Netinfo Security

Research on the Management of Network Connection and Data Traffic in Windows

Si-han QING

2015, 15 (5): 1-9. doi: 10.3969/j.issn.1671-1122.2015.05.001

Abstract ( 292 )

HTML ( 0 )

PDF (11861KB) ( 75 )

With the popularization of Internet applications and the rapid development of IT technologies, Microsoft continuously launches new versions of Windows to keep up with changed circumstances of network security and diversification of network applications. It can be seen that Microsoft has made its greatest effort to enhance OS security. At same time, Microsoft has conducted a great deal of work to improve network security and performances in network applications. To this end, based on the following two new versions , Windows Server 2012 and Windows Server 2012 R2, this paper discusses and analyzes the improvements on performance and security in terms of network connection and data transmission, focusing on Windows firewall, DCTCP, Windows Web server(IIS), remote access mechanism, Windows DNS and DHCP servers, and Hyper-V network virtualization, etc. Nevertheless, a rising tide lifts all boats, diversified novel applications introduce new bottlenecks, and more sophisticated attack technologies lead to new threats to network applications. Consequently, continuous improvement and enhancement is a never-ending process.

Figures and Tables | References | Related Articles | Metrics

Characteristics Analysis of Traffic Behavior of Remote Access Trojan in Three Communication Phases

Wei LI, Li-hui LI, Jia LI, Shen-wen LIN

2015, 15 (5): 10-15. doi: 10.3969/j.issn.1671-1122.2015.05.002

Abstract ( 797 )

HTML ( 21 )

PDF (6363KB) ( 215 )

With the development of Internet technologies, network applications have also been better spread, and ensuring network security has become an urgent problem. Currently, the Trojan is one of the most serious threats to network security. The main methods of Trojan detection are characteristics-based Trojan detection and behavior-based Trojan detection. This paper analyzes the characteristics of the traffic behavior from the three communication stages of remote access Trojan. During establishing the connection, the Trojans have dynamic DNS behavior, and the PSH flag of TCP packet is set 1 when data is transferred, causing the number of PSH packets increasing. During command interaction , upload traffic and download traffic are asymmetrical, and the ratio of small packets is high. During keeping connection, the server sends keep-alive packets. This paper designs experiments to compare normal application traffic behavior with remote access Trojan traffic behavior on the above features, and analyze their similarities and differences, providing a basis for identifying the Trojan through traffic behavior characteristics.

Figures and Tables | References | Related Articles | Metrics

A Text Similarity Evaluation Algorithm for Structured Data of Institutional Repository

Xu WU, Fang-yu GUO, Xia-qing XIE, Jin XU

2015, 15 (5): 16-20. doi: 10.3969/j.issn.1671-1122.2015.05.003

Abstract ( 488 )

HTML ( 0 )

PDF (5022KB) ( 172 )

Institutional repositories content is a variety of digital products created by body members in the process of work. Its purpose is supported by a network to collect, sort, save, retrieve and providing access. Its text data set is structurization and discreteness. Personalized recommendation technology can effectively improve the visibility and utilization of institutional repositories. The existing "user-driven" paradigm can be shifted to "knowledge-driven" mode. The institutional repository users are allowed to more efficiently access to academic information. To this end, the existent similarity measure method in both at home and abroadand has been studied. Different weight have different effects on overall similarity to the word idea is introduced. Based on TF-IDF and word matching algorithm of text similarity evaluation is presented. It filters invalid data by analyzing DC (Dublin Core) metadata format, calculates the right weight of certain words in specified domain and counts the number of matches. The text similarity can be calculated based on the normalization of the length of texts. The paper validates the feasibility of algorithm by using experimental data created manually and the algorithm is proved that it can calculate the similarity of structured text data reasonably.

Figures and Tables | References | Related Articles | Metrics

The Security Requirement and Applicable Cryptographic Techniques on Identity Cards

Chuan-kun WU

2015, 15 (5): 21-27. doi: 10.3969/j.issn.1671-1122.2015.05.004

Abstract ( 516 )

HTML ( 5 )

PDF (7641KB) ( 110 )

Identity cards are often used in our normal life to identity someone. In many cases, identity cards are complementary but necessary documents: when someone tends to sell his/her real estate property, apart from showing the original certificate of the property, a valid identity card of the seller is also necessary; in the process of large amount currency withdraw from a bank account, the identity card of the withdrawer together with a valid bank card is necessary. So, in some sense, the forgery detection of many other documents can be complemented by the forgery detection of identity cards. As we know, the production of resident identity cards is a national secret; hence most people do not now know its technical detail. However, as has been shown by many instances in the information technology industry that, the information security provision via manufacturing process has great risks. So public research should be encouraged, and based on the public research outcomes, the manufacture process should combine technical means of protections. This paper tends to overview the weakness of current identity cards in detecting forgeries, discuss the security functionalities that should be possessed by identity cards, particularly by the residential identity cards, intending to explore the possibility for the cryptographic techniques to be used in identity cards, expecting to provide some reference for securer identity card production in the future.

References | Related Articles | Metrics

Analysis and Design of Network Monitoring System Based on MPLS VPN Technology

Chen BIAN, Xing-yan YU, Wei-rong XIU, Chang-tian YING

2015, 15 (5): 28-33. doi: 10.3969/j.issn.1671-1122.2015.05.005

Abstract ( 474 )

HTML ( 2 )

PDF (6259KB) ( 159 )

This paper is based on the peace city network video monitoring system, by a detailed research; check the present situation and problems, follow the method of system safety analysis, proposed the solutions and improvements. The article firstly puts forward the principles and methods of security domain division, and divides the system into four security zones: network core domain, business computing domain, public service domain and client domain; then describe the optimization countermeasures of system security enhancement. The main methods are as follows: take advantage of dual PE redundant backup strategy reinforce the network core performance, network firewall deployment, implement intrusion prevention system. Finally summarizes and prospect for the solution of the network video monitoring system.

Figures and Tables | References | Related Articles | Metrics

Research on Fault Tolerant Digital Text Watermarking Algorithm

Yuan-yuan CHENG, Xiao-wei LIU, Jin ZHANG, Yan GAO

2015, 15 (5): 34-40. doi: 10.3969/j.issn.1671-1122.2015.05.006

Abstract ( 609 )

HTML ( 4 )

PDF (7054KB) ( 85 )

With the rapid development of information technology and the wild use of smart devices, the traditional publishing industry is shifting to the new publishing industry. Pictures, books, magazines, newspaper and some other special document transmitting on the network has become very common. As the network is easy to copy and spread text resources, the legitimate interests of users vulnerable to abuse. To solve this problem, copyright protection technology which is represented by the text watermark came into being. This paper uses fault tolerance principle to design a new algorithm. To some extent, word processing software can ignore some faults in the documents. A new algorithm has been designed according to this. Using this algorithm, the copyright information can be kept in the reserved words of files. Users are allowed to properly use the document, and the embedded watermark can be extracted obtain and verify the copyright.

Figures and Tables | References | Related Articles | Metrics

Research on Detection of Social Web Page Based on Abnormal Characteristics

Xun LI, Jian XU, Ying-nan JIAO, Han-bing YAN

2015, 15 (5): 41-46. doi: 10.3969/j.issn.1671-1122.2015.05.007

Abstract ( 473 )

HTML ( 1 )

PDF (6478KB) ( 195 )

In recent years, with the rapid development of social networks, social networks have become an ideal platform for the botnets to conceal and attack. Botnets use social networks as command and control channels, spreading commands and controlling Zombie hosts by using abnormal pages that contain the control instructions and malicious programs. This way of attack is characterized by high confidentiality and the effects of the traditional botnet detection technologies in turn are greatly reduced. So how to detect the pages containing the abnormal texts is an important problem that the social botnet detection faces. This paper applies the machine learning algorithm to detect abnormal pages, and designs and achieves an anomaly detection system. Firstly, this paper designs crawler tool to collect Web data, then extracts the abnormal characteristics of pages in terms of the method of text analysis, and uses KNN and SVM classification algorithms to determine the characteristic vectors set, finally gives the analysis of the judgment result. Experiment shows that the anomaly detection system can effectively detect abnormal pages and improve the detection efficiency, providing the support for finding botnets next step.

Figures and Tables | References | Related Articles | Metrics

A Survey of Information Diffusion Prediction in Online Social Networks

Le WANG, Yong WANG, Dong-an WANG, Xiao-lin XU

2015, 15 (5): 47-55. doi: 10.3969/j.issn.1671-1122.2015.05.008

Abstract ( 468 )

HTML ( 3 )

PDF (10143KB) ( 124 )

With the development of Web 2.0 and the gradual maturity of online social media, social network has become an indispensable platform for people’s social interaction, information sharing and news transmission. Being different with traditional diffusion ways, information is propagating fast on a large scale through users’ communication behavior, which promotes business such as marketing and information industry to some extent. Meanwhile, nevertheless, it increases the burst opportunity and frequency that destructive events, malicious information, negative news happens. The problems caused by these phenomena give rise to new challenge to internet security. Therefore, while people devote themselves to fully explore and use online information resource and obtain its service, in order to prevent security issues during information diffusion from jeopardizing nation and public interests, this paper concentrate upon doing research about the problem of information diffusion prediction in social network. Under the way of predicting information propagation, can potential threats hide in information be found at an early stage, thus our national information industry will stand a far better chance of growing. To be specific, this paper briefly introduces the mechanism of information propagation, analyzes and concludes three influence factors (user, information content and relationship between users) and main diffusion characteristics, then summarizes the diffusion prediction models and methods from four aspects, namely, infection-based, diffusion characteristics-based, statistic and inference-based and influence-based models. Finally, the directions for the future research are discussed.

Figures and Tables | References | Related Articles | Metrics

Research on Social Network Data Acquisition Technology Based on Browser Test Components

Xue-min CHEN, Ying SHA

2015, 15 (5): 56-61. doi: 10.3969/j.issn.1671-1122.2015.05.009

Abstract ( 483 )

HTML ( 1 )

PDF (6383KB) ( 169 )

Social network data acquisition is a vital technology and precondition for public opinion analysis. However, shielding measures of the current major social network platforms are increasingly complexity to third-party crawlers. Traditional data acquisition means are facing increasingly severe challenges. This paper proposes a data acquisition technology based on browser test components, which avoids some limitations that social networks have set up to traditional network crawlers by simulating normal users’ behaviors, in order to achieve efficiently data acquisition. The system acquires QQ group real-time message information and non real-time information. For real-time message, the result of comparative experiment shows that the overall rate of instant information collection reaches 99%, and the accuracy rate reaches 100%. For non-real-time information, the system acquires the information of group announcement, the list of group members, the group shared file and album. By contrast of data sampling, the result shows that overall rate and accuracy rate all reach 100%. The experiment proves that social network data acquisition technology based on browser test components has its advantages on data acquisition.

Figures and Tables | References | Related Articles | Metrics

Research on Information Security Risk Assessment Method Based on Similarity of Interval-valued Intuitionistic Fuzzy Sets

Xi-long TENG, Hai-peng QU

2015, 15 (5): 62-68. doi: 10.3969/j.issn.1671-1122.2015.05.010

Abstract ( 465 )

HTML ( 0 )

PDF (6004KB) ( 158 )

Risk assessment plays an important role in classified protection of information system. Through the risk assessment, threats and vulnerabilities can be clearly, level of risk and expected loss can be evaluated. System administrators can consolidate the problems which are found during the assessment to improve the security of the system. However the assessment result is greatly influenced by evaluator’s subjective factors in risk assessment progress. When assigning the safety of assets, it is difficult to give a precise number to describe the safety of assets. And evaluators give the safety assignments number based on their experience, knowledge and other factors, this number has certain subjectivity, but it can’t completely describe the evaluator’s subjective state of mind, so it influences the objective of assessment result. A risk assessment method is researched; it has some advantages in describing the evaluator’s subjective factors and reducing the influence caused by subjective factors in order to improve the objective of assessment result. The evaluator’s subjective states, such as certain, deny and hesitate, are described by interval-valued intuitionistic fuzzy sets. An interval-valued intuitionistic fuzzy similarity algorithm is proposed, and considering the national standard information security technology — baseline for classified protection of information system, the risk assessment method is proposed based above knowledge. The experimental result proves the effectively of this method, and it has a certain application value.

Figures and Tables | References | Related Articles | Metrics

Research on P2P Traffic Identification Under the High Speed Network

Zheng MU, Jin WU, Shu-juan XU

2015, 15 (5): 69-76. doi: 10.3969/j.issn.1671-1122.2015.05.011

Abstract ( 376 )

HTML ( 0 )

PDF (8578KB) ( 94 )

Network traffic classification refers to classify the flow which mixed with a variety of applications in accordance with the protocol which flow used. Network traffic classification has been one of the hot spot in all walks of life. Research on network traffic classification can provide the basis to design the next generation of high performance network protocol, can provide the gist for network management and network traffic scheduling, can provide support for network attack protection and traffic cleaning. This paper analyzes the network traffic identification methods in nowadays mainstream sand summarized the flow classification technology development present situation and research results. According to current situation of rapid growth of P2P traffic and the characteristics of high-speed network traffic, focuses on the binary classification method of P2P traffic which under the high-speed networks. In this paper, data stream can be divided into P2P traffic and the normal network traffic by the traffic identification methods based on the behavior of the transport layer firstly, and dynamically generate marked characteristic of the training set according to the results of the classification. Effectively avoids the sample set which is used by the classification algorithm is not accurate because of the network data flow changed. And then put forward a kind of P2P traffic identification method based on C4.5 decision tree, this method only need to calculate several packets which in a data flow, and then the network traffic identification is completed. Don’t need to concern of single or double direction of the data flow, data encryption, etc. Experiments show that the recognition accuracy of this method is high; the computational complexity is low, suitable for high-speed network traffic identification.

Figures and Tables | References | Related Articles | Metrics

Research on TV Logo Detection Based on Compressive Sensing

Jie XU, Min HE, Xiu-guo BAO

2015, 15 (5): 77-81. doi: 10.3969/j.issn.1671-1122.2015.05.012

Abstract ( 324 )

HTML ( 0 )

PDF (4958KB) ( 141 )

TV logo is embedded in complex background, and usually has hollow and translucent characteristics. There are many defects in the conventional TV logo detection techniques such as the complexities of image features extraction and matching algorithm as well as the characteristic dimension curse, so this paper proposes a method based on compressive sensing to quickly and efficiently identify the TV logo. This method directly processes raw pixels, not only avoiding the difficulty of features extraction, but also having good robustness for hollow and translucent logos. Experiment shows that when identifying TV logo in a single frame, the average recognition time is within 35ms, while recognition accuracy rate can reach more than 98%.

Figures and Tables | References | Related Articles | Metrics

Table of Content