Loading...
Netinfo Security

Table of Content

    10 October 2015, Volume 15 Issue 10 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    Research and Implementation of Webpage Trojan Detection Model Based on Obfuscation Mechanisms
    DU Chun-lai, SUN Hui-zhong, WANG Jing-zhong, WANG Bao-cheng
    2015, 15 (10):  1-7.  doi: 10.3969/j.issn.1671-1122.2015.10.001
    Abstract ( 681 )   HTML ( 8 )   PDF (2161KB) ( 154 )  

    Webpage trojan is a malicious program that uses the Webpage to carry out the destruction. When the user visits the Website that contains some Webpage trojans, the trojan program will be silently downloaded through the link embedded in the Webpage. Once the trojans are downloaded and activated, they will use resources in the system to destroy the computer system. Currently, Webpage trojan detection includes static detection based on feature codes and dynamic detection based on honeypot client, but the two detection schemes can’t well solved the problems of growing number of Webpage trojans, confusion and avoiding detection means. This paper combines the advantages of the two detection schemes, putting forward an anti-obfuscation technology based on Webpage content analysis and shellcode location and recognition, which can solve the omission problem caused by interaction conditions not existing while verifying dynamically embedded links. On this basis, combined with the static and dynamic detection mechanisms, the paper establishes a Webpage trojan detection model. The experimental results show that the model can accurately detect various types of shell, encryption, deformation Webpage trojans, improving the detection efficiency of trojans.

    Figures and Tables | References | Related Articles | Metrics
    A Strong Designated Verifier Ring Signature and Signcryption Scheme
    ZHAO Yang, YUE Feng, XIONG Hu, QIN Zhi-guang
    2015, 15 (10):  8-13.  doi: 10.3969/j.issn.1671-1122.2015.10.002
    Abstract ( 361 )   HTML ( 0 )   PDF (1621KB) ( 124 )  

    The designated verifier signature specifies a verifier to check the validity of the signature; any third party can not check it because the designated verifier is able to generate an indistinguishable signature from the signer’s signature. In ring signature scheme, the signer can sign the message on behalf of the ring anonymously, the verifier can check the validity of the signature, but it cannot recognize which member of the ring has signed it. In order to ensure the signer’s identity privacy and that only the designated verifier can check the authenticity of the signature, Wu propose a strong designated verifier ID-based ring signature scheme through combining the designated verifier signature and the ring signature. The scheme allows the signer to designate a verifier and generate a designated verifier ring signature. Through the analysis on Wu’s scheme, we figure out the scheme does not satisfy the attribute of non-delegatability in designated verifier signature scheme and describe the attack method in this paper. For the sake of avoiding the flaw, this paper improves Wu’s scheme and makes it provably secure. In addition, according to the improved scheme, we propose a strong designated verifier ring signcryption scheme providing authentication and confidentiality simultaneously.

    References | Related Articles | Metrics
    The Model of Network Access Based on Trust Evaluation
    LI Jian, GUAN Wei-li, LIU Ji-qiang, WU Xing
    2015, 15 (10):  14-23.  doi: 10.3969/j.issn.1671-1122.2015.10.003
    Abstract ( 493 )   HTML ( 0 )   PDF (3299KB) ( 115 )  

    Sometimes users have to access the service which beyond of the domain and different identity domains. In the user-centric identity management infrastructure, due to the service provider has not set up direct relationship with the identity provider, the user summit his or her own identity and certificates when they access the service provider, the service provider must carry out trust measurement to the identity provider. To meet the requirement, the model of network access based on the trust evaluation is put forward, parallel and sequence digital multi-signature scheme are used for trust vote respectively, according to the result of trust evaluation, the service provider determines whether or not accept the user’s certificate and provide service for the user. By trust evaluation, the identity information of different system is related, to achieve the use of a small amount of information access to more network services,. The security analysis shows that the model can resist multiple-attacks effectively.

    Figures and Tables | References | Related Articles | Metrics
    Review on Location Trajectory Privacy Protection
    MA Chun-guang, ZHANG Lei, YANG Song-tao
    2015, 15 (10):  24-31.  doi: 10.3969/j.issn.1671-1122.2015.10.004
    Abstract ( 414 )   HTML ( 2 )   PDF (1580KB) ( 334 )  

    Location based service brings great convenience for users in daily life, but at the same time it inevitably leads to a certain degree of users’ private information exposure. On issues of privacy, the focus of current research is protection of users’ location privacy. Due to the relationships between locations, scattered locations could be constituted into location trajectory, and that location trajectory contains more spatio-temporal correlations, with comparison of solo location. The attacker could be more accessible to user’s privacy with the help of these correlations. In order to solve this problem, researchers put forward a lot of methods to protect the location trajectory privacy. But how to find the similar methods for study or imitation has puzzled the researcher, because there is no specific classification. In this article, based on the attack techniques of location trajectory tracking and reconstruction, we propose a new classification. With this classification, we analyze these protection methods and summarize the advantages and disadvantages of them. Finally, we put forward in the research prospects for the potential attacks of data mining technology.

    Figures and Tables | References | Related Articles | Metrics
    Research on Identity-based Encryptions from Large Integer Factorization
    LIU Jin-gang, DONG Jun-wu
    2015, 15 (10):  32-39.  doi: 10.3969/j.issn.1671-1122.2015.10.005
    Abstract ( 568 )   HTML ( 2 )   PDF (1976KB) ( 177 )  

    Recently, research on identity-based encryption (IBE) has received extensive attentions. Different from the traditional public-key cryptosystem, IBE applies the user’s identity directly as a public key rather than the digital certificate, and the key management is simple, which makes the IBE become a research hotspot in the field of public-key encryption. Nowadays, IBE is often constructed using bilinear pairing on elliptic curve. But the multiplication and exponential operations based on bilinear group are slow and inefficient, and the parameters selection is too complicated. Therefore, the IBE constructed based on bilinear pairing is not practical. The standard large integer factorization of the traditional public-key cryptosystem is better, which is the other direction for the construction of a safe and practical IBE. This paper describes the research progress of the IBE based on large integer factorization, introduces the definition and the security model of the IBE, and summarizes current research achievements on the IBE. This paper also compares and analyzes several typical IBE algorithms based on large integer factorization, and summarizes the advantages and disadvantages of each algorithm. In addition, this paper analyzes the hot issues of IBE, and puts forward some valuable problems for further research.

    Figures and Tables | References | Related Articles | Metrics
    Research on Ad-hoc Service Discovery Based on Multi-protocol Framework
    LIU Nian, TANG Yi-hong, QI Wei, YANG Yi-xian
    2015, 15 (10):  40-45.  doi: 10.3969/j.issn.1671-1122.2015.10.006
    Abstract ( 502 )   HTML ( 1 )   PDF (1397KB) ( 92 )  

    Service discovery protocol is the key technology of mobile Ad-hoc network. This kind of protocol can find the location of the nodes and service automatically. The network topology is uncertain, and the service is difficult to be found in the network because the nodes are usually changed and moved in mobile Ad-hoc networks. To address these problems, some corresponding solutions are put forward. These methods can be divided into service discovery based on application layer and network layer, but they cannot effectively work. Based on the different characteristics of different protocols, it is feasible that these protocols are adopted in combination. However, multi protocol will lead to the problem of memory consumption and network information flow because of the heterogeneous nature of multi protocol. In this paper, a kind of service discovery framework based on component is adopted, which can be operated in a multi protocol environment. This fixed the heterogeneity problem of multi protocol and the framework is configurable and reconfigurable.

    Figures and Tables | References | Related Articles | Metrics
    Research on Microblog Hot Topic Detection Method Based on Term Energy Change
    LIN Si-juan, LIN Bo-gang, XU Wei, YANG Yang
    2015, 15 (10):  46-52.  doi: 10.3969/j.issn.1671-1122.2015.10.007
    Abstract ( 489 )   HTML ( 0 )   PDF (2337KB) ( 212 )  

    With the popularity of microblog, hot topic detection on microblog has been a hot area of research. Regarding the instantaneity of microblog as a point of penetration, the paper proposes a method of hot topic detection based on change of term energy by studying the change of term energy at different time domain. Based on traditional topic aging theory, the method divides all microblog data into different microblog windows, and introduces the concept of acceleration in physics, which uses the acceleration of terms to describe the change of the speed of the terms in the adjacent window. The paper combines the term acceleration and term weight into a compound weight to quantize term energy better. The paper uses double-conditional probability context similarity computing method based on single-conditional probability, and adds document distribution similarity to decrease the probability of topic confusion. The experiments show that the method is effective and stable in robustness. Compared with single-conditional probability context similarity model, the modified context similarity model has better clustering effect in different keyword detection methods.

    Figures and Tables | References | Related Articles | Metrics
    Research on Attack-defense of PHP Web Application Upload Vulnerability
    WEI Kun-peng, GE Zhi-hui, YANG Bo
    2015, 15 (10):  53-60.  doi: 10.3969/j.issn.1671-1122.2015.10.008
    Abstract ( 651 )   HTML ( 1 )   PDF (1457KB) ( 179 )  

    The Web application set up by PHP (hypertext preprocessor) is the most widely use in the Internet. Once the PHP Web application with security vulnerability, the security of the data and the users of the system is greatly threaten. Because of this, the security vulnerability of PHP Web applications is getting more and more attention. How to secure the PHP Web application protection has become a hot spot in the research of the current. There is a lot of probability and the damage is great attack in the security of PHP Web. They are XSS vulnerability, SQL injection vulnerability, code execution vulnerability and upload vulnerability etc. So far, there has been a system of defensive research in XSS, SQL vulnerabilities and code execution vulnerability and other fields, the SQL injection is more popular in the top. Correspondingly, the Web PHP applications of upload vulnerability are lack of a systematic attack and defense research. Related content could appear in only one chapter in an article, some of these prevention methods are outdated, and many of the latest attack techniques and prevention methods are not involved. The article analyzes carefully on the file upload attack in PHP Web application and gives the corresponding protective measures, and sums up some security development suggestions about file-upload capabilities in PHP Web application.

    Figures and Tables | References | Related Articles | Metrics
    Research on the Security of Android WebView and Application Enhancement
    ZHAO Guang-ze, LI Hui, MENG Yang
    2015, 15 (10):  61-65.  doi: 10.3969/j.issn.1671-1122.2015.10.009
    Abstract ( 591 )   HTML ( 2 )   PDF (1735KB) ( 187 )  

    Android platform provides WebView component to load and display webpage.By calling the APIs provided by WebView, Android applications can interact with the webpage.This interaction includes allowing javascript code in webpage to access the local resources by calling java code in Android applications.In this process, an attacker can tamper with the javascript in webpage to attack Android applications.Based on our research, such attacks usually use the reverse engineering of Android applications to get accessible WebView interface as its first step.Thus, in order to avoid these attacks, this paper proposed an application enhancement scheme to prevent Android reverse engineering and hide WebView component interface in order to protect the Android applications.This scheme can prevent not only attacks on WebView component, but also other attacks based on Android reverse engineering.

    Figures and Tables | References | Related Articles | Metrics
    Detection and Prevention of Mobile Malware Based on the Analysis of Permissions
    ZHANG Fan, ZHONG Zhang-dui
    2015, 15 (10):  66-73.  doi: 10.3969/j.issn.1671-1122.2015.10.010
    Abstract ( 440 )   HTML ( 0 )   PDF (9140KB) ( 196 )  

    In recent years, Android smart phones have developed rapidly, along with increasing developed software on the android platform. However, due to Android's open source property, the malware is growing in android platform. Currently, a large number of malicious software has been rapidly spread. Therefore, it is a must to protect Android smart phones. The main work of this paper are as follows: first, extract a large number of permissions from normal applications as well as malicious applications through static analysis. Secondly, draw histograms based on the permissions to show what permissions are most important. We pay much attention to finding out which permission is most frequent between benign application and malware. The statistical results reflect that there are many different priorities between benign application and malware. Lastly, depending on the information gain concept to estimate the risk which a application is a malware. We rank permissions based on information gain. In this way to form a effective and safe assessment mechanism. This paper provides a method for detecting malware. Through experimental results, the method has the opportunity to become malware detection and prevention mechanisms to better protect Android phone.

    Figures and Tables | References | Related Articles | Metrics
    Research on VoIP Traffic Identification Technology Based on Naive Bayesian Algorithm
    XIAO Mei, XIN Yang
    2015, 15 (10):  74-79.  doi: 10.3969/j.issn.1671-1122.2015.10.011
    Abstract ( 463 )   HTML ( 2 )   PDF (2042KB) ( 184 )  

    With the development of Internet technology and the surge for the number of real-time communications applications, to effectively manage network traffic has been faced with new challenges.The article first outlines protocols associated with VoIP network traffic.Then on the basis of analyzing the methods for traditional traffic identification, it proposes an recognition mechanism based on transport layer for UDP traffic or encrypted traffic.And the article applies the naive Bayesian classifier algorithm to identification of VoIP traffic. Finally, it gives a deployment to verify several VoIP applications. Experimental results show that naive Bayesian algorithm is applied effectively to classification for VoIP traffic. At the end of the article,it describes that the algorithm still needs to be improvemented because of properties independence.

    Figures and Tables | References | Related Articles | Metrics
    Research on Key Generation in Marine Environment Based on VHF Channel Characteristics
    OU Min-sheng, LIAO Wei, YUAN Zhi-min, LUO Xun
    2015, 15 (10):  80-85.  doi: 10.3969/j.issn.1671-1122.2015.10.012
    Abstract ( 450 )   HTML ( 0 )   PDF (1461KB) ( 193 )  

    This paper analyzes the security issues of wireless communication system and proposes key generation technique based on LDPC error correction. Firstly, this paper introduces key generation based on wireless channel characteristics. Then, this paper analysis the radio channel reciprocity characteristics. Next, wireless key generation scheme based on LDPC is proposed. Key generation is divided into pre-estimate channel characteristics, characteristics extraction and negotiation correction. In the pre-estimate channel characteristics stage, communications parties test the channel characteristics. In the characteristics extraction stage, communications parties extract the initial channel characteristics from feature bands. In the negotiation correction stage, communications parties structure the check matrix. It corrects errors in the initial channel characteristics by check matrix. And then, it generates the key. Finally, this paper analysis security of scheme according to eavesdrop model.

    Figures and Tables | References | Related Articles | Metrics
    The User Influence Assessment Based on Distance Model
    ZHANG Jun-hao, GU Yi-jun, ZHANG Shi-hao
    2015, 15 (10):  86-91.  doi: 10.3969/j.issn.1671-1122.2015.10.013
    Abstract ( 498 )   HTML ( 0 )   PDF (4013KB) ( 185 )  

    Evaluation of user relationship strengths of Microblog is a basis for analysis and research of Microblog network. This paper fetches personal information, mutual information and fans information of Microblog users, puts up with a distance-based evaluation model to accurately evaluate and classify the relationship strengths between Microblog users. The model based on three assumptions, draw up the most basic user relationship strengths group, and then the relationship between the intensity of the unknown are classified according to the distance function. Compared the predictions derived from the model and result which derived through three attribute value weighted fusion: the relative exchange value of the user, the user background similarity and whether the usermutual followed, we can infer that with comprehensive, accurate and visible results, the model can evaluate the relationship strengths between users combined with their general information, andindicates that this model both combines the advantages of weighted fusion method and avoids the disadvantages of the weighted fusion, which indicated the advantages of machine learning, which provides the most direct references for studying and judging Microblog comments.

    Figures and Tables | References | Related Articles | Metrics