Netinfo Security

Review of Malicious Traffic Feature Extraction

Gang LU, Ronghua GUO, Ying ZHOU, Jun WANG

2018, 18 (9): 1-9. doi: 10.3969/j.issn.1671-1122.2018.09.001

Abstract ( 1351 )

HTML ( 69 )

PDF (7816KB) ( 611 )

The frequent occurrence of new malware presents severe challenges in network security. It is necessary way to resolve this problem by extracting malicious traffic features. This paper systematically reviews the existing methods of malicious traffic feature extraction. Firstly, we introduce malicious traffic classes. Then, based on the principal line of the process of malicious traffic feature extraction, we generalize the recent works in four aspects: traffic acquisition, reverse analysis, feature generation, feature evaluation and optimization. Moreover, we detail the methods of malicious traffic feature extraction on smartphone and Internet of thing devices. Finally, we summarize the paper and discuss the future work in this research area.

Figures and Tables | References | Related Articles | Metrics

Research on Attacks and Defenses towards Machine Learning Systems

Yingchao YU, Lin DING, Zuoning CHEN

2018, 18 (9): 10-18. doi: 10.3969/j.issn.1671-1122.2018.09.002

Abstract ( 639 )

HTML ( 6 )

PDF (8168KB) ( 246 )

Recent research shows that almost all stages of machine learning system pipeline may encounter data contamination attack, attack on learning algorithm and dependency library, escape attack, model theft and model reasoning attack. These attacks not only affect the learning process of the machine learning system, but also may affect the performance of the model or make the model appear the errors which attackers want the model to appear under specific input, thus affecting the accuracy of the model. So, understanding the security of machine learning algorithms and systems, and exploring their security improvements, has increasingly become a research direction in cross field of computer security and machine learning. This paper firstly defines the machine learning system pipeline, and then studies the possible attacks and potential solutions on the pipeline. Finally, this paper summarizes the full text and prospects the future research directions.

Figures and Tables | References | Related Articles | Metrics

Research on Testing and Evaluation of Network and Communication Security in Classified Cybersecurity Protection

Shuilin LI, Guangyong CHEN, Yuan TAO

2018, 18 (9): 19-24. doi: 10.3969/j.issn.1671-1122.2018.09.003

Abstract ( 714 )

HTML ( 8 )

PDF (5349KB) ( 335 )

At present, most of the national standards of classified cybersecurity protection have been basically revised, and will be formally promulgated in the near future. In view of the new national standard "information security technology - evaluation requirement for classified cybersecurity protection" (draft), this paper analyzes the change of control points in the network and communication security level, and expounds the evaluation methods of important control points in this level, and provides reference for the evaluation organization of classified cybersecurity protection.

Figures and Tables | References | Related Articles | Metrics

Research on Security Authentication Protocol for Wearable Police Devices

Wenjiang HAO, Fei SONG, Yueliang WAN

2018, 18 (9): 25-29. doi: 10.3969/j.issn.1671-1122.2018.09.004

Abstract ( 576 )

HTML ( 2 )

PDF (4423KB) ( 161 )

Wearable police devices become the trend of future police single equipment for providing reliable data sensing, mobile computing, intelligent analysis and other services. In this work, a lightweight dynamic secrets based authentication protocol is proposed for wearable police devices in police cloud computing environments. It realizes secure data transmission and identity authentication between wearable police devices and other intelligent terminals by applying simple and efficient cryptographic algorithms. This protocol applies pseudo random number to realize dynamic secret and key selection, which improves session randomness and unpredictability. Meanwhile, one-way HMAC function and Hash function are jointly introduced to ensure data confidentiality and data integrity. This work focuses on practical applications, considers security threats of wireless communication channels, and satisfies security authentication requirements for resource-constrained wearable police devices.

Figures and Tables | References | Related Articles | Metrics

Certificate Application Audit System Based on Distributed Computing

Zhiwei CAO, Xinming YIN, Jinyun YANG, Haiye HUANG

2018, 18 (9): 30-34. doi: 10.3969/j.issn.1671-1122.2018.009.005

Abstract ( 527 )

HTML ( 1 )

PDF (4839KB) ( 144 )

Public security certificate application audit task has the characteristics of wide distribution and heavy workload. It needs to be dispatched and managed by distributed computing. According to the requirement of public security certificate application audit task, this paper proposes a task scheduling strategy based on distributed computing. In order to solve the problem of high consumption of network resources in large-scale audit tasks, a hierarchical energy-saving scheduling strategy oriented to node subset and node hierarchy is proposed. Finally, a complete design scheme of certificate application audit system based on distributed computing is given. Through the pilot operation, it is proved that the scheme has the ability to carry a large number of certificate application audit tasks, and also has security.

Figures and Tables | References | Related Articles | Metrics

Security Threat Analysis and Solutions for the Development and Application of Artificial Intelligence

Yue QIU, Siqi LI

2018, 18 (9): 35-41. doi: 10.3969/j.issn.1671-1122.2018.09.006

Abstract ( 485 )

HTML ( 3 )

PDF (5910KB) ( 299 )

With the development of cloud computing and big data, artificial intelligence applications become more and more popular. From small fashion, easy to carry the intelligent wearable devices, to influence and change of human life intelligent capture to expend, autopilot, intelligent transportation, artificial intelligence is anywhere. As it is everywhere, the characteristics of the current work in convenient people’s life. At the same time, AI brings more and more security risks to users unconsciously. This will become increasingly apparent in today’s human-computer co-existence. Based on the theme of the safety analysis of AI in this paper, firstly reviewed the development history of AI for nearly half a century and application status. Then from the current, the respect such as technology development analyses the development and application of the safety risk. Then, from the building security regulatory framework, security standards, strengthen the key technology research presents the necessary management, construction and research proposal. Finally, from the development trend of the times on the future future security of artificial intelligence.

Figures and Tables | References | Related Articles | Metrics

Research on Disaster Recovery Mechanism of HBase Database Based on Storage Form and Features

Wenhua LUO, Zhiming WANG

2018, 18 (9): 42-47. doi: 10.3969/j.issn.1671-1122.2018.09.007

Abstract ( 448 )

HTML ( 0 )

PDF (4969KB) ( 158 )

Based on the analysis of the NoSQL database system architecture represented by HBase, compared with the traditional disaster recovery mechanism, it deeply explored the changing rule of the data with the storage process timeline, and realized the mechanism of data restoration and data recovery by relying on or even not relying on log information. To circumvent the shortcomings of traditional disaster recovery. By incorporating data storage forms and characteristics into disaster recovery considerations, we can more fully understand the timing relationships between records and make up for the inadequacies of relying solely on log replay operations, especially in the event of malicious operations or misoperations, the purpose of restoring data is achieved, and relatively satisfactory results are obtained in data recovery of the distributed database deletion.

Figures and Tables | References | Related Articles | Metrics

Design and Implementation of Medical Privacy Protection Scheme in Big Data Environment

Ronglei HU, Yanqiong HE, Ping ZENG, Xiaohong FAN

2018, 18 (9): 48-54. doi: 10.3969/j.issn.1671-1122.2018.09.008

Abstract ( 867 )

HTML ( 32 )

PDF (5727KB) ( 358 )

With the application of medical information systems, data sharing and data analysis make medical privacy more transparent, and a single data encryption technology is difficult to solve the problem of privacy leakage, so it needs a complete medical privacy protection program. This paper proposes a privacy protection scheme under the big data environment. This scheme combines the big data platform technology and storage technology to desensitize the medical data, formulate privacy protection strategies, and call different desensitization methods according to different desensitization schemes, which can effectively protect privacy information. The core functional modules of the system are programmed and implemented. In the system implementation, the distribution characteristics of the data can be ensured, and the processed data set no longer contains individual private information. System performance was tested to verify the feasibility and reliability of the system.

Figures and Tables | References | Related Articles | Metrics

Knowledge Modeling and Application of Quality Evaluation System for Complex Network Security Product

Yi LI, Jian GU, Tiejun GU

2018, 18 (9): 55-59. doi: 10.3969/j.issn.1671-1122.2018.09.009

Abstract ( 422 )

HTML ( 0 )

PDF (4299KB) ( 121 )

The quality evaluation system of complex network security products exhibits the characteristics of knowledge correlation, mining which will help to improve the scientificity and rationality of evaluation decisions. Based on the ontology theory and technology, a general knowledge modeling method for the quality evaluation system of complex network security products was provided. In addition, an empirical study of the firewall quality evaluation was carried out. The results show that the knowledge model supports the decision-making of evaluation.

Figures and Tables | References | Related Articles | Metrics

The Application of Blockchain Technology in Network Mutual Aid and User Privacy Protection

Peili LI, Haixia XU, Tianjun MA, Yongheng MU

2018, 18 (9): 60-65. doi: 10.3969/j.issn.1671-1122.2018.09.010

Abstract ( 633 )

HTML ( 10 )

PDF (4776KB) ( 303 )

As a revolutionary new technology, blockchain technology has received extensive attention and research from the business and academia community. Blockchain has the advantages of transparency, data integrity, anti-tampering, etc. It has important application value in the fields of finance, insurance, government, and military. This paper studies the use of blockchain smart contracts to design a non-centralized, transparent and trusted network mutual aid platform. Based on this, rely on the existing blockchain privacy protection technology, we propose the user privacy protection method of the network mutual aid platform, making the user's identity information confidential to other users.

Figures and Tables | References | Related Articles | Metrics

Android Terminals Control Technology Based on Inject and Hook

Zhongyuan QIN, Junrui ZHANG, Qunfang ZHANG, Zhiyong SONG

2018, 18 (9): 66-73. doi: 10.3969/j.issn.1671-1122.2018.09.011

Abstract ( 561 )

HTML ( 2 )

PDF (6096KB) ( 152 )

In view of the lack of an effective software management and control solution for Android terminals, this paper proposes an Android terminal management and control technology based on Inject and Hook. Firstly, the custom code with the function of management and control is injected into the system service process. Current requested services can be found by hijacking the address of function ioctl(), which is a key function in inter-process communication (IPC). After that, IPC data packets can be monitored and parsed by the injected code. If the requested services are in the blacklist of control strategy, the relevant data packets are modified to realize real-time management and control. Finally, effectiveness of the technology is showed by the test results on real mobile phones.

Figures and Tables | References | Related Articles | Metrics

Anti-counterfeiting Scheme and It’s Implementation Based on NFC Smart Card

Yifan LI, Changting LI, Yiming LI, Zongbin LIU

2018, 18 (9): 74-79. doi: 10.3969/j.issn.1671-1122.2018.09.012

Abstract ( 472 )

HTML ( 1 )

PDF (5003KB) ( 172 )

With the improvement of counterfeiting, it is increasingly urgent to increase the cost of counterfeiters. In view of the drawbacks of the existing NFC anti-counterfeiting schemes in the commodity market, such as the high cost of deploying the server separately, the complicated cipher text interaction, the unsupervised chips, and the inability to resist replay attacks, an implementation of authorization and anti-counterfeiting scheme based on NFC was designed in this paper, using third-party trusted platform to reduce costs and supervise the chips. Besides, the anti-counterfeiting application interacts with the platform using clear text and uses digital signatures with a random number to protect the interaction. The scheme has a certain guiding role in anti-counterfeiting of product in terms of ideas and techniques.

Figures and Tables | References | Related Articles | Metrics

Research on Malicious E-mail Detection Technology

Jian ZHANG, Wenzhen LI, Liangyi GONG

2018, 18 (9): 80-85. doi: 10.3969/j.issn.1671-1122.2018.09.013

Abstract ( 732 )

HTML ( 19 )

PDF (4719KB) ( 305 )

With the large leakage of personal privacy information, attackers can collect relevant information of the attack target, thereby creating an E-mail with high relevance to the recipients’ information to spread malicious code and APT attacks. Most of the traditional spam detection methods rely on the static features extracted from the E-mail, however, this has great limitations for the detection of complex and targeted new types of malicious E-mail. This paper thoroughly analyzed the development and changes of E-mail security threats in recent years, discovered the increasingly prominent issue of malicious E-mail security, then summarized the existing spam E-mail detection technology, and pointed out the inadequacies of malicious E-mail detection and proposed related improvement measures, finally introduced future research directions, and pointed out the inadequacies of malicious E-mail detection and proposed the future research directions.

Figures and Tables | References | Related Articles | Metrics

Symbolic Execution Optimization Methods for Specific File Structures and Key Instructions

Hu CHEN, Yao ZHOU, Junsuo ZHAO

2018, 18 (9): 86-94. doi: 10.3969/j.issn.1671-1122.2018.09.014

Abstract ( 469 )

HTML ( 0 )

PDF (6760KB) ( 148 )

In view of the lack of file structure information and path explosion in symbol execution, this paper puts forward the optimization method respectively. The parameter immobilization method maintains the file structure information field as a fixed value in the newly generated test case to ensure the legality of the file format. The pruning method for key instruction that combines static analysis technology ensures symbol execution to only produce test cases that can cover key instructions. This paper also proposes two optimization methods which are test case selection strategy based on path depth and the coverage rate and constraint solving parallelization to improve the efficiency of symbol execution. Experiments show that the proposed optimization method can find vulnerabilities that the original symbolic execution tool can't detect. The efficiency of symbolic execution is increased by nearly 43 times, which confirms the effectiveness of the optimization methods.

Figures and Tables | References | Related Articles | Metrics

Design on the Blockchain-based Authentication for Smart Objects

Qiongqiong DUAN, Dinghua XIANG, Hongzhou SHI

2018, 18 (9): 95-101. doi: 10.3969/j.issn.1671-1122.2018.09.015

Abstract ( 623 )

HTML ( 2 )

PDF (5033KB) ( 207 )

Smart objects as the supporting entity for the bottom layer of the Internet of things. The identity authentication technology is a necessary prerequisite for the secure communication between smart objects. Blockchain, as a technology that has the characteristics of data not being tampered, trust decentralization, and book disclosure, provides a new idea for smart object authentication schemes. In this paper, a smart object authentication scheme based on blockchain technology is designed and proposed by combining the respective characteristics of blockchain and smart objects. Based on this, a smart object authentication algorithm combined with zero-knowledge proof and blockchain is designed and implement a prototype system of the smart object authentication scheme.

Figures and Tables | References | Related Articles | Metrics

Research on Network Intrusion Detection Based on Xgboost

Yang ZHANG, Yuangang YAO

2018, 18 (9): 102-105. doi: 10.3969/j.issn.1671-1122.2018.09.016

Abstract ( 773 )

HTML ( 9 )

PDF (3381KB) ( 250 )

The application of machine learning in network intrusion detection has attracted wide attention, and the main algorithms used are decision tree, random forest, logistic regression, KNN (K-Nearest Neighbor) and other machine learning models. These algorithms are long published, mature and have limited potential. Xgboost (eXtreme Gradient Boosting) algorithm is relatively new, and has less research in network intrusion detection. Based on intrusion detection data set KDD 99, this paper uses logit, KNN, decision tree, random forest and Xgboost to perform 5 fold cross validation, calculates and compares recognition effects of these algorithms. The test results show that Xgboost algorithm has excellent performance in intrusion detection compared with the existing machine learning algorithms, and has a large space for development in the field of network intrusion detection.

Figures and Tables | References | Related Articles | Metrics

Table of Content