Netinfo Security

Subgraph-based Network Behavior Models and Anomaly Detection for Server

Wei LI, Xiaoxiao DI, Di WANG, Yunchun LI

2018, 18 (2): 1-9. doi: 10.3969/j.issn.1671-1122.2018.02.001

Abstract ( 616 )

HTML ( 3 )

PDF (1908KB) ( 450 )

With the accelerating variation of malicious code and its concealment from strength to strength, the network anomaly detection approach based on traffic features has higher false negatives, especially when the attacker confuses the traffic characteristics. In this paper, we propose a modeling method which establishes the directed graph model of a 4-layer tree structure in the order of local hosts, local ports, remote ports and remote hosts. This model reflects the relationships of end-hosts and the relationships among the processes in end-hosts. Based on this model, a subgraph model is established for the server's client behavior and server-side behavior respectively. Due to the long-term stability of server-side behavior in subgraph structure, this paper proposes a subgraph-based server network behavior anomaly detection algorithm SNBAD. The algorithm divides the server's network traffic into several data-windows and establishes the service subgraph models for each window respectively, and characterizes the communication features of each subgraph. The algorithm detects abnormal behavior by calculating the Jaccard similarity coefficient of the continuous data window. In this paper, the flow of host infected malicious code is mixed into the real network traffic data, and the SNBAD algorithm is verified. The experimental results show that the SNBAD algorithm can detect the abnormal of the server-side behavior of server effectively.

Figures and Tables | References | Related Articles | Metrics

Research and Implement on a PaaS Platform Management System Based on Cloud Software

Wei WANG, Jinda CHANG, Dong GUO

2018, 18 (2): 10-10. doi: 10.3969/j.issn.1671-1122.2018.02.002

Abstract ( 777 )

HTML ( 1 )

PDF (1777KB) ( 509 )

With the development of cloud computing, virtualization, containers, microservices and cloud desktop technologies, the software forms are further moving toward the cloud. There is a new way for individuals to use the software to a certain extent. More and more softwares Manufacturers are also gradually moving their own products to the cloud, cloud system can cloud desktop software, users can eventually use the browser to the traditional desktop software. On the basis of cloud system, this paper proposes the concept of PaaS cloud system and studies the design and implementation of PaaS cloud system. The system mainly discusses how PaaS cloud system manages and dispatches various resources under the microservices architecture, Including service upload deployment, status detection, service monitoring, service start and stop, capacity expansion and other operations. Finally, the article implements Fornax, a cloud-based PaaS platform management system, and tests the system in various aspects. Through the container technology and the microservices architecture mode, the platform makes it easier to schedule and schedule cloud container related instances.

Figures and Tables | References | Related Articles | Metrics

Research and Implementation of a Highly Reliable Distributed Storage Scheme Based on Wirehair Code

Kai DENG, Zhihong TIAN, Danyang MA

2018, 18 (2): 20-26. doi: 10.3969/j.issn.1671-1122.2018.02.003

Abstract ( 553 )

HTML ( 1 )

PDF (2239KB) ( 242 )

In the distributed storage, the data availability of each distributed storage node is very important. Therefore, the corresponding redundance measures must be taken to ensure the data availability. However, the redundance cost of the traditional redundance strategy based on duplication will greatly increase as data availability improves. Meanwhile, with the increasing of the number of distributed storage nodes, the possibility that some nodes suffer physical attack and theft also increases, which greatly increases the security threat to sensitive data. On the basis of deep research on Raptor code, this paper presents a distributed storage scheme based on Raptor code. And through a lot of experimental tests, a distributed storage system based on wirehair code (open source implementation of RaptorQ) is designed and implemented. The system can not only achieve higher data availability with smaller redundance, but also increase the security of the original data through the coding process.

Figures and Tables | References | Related Articles | Metrics

Computing Resource Control and Protection Scheme Based on Desktop Cloud

Jian WANG, Chang LI, Lei HAN, Zhen HAN

2018, 18 (2): 27-33. doi: 10.3969/j.issn.1671-1122.2018.02.004

Abstract ( 562 )

HTML ( 2 )

PDF (1545KB) ( 286 )

Desktop cloud is commonly known as a type of virtual desktop which towards cloud computing to implement. At the same time, with the combination of desktop cloud platform and business requirements, business application platform and business based desktop cloud management platform are also been produced. However, the vulnerability of the desktop cloud environment and the underlying access characteristics of computing resources, not only make the application environment based on the desktop cloud lack of effective control and protection for the invoking of computing resource, but also make the computing resource face the problems that need to be used certified and cannot be invoked without authorization. Aiming at the above problems, this paper designs a desktop cloud-based computing resource controlled protection scheme, which made HTTPS encryption as the resource request access, and used PKI token based on user information, authenticated the user request and encrypted the communication content, controlled and protected the computing resources according to the authentication mechanism and the role privilege. The scheme protects users from secure access to computing resources. After testing, the system effectively improves the controlled protection of computing resources in desktop cloud.

Figures and Tables | References | Related Articles | Metrics

Research on the Zero-forcing Precoding Anti-collision Algorithm Based on Frame Slot for RFID System

Xiaohong ZHANG, Jiaqi ZHANG

2018, 18 (2): 34-39. doi: 10.3969/j.issn.1671-1122.2018.02.005

Abstract ( 425 )

HTML ( 2 )

PDF (1306KB) ( 316 )

Aiming at the number of identification tags in RFID system increasing largely, tag identification rate reducing and tag starving may appear in frame-slotted ALOHA algorithm, this paper proposes a zero-forcing precoding algorithm based on frame time slot. The tags can be coded before be transferring with the technology of zero-forcing precoding, while reduces errors and collisions in the process of tags transmitting or be receiving. The simulation results show that the algorithm promotes the tag identification rate and the stability. When tags number is about 1000, tag identification rate of the algorithm is about 0.7. Compared with ISE-BS algorithm, DGBT algorithm and FSA algorithm, the algorithm enhances tag identification rate by 83%, 20% and 300% respectively.

Figures and Tables | References | Related Articles | Metrics

A New Trust-based AODV Routing Protocol and Performance Optimization towards Wireless Ad Hoc Networks

Yang CHEN, Yong WANG

2018, 18 (2): 40-47. doi: 10.3969/j.issn.1671-1122.2018.02.006

Abstract ( 484 )

HTML ( 1 )

PDF (1818KB) ( 499 )

A novel secure AODV based on trust mechanism (SAODV-TM) was proposed in this paper. In SAODV-TM protocol, a security enhancement technology is designed based on trust mechanism, which employs global trust mechanism and local trust mechanism to compute the node trust degree, and the packet only be allowed to forwarded to the trust node. To improve protocol performance furthermore, based on ant colony algorithm, this paper improves SAODV-TM protocol (ACA-SAODV-TM), which adds positive pheromone in the node if the node is trust. ACA-SAODV-TM uses a novel routing packet called ant agent routing packet (AARP), and check the pheromone value saved in the routing table of the node and the shortest path to realize the routing optimization. Finally, this paper uses OPNET to compare ACA-SAODV-TM with SAODV-TM, AODV under DoS attack in terms of performance. The result shows that ACA-SAODV-TM outperforms other protocols in terms of packet delivery rate and network throughput significantly according to ACA.

Figures and Tables | References | Related Articles | Metrics

Research on a Privacy Protection Method for Power Users Based on Virtual Ring Architecture

Zhuoqun XIA, Lei ZHAO, Jing WANG, Wenhuan LI

2018, 18 (2): 48-53. doi: 10.3969/j.issn.1671-1122.2018.02.007

Abstract ( 363 )

HTML ( 1 )

PDF (1466KB) ( 277 )

The security of user power consumption data is a problem that needs to be solved in the implementation of smart grid. For the security requirements of high-frequency data and low-frequency data are different in the smart meters, this paper proposes a privacy protection method for power users based on virtual ring architecture. First, using the NTRU encryption system to encrypt the user request data, then constructing the transmission paths of high-frequency data and low-frequency data. Low-frequency data is transmitted outside the ring. High-frequency data is anonymized in the ring, and user requests are aggregated with dynamic transaction token (DTT) . The privacy protection method guarantees the validity of grid operation and bill calculation, realizes the integrity of privacy protection of user power consumption data ,and improves the communication efficiency.

Figures and Tables | References | Related Articles | Metrics

An Adaptive Adjusting Kernel Function-Based Extraction Method for Image Salient Area

Hongtao GAO, Wei LU, Yuwang YANG

2018, 18 (2): 54-60. doi: 10.3969/j.issn.1671-1122.2018.02.008

Abstract ( 409 )

HTML ( 2 )

PDF (1826KB) ( 262 )

Existing visual area detection technology was often used for noise-free image, and the impact of noise on the detection technology was not analyzed. A new visual salient area detection method for noisy image was proposed in this paper. The adaptive kernel adjusting function in visual area detection was used in our method and the salient property was determined by the dissimilarities between a center patch around that pixel and other patches. The dissimilarity was measured as a decreasing function as adaptive kernel regression. At last, the visual salient area was obtained by multi-scale process. In order to demonstrate the feasibility of our approach, several simulation experiments were done. A good effect was obtained in Visual area detection experiments on noise-free images. Compared with two proposed methods for noisy images, our method owned strong anti-noise characteristics and strong robustness.

Figures and Tables | References | Related Articles | Metrics

Research on Attacker Modeling Method of Security Protocol Based on SPIN

Huifan YI, Liang WAN, Nana HUANG, Kunpeng WANG

2018, 18 (2): 61-70. doi: 10.3969/j.issn.1671-1122.2018.02.009

Abstract ( 700 )

HTML ( 3 )

PDF (1857KB) ( 401 )

Security protocol is the key to ensure network security, in the existing technical conditions, there are many methods to analyze the security of protocol, but the attacker modeling method is not efficient, resulting in lower detection and analysis efficiency of protocols. Formal method is a means to verify protocol, which can effectively analyze the loopholes in the design of verification protocol. As one of the formalized methods, model detection has the characteristics of simplicity, efficient and high degree of automation, the model detector SPIN has a powerful detection capability. This paper uses SPIN to study security protocol, proposes a more efficient method to verify the security protocol of attacker model, firstly, analyze the attacker's behavior, acquire the attacker's initial knowledge base, update the attacker's knowledge base according to the decomposition rule and the synthetic rule; secondly, formalize the Promela semantic model of each honest subject and the attacker; finally, the model checker SPIN is used for verification. The experimental results show that the proposed method can reduce the complexity of the model, greatly reduce the number of state of the model, effectively avoid the state space explosion, and improves the verification efficiency.

Figures and Tables | References | Related Articles | Metrics

Implementation and Optimization of S-box Resisting DPA Attacks Based on Secret Sharing

Qingquan MENG, Xiaoyuan YANG, Weidong ZHONG, Shuaiwei ZHANG

2018, 18 (2): 71-77. doi: 10.3969/j.issn.1671-1122.2018.02.010

Abstract ( 446 )

HTML ( 1 )

PDF (1402KB) ( 426 )

We investigated the problem of the high-consumption implementation of S-box resisting Differential Power Analysis (DPA) Attacks and the more of these are on the small type. Then constructed a low-consumption S-box by the classical SPN framework and we obtained a new S-box based on the idea of secret sharing and optimized it according to the experimental data. With two small 4 bit S-box,we constructed a 8 bit S-box during carefully combination,for which the consumption of secret sharing was decreased. Simultaneously,we have decreased the small S-box and registers by multiplexing it for the feature of block cipher, and have further improved the effectiveness. Through the specific implementation chart and data processing results, we have given the ideal experimental parameters.

Figures and Tables | References | Related Articles | Metrics

Research on Load Balancing of Virtual Machine Based on Multiple Objective Hybrid Particle Swarm Optimization

Donghui MEI, Hongling LI

2018, 18 (2): 78-83. doi: 10.3969/j.issn.1671-1122.2018.02.011

Abstract ( 525 )

HTML ( 1 )

PDF (1604KB) ( 270 )

Load balancing technology is always the important part of cloud resource management, load balancing should be used in management and maintenance of the data center, which can improve the efficiency of resource use, reduce the number of virtual machine migration effectively, avoid the system bottleneck. Most of the existing virtual machine deployment algorithms based on particle swarm integrate the multiple performance objective of the virtual machine into one target by weight assignment when calculating the fitness. Moreover, in the process of updating the position of particles, the method to approach the current optimal solution is very easy to make the final solution trap into the local optimum. In view of the above problems, a hybrid particle swarm optimization based on multi-objective non dominated solution is proposed to solve the load balancing problem of virtual machines. The simulation results show that the proposed algorithm is more effective than the general particle swarm algorithm in load balancing.

Figures and Tables | References | Related Articles | Metrics

Research on Development of Trusted Execution Environment Technology on Mobile Platform

Zhijuan LIU, Jun GAO, Qifeng DING, Yuewu WANG

2018, 18 (2): 84-91. doi: 10.3969/j.issn.1671-1122.2018.02.012

Abstract ( 546 )

HTML ( 5 )

PDF (9890KB) ( 850 )

Trusted execution environment(TEE)as one of the most prevalent mobile device secure technology has attracted more and more attention from academy field and industry field. Thus, analyzing the security of TEE technology thoroughly is very valuable. According to TEE construction and TEE secure function providing, this paper presents five secure features of TEE in detail. Then, the software and hardware technologies used to implement the five secure features are investigated and the general software and hardware architecture are presented. In addition, we compare TEE technology with other mobile device secure technology carefully. Finally, the challenges faced by TEE technology development are listed. The work of this paper may be a good reference for TEE technology development.

Figures and Tables | References | Related Articles | Metrics

Table of Content