Netinfo Security

Intrusion Detection Model Based on ICA Algorithm and Deep Neural Network

Jinghao LIU, Siping MAO, Xiaomei FU

2019, 19 (3): 1-10. doi: 10.3969/j.issn.1671-1122.2019.03.001

Abstract ( 687 )

HTML ( 3 )

PDF (10658KB) ( 245 )

In order to solve the problem of high dimensionality and non-linearity of network data, an intrusion detection model, which is based on ICA (Independent Component Analysis) and DNN (Deep Neural Network), is proposed. First,the characteristics of network connection data are reduced by using ICA algorithm based on maximal non Gauss property. The data is mapped from high dimensional feature space to low dimensional space, and the feature redundancy is eliminated. Then the deep neural network is used for classification. Deep neural network adopts ReLU activation function and cross entropy loss function and Adam optimization algorithm. ICA-DNN algorithm can not only reduce feature redundancy, but also grasp the internal structure of features. The experiment shows that the ICA-DNN based intrusion detection algorithm has better feature learning ability and more accurate classification ability than some shallow machine learning algorithms.

Figures and Tables | References | Related Articles | Metrics

Research on Transfer Time Series Anomaly Detection Algorithm Based on Instance

Wei WANG, Xudong SHEN

2019, 19 (3): 11-18. doi: 10.3969/j.issn.1671-1122.2019.03.002

Abstract ( 716 )

HTML ( 5 )

PDF (8987KB) ( 175 )

Time series anomaly detection is attracting great interest both in academia and industry. A common and ubiquitous problem is the lack of abnormal tag data. In order to solve this problem, this paper proposes InsTransAnomalyDetect which is a time series anomaly detection algorithm based on transfer learning. This algorithm transforms the instance by constructing an effective transfer decision function. According to the decision function, this algorithm transforms the original unsupervised anomaly detection task into a supervised learning task. The algorithm integrates two decision functions, which are density-based decision function and cluster-based decision function. Finally, the method is compared with two classical anomaly detection algorithms on 24 data sets. The experimental results show that 21 of the 24 data sets outperform the unsupervised anomaly detection algorithm, and the average accuracy rate is about 20% better. Experiments show that the migration learning method is promising and proves the superiority of the algorithm framework.

Figures and Tables | References | Related Articles | Metrics

Research Status and Development Trends on Network Encrypted Traffic Identification

Liangchen CHEN, Shu GAO, Baoxu LIU, Zhigang LU

2019, 19 (3): 19-25. doi: 10.3969/j.issn.1671-1122.2019.03.003

Abstract ( 1758 )

HTML ( 98 )

PDF (9649KB) ( 808 )

The rapid growth of network encrypted traffic is changing the threat landscape. How to realize real-time and accurate identification of network encrypted traffic is an important issue in the field of cyberspace security in China. It is also a research hotspot of network behavior analysis, network planning construction and network traffic model. This paper discusses the basic concepts, research progress, evaluation indicators and existing issues of network encrypted traffic identification, and summarizes and forecasts the development trends and challenges of network encrypted traffic identification. This paper can provide reference for further exploration of new methods and technologies in the field of cyberspace security.

Figures and Tables | References | Related Articles | Metrics

Research on Browser Fuzz Sample Generation Technology Based on Deep Learning

Yong FANG, Guangxiatian ZHU, Luping LIU, Peng JIA

2019, 19 (3): 26-33. doi: 10.3969/j.issn.1671-1122.2019.03.004

Abstract ( 861 )

HTML ( 11 )

PDF (9014KB) ( 205 )

Fuzz testing is one of the most mature and effective methods among the approaches used to mine vulnerabilities for modern software. However, traditional Fuzz testing generally have some problems, such as limited depth of exploring code space or lacking of directivity in generating samples. To alleviate these issues, a kind of framework was proposed to generate samples of browsers by making use of long short term memory (LSTM) network. The framework consists two components: sample generating and Fuzz testing. Firstly, the sample are encoded into vectors which are much easier to implement in LSTM network. This process is called file preprocessing. After finishing the learning period, the network will generate a mound of samples as test set. Then test set will be generated by mutating samples based on traditional mutation strategies. Finally, the test set will be feed into the browser for Fuzz testing. In order to verify the effectiveness of the framework, the learning results, generating sample results and Fuzz results of LSTM network have been analyzed statistically. It is proofed that the proposed framework could satisfy the needs of browser Fuzz generation and overcome the difficulties of insufficient mining depth and lack of directivity in generating samples in traditional browser Fuzz, which was suitable for mining one or several browser vulnerabilities.

Figures and Tables | References | Related Articles | Metrics

Deep Belief Network Model for Mobile Terminal Identity Authentication

Ziwen SUN, Yichao ZHANG

2019, 19 (3): 34-42. doi: 10.3969/j.issn.1671-1122.2019.03.005

Abstract ( 436 )

HTML ( 2 )

PDF (9464KB) ( 119 )

Aiming at the information security problem faced by mobile terminal, a deep belief network model for mobile terminal identity authentication is established. The touch screen sensor is used to collect the user’s original touch gesture data sequence. After the data is pre-processed, the gesture features are extracted and passed into the deep belief network model. The layer-by-layer greedy algorithm is used for unsupervised pre-training, and then the back-propagation algorithm is used to supervise and fine-tune the fixed model parameters. The gesture feature data is used as the model input layer, and the output layer data is obtained after the model is calculated, and the output data is classified and authenticated by the Softmax classifier. Compared with the continuous hidden Markov model and back propagation algorithm, the simulation results show that the deep belief network method can achieve a lower error rate and significantly improve the accuracy of authentication.

Figures and Tables | References | Related Articles | Metrics

Encryption and Decryption Interval Locating Method for Non-trigger Side-channel Analysis

Li DAI, Honggang HU

2019, 19 (3): 43-51. doi: 10.3969/j.issn.1671-1122.2019.03.006

Abstract ( 475 )

HTML ( 1 )

PDF (10250KB) ( 117 )

This paper studies how to quickly locate encryption and decryption intervals in the non-trigger side channel analysis scenario. The paper proposes the “rough matching + fine matching” architecture, and designs two kinds of rough matching algorithm: the fast-distance matching algorithm and the fast-elastic matching algorithm. By performing dimensionality reduction and feature extraction on original trace data, fast interval locating can be achieved. The fast-distance matching algorithm is designed for traces without random delay protection; meanwhile the fast-elastic matching algorithm is designed for traces with random delay protection. By using rough matching algorithms and traditional trace alignment algorithms in combination, people can align traces quickly and accurately. In addition, the experimental results in this paper prove the feasibility and efficiency of the rough matching algorithms. The solution can meet the efficiency requirement of real-time interval locating during traces acquisition, and can help solve the problem of interval identification and localization under non-trigger or low-efficiency trigger side channel analysis scenarios.

Figures and Tables | References | Related Articles | Metrics

Blockchain-based Distributed Cloud Storage System with Public Verification

Yiming HEI, Jianwei LIU, Zongyang ZHANG, Hui YU

2019, 19 (3): 52-60. doi: 10.3969/j.issn.1671-1122.2019.03.007

Abstract ( 737 )

HTML ( 4 )

PDF (10627KB) ( 351 )

Valuable data are uploaded to the cloud for sharing by users in the age of big data, which requires more secure and reliable cloud storage services. At present, cloud storage service guarantees data security through distributed storage, but cloud data is still concentrated in storage service providers, and data integrity verification depends on third party. In addition, the traditional cloud storage mode relies on the equipments of service providers and does not make full use of the idle storage space of users. This paper proposes a distributed storage system based on blockchain consensus mechanism and its characteristic of decentralization. The system establishes incentive mechanism to encourage all network nodes to participate in data storage services, improves the utilization of network storage space, and introduces smart contracts to ensure fairness of data services. Comparing with other blockchain-based distributed storage systems, the storage proof of the proposed system is concise and efficient, which can realize the on-chain and off-chain data retrieval and public data integrity verification, and can ensure the fairness of off-chain micro-payment. The security analysis and contract test results show that the system can achieve fair data storage, retrieval and public integrity verification.

Figures and Tables | References | Related Articles | Metrics

The Intrusion Detection Method of SMOTE Algorithm with Maximum Dissimilarity Coefficient Density

Hong CHEN, Yue XIAO, Chenglong XIAO, Jianhu CHEN

2019, 19 (3): 61-71. doi: 10.3969/j.issn.1671-1122.2019.03.008

Abstract ( 515 )

HTML ( 2 )

PDF (12456KB) ( 85 )

Intrusion detection method based on machine learning is applied in imbalanced intrusion datasets, mostly focused on enhancing the overall detection rate and reduce the overall failure rate, but the detection rates of minority classes are low, a good classification performance of the minority classes in practical application is also important. Therefore, an intrusion detection method for the SMOTE based on the maximum dissimilarity coefficient density algorithm with DBN (Deep Belief Network) and GBDT (Gradient Boosting Decision Tree) is proposed. Its core idea: in the data preprocessing stage, the SMOTE algorithm based on the maximum dissimilarity coefficient density is applied for data oversampling, and Deep Belief Network is used for feature extraction. In this way, improving the number of minority samples, and increasing the number of samples while reducing the number of sample dimensions, then training GBDT classifier on the balanced datasets, and the experimental verification is carried out by using the NSLKDD datasets. Experimental results show that ,while the proposed method maintains a high overall detection rate, the effect of minority detection is improved significantly, which improves the detection ability of intrusion detection for minority attack.

Figures and Tables | References | Related Articles | Metrics

Certificateless Multi-server Searchable Encryption Scheme in Cloud Environment

Yulei ZHANG, Xiangzhen LIU, Xiaoli LANG, Caifen WANG

2019, 19 (3): 72-80. doi: 10.3969/j.issn.1671-1122.2019.03.009

Abstract ( 486 )

HTML ( 6 )

PDF (9561KB) ( 205 )

With the gradual popularization of cloud storage technology, how to protect the privacy of users is becoming a research hotspot. To solve this problem, you need to use searchable encryption technology. Searchable encryption can perform keyword searches on ciphertext. The searchable encryption scheme under the certificateless cryptosystem solves the problem of key escrow under the identity cryptosystem, and also reduces the burden of certificate management under the public key infrastructure. This paper proposes a new certificate-free multi-server searchable encryption scheme that allocates storage and search functions to different servers. Compared with a single server, it not only improves data retrieval efficiency, but also reduces the burden on the server. The program has better utility. Compared with the original scheme, this scheme reduces the number of bilinear pairs and improves the efficiency of the operation. And under the random oracle model, it shows that the scheme is safe.

Figures and Tables | References | Related Articles | Metrics

A Secure Outsourcing Computation Scheme for El-Gamal Signature Generation

Pu ZHAO, Wei CUI, Rong HAO, Jia YU

2019, 19 (3): 81-86. doi: 10.3969/j.issn.1671-1122.2019.03.010

Abstract ( 617 )

HTML ( 0 )

PDF (6638KB) ( 131 )

As a new computing mode, cloud computing has realized people’s requirement of computing power as a resource. Cloud servers can provide resource-constrained clients with much support, including computing power and storage space. But fully trusted servers are rare in practice. Untrusted servers may steal the privacy of the clients. This paper presents a secure outsourcing scheme for El-Gamal signature generation, which makes resource-constrained signers could efficiently generate El-Gamal signature with the help of cloud servers. Meanwhile, our scheme also provides privacy protection of signers. Our scheme also includes verification mechanism, which allows signer to check the correctness of result returned by the cloud server. The security analysis proves that our proposed scheme can help signers to improve signature generation efficiency under the premise of protecting signers’ privacy.

Figures and Tables | References | Related Articles | Metrics

Table of Content