Most Down Articles

Published in last 1 year| In last 2 years| In last 3 years| All| Most Downloaded in Recent Month | Most Downloaded in Recent Year|

Published in last 1 year

Please wait a minute...


For Selected: Download Citations EndNote Ris BibTeX Toggle Thumbnails

Select

Review of Fuzzing Based on Machine Learning WANG Juan, ZHANG Chong, GONG Jiaxin, LI Jun’e Netinfo Security    2023, 23 (8): 1-16.   DOI: 10.3969/j.issn.1671-1122.2023.08.001 Abstract （555）   HTML （81）    PDF （20467KB）（411）       Knowledge map    Fuzzing is one of the most popular vulnerability discovering techniques today. Traditional fuzzing often requires a lot of labor, which increases the application cycle of fuzzing. Besides, expert experience determines the effect of fuzzing. The wide application of machine learning has enabled machine learning techniques to be applied to software security testing. Many research works use machine learning to optimize the fuzzing process, making up for many defects of traditional fuzzing technology. This paper provided a review of fuzzing based on machine learning. Firstly, common vulnerability discovery methods, fuzzing process and classification, and the shortcomings of traditional fuzzing were summarized. Then, from the perspective of test case generation, mutation, screening, and scheduling of fuzzing, this paper focused on the application research of machine learning methods in fuzzing, as well as the research work on combining machine learning and fuzzing to realize other functions. Finally, based on the existing work, this paper analyzed and summarized the limitations and challenges in the current research work, and prospected the future development directions of this field. Table and Figures | Reference | Related Articles | Metrics

Select

New Research Progress on Intrusion Detection Techniques for the Internet of Things FENG Guangsheng, JIANG Shunpeng, HU Xianlang, MA Mingyu Netinfo Security    2024, 24 (2): 167-178.   DOI: 10.3969/j.issn.1671-1122.2024.02.001 Abstract （239）   HTML （58）    PDF （15179KB）（378）       Knowledge map    Compared to traditional intrusion detection mechanisms, the intelligent intrusion detection technology can fully extract data features, demonstrating higher detection efficiency, however, it also imposes greater demands on data sample labels. Considering data sample labels, this article provided a comprehensive review of the latest developments in the intrusion detection technology for the Internet of things(IoT) from the perspectives of supervised and unsupervised learning. Firstly, it outlined signature-based intrusion detection methods and analyzed recent traditional machine learning based intrusion detection methods based on the classification of supervised and unsupervised learning. Then, it analyzed recent deep learning based intrusion detection methods based on supervised, unsupervised, generative adversarial network, and deep reinforcement learning, respectively. Finally, it summarized the research challenges and future trends in the IoT intrusion detection technology. Table and Figures | Reference | Related Articles | Metrics

Select

A Dynamic and Hierarchical Quantum Secret Sharing Protocol Based on Starlike Cluster States YANG Yuguang, LU Jiayu Netinfo Security    2023, 23 (6): 34-42.   DOI: 10.3969/j.issn.1671-1122.2023.06.004 Abstract （223）   HTML （54）    PDF （9581KB）（370）       Knowledge map    A hierarchical cluster state was constructed on the basis of the starlike cluster state, and then a dynamic, hierarchical quantum confidentiality sharing protocol was proposed using the constructed cluster state. The secret possessor distributed cluster particles with a hierarchical structure to each agent as his share. Agents assigned to higher ranking particles had higher authority while agents assigned to lower ranking particles had lower authority. Each class of agent did not have access to share information for agents of the same class, higher classes and lower classes. Due to the scalability of the cluster states, the proposed hierarchical quantum secret sharing scheme was dynamic, allowing for the additon of new agents at the same level, removal of old agents, and the upgrading and downgrading of agents between different layers. Finally, the article analysed the security of the proposed protocol. Table and Figures | Reference | Related Articles | Metrics

Select

An Identity Authentication Method Based on SM9 and Blockchain in the IoT Environment ZHAI Peng, HE Jingsha, ZHANG Yu Netinfo Security    2024, 24 (2): 179-187.   DOI: 10.3969/j.issn.1671-1122.2024.02.002 Abstract （118）   HTML （17）    PDF （10303KB）（279）       Knowledge map    Terminal devices in the Internet of Things (IoT) environment need to identify and authenticate each other to ensure network security and data security, and authentication is the first line of defense for IoT security, and the existing traditional public key cryptosystem (PKI) is cumbersome and computationally intensive, which can not satisfy the resource-constrained, open, and distributed IoT environment well. In this paper, a blockchain-based two-way authentication scheme for IoT terminals was designed based on the SM9 identity cryptography algorithm, which could greatly satisfy the confidentiality and unforgeability based on the assumptions of the computational Diffie-Hellman hard problem, the q-Diffie-Hellman inverse problem, and the bilinear Diffie-Hellman hard problem, and was more in line with the practical application environment of the IoT. The scheme adopted the device identity as the public key, which simplified the key distribution management process. In addition, the blockchain, as a decentralized underlying storage database used to record information such as keys, certificates, signatures, etc., could be used to carry out credible endorsement for the authentication process. Through performance and Proverif formalized security analysis, and comparing several current mainstream authentication methods, the scheme can meet the time, performance and security requirements in the IoT environment. Table and Figures | Reference | Related Articles | Metrics

Select

A Survey of Cyber Security Open-Source Intelligence Knowledge Graph WANG Xiaodi, HUANG Cheng, LIU Jiayong Netinfo Security    2023, 23 (6): 11-21.   DOI: 10.3969/j.issn.1671-1122.2023.06.002 Abstract （387）   HTML （64）    PDF （13519KB）（267）       Knowledge map    With the development of informatization, a large amount of cyber security information is generated online every day. However, the majority of security intelligence consists of multi-source and heterogeneous text data that are challenging to directly analyze and apply. Therefore, the introduction of a knowledge graph assumes paramount significance in order to facilitate profound semantic knowledge mining and enable intelligent reasoning analysis. On this basis, this paper first described how the cybersecurity knowledge graph was built. Then, it outlined the core technologies of the knowledge graph and related research work, including information extraction and knowledge reasoning. Finally, the challenges of building a cybersecurity knowledge graph were discussed, and some directions for further research were suggested. Table and Figures | Reference | Related Articles | Metrics

Select

A Hybrid Method of Joint Entropy and Multiple Clustering Based DDoS Detection in SDN WANG Zhi, ZHANG Hao, Jason GU Netinfo Security    2023, 23 (10): 1-7.   DOI: 10.3969/j.issn.1671-1122.2023.10.001 Abstract （318）   HTML （52）    PDF （8370KB）（259）       Knowledge map    Software Defined Networking (SDN), an emerging networking paradigm, has introduced more severe Distributed Denial of Service attacks (DDoS) along with convenience. Existing works typically use machine learning models to detect DDoS attacks, but ignore the additional overhead that models impose on SDN controllers. In order to detect DDoS attacks more efficiently and accurately, this paper adoptd a strategy of multi-level detection modules: the first-level module detectd suspicious traffic by calculating the joint entropy of the traffic in the current window; the second-level module used a semi- supervised model that used techniques such as feature selection, multi-training algorithms, and multiple clustering to improve detection performance by training multiple local models. Compared with other existing models, this model performs best on multiple data sets and has better detection accuracy and generalization ability. Table and Figures | Reference | Related Articles | Metrics

Select

Brand-Specific Phishing Expansion and Detection Solutions WEN Weiping, ZHU Yifan, LYU Zihan, LIU Chengjie Netinfo Security    2023, 23 (12): 1-9.   DOI: 10.3969/j.issn.1671-1122.2023.12.001 Abstract （230）   HTML （50）    PDF （11070KB）（203）       Knowledge map    In recent years, both the number of phishing attacks and the losses caused by them have been increasing, and phishing attacks have become one of the main network security threats that people face. Currently, many phishing detection methods have been proposed to defend against phishing attacks, but most of the known phishing detection methods are passive detection and are prone to cause a large number of false positives. In response to the above issues, this paper proposed a phishing expansion method. Firstly, according to the phishing website information, it was analyzed in a multi-dimensional manner, and other related websites were obtained, so as to find more phishing websites that have not been discovered yet. Then, aiming at the visual counterfeiting characteristics of phishing websites, this paper proposed a phishing detection method based on deep learning, cutting the screenshots to obtain the area judged as a logo, and using EfficientNetV2 to mine visual counterfeiting characteristic. Finally, conducted a comprehensive evaluation of suspected phishing websites to reduce the false positive rate. The effectiveness of the method proposed in this paper was proved by the experimental verification of the existing phishing websites. Table and Figures | Reference | Related Articles | Metrics

Select

A Large Language Model Based SQL Injection Attack Detection Method HUANG Kaijie, WANG Jian, CHEN Jiongyi Netinfo Security    2023, 23 (11): 84-93.   DOI: 10.3969/j.issn.1671-1122.2023.11.009 Abstract （306）   HTML （47）    PDF （12178KB）（201）       Knowledge map    The SQL injection attack, widely employed by attackers, poses a significant threat to cyberspace security. Traditional detection methods for SQL injection attacks include rule-based and machine learning-based method, suffering from limited applicability and high false positive rates. This paper proposed a large language model-based method for detecting SQL injection attacks. By applying prompt engineering and instruction fine-tuning techniques, a specialized large language model for SQL injection attack detection was developed; Additionally, the impact of iteration rounds, the number of fine-tuning samples and inference parameters on model performance was analyzed to enhance the detection capability of large language models; Leveraging the robust semantic understanding capability of the large language model significantly reduced the false positive rate. This paper conduct experimental analysis on a specialized large language model for SQL injection attack detection that we proposed, using the Kaggle dataset. The model achievedes an accuracy rate of over 99.85%, a false alarm rate of less than 0.2%, and an F1 score of 0.999. Compared to the current state-of-the-art methods for SQL injection attack detection, our model demonstrates a significant improvement in detection performance. Table and Figures | Reference | Related Articles | Metrics

Select

Malicious Domain Detection Method Based on Multivariate Time-Series Features YAO Yuan, FAN Zhaoshan, WANG Qing, TAO Yuan Netinfo Security    2023, 23 (11): 1-8.   DOI: 10.3969/j.issn.1671-1122.2023.11.001 Abstract （230）   HTML （52）    PDF （10488KB）（186）       Knowledge map    At present, malicious domains as the main attack vector are widely abused in a variety of network attack activities. To address the problems of complex design of detection features in malicious domain detection, the need for empirical knowledge assistance and the ease of targeted bypassing by attackers, the paper proposed a malicious domain detection method based on multivariate temporal features. The method uses a deep learning model based on fused long and short-term memory networks and full convolutional neural networks to automatically extract multivariate temporal embedding features from client requests and domain resolution traffic, respectively, and learn low-dimensional temporal representations of malicious domain behaviors. Compared with traditional time-statistical feature schemes or time-series local pattern discrimination schemes, this method can establish long-term domain activity patterns and distinguish the behavior sequences of malicious domains from normal domains, which has more powerful malicious domain detection capability. Meanwhile, the method supports the fusion of multivariate time-series embedding features and generic malicious domain detection features to characterize malicious behavior information in multiple dimensions, improving detection performance as well as model robustness and scalability. Table and Figures | Reference | Related Articles | Metrics

Select

Network Anomaly Detection Based on Dual Graph Convolutional Network and Autoencoders QIN Zhongyuan, MA Nan, YU Yacong, CHEN Liquan Netinfo Security    2023, 23 (9): 1-11.   DOI: 10.3969/j.issn.1671-1122.2023.09.001 Abstract （274）   HTML （27）    PDF （13563KB）（180）       Knowledge map    Considering the application of graph neural networks in the field of network anomaly detection mostly focused on the extraction of single point features, while ignoring the correlation features between continuous messages. This paper proposed a network anomaly detection method based on dual graph convolutional networks and autoencoders. This method first constructed the graph and divided the subgraph of the communication data, then sent the subgraph into the two-layer graph convolution neural network to extract the features of points and edges respectively, and finally used the unsupervised learning method to train the divided subgraph. In the experimental part, through the iterative experiment on the subgraph division time interval and iteration times, the subgraph division time interval and iteration times with the best effect were obtained. Comparative experiments with traditional algorithms on three data sets showed that our scheme is more accurate and has stronger generalization. Table and Figures | Reference | Related Articles | Metrics

Select

Netinfo Security    2023, 23 (12): 0-0.   Abstract （168）      PDF （1264KB）（177）       Knowledge map    Related Articles | Metrics

Select

Survey on Deep Neural Architecture Search XUE Yu, ZHANG Yixuan Netinfo Security    2023, 23 (9): 58-74.   DOI: 10.3969/j.issn.1671-1122.2023.09.006 Abstract （221）   HTML （30）    PDF （21099KB）（172）       Knowledge map    In recent years, deep neural networks have been applied to image recognition, speech recognition, target detection, machine translation and other aspects of life. Greatly accelerating the performance evolution and flexibility improvement of the network. But these networks often have complex structures, require personnel with a large amount of professional knowledge, and require a significant amount of time to adjust parameters to suit specific environments. The efficiency of adjusting parameters using conventional manual methods is too low and errors occur frequently. Therefore, research on neural network architecture search has also been put on the agenda. In order to provide readers with a comprehensive understanding of the research progress of neural network architecture search, the article introduced and evaluated existing relevant algorithms, and proposed ideas for the future development of neural network architecture search. Table and Figures | Reference | Related Articles | Metrics

Select

A False Data Injection Attack Detecting and Compensating Method XIE Ying, ZENG Zhu, HU Wei, DING Xuyang Netinfo Security    2023, 23 (6): 22-33.   DOI: 10.3969/j.issn.1671-1122.2023.06.003 Abstract （308）   HTML （30）    PDF （15071KB）（162）       Knowledge map    To accurately detect false data injection attacks in industrial control networks and quickly compensate for their impact on the system, this paper proposed an attack detecting and compensating method based on state estimation. The method constructed a sequence Kalman filter to optimally estimate the state vector based on the mathematical model of the industrial control system. Additionally, a double-judgment mechanism was designed to eliminate unstable states caused by noise and perturbation. Furthermore, the paper proposed a multi-step estimating attack compensation strategy that utilized the previously measured data in the safe state to provide a compensation control signal for the system. The experimental results conducted on the load frequency control system of the dual-area interconnected power system demonstrate the effectiveness of the proposed method in detecting and compensating for false data injection attacks. Moreover, the method outperforms the comparison algorithms in terms of frequency deviation control and control signal compensation. Table and Figures | Reference | Related Articles | Metrics

Select

Review of Federal Learning and Offensive-Defensive Confrontation YANG Li, ZHU Lingbo, YU Yueming, MIAO Yinbin Netinfo Security    2023, 23 (12): 69-90.   DOI: 10.3969/j.issn.1671-1122.2023.12.008 Abstract （199）   HTML （34）    PDF （26484KB）（161）       Knowledge map    With the continuous development of machine learning technology, personal privacy issues have attracted widespread attention. Centralized learning is subject to a considerable degree of constraints due to the fact that user data is sent to the central node. Therefore, federal learning as a data can be completed locally. The framework of model training came into being. However, the federated learning mechanism will still be affected by various attacks and reduce the security and privacy. This paper started with the basic definition of federal learning, and then analyzed and summarized the threats and defense means in federal learning from two aspects of confidentiality and integrity. Finally, through these problems, the future development direction of this field was discussed. Table and Figures | Reference | Related Articles | Metrics

Select

Research on DGA Malicious Domain Name Detection Method Based on Transfer Learning and Threat Intelligence YE Huanrong, LI Muyuan, JIANG Bo Netinfo Security    2023, 23 (10): 8-15.   DOI: 10.3969/j.issn.1671-1122.2023.10.002 Abstract （226）   HTML （34）    PDF （9615KB）（158）       Knowledge map    Domain name generation algorithms have been widely used in various types of cyber attacks, which have the characteristics of rapid sample change, many variants, and difficult to obtain, leading to low detection accuracy and poor warning capability of existing traditional models. To address this situation, a DGA malicious domain detection method based on transfer learning and threat intelligence was proposed, which extracted malicious domain context and semantic relationship features by building a combined model of bidirectional long short-term memory neural network and Transformer, pre-trains by using a publicly available large-sample malicious domain dataset, and transfered the training parameters to a new unknown small-sample malicious domain of APT organizations held by threat intelligence for model detection performance testing. The experimental results show that the model can achieve an average detection accuracy of 96.14% in a small-sample dataset of malicious domains used by APT organizations, and the detection performance is good. Table and Figures | Reference | Related Articles | Metrics

Select

Network Intrusion Detection Method Based on Attention-BiTCN SUN Hongzhe, WANG Jian, WANG Peng, AN Yulong Netinfo Security    2024, 24 (2): 309-318.   DOI: 10.3969/j.issn.1671-1122.2024.02.014 Abstract （103）   HTML （12）    PDF （10903KB）（156）       Knowledge map    In order to solve the problem of low accuracy of multi-classification in network intrusion detection field, the proposed algorithm analyzed the time series characteristics of network traffic data, an intrusion detection model based on attention mechanism and bi-directional temporal convolutional network (BiTCN) was convolutional neural network. In this model, the data set was pre-processed by heat-only coding and normalization to solve the problem of strong discreteness and different scale of network traffic data, and the pre-processed data were generated into bidirectional sequence by bidirectional sliding window method, attention-bitcn model was used to extract the bidirectional temporal features and integrate them in an additive manner to obtain the fusion features enhanced by temporal information. The proposed model is experimentally verified by the datasets of NSL-KDD and UNSW-NB15, and the accuracy of multiple classification reached 99.70% and 84.07% respectively, which is superior to traditional network intrusion detection algorithms and has more significant detection performance than other deep learning models. Table and Figures | Reference | Related Articles | Metrics

Select

Federated Learning Incentive Scheme Based on Zero-Knowledge Proofs and Blockchain WU Haotian, LI Yifan, CUI Hongyan, DONG Lin Netinfo Security    2024, 24 (1): 1-13.   DOI: 10.3969/j.issn.1671-1122.2024.01.001 Abstract （230）   HTML （31）    PDF （15951KB）（155）       Knowledge map    In cross-silo federated learning, participants contribute differently to the final trained model. Evaluating their contributions and providing appropriate incentives has become a key issue in federated learning research. Current incentive methods primarily focus on rewarding participants who provide valid model updates while penalizing dishonest ones, emphasizing incentivizing computational behavior. However, the quality of data provided by participants also affects learning outcomes, yet existing methods inadequately consider data quality and lack means to verify data authenticity. To enhance incentive accuracy, it is necessary to evaluate the quality of participants' data. This paper introduced, for the first time, a protocol for assessing the quality of participants' data by integrating zero-knowledge proofs and blockchain technology, leading to a novel federated learning incentive scheme. This scheme can assess the quality of participants' datasets without disclosing plaintext data, utilizing blockchain systems to provide incentives to eligible participants while excluding those who don't meet the criteria. Experimental results confirm that even in scenarios where some users provide falsified data, this scheme remains capable of delivering accurate incentive results, while simultaneously improving the accuracy of the federated learning model. Table and Figures | Reference | Related Articles | Metrics

Select

A Malicious Code Recognition Model Fusing Image Spatial Feature Attention Mechanism LIU Jun, WU Zhichao, WU Jian, TAN Zhenhua Netinfo Security    2023, 23 (12): 29-37.   DOI: 10.3969/j.issn.1671-1122.2023.12.004 Abstract （141）   HTML （25）    PDF （11742KB）（155）       Knowledge map    When converted into images, malicious software exhibits two prominent characteristics. Firstly, during the visualization process, black pixels are typically added to pad the end of the file, creating a distinct separation in the image between significant features (code part) and non-significant features (filled part). Secondly, there is a semantic feature correlation among code segments that is preserved in sequential pixel conversion. While existing models for malicious code detection have achieved reasonably good recognition results to some extent, they have not been specifically designed to leverage the unique traits of malicious code. Consequently, their capability to extract deep-level features from malicious images has been relatively weak and often requires complex model architectures. Therefore, this paper proposed a novel model for detecting malicious code that addressed two key characteristics of malicious images. Firstly by transforming original malicious code into images and applying preprocessing techniques. Secondly by utilizing an FA-SA module for extracting key features along with two FA-SeA modules for capturing pixel-wise correlations. This model not only simplifies the architecture but also enhances its capability for deep-level feature extraction thereby improving detection accuracy. On the Malimg dataset, our model achieves an accuracy of 96.38%, representing a 3.56% improvement compared to previous CNN-based models. Experimental results highlight the effectiveness of designing network models based on the characteristics of malicious images with significant contributions from our proposed fusion attention module towards enhancing recognition performance. Table and Figures | Reference | Related Articles | Metrics

Select

IoT Device Identification Method Based on LCNN and LSTM Hybrid Structure LI Zhihua, WANG Zhihao Netinfo Security    2023, 23 (6): 43-54.   DOI: 10.3969/j.issn.1671-1122.2023.06.005 Abstract （174）   HTML （27）    PDF （13256KB）（154）       Knowledge map    With the increasing number of IoT devices, the scale of network traffic in IoT environments has also skyrocketed. In order to efficiently identify and classify IoT devices from massive network traffic, this paper proposed a IoT devices recognition method. Firstly, in order to eliminate non-standard data samples in network traffic, a sliding window based data pre processing (SW based DPP) algorithm is studied and proposed, which uses the SW based DPP algorithm to clean the data; Then, in order to reduce the complexity of IoT devices recognition methods, a lightweight convolutional neural network (LCNN) was proposed, and a neural network model based on LCNN-LSTM hybrid structure was proposed by combining LCNN and LSTM structures; Input the preprocessed network traffic into the LCNN-LSTM model for IoT devices classification; Finally, based on the aforementioned hybrid structure neural network model, a further Internet of Things Devices Identification based on LCNN and LSTM Hybrid Structure (LCNN-LSTM-based IoTDI) method was proposed. The LCNN-LSTM-Based IoTDI method iteratively traind the LCNN-LSTM model to deeply mine the temporal and spatial dual features in network traffic, and used a softmax classifier to achieve the goal of IoT devices recognition. The experimental results show that on the UNSW, CIC IoT, and Laboratory datasets, the running time of the LCNN-LSTM model decreased by an average of about 47.63% compared to the CNN-LSTM model, and the F1 values of the LCNN-LSTM-Based IoTDI method are 88.6%, 95.6% and 99.7%. It has been proven that the LCNN-LSTM-Based IoTDI method has efficient devices recognition capabilities. Table and Figures | Reference | Related Articles | Metrics

Select

Efficient and Secure Certificateless Aggregate Signature Scheme in Vehicle Networks GU Yanyan, SHEN Limin, GAO Chenxu, ZHU Ting Netinfo Security    2024, 24 (2): 188-202.   DOI: 10.3969/j.issn.1671-1122.2024.02.003 Abstract （82）   HTML （22）    PDF （16847KB）（152）       Knowledge map    Certificateless cryptography not only eliminates the key escrow problem inherent in ID-based cryptography, but also maintains the advantages of ID-based cryptography that does not need public key certificate. In order to ensure the integrity, authenticity, validity and immediacy of the communication between vehicles in the VANETs system, this paper proposed a certificateless aggregate signature scheme without bilinear pairing and the scheme could resist coalition attacks. In the random oracle model, the security of the algorithm was rigorously proved based on the elliptic curve discrete logarithm problem and bifurcation lemma. The performance and efficiency analysis show that the scheme is effective, it can ensure the integrity and authenticity of communication data, reduce bandwidth and storage overhead, and improve the verification efficiency. Table and Figures | Reference | Related Articles | Metrics