Loading...
Netinfo Security

Table of Content

    10 November 2017, Volume 17 Issue 11 Previous Issue    Next Issue
    Orginal Article
    For Selected: Toggle Thumbnails
    Orginal Article
    Research on Anomaly Behavior Detection Technology in Virtualization Environment Based on KVM
    Jian ZHANG, Changliang CAI, Liangyi GONG, Zhaojun GU
    2017, 17 (11):  1-6.  doi: 10.3969/j.issn.1671-1122.2017.11.001
    Abstract ( 570 )   HTML ( 3 )   PDF (1336KB) ( 667 )  

    With the security problem becoming the major problem of cloud computing, the traditional anomaly detection technology based on hosts and network can guarantee the reliability and security of the cloud computing service to a certain extent, but still faces deceiving and attacking threats. VMM has a high degree of isolation and transparency, the analysis of virtual machine behavior and network information can effectively improve the accuracy and security of anomaly behavior detection based on the agentless out-VM monitoring method. This paper analyzes anomaly behavior detection technology on physical environment, mixes the traditional intrusion detection algorithms, proposes anomaly behavior detection method based on KVM virtualization environment, experiments and analyses some aspects of the detection model. The results shows that the model can effectively detect the anomaly behavior of guest OS.

    Figures and Tables | References | Related Articles | Metrics
    The Development of Study on Practical Security of Continuous-variable Quantum Key Distribution
    Peng HUANG, Guihua ZENG
    2017, 17 (11):  7-12.  doi: 10.3969/j.issn.1671-1122.2017.11.002
    Abstract ( 638 )   HTML ( 5 )   PDF (4146KB) ( 499 )  

    Continuous-variable quantum key distribution (CVQKD) technique owns the advantages of potential high secret key rate and excellent compatibility with classical optical communication technique. It has attracted much attention and has been developed rapidly in the past decades. Now the unconditional security of theoretical Gaussian-modulated CVQKD protocol has been fully proven. However, for a practical CVQKD system, its hardware and software cannot be theoretically perfect. In one aspect, these imperfections will lower the secure secret key rate of the CVQKD system and incur security problems. In the other aspect, they can be used by Eve to implement hacking attacks to hide her intercept-resend attack without being detected by the legitimated parties. In this paper, we take a review of the worldwide development of the study on practical security of CVQKD from two aspects, i.e., the influence of imperfections of practical CVQKD system on its operational security and the concrete attacks incurred by these perfections. Moreover, a brief prospection is given for the study of practical security of CVQKD.

    Figures and Tables | References | Related Articles | Metrics
    Method on Hardware Trojans Detection Based on Side Channel Analysis
    Jing SU, Yiqiang ZHAO, Zhongwei ZHANG, Yanfang XIE
    2017, 17 (11):  19-24.  doi: 10.3969/j.issn.1671-1122.2017.11.003
    Abstract ( 594 )   HTML ( 2 )   PDF (1570KB) ( 323 )  

    In this paper the hardware Trojans theory is described and the side-channel detection method is mentioned firstly,then the pattern similarity theory is studied and applied into the data processing and analysis of side channel information in integrated circuits. Furthermore a method on hardware Trojans detection is set up based on distance measure distribution, and the detection principle and the detection process is given in details. Finally the experiments are implemented in FPGA platform based on power side-channel information. The experiments show that when the Trojan circuit of area 0.6% is implanted into the standard circuit, the detection method in this paper can detect them successfully.

    Figures and Tables | References | Related Articles | Metrics
    Research on Defensive Strategy of Real-time Price Attack Based on Zero-determinant
    Zhuoqun XIA, Fengfei ZOU, Ming XU, Hongzhao YANG
    2017, 17 (11):  25-31.  doi: 10.3969/j.issn.1671-1122.2017.11.004
    Abstract ( 494 )   HTML ( 1 )   PDF (1699KB) ( 359 )  

    With the increasing interactivity of smart grid, users can adjust their own power load demands dynamically according to the real-time price, which also brings the cyber security risk of attacking the real-time price signals. Based on the two-way interaction on the price between the user and the power enterprise, this paper analyzes the impact of RTPA (real-time price attack) on user load demand, and proposes the defense strategy of RTPA base on zero-determinant under repeated games. The experimental results show that, on the premise of to a certain degree to ensure the satisfaction of user power consumptions, adopting the zero-determinant strategy can help the home energy management system effectively realize the goal of reducing the user expected load demand, which provides decision support for the prevention of RTPA.

    Figures and Tables | References | Related Articles | Metrics
    Research on the Method of Network Attack Detection Based on Convolution Neural Network
    Yuming XIA, Shaoyong HU, Shaomin ZHU, Lili LIU
    2017, 17 (11):  32-36.  doi: 10.3969/j.issn.1671-1122.2017.11.005
    Abstract ( 921 )   HTML ( 14 )   PDF (1740KB) ( 1122 )  

    The existing network attack detection methods including static and dynamic types, and there are some shortcomings, such as too dependent on the rules, much false positives. In view of the traditional network attack detection, this paper introduces the convolution neural network technology into the field of network attack detection. In this paper, the basic principle of convolution neural network is explained in the related content of convolution neural network. In the subsequent chapters, this paper creatively maps the extracted log features to a set of gray scale images for anomaly detection, and creatively maps the network attack characteristics into a sheet of gray scale. This paper reads the application log in the large data platform every 10 minutes by Kafka, generates the latest signature library and maps it to the gray scale according to the corresponding characteristics of the local server, and can reduce the noise data by convolution operation. The original signal features are enhanced so that the features can better describe the details of the data and improve the ability to classify.

    Figures and Tables | References | Related Articles | Metrics
    Research on Incentive Mechanism with Resisting Fraudulent Conduct for P2P File Sharing in Cloud Computing
    Hao LIU, Siqing YANG, Zhigang CHEN
    2017, 17 (11):  37-43.  doi: 10.3969/j.issn.1671-1122.2017.11.006
    Abstract ( 603 )   HTML ( 1 )   PDF (1604KB) ( 274 )  

    This paper proposes an incentive mechanism (FPIM) with resisting fraudulent conduct in mobile P2P file sharing system based on the theory of first-price sealed auction. In this incentive mechanism, the node calculates the evaluation of a file resource sharing service based on the resource state, virtual currency of it and the property of file resource, then gives the corresponding price according to the evaluation and game strategy. Through the game analysis, the Nash equilibrium solution of FPIM incentive mechanism is given. In order to suppress the fraudulent conduct of malicious node, FPIM introduces hash function and other security mechanisms to judge the fraudulent conduct of node, and eliminates the impact of malicious nodes on the fairness of the auction process. Analysis and simulation show that this incentive mechanism is able to make rational mobile nodes actively participate in file resource sharing cooperation to maximize their own interests, improve the success rate of file resource sharing cooperation in the whole system, reduce the system's energy consumption, and improve the overall effectiveness of the system.

    Figures and Tables | References | Related Articles | Metrics
    Study of Message Data Subscription Based on Multi-Application Big Data Analysis
    Ge FU, Xinhua ZHANG, Chao LI
    2017, 17 (11):  44-49.  doi: 10.3969/j.issn.1671-1122.2017.11.007
    Abstract ( 517 )   HTML ( 2 )   PDF (2080KB) ( 593 )  

    Based on the problems of enterprise applications of multi-application big data analysis, in order to reduce the resource consumption for big data subscription, improve resource utilization, achieve the goal of "sustainable and intensive development" for enterprise big data platform, we proposes a resolution to complicated message data subscription for Kafka, which supports "row-level" and "column-level" message subscription for multi-application big data analysis. We also develop a complicated subscription prototype system. The experimental results show that the system has features of high throughput and high availability.

    Figures and Tables | References | Related Articles | Metrics
    Research on an Intrusion Detection Algorithm Based on PCA and Random-forest Classification
    Weining LIN, Mingzhi CHEN, Yunqing ZHAN, Chuanbao LIU
    2017, 17 (11):  50-54.  doi: 10.3969/j.issn.1671-1122.2017.11.008
    Abstract ( 588 )   HTML ( 2 )   PDF (1386KB) ( 1118 )  

    Due to the low accuracy of existing intrusion detection methods, this paper proposes an intrusion detection algorithm based on PCA (principle component analysis) and random-forest classification. The idea of the algorithm is to clean the training data before classifying. Firstly, PCA is used to decompose the dataset and reduce noises. Then random-forest classifier is used to classify and train the processed data. The experiment uses machine learning library based on Python called scikit-learn and 20% NSL-KDD dataset. Experimental results show that compared with the commonly used intrusion detection technologies based on machine learning, the intrusion detection algorithm proposed in this paper can improve the detection accuracy more effectively.

    Figures and Tables | References | Related Articles | Metrics
    Integration Scheme of Authentication and Authorization for Big Data Based on Role
    Haolin ZHUANG, Tao SHANG, Jianwei LIU
    2017, 17 (11):  55-61.  doi: 10.3969/j.issn.1671-1122.2017.11.009
    Abstract ( 583 )   HTML ( 1 )   PDF (2151KB) ( 282 )  

    Secure authentication and authorization are the foundation to ensure the security of big data. In this paper, we analyze the security problems of big data environment from the perspective of authentication and authorization, combine the authentication scheme based on Kerberos and the access control scheme based on the XACML framework, and design an integration scheme of authentication and authorization for big data based on role. This scheme is also verified in a specific environment. Experimental results show that the proposed scheme can realize the remote authentication and role based authorization for a big data platform and fulfill the secure needs of authentication and authorization for a big data platform.

    Figures and Tables | References | Related Articles | Metrics
    Research on DLL Loading Vulnerability Defense Technology Based on Signature Verification
    Fengyu LIU, Wei XIE
    2017, 17 (11):  62-66.  doi: 10.3969/j.issn.1671-1122.2017.11.010
    Abstract ( 496 )   HTML ( 1 )   PDF (1192KB) ( 531 )  

    The dynamic link library is an implementation of the shared library concept in the Windows operating system, which includes codes and data that can be simultaneously used in many programs. Although the dynamic link library provides a modular sharing mechanism for the operating system, its imperfect loading mechanism causes many security vulnerabilities such as DLL hijacking. This paper firstly proposes a technical solution to verify the DLL loading and defense DLL loading vulnerability attacks by the operating system callback mechanism, then implements and tests the technical solution on the platform of Windows 7 operating system, finally discusses the practicality, stability and scalability of the technical solution. The simulation results prove that the defense mechanism can effectively monitor the loading process of DLL files, and find out the loading behavior of malicious files in nearly real-time conditions.

    Figures and Tables | References | Related Articles | Metrics
    Application Security Reinforcement Scheme Based on Intent Filter
    Debing LU, Haoliang CUI, Wen ZHANG, Shaozhang NIU
    2017, 17 (11):  67-73.  doi: 10.3969/j.issn.1671-1122.2017.11.011
    Abstract ( 550 )   HTML ( 2 )   PDF (1811KB) ( 395 )  

    Intent test is an important part before the release of Android applications, when the test case coverage is incomplete, the potential risk will stay in the application. This paper proposes a self-learning Intent filtering reinforcement scheme based on decision tree to extract filtering rules for the potential risks, which caused by the application without comprehensive and effective security verification of Intent communication. There is no need to modify the source or installation package, just to place the application in a safe container designed in this article. The scheme uses the decision tree algorithm to intercept the Intent attack with high similarity, and protect the application of the runtime from malicious Intent. At the same time, the algorithm has the ability of self-learning, according to the running state of current application, it can construct decision tree and generate filtering rules to adapt to the new environmental changes. The experimental results show that the reinforcement scheme can provide effective security for Intent communication, and it has little effect on the speed and efficiency of the application itself, so that the developers can only focus on their own business logic without worrying about the security problems related to Intent communication.

    Figures and Tables | References | Related Articles | Metrics
    Analysis of Network Information Security in the Cloud Computing Architecture
    Jingzhe ZHOU, Changsong CHEN
    2017, 17 (11):  74-79.  doi: 10.3969/j.issn.1671-1122.2017.11.012
    Abstract ( 534 )   HTML ( 1 )   PDF (1107KB) ( 323 )  

    Cloud computing is a new computing architecture that based on services over the internet, it plays a more and more important role in the information systems construction in various types of industries. Network and information security is not only the primary problem to be solved, but also the key factor for the future development of cloud computing. This paper mainly introduces the concept and development of cloud computing, further refines the cloud computing architecture, analyzes the threats of network information security in cloud computing, and puts forward a feasible network information security policy of cloud computing.

    Figures and Tables | References | Related Articles | Metrics
    The Measuring of Reliability of Cloud Services Based on MongoDB
    Tianchen SHEN, Xin LI, Haichun SUN
    2017, 17 (11):  80-83.  doi: 10.3969/j.issn.1671-1122.2017.11.013
    Abstract ( 512 )   HTML ( 3 )   PDF (1540KB) ( 248 )  

    Aiming at the problem that the definition of cloud platform reliability is not clear and can not be quantified, a method of quantifying the reliability of cloud platform is proposed based on the existing standard and Service Level Agreement (SLA) of typical cloud service provider. The method can be off-line operation and make users easy to select the appropriate cloud service provider. Specifically, by retrieving the CPU utilization in the MongoDB of the Cloud service provider, setting the reliability metric threshold, the CPU utilization in the log is analyzed to obtain the reliability of the cloud service for a specific period of time. Experiments show that the method can measure and distinguish the reliability of different cloud platforms, and can provide objective data support for users to select the cloud platform and the subsequent claims and other issues.

    Figures and Tables | References | Related Articles | Metrics
    Research on the Scheme of Information Security Protection in Electric Power Industry
    Qi SU, Wei WANG, Yin LIU, Zhanpeng YU
    2017, 17 (11):  84-88.  doi: 10.3969/j.issn.1671-1122.2017.11.014
    Abstract ( 516 )   HTML ( 2 )   PDF (1697KB) ( 491 )  

    As the fast development of electronic information technology, information system has significant improvement in the application of enterprises. Nowadays, the eclectic industry focuses more attention on security production and stability; therefore, they did not spend enough attention on data security, system security and internet safety. This paper analyses the importance and emergency of information safety in the development of power industry. Meanwhile, different kinds of threats, protection and detection models against the threats in power industry is discussed. This paper applies the core of information security professional knowledge, such as operating systems, computer network, cryptography, network security and other relevant theoretical knowledge, as while as combining them with power system architecture. This paper proposes a terminal-based security information security protection system in order to help electric power industry system. At the meantime, the system also strengthens the construction of the whole power system of information security system.

    Figures and Tables | References | Related Articles | Metrics