Netinfo Security

Research and Implementation on Network Traffic Anomaly Detection without Guidance Learning with Spark

Xiaoping WU, Zhou ZHOU, Hongcheng LI

2016, 16 (6): 1-7. doi: 10.3969/j.issn.1671-1122.2016.06.001

Abstract ( 465 )

HTML ( 2 )

PDF (1869KB) ( 213 )

In view of the massive data intrusion detection, this paper designs and implements a network traffic anomaly detection system based on Spark framework. Data preprocessing use Python and Python data, an upgraded version of the IPython implementation. Anomaly detection uses K-means predict and classify flow records represent the type of attack. In order to avoid time overhead uses traditional distributed computing framework, this paper designs and implements an anomaly K-means detection method under the framework of Spark. The method storages temporary data into memory rather than the hard drive, and improve the computational efficiency. In order to solve the problem of K value select difficult, through the Spark iterative calculation and comparison of the different K-means value of the K algorithm in the cluster center to all points in the cluster average value of all points, to achieve the best selection of K value. Finally, the performance and function of the system are tested. The test result shows that the system achieves the predetermined design requirements, and has high computational efficiency and detection accuracy.

Figures and Tables | References | Related Articles | Metrics

A New Model for Measuring the Integrity of Trusted Computing Platforms

Bin XING, Jiqiang LIU, Zhen HAN

2016, 16 (6): 8-14. doi: 10.3969/j.issn.1671-1122.2016.06.002

Abstract ( 419 )

HTML ( 3 )

PDF (1556KB) ( 199 )

The existing chain-style, star-style, and tree-style trust transmission models, which are used for presenting the establishment process of trusted computing platform, can record the measurement results of the entities in the platform. Nevertheless, these models not only have some shortcomings in describing the invoking and dependence relationships between the entities, but also don’t focus on the time limitation of the integrity measurement, which might make the models be suffered from the threats such as TOC-TOU. To overcome these weakness, a new model for describing establishment process of trusted computing platform and integrity measurement is proposed, namely Measured Zone. This model can describe the integrity statuses comprehensively; describe the state transition and trust transmission flexibly; and reduce the time limitation of integrity measurement, which makes the beforehand measurement more secure.

Figures and Tables | References | Related Articles | Metrics

Research on Trajectory Privacy Preserving over Road Network Based on Voronoi Diagram

Jianchuan XIAO, Li XU, A-yong YE, Limei LIN

2016, 16 (6): 15-21. doi: 10.3969/j.issn.1671-1122.2016.06.003

Abstract ( 492 )

HTML ( 1 )

PDF (2584KB) ( 158 )

Trajectory data publication may leak user’s privacy. This paper proposes an approach to protect trajectory privacy through generalization of stay points over road network based on Voronoi diagram. According to the characteristics of Voronoi diagram, the proposed approach can ensure the diversity of road segments. Because of the difference of the partitioned region area and the difference of the number of points of interest, the approach further optimizes the Voronoi regions to satisfy (k,l,s) anonymity. In addition, the approach generalizes or suppresses those stay points according to the regions they belong to, and realizes personalized privacy protection further by identifying the significant stay points on trajectories. The experiment on Brinkhoff generator shows the information loss of the proposed approach is smaller than other approaches under the same privacy security condition.

Figures and Tables | References | Related Articles | Metrics

Research and Implementation of Active Dynamic Measurement Based on TPCM

Jiansheng TIAN, Jing ZHAN

2016, 16 (6): 22-27. doi: 10.3969/j.issn.1671-1122.2016.06.004

Abstract ( 843 )

HTML ( 13 )

PDF (2100KB) ( 259 )

In order to measurement and control the operating system, China has proposed a parallel dual system architecture based on trusted platform control module (TPCM). But limited to hardware design and manufacturing capabilities, it is difficult to fully achieve the short term. This paper simplified the dual system architecture based on current hardware foundation, while retain the ability of initiative measurement. Design and implement an Active dynamic measurement mechanism based on trusted platform control module. Ensure trusted software base (TSB) in the full life cycle can be protect by TPCM, Effectively solve TSB’s own safety and security in running system. In this paper, made the formalize proof to the active dynamic mechanism, analysis the various aspects may be attacked and gave solutions, implement and tested the core technology too.

Figures and Tables | References | Related Articles | Metrics

Error Bit Correction of ECC Attack Based on Grover Quantum Intermediate Encounter Search Algorithm

Huihui JIA, Chao WANG, Jian GU, Zhen LU

2016, 16 (6): 28-34. doi: 10.3969/j.issn.1671-1122.2016.06.005

Abstract ( 580 )

HTML ( 3 )

PDF (1729KB) ( 265 )

The existing error bit in the side channel attacks of ECC is difficult to avoid, and can’t be modified quickly. In this paper, a new search algorithm based on the Grover quantum search algorithm is proposed, which combines the Grover quantum search algorithm and the meet in the middle attack, and applies it to the side channel attack for ECC. The algorithm can solve the key problem of n which has M error bit in O( $N / M$ ) steps. Compared with classical search algorithm, the computational complexity is greatly reduced. The analysis said that the success rate of modifying ECC attack error bit is 1, and the algorithm can effectively reduce the computational complexity.

Figures and Tables | References | Related Articles | Metrics

An Improved Graph Partitioning Algorithm for User Behavior Abnormal Detection

Lianqun YANG, Jinying WEN, Shufa LIU, Feng WANG

2016, 16 (6): 35-40. doi: 10.3969/j.issn.1671-1122.2016.06.006

Abstract ( 493 )

HTML ( 1 )

PDF (2867KB) ( 217 )

The MCL algorithm is short for Markov Cluster Algorithm, a fast and scalable unsupervised partitioning algorithm for graphs. MCL has been widely applied to anomaly detection. However, it requires O(N³) time, Which is no good for a wide range of data processing. In order to improve the quality of clustering and save time consumption, an improved MCL algorithm is proposed. With AMI (Adjusted Mutual Information) index, the similarities of clusters of different periods are compared to determine whether the abnormal behavior occurs. Compared with multilevel k-way partitioning scheme (METIS) for graphs, experiments show that the proposed MCL algorithm has following strengths: 1) Number of clusters not specified ahead of time. 2) Robust against noise in graph data. 3) Suitable for clusters with long tail distribution. 4) Produce better clustering results in case of certain time consumption.

Figures and Tables | References | Related Articles | Metrics

Research on Quantitative Assessment Model for Internet Worm Threat

Bin DUAN, Weihong HAN, Aiping LI

2016, 16 (6): 41-47. doi: 10.3969/j.issn.1671-1122.2016.06.007

Abstract ( 464 )

HTML ( 1 )

PDF (2253KB) ( 76 )

Some existing Internet worm threat assessment methods are not fine-grained on the assessment granularity. Some are too fine-grained to have overall assessments on the threats of the worms, which only focus on one respect of the worms. Under the circumstance, this paper proposes a quantitative assessment model to assess the threat of Internet worm. First, based on characteristics of the worm, the paper proposes several indicators to assess the threat of the worm and quantify the indicators by data normalization and data fusion. Then, the paper proposes a hierarchical tree assessment model, whose leaves are the quantified indicators. Finally, the value of the root node that is the assessment result of the threat of the worm is computed from the leaves nodes by the fuzzy comprehensive assessment method and weighted average method. The assessment result is predicted in line with the virus evaluation of the National Internet Emergency Response Center, and the specific verification will be carried out in the next research stage.

Figures and Tables | References | Related Articles | Metrics

Research on Heap Spray for Integration of Multiple Technologies

Yanying MAO, Senlin LUO

2016, 16 (6): 48-55. doi: 10.3969/j.issn.1671-1122.2016.06.008

Abstract ( 644 )

HTML ( 3 )

PDF (2207KB) ( 199 )

Heap spray is an attack technology to bypass ASLR. It uses the scripting support in program to put the shellcode at a predictable address by allocating and filling chunks of memory in the heap. The heap spray attack has a high success rate, and it is a common vulnerability exploitation technique. Heap spray technology is the focus of security researcher’s study, as well as the priority of application and security software’s protection. Therefore, the study on reliable and accurate heap spray technique under the latest software environment will help to improve the detection and protection technique of it. As to the realization of heap spray technique, existing technique is not adapted to the latest software environment which lacks precision and can be easily monitored as well as prevented. This paper proposes a comprehensive heap spray technique. With the new technique, we can code the shellcode and add a series of ineffective disassemble instructions, thus, to build randomized spray chunk structure with the right size based on the IE browser’s heap management mechanism and obfuscate the heap spray script in order to get the final one. The results suggested that the new technique can achieve precision heap spray of the latest IE browser bypassing lots of safety prevention. Besides, the new technique is remarkably accurate and more compatible.

Figures and Tables | References | Related Articles | Metrics

Research on Web Server Attacks Logs Analysis

Shiqi DENG, Xiaoming LIU, Xudong WU, Min LEI

2016, 16 (6): 56-61. doi: 10.3969/j.issn.1671-1122.2016.06.009

Abstract ( 620 )

HTML ( 6 )

PDF (2214KB) ( 184 )

The rapid development of Internet Technology has changed people’s lifestyle. And the e-commerce becomes one of the most popular web applications. Nowadays, malicious attacks towards web server of most e-commerce websites appear to be more and more common. However, related attack records can be found through analyzing access logs on web server of those e-commerce websites. The OWASP (Open Web Application Security Project) publishes ten attack technology the web server experienced every year, such as SQL injection, XSS attack and DDoS attack, etc. These attacks have caused great harm to the web server, on the one hand, the e-commerce websites can’t provide normal service for users, on the other hand, most data or privacy of users is leaked. This paper puts forward a solution to analyzing access logs on web server by the classification of web access logs and the matching of attack pattern and characteristics. The system can find out attack sources and types, and then displays the results in a graphical from in a web page, which helps security administrators of e-commerce websites to detect the attacks and improve the ability of resisting various attacks on web server.

Figures and Tables | References | Related Articles | Metrics

Research on a New Dynamic Threshold Digital Signature Scheme

Yansheng ZHANG, Xueming WANG, Gege QIU

2016, 16 (6): 62-67. doi: 10.3969/j.issn.1671-1122.2016.06.010

Abstract ( 561 )

HTML ( 2 )

PDF (1847KB) ( 86 )

The paper presents a new dynamic threshold digital signature scheme to solve two problems of current dynamic threshold digital signature which are big computational field and conspiracy forgery attack. At first, we design a new key distribution scheme which is based on the multi-threshold multi-secret sharing protocol. It will hand keys out to group members and compute group public keys and group member public keys by using the new key distribution scheme and hyperelliptic curve cryptosystems. At last a dynamic threshold digital signature scheme is proposed according to EIGamal’s digital signature scheme. In the proposed scheme, multiple group public keys are shared among a group of signers, and each group public key has its specific threshold value.The new scheme has small computational field comparing with current schemes, and it is proved to be correct and is able to resist many forgery attacks according to theorems.

Figures and Tables | References | Related Articles | Metrics

Construction and Data Mining of Social Network Based on Communication Log

Yang QU, Yongjian WANG, Ruxiang PENG, Guoqing JIANG

2016, 16 (6): 68-73. doi: 10.3969/j.issn.1671-1122.2016.06.011

Abstract ( 554 )

HTML ( 1 )

PDF (5573KB) ( 111 )

Communication on Internet has became one of the most representative products of information age, and the social relationship between users are becoming more clear, more and more important. In this paper, we build a social network which reflects the interpersonal contacts and then design an interpersonal relationship prediction algorithm of social network prediction model based on multiple classification algorithm for imitating communication log by using Chinese word segmentation and natural language processing (NLP) technologies. The algorithm firstly determined the number of the final class by using hierarchical clustering of raw data and combining the artificial intervention, thus effectively avoid to generating large mount of class label caused by many types of polysemous word. Finally we use Support Vector Machine (SVM) to train realtionship pretection model which can have a good perfermance under the small sample and also have an ability of complex decision boundary modeling.

Figures and Tables | References | Related Articles | Metrics

Research on Network Information Security Regulation of Megalopolises

Xinyi HAN

2016, 16 (6): 74-80. doi: 10.3969/j.issn.1671-1122.2016.06.012

Abstract ( 456 )

HTML ( 1 )

PDF (2653KB) ( 147 )

With the rapid development of the Internet and information technology, different kinds of criminal phenomenon emerged endlessly by network technique. Network information security problems such as illegal information and phishing sites, had a serious impact on the sound development of our Internet.Although the government departments such as the Ministry of Industry and the Ministry of Public Security had increased the investment on manpower, material resources, technical and legal regulations, China’s network information safety supervision was still in a weak position while comparing with the development of western countries. This paper from the network information safety supervision work of Shanghai, elaborates the network information safety supervision work of the definition, characteristics and significance and combined with actual work to find the problems existing in the network information safety supervision work, and then select the appropriate web site information security evaluation factors to establish evaluation model, safety assessment analysis of a certain number of sites in Shanghai.Through analyzing the results, it can verify the validity of the work countermeasures.

Figures and Tables | References | Related Articles | Metrics

Research and Design of the Next Generation of Operation Security Audit System

Haitao WANG

2016, 16 (6): 81-85. doi: 10.3969/j.issn.1671-1122.2016.06.013

Abstract ( 471 )

HTML ( 3 )

PDF (1534KB) ( 173 )

Based on the analysis of current situation of information security, combined with the new security trends and new business needs in operation security audit field, this article mainly studied the development trends of the operation security audit system, given the technology roadmap for the next generation operation security audit system in three directions: governance, risk management and compliance. In order to solve the lack of effective risk management mechanism for current operation security audit system, this article studied the topic of risk management for the next generation operation security audit system, including risk identification, risk assessment, risk awareness, proposed a security risk analysis methodology with CORAS framework, introduced how to implement it on the operation security audit system through a step-by-step technological method in different scenarios and models. At last presented the risk awareness process using Bayesian theorem.

Figures and Tables | References | Related Articles | Metrics

Table of Content