Netinfo Security

Research on Anomaly Behavior Classification Algorithm of Internal Network User Based on Cloud Computing Intrusion Detection Data Set

Hongsong CHEN, Gang WANG, Jianlin SONG

2018, 18 (3): 1-7. doi: 10.3969/j.issn.1671-1122.2018.03.001

Abstract ( 920 )

HTML ( 25 )

PDF (2506KB) ( 1009 )

In view of the problems of the implementation of intrusion detection and analysis of abnormal behavior under the cloud computing internal network environment, this paper does the classification research on the cloud intrusion detection datasets (CIDD) by using Weka machine learning classification algorithms, and realizes naive Bayesian algorithm for abnormal behavior classification of internal network users through the method of software engineering. Experimental results on the classification of malicious behavior and normal behavior show that the naive Bayesian algorithm implemented in the paper achieves higher classification accuracy. The algorithm can effectively classify and analyze the internal network user behaviors of CIDD, which proves the effectiveness of the proposed scheme and algorithm.

Figures and Tables | References | Related Articles | Metrics

Trust Chain Model and Trust Relation Analysis of Component-based Software System

Yong YU, Changgeng CHEN, Qiang LIU, Jiaxi LIU

2018, 18 (3): 8-13. doi: 10.3969/j.issn.1671-1122.2018.03.002

Abstract ( 626 )

HTML ( 4 )

PDF (1258KB) ( 245 )

With the software system playing more and more important role in the information society, the credibility of the software system is becoming more and more important. On the basis of component-based trusted software framework, this paper analyze the trusted startup and integrity measurement of the software system. According to the different ways of integrity measurement to trusted system, the different trust chain models —the chain-linked trust chain model, the star trust chain model and the trust chain model adding failure chain—are obtained. Finally, the credibility of the components in the system based on the trust chain is analyzed and measured.

Figures and Tables | References | Related Articles | Metrics

A Hash Function-based Attribute Generalization Privacy Protection Scheme

Lei ZHANG, Bin WANG, Lili YU

2018, 18 (3): 14-25. doi: 10.3969/j.issn.1671-1122.2018.03.003

Abstract ( 604 )

HTML ( 2 )

PDF (1646KB) ( 271 )

In order to cope with the problem of attribute can be used as background knowledge to correlate the location privacy by the adversary, then based on the conception of attributes generalization, a Hash based attributes generalization scheme is proposed. With this scheme, attributes are transformed into a fixed Hash value, and then select anonymous users with value comparison. In the procedure of value comparison, the central server cannot get any information about the user as attributes are transformed into a fixed Hash value. Furthermore, the procedure of comparison for similar attributes finding does not need to compare each attribute but just needs to compare the Hash value, and then the performance efficiency is improved. In this paper, for the purpose of verifying the un-trusted of central servers, a game tree was given to infer and quantify the probability of attack. At last, security analysis and simulation experiment were given with other similar algorithms, and the results of verification and comparison were used to further demonstrate the superiority of our proposed scheme in the capability of privacy protection as well as the execution efficiency.

Figures and Tables | References | Related Articles | Metrics

Study and Implementation of Systematic Protection by Monitoring Abnormal Invocation of Linux Kernel Functions

Gaoshou ZHAI, Chen LIU, Yong XIANG

2018, 18 (3): 26-38. doi: 10.3969/j.issn.1671-1122.2018.03.004

Abstract ( 664 )

HTML ( 10 )

PDF (1935KB) ( 776 )

With the wide application of Linux operating systemin the servers and the continuous exposure of kernel vulnerabilities, Linux kernel security has become one of the research focuses in the fields of computer system security. As for the server running Linux system, this paper proposed a system protection model by the way of monitoring kernel functions. It limits the kernel functions that can be accessed by the related daemons and increases the difficulty of malicious attacksso as to enhance the security of Linux kernel.Moreover, some real-time categorical processing is introduced for various abnormal invocations to the kernel functions so that the security level of the entire server system is promoted. Experimental results show that the proposed method can indeed detect the abnormal invocations of the kernel functions timely followed by some appropriate alarming or interception measures. Furthermore, the additional overloads are not too much such that the method is verified to be feasible and effective. Compared with other research work about kernel security, this method can protectbroader kernel coverage and it eliminates the need to recompile and reconstruct the kernel image while kernel monitoring and protection mechanisms are integrated organically.

Figures and Tables | References | Related Articles | Metrics

Research on Multi-layer Data Cooperative Analysis of Nodes Based on Cloud Server

Wenhua LUO, Jun WANG, Yuanyuan SUN

2018, 18 (3): 39-45. doi: 10.3969/j.issn.1671-1122.2018.03.005

Abstract ( 517 )

HTML ( 1 )

PDF (2365KB) ( 337 )

At present, the core problem of the investigation and collection of the cloud platform lies in the identification of key evidence and the construction of the chain of evidence. The behavior replay and scene construction based on the cloud server can effectively realize the association of isolated action points, and then increase the probative force of the evidence.The basis of scene reproduction are the important system files in various nodes in the cloud environment, included the metadata, the cloud environment architecture configuration, the log data and the inode structure of each Slave node. The nodes of cloud server system as the most important source of important data to reveal the user behavior, timing relationship interface between each node based on evidence, the crime scene for panoramic display. Thus, the data recovery in the distributed file system environment is realized on the basis of scene reproduction.

Figures and Tables | References | Related Articles | Metrics

Identity-based Against Quantum Attacks Partially Blind Signature Scheme from Lattice

Qing YE, Jin ZHOU, Yongli TANG, Junfeng WANG

2018, 18 (3): 46-53. doi: 10.3969/j.issn.1671-1122.2018.03.006

Abstract ( 543 )

HTML ( 1 )

PDF (1416KB) ( 243 )

Partially blind signature is an extension of blind signature. It not only has the blindness in blind signature, but also solves the problem of tracking signature in blind signature. It effectively solves many problems in the application of blind signature. In this paper, an identity-based partially blind signature scheme from lattice is proposed for the problem which current relevant schemes cannot resist the quantum attack. A matrix sampling algorithm is used to generate the corresponding private key according to the user’s identity, and the signature of a message is generated by the rejection sampling theorem. On the premise of security, this paper changes the sampling method of the signature parameters in a lattice-based partially blind signature scheme. While verifying the signature, it can effectively avoid the occurrence of unqualified signatures. The proposed scheme makes the IBPBS scheme effectively resist quantum attacks, and it also do not produce the exception signature, which effectively improves the success rate of the signature and reduces the signature communication cost. It is proved that under the random oracle model, based on the difficulty of the small integer solution (SIS) problem, the proposed scheme satisfies the existential unforgeability under the chosen-message and the chosen-identity attacks.

Figures and Tables | References | Related Articles | Metrics

Multiple Thresholds Progressive Secret Image Sharing Scheme Based on DCT

Liping SHAO, Zhifang LE

2018, 18 (3): 54-62. doi: 10.3969/j.issn.1671-1122.2018.03.007

Abstract ( 500 )

HTML ( 1 )

PDF (4081KB) ( 347 )

Image sharing usually splits the secret image into a series ofshadow images and the secret image can be completely recovered by partial or all distributed shadow images. It is the research hotspot in image security. But traditional image sharing usually used to construct the secret imagecompletely and the research providingthe whole progressive recovery of secret image from fuzzy to clear is relatively small.Based on this, a multiple thresholds progressive secret image sharing scheme based on DCT was proposed.First the key is shared in combination with the random participation value,the MD5 values corresponding to the sub-keys and participating values are published to prevent participants from cheating,then the secret image is transformed by 8x8 DCT where the DCT coefficients are randomly quantified and the binary representation of the assigned code length distribution table is presented to form multiple partition bands by zigzag scanning order and band reorganization.Finally, use multiple thresholds to sharing the band and reconstruct distribution shadow image in GF(2⁸) Galois field.The experimental results show that when the number of participants is greater than the minimum threshold, withthe number ofparticipant’sincreases, the proposed method can make use of the shadow image to make the whole progressive recovery of secret image from fuzzy to clearand the more participantsand the better visual recovery quality. Otherwise, there will not be any information on the secret image, and the strategy is strictly dependent on the key and the recovery results tend to be stable.

Figures and Tables | References | Related Articles | Metrics

SGX-based Certificate Credibility Verification and Secure Software Issuance System

Da FENG, Qiang WANG, Yiwen ZHAO, Jian XU

2018, 18 (3): 63-69. doi: 10.3969/j.issn.1671-1122.2018.03.008

Abstract ( 660 )

HTML ( 5 )

PDF (2366KB) ( 403 )

The software system has become increasingly complex, and the security risks brought by software are becoming more and more obvious. Software security involves almost all users of application information system. If software security is not effectively guaranteed, a series of security problems such as privacy leakage, remote control, secret monitoring will pose a great threat to people. Therefore, whether the software is safe, whether the software is really what the user wants, whether the software itself has the back door, and whether the software certificate is authentic become urgent problems to be solved at present. In view of the above problems, this paper constructs a certificate credibility verification method based on SGX technology, and develops a secure software issuance system. Firstly, a secure architecture including audit server, CA, software developers and users is designed. Then, a secure software issuance system and a certificate acquisition system based on SGX are designed and implemented by integrating SGX technology with digital signature and encryption technology. The test verifies the feasibility of the system.

Figures and Tables | References | Related Articles | Metrics

Malware Detection Method Based on Shapelet

Yunchun LI, Wentao LU, Wei LI

2018, 18 (3): 70-77. doi: 10.3969/j.issn.1671-1122.2018.03.009

Abstract ( 543 )

HTML ( 1 )

PDF (1449KB) ( 465 )

Against malware detection method based on traditional malware signature in the detection of malware is difficult in dealing with metamorphosis, polymorphic and other malware variation technologies, and the feature of high time complexity of the worst case in the detection process, this paper uses the idea of Shapelet in the classification of time series data, and builds the malware classification tree that can be used for malware classification based on the API calling sequence used running in sandbox, the experimental show that this method can not only cope with the malware variation technology, but also reduce the malware detection time.

Figures and Tables | References | Related Articles | Metrics

A Trusted Connection Architecture Based on Network Behavior Analysis

Jianbiao ZHANG, Wanshan XU, Guojie LIU, Fan YANG

2018, 18 (3): 78-85. doi: 10.3969/j.issn.1671-1122.2018.03.010

Abstract ( 631 )

HTML ( 5 )

PDF (3611KB) ( 378 )

Trusted connection architecture (TCA) is an important means to solve the network security access. TCA through a trusted third party to achieve two-way user authentication and platform identification, greatly guarantee the terminal and access network security. TCA implements two-way user authentication and platform authentication through trusted third party, which greatly guarantees the security of the terminal and the network access. However, TCA does not consider the security of network behavior. In this regard, this paper proposes an extended TCA architecture, which extends the network behavior layer on the basis of TCA. It extracts network behavior based on time and host network traffic characteristics. Bayesian algorithm is used to achieve the network behavior analysis, measurement and identify the network abnormal behavior. Experiments show that the architecture can effectively identify the abnormal behavior in the network and protect the network security.

Figures and Tables | References | Related Articles | Metrics

An Outsourcing Computing Based on Large Matrix QR Decomposition in Cloud Environment

Hongfeng WU, Huanshu REN

2018, 18 (3): 86-90. doi: 10.3969/j.issn.1671-1122.2018.03.011

Abstract ( 536 )

HTML ( 2 )

PDF (1295KB) ( 354 )

It is one of the hottest issues in the background of cloud computing to outsource computing tasks that consume much time to non-trusted cloud servers. The outsourcing computing protocol of solving large-scale equations not only requires high efficiency, but also meets the verifiability of the calculation results and avoids the leakage of customer information. This paper designs a verifiable outsourcing computing protocol based on QR decomposition of large-scale matrix. Compared with other schemes, the protocol is not based on any cryptology hypothesis, and can efficiently solve large-scale linear equations. In addition, this protocol outsources the original matrix that has been blinded to the cloud server for QR decomposition, which increases the privacy of the protocol. The paper also provides a simple operation to verify the correctness of the results.

References | Related Articles | Metrics

Table of Content