Loading...
Netinfo Security

Table of Content

    10 September 2016, Volume 16 Issue 9 Previous Issue    Next Issue
    Orginal Article
    For Selected: Toggle Thumbnails
    Orginal Article
    Research on Security Risks Detection of MySQL
    Xuefen LIU, Rongxin SUN, Luning XIA, Wei LI
    2016, 16 (9):  1-5.  doi: 10.3969/j.issn.1671-1122.2016.09.001
    Abstract ( 562 )   HTML ( 4 )   PDF (2311KB) ( 196 )  

    Database management system (DBMS) is large software for manipulating and managing databases, which is widely used in E-commerce, social networks and other application systems. Today, attacks against company core data and personal privacy data stored in databases are becoming considerable threats, a great amount of which, mainly SQL injection, exploit the flaw of DBMS’s security design. Thus it is quite necessary to evaluate the security of DBMS design, and examine whether the implement satisfies the DBMS standards. Despite the emergence of NoSQL and other Non-relational DBMS, rational DBMS still dominates. MySQL is the most popular open source DBMS nowadays. This paper introduces DCS MySQL Test Suit, a DBMS secure evaluation system in the perspective of conformance, and implements it on MySQL. The system evaluates the semantic security of MySQL based on the SQL92 standard, and has advantages of lightweight and easy transplantation.

    Figures and Tables | References | Related Articles | Metrics
    Optimization Method for OAuth2.0 Protocol
    Chengkun WEI, Xiangdong LIU, Zhaojun SHI
    2016, 16 (9):  6-11.  doi: 10.3969/j.issn.1671-1122.2016.09.002
    Abstract ( 647 )   HTML ( 5 )   PDF (4626KB) ( 386 )  

    To improve the security of protocol OAuth2.0, we optimize the protocol by introducing a security point and an synchronization mechanism based on the basic OAuth2.0 protocol. OAuth protocol for the current more popular authorization protocol, has experienced two versions of OAuth2.0 and OAuth1.0 is still in constant optimization. We proposed a new authorization process based on authorization code. Firstly, we studied the basic OAuth2.0 protocol. To prevent the security threats in information disclosure, we present a detailed model, in which a security node is introduced in the authorization server to check the security of authorization request, and a synchronization mechanism is introduced between the authorization server and the resource server to synchronize the information between the servers, then, we describes the new authorization model and the framework for realization of this protocol. Finally, we gave an example of system design to fulfill the new protocol model.

    Figures and Tables | References | Related Articles | Metrics
    Terrorist Video Detection Using Visual Semantic Concepts
    Wei SONG, Pei YANG, Jing YU, Wei JIANG
    2016, 16 (9):  12-17.  doi: 10.3969/j.issn.1671-1122.2016.09.003
    Abstract ( 511 )   HTML ( 2 )   PDF (5473KB) ( 146 )  

    The spreading of terrorist video on internet threated the public safety a lot, and the detection of terrorist video content is full of technical challenges. In this paper, a terrorist video dataset was constructed for evaluation of algorithms, and the dataset is annotated by visual semantic concepts. Methods based on five kind of feature descriptor (gray histogram, color histogram, color moment, local binary pattern and histogram of orientation of gradient) and support vector machine and extreme learning machine were studied for visual semantic concept detection. A video key frame extraction algorithm based on gray massive center was implemented, and shots gradual change and sudden change were detected using similarity between neighboring frames and video sequence. A terrorist video detection framework was proposed combined visual semantic concepts and bag of visual semantic concepts, and the result of simulation experiment proved the effectiveness of it.

    Figures and Tables | References | Related Articles | Metrics
    Research on the Three-dimensional Dynamic Big Data Security Protection Architecture
    Hongxia LIU, Jianqing LI, Ruiqing ZHANG
    2016, 16 (9):  18-25.  doi: 10.3969/j.issn.1671-1122.2016.09.004
    Abstract ( 691 )   HTML ( 6 )   PDF (3935KB) ( 216 )  

    In the era of big data, security and privacy has become a recognized problem. The application of big data is the application of interdisciplinary field, which involves many new technologies and puts forward a big challenge for its security construction. Based on the main management risks and technical risks analyses and the study for big data security protection technology, this paper proposes big data security protection architecture for big data environment. To solve the big data security issues, governance system, management system and technical support system should be combined to solve the different security issues hierarchically. Big data governance system solves the responsibilities, rights and interests issues of stakeholders, and formulates the data security governance objectives and security policies. Big data management system achieves the goal of big data governance system through the security management process, and implements the security policies. Big data technical support system carries out security management processes in information system by using products and technologies. This paper introduces briefly the security technologies of big data security protection architecture. Through the descriptions of data collection layer, data storage and computing platform, data service layer and big data security integrated management center, this paper wants to solve the problems of big data security management.

    Figures and Tables | References | Related Articles | Metrics
    Research on Online Forensic of MS SQL Database
    Haoyang LIU
    2016, 16 (9):  26-30.  doi: 10.3969/j.issn.1671-1122.2016.09.005
    Abstract ( 785 )   HTML ( 4 )   PDF (4141KB) ( 247 )  

    Databases are indispensable parts of the information system. With the arrival of the era of big data, the database has become a target of criminals, and a large number of data are "dragged" for cyber theft and cyber fraud and other activities. The database has perfect log, so the database of crime scene contains a lot of evidences which can be used to derive back criminal process, confirm evidences and determine the invaders. Traditional database forensic is generally static forensic. Because the database is in a state of operation, a lot of evidences will be lost by the shutdown analysis, which has no practical significance. Because of the high complexity and constantly updating, the database forensic is always a difficult point of electronic data forensic. Because the operating mechanism of the database is special, it is difficult to carry out the evidences collection completely and effectively without the relevant database knowledge. Taking the most widely used Microsoft SQL database as an example, this paper conducts deep research on the database forensic, expounds the principle of online database forensic and related technologies, in order to find out the standard method to conduct online database forensic.

    Figures and Tables | References | Related Articles | Metrics
    Formal Analysis on Interactive Electronic Signing
    Pengfei ZHU, Liqin ZHANG, Wei LI, Huazhang YU
    2016, 16 (9):  31-34.  doi: 10.3969/j.issn.1671-1122.2016.09.006
    Abstract ( 434 )   HTML ( 1 )   PDF (1959KB) ( 75 )  

    Interactive electronic signing is a kind of electronic signature application closely integrated with specific types of key carriers. In the case of attackers remotely controlling the key carriers by the way of hijacking the hosts, interactive electronic signing can effectively prevent attackers from using the legitimate users’ identities to trade or tamper with the information. This article explores the theoretical framework of interactive electronic signing about scheme design based on formal analysis, sums up the design essentials of interactive electronic signing through the investigation, points out that cheat on signing is one of the major security threats of interactive electronic signing, and provides the formal description of the problem. This article also provides the technology route selection of interactive electronic signing under the framework of cryptographic industry standards, and intercompares some interactive electronic signing schemes based on national cryptographic algorithms from the aspect of security risks.

    Figures and Tables | References | Related Articles | Metrics
    Research on Industrial Control System Security Defense
    Yubin WANG, Si CHEN, Nan CHENG
    2016, 16 (9):  35-39.  doi: 10.3969/j.issn.1671-1122.2016.09.007
    Abstract ( 715 )   HTML ( 3 )   PDF (2986KB) ( 257 )  

    Information security situation of industrial control system is grim and cannot be ignored which produces serious threat to social stability and national security. The information security of industrial control system is different from the traditional information security, and the traditional information security is usually not applicable to the field of industrial control system information security. This paper analyzes the characteristics of industrial control system, expounds the current information security situation of industrial control system by analyzing the report produced by the industrial control systems cyber emergency response team of the USA, and puts forward a model of industrial control system security defense which contains the industrial control system security protection system, key technologies and safety life cycle. The research production of security protection system can guide key technologies research and safety life cycle building. The research production of key technologies can be converted into special safety protection products in all stages of the safety life cycle, and provides the corresponding technologies and tools though all stages of the safety life cycle. The model can provide technology and management support for the field of industrial control system information security.

    Figures and Tables | References | Related Articles | Metrics
    Research on Real Hazard Prevention Using Web Text Mining Algorithms
    Wei WU
    2016, 16 (9):  40-44.  doi: 10.3969/j.issn.1671-1122.2016.09.008
    Abstract ( 496 )   HTML ( 1 )   PDF (3175KB) ( 87 )  

    As the rapid spread of the internet, people have gotten used to communicating with others through internet. However, because of the rapid exchange of information and the lack of social feedback and social norms, people become more free and extreme, and the expression of emotion is more real, which leads that people intend to focus on information itself and ignore the social regulations. Remarks written by net citizens are always negative because the emotions they try to express are negative. Moreover, the accumulation of negative emotions on internet will develop into social crisis in reality. This article primarily introduces the emotional analysis of Web textual data by using Web text mining technology and EM algorithm based on native Bayes classifier, which divides emotions on internet into positive emotions, neutral emotions and negative emotions. Meanwhile, the emotional analysis method is able to take precautions against social crisis in reality by the classification, analysis and early warning of negative information.

    Figures and Tables | References | Related Articles | Metrics
    Research on Network Security Situational Awareness Technology Based on Big Data
    Lei GUAN, Guangjun HU, Zhuan WANG
    2016, 16 (9):  45-50.  doi: 10.3969/j.issn.1671-1122.2016.09.009
    Abstract ( 1339 )   HTML ( 29 )   PDF (2292KB) ( 535 )  

    Information security is becoming a big data analysis problem. Based on the current situation of network space security and defense requirements, this paper analyzes the disadvantages of traditional network security defense system and the advantages of network security analysis using big data technology, and proposes a security situational awareness platform which integrates security data collection, processing, analysis and security risks discovery, monitoring, warning and prejudgment. The platform integrates the user terminals, network links, application systems, data flow and other sensing data sources, and by using machine intelligence analysis technology after storing converged data, combined the analysis algorithms such as data processing, security rule model and attack reasoning model, converts the seemingly unrelated, unordered alarm data and logs into intuitive and visual security event information. The platform mines threat intelligence from massive data, so as to realize the risk discovery, security early warning and situation awareness, enhancing the ability of attack detection and security situation awareness in security monitoring. This paper expounds system platform technology, principle and implementation method from 3 aspects of multi-source security data collection and storage, threat intelligence data analysis and situation awareness application, and describes the system deployment, test run and application conditions.

    Figures and Tables | References | Related Articles | Metrics
    Research on Routers Forensic
    Majian HAN
    2016, 16 (9):  51-55.  doi: 10.3969/j.issn.1671-1122.2016.09.010
    Abstract ( 1042 )   HTML ( 45 )   PDF (2791KB) ( 216 )  

    As a most commonly used network device, the router is closely intertwined with cyber crimes since its birth. The router either provides network transmission for cyber crimes or becomes the object of cyber crimes, which there are usually some clues and evidences of the cyber crime investigation in its memory. Because the router has hardware and software operating mechanisms of its own, specific forensic procedures are needed to extract and preserve the digital evidences completely and effectively. The article proves the important functions of routers forensic on cyber crime investigation, based on the introduction of router basic functions. The article introduces the methods and processes of checking, extracting, and preserving the configuration information and logs about backbone router, enterprise router and access router, introduces the main points of extracting and analyzing the routing table as well. The article also puts forward the method of obtaining evidences of intelligent router. The article shows the methods of extracting and preserving the data packets being transferred by router through port mirroring technologies, which achieves the complete forensic of router. At the end, according to the basic requirements and principles of cyber crime investigation and electronic data forensic work, considering the feature that the router data is easy to lose, not easy to extract, the article gives the notices to the routers forensic to ensure the comprehensiveness, objectivity and validity of digital evidences.

    Figures and Tables | References | Related Articles | Metrics
    Research on Information Security Simulation Experimental Platform of Public Security Video Monitoring System
    Xin FU, Yuhua LU, Zijian SHAO
    2016, 16 (9):  56-59.  doi: 10.3969/j.issn.1671-1122.2016.09.011
    Abstract ( 485 )   HTML ( 2 )   PDF (4477KB) ( 239 )  

    Video monitoring becomes more intelligent and networking, which brings to new challenge for traditional public security video monitoring. This paper analyzes the security threats of the traditional public security video monitoring system, and in order to improve the protection capability, designs a simulation platform of the public security video monitoring system. The platform simulates a typical deployment environment which can be compatible with any kind of network video monitoring equipment, including IP camera, digital video recorder, video storages and video servers. At the same time, it also deploys several test tools. This paper carries out experiments to simulate the security scan, system intrusion and penetration test in the real environment by using the platform. The experiments show that the platform is able to assist security personnel to discover potential safety hazards and risks in such system, and to improve testing techniques and tools. This paper provides a positive reference for the preparation of information security testing standards, product development and application in the field of public security video monitoring.

    Figures and Tables | References | Related Articles | Metrics
    Research on Electronic Forensic Based on Big Data Environment
    Fengyan JIANG, Jin JIANG, Jiting JIANG
    2016, 16 (9):  60-63.  doi: 10.3969/j.issn.1671-1122.2016.09.012
    Abstract ( 647 )   HTML ( 8 )   PDF (2667KB) ( 137 )  

    Data is a kind of competitive resources for all walks of life in the future, thus how to get effective data will become a problem to be solved in the process of public security information construction. Especially with the development and application of cloud computing technology, the scale of information system applied in the various fields has enlarged, and the amount of data has also increased day by day. Internet brings to people rich information, and on the other side, promotes the network crime, which creates more work to investigators. The biggest challenge is the traditional electronic forensic technology has been unable to store and analyze massive data efficiently. Serial processing technology and single processor is hard to deal with a huge amount of data within a valid period of time, and cannot meet the demand of large dataset for physical devices as well as the demand of sharing various data. Cloud computing is highly prized for the mode of pay-on-demand, regardless of the conditions of many bottom infrastructures. As an open source cloud computing infrastructure, Hadoop is the most successful and popular big data batch processing platform so far. Based on the research of Hadoop platform, this article applies Hadoop to electronic forensic to establish a hierarchical forensic model under the big data environment. At the same time, this article provides theoretical support to achieve the reasonable scheduling of the equipment resources, and to construct the comprehensive forensic service platform for intelligence sharing of data resources.

    Figures and Tables | References | Related Articles | Metrics
    Research on Features Selection in Malware Clustering
    Yi WANG, Yong TANG, Zexin LU, Xin YU
    2016, 16 (9):  64-68.  doi: 10.3969/j.issn.1671-1122.2016.09.013
    Abstract ( 553 )   HTML ( 3 )   PDF (3100KB) ( 104 )  

    The increment of malware has exploded in recent years. As a result, using cluster algorithm to detect malware families has received the favors of security vendors. Malware clustering is the task of converging sample that has similar behavior or structure in the same group (called a cluster), and features selection plays a vital role in malware clustering. Firstly this paper discusses carefully the common features used in existing study of malware clustering and compares these features with each other. The most of existing works focus on the clustering based on single feature vector, while single feature vector is not capable of describing all the characteristics of malware. To solve this problem, then multi feature vector pairs are proposed to cluster malware. Also, according to the clustering results, the specific indexes are defined to evaluate the selected feature vectors. Finally, combining with DBSCAN clustering algorithm, several feature vectors and their combinations are selected to test. The result shows that multi feature vector pairs are superior to single feature vector in identifying malware families.

    Figures and Tables | References | Related Articles | Metrics
    Research on the Security of SDN
    Yu QI
    2016, 16 (9):  69-72.  doi: 10.3969/j.issn.1671-1122.2016.09.014
    Abstract ( 595 )   HTML ( 3 )   PDF (1892KB) ( 244 )  

    With the rapid development of the network technology, big data, cloud computing, mobile Internet, quantum communication practical technology, the informatization era continue to move forward. At the same time, the emergence of software defined network provides technical direction for the new generation network architecture. SDN’s core idea is changing the tight coupling of the forwarding path of the traditional network control software and hardware, making the application, control and data forwarding coupled, realizing the flexible network of control, and enhancing the security of network virtualization. From SDN technology this paper introduced the relationship between the development of network virtualization, SDN technology and network virtualization and network virtualization security, and in-depthly analyzed the security challenges faced by the current network virtualization, including security challenges faced by the physical security equipment, a controller, and a device communication. At last, this paper put forward the corresponding solutions from the safety and reliability of the network controller and authenticated devices communication mode, to the security application virtualization SDN security architecture and software defined security scheme.

    Figures and Tables | References | Related Articles | Metrics
    Research on the Security Technology in Virtualization
    Yue GONG, Chao LI, Wei WU
    2016, 16 (9):  73-78.  doi: 10.3969/j.issn.1671-1122.2016.09.015
    Abstract ( 915 )   HTML ( 14 )   PDF (2003KB) ( 294 )  

    For prominent benefits in efficiency, agility, and innovation, cloud computing is widely taken attention by governments. During recent years, the virtualization technology as the core technology of the cloud computing has been further developed with the wide application of the cloud computing. The virtualization technology brings the convenient conditions to the cloud computing, but new security challenges are introduced. The paper made the in-depth research on the related documents and reality. The existing status of the virtualization security including virtual machine sprawl, peculiar set-up hidden, virtual machine hopping, virtual machine escape and denial of service attack, is analyzed from the hidden dangers and the attacks. The practical method of the virtualization security is proposed from three aspects including the security mechanisms of host, Hypervisor and VM. The security technical support is provided for the infrastructure platform.

    Figures and Tables | References | Related Articles | Metrics
    Security Analysis for the Information of Wearable Devices
    Yue QIU
    2016, 16 (9):  79-83.  doi: 10.3969/j.issn.1671-1122.2016.09.016
    Abstract ( 2485 )   HTML ( 6 )   PDF (2421KB) ( 293 )  

    With the rapid development of information technology, intelligent wearable devices are becoming a new digital age and hot spots. It with small fashion modeling, easy to take, simple and practical function of design, and product diversification is gradually applied to people’s fitness exercise, children and the elder care, leisure, entertainment and electronic government affairs and other aspects. Because of intelligent the ubiquitous wearable device, as it makes people’s life and work convenient, it also brings the consumer more and more safety problems at the same time. The information security of smart wearable devices is analyzed in this paper. Firstly, this paper reviewed the development history of wearable devices nearly half a century. Then, this paper analyzed the aspects of the safety risk by current technology standards, law, and the design and application hazard of product. Then, this paper proposed the necessary security technology, management from the overall planning and designing of key technologies and application details etc. Finally, this paper predicts the future trend of the technology of wearable devices from the perspective of the development of the digital age.

    Figures and Tables | References | Related Articles | Metrics
    A Security Isolation Model of Virtual Environment Based on SR-IOV Technology
    Mingda LIU, Longyu MA
    2016, 16 (9):  84-89.  doi: 10.3969/j.issn.1671-1122.2016.09.017
    Abstract ( 553 )   HTML ( 2 )   PDF (3888KB) ( 260 )  

    The development of virtualization technology brings about the change of computing model, but it also brings many security problems. This paper researches virtual environment safety problems, currently the mainstream security protection mode, and I/O hardware virtualization technology (SR-IOV). And then it proposes a virtual environment safety isolation model based on SR-IOV technology for the problems of the virtual computing environment safety isolation. The model devise virtual domain into different safety level according to user needs. High level domain owns dedicated physical network card and encryption card, and lower still uses traditional software simulation method implementing I/O device. SR-IOV uses the direct device technology to realize the communication of virtual domains and the physical equipment. The equipment of direct connected technology has good isolation effect, so it can achieve network data isolation and data encryption isolation according to the level of security. The experimental analysis shows that the model can improve the security isolation characteristics of virtual computing environment, and enhance the security of virtual environment. Not only it has the feasibility, but also has a good performance and efficiency.

    Figures and Tables | References | Related Articles | Metrics
    Network Security Situation Awareness Based on Big Bata
    Meng ZHAO
    2016, 16 (9):  90-93.  doi: 10.3969/j.issn.1671-1122.2016.09.018
    Abstract ( 666 )   HTML ( 6 )   PDF (2195KB) ( 283 )  

    In recent years, the network construction level has been raised to a higher level. For massive data, how to dynamically reflect the overall situation of network security, and forecast the development trend of network security is the current problem. This paper proposes the use of big data technologies such as mass storage, parallel computing, efficient query. For large-scale network security situation has created opportunities of technology breakthrough. By the big data processing and analysis capacity, tens of thousands of network events and other information are processed by automatically analysis and depth mining.We can analysis and evaluate the network security state, perception of exceptional event and overall security situation, and forecast the future security situation.

    Figures and Tables | References | Related Articles | Metrics
    Burpsuite Extender Apply in Vulnerability Scanning
    Shiyuan YU, Yutian WANG, Xin LIU
    2016, 16 (9):  94-97.  doi: 10.3969/j.issn.1671-1122.2016.09.019
    Abstract ( 660 )   HTML ( 8 )   PDF (1870KB) ( 295 )  

    Burpsuite is a world-renowned leading integrated platform of Web attack, and the platform includes web proxy, web crawler, scanner, automated attack, decoder, repeater and so on.It supports writing custom plugins to extend Burpsuit. In this paper, the work method of Burpsuite tool is studied in depth, and the new method and function of Burpsuite tool is excavated. From the perspective of web security testing, as an example of the popular struts security vulnerabilities, we give full play to the advantages of Burpsuite tools and write a number of Struts vulnerability detection tools.By Burpsuite tool platform,we realize automation Struts vulnerability detection ,identification, and join the coding distortion, to bypass the web application firewall protection means test. And it will play an important role in the safety testing.

    References | Related Articles | Metrics
    Study of Cloud and Data Center Networking Security Architecture
    Ye ZHANG, Jin SHANG, Dongyi JIANG
    2016, 16 (9):  98-103.  doi: 10.3969/j.issn.1671-1122.2016.09.020
    Abstract ( 469 )   HTML ( 1 )   PDF (2563KB) ( 92 )  

    With the development of visualization technologies and Software Defined Data Center (SDDC), data center becomes agile, elastic and efficient. It requires security service running on it which also carry the same characteristics and beyond. Security solution designed for physical network and physical server cannot be deployed into virtualized data center. This paper proposes a distributed architecture for data center network security solution. The components of this solution are distributed into data center. The security service is elastic, agile and efficient. It supports work load migration and security service scale out, and multiple hypervisors and multiple types of data center deployments. This paper describes how this architecture can support several key requirements from data center, like micro-segmentation, visibility, and network behavior correlation, and several deployments on multiple data centers.

    Figures and Tables | References | Related Articles | Metrics
    Analysis of Leaking Prevention Technology of Mobile Internet
    Jiangbo WANG, Haiyang WANG
    2016, 16 (9):  104-107.  doi: 10.3969/j.issn.1671-1122.2016.09.021
    Abstract ( 435 )   HTML ( 1 )   PDF (1903KB) ( 109 )  

    With the development of information technology and the development of the Internet industry, network security has risen to national strategy. In recent years, with mobile Internet technology rapid development, mobile intelligent terminals and 3G, 4G network quickly spread. Information dissemination channel is varied, and becomes more and more uncontrollable. The arbitrary transmission of sensitive information via ISP(Internet Service Provider) and WiFi using mobile intelligent terminals will endanger national information security, even national security. Classification and monitoring methods of ISP and WiFi were discussed in this study, and the possible developing trend of leaking prevention technology of sensitive information was also mentioned.

    Figures and Tables | References | Related Articles | Metrics
    Program Behavior Anomaly Detection Method Based on Improved HMM
    Xin WU, Yuesong YAN, Xiaoran LIU
    2016, 16 (9):  108-112.  doi: 10.3969/j.issn.1671-1122.2016.09.022
    Abstract ( 678 )   HTML ( 6 )   PDF (2296KB) ( 155 )  

    Anomaly detection of program behavior is an important part of network anomaly detection. In traditional HMM, the probability of transition and the probability of the observed value is only related to the previous state, which leads to high false alarm rate and low detection rate. In this paper an improved 2HMM detection method is proposed, which is based on local regularity of the system calls. And in order to reduce the training time, the model uses a more simple parameter estimation algorithm. Finally, through the experiment, compared with the traditional HMM and traditional 2HMM,the superiority of the model is proved.

    Figures and Tables | References | Related Articles | Metrics
    Research on Test Evaluation System of Anti-malware Products and Service
    Jian ZHANG, Wenxu WANG, Pengfei NIU, Zhaojun GU
    2016, 16 (9):  113-117.  doi: 10.3969/j.issn.1671-1122.2016.09.023
    Abstract ( 431 )   HTML ( 2 )   PDF (1878KB) ( 140 )  

    To objectively and scientifically evaluate the anti-malware technology and products, international anti-virus test agencies always continue to study and update the testing standards and methods, which is gradually from static test to real time test. However, there are different opinions between security vendors and test agencies, and even conflict. It restricts the international process of China’s information security products. In order to realize the Internet power strategy, it is urgent to speed up the construction of the Chinese standard and the Chinese evaluation. This paper studied the testing criteria and methodology of anti-malware testing organization in the world, and analyzed these issues between testing criteria and Internet security threats, anti-malware technologies. It proposed a new guideline of anti-malware products and service test evaluation system based on Internet online testing environment and real security threat case. The anti-malware comparison test mode was continuous, synchronized with the performance and a false positive test. At the same time, the paper analyzed and presented the key problem in the construction of evaluation system.

    References | Related Articles | Metrics
    Analysis of APT Attack Principle and Protection Technology
    Sanjun CHENG, Yu WANG
    2016, 16 (9):  118-123.  doi: 10.3969/j.issn.1671-1122.2016.09.024
    Abstract ( 578 )   HTML ( 12 )   PDF (3448KB) ( 252 )  

    The continuous evolution of the global information technology makes the APT attacks more aggressive and purposeful. Application of advanced technology, long latency hidden and sponsored by profit party long-term funding, is significantly different APT attacks from other network attacks. This paper introduces the popular APT attacks in recent years, such as NIST attacks on the APT, so as to give the character of APT attacks, and indicate usual target of APT attack, by analysising APT attack case in recent years. After a detailed analysis of the common steps of APT attacks-South Korea SK company being APT attack, it illustrates the various steps of the offensive content. Furthermore, it puts forward comprehensive response to the APT attacks from the macroscopic continuous improvement of protection concept and micro structured best practice methods solutions.

    Figures and Tables | References | Related Articles | Metrics
    Research on Identity Trusted Level Evaluation Mechanism Based on User Behavior Analysis
    Jia PENG, Neng GAO
    2016, 16 (9):  124-129.  doi: 10.3969/j.issn.1671-1122.2016.09.025
    Abstract ( 295 )   HTML ( 1 )   PDF (4225KB) ( 106 )  

    With the development of Internet technology, there have been more kinds of Internet applications, and the ways of users participated in the Internet become richer. It is the basis of network trusted system to grating trusted level of network identity. This paper proposed an evaluation model of the identity trusted level based on user behavior. Identity provider (IDP) according to the entity's identity information and behavior determines the highest trusted level of entities. When relying party (RP) needs to identify the entity identity, IDP combines the login environment with the highest confidence level to provide RP a dynamic trusted level. RP may manage the rights according to the dynamic trust level. The model using the ideas of classification, can meet the demand of application to the different trusted level of user identity, achieve reasonable security, and improve the efficiency of identity management and ease of use.

    Figures and Tables | References | Related Articles | Metrics
    A Design and Implementation of Windows Login Based on Fingerprint Identification
    Xiaofeng LIN, Mu FANG, Qiang LI, Cunqing MA
    2016, 16 (9):  130-133.  doi: 10.3969/j.issn.1671-1122.2016.09.026
    Abstract ( 669 )   HTML ( 3 )   PDF (1916KB) ( 171 )  

    User identification is the first security gate for Windows operation system. Using the password to login has problems such as password leakage, brute force attack. Using fingerprint password can avoid these problems. In this paper, we investigate the credential provider mechanism in Windows, design and implement fingerprint-based authentication solution, which is convenient to deploy. Our solution improves user experience, and also achieves high security.

    Figures and Tables | References | Related Articles | Metrics
    The ELF File Integrity Checking Method Based on Granularity Extraction
    Yongtang ZHANG, Jiawen CHOU
    2016, 16 (9):  134-138.  doi: 10.3969/j.issn.1671-1122.2016.09.027
    Abstract ( 504 )   HTML ( 2 )   PDF (2147KB) ( 93 )  

    This paper proposes a mobile trusted platform for ELF file integrity checking method (Random-MAC). And classifing the ELF file as the section of the key link and the section of different types and attribute classification, and according to a certain size, the contents of each section were selected and then proceed to checkout. In order to achieve high efficiency and high safety, the evaluation of different effect of particle size on the safety and efficiency of selection is made. In different versions of the Linux system, the collection of 2249 different formats of the ELF file and sizes of the sample is analysised by the integrity of the verification. The results show that RMAC can improve the calibration efficiency even more than twice the size of the appropriate extraction. While the RMAC one time check security performance in the acceptable range has declined. But because of its introduction, the random nature of the existing viruses can not be done every time through the RMAC check. So RMAC can prevent the outbreak of the virus.

    Figures and Tables | References | Related Articles | Metrics
    Research and Design on Abnormal Behavior Online Detection Platform Based on Xen
    Pengfei NIU, Jian ZHANG, Qing CHANG, Zhaojun GU
    2016, 16 (9):  139-144.  doi: 10.3969/j.issn.1671-1122.2016.09.028
    Abstract ( 488 )   HTML ( 1 )   PDF (2620KB) ( 123 )  

    The traditional detection mechanism mainly based on the physical machine. The detection software is disturbed by the malicious software which resides on the same OS, so it is hard to detect OS status accurately. This paper presented an approach of supervision to the Internet by establishing an online detection platform against the abnormal behavior. It analyzed the key technologies in establishing the online detection platform and the characteristics of virtualization technology and virtual machine introspection technology. This paper proposes a method that can test and monitor the abnormal behavior in a continuous way relying on virtualization technology and virtual machine introspection technology. At last, this paper designs and implements a model of Xen-based online detection platform against the abnormal behavior.

    Figures and Tables | References | Related Articles | Metrics
    Trust Baseline Concept and Management Architecture
    Qiang HUANG, Zhiyin KONG, Le CHANG, Dehua ZHANG
    2016, 16 (9):  145-148.  doi: 10.3969/j.issn.1671-1122.2016.09.029
    Abstract ( 659 )   HTML ( 3 )   PDF (2106KB) ( 104 )  

    Based on the review of research history on security baseline and not only data but also system integrity protection ability provided by trusted computing platform, trust baseline concept was proposed to promote the traditional security baseline construction procedure and resolve actual problems of trust policy management in trusted computing platform deployment. Trust baseline concept is defined by the minimal guarantee of certain trust degree of information system. We emphasis the necessity of promotion of this concept with shortcoming of trust evaluation and analogy of security mechanism. On the basis of comparison of security baseline and trust baseline, the relationship of them is discussed and the function of trust baseline for providing system TCB assurance is presented. The trust baseline management structure was designed to contribute to trusted computing platform’s usage, arrangement and administration, combining trust and security mechanisms and policies and trust level evaluation.

    Figures and Tables | References | Related Articles | Metrics
    Research on the Technology of Gun Detection System for Android APP Videos Based on Deep Learning
    Qing LEI, Lihua JING, Deming ZHAO, Jilong ZHENG
    2016, 16 (9):  149-153.  doi: 10.3969/j.issn.1671-1122.2016.09.030
    Abstract ( 910 )   HTML ( 3 )   PDF (2257KB) ( 91 )  

    With the rapid development of the Moblile Internet, Android OS has become the most important internet content delivery channels. Unfortunately, different types of videos, which threaten the stability of the society, appear, due to chaotic APP supervision approaches. In this paper, with the objectives of monitoring the Android video applications automatically and thus purifying the network environment, we proposed a gun detection system, which is based on deep learning, for Android APP videos. By overcoming the difficulty of extracting the APP video data from the bottom layer of the Android system, we designed a new video acquiring approach according to the Android multimedia framework. We also developed a part-whole-gun (PWG) detection method based on the Faster R-CNN framework for object detection. Experimental results demonstrate decent performances for practical test images.

    Figures and Tables | References | Related Articles | Metrics
    Research and Discussion on the Construction Data Cloud Platform
    Bixiu CHEN, Hanxiang JIANG, Zhihong LIN, Jiayue YANG
    2016, 16 (9):  154-157.  doi: 10.3969/j.issn.1671-1122.2016.09.031
    Abstract ( 495 )   HTML ( 1 )   PDF (3619KB) ( 139 )  

    As the complexity and variety of the crime form in the new era,the traditional electronic data forensics has been difficult to meet the demand of the judicial work. Combined with the actual needs in the police force, this paper proposes an electronic data cloud platform. It can support for data reuse, inter regional cooperation and networking,And it has made significant progress in the billion level data. In addition, depth mining platform,correlation analysis and other technology,has an important role in the fight against crime. This paper compared with the traditional pattern of evidence collection, and combined with the actual needs in the police force, expatiates the necessity of the construction of data clouds gathering platform.This paper also takes some discussion on the constructive problem related to data clouds gathering platform, then puts forward views that judicial organs should step up cooperation with relevant institutions.

    Figures and Tables | References | Related Articles | Metrics
    Complex Network Based Visualization System of Social Media Analysis Content Security
    Yujing ZHOU, Jiahui SHEN, Haitao QIU, Daren ZHA
    2016, 16 (9):  158-162.  doi: 10.3969/j.issn.1671-1122.2016.09.032
    Abstract ( 694 )   HTML ( 2 )   PDF (4592KB) ( 141 )  

    With the drastic explosion of the social network, social media has gradually become the indispensable part of people’s communication life. It rises the importance of social media mining which analyzes on both the social network and individual’s behavior. The supervision of the social media content has become the pivot of maintaining the harmony and stability of the society. According to this background and our observation in this paper, we propose a social media topology expression and analysis system based on the complex network technology, and it utilizes the combination of visualization method in assistance of users obtaining more intuitional information for nasalization and decision making. The system consists of three main analysis modules: network statistical feature analysis, key figure discovery, and community discovery. The three parts’ complementary combination also clearly shows connections and logical relation with each other. Finally, we demonstrate the rationality and availability of the system by the case analysis of a company.

    Figures and Tables | References | Related Articles | Metrics
    Research on the Security Problem of Cloud Computing Virtualization Platform
    Wenxu WANG, Jian ZHANG, Qing CHANG, Zhaojun GU
    2016, 16 (9):  163-168.  doi: 10.3969/j.issn.1671-1122.2016.09.033
    Abstract ( 670 )   HTML ( 3 )   PDF (3406KB) ( 235 )  

    With the rapid development of cloud computing technology, the event of cloud security has an increasing trend in linear, which has become a serious issue to be solved in the cloud computing. Virtualization technology is the key of cloud computing. It can effectively promote the development and application of cloud computing to enhance the security of the virtualization platform. In the virtualization platform, the traditional security solutions cannot keep it safe. At first, this paper introduced the virtualization technology and the major virtualization platforms, and analyzed the various security issues faced by the current virtualization platform and its preventive methods. Then through the comparative analysis of the number and types of security vulnerability in traditional environment, virtualization platform, the research concern and other aspects, the paper proposed the current security situation and development trend of security threat of the virtualization platform. Finally, this paper summarized the main problems of the virtualization platform and provided countermeasures.

    Figures and Tables | References | Related Articles | Metrics
    Research of the Security Situation about Industrial Control Information System
    Yu ZENG, Jinquan GUO
    2016, 16 (9):  169-172.  doi: 10.3969/j.issn.1671-1122.2016.09.034
    Abstract ( 473 )   HTML ( 1 )   PDF (2064KB) ( 181 )  

    In recent years, industrial control information system become more and more important in industrial area. Many industrial control information system (such as SCADA, DCS, PLC) become the key part of an industrial product area. We pay more attention to the industrial information security problems. In the paper, we analyzed the main security status of industrial control information system in Chinese west big city by plenty of real industrial enterprise statistical data and level protection testing and evaluation data. We analyzed the main status, protection method and problem of these system. We also give some advice about how to improve the system status.

    Figures and Tables | References | Related Articles | Metrics
    The Security Strategy of Private Network
    Jianing WEI, Jue WANG, Tao LI
    2016, 16 (9):  173-176.  doi: 10.3969/j.issn.1671-1122.2016.09.035
    Abstract ( 503 )   HTML ( 2 )   PDF (3289KB) ( 141 )  

    Private network as an important part of the basis of police information technology play in maintaining stability, the fight against crime, public security prevention and control, and other aspects of serving the people a great role, a strong impetus to the development and progress of police work, but also their own security has become increasingly important. Some security incidents in recent years show that the lack of effective protection of private network strategy, a strong need for security top-level design. By developing a layered defense strategy, data exchange and security, business security and safety, the terminal control and audit network access and protection four aspects, the establishment of an overall protection system. Continuously improve safety management framework, with the construction of the security technology department visual management, and ultimately the safety management "visible, keep things under control," the goal, but the protection policy is also applicable to other industries physically isolated network.

    Figures and Tables | References | Related Articles | Metrics
    Research on Network Security Risk Model Based on the Information Security Level Protection Standards
    Tao LI, Chi ZHANG
    2016, 16 (9):  177-183.  doi: 10.3969/j.issn.1671-1122.2016.09.036
    Abstract ( 690 )   HTML ( 12 )   PDF (5855KB) ( 318 )  

    Information security level protection is an important guarantee of information system. It requires that different level information system should have the different security proctection which is realized by using suitable security control on security technology and system management. The paper focuses on an important aspect of the three information system security assessment of the level of protection assessment model, the three-tier grading system information network security level to protect the safety control module for risk assessment analysis to accurately focus on different security information systems security evaluation accurately reflects the overall network architecture and all critical information systems security of the network devices. Based on the assessment model, the most common major information systems - three information systems, "Network security risk assessment based on the information system security protection standards."Derived by analyzing three information systems risk assignment, and then get a more precise impact of different risk levels for each system can more effectively control security risks and prevention, provide strong support for the safety and security of information systems decisions protection.

    Figures and Tables | References | Related Articles | Metrics
    A Survey on Special Video Content Detection Algorithms
    Dong REN, Wei SONG, Jing YU, Wei JIANG
    2016, 16 (9):  184-191.  doi: 10.3969/j.issn.1671-1122.2016.09.037
    Abstract ( 550 )   HTML ( 8 )   PDF (8030KB) ( 134 )  

    Until now, research review of the special video content recognition algorithm has not yet appeared. But the network traffic has dominated by the video, and there are many types of contents, especial some illegal contents flooded the internet, which are affecting the social and public security. The traditional control methods which control the publishing of these videos are invalid, and the recognition model by content detection will be more effective. So, the survey of special content detection is given, and the summarization of the present work and developments about pornography, violence and terrorist videos content detection are presented. This paper has systematically surveyed the existing content detection algorithms from three aspects, and they are the content description model, the testing dataset, assessment criteria. Furthermore, combining with the current development of current technique, the research tendencies and the potential solutions are presented.

    Figures and Tables | References | Related Articles | Metrics
    Study on Block Chain Technology and Its Applications
    Hui XIE, Jian WANG
    2016, 16 (9):  192-195.  doi: 10.3969/j.issn.1671-1122.2016.09.038
    Abstract ( 763 )   HTML ( 24 )   PDF (2343KB) ( 1091 )  

    Since 2009, blockchain was used for base record technology of account book in BitCoin. It has graduated as a new distributed, non-centralized and non-trust solution after several years. Especially in last two years, blockchain has gradually gotten out of BitCoin as an independent innovation hot point. It creating a new distributed data storage technology with an innovation change on system/program design. Maybe, it will subvert the organizational model of current business community in future. So it received more and more attention from Business and Technology communities. This article do more research and investigation on the design and implementation of blockchain. Include security investigation for blockchain and blockchain related application, and the security architecture compare for blockchain security system and traditional centralized mode system. Did the summaries for the advantages and disadvantages of the blockchain, and more actual application scenarios are derived.

    Figures and Tables | References | Related Articles | Metrics
    Design and Implementation of a Security Protect Gateway Based on Loongson Platform
    Shulei MA, Hongjuan TIAN, Feng LIU
    2016, 16 (9):  196-201.  doi: 10.3969/j.issn.1671-1122.2016.09.039
    Abstract ( 571 )   HTML ( 4 )   PDF (3592KB) ( 94 )  

    Currently, most network devices are developed base on foreign software and hardware. The core technology is controlled by others. After the Snowden leaks, some backdoors were publicly announced, which brought much latent dangers to our country. Because of the background, designed an architecture which is parallel processing by several Loongson CPU, due to the lack of performance for single Loongson CPU, and base on the architecture, developed a security protection gateway, which can be deployed in the entrance of the information center in network, and it has many functions such as firewall, IPS, and security access control. It improved the level of independence and controllable, and covered the shortage of performance and reliability for domestic Loongson CPU, also it guaranteed the security and controllable for the information center and user network.

    Figures and Tables | References | Related Articles | Metrics
    Research on Collecting Data for Situation Awareness of Cyber Space
    Weiming CHU, Jin HUANG, Zhile LIU
    2016, 16 (9):  202-207.  doi: 10.3969/j.issn.1671-1122.2016.09.040
    Abstract ( 613 )   HTML ( 4 )   PDF (4657KB) ( 234 )  

    With the rapid development of the Internet, which have been expanding and becoming more widely today. Many departments and companys activities are increasingly rely on the network with their critical activities .It causes the rising rates of a variety of network attacks and information security event . Situational awareness and APT gradually become hot network words. This paper mainly describes a web-based space security situation of Big Data and aware implementation of data collection. Combined with network traffic analysis to search network analysis space situational awareness to find out generate sustainable and real strong network security data.At the same time make real-time analysis of network attacks. And by visual means, provided great network security implementation perceived future trends,also provided a powerful tool for decision making judgments. In this article, we focus on cyberspace security situational awareness system to collect data,prove and shows APT detection technology in cyberspace security situational awareness application and implementation of the system, will be a combination of both things, provide a situational awareness data to build new ideas.

    Figures and Tables | References | Related Articles | Metrics
    Security Analysis of Web Based Software
    Yuxiang JI, Yan ZHU, Xiaoqiang TANG
    2016, 16 (9):  208-212.  doi: 10.3969/j.issn.1671-1122.2016.09.041
    Abstract ( 445 )   HTML ( 4 )   PDF (2374KB) ( 121 )  

    Security problem of Web software is more and more serious because of Web structure in its application. This paper analyzed common problems of Web system from the point of view of security. It established security defense mechanism towards Web platform authentication, authorization, encryption and management,carried out real-time monitoring through feature matching and block retrieval technology, providing technique protection for information filtering. Concretely,the method of designing the Web firewall by using the slice retrieval technique and the use of the Simhash algorithm to obtain the message feature to improve the network defense capability were adopted. Through the design and analysis of the Web firewall, danger of infringement can be prevented effectively and finally proved rationality and operability of security structure designed in this paper.

    Figures and Tables | References | Related Articles | Metrics
    Research on Control Technology of Telecom Network Fraud Crime
    Wenjiang HAO, Liping XU, Jinlei JIANG, Cuicui LI
    2016, 16 (9):  213-217.  doi: 10.3969/j.issn.1671-1122.2016.09.042
    Abstract ( 583 )   HTML ( 6 )   PDF (4180KB) ( 125 )  

    At present, China's telecommunications network fraud crime situation is grim, only in 2015 the national public security organs filed a total of 590 thousand cases, resulting in the economic loss of 22 billion 200 million. Facing the increasingly rampant fraud in the telecommunications network, our country government smitten, June 2015, the State Council approved the establishment by the Ministry of public security, the Ministry of 23 departments and units of "blow governance network telecommunications fraud model delinquency ministerial joint meeting system, carried out over a period of a year and a half of special rectification action, in order to achieve the fraud cases, the mass loss is decreased significantly, solve the case number, captured the marked increase in the number of criminal suspects and the" two down two litres of "realizing the goal of. This paper presents telecommunications network fraud crime is a major classification analysis the process and technical characteristics of fraud in a way such as pseudo base, from prevention technology and blow technology point of view put forward several countermeasures for the management of telecom network fraud.

    Figures and Tables | References | Related Articles | Metrics
    Research Review and Outlook on Android Mobile Malware Detection
    Lin CAI, Tieming CHEN
    2016, 16 (9):  218-222.  doi: 10.3969/j.issn.1671-1122.2016.09.043
    Abstract ( 507 )   HTML ( 3 )   PDF (1881KB) ( 139 )  

    With the wide spread of Android-based mobile applications, the problem of information security in Android system is increasingly serious . Although Android operating system adopted independent virtual memory space to guarantee the reliability of its kernel , because of calls and association between various events in application , it will lead to private data leakage , unauthorized operation procedures, attacks to run out the battery , malicious processes interact and other mobile security events. Therefore , Android malware detection techniques become a hot topic in the domain of mobile application security. In this paper, the application requirements and environments for Android malware detection are firstly described, and then the diversity malware detection methods are surveyed which include dynamic and static methods, machine learning-based schemes, formal method-based software engineering techniques. Finally, the research direction to initiate a comprehensive static detection framework by integrating machine learning and software engineering is proposed, with some key challenges concomitantly analyzed, which can be valuable reference both for academic communities and industrial products.

    References | Related Articles | Metrics
    Modeling for Credibility Concept of Cloud Computing
    Xiaojun YU, Qiaoyan WEN, Yuqing ZHANG, Yabiao WU
    2016, 16 (9):  223-227.  doi: 10.3969/j.issn.1671-1122.2016.09.044
    Abstract ( 476 )   HTML ( 3 )   PDF (2217KB) ( 147 )  

    Cloud computing represents the new computing and resource management pattern. However, there are still many security threats in the technology and management, which result to the credibility problem in the development of cloud computing. Credibility concept modeling, is one of the basic content of the research on the credibility problem of cloud computing. In the information technology field, researchers have different understandings of credibility, and there is no clear concept definition on credibility of cloud computing. This paper proposes a concept modeling method based on ontology. Ontology is an important tool used to describe the relationship between things and things, and it is also an effective method for conceptual modeling. First, the credibility factor of cloud computing is analyzed and these factors are summarized to three aspects, including cloud services, cloud resources and cloud providers. Then, the credibility of cloud computing and cloud computing is represented with united modeling language and formal defined. Finally, from the points of completeness, rationality and clear, the concept model was analyzed, and the results show that the proposed method clearly describe credibility concept of cloud computing and promote to form the consensus on the concept of credibility.

    Figures and Tables | References | Related Articles | Metrics
    The PLC of Industrial Control System Facing Security Threats from Cyberspace
    Guojiang SONG, Ronghua XIAO, PEI YAN
    2016, 16 (9):  228-233.  doi: 10.3969/j.issn.1671-1122.2016.09.045
    Abstract ( 490 )   HTML ( 1 )   PDF (3904KB) ( 244 )  

    Since invented, Programmable Logic Controller(PLC) is widely used in Industrial Control Systems(ICS).With the gradual fusion of industrialization and informationization,more technology like smart hardware & the Internet of Things IoT was used in ICS, and more PLCs exposed on the Internet.For originally only for automation control without considering security, PLC was attacked by hacker have occurred sometimes,and caused substantial damage to real physical device. The paper simulated the reduction process of a new type attack on PLC. Hackers use tools to invade PLC. PLCs Which can be uploaded and downloaded code turn into the gateway. Then they use PLC as tools to access other ICS and information systems. Malicious code is long latent period and hard to moniter.It is hard to stop when the attack occurred. The paper provides the attack process for the analysis and research, and provide reference for the research of the PLC and ICS safety.

    Figures and Tables | References | Related Articles | Metrics
    Research on Twitter Oriented Analysis System
    Junwei WEN
    2016, 16 (9):  234-239.  doi: 10.3969/j.issn.1671-1122.2016.09.046
    Abstract ( 478 )   HTML ( 2 )   PDF (8654KB) ( 111 )  

    With the emergence of a large number of globally influential social networking sites like Twitter, the influence of public opinion crosses over the boundary of nation. Network monitoring department began to pay attention to and assess the impact of foreign public opinion on the domestic environment, and Twitter is bound to be a focus of attention. This paper, based on the theory of social media data mining and network analysis, designs and implements a Twitter oriented comprehensive analysis system for data collection and storage, data analysis and interactive display of analysis results with Python, graph-tool, NLTK and other related tools. The system can collect and display the hot topics and related tweets in a certain area in real time, doing sentiment analysis of tweets. At the same time, system can get the relationship network of specified user and specified size, using theory of Closeness Centrality, Betweeness Centrality and PageRank algorithm for individual influence analysis and building Stochastic Block Model for community structure discovery in Networks. System testing is in line with expectations and I hope this system could provide reference and help for the public security work of public opinion on the internet.

    Figures and Tables | References | Related Articles | Metrics
    Research on the Prototype System of Microblog User Relationship Analysis Based on Interest
    Qifei LIU
    2016, 16 (9):  240-245.  doi: 10.3969/j.issn.1671-1122.2016.09.047
    Abstract ( 501 )   HTML ( 1 )   PDF (4147KB) ( 61 )  

    With the arrival of the era of Web 2.0,the popularity of microblog brings many opportunities and challenges to the public security work on the actual combat.In order to control the data of microblog user relationship effectively,we can use it on lots of public security business such as security early warning, prevention of crime and case detection.First of all,this paper defined the position and significance of the system of microblog user relationship analysis based on interest macroscopically, and designed the function and hierarchical structure of this system.Then,this paper studied two central technological modules in this system. Firstly taking the microblog user’s interest as a starting point, we divided microblog user into different communities by the K-means clustering algorithm (including preprocessing by PCA descending dimension algorithm) and diagram algorithm. Secondly,we analyzed the importance of microblog user in the communities by the important node analysis technology. In this paper,the system can divide microblog user into different communities theoretically according to the needs,and it can get the key users of each communities,which will provide a lot of convenience and support for the public security work.

    Figures and Tables | References | Related Articles | Metrics
    An Intelligent Analysis to the Crowd Involved in Cyber Fraud Case
    Linxiang CAI
    2016, 16 (9):  246-250.  doi: 10.3969/j.issn.1671-1122.2016.09.048
    Abstract ( 601 )   HTML ( 4 )   PDF (2763KB) ( 164 )  

    With the development of the Internet, cyber fraud crime, featuring concealment and diversity, has become a hazard that is hard to investigate and cannot be neglected. However, under the existing situation of cyber fraud crime, there are still scarce of incorporated investigations on cases and analyses aimed at the crowd involved in cases. In this paper, we get to know current platform and process that public security bureau is using for cyber fraud crime, further apply the thinking of data mining to it. Based on the study of clustering algorithm and decision tree algorithm, we put forward an intelligent analysis algorithm module on the basis of K-means algorithm and CHAID algorithm, and preliminary build a database of the crowd involved in cyber fraud cases for data mining. Through the intelligent analysis, we can conclude the characteristics of the victim and the criminal suspect on the one hand, and factors that influencing the money of cyber fraud cases on the other hand. In the future, we can build an intelligent analysis platform and a database for cyber fraud crime investigation, getting deeper into the crime information, and make better use of the analysis results for our investigation. It is of certain significance that using intelligent analysis algorithm to give assistance and guidance to cyber fraud crime investigation as well as prevention and control.

    Figures and Tables | References | Related Articles | Metrics
    Research on Key Technologies of Network Public Opinion Monitoring System
    Xudong YANG
    2016, 16 (9):  251-256.  doi: 10.3969/j.issn.1671-1122.2016.09.049
    Abstract ( 591 )   HTML ( 4 )   PDF (6267KB) ( 255 )  

    With the development of the Internet, the self-media platform which based on the representation of Weibo, such as Sina Weibo, has become the fourth media which is after newspaper, broadcast and television. And it also become the main means of the internet consensus. In the early stage of the internet consensus, artificial operation is the main means to monitor. But by the rapidly development of increasing network data, the artificial operation cannot afford the requirement of the development, and it needs to operate huge of the internet consensus through automatically software. This paper introduces the research status of the network public opinion monitoring system internal and abroad, and also analyzes the core technical requirement of the network opinion monitoring system, and the method and principle of mainstream technology system. According to the characteristics of methods so far, this paper has come out the improvement measures. By using Python programming language, it also verifies the feasibility of the technical improvement measures. Meanwhile, the proposed measures which is to improve the technique, come out a certain extent enlightenment of perfecting the network public opinion monitoring system.

    Figures and Tables | References | Related Articles | Metrics
    Research on Public Opinion Guide Control Strategy Based on Information Dissemination Model
    Ye LOU
    2016, 16 (9):  257-266.  doi: 10.3969/j.issn.1671-1122.2016.09.050
    Abstract ( 546 )   HTML ( 1 )   PDF (6431KB) ( 96 )  

    With the advent of the information age, the Internet has become the main carrier to publish and disseminate information. In social networks, the proliferation of information has affected a wide range of transmission speed and other characteristics of the Internet in people's lives to provide convenience, but also created a lot of social problems such as network rumor, network and other group events. Internet public opinion for the event, the relevant departments need to be effective induction, analysis, analyzing, forecasting, at the beginning of the event will be able to timely and proactive response thereto, intervention, guidance, and thus effectively play the relevant departments to guide the work of the Internet public opinion accuracy and validity, the maximum degree of completion of Internet public opinion guidance and control work. By Characteristics and Law of Internet information dissemination model, theory and practice together, against public opinion hot events occur in the Internet, the study found information propagation in different social networks, and then summed up public opinion guidance and control methods and policy, has important theoretical and practical significance. Through the information dissemination model flock model, independent cascade model, innovative models, epidemiological model, etc. Implementation and research, dissemination of information to grasp the different environment, information and diffusion characteristics of the way, combined with the reality of a classic case of public opinion guide control methods of research, analysis and summary.

    Figures and Tables | References | Related Articles | Metrics
    Design of Storage Structure in HBase for Microblog Information Analysis
    Xilin CHEN, Ding MA
    2016, 16 (9):  267-271.  doi: 10.3969/j.issn.1671-1122.2016.09.051
    Abstract ( 413 )   HTML ( 3 )   PDF (3384KB) ( 165 )  

    With the development of the Internet, microblog's impact on people's life is getting deeper. Due to the surge of microblog users, it has a very large amount of data, and every moment in the rapid growth.As this situation, the traditional database for massive data processing has been difficult to meet the demand. So NoSQL database came into being.Among them, HBase which mentioned in this paper is one of the most popular open source NoSQL currently. HBase, as a new type of NoSQL database which is based on Hadoop Distributed File System, can not only meet the efficient storage of structured data, and achieve efficient processing through the Mapreduce ,but also store unstructured data provide relatively flexible information storage and management for massive data.What’s the most important is HBase cluster is very convenient to expand. It only need to increase the slave node machine,which will be easier than the expansion operation of traditional database,such as read and write separation, with separate tables. In this paper, we studied the design of Row-key for microblog's information in HBase. We discussed from the angle of depth and breadth of information.The query efficiency of HBase is improved by two level index. In the premise of not changing HBase source code, we solved the problem that the information query subject to the design of Key-rows in a large extent, and gave full consideration to the applicable storage mode for microblog information such as photos, links,etc, to meet the efficient management of the microblog information.

    Figures and Tables | References | Related Articles | Metrics
    Internet Public Opinion Monitoring System Based on Active Mode
    Xiaodong SUN, Ping XIAO
    2016, 16 (9):  272-277.  doi: 10.3969/j.issn.1671-1122.2016.09.052
    Abstract ( 488 )   HTML ( 3 )   PDF (3062KB) ( 99 )  

    This paper analyzes passive Internet public opinion supervisory system. It analyzes the shortcomings of its work procedures from posting public opinion on Internet, long-time delay of effective analysis and dealing, low efficiency, not on-time information preprocessing to not acquiring all the sensitive and harmful information. It establishes an active Internet public opinion supervisory system after analyzing the reason of the above problems. This system adopts the formula of dynamically and real-timely acquiring data with the client end based on webpage control. It controls Internet information publishing forms and channels. It real-timely and actively supervises the data such as specific public opinion information, hidden harmful information, time-effective and sensitive information and public opinion trend information from the very beginning. It real-timely copies the dynamically submitted data to central database to analyze. It completely subverts the traditional way of crawling information. It basically can realizes real-timely and actively manage and control information, and improve greatly the efficiency of public opinion information supervision and management for the public security.

    Figures and Tables | References | Related Articles | Metrics
    Analysis and Enlightenment of US Government and Enterprise Cyber Threat Intelligence
    Liping XU, Wenjiang HAO
    2016, 16 (9):  278-284.  doi: 10.3969/j.issn.1671-1122.2016.09.053
    Abstract ( 624 )   HTML ( 21 )   PDF (3880KB) ( 223 )  

    With the rapid development of information technology and network, our critical infrastructure and government websites have been attacked frequently. More severe, the various types of network attacks and cyber threats present trend of development of continuity and expansion. The traditional passive means of defense can not meet the advanced persistent threat (APT), 0 day and other new network threat protection.But threat intelligence appeared to make up for this shortfall. As national cybersecurity early start country, in early 20th century the United States began to pay attention to the threat intelligence.Now,it has gradually established a complete system to deal with cyber threats. In this paper, we have provided a present situation with cyber threat intelligence of the US government and businesses. It can provide a useful reference for the threats to our government and industry intelligence. Firstly, the definition and types of threat intelligence has been analyzed. Then five areas has been studied and analyzed,such as the bills and Presidential Decree of the threat intelligence of the US , "Einstein Program", sharing mechanism , the relevant projects. Meanwhile,The work of the US companies of the cyber threat intelligence has been overviewed. Finally, on the basis of comparative and analysis of the US cyber threat intelligence, we put forward some enlightenment.

    Figures and Tables | References | Related Articles | Metrics