Loading...
Netinfo Security

Table of Content

    10 December 2017, Volume 17 Issue 12 Previous Issue    Next Issue
    Orginal Article
    For Selected: Toggle Thumbnails
    Orginal Article
    Research on Pairwise Key Establishment Scheme Based on Hypercube in Wireless Sensor Network
    Hongyan ZHANG, Li XU, Limei LIN
    2017, 17 (12):  1-5.  doi: 10.3969/j.issn.1671-1122.2017.12.001
    Abstract ( 487 )   HTML ( 1 )   PDF (1362KB) ( 308 )  

    Wireless sensor networks are usually used in sensitive environments, and security issue has become one of the challenges in sensor networks. Due to the resource constraint on sensor network nodes, whether sensor networks can maintain high connectivity and invulnerability becomes a huge challenge in sensor network security issues when sensor network nodes are captured. To address this issue, this paper proposes a pairwise key establishment scheme based on hypercube. The IDs of the nodes in sensor networks are coded by hypercube, and the key distribution center computes the bivariate polynomials with the ID of each node which are sent to each node. Performance analysis shows if there is no pairwise key between two nodes, the connectivity of pairwise key established by the path key method in the scheme is good, and the network has strong invulnerability, which greatly save the energy of sensor nodes.

    Figures and Tables | References | Related Articles | Metrics
    Design and Implementation of a Data Security Transmission Scheme Based on Hybrid Encryption
    Limin SONG, Xiaorui SONG
    2017, 17 (12):  6-10.  doi: 10.3969/j.issn.1671-1122.2017.12.002
    Abstract ( 591 )   HTML ( 4 )   PDF (2430KB) ( 392 )  

    Because WLAN mainly uses electromagnetic wave as the carrier of information transmission, information can be easily eavesdropped and interfered in the transmission process. Therefore, the secure transmission of data in WLAN has become an urgent problem to be solved in the network era. The encryption system of WLAN is not perfect enough, and there are still some deficiencies in secrecy. On the basis of encryption system of WLAN, this paper uses the asymmetric encryption algorithm RSA and the symmetric encryption algorithm AES to encrypt the message, and uses the secure hash algorithm SHA to calculate the hash value as the digital signature, which ensure the confidentiality, integrity and non-repudiation of the transmitted data. This paper also uses Java programming for point-to-point socket communication, and several tests are carried out in the laboratory LAN to verify the security and feasibility of the scheme.

    Figures and Tables | References | Related Articles | Metrics
    A New Design of Suspicious Domain Name Monitoring System for Web Communication
    Guofeng ZHAO, Yan ZHAO, Xinheng WANG, Fei YE
    2017, 17 (12):  11-16.  doi: 10.3969/j.issn.1671-1122.2017.12.003
    Abstract ( 595 )   HTML ( 5 )   PDF (2400KB) ( 331 )  

    In Web communications, suspicious domain names have emerged frequently, which poses a serious threat to network security. Traditional domain name analysis technology can only carry out simple protocol analysis, and it has complex operation, difficult deployment and heavy resource consumption. In order to solve the false threats, deception and bad domain names in Web services, a monitoring and reverse system for suspicious domain names in Web communication is designed in this paper. This system mainly through the BGP process to achieve the goal of traffic traction, DNS data packet capture and analysis of target flow, and matched with suspicious domain name suspicious domain name database, matching the success of the domain name by calling the security module to realize safety control. The test of building campus network shows that the system is easy to operate and deploy. It can monitor and counter the suspicious domain name.

    Figures and Tables | References | Related Articles | Metrics
    Multi-parties Key Agreement Protocol in Block Chain
    Chunming TANG, Long GAO
    2017, 17 (12):  17-21.  doi: 10.3969/j.issn.1671-1122.2017.12.004
    Abstract ( 664 )   HTML ( 16 )   PDF (1027KB) ( 1323 )  

    The key agreement protocol is a shared key mechanism between two or more participants in a public channel to ensure the secure communication and encryption of sensitive information. Communication agents need to trust each other, and a trusted center is needed to authenticate each other to negotiate the key securely. In order to resist the attack on the trusted center and the abuse of power of the trusted center, this paper gives a multi-parties key agreement protocol in block chain system, which uses the characteristics that when store data, data only can increase, but can not be deleted and changed, which makes the protocol more secure.

    References | Related Articles | Metrics
    Research of DDoS Detection and Multi-layer Defense in SDN
    Yang XU, Yi CHEN, Rui HE, Xiaoyao XIE
    2017, 17 (12):  22-28.  doi: 10.3969/j.issn.1671-1122.2017.12.005
    Abstract ( 707 )   HTML ( 5 )   PDF (2130KB) ( 349 )  

    Software defined network(SDN), has led to disruptive changes in traditional networks. In this paper, we propose a method of DDoS(distributed denial of dervice)detection and defense in SDN. Firstly,a DDoS detection method based on entropy algorithm is proposed. The attack is judged by comparing the entropy with the threshold. Secondly, double defense system is designed.At the forwarding layer, the convection table is processed. At the control level, the new detection method is used to determine the attack. Combining ACL control and traffic management,implement policies using the OpenFlow protocol. Lastly, an experimental simulation platform is constructed using OpenDayLight controller, sFlow monitoring tool and Mininet simulator. The experimental results show that, the proposed detection and defense methods improve the detection rate of DDoS attacks, reduce the false positive rate, and can quickly make defensive response.

    Figures and Tables | References | Related Articles | Metrics
    A Technical Research on High-concurrency Web Application
    Khan Safi Qamas GUL, Peng WANG, Senlin LUO, Limin PAN
    2017, 17 (12):  29-35.  doi: 10.3969/j.issn.1671-1122.2017.12.006
    Abstract ( 548 )   HTML ( 5 )   PDF (1362KB) ( 347 )  

    With the development of network technology, the quality requirements of the network for network applications are increasing, which is basic ability of network applications and bring large extent affected to the user experience. But existing techniques like the multi-thread concurrency as a bottleneck to limit the ability of concurrency, multithreaded applications may waste a lot of system resources in high concurrent scenes. This paper implements an event-based asynchronous request response scheme, which uses an event-based concurrency method to respond to the user’s request without blocking, and can effectively reduce the memory consumption of the system, and according to the back-end response service. The back-end server group is divided into load balancing module and Web response cluster module, and then these modules are integrated into a high-level concurrent Web response system, which can realize the high concurrent response of Linux platform. At the end of this paper, the prototype system is experimented. The results shows that the system has better performance in terms of concurrency, reliability and stability, and can use the system to complete the stable response task of 10000 classes, which has high practical application value.

    Figures and Tables | References | Related Articles | Metrics
    Research on Cloud Storage Data Forensics Method Based on KMP Algorithm
    Tong WU, Siqi LI, Weijun YANG, Li ZHAO
    2017, 17 (12):  36-39.  doi: 10.3969/j.issn.1671-1122.2017.12.007
    Abstract ( 579 )   HTML ( 2 )   PDF (1941KB) ( 304 )  

    With the development of Internet technology and wild application of cloud storage technology,crimes involving electronic evidence increase dramatically. Cloud storage becomes the network space for the criminal hiding illegal information. The paper proposes a forensics method based on KMP algorithm to fix, extract and analyze the data from cloud storage quickly. The method can be applied to cloud storage services widely used currently, which can play a major role in combating cyber crime using cloud storage for electronic forensics.

    Figures and Tables | References | Related Articles | Metrics
    Research of SQL Injection Detection Based on SVM and Text Feature Extraction
    Hongling LI, Jianxin ZOU
    2017, 17 (12):  40-46.  doi: 10.3969/j.issn.1671-1122.2017.12.008
    Abstract ( 796 )   HTML ( 11 )   PDF (1398KB) ( 525 )  

    SQL injection attack has the characteristics of great damage, various attacking types, quick mutation and concealment, which attract widespread attention. A SQL detection technology, which combined machine learning and natural language statistics, was proposed in this paper based on support vector machine (SVM) and text feature vector extraction. detection process was divided into three parts including text analysis, feature extraction and classification. Additionally, SQL injection detection process include text collection, basic feature extraction, statistics of deformation features, text space vector model construction, model training, classifier generation, classification and obtaining classification results. It was corroborated by experimental results that SQL injection detection based on SVM and text feature vector extraction was efficient in classification. Besides, according to evaluation methods including edge curve, confusion matrix, effect analysis, sensitivity analysis and specificity analysis, which were conducted in the machine learning evaluation training model, the SQL injection detection classification model obtained through learning had relatively high detection rate.

    Figures and Tables | References | Related Articles | Metrics
    A Method of Malicious Code Detection in WordPress Theme Based on Similarity Analysis
    Zhenfei ZHOU, Binxing FANG, Xiang CUI, Qixu LIU
    2017, 17 (12):  47-53.  doi: 10.3969/j.issn.1671-1122.2017.12.009
    Abstract ( 480 )   HTML ( 2 )   PDF (1487KB) ( 238 )  

    Existing detection methods mainly rely on characteristic of known malicious code. This paper concludes repackaging and reusing phenomena and propose a detection method based on similarity analysis. Firstly, it analyzes homologous relationship of themes based on page style similarity. Secondly, it finds different code in same-origin themes and similar code in different-origin themes. Finally, it filters code by threshold and white list, the remaining are considered as highly suspicious malicious code. This paper analyzes 252 non-official themes and finds 17 themes containing malicious code. Result shows that this method can find malicious code without knowledge of their characteristic, which is better than existing methods in some extent.

    Figures and Tables | References | Related Articles | Metrics
    A Violent Video Detection Method Based on 3D Convolutional Networks
    Wei SONG, Dongliang ZHANG, Zhenguo QI, Nan ZHENG
    2017, 17 (12):  54-60.  doi: 10.3969/j.issn.1671-1122.2017.12.010
    Abstract ( 426 )   HTML ( 1 )   PDF (2672KB) ( 239 )  

    With the development of content distribution network and video transcoding technology, network traffic has a trend of being dominated by the video, and there are varieties of illegal special videos flooded the internet, endangering the social public security, so the effective detection algorithm is of great necessity. In order to explore the application of deep learning theory on special video detection, this paper proposes the use of 3D convolutional networks for violence video detection. Compared with traditional manual features and 2D convolutional networks, this method can well protect the motion information integrity of video frames in the time dimension, and realize the efficient characterization of spatio-temporal information. The experiment was carried out on the violent video dataset Hockey, achieving 98.96% accuracy. The results show that the method can effectively detect the violent contents of video.

    Figures and Tables | References | Related Articles | Metrics
    A Defense Scheme for Activity Hijack Based on Safe Container
    Cancan CHEN, Haoliang CUI, Wen ZHANG, Shaozhang NIU
    2017, 17 (12):  61-66.  doi: 10.3969/j.issn.1671-1122.2017.12.011
    Abstract ( 564 )   HTML ( 2 )   PDF (1854KB) ( 264 )  

    As a malicious attack to steal user privacy data, Activity hijack causes serious security threat to user's private data. For the malicious test link of the Activity hijack attacks, this paper puts forward the concept of using safe container operation environment that isolate the application from the external environment. It is hard for malicious attackers to get the running state and the information from the running task about the application running in the safe container, only can get the fake information of the proxy components. So it can prevent external malicious attackers from covering the Activity interface. This scheme is anylyzed from the perspective of Activity hijack attack process, designs interception means to prevent the occurrence of Activity hijack. Experimental results show that our method is available and effective to provide safe and reliable operation environment for the application. What's more, it don't change the kernel of android and can ensure the application from the attacks of Activity hijack.

    Figures and Tables | References | Related Articles | Metrics
    User Attribute Completion Attack in Social Networks Based on Node2vec
    Yang PEI, Xuexin QU, Xiaobo GUO, Dingyang DUAN
    2017, 17 (12):  67-72.  doi: 10.3969/j.issn.1671-1122.2017.12.012
    Abstract ( 749 )   HTML ( 2 )   PDF (1590KB) ( 567 )  

    In social networks, there is an attack threatening its content security by acquiring user private attributes from attribute inference completion. Traditional user attribute completion methods like unsupervised learning and supervised learning fail to effectively combine homogeneity with structural similarity. This paper presents a user attribute completion attacking method based on implicit expression, which abstracts user attribute completion as a supervised classification problem. The basic idea is to use node2vec algorithm to map the user nodes in social networks into vectors, and then use the clustering method to calculate the community where a node is located, construct the classification model in the community, and use this model to predict the missing attributes of the user. This paper verifies that this algorithm can improve the accuracy of user attribute completion in social networks on a real data set.

    Figures and Tables | References | Related Articles | Metrics
    A Cloud Decryption System Based on El-Gamal Security Outsourcing Decryption
    Fuhu DENG, Zhenyu LI, Liyao ZENG, Hu XIONG
    2017, 17 (12):  73-79.  doi: 10.3969/j.issn.1671-1122.2017.12.013
    Abstract ( 474 )   HTML ( 2 )   PDF (1330KB) ( 265 )  

    Cloud computing as an emerging computing model can provide a variety of resources and services for public key encryption system. Cloud computing platform can provide independent software developers and developers to provide computing power, storage space and other aspects of support. This paper presents an outsourced decryption scheme for the El-Gamal encryption system, which uses the cloud platform to provide users with high-performance hardware computing power to help users improve the encryption efficiency and reduce the encryption costs. The scheme in the encryption process to introduce outsourcing encryption technology, can effectively guarantee the user data security. On the basis of the program, this paper designs a cloud encryption system to achieve the verification of the program. The result of the experiment shows that the program can help users to improve decryption efficiency under the premise of safety of user’s data.

    Figures and Tables | References | Related Articles | Metrics
    Research of Face Verification Algorithms for Population Information Analysis Applications
    Kai KANG, Zhongdao WANG, Shengjin WANG, Ying FAN
    2017, 17 (12):  80-84.  doi: 10.3969/j.issn.1671-1122.2017.12.014
    Abstract ( 503 )   HTML ( 4 )   PDF (2032KB) ( 464 )  

    With the significant increasing demand of automatic and high-accuracy identify verification technology from various sectors of society, many research have made great development on biometric identification technology in the last decades. As one kind of biometric feature, human faces have strong stability and identity-variance. Furthermore, face recognition has characters such as non-obligatory, non-contact and concurrency, which lead it to an ideal evidence to automatic identification. This paper briefly introduces the pipeline of face verification algorithms for applications on population information analysis, and then makes some research on the key points and key technologies respectively. Firstly this paper briefly introduces the background and significance of face verification applications. Secondly, with respect to three key technologies of face detection, face alignment and face recognition, this paper introduces the basic principles, process pipeline, research situation and existing problems, respectively, and finally gives a simple summary.

    Figures and Tables | References | Related Articles | Metrics