Loading...
Netinfo Security

Table of Content

    10 December 2014, Volume 14 Issue 12 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    Research on Cloud WAF Systems
    WANG Li-le, LI Ming, WANG Hao, BI Sheng-jie
    2014, 14 (12):  1-6.  doi: 10.3969/j.issn.1671-1122.2014.12.001
    Abstract ( 631 )   HTML ( 9 )  
    Today, as a Web application firewall cloud model, cloud WAF has officially commercialized. It is a new model of information security products, and already has a perfect function definition and mature technology platform. Many providers who supply cloud services to consumers begin to release solutions to cloud WAF. Cloud WAF service has improved cloud computing’s security, enhanced application availability and security, and it increased the overall security of the network . The paper analysed and investigated the overall framework of cloud WAF platform and its technology strategy based on the actual situation.
    References | Related Articles | Metrics
    The Research on Trusted Software Watermarking Based on Machine Fingerprint
    WANG Wei, ZHANG Yi, WANG Liu-cheng, ZHU Jian-wei
    2014, 14 (12):  7-11.  doi: 10.3969/j.issn.1671-1122.2014.12.002
    Abstract ( 499 )   HTML ( 3 )  
    In recent years, with the prevalence of the Internet and cloud technology, digital products with copyright generated by people from all of the world, but at the same time the copyright pirate becomes commoner and commoner, which did a great harm to the interest of the providers. The technology of digital watermarking embeds some identifying information directly in a digital carrier or indirectly represents them via modifying the structure of a specific area, and does not affect the original value. The technology can be easily detected by the provider while difficult to the hackers, so it can completely tell the identification information. After the study of the existing methods of software watermarks which are totally based on the software’s attributes and the analysis of their disadvantages when face distortion attack and adding attack, this paper proposes a new method to generate digital watermarking with the help of the principles of trusted platform module (TPM) in trusted computing system. The digital watermarking generation method we proposed has great security, undetectability and robustness, avoids damages to the computer, and can be used much more broadly.
    References | Related Articles | Metrics
    A Homomorphic Encryption Scheme on Online DBMS with Multilevel Secure Mechanism
    LI Bin, BAI Shu-jun, SONG Huai-gang
    2014, 14 (12):  12-15.  doi: 10.3969/j.issn.1671-1122.2014.12.003
    Abstract ( 460 )   HTML ( 4 )  
    Owing to online DBMS is used widely, sensitive information stored in database should be encrypted. To acquire higher performance, a technology about privacy homomorphism can be used. By using this technology, it is possible to manipulate encrypted information without decrypting them. DBMS with multilevel secure mechanism would have higher information protection level. A new encryption scheme on online DBMS with multilevel secure mechanism is provided in this paper. The server has keys to handle data with all secure levels, and the client only has the key suiting for its own level. It includes two-layer encryption mechanism on fields and records. The process of encryption and decryption has clear layer and simple calculation. It has multilevel secure mechanism. High secure level users can decrypt low secure level data. It supports all relation operations on database. The example shows that the provided encryption scheme truly has feasible key configuration programme, right encryption and decryption process and perfectly supports multilevel secure mechanism.
    References | Related Articles | Metrics
    Automatic Identification for Abnormal HTTP Behavior Based upon RBF Neural Network
    WANG Jing-zhong, XU You-qiang
    2014, 14 (12):  16-20.  doi: 10.3969/j.issn.1671-1122.2014.12.004
    Abstract ( 518 )   HTML ( 4 )  
    With the rapid development of Internet and the fast growth in the amount of users, the number of kinds of attacks against network services is increasing. At present, most of the network protection measures aim at attacks which take place in network layer or transport layer, there is almost no protection measure that aims at attacks which take place in application layer.On the other hand, more and more attacks which aim at Web service occur in application layer. This paper proposes an automatic identification algorithm, which could identifies abnormal HTTP behaviors based on RBF neural network. Firstly, the normal HTTP behaviors and the abnormal HTTP behaviors are simulated. Secondly, by analyzing the content of packets acquired in the Web communication process, combining with related information of packet header, records of HTTP behaviors are extracted. A lot of simulation experiments are conducted to generate enough records of normal and abnormal HTTP behaviors, these records are used to train RBF neural network. The well-trained neural network is used to identify abnormal HTTP behaviors from all HTTP behaviors automatically, then these abnormal HTTP behaviors are stored to database.
    References | Related Articles | Metrics
    Dynamic Analysis Scheme of Android Malware Based on Sandbox
    ZHAO Yang, HU Long, XIONG Hu, QIN Zhi-guang
    2014, 14 (12):  21-26.  doi: 10.3969/j.issn.1671-1122.2014.12.005
    Abstract ( 571 )   HTML ( 17 )  
    The popularity of smart phones have greatly stimulated the spread of malicious software, because of its huge market share and revenue characteristics, the Android platform has become the preferred target of attackers. Since the traditional signature-based antivirus software can effectively detect known malicious software, the unknown malware is powerless. In this paper, we proposed a novel dynamic analysis scheme of Android malware based on sandbox, which is used to analyze unknown malware effectively. The scheme implements the Android sandbox by installing Android x86 virtual machine in the virtualization software Oracle VM VirtualBox, while using a command-line tool provide by VirtualBox to control the Android sandbox. The Android application performs the corresponding action by calling the appropriate API. We determine the behavioral characteristics by monitoring the API information called by Android application. We make the Android application to run automatically by inserting monitoring codes in the application package and transmit different user flow of events to simulate real operations of users on the application. Experiments show that the proposed scheme is feasible.
    References | Related Articles | Metrics
    Research and Implementation of Micro-blog Keyword Extraction Method Based on Clustering
    SUN Xing-dong, LI Ai-ping, LI Shu-dong
    2014, 14 (12):  27-31.  doi: 10.3969/j.issn.1671-1122.2014.12.006
    Abstract ( 552 )   HTML ( 3 )  
    This paper presented a Micro-blog keyword extraction based on Clustering. It achieved in three steps. At first, the experiment pre-processed and breaked word on the microblogs, then used TF-IDF and TextRank algorithm to calculate word weight, according to the characteristics of short text microblogging used a combination of the two methods calculate weighting terms and extracted candidate keyword by clustering algorithm. Secondly, taked n is 2 defines the maximum probability left neighbor and maximum probability right neighbor based on the theory of n-gram language model, accordingly extended the candidate keywords into key phrases. At last, the result filtered according to the concept of accessory variety and semantic number of units in the semantics extension model. The experimental results show this method can effectively extracted the microblogs keywords and TextRank performed better than the TF-IDF when processed short text .
    References | Related Articles | Metrics
    A Public Opinion Monitoring System Based on Big Data Technology
    CAO Bin, GU Yi-li, XIE Zhen-zhen, CHEN Zhen
    2014, 14 (12):  32-36.  doi: 10.3969/j.issn.1671-1122.2014.12.007
    Abstract ( 570 )   HTML ( 17 )  
    With the popularization of Internet, social network has become a vital part of people's lives. Social media promotes flow and dissemination of information, but also brings a deluge of social media data and user data. Social media analysis is the main component of public opinion monitor system. Analysing and monitoring of public opinion data is one of the new technical problems caused by media in this era. In recent years, new technology such as big data processing provides proven solution to cope with the massive data . There are many big data processing platforms, in which Hadoop platform has a mature community and its structure is stable and easy to use. To text classification problems, LDA statistical modeling brings a new approach. Therefore, this paper proposes a public opinion monitoring system based on proven open source architectures. The system bases on Hadoop platform, with Nutch as a crawler, using Solr to achieve the core index search function. The entire platform demonstrates its high efficiency in the mass data processing analysis. while providing intelligent analysis and statistical functions in response to the problems caused by massive amounts of data.
    References | Related Articles | Metrics
    Study and Application of Network Security Situation Based on Ant Intelligence
    LI Lin, XU Jia-le, ZHANG Xiao, LIU Nian
    2014, 14 (12):  37-42.  doi: 10.3969/j.issn.1671-1122.2014.12.008
    Abstract ( 487 )   HTML ( 1 )  
    With the rapid development of network technology, the network security problem has become increasingly serious, the traditional network security technologies-vulnerability detection mechanisms, malicious code detection technology, firewall technology, intrusion detection technology, information security risk management technologies-which has the poor real-time and false positives and false negatives. They may introduce new vulnerabilities and cannot react the quantitatively of the current security situation. At the same time, the increasing complexity of network structure also brings new challenges for network security management. System administrator cannot solve network security problem timely and effectively. Therefore, how to achieve effective combination of situation analyses and defense technology for network security becomes a hot issue recently. In order to solve this question, this paper proposes a framework based on ant colony of intelligent network security situation awareness (ant intelligence situation awareness, AISA) and the key technology needed to achieve that. An agent inserted between the administrator and the host can be used for information collection, situation analysis, situation assessment and self-defense. In the process of network security situation awareness, ant colony algorithm can be resorted to and the pheromone guides the movement of the Agent to achieve an effective integration of network security situation analysis and self-defense techniques. Experiments show that the framework realizes a real-time network security awareness and quantitative perception, which can reduce the labor of administrators and improve management efficiency of the network security.
    References | Related Articles | Metrics
    A Method to Defend Intrusion from Hypercall of Xen
    LI Hui, CHEN Xing-shu, ZHANG Lei, WANG Wen-xian
    2014, 14 (12):  43-46.  doi: 10.3969/j.issn.1671-1122.2014.12.009
    Abstract ( 436 )   HTML ( 1 )  
    Cloud computing is developing fast and widely used, as an important support for cloud computing, virtualization has improved the efficiency of resource utilization and management capability for a platform. As an open source software for virtualization, the unique design and excellent performance make Xen adopted by many could service providers, which are also troubled by the security problems of Xen hypervisor. The privilege interfaces provided by Xen can be utilized by malicious code of virtual machine, which can be used by intruders to attack Xen or virtual machines running above. To solve the problem of hypercalls of Xen to be abused by malicious code inside guest kernel, a method to analyze the execution path of guest kernel is provided, which is used to trace the execution path of guest kernel that has launched this hypercall, compared with the training set constructed at the beginning, preventing hypercalls being misused by malicious code of guest kernel becomes possible. By tracking stack information of guest kernel, the execution path of virtual machine is reconstructed and built up with the help of instruction analysis and symbol table of guest kernel, unexpected execution paths of hypervalls are avoided with this method. We experimented our idea on Xen platform, a new virtual machine was created to get its training set during its running time. Then when this heprcall happens, the corresponding execution path is constructed dynamically, compared with the training set, unforeseen invoking to hypervalls is avoided.
    References | Related Articles | Metrics
    Software Design of EXT3 File Operation Trace Extraction
    XU Guo-tian
    2014, 14 (12):  47-50.  doi: 10.3969/j.issn.1671-1122.2014.12.010
    Abstract ( 400 )   HTML ( 4 )  
    Most of the Linux hosts use the EXT3 file system. The hard disk of EXT3 format can store a large number of suspicious files. It's very important to identify the increase, delete, change operation of the suspect in the documents. Extraction of the modified data is important for the investigation and forensic of the public security organs. The operation traces of different files are analyzed in this paper. The basic structure of the EXT3 log file and a method to extract the file name and the inode node information from the log are studied. Extraction method of operating traces based on inode and a state transition machine are designed. The software can be run directly in the Linux host and complete the trace extraction by scanning the log file. After a lot of practical testing, the software can effectively extract the uncovered traces of operation in EXT3 file system.
    References | Related Articles | Metrics
    A Novel AOA Clustering-based Localization Algorithm with High Accuracy
    HUANG Qi, HUANG Hai, XIE Dong-qing
    2014, 14 (12):  51-55.  doi: 10.3969/j.issn.1671-1122.2014.12.011
    Abstract ( 547 )   HTML ( 3 )  
    Nowadays, network security mostly connects to wireless sensor network (WSN), the ability of WSN rests with the quality of the localization algorithm. Clustering localization algorithm is efficient, highly scalable, simple and practical algorithm, but it is also a fuzzy match algorithm which does not have high accuracy. If cluster-head switch of clustering algorithm is done within the global nodes, it will cause large amount of energy waste. The AOA algorithm has good localization ability under complex environment. In this paper, by using the AOA algorithm, every node has the ability of self-detection and can calculate the coordinates relative to cluster-head with coordinate algorithm by using node relative-angle. In order to reduce energy waste, this paper designs a algorithm base upon energy-efficient principle of the complete graph. Separating clusters only runs once in the beginning. A new cluster-head will be elected when there is no cluster-head in a cluster or it is in the situation of low power, and then the information is send to the latest cluster-head. Simulating experiment with Matlab shows that this paper achieves a range-based clustering localization algorithm. The algorithm maintains the advantages of high-speed deploying, high energy-efficient and high accuracy. In addition, the algorithm is adequate to non-loosen wireless sensor network.
    References | Related Articles | Metrics
    The Method of KPI Classification of Mobile Communication Network
    LI Hui-zhi, YUAN Chao-wei
    2014, 14 (12):  56-60.  doi: 10.3969/j.issn.1671-1122.2014.12.012
    Abstract ( 582 )   HTML ( 13 )  
    With the great development of communication industry, the scale of mobile communication network becomes larger, and networks are increasingly complex. As the 2G network is being constantly optimized, the 3G network is becoming more mature, 4G network is under large-scale construction, it gradually or has become a challenge for mobile operators that how to accurately grasp real-time network status, how to perceive network performance from the view of users, how to evaluate the quality of network, restricts further optimization of mobile networks, and influence further improvement of user experience. Auxiliary test unit (ATU) is an indispensable tool for future performance testing and optimization of mobile network. Compared to traditional manual road test, ATU has fewer staff input, broader range of tests, shorter test cycles and other advantages; therefore the importance of ATU will highlight in the future mobile operator's daily network optimization. Mobile operators auto drive test (DT) platform provides abundant indicators currently, and it is an issue worthy of studying that how to select and classify these indicators in a quick and efficient evaluation of network quality. Using MATLAB, this paper conducts correlation analysis among KPIs, then accomplishes the classification for each indicator based on statistical principle, presents a mobile network indicator classification method, reduces the difficulty and improves the efficiency of the network quality analysis.
    References | Related Articles | Metrics
    Research and Realization of Indentification Technology of Mobile Internet Audio-Video Protocol
    ZHAO Zheng, LIU Ji-qiang
    2014, 14 (12):  61-64.  doi: 10.3969/j.issn.1671-1122.2014.12.013
    Abstract ( 444 )   HTML ( 0 )  
    The Audio-Video(AV) type apps is a hot topic in app markets. Comparing with the traditional Internet protocol identification which is thoroughly studied, studying AV protocol identification in mobile network is preliminary. Carriers can provide differential services and security profiling by recognizing different apps from collected users’ online watching behaviors. In this paper, we study the protocol identification technology for AV apps in mobile network. We get application signatures through protocol payloads. The obtained signatures are used to classify protocols. By setting up a large number of experiments and developing identification programs, I proposed a new method that can automatically identify AV protocols in mobile network. In addition, the accuracy and efficiency are further improved.
    References | Related Articles | Metrics
    Performance Analysis of Vehicle-to-Vehicle Communication System in the Internet of Vehicle under n-Rayleigh Fading Channels
    XU Ling-wei, ZHANG Hao, WANG Jing-jing, WU Chun-lei
    2014, 14 (12):  65-70.  doi: 10.3969/j.issn.1671-1122.2014.12.014
    Abstract ( 363 )   HTML ( 0 )  
    The average symbol error probability (ASEP) and channel capacity of vehicle-to-vehicle communication system employing election combining (SC) receiving under n-Rayleigh fading channels is investigated in this paper. Based on the integral approach, the exact form expressions of the average symbol error probability are derived for M-ary phase shift keying (MPSK) and M-ary pulse amplitude modulation (MPAM). The exact form expressions of ergodic capacity are also presented. Then the ASEP and channel capacity performance under different conditions is respectively evaluated through numerical simulations. The numerical simulations results coincide with the theoretical results well, and the accuracy of the analytical results is verified. Simulation results show that: the ASEP and channel capacity performance can be improved with the increase of the number of diversity branches, when SNR=16dB, the diversity branches L=1, the ASEP with QPSK is 7×10-2, the channel capacity is 4bps/Hz; the diversity branches L=2, the ASEP with QPSK is 1×10-2, the channel capacity is 5.1bps/Hz; the diversity branches L=3, the ASEP with QPSK is 2×10-3, the channel capacity is 5.8bps/Hz.
    References | Related Articles | Metrics
    Research and Implement on Dynamic Access Control Model Based on User’s Behavior in SaaS
    GUO Fei, ZHANG Hua, GAO Fei
    2014, 14 (12):  71-75.  doi: 10.3969/j.issn.1671-1122.2014.12.015
    Abstract ( 473 )   HTML ( 2 )  
    SaaS shared nature determines the importance of user’s trusted access behavior to cloud services. In the traditional access control model, once the users have been given a role, they will always have the privileges based the role. It lacks dynamic. For the above-mentioned points, this paper presents a dynamic access control model based on user’s behavior in SaaS. It is based on the traditional access control model and the analysis of the characteristics of user’s trusted behavior. The tenants in the model achieve a better control of the security domains. In addition, user groups and the scope of the data achieve a better control of the granularity. This reflects the flexibility of the access control to cloud service. Based on the evidence value during the user’s visit, this model uses fuzzy analytic hierarchy process to determine the trust level of the behavior. And then according to the sensitivity level, the privileges that the user can exercise will be determined ultimately. This reflects the dynamic. As the results showed, the access control model presented in this paper can respond to user’s illegal behavior quickly. At the same time, it is able to control legitimate access behavior effectively and ensuring the safety and reliability of cloud services.
    References | Related Articles | Metrics
    The Research on Vulnerability Mitigation in Memory
    HE Ying-rui, SHI Ji, ZHANG Tao, WEN Wei-ping
    2014, 14 (12):  76-82.  doi: 10.3969/j.issn.1671-1122.2014.12.016
    Abstract ( 467 )   HTML ( 11 )  
    With the technology of finding vulnerabilities in software getting more mature, the total number of bugs is increasing yearly. In order to improve the security of memory protection, in terms of operating system and compiler, measures taken by OS to mitigate exploit are getting more perfect. This article describes some of the key mitigations, including GS options, SEH, Heap protection, DEP, and ASLR. The GS compiler technology and SEH security authentication mechanism can effectively detect and prevent most stack-based overflow attacks; Heap protection provides more restrictions aiming at stack overflow; DEP can perform additional memory checks to prevent malicious code executing in the system; ASLR helps to prevent buffer overflow attacks by randomizing the key address.The article also points out the drawbacks and introduces some method to defeat these mitigations from the views of attackers. Aiming at the vulnerability mitigation technology, the article points out it must be considered how to cover the shortage on resisting the attack of composite vectors and how to improve and perfect the bypassing protection in the future.
    References | Related Articles | Metrics
    Assets Recognition and Importance Assessment Based on Information Flow
    WEI Feng, JIANG Fan
    2014, 14 (12):  83-87.  doi: 10.3969/j.issn.1671-1122.2014.12.017
    Abstract ( 815 )   HTML ( 40 )  
    Information assets recognition and its importance assessment is a key step in information security assessments. This paper proposes a method based on information flow to give a solution. Firstly, we use Petri Nets theory to analyze the business process, it is beneficial for us to recognize assets' nodes and transform all information assets into a directed graph. Secondly, combined with classified protection of information system, an algorithm called FrequencyRank is put forward to calculate the value of each node in the directed graph, the value of each node represents its importance in the graph. Experiments show that the solution in this paper can accurately get the importance of each node, and also it is consistent with the actual situation.
    References | Related Articles | Metrics