Loading...

Table of Content

    10 June 2016, Volume 16 Issue 6 Previous Issue    Next Issue

    Orginal Article
    For Selected: Toggle Thumbnails
    Orginal Article
    Research and Implementation on Network Traffic Anomaly Detection without Guidance Learning with Spark
    Xiaoping WU, Zhou ZHOU, Hongcheng LI
    2016, 16 (6):  1-7.  doi: 10.3969/j.issn.1671-1122.2016.06.001
    Abstract ( 547 )   HTML ( 4 )   PDF (1869KB) ( 262 )  

    In view of the massive data intrusion detection, this paper designs and implements a network traffic anomaly detection system based on Spark framework. Data preprocessing use Python and Python data, an upgraded version of the IPython implementation. Anomaly detection uses K-means predict and classify flow records represent the type of attack. In order to avoid time overhead uses traditional distributed computing framework, this paper designs and implements an anomaly K-means detection method under the framework of Spark. The method storages temporary data into memory rather than the hard drive, and improve the computational efficiency. In order to solve the problem of K value select difficult, through the Spark iterative calculation and comparison of the different K-means value of the K algorithm in the cluster center to all points in the cluster average value of all points, to achieve the best selection of K value. Finally, the performance and function of the system are tested. The test result shows that the system achieves the predetermined design requirements, and has high computational efficiency and detection accuracy.

    Figures and Tables | References | Related Articles | Metrics
    A New Model for Measuring the Integrity of Trusted Computing Platforms
    Bin XING, Jiqiang LIU, Zhen HAN
    2016, 16 (6):  8-14.  doi: 10.3969/j.issn.1671-1122.2016.06.002
    Abstract ( 493 )   HTML ( 5 )   PDF (1556KB) ( 230 )  

    The existing chain-style, star-style, and tree-style trust transmission models, which are used for presenting the establishment process of trusted computing platform, can record the measurement results of the entities in the platform. Nevertheless, these models not only have some shortcomings in describing the invoking and dependence relationships between the entities, but also don’t focus on the time limitation of the integrity measurement, which might make the models be suffered from the threats such as TOC-TOU. To overcome these weakness, a new model for describing establishment process of trusted computing platform and integrity measurement is proposed, namely Measured Zone. This model can describe the integrity statuses comprehensively; describe the state transition and trust transmission flexibly; and reduce the time limitation of integrity measurement, which makes the beforehand measurement more secure.

    Figures and Tables | References | Related Articles | Metrics
    Research on Trajectory Privacy Preserving over Road Network Based on Voronoi Diagram
    Jianchuan XIAO, Li XU, A-yong YE, Limei LIN
    2016, 16 (6):  15-21.  doi: 10.3969/j.issn.1671-1122.2016.06.003
    Abstract ( 539 )   HTML ( 1 )   PDF (2584KB) ( 167 )  

    Trajectory data publication may leak user’s privacy. This paper proposes an approach to protect trajectory privacy through generalization of stay points over road network based on Voronoi diagram. According to the characteristics of Voronoi diagram, the proposed approach can ensure the diversity of road segments. Because of the difference of the partitioned region area and the difference of the number of points of interest, the approach further optimizes the Voronoi regions to satisfy (k,l,s) anonymity. In addition, the approach generalizes or suppresses those stay points according to the regions they belong to, and realizes personalized privacy protection further by identifying the significant stay points on trajectories. The experiment on Brinkhoff generator shows the information loss of the proposed approach is smaller than other approaches under the same privacy security condition.

    Figures and Tables | References | Related Articles | Metrics
    Research and Implementation of Active Dynamic Measurement Based on TPCM
    Jiansheng TIAN, Jing ZHAN
    2016, 16 (6):  22-27.  doi: 10.3969/j.issn.1671-1122.2016.06.004
    Abstract ( 966 )   HTML ( 17 )   PDF (2100KB) ( 331 )  

    In order to measurement and control the operating system, China has proposed a parallel dual system architecture based on trusted platform control module (TPCM). But limited to hardware design and manufacturing capabilities, it is difficult to fully achieve the short term. This paper simplified the dual system architecture based on current hardware foundation, while retain the ability of initiative measurement. Design and implement an Active dynamic measurement mechanism based on trusted platform control module. Ensure trusted software base (TSB) in the full life cycle can be protect by TPCM, Effectively solve TSB’s own safety and security in running system. In this paper, made the formalize proof to the active dynamic mechanism, analysis the various aspects may be attacked and gave solutions, implement and tested the core technology too.

    Figures and Tables | References | Related Articles | Metrics
    Error Bit Correction of ECC Attack Based on Grover Quantum Intermediate Encounter Search Algorithm
    Huihui JIA, Chao WANG, Jian GU, Zhen LU
    2016, 16 (6):  28-34.  doi: 10.3969/j.issn.1671-1122.2016.06.005
    Abstract ( 633 )   HTML ( 5 )   PDF (1729KB) ( 302 )  

    The existing error bit in the side channel attacks of ECC is difficult to avoid, and can’t be modified quickly. In this paper, a new search algorithm based on the Grover quantum search algorithm is proposed, which combines the Grover quantum search algorithm and the meet in the middle attack, and applies it to the side channel attack for ECC. The algorithm can solve the key problem of n which has M error bit in O(N/M) steps. Compared with classical search algorithm, the computational complexity is greatly reduced. The analysis said that the success rate of modifying ECC attack error bit is 1, and the algorithm can effectively reduce the computational complexity.

    Figures and Tables | References | Related Articles | Metrics
    An Improved Graph Partitioning Algorithm for User Behavior Abnormal Detection
    Lianqun YANG, Jinying WEN, Shufa LIU, Feng WANG
    2016, 16 (6):  35-40.  doi: 10.3969/j.issn.1671-1122.2016.06.006
    Abstract ( 555 )   HTML ( 1 )   PDF (2867KB) ( 281 )  

    The MCL algorithm is short for Markov Cluster Algorithm, a fast and scalable unsupervised partitioning algorithm for graphs. MCL has been widely applied to anomaly detection. However, it requires O(N3) time, Which is no good for a wide range of data processing. In order to improve the quality of clustering and save time consumption, an improved MCL algorithm is proposed. With AMI (Adjusted Mutual Information) index, the similarities of clusters of different periods are compared to determine whether the abnormal behavior occurs. Compared with multilevel k-way partitioning scheme (METIS) for graphs, experiments show that the proposed MCL algorithm has following strengths: 1) Number of clusters not specified ahead of time. 2) Robust against noise in graph data. 3) Suitable for clusters with long tail distribution. 4) Produce better clustering results in case of certain time consumption.

    Figures and Tables | References | Related Articles | Metrics
    Research on Quantitative Assessment Model for Internet Worm Threat
    Bin DUAN, Weihong HAN, Aiping LI
    2016, 16 (6):  41-47.  doi: 10.3969/j.issn.1671-1122.2016.06.007
    Abstract ( 507 )   HTML ( 1 )   PDF (2253KB) ( 85 )  

    Some existing Internet worm threat assessment methods are not fine-grained on the assessment granularity. Some are too fine-grained to have overall assessments on the threats of the worms, which only focus on one respect of the worms. Under the circumstance, this paper proposes a quantitative assessment model to assess the threat of Internet worm. First, based on characteristics of the worm, the paper proposes several indicators to assess the threat of the worm and quantify the indicators by data normalization and data fusion. Then, the paper proposes a hierarchical tree assessment model, whose leaves are the quantified indicators. Finally, the value of the root node that is the assessment result of the threat of the worm is computed from the leaves nodes by the fuzzy comprehensive assessment method and weighted average method. The assessment result is predicted in line with the virus evaluation of the National Internet Emergency Response Center, and the specific verification will be carried out in the next research stage.

    Figures and Tables | References | Related Articles | Metrics
    Research on Heap Spray for Integration of Multiple Technologies
    Yanying MAO, Senlin LUO
    2016, 16 (6):  48-55.  doi: 10.3969/j.issn.1671-1122.2016.06.008
    Abstract ( 737 )   HTML ( 3 )   PDF (2207KB) ( 226 )  

    Heap spray is an attack technology to bypass ASLR. It uses the scripting support in program to put the shellcode at a predictable address by allocating and filling chunks of memory in the heap. The heap spray attack has a high success rate, and it is a common vulnerability exploitation technique. Heap spray technology is the focus of security researcher’s study, as well as the priority of application and security software’s protection. Therefore, the study on reliable and accurate heap spray technique under the latest software environment will help to improve the detection and protection technique of it. As to the realization of heap spray technique, existing technique is not adapted to the latest software environment which lacks precision and can be easily monitored as well as prevented. This paper proposes a comprehensive heap spray technique. With the new technique, we can code the shellcode and add a series of ineffective disassemble instructions, thus, to build randomized spray chunk structure with the right size based on the IE browser’s heap management mechanism and obfuscate the heap spray script in order to get the final one. The results suggested that the new technique can achieve precision heap spray of the latest IE browser bypassing lots of safety prevention. Besides, the new technique is remarkably accurate and more compatible.

    Figures and Tables | References | Related Articles | Metrics
    Research on Web Server Attacks Logs Analysis
    Shiqi DENG, Xiaoming LIU, Xudong WU, Min LEI
    2016, 16 (6):  56-61.  doi: 10.3969/j.issn.1671-1122.2016.06.009
    Abstract ( 677 )   HTML ( 6 )   PDF (2214KB) ( 195 )  

    The rapid development of Internet Technology has changed people’s lifestyle. And the e-commerce becomes one of the most popular web applications. Nowadays, malicious attacks towards web server of most e-commerce websites appear to be more and more common. However, related attack records can be found through analyzing access logs on web server of those e-commerce websites. The OWASP (Open Web Application Security Project) publishes ten attack technology the web server experienced every year, such as SQL injection, XSS attack and DDoS attack, etc. These attacks have caused great harm to the web server, on the one hand, the e-commerce websites can’t provide normal service for users, on the other hand, most data or privacy of users is leaked. This paper puts forward a solution to analyzing access logs on web server by the classification of web access logs and the matching of attack pattern and characteristics. The system can find out attack sources and types, and then displays the results in a graphical from in a web page, which helps security administrators of e-commerce websites to detect the attacks and improve the ability of resisting various attacks on web server.

    Figures and Tables | References | Related Articles | Metrics
    Research on a New Dynamic Threshold Digital Signature Scheme
    Yansheng ZHANG, Xueming WANG, Gege QIU
    2016, 16 (6):  62-67.  doi: 10.3969/j.issn.1671-1122.2016.06.010
    Abstract ( 611 )   HTML ( 2 )   PDF (1847KB) ( 103 )  

    The paper presents a new dynamic threshold digital signature scheme to solve two problems of current dynamic threshold digital signature which are big computational field and conspiracy forgery attack. At first, we design a new key distribution scheme which is based on the multi-threshold multi-secret sharing protocol. It will hand keys out to group members and compute group public keys and group member public keys by using the new key distribution scheme and hyperelliptic curve cryptosystems. At last a dynamic threshold digital signature scheme is proposed according to EIGamal’s digital signature scheme. In the proposed scheme, multiple group public keys are shared among a group of signers, and each group public key has its specific threshold value.The new scheme has small computational field comparing with current schemes, and it is proved to be correct and is able to resist many forgery attacks according to theorems.

    Figures and Tables | References | Related Articles | Metrics
    Construction and Data Mining of Social Network Based on Communication Log
    Yang QU, Yongjian WANG, Ruxiang PENG, Guoqing JIANG
    2016, 16 (6):  68-73.  doi: 10.3969/j.issn.1671-1122.2016.06.011
    Abstract ( 625 )   HTML ( 2 )   PDF (5573KB) ( 134 )  

    Communication on Internet has became one of the most representative products of information age, and the social relationship between users are becoming more clear, more and more important. In this paper, we build a social network which reflects the interpersonal contacts and then design an interpersonal relationship prediction algorithm of social network prediction model based on multiple classification algorithm for imitating communication log by using Chinese word segmentation and natural language processing (NLP) technologies. The algorithm firstly determined the number of the final class by using hierarchical clustering of raw data and combining the artificial intervention, thus effectively avoid to generating large mount of class label caused by many types of polysemous word. Finally we use Support Vector Machine (SVM) to train realtionship pretection model which can have a good perfermance under the small sample and also have an ability of complex decision boundary modeling.

    Figures and Tables | References | Related Articles | Metrics
    Research on Network Information Security Regulation of Megalopolises
    Xinyi HAN
    2016, 16 (6):  74-80.  doi: 10.3969/j.issn.1671-1122.2016.06.012
    Abstract ( 490 )   HTML ( 1 )   PDF (2653KB) ( 162 )  

    With the rapid development of the Internet and information technology, different kinds of criminal phenomenon emerged endlessly by network technique. Network information security problems such as illegal information and phishing sites, had a serious impact on the sound development of our Internet.Although the government departments such as the Ministry of Industry and the Ministry of Public Security had increased the investment on manpower, material resources, technical and legal regulations, China’s network information safety supervision was still in a weak position while comparing with the development of western countries. This paper from the network information safety supervision work of Shanghai, elaborates the network information safety supervision work of the definition, characteristics and significance and combined with actual work to find the problems existing in the network information safety supervision work, and then select the appropriate web site information security evaluation factors to establish evaluation model, safety assessment analysis of a certain number of sites in Shanghai.Through analyzing the results, it can verify the validity of the work countermeasures.

    Figures and Tables | References | Related Articles | Metrics
    Research and Design of the Next Generation of Operation Security Audit System
    Haitao WANG
    2016, 16 (6):  81-85.  doi: 10.3969/j.issn.1671-1122.2016.06.013
    Abstract ( 529 )   HTML ( 3 )   PDF (1534KB) ( 198 )  

    Based on the analysis of current situation of information security, combined with the new security trends and new business needs in operation security audit field, this article mainly studied the development trends of the operation security audit system, given the technology roadmap for the next generation operation security audit system in three directions: governance, risk management and compliance. In order to solve the lack of effective risk management mechanism for current operation security audit system, this article studied the topic of risk management for the next generation operation security audit system, including risk identification, risk assessment, risk awareness, proposed a security risk analysis methodology with CORAS framework, introduced how to implement it on the operation security audit system through a step-by-step technological method in different scenarios and models. At last presented the risk awareness process using Bayesian theorem.

    Figures and Tables | References | Related Articles | Metrics