Netinfo Security

Security Protection of Critical Infrastructure

Si-han QING

2015, 15 (2): 1-6. doi: 10.3969/j.issn.1671-1122.2015.02.001

Abstract ( 476 )

HTML ( 9 )

The network security threats continuously increase with the rapid development of Internet applications. The construction and security protection of critical infrastructure must be highly valued as it is related to national security. This paper addresses the measures US and Europe have taken, analyzes what China should do, and describes the challenges faced by basic software and hardware, cloud computing infrastructure, trusted computing technology, and identity authentication mechanism, etc. from a technical perspective, and analyzes the trend of technology and latest advances.

Figures and Tables | References | Related Articles | Metrics

Research and Implementation on Information Security Risk Assessment Key Technology

Wei-ping WEN, Rong-hua GUO, Zheng MENG, Xiao BAI

2015, 15 (2): 7-8. doi: 10.3969/j.issn.1671-1122.2015.02.002

Abstract ( 990 )

HTML ( 46 )

Information security is the most concerned problem in the development of global information. As organizations get into the era of information office, almost all the information of organizations is stored in the information systems. Once the information system encounters threats and attacks, it will be hard to imagine the damage and loss. The rules for safety risk assessment were initially put forward abroad, now are applied widely in the area of information security. The article firstly introduces the theoretical basis and process of risk assessment, including the definition of risk assessment, the relationship between risk assessment factors, safety risk model, and the common risk assessment methods. Then the article introduces the structure design and function modules design of risk assessment and control software. The software involves asset identification, threats analysis, vulnerabilities analysis, confirmation and assessment of the existing security strategies, comprehensive risk assessment and assessment report output. Combining with the SQL server database and Tomcat middleware technology, the risk assessment system is implemented and tested in the test platform. In the process of designing the assessment software, the vulnerability detection function is added, which provides further security safeguard for assessment. The modular structure of the system is simple and clear and the assessment function is strong, achieving the prominent effect.

Figures and Tables | References | Related Articles | Metrics

Research on Network Intrusion Detection Using Support Vector Machines Based on Principal Component Analysis

Ming-yu QI, Ming LIU, Yan-ming FU

2015, 15 (2): 15-18. doi: 10.3969/j.issn.1671-1122.2015.02.003

Abstract ( 624 )

HTML ( 14 )

Aim

ing at the shortcomings of the traditional intrusion detection system, such as low rate of detection, time wasting, high rate of false positives and so on, this paper proposed a method of network intrusion detection (PCA-SVM) using support vector Machines (SVM) based on principal component analysis (PCA). This method begins with data preprocessing, then find the optimal set of attributes by traversing the 41 principal component attribute values, finally training support vector machine classifier to obtain a detector based on this data set. This experiment has been simulated in the Matlab software with the KDD99 data. As a result compared with the traditional intrusion detector which training from 41 attributes, this method greatly reduces the detection time, improve the detection efficiency and reduce the rate of false positives. So it provides a new feasible solution for network intrusion detection technology.

Figures and Tables | References | Related Articles | Metrics

Analysis and Research on Network Security for OpenFlow-based SDN

Qing-yun ZUO, Hai-su ZHANG

2015, 15 (2): 26-32. doi: 10.3969/j.issn.1671-1122.2015.02.005

Abstract ( 442 )

HTML ( 4 )

OpenFlow-based SDN technology separates the data and control planes of network, deploys central controller to manage and control the network, and provides a new solution for the development of future network. However, this new method of network management and control differs essentially from traditional network management method using close network equipment with distributed control plane currently, which would introduce new management and security problems when achieving centralized management. In this paper, we firstly introduce the defects of the three-layer architecture itself and the possible security issues, and analyze these issues from infrastructure layer, southbound interface, control layer, northbound interface and application layer respectively. Then, we summarize current related research status and research methods, and provide feasible solutions from four aspects including authentication mechanisms, backup and recovery of control layer, network anomaly detection and defense mechanisms, application isolation and permission management. After the discussion, we conclude the paper and point out the research direction.

Figures and Tables | References | Related Articles | Metrics

Analysis and Research on Network Security for OpenFlow-based SDN

ZUO Qing-yun, ZHANG Hai-su

2015, 15 (2): 26-32. doi: 10.3969/j.issn.1671-1122.2015.02.005

Abstract ( 349 )

HTML ( 7 )

OpenFlow-based SDN technology separates the data and control planes of network, deploys central controller to manage and control the network, and provides a new solution for the development of future network. However, this new method of network management and control differs essentially from traditional network management method using close network equipment with distributed control plane currently, which would introduce new management and security problems when achieving centralized management. In this paper, we firstly introduce the defects of the three-layer architecture itself and the possible security issues, and analyze these issues from infrastructure layer, southbound interface, control layer, northbound interface and application layer respectively. Then, we summarize current related research status and research methods, and provide feasible solutions from four aspects including authentication mechanisms, backup and recovery of control layer, network anomaly detection and defense mechanisms, application isolation and permission management. After the discussion, we conclude the paper and point out the research direction.

References | Related Articles | Metrics

Research on Lightweight Cryptography of Interplanetary Backbone Networks

Yu-ling HOU, Yang-dong BIAN, Guang-yue HU, Chao WANG

2015, 15 (2): 33-39. doi: 10.3969/j.issn.1671-1122.2015.02.006

Abstract ( 541 )

HTML ( 1 )

The existing security schemes are not suitable for interplanetary Internet, because they have some problems: be lack of interplanetary network security, the certification about interplanetary Internet nodes, and low efficiency in key management and secure authentication and high complexity in cipher algorithm. We propose the lightweight cryptography and lightweight security algorithm for interplanetary backbone networks. It can solve the problem that encounters malicious nodes in the process of backbone networks networking by threshold secret sharing mechanism. By the concept of CPK based on ECC, authentication is efficient without the third-party CA, and the lightweight ECC we proposed can speed up point multiplication to reduce the computational complexity; the key management can meet the resource limit in deep communication, and the key security depends on the exponential computation complexity of the elliptic discrete logarithm decomposition; the scheme also uses the improved two-way authentication to ensure the communication security between common spacecraft and satellite, which can prevent man-in-the-middle attack.

Figures and Tables | References | Related Articles | Metrics

System Design for Ocean Sensor Data Transmission Based on Wireless Networks

Le-cheng QU, Xin LI, Fa-jiang SUN

2015, 15 (2): 40-45. doi: 10.3969/j.issn.1671-1122.2015.02.007

Abstract ( 425 )

HTML ( 3 )

Exploration and development of marine resources has great significance for human, at the same time, marine data acquisition is the premise of exploration and development of marine. How accurate, efficient and real-time access to ocean sensor data, has become the key problem of ocean exploration. Currently used for ocean data acquisition and transmission mode mainly includes cable transmission, underwater acoustic communication, mobile networks based on the GPRS communication and satellite communication mode. But because of their own limitations, cannot meet the real-time, high efficiency, low power consumption and low cost requirements. This paper presents a new set of data acquisition and transmission system, ocean sensor data real-time transmission system based on wireless network. Under water, extracted from sensor data through induction coupling through inductive coupling mode, through a plastic coated steel cable to transfer the data to the data acquisition board for processing and storage. Above the water, the establishment of a wireless network using FGR2 wireless module, completes the real-time remote wireless data transmission based on FGR2 module in high speed and long distance and anti-interference advantages. At the same time, the wireless network through the FGR2 module, the groups together all the nodes within the network, the main node can sequentially acquiring a plurality of buoy through the network protocol data, and can be controlled to realize accurate acquisition and transmission of marine sensor data, to realize real-time ocean data acquisition, high efficiency, low power consumption and low cost goals.

Figures and Tables | References | Related Articles | Metrics

Analysis and Experiment of Kad Network Protocol

Mei XIONG, An-ming ZHOU

2015, 15 (2): 46-50. doi: 10.3969/j.issn.1671-1122.2015.02.008

Abstract ( 443 )

HTML ( 1 )

As an open network protocol, Kad makes the further research and improvement of its network protocol possible. After the systematic analysis of the whole Kad’s architecture,and combined with the static testing upon the open source, we study the security of the Kad protocol’s communication from the user,s privacy, the privacy of content, the files of servers list and nodes list,noted the defects and the potential threat of the protocol. At the same time,each aspects’ studing analysis and research of the experimental data are all based on the main interface of the data communication of the Kad software. Finally, facing different threats of the protocol, we offer different solutions which are based on the design and implementation of the major abstract class, then we can not only decrease the threat to the acceptable range of users and ensure that the users have a secure network environment, but also provide the data base and experimental conclusions for Kad network security, query strategy, topology optimization and so on.

Figures and Tables | References | Related Articles | Metrics

A Routing Algorithm of Opportunistic Social Networks Based on Network Coding

Feng QI, Chun-guang MA, Yong-jin ZHOU, Jun-feng MIAO

2015, 15 (2): 51-56. doi: 10.3969/j.issn.1671-1122.2015.02.009

Abstract ( 315 )

HTML ( 0 )

In order to solve opportunistic social network with negative factors that the low success rate of data transmission and the large average network latency, we proposed the a routing algorithm of opportunistic social networks based on network coding (OSN-NC). The intermediate nodes of OSN-NC routing algorithm are coded again only on the same target nodes of the coded data packet, so this can reduce the overall number of coded coefficients and the complexity of Gaussian elimination, and increase the reliability of data transmission. We use the message transmission strategy of combining PROPHET with network coding within the community, transmission the encoded data packets to the next hop node with greater encounter probability, until it reaches the destination node. We select the greater cumulative probability as the encoding node to complete message forwarding between the communities, until encounter intermediate nodes with the same community, then according to the messaging strategy within community. The simulation results show OSN-NC in improving network throughput and success rate of data transmission, reducing he average transmission delay other properties have significantly improved.

Figures and Tables | References | Related Articles | Metrics

Research and Implementation on Unknown Trojan Detection System Based on Feature Analysis and Behavior Monitoring

Zeng-shuai HAO, Rong-hua GUO, Wei-ping WEN, Zheng MENG

2015, 15 (2): 57-65. doi: 10.3969/j.issn.1671-1122.2015.02.010

Abstract ( 435 )

HTML ( 7 )

Trojan is a malicious program that exists mainly to steal user’s personal information and file data, and even to control user’s computer remotely, while hides itself as far as possible. In recent years, the hacker’s behavior has become more professional, interest-oriented, and group-organized, and network intrusion and attacking means have experienced daily changes. Nowadays, Trojan detection depends on the ability of anti-virus software in general, anti-virus software executes Trojan killing usually by using characteristic codes comparison and behavior recognition technology. This way needs anti-virus software to intercept the Trojan samples for analysis, extract the Trojan samples, and identify Trojan after upgrading the Trojan special library. So the hysteresis is very strong, which can’t kill the new Trojans and the Trojans without known characteristics. This paper discusses technology against anti-virus, hiding technology and active defense breakthrough technology, puts forward the Trojan detection method based on feature analysis and behavior monitoring, and completes the design and realization of the unknown Trojan detection system. The system covers the shortage that the existing anti-virus software and security measures can only kill and monitor the known Trojans but can’t identify and kill the unknown Trojans.

Figures and Tables | References | Related Articles | Metrics

Research on Digital Fingerprinting Generation Scheme and Key Algorithm

Wen-long LIU, Hui LI, Dong-xun JIN

2015, 15 (2): 66-70. doi: 10.3969/j.issn.1671-1122.2015.02.011

Abstract ( 673 )

HTML ( 19 )

As a new digital copyright protection technology, digital fingerprinting technology plays an important role in plagiarism detection. Still, the fingerprinting generation algorithm directly determines the performance of the digital fingerprinting scheme. In this article, we expound several kinds of commonly used digital fingerprinting algorithms—MD5, SHA1, Rabin fingerprinting algorithm, and introduce the basic theories of the three algorithms. At the same time, we test the performance of each digital fingerprinting algorithm through experiment. To test the difference of the three algorithms in performance, we create many different sample test files whose sizes between 20KB and 20MB. In the experiment, we preprocess all the test files at first, remove all the irrelevant characters. Then we generate digital fingerprints of preprocessed files with block strategy, and test the generation efficiency of the three algorithms in different block strategies and different size files. The result indicates that hash function has better generation performance in terms of large files, while in terms of small files, hash function and Rabin fingerprint algorithm has the same performance. The experiment results provide experimental support for selecting proper fingerprinting generation algorithm in the next new fingerprinting scheme.

Figures and Tables | References | Related Articles | Metrics

Research on Multiple Watermarking and Application in Digital Works Transaction System

Jiao-rao SU

2015, 15 (2): 71-76. doi: 10.3969/j.issn.1671-1122.2015.02.012

Abstract ( 484 )

HTML ( 1 )

With the advent of digital era, digital watermarking exerts more and more influences in the area of copyright protection, broadcast monitoring and content authentication etc. After more than 10 years development, digital watermarking has achieved great accomplishments in the aspects of theory, algorithm, application and so forth. However, most existing watermarking researches focus on single watermarking; research on multiple watermarking is relatively less. Multiple watermarking has special application situation and value, thus the research on multiple watermarking and its application are of great significance. This paper firstly studies the advantages and disadvantages of the typical multiple watermarking methods such as re-watermarking, segmented watermarking, composite watermarking and spread-transformation watermarking, and then analyses the problems of copyright protection in the process of digital works transaction, designs and implements a digital works transaction system based on the selected segmented watermarking. In this system, the watermark containing the information such as author identity and create time is embedded into the author's works, and then the works are delivered to the publisher, while the publisher's information is embedded into the works. Before the works are sold out, the watermark containing specific consumer’s information is embedded into the works. The experiment result verifies the effectiveness and robustness of the designed system. At last, this paper prospects the foreground of the multiple watermarking.

Figures and Tables | References | Related Articles | Metrics

Research on Multiple Watermarking and Application in Digital Works Transaction System

SU Jiao-rao

2015, 15 (2): 71-76. doi: 10.3969/j.issn.1671-1122.2015.02.012

Abstract ( 234 )

HTML ( 0 )

With the advent of digital era, digital watermarking exerts more and more influences in the area of copyright protection, broadcast monitoring and content authentication etc. After more than 10 years development, digital watermarking has achieved great accomplishments in the aspects of theory, algorithm, application and so forth. However, most existing watermarking researches focus on single watermarking; research on multiple watermarking is relatively less. Multiple watermarking has special application situation and value, thus the research on multiple watermarking and its application are of great significance. This paper firstly studies the advantages and disadvantages of the typical multiple watermarking methods such as re-watermarking, segmented watermarking, composite watermarking and spread-transformation watermarking, and then analyses the problems of copyright protection in the process of digital works transaction, designs and implements a digital works transaction system based on the selected segmented watermarking. In this system, the watermark containing the information such as author identity and create time is embedded into the author's works, and then the works are delivered to the publisher, while the publisher's information is embedded into the works. Before the works are sold out, the watermark containing specific consumer’s information is embedded into the works. The experiment result verifies the effectiveness and robustness of the designed system. At last, this paper prospects the foreground of the multiple watermarking.

References | Related Articles | Metrics

Research on Improved Slope One Recommendation Algorithm

Hua CHAI, Jian-yi LIU

2015, 15 (2): 77-81. doi: 10.3969/j.issn.1671-1122.2015.02.013

Abstract ( 392 )

HTML ( 5 )

With the continuous expansion of Internet information, the Internet has entered the big data era.The recommendation systems have come into being to solve the problem of information overload. The core of recommendation system is the recommendation algorithm. The slope one algorithm is a simple, efficient and typical collaborative filtering recommendation algorithm. This algorithm uses the linear regression of user-item score matrix to predict the scores of items. The data sparsity is the major problem affecting its accuracy because the matrix is usually very sparse. In this paper, we propose an improved slope one algorithm to solve this problem. Firstly, the similarity between items is calculated and is added to the score formula. Then, we use single value decomposition to reduce dimension of the sparse user-item value matrix and generate a similar but denser matrix to be the new input of slope one algorithm. Item similarity takes the internal relation into consideration and makes the result more reasonable. Single value decomposition converts the sparse matrix to a more appropriate form for calculation. Through the mix of the two techniques, the new algorithm has better prediction accuracy and flexibility.

Figures and Tables | References | Related Articles | Metrics

Table of Content