Netinfo Security

Design and Implementation on Malicious Documents Detection Tool Based on Machine Learning

Weiping WEN, Bozhi WU, Yingnan JIAO, Yongqiang HE

2018, 18 (8): 1-7. doi: 10.3969/j.issn.1671-1122.2018.08.001

Abstract ( 587 )

HTML ( 5 )

PDF (2259KB) ( 260 )

With the further improvement of the degree of network and information, the advanced persistent threat (APT) events are increasing, which brings serious threat to the security development of the state and huge economic losses to enterprises. APT attack carries out a long-term continuous network attack on specific target by using a series of steps which include targeted intelligence collection, single point attack breakthrough, control channel construction, internal horizontal penetration and data collection and upload and so on. In the single point attack breakthrough stage, the most commonly used technology of network attack is to use malicious documents implanted remote Trojans, so it is necessary to detect and identify malicious documents. After fully investigating the status quo, this paper proposes a malicious document detection method based on machine learning. By analyzing dynamic behaviors of unknown documents combining with virtual sandbox, a malicious document recognition tool is designed and implemented. Experiments show that the tool can efficiently process and identify large-scale malicious documents based on machine learning.

Figures and Tables | References | Related Articles | Metrics

An A-A Intelligent Collaborative Method Based on Biological Immune Mechanism in WSANs

Yan WANG, Chen PAN

2018, 18 (8): 8-9. doi: 10.3969/j.issn.1671-1122.2018.08.002

Abstract ( 475 )

HTML ( 1 )

PDF (1754KB) ( 171 )

Inspired by the biological immune mechanism, this paper proposes an A-A intelligent collaborative method based on biological immune mechanism. The method aims to solve the system’s maximum constraint time and the number of participating actor nodes. In the task cooperation time model, the state prediction function is introduced to obtain the maximum constraint time of the system; when the node is co-processed, the biological immune mechanism is used to solve the number of actor nodes that ultimately participate in the coordination. With the help of power control technology, the actor node can dynamically change the collaborative range and autonomously decide the dominant actor node to participate in the task processing, so that the superior candidate actor node has more opportunities to participate in the collaborative work, achieving efficient matching of the task and the actor node. It solves the problem of uneven energy consumption and prolongs the network life as much as possible. The simulation results show that the proposed algorithm has better performance than typical RC and MOTS algorithms in terms of the average completion time and the network lifetime.

Figures and Tables | References | Related Articles | Metrics

Quantum-security Certificateless Bidirectional Proxy Re-encryption for Cloud Data Sharing

Mingming JIANG, Lijun ZHAO, Yan WANG, Baocang WANG

2018, 18 (8): 17-24. doi: 10.3969/j.issn.1671-1122.2018.08.003

Abstract ( 512 )

HTML ( 2 )

PDF (1331KB) ( 130 )

For the security and private of cloud data sharing in the open cloud computing, this paper uses the Gauss sample technology to construct a certificateless proxy re-encryption scheme based on learning with errors (LWE) problem. In this scheme, the cloud server can use the proxy re-encryption keys by two users authorized to convert ciphertexts of one user to each other, which not only realizes the data sharing problem in cloud storage, but also solves the privacy protection problem of user data. The scheme not only realizes the function of proxy re-encryption, but also solves the certificate management problem in public key infrastructure and the key escrow problem in identity-based cryptosystem. The proposed scheme is proved semantic secure against adaptive chosen plaintext attack in the standard mode based on learning with errors(LWE) problem. More importantly, the scheme is also safe in the quantum environment.

References | Related Articles | Metrics

Research on A Distributed Public Key System Based on Blockchain

Jinghao LIU, Jianchuan PING, Xiaomei FU

2018, 18 (8): 25-33. doi: 10.3969/j.issn.1671-1122.2018.08.004

Abstract ( 737 )

HTML ( 21 )

PDF (1654KB) ( 302 )

Compared with centralized system, distributed system has difficult in reaching consensus in the system. Therefore, distributed systems are greatly limited in application of information storage. With the advent of the blockchain and its further research, a more reliable implementation is given for establishing consensus in distributed systems. In this paper, we propose a distributed public key scheme based on blockchain technology, which shares the key storage responsibility through the nodes in the blockchain network. By splitting storage system into constituent nodes in the network, it can provide better response performance and anti-interference capability than the traditional centralized public key system. For the shortcomings that have appeared in the application of the blockchain system in the field of virtual currency, after analyzing the impact of these defects on the management of the public key, some blockchain system is avoided by some improvements. At the end of the article, some common attacks on public-key systems are analyzed. The results show that the system has a strong anti-jamming effect on the aggressors' System security.

Figures and Tables | References | Related Articles | Metrics

Algorithm for Trajectory Movement Pattern Mining Based on Semantic Space Anonymity

Kaizhong ZUO, Jian TAO, Haiyan ZENG, Liping SUN

2018, 18 (8): 34-42. doi: 10.3969/j.issn.1671-1122.2018.08.005

Abstract ( 408 )

HTML ( 1 )

PDF (1731KB) ( 191 )

Aiming at the mining user movement patterns using trajectory data in offline scenario to leaks the privacy problems of the user sensitive location, using the geographic spatial distribution of points of interest, an anonymous trajectory-based moving pattern mining algorithm based on semantic space is proposed to defend against attacker map matching attacks or semantic inference attacks while implementing user mobility patterns mining. The algorithm first uses grid division technology to divide the urban area into uniform grids to generate grid areas. Then use the location distribution and semantic difference degree of the interest points in the grid area to spatially annotate the trajectory stay points to satisfy the (k,l) privacy model. Finally, the idea of mining PrefixSpan algorithm based on classical model mining is used to mine frequent moving patterns of anonymous trajectory datasets. Theoretical analysis and simulation experiments verify the security and effectiveness of the algorithm. Compared with MCSPP, an existing space-based anonymous trajectory moving pattern mining algorithm, this algorithm not only reduces the average information loss degree, but also has a higher spatial interpretation of the frequent movement patterns of mining.

Figures and Tables | References | Related Articles | Metrics

A Yarn and NMF Based Big Data Clustering Algorithm

Xinyang FENG, Jianjing SHEN

2018, 18 (8): 43-49. doi: 10.3969/j.issn.1671-1122.2018.08.006

Abstract ( 414 )

HTML ( 3 )

PDF (1864KB) ( 205 )

In order to improve the performance of MapReduce version 1 on big data processing, a Yarn and NMF (Non-negative Matrix Factorization) based Parallel hierarchical clustering algorithm was proposed in this paper. The combination of big data classification with NMF algorithm and the task partition in our MapReduce approach were discussed subsequently. Our approach used the Yarn distributed computation programming model of Hadoop2.0 and thus the big data was stored in HDFS (Hadoop Distributed File System). The coding mechanism and flow of hierarchical data clustering on Yarn were also discussed and described in detail. In order to demonstrate the efficiency of our approach, a serial of simulation experiments on a telecommunication big data were done. The results and performance analysis demonstrated that big data can be completed in an accepted time scope with Yarn framework. Good performance and speedup had been also obtained in our test.

Figures and Tables | References | Related Articles | Metrics

Algebraic Signature-based Secure Auditing and Deduplication Scheme with Ownership Dynamic Modification in Cloud Environment

Jianli BAI, Xiaoran LI, Rong HAO, Jia YU

2018, 18 (8): 50-55. doi: 10.3969/j.issn.1671-1122.2018.08.007

Abstract ( 711 )

HTML ( 5 )

PDF (1097KB) ( 215 )

Cloud data integrity auditing and data deduplication technology play the important roles in the rapid development of cloud storage. In recent years, many experts have proposed several schemes that simultaneously support data integrity auditing and data deduplication in cloud environment. However, all of these schemes have large computational costs in the phase of authenticator generation. The scheme in this paper uses algebraic signature to generate file signature and utilizes XOR operation to encrypt outsourced data, which greatly reduces computational costs in user side. In addition, the scheme uses the efficient re-encryption algorithm to support the real dynamic ownership modification without knowing all possible users of the file. Security analysis and performance analysis show that the scheme is secure and high efficient.

Figures and Tables | References | Related Articles | Metrics

Research on Hadoop-based Massive Security Log Clustering Algorithm

Xie LU, Shoushan LUO, Yumei ZHANG

2018, 18 (8): 56-63. doi: 10.3969/j.issn.1671-1122.2018.08.008

Abstract ( 568 )

HTML ( 3 )

PDF (1212KB) ( 198 )

In the big data environment, network security incidents emerge one after another, and network security has become a hot spot of concern. As a dark data in the new environment, the security log records the important information of the running status of the equipment. Through its analysis, it can grasp the network security situation in real time, and can be used as a security auditing tool for pre-protection and after-accusation, to achieve abnormal events. Aiming at the importance of log auditing and combining the important role of data mining in the field of log analysis, and aiming at the relative lag of processing massive data in a single machine environment, a clustering algorithm based on Hadoop for massive security log is proposed. Firstly, the K-means clustering algorithm is improved based on the maximum and minimum distance (MMD) and the mean value, which overcomes the defect of the traditional K-means algorithm in finding the randomness of the initial cluster center. Secondly, in order to adapt to the massive data. Effectively process, improve the efficiency and speed of clustering, and deploy the improved K-means clustering algorithm on Map/Reduce for iterative calculation. Experiments show that the improved clustering algorithm proposed in this paper is better than other typical methods, and the clustering effect is stable. It has better running speed and speedup ratio in cluster performance.

Figures and Tables | References | Related Articles | Metrics

Research on User Privacy Measurement and Privacy Protection in Mobile Crowdsensing

Rong MA, Xiuhua CHEN, Hui LIU, Jinbo XIONG

2018, 18 (8): 64-72. doi: 10.3969/j.issn.1671-1122.2018.08.009

Abstract ( 878 )

HTML ( 8 )

PDF (3970KB) ( 278 )

In view of mobile crowdsensing, the existing privacy protection schemes use an unified privacy protection strategy for all perceived data because of the lack of effective privacy measurement methods, which leads to the problem of excessive protection or insufficient protection of the privacy information of the perceived data, and the accuracy of the perceived data is low, this paper proposes an user privacy measurement method for mobile crowdsensing and constructs a personalized privacy protection scheme based on this method. Firstly, according to the historical and spatio-temporal data of the sensing users, by using the fuzzy reasoning technology, combining the public attribute of the location and the different personality attributes of the location to a user, the privacy measurements of the user in different locations are obtained. Furthermore, the sensing platform selects a sensing user with low privacy measurement to participate in the sensing task in each location according to the different privacy measurement that user uploads, which ensures that users can contribute to the perceived data with high accuracy under the premise of privacy security. The simulation results show that the scheme ensures the accuracy of the perceived data while improves the level of privacy protection.

Figures and Tables | References | Related Articles | Metrics

Non-negative Matrix Factorization Optimization and Its Application in Network Intrusion Detection

Gelin ZHANG, Yong LI

2018, 18 (8): 73-78. doi: 10.3969/j.issn.1671-1122.2018.08.010

Abstract ( 604 )

HTML ( 3 )

PDF (1388KB) ( 195 )

Due to the non-negative matrix factorization (NMF) can effectively reduce the high-dimensional data to the low-dimension by decomposition, the initialization problem of non-negative matrix factorization algorithm was optimized by combining principal component analysis algorithm, and then it was applied to intrusion detection. For the problem of how to determine the number of reserved bases K and NMF matrix initialization, the application of the improved NMF algorithm in the field of network intrusion is studied. In order to achieve qualitative analysis, we reduce KDD dataset records from high-dimensional space to low-dimensional space, and then display data features in low-dimensional space. To achieve quantitative analysis, the data is classified by SVM and processed into test reports to verify that the optimized NMF algorithm is better than the original algorithm in detection rate and efficiency.

Figures and Tables | References | Related Articles | Metrics

Research and Development Trend Analysis of Key Technologies for Cyberspace Security Situation Awareness

Yuan TAO, Tao HUANG, Mohan ZHANG, Shuilin LI

2018, 18 (8): 79-85. doi: 10.3969/j.issn.1671-1122.2018.08.011

Abstract ( 1470 )

HTML ( 23 )

PDF (1037KB) ( 509 )

The article expounds that cyberspace security situational awareness is an important means and key development direction for protecting critical information infrastructure and important information systems. By analyzing the technical characteristics of APT attack, and the security risk of cloud platform and big data platform, a conclusion is got that the cyberspace security situation awareness needs to be realized from five aspects: visibility, knowable, manageable, controllable, traceable and early warning. The domestic and foreign technical status of cyberspace security situation awareness system is researched comprehensively. The main functions and key technologies of network security data source, big data analysis, cyberspace situation assessment, cyberspace threat assessment and cyberspace situation prediction are analyzed, and the future development trend of cyberspace security situation awareness system is obtained. With the integration of big data and AI technology, the infrastructure of cyberspace security situation awareness system should be dynamically expanded, and the accurate prediction and defense disposal recommendations can be proved. So that good guiding significance is proved for research, development, evaluation and supervision of cyberspace security situation awareness system.

Figures and Tables | References | Related Articles | Metrics

Table of Content