security concern on devices and platform in vehicular Ad-hoc network (VANET), this paper focused on the security issues faced by the communication of VANET. Therefore, this paper systematically reviewed the literature on misbehavior detection mechanisms of VANET in recent years. Firstly, this paper analyzed the definition of misbehavior and summarized common threat models. Then, the classification of misbehavior detection mechanisms was discussed, including detection mechanisms based on message content, detection mechanisms based on message processing behavior, and detection mechanisms combined with sensors. Finally, this paper summarized open issues and possible future research trends in the current misbehavior detection mechanisms of VANET communication. Table and Figures | Reference | Related Articles | Metrics

Select

Review of Fuzzing Based on Machine Learning WANG Juan, ZHANG Chong, GONG Jiaxin, LI Jun’e Netinfo Security    2023, 23 (8): 1-16.   DOI: 10.3969/j.issn.1671-1122.2023.08.001 Abstract （805）   HTML （209）    PDF （20467KB）（576）       Knowledge map    Fuzzing is one of the most popular vulnerability discovering techniques today. Traditional fuzzing often requires a lot of labor, which increases the application cycle of fuzzing. Besides, expert experience determines the effect of fuzzing. The wide application of machine learning has enabled machine learning techniques to be applied to software security testing. Many research works use machine learning to optimize the fuzzing process, making up for many defects of traditional fuzzing technology. This paper provided a review of fuzzing based on machine learning. Firstly, common vulnerability discovery methods, fuzzing process and classification, and the shortcomings of traditional fuzzing were summarized. Then, from the perspective of test case generation, mutation, screening, and scheduling of fuzzing, this paper focused on the application research of machine learning methods in fuzzing, as well as the research work on combining machine learning and fuzzing to realize other functions. Finally, based on the existing work, this paper analyzed and summarized the limitations and challenges in the current research work, and prospected the future development directions of this field. Table and Figures | Reference | Related Articles | Metrics

Select

Overview of Research on the Revocable Mechanism of Attribute-Based Encryption LI Li, ZHU Jiangwen, YANG Chunyan Netinfo Security    2023, 23 (4): 39-50.   DOI: 10.3969/j.issn.1671-1122.2023.04.005 Abstract （787）   HTML （79）    PDF （14235KB）（499）       Knowledge map    Attribute-based encryption is an important cryptographic technique for achieving fine-grained access control of data files in group communication systems. However, addressing the revocation of users or attributes is crucial due to the existence of user joining, exiting, and attribute changing in group communication systems. Based on the classification and construction of revocable attribute-based encryption schemes, this paper focused on the research progress and development of revocable attribute-based encryption schemes. This paper provided a comprehensive analysis and comparison of existing revocable attribute-based encryption schemes from three revocation mechanisms: direct revocation, indirect revocation, and hybrid revocation. At the same time, discussing the shortcomings and issues of revocable attribute-based encryption mechanisms and possible future directions. Table and Figures | Reference | Related Articles | Metrics

Select

A Survey of Cyber Security Open-Source Intelligence Knowledge Graph WANG Xiaodi, HUANG Cheng, LIU Jiayong Netinfo Security    2023, 23 (6): 11-21.   DOI: 10.3969/j.issn.1671-1122.2023.06.002 Abstract （621）   HTML （81）    PDF （13519KB）（382）       Knowledge map    With the development of informatization, a large amount of cyber security information is generated online every day. However, the majority of security intelligence consists of multi-source and heterogeneous text data that are challenging to directly analyze and apply. Therefore, the introduction of a knowledge graph assumes paramount significance in order to facilitate profound semantic knowledge mining and enable intelligent reasoning analysis. On this basis, this paper first described how the cybersecurity knowledge graph was built. Then, it outlined the core technologies of the knowledge graph and related research work, including information extraction and knowledge reasoning. Finally, the challenges of building a cybersecurity knowledge graph were discussed, and some directions for further research were suggested. Table and Figures | Reference | Related Articles | Metrics

Select

A Large Language Model Based SQL Injection Attack Detection Method HUANG Kaijie, WANG Jian, CHEN Jiongyi Netinfo Security    2023, 23 (11): 84-93.   DOI: 10.3969/j.issn.1671-1122.2023.11.009 Abstract （572）   HTML （79）    PDF （12178KB）（350）       Knowledge map    The SQL injection attack, widely employed by attackers, poses a significant threat to cyberspace security. Traditional detection methods for SQL injection attacks include rule-based and machine learning-based method, suffering from limited applicability and high false positive rates. This paper proposed a large language model-based method for detecting SQL injection attacks. By applying prompt engineering and instruction fine-tuning techniques, a specialized large language model for SQL injection attack detection was developed; Additionally, the impact of iteration rounds, the number of fine-tuning samples and inference parameters on model performance was analyzed to enhance the detection capability of large language models; Leveraging the robust semantic understanding capability of the large language model significantly reduced the false positive rate. This paper conduct experimental analysis on a specialized large language model for SQL injection attack detection that we proposed, using the Kaggle dataset. The model achievedes an accuracy rate of over 99.85%, a false alarm rate of less than 0.2%, and an F1 score of 0.999. Compared to the current state-of-the-art methods for SQL injection attack detection, our model demonstrates a significant improvement in detection performance. Table and Figures | Reference | Related Articles | Metrics

Select

Hardware Design and Implementation of Number Theoretic Transform in Post-Quantum Cryptography XIAO Hao, ZHAO Yanrui, HU Yue, LIU Xiaofan Netinfo Security    2023, 23 (4): 72-79.   DOI: 10.3969/j.issn.1671-1122.2023.04.008 Abstract （571）   HTML （31）    PDF （8696KB）（391）       Knowledge map    Number theoretic transform (NTT) is a key component of post-quantum cryptography algorithms, and its computing performance is critical to the running speed of the system. Compared with the classical NTT algorithm, the high-radix NTT algorithm can achieve better computational performance. In order to solve the problems of lengthy computing flow and complex control logic in the hardware implementation of high-radix NTT, this paper proposed a high-performance radix-4 NTT hardware architecture based on pipeline structure. Firstly, based on the classical NTT algorithm, a radix-4 recursive NTT was derived to facilitate hardware implementation, which simplified the computing flow of the high-radix algorithm. Secondly, a single-path delay feedback structure was presented to effectively pipeline the algorithm flow and reduced the complexity of the hardware architecture. Finally, the radix-4 butterfly unit was realized by coupling two-stage butterfly operations, and the reduction was optimized by using shift operations and additions, which could reduce the overhead of hardware resources. Taking the post-quantum cryptography algorithm falcon as an example, the proposed NTT hardware architecture has been implemented on Xilinx Artix-7 FPGA. The experimental results show that the proposed design has good performance in computing speed and hardware resources overhead compared to the related designs. Table and Figures | Reference | Related Articles | Metrics

Select

A Survey of Large Language Models in the Domain of Cybersecurity ZHANG Changlin, TONG Xin, TONG Hui, YANG Ying Netinfo Security    2024, 24 (5): 778-793.   DOI: 10.3969/j.issn.1671-1122.2024.05.011 Abstract （554）   HTML （275）    PDF （20073KB）（414）       Knowledge map    In recent years, with the rapid advancement of large language model technology, its application potential in various fields such as healthcare and law has become evident, simultaneously pointing to new directions for progress in the field of cybersecurity. This paper began by providing an overview of the foundational theories behind the design principles, training mechanisms, and core characteristics of large language models, offering the necessary background knowledge to readers. It then delved into the role of large language models in enhancing the capabilities to identify and respond to the growing threats online, detailing research progress in areas such as penetration testing, code security audit, social engineering attacks, and the assessment of professional cybersecurity knowledge. Finally, it analyzed the challenges related to security, cost, and interpretability of this technology, and looked forward to the future development direction. Table and Figures | Reference | Related Articles | Metrics

Select

A Smart Grid Intrusion Detection Model for Secure and Efficient Federated Learning LIU Changjie, SHI Runhua Netinfo Security    2023, 23 (4): 90-101.   DOI: 10.3969/j.issn.1671-1122.2023.04.010 Abstract （516）   HTML （153）    PDF （13787KB）（231）       Knowledge map    The rapid development of smart grids has led to more efficient power transmission, and the high level of integration of grid systems and ICTs has exposed power systems to more cyber threats. Intrusion detection has received a lot of attention as an effective method to detect cyber attacks, and most of the existing schemes are based on the strong assumption that a single organization has enough high-quality attack examples and is willing to share their data. However, in real life, individual institutions not only generate a small amount of data but also have individual characteristics and are usually not willing to share their data, and using such single institution data is not sufficient to train a general model with high accuracy. In view of this, this paper proposed a secure and efficient approach for smart grid intrusion detection. Specifically, first, a federated learning framework was introduced to collaboratively train a generic intrusion detection model to protect the security of local data and allow indirect expansion of the data volume; Second, a secure communication protocol was designed to protect the security of model parameters in training and prevent eavesdroppers from eavesdropping on them for inference attacks; Finally, by selecting a good client for global aggregation, the fast convergence of the model was guaranteed and the number of participants was reduced to reduce the communication bandwidth. The experimental results show that the accuracy of intrusion detection is improved, data privacy is protected, and communication cost is reduced while ensuring model convergence. Table and Figures | Reference | Related Articles | Metrics

Select

Data Augmentation Method via Large Language Model for Relation Extraction in Cybersecurity LI Jiao, ZHANG Yuqing, WU Yabiao Netinfo Security    2024, 24 (10): 1477-1483.   DOI: 10.3969/j.issn.1671-1122.2024.10.001 Abstract （485）   HTML （1828）    PDF （8545KB）（254）       Knowledge map    Relationship extraction technology can be used for threat intelligence mining and analysis, providing crucial information support for network security defense. However, relationship extraction tasks in cybersecurity face the problem of dataset deficiency. In recent years, large language model has shown its superior text generation ability, providing powerful technical support for data augmentation tasks. In order to compensate for the shortcomings of traditional data augmentation methods in terms of accuracy and diversity, this paper proposed a data augmentation method via large language model for relation extraction in cybersecurity named MGDA. MGDA used large language model to enhance the original data from four granularities of words, phrases, grammar, and semantics in order to ensure accuracy while improving diversity. The experimental results show that the proposed data augmentation method in this paper effectively improves the effectiveness of relationship extraction tasks in cybersecurity and diversity of generated data. Table and Figures | Reference | Related Articles | Metrics

Select

Research on Anonymous Traffic Classification Method Based on Machine Learning ZHAO Xiaolin, WANG Qiyao, ZHAO Bin, XUE Jingfeng Netinfo Security    2023, 23 (5): 1-10.   DOI: 10.3969/j.issn.1671-1122.2023.05.001 Abstract （484）   HTML （66）    PDF （10333KB）（420）       Knowledge map    Anonymous communication tools not only protect users’ privacy, but also provide shelter for crimes, making it more difficult to purify and supervise the network environment. Classification of anonymous traffic generated during information exchange in anonymous networks can refine the scope of network supervision. Aiming at the problems of insufficient granularity of traffic classification and low accuracy of anonymous traffic classification in the application layer in the existing anonymous traffic classification field, this paper proposed an application layer multi classification method for anonymous traffic based on machine learning. It included the feature extraction model based on auto-encoder and random forest, and the anonymous traffic multi classification model based on convolutional neural networks and XGBoost. The classification effect is improved through feature reconstruction and model combination, and is verified on Anon17 public anonymous traffic dataset, proving the usability, effectiveness and accuracy of the designed model. Table and Figures | Reference | Related Articles | Metrics

Select

New Research Progress on Intrusion Detection Techniques for the Internet of Things FENG Guangsheng, JIANG Shunpeng, HU Xianlang, MA Mingyu Netinfo Security    2024, 24 (2): 167-178.   DOI: 10.3969/j.issn.1671-1122.2024.02.001 Abstract （482）   HTML （305）    PDF （15179KB）（586）       Knowledge map    Compared to traditional intrusion detection mechanisms, the intelligent intrusion detection technology can fully extract data features, demonstrating higher detection efficiency, however, it also imposes greater demands on data sample labels. Considering data sample labels, this article provided a comprehensive review of the latest developments in the intrusion detection technology for the Internet of things(IoT) from the perspectives of supervised and unsupervised learning. Firstly, it outlined signature-based intrusion detection methods and analyzed recent traditional machine learning based intrusion detection methods based on the classification of supervised and unsupervised learning. Then, it analyzed recent deep learning based intrusion detection methods based on supervised, unsupervised, generative adversarial network, and deep reinforcement learning, respectively. Finally, it summarized the research challenges and future trends in the IoT intrusion detection technology. Table and Figures | Reference | Related Articles | Metrics

Select

A False Data Injection Attack Detecting and Compensating Method XIE Ying, ZENG Zhu, HU Wei, DING Xuyang Netinfo Security    2023, 23 (6): 22-33.   DOI: 10.3969/j.issn.1671-1122.2023.06.003 Abstract （459）   HTML （33）    PDF （15071KB）（231）       Knowledge map    To accurately detect false data injection attacks in industrial control networks and quickly compensate for their impact on the system, this paper proposed an attack detecting and compensating method based on state estimation. The method constructed a sequence Kalman filter to optimally estimate the state vector based on the mathematical model of the industrial control system. Additionally, a double-judgment mechanism was designed to eliminate unstable states caused by noise and perturbation. Furthermore, the paper proposed a multi-step estimating attack compensation strategy that utilized the previously measured data in the safe state to provide a compensation control signal for the system. The experimental results conducted on the load frequency control system of the dual-area interconnected power system demonstrate the effectiveness of the proposed method in detecting and compensating for false data injection attacks. Moreover, the method outperforms the comparison algorithms in terms of frequency deviation control and control signal compensation. Table and Figures | Reference | Related Articles | Metrics

Select

Security Analysis of Cryptographic Application Code Generated by Large Language Model GUO Xiangxin, LIN Jingqiang, JIA Shijie, LI Guangzheng Netinfo Security    2024, 24 (6): 917-925.   DOI: 10.3969/j.issn.1671-1122.2024.06.009 Abstract （452）   HTML （56）    PDF （19521KB）（223）       Knowledge map    With the extensive application of large language model(LLM) in software development, the role in enhancing development efficiency has also introduced new security risks, particularly in the field of cryptography applications that demand high security. This paper proposed an open-source prompt dataset named LLMCryptoSE, containing 460 natural language description prompts of cryptographic scenarios. It aimed to assess the security of code generated by LLM for cryptographic applications. At the same time, through an in-depth analysis of code snippets generated by LLM, this paper primarily evaluated the misuse of cryptographic API, employing the methodology that combined the static analysis tool CryptoGuard with manual review to conduct a detailed evlatuation of 1380 code snippets. The assessment of three mainstream LLM, including ChatGPT 3.5, ERNIE 3.5, and Spark 3.5, revealed that 52.90% of the code snippets contained at least one instance of cryptographic misuse, with Spark 3.5 showing a relatively better performance with a misuse rate of 48.48%. Based on these findings, the study not only reveals the current challenges in cryptographic application security faced by LLM, but also offers a series of recommendations for LLM users and developers to enhance security. These are aims at providing practical guidance for improving the application of LLM in cryptographic fields. Table and Figures | Reference | Related Articles | Metrics

Select

A Hybrid Method of Joint Entropy and Multiple Clustering Based DDoS Detection in SDN WANG Zhi, ZHANG Hao, Jason GU Netinfo Security    2023, 23 (10): 1-7.   DOI: 10.3969/j.issn.1671-1122.2023.10.001 Abstract （445）   HTML （60）    PDF （8370KB）（314）       Knowledge map    Software Defined Networking (SDN), an emerging networking paradigm, has introduced more severe Distributed Denial of Service attacks (DDoS) along with convenience. Existing works typically use machine learning models to detect DDoS attacks, but ignore the additional overhead that models impose on SDN controllers. In order to detect DDoS attacks more efficiently and accurately, this paper adoptd a strategy of multi-level detection modules: the first-level module detectd suspicious traffic by calculating the joint entropy of the traffic in the current window; the second-level module used a semi- supervised model that used techniques such as feature selection, multi-training algorithms, and multiple clustering to improve detection performance by training multiple local models. Compared with other existing models, this model performs best on multiple data sets and has better detection accuracy and generalization ability. Table and Figures | Reference | Related Articles | Metrics

Select

HTTP Payload Covert Channel Detection Method Based on Deep Learning YUAN Wenxin, CHEN Xingshu, ZHU Yi, ZENG Xuemei Netinfo Security    2023, 23 (7): 53-63.   DOI: 10.3969/j.issn.1671-1122.2023.07.006 Abstract （433）   HTML （31）    PDF （13136KB）（138）       Knowledge map    Aiming at the problem that existing network traffic statistical features and packet payload features cannot effectively detect HTTP payload covert channels, this article proposed a convolutional neural network detection method based on session flow payload representation. First, packets generated by HTTP communication were aggregated into bidirectional session flows based on five-tuple and expiration time conditions. Then, selected a set of packets that can reflect the communication interaction behavior and session flow structure, extract the original byte sequence of their transport layer payload, forming a session flow payload representing each HTTP session flow. Finally, the detection model was constructed using 2D-CNN that can fully mine temporal and spatial dimensional information in byte sequences. Experimental results show that the proposed session flow payload representation method can depict HTTP traffic from more perspectives than the session flow packet payload representation method, thereby providing more useful information for the detection task. The detection rate of the proposed method is as high as 99%, which is better than traditional machine learning detection methods based on network flow behavior statistical features. Table and Figures | Reference | Related Articles | Metrics

Select

Network Anomaly Detection Based on Dual Graph Convolutional Network and Autoencoders QIN Zhongyuan, MA Nan, YU Yacong, CHEN Liquan Netinfo Security    2023, 23 (9): 1-11.   DOI: 10.3969/j.issn.1671-1122.2023.09.001 Abstract （428）   HTML （255）    PDF （13563KB）（239）       Knowledge map    Considering the application of graph neural networks in the field of network anomaly detection mostly focused on the extraction of single point features, while ignoring the correlation features between continuous messages. This paper proposed a network anomaly detection method based on dual graph convolutional networks and autoencoders. This method first constructed the graph and divided the subgraph of the communication data, then sent the subgraph into the two-layer graph convolution neural network to extract the features of points and edges respectively, and finally used the unsupervised learning method to train the divided subgraph. In the experimental part, through the iterative experiment on the subgraph division time interval and iteration times, the subgraph division time interval and iteration times with the best effect were obtained. Comparative experiments with traditional algorithms on three data sets showed that our scheme is more accurate and has stronger generalization. Table and Figures | Reference | Related Articles | Metrics

Select

A Review of Network Anomaly Detection Based on Semi-Supervised Learning ZHANG Hao, XIE Dazhi, HU Yunsheng, YE Junwei Netinfo Security    2024, 24 (4): 491-508.   DOI: 10.3969/j.issn.1671-1122.2024.04.001 Abstract （420）   HTML （57）    PDF （22842KB）（301）       Knowledge map    The acquisition of network traffic data is relatively easy, while marking the traffic data is comparatively challenging. Semi-supervised learning utilizes a small amount of labeled data and a large amount of unlabeled data for training, reducing the demand for labeled data and effectively adapting to anomaly detection in massive network traffic data. This paper conducted an in-depth investigation into the field of semi-supervised network anomaly detection in recent years. Firstly, it introduced some basic concepts and thoroughly analyzes the necessity of using semi-supervised learning strategies in network anomaly detection. Then, from the perspectives of semi-supervised machine learning, semi-supervised deep learning, and the combination of semi-supervised learning with other paradigms, it analyzed and compared the recent literature on semi-supervised network anomaly detection and summarized the findings. Finally, the current status and future prospects of the field of semi-supervised network anomaly detection were analyzed. Table and Figures | Reference | Related Articles | Metrics

Select

Anomaly Traffic Detection Based on Deep Metric Learning ZHANG Qiang, HE Junjiang, LI Wenshan, LI Tao Netinfo Security    2024, 24 (3): 462-472.   DOI: 10.3969/j.issn.1671-1122.2024.03.011 Abstract （417）   HTML （58）    PDF （13232KB）（289）       Knowledge map    The identification of network anomalous traffic is one of the important tasks of cyber security nowadays. However, traditional traffic classification models are trained based on traffic data, and most of the traffic data are unevenly distributed, leading to fuzzy classification boundaries, which will greatly limits the classification performance of the model. In order to solve the above problems, this paper proposed a deep metric learning based abnormal traffic detection method. Firstly, a new double-proxy mechanism was designed to improve the efficiency of model training by guiding the optimization direction of updateable proxy through the target proxy compared with the traditional deep metric learning algorithm of single proxy for each category, and to enhance the ability of aggregating traffic data of the same category and separating traffic data of different categories to minimize the intra-class distance and maximized the inter-class distance, which in turn maked the classification of data boundaries more clearly, breaking the performance bottleneck of traditional traffic classification models. Secondly, this paper built neural networks based on 1D-CNN and Bi-LSTM, which can efficiently extract traffic features from spatial and temporal perspectives. The experimental results show that the intra-class distance of NSL-KDD traffic data is significantly reduced and the inter-class distance is significantly increased after the model processing. The intra-class distance decreased by 73.5% compared to the original intra-class distance and the inter-class distance increased by 52.7% compared to the original inter-class distance. And the neural network built in this paper is compared to the widely used deep residual network for deep metric learning with shorter training time and better results. Applying the model proposed in this paper to the traffic classification task on the NSL-KDD and CICIDS2017 datasets, the classification effect is also significantly improved compared to the traditional traffic classification algorithms. Table and Figures | Reference | Related Articles | Metrics

Select

Automatic Modulation Recognition Algorithm Based on Multi-Channel Joint Learning ZHAO Caidan, CHEN Jingqian, WU Zhiqiang Netinfo Security    2023, 23 (4): 20-29.   DOI: 10.3969/j.issn.1671-1122.2023.04.003 Abstract （416）   HTML （31）    PDF （11917KB）（171）       Knowledge map    Automatic modulation recognition technology can not only effectively improve the utilization rate of spectrum resources, but is also an effective way to identify illegal users. To further improve the performance of the recognition algorithm, the paper proposed a new asymmetric multichannel joint learning network by considering the connection between amplitude and phase features. The network used the amplitude, phase and the joint matrix of both as multi-channel input to achieve adaptive modulation coding by better extracting homogeneous and heterogeneous features in the amplitude and phase of the modulated signal using an asymmetric joint learning module without changing the number of parameters and computational speed. The experiments results show that the network proposed in the article achieves the highest recognition accuracy of 91.73% and 93.36% on the benchmark open source datasets RadioML2016.10a and RadioML2016.10b, respectively. Table and Figures | Reference | Related Articles | Metrics

Select

Review of Federal Learning and Offensive-Defensive Confrontation YANG Li, ZHU Lingbo, YU Yueming, MIAO Yinbin Netinfo Security    2023, 23 (12): 69-90.   DOI: 10.3969/j.issn.1671-1122.2023.12.008 Abstract （414）   HTML （154）    PDF （26484KB）（259）       Knowledge map    With the continuous development of machine learning technology, personal privacy issues have attracted widespread attention. Centralized learning is subject to a considerable degree of constraints due to the fact that user data is sent to the central node. Therefore, federal learning as a data can be completed locally. The framework of model training came into being. However, the federated learning mechanism will still be affected by various attacks and reduce the security and privacy. This paper started with the basic definition of federal learning, and then analyzed and summarized the threats and defense means in federal learning from two aspects of confidentiality and integrity. Finally, through these problems, the future development direction of this field was discussed. Table and Figures | Reference | Related Articles | Metrics