Top Read Articles

    Published in last 1 year |  In last 2 years |  In last 3 years |  All
    Please wait a minute...
    For Selected: Toggle Thumbnails
    Overview of the Research on Governance of Cross-Border Data Flow in China
    XIAO Xiaolei, ZHAO Xuelian
    Netinfo Security    2022, 22 (10): 45-51.   DOI: 10.3969/j.issn.1671-1122.2022.10.007
    Abstract891)   HTML47)    PDF (1318KB)(656)      

    The normalized development of cross-border data flows has brought impact and challenge to our country’s data security, the relevant research could provide a reference for enriching academic theory for exploring governance schemes for cross-border data flows in China. By using the method of systematic literature review, this paper expounded the research status of China’s cross-border data flow governance from the perspectives of interest concern, governance model and governance path. Through analyzing, the study found that the research on governance of cross-border data flow in China was still in primary stage, and it was necessary to establish a mechanism for balancing interests, explore a diversified cooperative governance model, and build a dual track governance path. In the future, the data governance criterion should be established with the overall view of national security, focus on the innovation of cross-border data compliance system construction, and explore the necessity evaluation system of data regulation measures.

    Table and Figures | Reference | Related Articles | Metrics
    Review of Research on Misbehavior Detection in VANET
    CAO Yue, LYU Chenchen, SUN Yaping, ZHANG Yu’ang
    Netinfo Security    2023, 23 (4): 10-19.   DOI: 10.3969/j.issn.1671-1122.2023.04.002
    Abstract828)   HTML94)    PDF (13558KB)(351)      

    The Internet of vehicles (IoV) has gradually penetrated into the lives of urban residents, while security threats such as remote malicious control of vehicles and leakage of personal information of vehicle owners have gradually been exposed in recent years. Compared with the security concern on devices and platform in vehicular Ad-hoc network (VANET), this paper focused on the security issues faced by the communication of VANET. Therefore, this paper systematically reviewed the literature on misbehavior detection mechanisms of VANET in recent years. Firstly, this paper analyzed the definition of misbehavior and summarized common threat models. Then, the classification of misbehavior detection mechanisms was discussed, including detection mechanisms based on message content, detection mechanisms based on message processing behavior, and detection mechanisms combined with sensors. Finally, this paper summarized open issues and possible future research trends in the current misbehavior detection mechanisms of VANET communication.

    Table and Figures | Reference | Related Articles | Metrics
    Review of Fuzzing Based on Machine Learning
    WANG Juan, ZHANG Chong, GONG Jiaxin, LI Jun’e
    Netinfo Security    2023, 23 (8): 1-16.   DOI: 10.3969/j.issn.1671-1122.2023.08.001
    Abstract826)   HTML209)    PDF (20467KB)(577)      

    Fuzzing is one of the most popular vulnerability discovering techniques today. Traditional fuzzing often requires a lot of labor, which increases the application cycle of fuzzing. Besides, expert experience determines the effect of fuzzing. The wide application of machine learning has enabled machine learning techniques to be applied to software security testing. Many research works use machine learning to optimize the fuzzing process, making up for many defects of traditional fuzzing technology. This paper provided a review of fuzzing based on machine learning. Firstly, common vulnerability discovery methods, fuzzing process and classification, and the shortcomings of traditional fuzzing were summarized. Then, from the perspective of test case generation, mutation, screening, and scheduling of fuzzing, this paper focused on the application research of machine learning methods in fuzzing, as well as the research work on combining machine learning and fuzzing to realize other functions. Finally, based on the existing work, this paper analyzed and summarized the limitations and challenges in the current research work, and prospected the future development directions of this field.

    Table and Figures | Reference | Related Articles | Metrics
    Differential-Linear Cryptanalysis of the SIMON Algorithm
    HU Yujia, DAI Zhengyi, SUN Bing
    Netinfo Security    2022, 22 (9): 63-75.   DOI: 10.3969/j.issn.1671-1122.2022.09.008
    Abstract825)   HTML21)    PDF (13167KB)(320)      

    Differential cryptanalysis and linear cryptanalysis are currently the two most common methods to evaluate the security of block ciphers. Differential-linear cryptanalysis is an analysis method based on these two methods, which has been widely studied by the cryptography community in recent years. SIMON algorithm is an important lightweight block cipher, this paper mainly performed differential-linear attacks on SIMON 32/64 and SIMON 48, constructed 13 rounds differential-linear distinguishers respectively, made 16 rounds of key recovery attacks, whose data complexities are 226 and 242, and time complexities are 240.59 and 261.59 respectively, thereby increased the security evaluation dimension of the SIMON algorithm and enriched the actual cases of differential-linear cryptanalysis.

    Table and Figures | Reference | Related Articles | Metrics
    Overview of Research on the Revocable Mechanism of Attribute-Based Encryption
    LI Li, ZHU Jiangwen, YANG Chunyan
    Netinfo Security    2023, 23 (4): 39-50.   DOI: 10.3969/j.issn.1671-1122.2023.04.005
    Abstract816)   HTML80)    PDF (14235KB)(511)      

    Attribute-based encryption is an important cryptographic technique for achieving fine-grained access control of data files in group communication systems. However, addressing the revocation of users or attributes is crucial due to the existence of user joining, exiting, and attribute changing in group communication systems. Based on the classification and construction of revocable attribute-based encryption schemes, this paper focused on the research progress and development of revocable attribute-based encryption schemes. This paper provided a comprehensive analysis and comparison of existing revocable attribute-based encryption schemes from three revocation mechanisms: direct revocation, indirect revocation, and hybrid revocation. At the same time, discussing the shortcomings and issues of revocable attribute-based encryption mechanisms and possible future directions.

    Table and Figures | Reference | Related Articles | Metrics
    Research on Dynamic Access Control Model of Sensitive Data Based on Zero Trust
    GUO Baoxia, WANG Jiahui, MA Limin, ZHANG Wei
    Netinfo Security    2022, 22 (6): 86-93.   DOI: 10.3969/j.issn.1671-1122.2022.06.009
    Abstract748)   HTML37)    PDF (1588KB)(688)      

    With the advent of the era of big data, the security of sensitive data has attracted increasing attention. At present, most of the existing systems consider the access subject’s identity to be trusted after successful authentication, but once the attacker uses the lost subject as a springboard to invade the network, he may steal or destroy sensitive data. Therefore, it is urgent to study a fine-grained and flexible access control mechanism to protect the sensitive information resources of the system. Based on zero trust architecture, this paper proposes a trust evaluation algorithm by analyzing the characteristics of access subject and access object of the current protected system. By acquiring multi-source attributes for dynamic trust evaluation, the algorithm can quickly reduce the trust value of the lost subject when it has abrupt behavior, and timely block the threat of the lost subject in the authentication. The system implements dynamic authorization through attribute encryption to reduce the possibility of excessive access to sensitive resources. Experimental results show that this model can realize dynamic control of access authorization, and ensure that the time and memory cost of the system are in a reasonable range.

    Table and Figures | Reference | Related Articles | Metrics
    Anomaly Detection Model Based on Generative Adversarial Network and Autoencoder
    GUO Sensen, WANG Tongli, MU Dejun
    Netinfo Security    2022, 22 (12): 7-15.   DOI: 10.3969/j.issn.1671-1122.2022.12.002
    Abstract738)   HTML42)    PDF (12429KB)(303)      

    In recent years, machine learning, especially deep learning algorithms, has been widely used in the field of network traffic intrusion detection, the distribution of dataset sample categories is an important factor affecting the performance of machine learning algorithms. To address the problem of diverse network attack categories and uneven distribution of existing network traffic dataset categories, this paper proposed a network traffic anomaly detection model based on generative adversarial networks and self-encoders. Firstly, a conditional generative adversarial network based on Wasserstein distance was used to resample the minority categories in the original network traffic data. Secondly, the resampled data were reconstructed using a stacked denoising self-encoder to obtain potential information of the data. Finally, the encoder network combined with a Softmax network was used to identify anomalous network traffic data. Experiments are conducted on the NSL-KDD intrusion detection dataset, and the experimental results show that proposed anomaly detection model can effectively improve the recognition rate of minority categories.

    Table and Figures | Reference | Related Articles | Metrics
    Research and Implementation of Cross-Chain Security Access and Identity Authentication Scheme of Blockchain
    WANG Shushuang, MA Zhaofeng, LIU Jiawei, LUO Shoushan
    Netinfo Security    2022, 22 (6): 61-72.   DOI: 10.3969/j.issn.1671-1122.2022.06.007
    Abstract645)   HTML31)    PDF (1399KB)(456)      

    This paper proposes a blockchain cross-chain secure access and identity authentication scheme. Aiming at the research on access chain secure access and cross-chain identity authentication in cross-chain technology, a secure cross-chain model architecture is designed. The digital identity is used as the global identifier of the whole cross chain network of the blockchain to complete the identity identification of cross-chain transactions. A cross-chain identity authentication scheme of IBE based on relay chain is proposed. The access chain security access and cross-chain identity authentication are carried out through relay chain. At the same time, the transaction information of the two chains carrying out cross-chain transactions is encrypted and transmitted by using security key negotiation strategy, so as to ensure the anonymity security of transaction information and solve the problems of security and isolated data island in the existing cross-chain model. Finally, the experimental analysis and evaluation show that the scheme is safe and feasible.

    Table and Figures | Reference | Related Articles | Metrics
    A Survey of Cyber Security Open-Source Intelligence Knowledge Graph
    WANG Xiaodi, HUANG Cheng, LIU Jiayong
    Netinfo Security    2023, 23 (6): 11-21.   DOI: 10.3969/j.issn.1671-1122.2023.06.002
    Abstract641)   HTML83)    PDF (13519KB)(392)      

    With the development of informatization, a large amount of cyber security information is generated online every day. However, the majority of security intelligence consists of multi-source and heterogeneous text data that are challenging to directly analyze and apply. Therefore, the introduction of a knowledge graph assumes paramount significance in order to facilitate profound semantic knowledge mining and enable intelligent reasoning analysis. On this basis, this paper first described how the cybersecurity knowledge graph was built. Then, it outlined the core technologies of the knowledge graph and related research work, including information extraction and knowledge reasoning. Finally, the challenges of building a cybersecurity knowledge graph were discussed, and some directions for further research were suggested.

    Table and Figures | Reference | Related Articles | Metrics
    Construction of Crime Predicting Model Based on Macro Data of Society
    XU Boyang, WANG Dawei, TANG He, JIN Yifeng
    Netinfo Security    2022, 22 (10): 114-120.   DOI: 10.3969/j.issn.1671-1122.2022.10.016
    Abstract637)   HTML36)    PDF (2352KB)(376)      

    The fluctuation of crime is affected by various macro social factors. Scientific predicting of the regular patterns of crime is undoubtedly of great guiding value for the organizations of social governing. Based on criminological theories and six sides elastic equilibrium model, the current study utilized social structure variables and crime rates’ data in Chinese statistical yearbook from 2001 to 2021 and the major analysing method of Granger causality test to construct the six sides elastic equilibrium model for crime predicting in China. Results showed that education level, urbanization’s rate, population mobility, GDP per capita, gender structure and population’s number had significant effects on crime rates in China. The determining coefficient of crime rates in 2025, 2027, 2031, 2032, 2033 and 2035 may break through the warning line of stable standardization. The conclusion aims to provide systematic suggestions for social governing departments on the application of prediction via big data, transformation of social structure under the background of normalization of pandemic prevention, and crime control in cyberspace.

    Table and Figures | Reference | Related Articles | Metrics
    A Large Language Model Based SQL Injection Attack Detection Method
    HUANG Kaijie, WANG Jian, CHEN Jiongyi
    Netinfo Security    2023, 23 (11): 84-93.   DOI: 10.3969/j.issn.1671-1122.2023.11.009
    Abstract623)   HTML83)    PDF (12178KB)(357)      

    The SQL injection attack, widely employed by attackers, poses a significant threat to cyberspace security. Traditional detection methods for SQL injection attacks include rule-based and machine learning-based method, suffering from limited applicability and high false positive rates. This paper proposed a large language model-based method for detecting SQL injection attacks. By applying prompt engineering and instruction fine-tuning techniques, a specialized large language model for SQL injection attack detection was developed; Additionally, the impact of iteration rounds, the number of fine-tuning samples and inference parameters on model performance was analyzed to enhance the detection capability of large language models; Leveraging the robust semantic understanding capability of the large language model significantly reduced the false positive rate. This paper conduct experimental analysis on a specialized large language model for SQL injection attack detection that we proposed, using the Kaggle dataset. The model achievedes an accuracy rate of over 99.85%, a false alarm rate of less than 0.2%, and an F1 score of 0.999. Compared to the current state-of-the-art methods for SQL injection attack detection, our model demonstrates a significant improvement in detection performance.

    Table and Figures | Reference | Related Articles | Metrics
    A Survey of Large Language Models in the Domain of Cybersecurity
    ZHANG Changlin, TONG Xin, TONG Hui, YANG Ying
    Netinfo Security    2024, 24 (5): 778-793.   DOI: 10.3969/j.issn.1671-1122.2024.05.011
    Abstract601)   HTML278)    PDF (20073KB)(445)      

    In recent years, with the rapid advancement of large language model technology, its application potential in various fields such as healthcare and law has become evident, simultaneously pointing to new directions for progress in the field of cybersecurity. This paper began by providing an overview of the foundational theories behind the design principles, training mechanisms, and core characteristics of large language models, offering the necessary background knowledge to readers. It then delved into the role of large language models in enhancing the capabilities to identify and respond to the growing threats online, detailing research progress in areas such as penetration testing, code security audit, social engineering attacks, and the assessment of professional cybersecurity knowledge. Finally, it analyzed the challenges related to security, cost, and interpretability of this technology, and looked forward to the future development direction.

    Table and Figures | Reference | Related Articles | Metrics
    Hardware Design and Implementation of Number Theoretic Transform in Post-Quantum Cryptography
    XIAO Hao, ZHAO Yanrui, HU Yue, LIU Xiaofan
    Netinfo Security    2023, 23 (4): 72-79.   DOI: 10.3969/j.issn.1671-1122.2023.04.008
    Abstract592)   HTML31)    PDF (8696KB)(399)      

    Number theoretic transform (NTT) is a key component of post-quantum cryptography algorithms, and its computing performance is critical to the running speed of the system. Compared with the classical NTT algorithm, the high-radix NTT algorithm can achieve better computational performance. In order to solve the problems of lengthy computing flow and complex control logic in the hardware implementation of high-radix NTT, this paper proposed a high-performance radix-4 NTT hardware architecture based on pipeline structure. Firstly, based on the classical NTT algorithm, a radix-4 recursive NTT was derived to facilitate hardware implementation, which simplified the computing flow of the high-radix algorithm. Secondly, a single-path delay feedback structure was presented to effectively pipeline the algorithm flow and reduced the complexity of the hardware architecture. Finally, the radix-4 butterfly unit was realized by coupling two-stage butterfly operations, and the reduction was optimized by using shift operations and additions, which could reduce the overhead of hardware resources. Taking the post-quantum cryptography algorithm falcon as an example, the proposed NTT hardware architecture has been implemented on Xilinx Artix-7 FPGA. The experimental results show that the proposed design has good performance in computing speed and hardware resources overhead compared to the related designs.

    Table and Figures | Reference | Related Articles | Metrics
    Survey on Application of Machine Learning in Disassembly on x86 Binaries
    WANG Juan, WANG Yunru, WENG Bin, GONG Jiaxin
    Netinfo Security    2022, 22 (6): 9-25.   DOI: 10.3969/j.issn.1671-1122.2022.06.002
    Abstract591)   HTML46)    PDF (1393KB)(433)      

    Binary disassembly technology is the core of vulnerability finding, control flow integrity and code similarity measurement. Traditional disassembly techniques highly rely on predefined heuristics and expert knowledge, and its application effect of identifying function boundaries, variable types and reconstructing control flow graphs and other tasks are not good enough. The development of machine learning in handling sequential and graphical data has enabled machine learning to be applied to binary analysis and make up for the defects of the traditional disassembly techniques, thus promoting the researches of binary reverse analysis. This paper focused on the application of machine learning in disassembly on x86 binaries and analyzed in-depth the research work related to function identification, function signature recovery and data flow reconstruction. Firstly, the traditional methods and challenges of disassembly on x86 binaries were summarized comprehensively. Secondly, the general workflow of machine learning in disassembly on x86 binaries including binary feature extraction, vectorization, and model training was distilled. This paper classified the methodologies of feature extraction and vectorization based on the feature contents and embedded approaches respectively, and subsequently summarized the significant techniques of model training utilized in specific disassembly tasks. Finally, the limitations and challenges of current work were concluded, and the future research directions were elaborated.

    Table and Figures | Reference | Related Articles | Metrics
    Research on LSTM-Based CAN Intrusion Detection Model
    YIN Ying, ZHOU Zhihong, YAO Lihong
    Netinfo Security    2022, 22 (12): 57-66.   DOI: 10.3969/j.issn.1671-1122.2022.12.007
    Abstract554)   HTML25)    PDF (13102KB)(202)      

    The controller area network (CAN) is connected to the core electronic control units of the intelligent networked automobile system, which is crucial to ensure the safety of the vehicle system. But it is vulnerable to denial of service(DoS) attack, replay attack and fuzzy attack due to its lack of adequate information security measures and thus causes serious security threat for automobiles and drivers. In order to effectively detect whether the CAN bus was attacked, the security threats and communication features were analyzed, and a model of CAN intrusion detection based on long short term memory (LSTM) was proposed, which could preserve the timing characteristics of CAN messages and effectively perform intrusion detection and attack classification. The experimental results show that the detection accuracy of the model is 99.99%.

    Table and Figures | Reference | Related Articles | Metrics
    Analysis of Botnet Attack Data Based on Log
    ZHU Tao, XIA Lingling, LI Penghui, XU Zhongyi
    Netinfo Security    2022, 22 (10): 82-90.   DOI: 10.3969/j.issn.1671-1122.2022.10.012
    Abstract547)   HTML23)    PDF (1547KB)(135)      

    Botnet is an important means of organized hacker attack in recent years. Its unique attack mode makes its data different from other network attack methods. Based on the collected network attack packets, this paper extracted and analyzed the botnet attack data. Firstly, the network attack log analysis system was constructed by using honeypot domain name service agent technology, and the storage format of the attack log file was designed. Then, it realized the cleaning and extraction of the plaintext of the network attack through a variety of ciphertext identification methods, and extracted the botnet attack data according to the characteristics of the botnet attack behavior different from the network scanning and hacker attack. At the same time, the regular matching method was used to find that the botnet attack data contains five types of specific keywords, which could improve the identification efficiency of the botnet by building a string library. Finally, specific clustering features were selected based on the botnet attack data and analyzed by using two-stage clustering algorithm. The experimental results show that botnet attacks have port-biased characteristics. Virus downloading is an important means for botnet attacks. The attribute data distribution of specific port attacks was obviously different from that of other ports. Except for the four attributes related to the size of the sent packet, most of the selected attributes have strong clustering and discrimination ability, which can be used as an important feature for further intelligent analysis.

    Table and Figures | Reference | Related Articles | Metrics
    Research on Proactive Generation Protocol of Beaver Triples
    LYU Kewei, CHEN Chi
    Netinfo Security    2022, 22 (12): 16-24.   DOI: 10.3969/j.issn.1671-1122.2022.12.003
    Abstract535)   HTML4)    PDF (10055KB)(144)      

    In secure multi-party computation, Beaver triples have been one of basic technique to realize the secure computation of addition and multiplication under secret sharing, which can make the number of protocol rounds reach the polynomial of the number of participating parties. This paper studied secure generation protocol of Beaver triples in the mobile adversary model. First, a computational security, effective two-party active Beaver triple generation protocol was designed based on Paillier public key cryptosystem, whose number of rounds was twice the number of renew operations and sent three ciphertexts of Paillier cryptosystem in each round. Then the effective n-party Beaver triplet initiative generation protocol for information theory security was designed using primary cryptographic tools such as Shamir secret sharing, where n ≥ 3, the total number of elements sent by the protocol was at most 6+6n, and the number of execution rounds is not more than 2κ+2, where к was the number of sharing fragment updates and the number of adversary control participants does not exceed n-2. Finally, protocol design ideas were given for malicious adversary articles.

    Reference | Related Articles | Metrics
    Blockchain Transaction Data Privacy-Preserving Scheme Supporting National Cryptographic Algorithm
    WANG Jingyu, MA Zhaofeng, XU Danheng, DUAN Pengfei
    Netinfo Security    2023, 23 (3): 84-95.   DOI: 10.3969/j.issn.1671-1122.2023.03.009
    Abstract531)   HTML40)    PDF (15939KB)(289)      

    With the development of blockchain technology, the realization of data sharing on the chain has become an important application to promote the implementation of the blockchain industry. The transaction data of the current blockchain is open and transparent on the chain, with problems of restricted sharing. At the same time, considering that the Hyperledger Fabric platform is limited in domestic applications due to the lack of support of the national cryptographic algorithm, this paper transformed the Fabric platform by adopting the national cryptographic algorithm firstly. Secondly, a transaction data privacy-preserving scheme was proposed to complete the security and limited sharing of transaction data with national cryptographic algorithm. Finally, the modified Fabric platform and the proposed solution were tested for system implementation and performance. The experimental results show that this paper completes the national cryptographic algorithm transformation of the Fabric platform, which ensures the correctness of various operations. The implementation efficiency and system performance of the privacy protection scheme also meet the practical requirements.

    Table and Figures | Reference | Related Articles | Metrics
    A Smart Grid Intrusion Detection Model for Secure and Efficient Federated Learning
    LIU Changjie, SHI Runhua
    Netinfo Security    2023, 23 (4): 90-101.   DOI: 10.3969/j.issn.1671-1122.2023.04.010
    Abstract529)   HTML153)    PDF (13787KB)(233)      

    The rapid development of smart grids has led to more efficient power transmission, and the high level of integration of grid systems and ICTs has exposed power systems to more cyber threats. Intrusion detection has received a lot of attention as an effective method to detect cyber attacks, and most of the existing schemes are based on the strong assumption that a single organization has enough high-quality attack examples and is willing to share their data. However, in real life, individual institutions not only generate a small amount of data but also have individual characteristics and are usually not willing to share their data, and using such single institution data is not sufficient to train a general model with high accuracy. In view of this, this paper proposed a secure and efficient approach for smart grid intrusion detection. Specifically, first, a federated learning framework was introduced to collaboratively train a generic intrusion detection model to protect the security of local data and allow indirect expansion of the data volume; Second, a secure communication protocol was designed to protect the security of model parameters in training and prevent eavesdroppers from eavesdropping on them for inference attacks; Finally, by selecting a good client for global aggregation, the fast convergence of the model was guaranteed and the number of participants was reduced to reduce the communication bandwidth. The experimental results show that the accuracy of intrusion detection is improved, data privacy is protected, and communication cost is reduced while ensuring model convergence.

    Table and Figures | Reference | Related Articles | Metrics
    Detection of Abnormal Transactions in Blockchain Based on Multi Feature Fusion
    LIN Wei
    Netinfo Security    2022, 22 (10): 24-30.   DOI: 10.3969/j.issn.1671-1122.2022.10.004
    Abstract522)   HTML38)    PDF (9255KB)(254)      

    With the development of blockchain technology, virtual currency represented by bitcoin has become an important tool for money laundering, hacker attacks, telecommunications network fraud and other crimes, which poses a serious threat to the personal and property security of citizens, and even threatens the stability of the national financial market. Therefore, the research on abnormal transaction data detection of virtual currency based on blockchain technology is of great significance. Firstly, this paper use the custom sliding window mechanism to extract the characteristics of blockchain transaction data. Secondly, it procesed from three channels to form three feature vectors according to the characteristics of blockchain transaction data. Finally, it spliced these three feature vectors to build a blockchain abnormal transaction data detection model. This paper verified the feasibility and superiority of the model with the data set released by the blockchain intelligence company Elliptic. The precision, recall and F1 values of the model reached 92.96%, 85% and 92.43%. The experimental results show that the feature vector based on multi-feature fusion contains more abundant blockchain transaction information, which can effectively improve the performance of blockchain abnormal transaction detection.

    Table and Figures | Reference | Related Articles | Metrics