Loading...
Netinfo Security

Table of Content

    10 November 2014, Volume 14 Issue 11 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    Research and Design on Offensive and Defensive Feedback Defense Graph on Cloud Desktop
    2014, 14 (11):  1. 
    Abstract ( 256 )   HTML ( 1 )   PDF (3384KB) ( 220 )  
    With the rapid development of Cloud Platform, Mobile Office and BYOD Office have swept across the world. Companies take Cloud Desktop Office as the preferred, and build Cloud Desktop environment. However, the new office environment will also introduce the new security issues. Currently, Cloud Desktop security architecture has not yet formed. Knowledge of Cloud Desktop defense is relatively scarce. Domestic also lack of comprehensive, system, effective defense model. Cloud desktop virtualization structure determines its defense structure is no longer a string type, to a certain extent; cloud server defense is more sensitive than traditional one. This paper proposed an active defense scheme of offensive and defensive feedback defense graph on which applicable to cloud desktop by analysis cloud desktop defense architecture. It unfolded the restructuring process of its defense and attack, marked the targeted attacks design according to the defense analysis, and feedback attack graph to security defense, and then optimized the defense map. It adopted reverse breadth search algorithm to find attack vulnerable points, no reliable attack path was missed or repeated. It introduces the offensive and defensive game model, to compliance with the principle of appropriate security. Finally, this paper revealed simulation process of offensive and defensive feedback defense graph on cloud desktop through a famous provider of cloud desktop.
    Related Articles | Metrics
    Authenticated Encryption Modes Based on Block Ciphers
    2014, 14 (11):  8. 
    Abstract ( 381 )   HTML ( 5 )   PDF (1668KB) ( 1312 )  
    It is an inevitable trend to provide authentication encryption modes of operation, which satisfy all kinds of requirements, and have good performance such as high-efficiency, high security, low-cost and simple structure. Authenticated encryption modes based on block ciphers provide both privacy and authenticity of users’ information. As they have many good properties: high-speed, easy standardization, high-efficiency in hardware and software implementation, they have been widely used in the field of information security. In this paper, we give a survey on authenticated encryption modes based on block ciphers, and discuss further research trend in the future.
    Related Articles | Metrics
    Authentication and Image Spatial Encryption Based on Ergodic Matrix and Hybrid Key System
    2014, 14 (11):  18. 
    Abstract ( 227 )   HTML ( 0 )   PDF (2560KB) ( 228 )  
    For human being, the basic means of the perceptions of the world and the image is consistent. Therefore, the relevant information may possibly related to personal privacy, commercial interests and military secrets, so the security of multimedia information becomes more and more important. Conventional encryption systems, such as RSA, DES, IDEA, SAFER and FEAL, are not suitable for image encryption. Because of its encryption speed is slow and can not effectively remove the correlation between adjacent pixels. The chaotic encryption systems which have been studied for over twenty years have good characteristics for image encryption, but most of the systems are based on a symmetric encryption. Symmetric encryption is faster than symmetric encryption, but the key management restricts its widespread applications. In order to remedy this defect, this paper proposes a hybrid-key mechanism. It’s not only can be used for image encryption, but also can be used in verification. Ergodic matrix in the encryption / decryption system is not only to generate a public key, but also is the key parameter of image confusion and diffusion. The experimental results show that compared with the existing chaotic encryption system, the proposed image encryption technology completely shuffles and change the pixel values of the original image. More than that, it has at least a huge space of 3.08 * 105898 keys, therefore it’s enough to resist the brute force attack. Compared with the existing chaotic cipher system, the experimental results in this paper are more optimistic: coded in the C language, confusion and diffusion stage of the execution time is quite stable (respectively is between 1.9 to 2 ms and 2 to 2.1 ms). Compared with the algorithms introduced by Yang and Ismail, the proposed algorithm, according to the performance evaluation the sensitivity analysis and statistical analysis, our proposed algorithm is more secure, and is suitable for network transmission.
    Related Articles | Metrics
    An Information Hiding Method Based on BCH Coding
    2014, 14 (11):  26. 
    Abstract ( 256 )   HTML ( 1 )   PDF (1493KB) ( 270 )  
    Due to the fault-tolerant redundancy introduced by the channel coding, a method for information hiding based on BCH coding is proposed. The messages are embedded to the coded carrier based on a pseudo-random sequence, while no changes are made to the source code of the carrier. By this method, the messages are embedded to the carrier just like random noise, which makes it avoid the problem of non-uniformly embedding in traditional information hiding methods. Analysis and experiments show the higher the bit error rate of the channel is, the lower the hiding capacity is; the shorter the length of the information bits in the channel coding of the carrier is, the higher the hiding capacity is; the stronger the error correcting capability of the channel coding is, the higher the hiding capacity is. Moreover, experiments show the embedded data has little influence on the restored carrier.
    Related Articles | Metrics
    Research on Chinese Text Appraisive Classification in the Present Era of Big Data
    2014, 14 (11):  30. 
    Abstract ( 261 )   HTML ( 0 )   PDF (1512KB) ( 123 )  
    In the current era of big data, the Internet blog, forum produce a flood of subjective comment information which express various peoples’ color emotion and emotional tendency. It is so difficult to classify and process the massive comment information only by using the artificial methods, then how to efficiently dig out a lot of information that has appraisive views on the network has become an urgent problem at present. The research on Chinese text appraisive classification technology is the way to solve this problem. This article describes the common text feature selection algorithms, analyzes the shortcomings of document frequency and mutual information algorithm. By comparing and analyzing the two algorithms, combined with the relevance of text feature and text classification and the probability that the text feature appears, this article proposes an improved text feature selection algorithm(MIDF). The experimental results show that, MIDF is valid to the appraisive classification research.
    Related Articles | Metrics
    The Method of Classifying Network Public Opinion Text Based on Random Forest Algorithm
    2014, 14 (11):  36. 
    Abstract ( 244 )   HTML ( 0 )   PDF (1536KB) ( 320 )  
    Faced with massive growth of Internet public opinion information, it’s very meaningful to classify these public opinion text information. First of all, this paper established the model of text document representation and selection of feature selection function. Then, it analyzed the characteristics of random forest algorithm in classification learning algorithm, and proposed to complete a series of document category by constructing decision tree. In the experiments, it collected a large number of network media corpora, and set the training and test, the common algorithm is obtained by contrast test (including the kNN, SMO, SVM) compared with the algorithm of RF quantitative performance data, this paper demonstrated that the proposed algorithm has better comprehensive classification rate and the stability of classification.
    Related Articles | Metrics
    Multi-level File Operations Recording System Based on Minifilter Driver
    2014, 14 (11):  41. 
    Abstract ( 226 )   HTML ( 1 )   PDF (1089KB) ( 1183 )  
    This paper studied for different levels of extraction and monitoring the behavior of file operations, aimed at the existing bypass filter drivers detection method was improved, more effective against malicious software behavior, multi-level technology to extract the file operations. Firstly the paper introduces the file filter driver technology , principle and current application situation,then introduces the widely application of micro file filter driver (Minifilter) technology development principle, steps and application field. Subsequent to the underlying behavior of file operations process are analyzed, and the Minifilter detection principle of the related introduction. To analyze its security and puts forward several methods of current can bypass the filter drivers detection principle. Including by adding filter drivers and send Hook function principle to bypass filter drivers, which the filter driver behavior cannot be detected.Lists the existing several attack methods from different levels to bypass the filter driver, including attached new filter drivers, direct access to the kernel, the sending of the underlying file structure function of different hook skills and so on. According to its attack principle is analyzed, puts forward corresponding detection methods.By adding the above on the basis of the original Minifilter several detection methods, which can realize to test the present a variety of means of attack, so as to add multi-layered protective measures. And then the improved filter drivers for targeted on the function and performance test, shows that the improved test drive to be able to use a smaller time cost to complete more deeper detection. Therefore the behavior of the improved extraction technology can bypass the normal file filter driver to expand to detect malicious behavior, the extraction of deeper malicious software file operations, so as to realize the target of suspicious file operations for a more comprehensive monitoring.
    Related Articles | Metrics
    Mechanism on Computer Access Permission Management Based on the Mobile Clients' Dynamic Password Algorithm
    2014, 14 (11):  46. 
    Abstract ( 281 )   HTML ( 0 )   PDF (1290KB) ( 209 )  
    With the rapid development of information technology, the Internet area has inundated with information security problems. With the maturity of hacker technology, the invasion of a personal computer has become an easy task, so personal computer privacy and permission management have become more seriously in our daily life. Traditional methods that only use login password would threat to computer security and privacy when owner’s friends or colleagues use his computer. Based on the RSA encryption mode, we design a dynamic password encryption algorithm and propose a mechanism on computer access permission management mechanism. Firstly, the mechanism could increase the difficulty of password cracking and improve the security of encryption with the use of dynamic password created by both PC and mobile terminal. We combine plaintext coding with RSA encryption algorithm for dynamic password in order to avoid some problems of dynamic password generated by time seed algorithm. In addition, we added control information into the dynamic password, and loaded the filter driver of file in the kernel after the screen was successfully unlocked, therefore, owner’s private directory would be safer and the system protection grade of sensitive documents would be higher. The mechanism we implemented is aimed to solve as mall and awkward problem in our daily life. Experimental results show that mechanism on computer access permission management based on the dynamic password can solve the problem of personal privacy and access permission management effectively, thus it has a good prospect of application.
    Related Articles | Metrics
    The Design and Research of Rootkit Detection System Based on Windows API
    2014, 14 (11):  52. 
    Abstract ( 171 )   HTML ( 1 )   PDF (2000KB) ( 762 )  
    Rootkit is referred to the malicious software that hides the traces of processes, network ports, files, etc. It is now widely used for the hacker intruding and attacking other peoples’ computer systems. Many computer viruses and spywares also use Rootkit to lurk in the operation system and watch for the proper moment for action. How to detect Rootkit efficiently becomes the key problem to counter these kinds of attacks. On the basis of previous works,this paper discusses the underlying principles of Windows, and developes a Rootkit detection system based on the WINDOWS API. With its help, the user can not only discover different kinds of hidden information of the operation system, but also easily find out the virus and Trojan which are running in the computer and clean them up. To a certain extent, this system enriches the research productions on Rootkit detection, and can offer reference for the follow-up studies.
    Related Articles | Metrics
    Exploration and Practice of Using Typical Software Vulnerabilities Based on Windows
    2014, 14 (11):  59. 
    Abstract ( 286 )   HTML ( 0 )   PDF (2188KB) ( 501 )  
    With the rapid development of the global information technology, computer software has become the important engine of the world economy, science and technology, military and social development. The core of information security is attached to the security mechanism of the operating system and software vulnerabilities. Software vulnerability itself can not constitute attack, software vulnerability exploiting make the attack possible. This article is based on the Windows operating system, mainly analyzes the principles of some typical software vulnerabilities as well as the common ways to exploit software vulnerabilities, comparing them. in different environment.The article also simply analyzes the protective effect to software security and the hinder to software vulnerability exploiting of Windows security mechanisms. The article emphatically does some explorations and practices on exploiting several typical software vulnerabilities, analyzing the fragility of Windows security mechanisms by using the current popular methods of bypassing security mechanisms.
    Related Articles | Metrics
    Research on SQL Injection Vulnerabilities Detection Technology Based on Proxy Mode
    2014, 14 (11):  66. 
    Abstract ( 343 )   HTML ( 6 )   PDF (1275KB) ( 1120 )  
    SQL injection vulnerability is one of the most common vulnerabilities in the Web site; also it's one of the most destructive loopholes during business operations. SQL injection vulnerability detection mode can be divided into manual and automated analysis. Although there are many automated tools that can help us quickly detect SQL injection vulnerability, but the capacity of the tools is very limited. For now, the biggest problem is how to ensure the comprehensive of the test data. Restricted to the crawler technology, the probability of false positives and false negatives of the automated tools is relatively large. Although the manual analysis way can ensure the accuracy of the vulnerability detection, but the testing process consumes a lot of time and low efficiency. In such cases, based on a proxy mode, this paper presents a SQL injection vulnerability detection way which can take full advantages of the existing vulnerability detection tools and achieve high efficiency and accuracy of SQL injection vulnerability detection. On the other hand, we also used this method to detect and analyze the XSS vulnerability in Web applications and have achieved very good results.
    Related Articles | Metrics
    Second-order SQL Injection Attack Defense Model
    2014, 14 (11):  70. 
    Abstract ( 327 )   HTML ( 1 )   PDF (1276KB) ( 814 )  
    With the rapid development of Internet technology, Web applications are becoming widespread, Web applications based on database have been widely used in a variety of enterprise business systems. However, due to the uneven experience of developers, there are a lot of security risks in Web applications. There are many factors that affect the security of Web applications. SQL injection attack is the most common and easiest to implement, and is considered to be the most destructive. Therefore, to prevent SQL injection attack is critical to Web applications, and how to prevent SQL injection attck effectively becomes an important research. The SQL injection attack uses the syntax of structured query language to attack. The traditional SQL injection attack defense model defenses SQL injection attacks by filtering user inputs and implementing syntax comparison, when malicious data in the database is added to the dynamic SQL statement, second-order SQL injection attack could occur. This paper proposes a second-order SQL injection attack defense model based on improved parameterized on the basis of previous studies. The proposed model consists of an input filter module, an index replacement module, a syntax comparison module and a parameterized replacement module. Experiments show that the proposed model can effectively prevent the second-order SQL injection attacks .
    Related Articles | Metrics
    Research and Implementation of Android Software Protection Based on SMC
    2014, 14 (11):  74. 
    Abstract ( 369 )   HTML ( 0 )   PDF (1524KB) ( 729 )  
    With the development of Android, software protection on Android platform get more and more attention. Due to the short time of Android platform’s popularity, study of the Android software protection is still at an early stage, and because of the developer’s lack of protection awareness, result in the frequent violations of intellectual property. Focus on the increasingly development of reverse engineering, this paper proposed the implementation of a new software protection technique for Android applications based on in-depth study of Android software protection and reverse engineering technique. Consider revising the self modifying cod on Windows, this paper implements the SMC technique on Android platform. This mechanism use the mature SMC technique on Android and the self-check technology, implement the check of program integrity and the modification of the key code during runtime. Relevant tests proved that the mechanism can effectively improve the anti-reversing technique and tamper resistance capability of the software.
    Related Articles | Metrics
    Study on New Mathematical Difficult Problem and Application in Block Cipher
    2014, 14 (11):  79. 
    Abstract ( 200 )   HTML ( 0 )   PDF (1130KB) ( 107 )  
    Cryptographic algorithm is generally based on mathematical difficult problems in order to insure security. At present, the existing mathematical problem can be reduced to solving one or a series of unknown number. Different from the existing mathematical difficult problem, this paper presents a new class of mathematical difficult problem which is to solve unknown function, but not unknown number. There is no feasible method to solve the problem. In this paper, the obstacles are overcome and the security under exhaustive attack is considered, and a block cipher scheme is proposed based on the combination of solving unknown number and unknown function. The function of encryption and decryption are unknown. In the scheme, the unknown function is decided by the key and the codebreaker does not know the key, and hence cannot confirm the cipher function. As the encryption and decryption function is unknown, so precondition of most cryptanalysis method is unknown, and hence the analysis is infeasible. Under the scheme a new one-wayness about the cipher function is formed. The men to encrypt and decrypt can easily determine the cipher function, but the cryptanalyst cannot determine. The scheme has perfect security for the existing cryptanalysis. The conceivable attack methods are imagined, several attack thoughts are given, and the optimization of the cryptosystem for these attacks is given. Aiming at the conceivable attacks, some principled suggestions are given to avoid the concrete form is determined by cryptanalysis using various clues or the unknown function is unified into a known function.
    Related Articles | Metrics
    The Practice and Consideration of Constructing Network Security Law Enforcement Technology Discipline for Provincial Public Security Colleges
    2014, 14 (11):  83. 
    Abstract ( 257 )   HTML ( 0 )   PDF (1029KB) ( 421 )  
    Network security and law enforcement technology is a young discipline developed in recent years. It is the fusion of comprehensive knowledge of computer science, law, sociology, science of public security and so on. The discipline owns wide researching field, involves rich content, and has obvious trans-disciplinary characteristics, which poses challenges to the construction of the discipline. In this article, from the existing practice of disciplines , the characteristics of the local public security institutions is analyzed to describe research fields during the disciplines construction, the relationship between discipline and professional, and personnel cultivation.At last, the proposals and problems that should be paid attention are put forward about the selection and construction, the method of personnel training, professional and curriculum construction, and etc. in the research field of network security and law enforcement technology discipline.
    Related Articles | Metrics
    The Research of the Significance of the Information Theory Course for the Construction of Network Security and Law Enforcement Discipline
    2014, 14 (11):  87. 
    Abstract ( 271 )   HTML ( 0 )   PDF (1409KB) ( 569 )  
    The construction of the network security and law enforcement, which is the technology originated from the sciences of the communication technology and the information security as well as the computer science, aims to cultivate the excellent law enforcement officers for the Chinese police works. The information theory which consists of the source coding theory, channel coding and the cryptography is the base of the network communication. The information theory course is also significant to the instructions of the Network security and law enforcement. Furthermore, during the instructions of the network security and law enforcement, the information theory plays more roles to cultivate the law enforcement officers. By introducing the basis information theories and the advanced technologies of the modern communication, the course matrix of the cultivation becomes clearer. In this paper, we gave the discussion of the importance of the information theory for the network security and law enforcement and the deployment of the information theory courses were also proposed with the form of the courses table in this paper. Behind all of analysis of the importance of the information theory for the network security and law enforcement, the conclusion is that the information theory is one of important course of the network security and law enforcement, which is the meaningful work for the construction of the network security and law enforcement. Then the information course is necessary for the network security and law enforcement.
    Related Articles | Metrics