Top Read Articles

Published in last 1 year |

In last 2 years |

In last 3 years |

All

Please wait a minute...


For Selected: Download Citations EndNote Ris BibTeX Toggle Thumbnails

Select

Review of Research on Misbehavior Detection in VANET CAO Yue, LYU Chenchen, SUN Yaping, ZHANG Yu’ang Netinfo Security    2023, 23 (4): 10-19.   DOI: 10.3969/j.issn.1671-1122.2023.04.002 Abstract （738）   HTML （89）    PDF （13558KB）（316）       Knowledge map    The Internet of vehicles (IoV) has gradually penetrated into the lives of urban residents, while security threats such as remote malicious control of vehicles and leakage of personal information of vehicle owners have gradually been exposed in recent years. Compared with the security concern on devices and platform in vehicular Ad-hoc network (VANET), this paper focused on the security issues faced by the communication of VANET. Therefore, this paper systematically reviewed the literature on misbehavior detection mechanisms of VANET in recent years. Firstly, this paper analyzed the definition of misbehavior and summarized common threat models. Then, the classification of misbehavior detection mechanisms was discussed, including detection mechanisms based on message content, detection mechanisms based on message processing behavior, and detection mechanisms combined with sensors. Finally, this paper summarized open issues and possible future research trends in the current misbehavior detection mechanisms of VANET communication. Table and Figures | Reference | Related Articles | Metrics

Select

Review of Fuzzing Based on Machine Learning WANG Juan, ZHANG Chong, GONG Jiaxin, LI Jun’e Netinfo Security    2023, 23 (8): 1-16.   DOI: 10.3969/j.issn.1671-1122.2023.08.001 Abstract （731）   HTML （96）    PDF （20467KB）（548）       Knowledge map    Fuzzing is one of the most popular vulnerability discovering techniques today. Traditional fuzzing often requires a lot of labor, which increases the application cycle of fuzzing. Besides, expert experience determines the effect of fuzzing. The wide application of machine learning has enabled machine learning techniques to be applied to software security testing. Many research works use machine learning to optimize the fuzzing process, making up for many defects of traditional fuzzing technology. This paper provided a review of fuzzing based on machine learning. Firstly, common vulnerability discovery methods, fuzzing process and classification, and the shortcomings of traditional fuzzing were summarized. Then, from the perspective of test case generation, mutation, screening, and scheduling of fuzzing, this paper focused on the application research of machine learning methods in fuzzing, as well as the research work on combining machine learning and fuzzing to realize other functions. Finally, based on the existing work, this paper analyzed and summarized the limitations and challenges in the current research work, and prospected the future development directions of this field. Table and Figures | Reference | Related Articles | Metrics

Select

Overview of Research on the Revocable Mechanism of Attribute-Based Encryption LI Li, ZHU Jiangwen, YANG Chunyan Netinfo Security    2023, 23 (4): 39-50.   DOI: 10.3969/j.issn.1671-1122.2023.04.005 Abstract （717）   HTML （68）    PDF （14235KB）（444）       Knowledge map    Attribute-based encryption is an important cryptographic technique for achieving fine-grained access control of data files in group communication systems. However, addressing the revocation of users or attributes is crucial due to the existence of user joining, exiting, and attribute changing in group communication systems. Based on the classification and construction of revocable attribute-based encryption schemes, this paper focused on the research progress and development of revocable attribute-based encryption schemes. This paper provided a comprehensive analysis and comparison of existing revocable attribute-based encryption schemes from three revocation mechanisms: direct revocation, indirect revocation, and hybrid revocation. At the same time, discussing the shortcomings and issues of revocable attribute-based encryption mechanisms and possible future directions. Table and Figures | Reference | Related Articles | Metrics

Select

Anomaly Detection Model Based on Generative Adversarial Network and Autoencoder GUO Sensen, WANG Tongli, MU Dejun Netinfo Security    2022, 22 (12): 7-15.   DOI: 10.3969/j.issn.1671-1122.2022.12.002 Abstract （642）   HTML （41）    PDF （12429KB）（282）       Knowledge map    In recent years, machine learning, especially deep learning algorithms, has been widely used in the field of network traffic intrusion detection, the distribution of dataset sample categories is an important factor affecting the performance of machine learning algorithms. To address the problem of diverse network attack categories and uneven distribution of existing network traffic dataset categories, this paper proposed a network traffic anomaly detection model based on generative adversarial networks and self-encoders. Firstly, a conditional generative adversarial network based on Wasserstein distance was used to resample the minority categories in the original network traffic data. Secondly, the resampled data were reconstructed using a stacked denoising self-encoder to obtain potential information of the data. Finally, the encoder network combined with a Softmax network was used to identify anomalous network traffic data. Experiments are conducted on the NSL-KDD intrusion detection dataset, and the experimental results show that proposed anomaly detection model can effectively improve the recognition rate of minority categories. Table and Figures | Reference | Related Articles | Metrics

Select

A Survey of Cyber Security Open-Source Intelligence Knowledge Graph WANG Xiaodi, HUANG Cheng, LIU Jiayong Netinfo Security    2023, 23 (6): 11-21.   DOI: 10.3969/j.issn.1671-1122.2023.06.002 Abstract （545）   HTML （73）    PDF （13519KB）（354）       Knowledge map    With the development of informatization, a large amount of cyber security information is generated online every day. However, the majority of security intelligence consists of multi-source and heterogeneous text data that are challenging to directly analyze and apply. Therefore, the introduction of a knowledge graph assumes paramount significance in order to facilitate profound semantic knowledge mining and enable intelligent reasoning analysis. On this basis, this paper first described how the cybersecurity knowledge graph was built. Then, it outlined the core technologies of the knowledge graph and related research work, including information extraction and knowledge reasoning. Finally, the challenges of building a cybersecurity knowledge graph were discussed, and some directions for further research were suggested. Table and Figures | Reference | Related Articles | Metrics

Select

Hardware Design and Implementation of Number Theoretic Transform in Post-Quantum Cryptography XIAO Hao, ZHAO Yanrui, HU Yue, LIU Xiaofan Netinfo Security    2023, 23 (4): 72-79.   DOI: 10.3969/j.issn.1671-1122.2023.04.008 Abstract （503）   HTML （30）    PDF （8696KB）（367）       Knowledge map    Number theoretic transform (NTT) is a key component of post-quantum cryptography algorithms, and its computing performance is critical to the running speed of the system. Compared with the classical NTT algorithm, the high-radix NTT algorithm can achieve better computational performance. In order to solve the problems of lengthy computing flow and complex control logic in the hardware implementation of high-radix NTT, this paper proposed a high-performance radix-4 NTT hardware architecture based on pipeline structure. Firstly, based on the classical NTT algorithm, a radix-4 recursive NTT was derived to facilitate hardware implementation, which simplified the computing flow of the high-radix algorithm. Secondly, a single-path delay feedback structure was presented to effectively pipeline the algorithm flow and reduced the complexity of the hardware architecture. Finally, the radix-4 butterfly unit was realized by coupling two-stage butterfly operations, and the reduction was optimized by using shift operations and additions, which could reduce the overhead of hardware resources. Taking the post-quantum cryptography algorithm falcon as an example, the proposed NTT hardware architecture has been implemented on Xilinx Artix-7 FPGA. The experimental results show that the proposed design has good performance in computing speed and hardware resources overhead compared to the related designs. Table and Figures | Reference | Related Articles | Metrics

Select

A Large Language Model Based SQL Injection Attack Detection Method HUANG Kaijie, WANG Jian, CHEN Jiongyi Netinfo Security    2023, 23 (11): 84-93.   DOI: 10.3969/j.issn.1671-1122.2023.11.009 Abstract （498）   HTML （74）    PDF （12178KB）（322）       Knowledge map    The SQL injection attack, widely employed by attackers, poses a significant threat to cyberspace security. Traditional detection methods for SQL injection attacks include rule-based and machine learning-based method, suffering from limited applicability and high false positive rates. This paper proposed a large language model-based method for detecting SQL injection attacks. By applying prompt engineering and instruction fine-tuning techniques, a specialized large language model for SQL injection attack detection was developed; Additionally, the impact of iteration rounds, the number of fine-tuning samples and inference parameters on model performance was analyzed to enhance the detection capability of large language models; Leveraging the robust semantic understanding capability of the large language model significantly reduced the false positive rate. This paper conduct experimental analysis on a specialized large language model for SQL injection attack detection that we proposed, using the Kaggle dataset. The model achievedes an accuracy rate of over 99.85%, a false alarm rate of less than 0.2%, and an F1 score of 0.999. Compared to the current state-of-the-art methods for SQL injection attack detection, our model demonstrates a significant improvement in detection performance. Table and Figures | Reference | Related Articles | Metrics

Select

Research on LSTM-Based CAN Intrusion Detection Model YIN Ying, ZHOU Zhihong, YAO Lihong Netinfo Security    2022, 22 (12): 57-66.   DOI: 10.3969/j.issn.1671-1122.2022.12.007 Abstract （497）   HTML （21）    PDF （13102KB）（197）       Knowledge map    The controller area network (CAN) is connected to the core electronic control units of the intelligent networked automobile system, which is crucial to ensure the safety of the vehicle system. But it is vulnerable to denial of service(DoS) attack, replay attack and fuzzy attack due to its lack of adequate information security measures and thus causes serious security threat for automobiles and drivers. In order to effectively detect whether the CAN bus was attacked, the security threats and communication features were analyzed, and a model of CAN intrusion detection based on long short term memory (LSTM) was proposed, which could preserve the timing characteristics of CAN messages and effectively perform intrusion detection and attack classification. The experimental results show that the detection accuracy of the model is 99.99%. Table and Figures | Reference | Related Articles | Metrics

Select

Blockchain Transaction Data Privacy-Preserving Scheme Supporting National Cryptographic Algorithm WANG Jingyu, MA Zhaofeng, XU Danheng, DUAN Pengfei Netinfo Security    2023, 23 (3): 84-95.   DOI: 10.3969/j.issn.1671-1122.2023.03.009 Abstract （486）   HTML （37）    PDF （15939KB）（287）       Knowledge map    With the development of blockchain technology, the realization of data sharing on the chain has become an important application to promote the implementation of the blockchain industry. The transaction data of the current blockchain is open and transparent on the chain, with problems of restricted sharing. At the same time, considering that the Hyperledger Fabric platform is limited in domestic applications due to the lack of support of the national cryptographic algorithm, this paper transformed the Fabric platform by adopting the national cryptographic algorithm firstly. Secondly, a transaction data privacy-preserving scheme was proposed to complete the security and limited sharing of transaction data with national cryptographic algorithm. Finally, the modified Fabric platform and the proposed solution were tested for system implementation and performance. The experimental results show that this paper completes the national cryptographic algorithm transformation of the Fabric platform, which ensures the correctness of various operations. The implementation efficiency and system performance of the privacy protection scheme also meet the practical requirements. Table and Figures | Reference | Related Articles | Metrics

Select

A Smart Grid Intrusion Detection Model for Secure and Efficient Federated Learning LIU Changjie, SHI Runhua Netinfo Security    2023, 23 (4): 90-101.   DOI: 10.3969/j.issn.1671-1122.2023.04.010 Abstract （466）   HTML （55）    PDF （13787KB）（219）       Knowledge map    The rapid development of smart grids has led to more efficient power transmission, and the high level of integration of grid systems and ICTs has exposed power systems to more cyber threats. Intrusion detection has received a lot of attention as an effective method to detect cyber attacks, and most of the existing schemes are based on the strong assumption that a single organization has enough high-quality attack examples and is willing to share their data. However, in real life, individual institutions not only generate a small amount of data but also have individual characteristics and are usually not willing to share their data, and using such single institution data is not sufficient to train a general model with high accuracy. In view of this, this paper proposed a secure and efficient approach for smart grid intrusion detection. Specifically, first, a federated learning framework was introduced to collaboratively train a generic intrusion detection model to protect the security of local data and allow indirect expansion of the data volume; Second, a secure communication protocol was designed to protect the security of model parameters in training and prevent eavesdroppers from eavesdropping on them for inference attacks; Finally, by selecting a good client for global aggregation, the fast convergence of the model was guaranteed and the number of participants was reduced to reduce the communication bandwidth. The experimental results show that the accuracy of intrusion detection is improved, data privacy is protected, and communication cost is reduced while ensuring model convergence. Table and Figures | Reference | Related Articles | Metrics

Select

Research on Proactive Generation Protocol of Beaver Triples LYU Kewei, CHEN Chi Netinfo Security    2022, 22 (12): 16-24.   DOI: 10.3969/j.issn.1671-1122.2022.12.003 Abstract （462）   HTML （4）    PDF （10055KB）（138）       Knowledge map    In secure multi-party computation, Beaver triples have been one of basic technique to realize the secure computation of addition and multiplication under secret sharing, which can make the number of protocol rounds reach the polynomial of the number of participating parties. This paper studied secure generation protocol of Beaver triples in the mobile adversary model. First, a computational security, effective two-party active Beaver triple generation protocol was designed based on Paillier public key cryptosystem, whose number of rounds was twice the number of renew operations and sent three ciphertexts of Paillier cryptosystem in each round. Then the effective n-party Beaver triplet initiative generation protocol for information theory security was designed using primary cryptographic tools such as Shamir secret sharing, where n ≥ 3, the total number of elements sent by the protocol was at most 6nκ+6n, and the number of execution rounds is not more than 2κ+2, where к was the number of sharing fragment updates and the number of adversary control participants does not exceed n-2. Finally, protocol design ideas were given for malicious adversary articles. Reference | Related Articles | Metrics

Select

Research on Anonymous Traffic Classification Method Based on Machine Learning ZHAO Xiaolin, WANG Qiyao, ZHAO Bin, XUE Jingfeng Netinfo Security    2023, 23 (5): 1-10.   DOI: 10.3969/j.issn.1671-1122.2023.05.001 Abstract （456）   HTML （65）    PDF （10333KB）（414）       Knowledge map    Anonymous communication tools not only protect users’ privacy, but also provide shelter for crimes, making it more difficult to purify and supervise the network environment. Classification of anonymous traffic generated during information exchange in anonymous networks can refine the scope of network supervision. Aiming at the problems of insufficient granularity of traffic classification and low accuracy of anonymous traffic classification in the application layer in the existing anonymous traffic classification field, this paper proposed an application layer multi classification method for anonymous traffic based on machine learning. It included the feature extraction model based on auto-encoder and random forest, and the anonymous traffic multi classification model based on convolutional neural networks and XGBoost. The classification effect is improved through feature reconstruction and model combination, and is verified on Anon17 public anonymous traffic dataset, proving the usability, effectiveness and accuracy of the designed model. Table and Figures | Reference | Related Articles | Metrics

Select

A Review of IDS Research in Smart Grid AMI Field JIN Zhigang, LIU Kai, WU Xiaodong Netinfo Security    2023, 23 (1): 1-8.   DOI: 10.3969/j.issn.1671-1122.2023.01.001 Abstract （446）   HTML （35）    PDF （9098KB）（219）       Knowledge map    As a key component of smart grid, advanced metering infrastructure (AMI) effectively supports important links such as real-time interactive distributed energy generation and storage in smart grid. However, the access of the network in AMI also puts the smart grid at severe security risks. In the field of AMI security, intrusion detection system (IDS) is widely used in AMI security protection due to its ability to actively detect attacks. By introducing the architecture of AMI, a key component of smart grid, this paper analyzed and determined the security weak points of AMI facing abnormal access. On this basis, this paper investigated the research status of connection-oriented and device-oriented IDS, detailed the application and development of IDS in the field of AMI in recent years, summarized and analyzed the problems that still exist in the field of IDS in the field of AMI, and gave a hierarchy outlook. Table and Figures | Reference | Related Articles | Metrics

Select

Vulnerability Similarity Algorithm Evaluation Based on NLP and Feature Fusion JIA Fan, KANG Shuya, JIANG Weiqiang, WANG Guangtao Netinfo Security    2023, 23 (1): 18-27.   DOI: 10.3969/j.issn.1671-1122.2023.01.003 Abstract （444）   HTML （23）    PDF （21216KB）（223）       Knowledge map    The study of vulnerability similarity helps security researchers to find solutions to new vulnerabilities from historical vulnerability information. The existing work on vulnerability similarity is not much, and the selection of its model is also lack of objective experimental data support. On this basis, this paper combined various word embedding technologies and deep learning auto-encoders to calculate semantic similarity from the perspective of vulnerability description text. At the same time, multi-dimensional feature data were extracted from public databases such as NVD, to calculate vulnerability feature similarity from the perspective of vulnerability features, and finally a dual angle vulnerability similarity measurement algorithm and evaluation scheme based on NLP and feature fusion was designed. Based on objective experimental analysis, the effects of various model combinations were compared from the aspects of numerical distribution, similarity discrimination, accuracy, etc. The final optimized model combination can obtain the highest F1 score of 0.927 in the determination of vulnerability similarity. Table and Figures | Reference | Related Articles | Metrics

Select

New Research Progress on Intrusion Detection Techniques for the Internet of Things FENG Guangsheng, JIANG Shunpeng, HU Xianlang, MA Mingyu Netinfo Security    2024, 24 (2): 167-178.   DOI: 10.3969/j.issn.1671-1122.2024.02.001 Abstract （426）   HTML （88）    PDF （15179KB）（555）       Knowledge map    Compared to traditional intrusion detection mechanisms, the intelligent intrusion detection technology can fully extract data features, demonstrating higher detection efficiency, however, it also imposes greater demands on data sample labels. Considering data sample labels, this article provided a comprehensive review of the latest developments in the intrusion detection technology for the Internet of things(IoT) from the perspectives of supervised and unsupervised learning. Firstly, it outlined signature-based intrusion detection methods and analyzed recent traditional machine learning based intrusion detection methods based on the classification of supervised and unsupervised learning. Then, it analyzed recent deep learning based intrusion detection methods based on supervised, unsupervised, generative adversarial network, and deep reinforcement learning, respectively. Finally, it summarized the research challenges and future trends in the IoT intrusion detection technology. Table and Figures | Reference | Related Articles | Metrics

Select

A Certificate-Based Digital Signature Scheme AN Haoyang, HE Debiao, BAO Zijian, PENG Cong Netinfo Security    2023, 23 (3): 13-21.   DOI: 10.3969/j.issn.1671-1122.2023.03.002 Abstract （422）   HTML （48）    PDF （11521KB）（241）       Knowledge map    Digital signature is an important tool to realize digital authentication. It has the characteristics of identity authentication, anti-repudiation, and anti-forgery. Therefore, it is widely used in current network communication, e-commerce and other scenarios. Certificate-based signature is a special signature algorithm that can solve both the certificate verification problem in traditional signature algorithms and the key escrow problem in identity-based signature algorithms. This paper proposed a certificate-based digital signature scheme. The certificate authority did not need to provide certificate status information to the entire system, but only needed to contact the certificate holder for revocation and renewal. The scheme proposed in this paper consisted of system initialization algorithm, user key generation algorithm, certificate authorization algorithm, signature algorithm and verification algorithm, and it was proved in the random oracle model that the scheme can resist both Type I and Type II adversaries. The existence of unforgeability under adaptive chosen message attack was satisfied. Compared with other certificate-based signature schemes, the scheme proposed in this paper has obvious advantages in communication overhead and is more suitable for application scenarios with limited communication resources. Table and Figures | Reference | Related Articles | Metrics

Select

A Hybrid Method of Joint Entropy and Multiple Clustering Based DDoS Detection in SDN WANG Zhi, ZHANG Hao, Jason GU Netinfo Security    2023, 23 (10): 1-7.   DOI: 10.3969/j.issn.1671-1122.2023.10.001 Abstract （406）   HTML （59）    PDF （8370KB）（304）       Knowledge map    Software Defined Networking (SDN), an emerging networking paradigm, has introduced more severe Distributed Denial of Service attacks (DDoS) along with convenience. Existing works typically use machine learning models to detect DDoS attacks, but ignore the additional overhead that models impose on SDN controllers. In order to detect DDoS attacks more efficiently and accurately, this paper adoptd a strategy of multi-level detection modules: the first-level module detectd suspicious traffic by calculating the joint entropy of the traffic in the current window; the second-level module used a semi- supervised model that used techniques such as feature selection, multi-training algorithms, and multiple clustering to improve detection performance by training multiple local models. Compared with other existing models, this model performs best on multiple data sets and has better detection accuracy and generalization ability. Table and Figures | Reference | Related Articles | Metrics

Select

A Survey of Large Language Models in the Domain of Cybersecurity ZHANG Changlin, TONG Xin, TONG Hui, YANG Ying Netinfo Security    2024, 24 (5): 778-793.   DOI: 10.3969/j.issn.1671-1122.2024.05.011 Abstract （405）   HTML （50）    PDF （20073KB）（332）       Knowledge map    In recent years, with the rapid advancement of large language model technology, its application potential in various fields such as healthcare and law has become evident, simultaneously pointing to new directions for progress in the field of cybersecurity. This paper began by providing an overview of the foundational theories behind the design principles, training mechanisms, and core characteristics of large language models, offering the necessary background knowledge to readers. It then delved into the role of large language models in enhancing the capabilities to identify and respond to the growing threats online, detailing research progress in areas such as penetration testing, code security audit, social engineering attacks, and the assessment of professional cybersecurity knowledge. Finally, it analyzed the challenges related to security, cost, and interpretability of this technology, and looked forward to the future development direction. Table and Figures | Reference | Related Articles | Metrics

Select

Lightweight IoT Intrusion Detection Method Based on Feature Selection LIU Xiangyu, LU Tianliang, DU Yanhui, WANG Jingxiang Netinfo Security    2023, 23 (1): 66-72.   DOI: 10.3969/j.issn.1671-1122.2023.01.008 Abstract （395）   HTML （24）    PDF （7891KB）（176）       Knowledge map    With the large-scale use of the Internet of Things (IoT), the security problem has become increasingly prominent. How to detect network attacks accurately and in real time in the IoT environment with limited resources is a key problem that needs to be solved urgently. Intrusion detection system based on network traffic features is a solution to the security of IoT. This solution remains the problem of the large number of features make training fast and lightweight detection models difficult. To address this issue, this paper proposed a feature selection technique based on Pearson correlation coefficient and variance expansion factor. In this method, traffic characteristics were selected under flow granularity, and normal and malicious traffic were classified by machine learning algorithm. The experimental results show that this method can quickly and effectively detect network attacks with limited resources, and the overall precision and recall reach 99.4%. Table and Figures | Reference | Related Articles | Metrics

Select

HTTP Payload Covert Channel Detection Method Based on Deep Learning YUAN Wenxin, CHEN Xingshu, ZHU Yi, ZENG Xuemei Netinfo Security    2023, 23 (7): 53-63.   DOI: 10.3969/j.issn.1671-1122.2023.07.006 Abstract （391）   HTML （28）    PDF （13136KB）（132）       Knowledge map    Aiming at the problem that existing network traffic statistical features and packet payload features cannot effectively detect HTTP payload covert channels, this article proposed a convolutional neural network detection method based on session flow payload representation. First, packets generated by HTTP communication were aggregated into bidirectional session flows based on five-tuple and expiration time conditions. Then, selected a set of packets that can reflect the communication interaction behavior and session flow structure, extract the original byte sequence of their transport layer payload, forming a session flow payload representing each HTTP session flow. Finally, the detection model was constructed using 2D-CNN that can fully mine temporal and spatial dimensional information in byte sequences. Experimental results show that the proposed session flow payload representation method can depict HTTP traffic from more perspectives than the session flow packet payload representation method, thereby providing more useful information for the detection task. The detection rate of the proposed method is as high as 99%, which is better than traditional machine learning detection methods based on network flow behavior statistical features. Table and Figures | Reference | Related Articles | Metrics