Most Down Articles

Published in last 1 year | In last 2 years| In last 3 years| All| Most Downloaded in Recent Month | Most Downloaded in Recent Year|

Most Downloaded in Recent Year

Please wait a minute...


For Selected: Download Citations EndNote Ris BibTeX Toggle Thumbnails

Select

Information Security Technology—Evaluation Requirement for Classified Protection of Cybersecurity(GB/T 28448-2019) Standard Interpretation Guangyong CHEN, Guobang ZHU, Chunling FAN Netinfo Security    2019, 19 (7): 1-8.   DOI: 10.3969/j.issn.1671-1122.2019.07.001 Abstract （17904）   HTML （869）    PDF （7610KB）（7639）       Knowledge map    Evaluation requirements for classified protection of cybersecurity(GB/T 28448-2019) will be formally implemented soon. This paper introduces the revision background and process of this standard, the main changes in comparison with GB/T 28448-2012, the main contents of security general requirements and security special requirements, etc., so that to the main contents can be understood better. Table and Figures | Reference | Related Articles | Metrics

Select

Baseline for Classified Protection of Cybersecurity (GB/T 22239-2019) Standard Interpretation Li MA, Guobang ZHU, Lei LU Netinfo Security    2019, 19 (2): 77-84.   DOI: 10.3969/j.issn.1671-1122.2019.02.010 Abstract （12469）   HTML （812）    PDF （8866KB）（9587）       Knowledge map    Baseline for Classified Protection of Cybersecurity(GB/T 22239-2019) will be formally implemented soon. This paper introduces the background and process of the revision GB/T 22239-2019, the main changes in comparison with GB/T 22239-2008, the main contents of its security general requirements and security special requirements, etc., so as to enable users to better understand and master the contents of GB/T 22239-2019. Table and Figures | Reference | Related Articles | Metrics

Select

Research on an Authentication Strategy for Data Security in Cloud Computing Jiebin GUO, Yunfa LI, Dajun ZHANG Netinfo Security    2017, 17 (3): 72-77.   DOI: 10.3969/j.issn.1671-1122.2017.03.012 Abstract （658）   HTML （6）    PDF （1233KB）（761）       Knowledge map    With the rapid development of virtualization technology, cloud computing begin to be widely used in data processing, data analysis. Data are usually stored to cloud server by more and more users. Thus, it becomes a challenge problem that how to protect the security of data in cloud computing. In order to solve this problem, we propose an authentication strategy for data security in cloud computing based on the attributes of user. We first put forward a kind of identity authentication methods for registered users. Then, we propose an authentication method for local agent server in view of the unregistered users. We build an encryption agent server and improve HE-RSA encryption algorithm. All these constitute the identity authentication strategy for data security. In order to show the effectiveness of the identity authentication strategy, the security, the scalability and the efficiency of this strategy are analyzed. The results show the strategy can ensure the security of data resources and has good scalability and efficiency in cloud computing. Table and Figures | Reference | Related Articles | Metrics

Select

null null    2001, 1 (5): 0-0.   Abstract （154）      PDF （123KB）（900）       Knowledge map    null Related Articles | Metrics

Select

Study of Non-Heapspray IE’s Vulnerability Exploitation Technique null null    Abstract （455）      PDF （1415KB）（1190）       Knowledge map    With the progress and development of Internet technology, the computer has been the indispensable tool in people's daily life. The security issue of computer system becomes increasingly significant. At present, vulnerability exploitation of systems or software has become a popular attacking method. In order to defend the attack to vulnerability more effectively, we need to study various methods of vulnerability exploitation. This paper introduces a new technique of browser’s vulnerability-exploitation, which has been veriifed in the known vulnerabilities, based on popular methods of IE’s vulnerability exploitation. Related Articles | Metrics

Select

NULL null null    2007, 7 (12): 0-0.   Abstract （116）      PDF （263KB）（966）       Knowledge map    NULL Related Articles | Metrics

Select

Multi-level File Operations Recording System Based on Minifilter Driver null null    Abstract （226）   HTML （1）    PDF （1089KB）（1184）       Knowledge map    This paper studied for different levels of extraction and monitoring the behavior of file operations, aimed at the existing bypass filter drivers detection method was improved, more effective against malicious software behavior, multi-level technology to extract the file operations. Firstly the paper introduces the file filter driver technology , principle and current application situation,then introduces the widely application of micro file filter driver (Minifilter) technology development principle, steps and application field. Subsequent to the underlying behavior of file operations process are analyzed, and the Minifilter detection principle of the related introduction. To analyze its security and puts forward several methods of current can bypass the filter drivers detection principle. Including by adding filter drivers and send Hook function principle to bypass filter drivers, which the filter driver behavior cannot be detected.Lists the existing several attack methods from different levels to bypass the filter driver, including attached new filter drivers, direct access to the kernel, the sending of the underlying file structure function of different hook skills and so on. According to its attack principle is analyzed, puts forward corresponding detection methods.By adding the above on the basis of the original Minifilter several detection methods, which can realize to test the present a variety of means of attack, so as to add multi-layered protective measures. And then the improved filter drivers for targeted on the function and performance test, shows that the improved test drive to be able to use a smaller time cost to complete more deeper detection. Therefore the behavior of the improved extraction technology can bypass the normal file filter driver to expand to detect malicious behavior, the extraction of deeper malicious software file operations, so as to realize the target of suspicious file operations for a more comprehensive monitoring. Related Articles | Metrics

Select

Blockchain System for Creating Digital Assets Based on Reputation Value Xing WANG, Jian WENG, Yue ZHANG, Ming LI Netinfo Security    2018, 18 (5): 59-65.   DOI: 10.3969/j.issn.1671-1122.2018.05.007 Abstract （873）   HTML （3）    PDF （1346KB）（695）       Knowledge map    The types of digital assets traded on the blockchain are getting richer. When digital assets other than cryptocurrencies are created, the problem of the authenticity and validity of the creation is produced. This paper builds trust mechanism based on blockchain technology, regards digital assets creation as the process of evaluating behaviors, designs smart contracts that deal with assessment behaviors, and builds a blockchain system based on reputation values of alliance members. The system uses sidechain technology to transfer created digital assets, which can increase the authenticity guarantee for blockchains in other trading scenarios. The experimental results show that the system has the characteristics that the cost is low and the storage space is not easy to expand. Table and Figures | Reference | Related Articles | Metrics

Select

Review of Fuzzing Based on Machine Learning WANG Juan, ZHANG Chong, GONG Jiaxin, LI Jun’e Netinfo Security    2023, 23 (8): 1-16.   DOI: 10.3969/j.issn.1671-1122.2023.08.001 Abstract （554）   HTML （81）    PDF （20467KB）（411）       Knowledge map    Fuzzing is one of the most popular vulnerability discovering techniques today. Traditional fuzzing often requires a lot of labor, which increases the application cycle of fuzzing. Besides, expert experience determines the effect of fuzzing. The wide application of machine learning has enabled machine learning techniques to be applied to software security testing. Many research works use machine learning to optimize the fuzzing process, making up for many defects of traditional fuzzing technology. This paper provided a review of fuzzing based on machine learning. Firstly, common vulnerability discovery methods, fuzzing process and classification, and the shortcomings of traditional fuzzing were summarized. Then, from the perspective of test case generation, mutation, screening, and scheduling of fuzzing, this paper focused on the application research of machine learning methods in fuzzing, as well as the research work on combining machine learning and fuzzing to realize other functions. Finally, based on the existing work, this paper analyzed and summarized the limitations and challenges in the current research work, and prospected the future development directions of this field. Table and Figures | Reference | Related Articles | Metrics

Select

Research on Anonymous Traffic Classification Method Based on Machine Learning ZHAO Xiaolin, WANG Qiyao, ZHAO Bin, XUE Jingfeng Netinfo Security    2023, 23 (5): 1-10.   DOI: 10.3969/j.issn.1671-1122.2023.05.001 Abstract （396）   HTML （63）    PDF （10333KB）（387）       Knowledge map    Anonymous communication tools not only protect users’ privacy, but also provide shelter for crimes, making it more difficult to purify and supervise the network environment. Classification of anonymous traffic generated during information exchange in anonymous networks can refine the scope of network supervision. Aiming at the problems of insufficient granularity of traffic classification and low accuracy of anonymous traffic classification in the application layer in the existing anonymous traffic classification field, this paper proposed an application layer multi classification method for anonymous traffic based on machine learning. It included the feature extraction model based on auto-encoder and random forest, and the anonymous traffic multi classification model based on convolutional neural networks and XGBoost. The classification effect is improved through feature reconstruction and model combination, and is verified on Anon17 public anonymous traffic dataset, proving the usability, effectiveness and accuracy of the designed model. Table and Figures | Reference | Related Articles | Metrics

Select

NULL null null    2010, (6): 0-0.   Abstract （110）      PDF （279KB）（460）       Knowledge map    NULL Related Articles | Metrics

Select

New Research Progress on Intrusion Detection Techniques for the Internet of Things FENG Guangsheng, JIANG Shunpeng, HU Xianlang, MA Mingyu Netinfo Security    2024, 24 (2): 167-178.   DOI: 10.3969/j.issn.1671-1122.2024.02.001 Abstract （237）   HTML （58）    PDF （15179KB）（378）       Knowledge map    Compared to traditional intrusion detection mechanisms, the intelligent intrusion detection technology can fully extract data features, demonstrating higher detection efficiency, however, it also imposes greater demands on data sample labels. Considering data sample labels, this article provided a comprehensive review of the latest developments in the intrusion detection technology for the Internet of things(IoT) from the perspectives of supervised and unsupervised learning. Firstly, it outlined signature-based intrusion detection methods and analyzed recent traditional machine learning based intrusion detection methods based on the classification of supervised and unsupervised learning. Then, it analyzed recent deep learning based intrusion detection methods based on supervised, unsupervised, generative adversarial network, and deep reinforcement learning, respectively. Finally, it summarized the research challenges and future trends in the IoT intrusion detection technology. Table and Figures | Reference | Related Articles | Metrics

Select

null null    2003, 3 (4): 0-0.   Abstract （281）      PDF （172KB）（645）       Knowledge map    null Related Articles | Metrics

Select

A Dynamic and Hierarchical Quantum Secret Sharing Protocol Based on Starlike Cluster States YANG Yuguang, LU Jiayu Netinfo Security    2023, 23 (6): 34-42.   DOI: 10.3969/j.issn.1671-1122.2023.06.004 Abstract （223）   HTML （54）    PDF （9581KB）（370）       Knowledge map    A hierarchical cluster state was constructed on the basis of the starlike cluster state, and then a dynamic, hierarchical quantum confidentiality sharing protocol was proposed using the constructed cluster state. The secret possessor distributed cluster particles with a hierarchical structure to each agent as his share. Agents assigned to higher ranking particles had higher authority while agents assigned to lower ranking particles had lower authority. Each class of agent did not have access to share information for agents of the same class, higher classes and lower classes. Due to the scalability of the cluster states, the proposed hierarchical quantum secret sharing scheme was dynamic, allowing for the additon of new agents at the same level, removal of old agents, and the upgrading and downgrading of agents between different layers. Finally, the article analysed the security of the proposed protocol. Table and Figures | Reference | Related Articles | Metrics

Select

The Confidential Transmission System based on the Physical Layer Characteristics of Wireless Channel null null    2013, 13 (3): 0-0.   Abstract （105）      PDF （2139KB）（434）       Knowledge map    NULL Related Articles | Metrics

Select

NULL null null    2005, 5 (11): 0-0.   Abstract （141）      PDF （158KB）（664）       Knowledge map    NULL Related Articles | Metrics

Select

Finding Community Structures of Users’ Relationships in Twitter null null    Abstract （423）      PDF （1508KB）（1841）       Knowledge map    SNS (social networking service) has been integrated into public life. People upload their own information to the network and use the social networking sites to manage their social relationship. A large number of personal information is presented on social networks. Based on the Twitter platform, this paper designs to ifnd community structure of Twitter users. With the real-time information collecting, this paper rebuilds the relationships of users, improving Fast-Newman algorithms in dividing social networks. The paper uses a visualization system to automatically visualizing community structures, providing decision makers with user network behavior to implement personalized recommendation. Related Articles | Metrics

Select

Survey of Security Research in Mobile Payment System Yonglei LIU, Zhigang JIN, Tianying GAO Netinfo Security    2017, 17 (2): 1-5.   DOI: 10.3969/j.issn.1671-1122.2017.02.001 Abstract （659）   HTML （18）    PDF （1093KB）（937）       Knowledge map    With the development of Internet, especially communication technology, smart phones and Web2.0, the increasing popularity of mobile E-commerce appears. However, the natures of multiple network interfaces in smart mobile devices and design flaws of mobile payment protocols and mechanisms make security issues become more serious. The mobile payment system network architecture which comprises contactless layer, control layer, network layer, and application layer is analyzed. And the basic process of mobile payment is put forward. And then, the existing network system security issues of each layer are analyzed, including contactless layer security, control layer security, network layer security, and application layer security. The mobile payment protocols and their improvements are analyzed and summarized. The security assessment methods are also analyzed, compared and summarized. Moreover, A new secure mobile payment system network architecture is given. Finally, the summary of the existing security research is processed,And the future research direction is put forward. Table and Figures | Reference | Related Articles | Metrics

Select

null null    2005, 5 (2): 0-0.   Abstract （129）      PDF （76KB）（430）       Knowledge map    null Related Articles | Metrics

Select

NULL null null    2007, 7 (9): 0-0.   Abstract （155）      PDF （406KB）（420）       Knowledge map    NULL Related Articles | Metrics