Netinfo Security

Analysis and Improvement of Windows Heap Randomization

Weiping WEN, Shilin JIA, Jiawei DU, Ce QIN

2017, 17 (7): 1-10. doi: 10.3969/j.issn.1671-1122.2017.07.001

Abstract ( 593 )

HTML ( 3 )

PDF (9049KB) ( 84 )

As the most widely used operating system, the security of Windows has become the focus of attackers and researchers at home and abroad. This paper starts with Windows memory management system, analyzes the heap address randomization mechanism of Windows operating system by reverse engineering and dynamic debugging, and designs and implements a randomized improvement scheme. The research work is divided into two parts: One is through the reverse debugging, exploring the Windows heap memory area, exploring the realization principle and method of heap address randomization mechanism, and analyzing and verifying the vulnerabilities of Windows heap address randomization mechanism by combined with several known attack methods. On the other hand, the corresponding solution is designed according to the analysis results to further enhance the randomness of the heap address configuration, and to reduce the harms of the known attack methods. The proposed scheme can effectively compensate for the lack of Windows system in heap address randomization design, reduce the harms of related attack technology, and improve the overall security performance of the system.

Figures and Tables | References | Related Articles | Metrics

A YARN-based Smart Grid Big Data Abnormal Detection

Yang CHEN, Yong WANG, Wei SUN

2017, 17 (7): 11-17. doi: 10.3969/j.issn.1671-1122.2017.07.002

Abstract ( 468 )

HTML ( 1 )

PDF (6131KB) ( 77 )

The defects of processing smart grid big data in Map-Reduce early version were also discussed, and the advantages of processing smart grid big data in YARN were also described in this paper. The coding model and implementation and advantages of YARN-DPP were also analyzed. In order to demonstrate the effectiveness of YARN-DPP, the hardware configuration environments and software running environments had been completed. A serial of simulation experiments in IEEE 118 node grid system were also done. The results and performance analysis demonstrated that good throughput and speedup had been obtained in YARN-DPP. It can meet the fast demands in large scale grid system big data processing. The computing speed was faster than sequence computation and Map-Reduce computation.

Figures and Tables | References | Related Articles | Metrics

Anomaly Detection Model Based on User Portrait

Gang ZHAO, Xingren YAO

2017, 17 (7): 18-24. doi: 10.3969/j.issn.1671-1122.2017.07.003

Abstract ( 1163 )

HTML ( 29 )

PDF (6298KB) ( 391 )

In view of the lack of data processing capability, the manual operation restriction of the rule extraction and the improper positioning ability of the intruderin the current big data environment, cannot meet the new security vulnerabilities and the emergence of the attack means in the new era. The author puts forward the intrusion detection model based on user portraits to realize the refinement of the intrusion detection granularity. In this paper, the intrusion detection model based on user portraits is introduced, and the intrusion detection model based on user image is introduced. To varying degrees, to improve the intrusion detection technology on the measurement of the evaluation results, and to a certain degree of practicality. In addition, as an emerging big data technology, the user portrait technology was introduced from the business areas such as precise marketing into the field of network security, which not only extending the applications of user portrait technology, exploring its potential research and practical value, but also making the intrusion detection technology has big data technology features, that meets the actual needs of the era of big data, and provides a new way to improve the intrusion detection technology at the same time.

Figures and Tables | References | Related Articles | Metrics

A Secure Routing Algorithm of Mobile Social Network Based on Community

Hao LIU, Zhigang CHEN, Lianming ZHANG

2017, 17 (7): 25-31. doi: 10.3969/j.issn.1671-1122.2017.07.004

Abstract ( 525 )

HTML ( 3 )

PDF (6292KB) ( 124 )

The traditional routing security mechanism is not suitable for the design of routing protocols in distributed cooperative mobile social network. In view of the problem, a security routing algorithm of mobile social network based on community(SRAC) is proposed. Firstly, the comprehensive trust between node in the same community is calculated based on cloud model. Then, the preference similarity between nodes based on the community is given, the degree of compactness between nodes is computed by analyzing the contact in-formation, and the degree of close relationship between nodes is computed by synthesizing the preference similarity and the degree of compactness. In the end, a security routing algorithm of mobile social network is designed by synthesizing the comprehensive trust and the degree of close relationship between nodes. The results of simulation show that, the routing algorithm SRAC can effectively restrain the influence of ma-licious nodes on the routing of messages.

Figures and Tables | References | Related Articles | Metrics

Blockchain and Privacy Preserving Mechanisms in Cryptocurrency

Hao WANG, Xiangfu SONG, Junming KE, Qiuliang XU

2017, 17 (7): 32-39. doi: 10.3969/j.issn.1671-1122.2017.07.005

Abstract ( 1106 )

HTML ( 12 )

PDF (6991KB) ( 257 )

As the supporting technique of bitcoin, blockchain is a decentralized infrastructure, which uses a linked data structure to verify and store data, and uses the distributed node consensus mechanism to generate and update data. Because of its characteristic of decentralized, verifiable and tamper proofing, blockchain has quickly become the focus of attentions by governments, international organizations, large consortia and scientific research institutions. This paper discusses the working principle of blockchain in cryptocurrency by comparing with the bitcoin system, introduces some typical consensuses mechanisms used in blockchain technology, analyzes the challenges of anonymity and privacy protection in cryptocurrency, and introduces the existing anonymous and privacy protection schemes.

Figures and Tables | References | Related Articles | Metrics

The Algorithm of Social Network Users Reliability Based on Bidirectional Weighted Graph

Yanping YANG

2017, 17 (7): 40-44. doi: 10.3969/j.issn.1671-1122.2017.07.006

Abstract ( 503 )

HTML ( 4 )

PDF (4329KB) ( 86 )

The social network platform, provide people with a more convenient platform for communication, micro-blog, WeChat, QQ already become an integral part of many people's lives. The social value of the business development and public opinion analysis in social network, which makes the analysis technology of the user relationship of social networking platform become the hot spot of network user's behavior analysis. For the relationship of social network users analyze problems, according to the law of the Anthropology of 150 and six degrees space theory formulated to effectively respond to the user's social relationships user relation graph generation rules, build customer relationship undirected weighted graph, using local shortest path search algorithm, social computing platform to user specified for the credibility of the root node of the "circle of friends" in the user and other users, the formation of the overall cognition to the specific user groups, internal relations credibility for to a particular user as the center of the new user recommendation and personalization information recommendation and so on to provide basis for decision making.

Figures and Tables | References | Related Articles | Metrics

The Design and Implement of Rule Matching-based Distributed Intrusion Detection Framework for Industry Control System

Dongmei CHENG, Biao YAN, Hui WEN, Limin SUN

2017, 17 (7): 45-51. doi: 10.3969/j.issn.1671-1122.2017.07.007

Abstract ( 568 )

HTML ( 7 )

PDF (6584KB) ( 175 )

This paper proposed a rule-based distributed intrusion detection system (RDIDS) framework to reduce the impact of traditional industrial control system problems. Furthermore, RDIDS construct a set of rules that contains network status, traffic and industrial operation for intrusion detection. The network status rules that defined by operator can detect unauthorized access for protecting the safety of physical system from information disclosure. The traffic rules learned from the analysis of traffic characteristics can detect abnormal network data flow. The industrial operation rules extracted from the industrial operating sequence can detect abnormal industrial operation. Finally, an industrial control system was built for validation, which contains several hardware or software. The experimental results that conduct on the simulation of industrial control system show that our system have a considerable performance.

Figures and Tables | References | Related Articles | Metrics

A Network Topology Discovery Algorithm Resistant to Routing Spoofing

Yifang ZHAO, Dongmei ZHANG

2017, 17 (7): 52-58. doi: 10.3969/j.issn.1671-1122.2017.07.008

Abstract ( 423 )

HTML ( 1 )

PDF (6071KB) ( 100 )

Accurate and comprehensive network topology can directly and effectively present the structure and state of the current network to network managers, so an accurate and complete network topology is an important part of network fault management, configuration management, and security management. Proactive detection based on ICMP and ARP has negative effects on the performance of network. The existing network topology discovery method based on IS-IS is difficult to ensure efficiency on describing IP network when attack based on routing protocol occurred. Then this paper proposes an algorithm for IP network topology based on IS-IS by analyzing the LSP packet, the algorithm obtains the information of network topology such as the relationship of the links between routers without making influence on network, then produce a believable, complete base network topology and request PSNP for security to avoid network topology changes caused by routing spoofing. The simulation result shows the algorithm can get a complete network topology in a routing spoofing environment which verified the feasibility of algorithm.

Figures and Tables | References | Related Articles | Metrics

A New Algorithm of the Location of Fingerprint Core in Cloud Computing

Xiangshen MIN, Xuefeng ZHANG

2017, 17 (7): 59-65. doi: 10.3969/j.issn.1671-1122.2017.07.009

Abstract ( 668 )

HTML ( 1 )

PDF (6819KB) ( 73 )

In cloud computing, identity authentication is the foundation of its security management. In order to effectively improve the efficiency of locating the core of fingerprint image, an algorithm of the location of the fingerprint core based on the regional division and adaptive path selection is proposed. Firstly, the fingerprint image is pre-processed through the regional division, and the adaptation path scheme is introduced based on statistical analysis, and the search region moving path of the location of the core is determined. Then, it uses the complex filter algorithm to detect the core of the fingerprint information which in the current region, and it achieves effective the location of the fingerprint core. The experimental results show that, under the premise of ensuring the accuracy of positioning, this algorithm can effectively reduce the time of the core detection and it has better detection efficiency.

Figures and Tables | References | Related Articles | Metrics

Research on Encrypted Deduplication Method Based on Offline Key Transfer in Cloud Storage Environment

Shuguang ZHANG, Hequn XIAN, Hongyan LIU, Ruitao HOU

2017, 17 (7): 66-72. doi: 10.3969/j.issn.1671-1122.2017.07.010

Abstract ( 428 )

HTML ( 2 )

PDF (5957KB) ( 128 )

Deduplication technology plays an important role in the rapid development of cloud storage. The data that are encrypted has become normal before the user uploading them. Different encryption keys are used to encrypt the same data to obtain different ciphertext, which makes the cloud server unable to realize encrypted deduplication. This paper presents a secure encrypted deduplication scheme that can deliver encryption keys in an offline manner. On the basis of dividing data types, the query tags of data popularity are constructed by using elliptic curve. The secure key transfer scheme is constructed by using the broadcast encryption technology so that the same plaintext is encrypted the same ciphertext, which cloud server can complete the unpopular deduplication. For popular data, the improved convergence encryption algorithm can improve the efficiency of deduplication while ensuring data storage security. Security analysis and simulation results show that the scheme has high security and practicability.

Figures and Tables | References | Related Articles | Metrics

Research on Configuration Software for Industrial Control System

Zixian XU, Jian LUO, Nan MENG, Xiangnan ZHAO

2017, 17 (7): 73-79. doi: 10.3969/j.issn.1671-1122.2017.07.011

Abstract ( 523 )

HTML ( 4 )

PDF (6555KB) ( 271 )

With the continuous development of automatic control technology, in the combination of industry automation control and computer information technology, more and more widely used, and gradually formed the industrial control system based on automatic control. Hackers have also turned their attention from previous attacks on Web servers to industrial control systems. By attacking the industrial control system not only pose a threat to the network system, and even destroy the industrial infrastructure, endangering personal safety and national security, industrial control system security has been widespread concern. Configuration software is an important part of industrial control system software, and its security will directly affect the safety of the whole industrial control system. This paper summarizes the characteristics of the industrial control system configuration software and the security risks, and to buffer overflow vulnerabilities as examples to analyze causes, attack and harm, and finally puts forward the security building on configuration software business logic, rights management, deployment, enhance the ability of security protection of the industrial control system and configuration software.

Figures and Tables | References | Related Articles | Metrics

Research on Risks and Countermeasures of Wireless WiFi Key APP

Yanwei TIAN, Songru YANG, Jie LI

2017, 17 (7): 80-84. doi: 10.3969/j.issn.1671-1122.2017.07.012

Abstract ( 541 )

HTML ( 1 )

PDF (5048KB) ( 256 )

With the rapid development of mobile Internet, the wireless WiFi password sharing mobile application software represented by WiFi master key has been rapidly popularized and widely used in our country. This kind of mobile application software to provide users with free Internet convenience, the Internet users inadvertently leaked their privacy data, causing password theft, phishing WiFi, hackers and other information network security issues become increasingly prominent. Sharing mobile application software through the mobile application market to WiFi master key as the representative of the WiFi code analysis found that this kind of mobile application software in the Internet mobile users rigid demand driven, the number of users is very large. This paper through the research of the working principle of the WiFi master key software, try from the point of view of its information security in hacking, user privacy data leakage, internal confidential information and the public security organs to combat cybercrime and other potential hazards, and on the basis of risk and safety hazards which put forward the corresponding suggestions and safety supervision the prevention and control measures, provide a reference for network security monitoring strategy for wireless WiFi.

Figures and Tables | References | Related Articles | Metrics

Table of Content