Loading...
Netinfo Security

Table of Content

    10 April 2019, Volume 19 Issue 4 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    Construction Method and Verification of Local Trusted Computing Environment in Industrial Control Network
    Wenli SHANG, Xiule ZHANG, Xianda LIU, Long YIN
    2019, 19 (4):  1-10.  doi: 10.3969/j.issn.1671-1122.2019.04.001
    Abstract ( 503 )   HTML ( 5 )   PDF (11910KB) ( 224 )  

    The information security protection capability of terminal system layer of industrial control system is relatively weak. Constructing the trusted computing environment of the local industrial control equipment layer is of great significance for greatly improving the information security protection capability of industrial control system. This paper proposes the design of industrial control network security application based on trusted PLC. Starting from the security problem of terminal control equipment, the application design completes the security protection of the equipment itself and its network, and constructs high-security and high-trusted industrial control network operating environment. The simulation experiment combines the trusted PLC and the special safety products of industrial control system to build the local trusted computing architecture of industrial control network, verify the trusted start-up process of trusted PLC, and guide the trusted PLC to exchange the security function data. The anomaly detection model based on deep belief network is used to detect the normal communication data and the data subjected to the simulated attack in the trusted computing environment. The experimental results verify the security and credibility of the local trusted computing environment of industrial control network.

    Figures and Tables | References | Related Articles | Metrics
    A Method for Improving the Performance of Spark on Container Cluster Based on Machine Learning
    Chunqi TIAN, Jing LI, Wei WANG, Liqing ZHANG
    2019, 19 (4):  11-19.  doi: 10.3969/j.issn.1671-1122.2019.04.002
    Abstract ( 514 )   HTML ( 2 )   PDF (9841KB) ( 131 )  

    At present, Spark-based applications are very extensive. Reasonable configuration will make Spark jobs have higher execution efficiency. A large number of scholars have conducted in-depth research on the parameter tuning of Spark on virtual machine clusters. In recent years, as an emerging cloud computing infrastructure, containers are more and more widely used in service clusters. Therefore, it is also important to study the parameter tuning of Spark on container clusters. This paper studies the parameter configuration problem of Spark on Docker container cluster, and proposes a new parameter tuning method(ContainerOpt), which uses machine learning method to learn and predict the performance of the job under different parameter combinations, and introduces node automatic scaling mechanism that enable higher-input jobs to achieve better performance. In order to achieve a better balance between job execution time and resource occupation, a performance representation model based on time and resource is proposed to replace the traditional performance representation model based on a single execution time. The experimental results show that compared with the default configuration, the parameter tuning method can improve the execution efficiency by 50%.

    Figures and Tables | References | Related Articles | Metrics
    Malware Classification Method Based on Word Vector of Assembly Instruction and CNN
    Yanchen QIAO, Qingshan JIANG, Liang GU, Xiaoming WU
    2019, 19 (4):  20-28.  doi: 10.3969/j.issn.1671-1122.2019.04.003
    Abstract ( 799 )   HTML ( 4 )   PDF (10805KB) ( 235 )  

    In view of the fact that the features used in the current malware classification method are too dependent on expert experience and high complexity problems caused by high feature dimensions, this paper proposes a classification based on word vector of assembly instruction and Convolutional Neural Network (CNN). This paper considers the assembly code file of the executable malware sample as a document, in which the assembly instruction is treated as a word, thereby converting a sample into a document, and using Word2Vec method for each document to calculate the word vector of different instructions on the document. Each sample is then converted into a matrix based on the Top100 assembly instruction sequence counted in the training sample set. Finally, CNN is used to train the classification model on the training sample set. The experimental evaluations shows that the average accuracy of the method is 98.56%.

    Figures and Tables | References | Related Articles | Metrics
    False Data Intrusion Detection Method Based on Physical Information in Power Network
    Zhuoqun XIA, Youyou ZENG, Bo YIN, Ming XU
    2019, 19 (4):  29-36.  doi: 10.3969/j.issn.1671-1122.2019.04.004
    Abstract ( 400 )   HTML ( 5 )   PDF (9417KB) ( 136 )  
    Aim

    ing at the difficulty of fast detection in false data intrusion detection method, this paper proposes a false data intrusion detection method based on physical information. The method uses the high-sampling synchronous phasor measurement unit to collect measurement data in real time, and calculates the node voltage stability index (NVSI). When abnormal NVSI values exist in grid nodes, the system is based on the outlier detection algorithm to find the attacked nodes. When there are no obvious abnormal NVSI values in grid nodes, the vulnerable nodes are selected according to the difference of the NVSI value in time, and the attacked nodes are detected by physical rules cooperative detection method for the selected nodes. This paper uses a standard IEEE 39-bus power test system to simulate the system. The results show that the proposed method can detect the attacked nodes faster than other methods, and improve the detection accuracy.
    Figures and Tables | References | Related Articles | Metrics
    Automatic De-obfuscation-based Malicious Webpages Detection
    Yitao NI, Yongjia CHEN, Bogang LIN
    2019, 19 (4):  37-46.  doi: 10.3969/j.issn.1671-1122.2019.04.005
    Abstract ( 648 )   HTML ( 3 )   PDF (11356KB) ( 152 )  

    Browsing webpages is a popular way of using internet for many users. But malicious webpages can compromise users’ computer systems, steal the sensitive privacy data from users, and often result in users’ financial loss or making the compromised systems bots. So malicious webpages are becoming notorious threats of information security and computer systems. Moreover, malicious webpages often obfuscated their malicious codes to fuzz their signatures and make signature-based anti-virus engines cannot function effectively. This paper proposed an approach of automatic de-obfuscation based malicious webpage detection. Firstly, the proposed approach leverages taint analysis to automatically locate obfuscated code relevant of data and code. Next, based on the located data and code, it can change the obfuscated code into de-obfuscated code and replace these generated codes for the related obfuscated code in webpages. Finally, apply a well-known signature-based anti-virus engine to modified webpages for malicious code detection. This paper also conducted experiments to evaluate the proposed approach. The experimental results show that the approach can locate obfuscated code contained in webpages, de-obfuscate the obfuscated code successfully, and averagely enhances around 50 percent of malicious webpages detection ratio for 13 anti-virus engines deployed in VirusTotal website. Three of these anti-virus engines have increased detection rates by more than 80%.

    Figures and Tables | References | Related Articles | Metrics
    Research on Hardware Vulnerabilities Mining Method for Industrial Control Device Based on Dynamic Taint Analysis
    Bin DUAN, Lan LI, Jun LAI, Jun ZHAN
    2019, 19 (4):  47-54.  doi: 10.3969/j.issn.1671-1122.2019.04.006
    Abstract ( 604 )   HTML ( 7 )   PDF (10166KB) ( 184 )  

    In recent years, security events of industrial control system have occurred frequently. The vulnerabilities statistics of CNNVD and CVND show that the number of vulnerabilities in industrial control hardware is increasing year by year. Therefore, the research on exploiting vulnerabilities in industrial control hardware is of great significance to improve the safety of industrial control system. This paper chooses PLC firmware as the object of vulnerability mining and presents a method of hardware vulnerability mining of industrial control equipment based on dynamic stain analysis. This paper gives the taint propagation rules and the sensitive field quantization rules based on risk weight, which are used to generate guidance information to construct fuzzy test cases. This paper designs and implements a PLC_Taint Fuzzer vulnerability mining system. By setting up fuzzy test contrast experiment, this paper proves the efficiency of the method in vulnerability mining of industrial control equipment such as PLC.

    Figures and Tables | References | Related Articles | Metrics
    Research on Trie Tree Keyword Fast Matching Algorithm in Network Security Situational Awareness
    Guotian XU, Ming ZHANG
    2019, 19 (4):  55-62.  doi: 10.3969/j.issn.1671-1122.2019.04.007
    Abstract ( 496 )   HTML ( 2 )   PDF (8299KB) ( 129 )  

    High-speed keyword retrieval in massive data is of great significance for enhancing the response speed of network security situational awareness system and improving the overall efficiency and security of the system.The network information retrieval algorithm based on the double-array Trie-tree has higher search efficiency, but its insertion time complexity is higher, and the leaf nodes consume a lot of storage space.For this reason, this paper proposes a double-array Trie-tree construction method based on leaf node compression storage, traverses the tree hierarchically, stores the branch nodes in the basic double array, compresses the leaf nodes, and stores them in the compressed array. This method not only preserves the query performance of double-array Trie-tree, but also improves the insertion efficiency and storage space utilization efficiency.

    Figures and Tables | References | Related Articles | Metrics
    Survey of Privacy Preservation in VANET
    Yilin LI, Zheng YAN, Haomeng XIE
    2019, 19 (4):  63-72.  doi: 10.3969/j.issn.1671-1122.2019.04.008
    Abstract ( 650 )   HTML ( 6 )   PDF (11417KB) ( 160 )  

    Vehicular Ad-hoc Networks (VANET) is an intelligent transportation system that helps people improve traffic safety and efficiency. VANET is a new type of network that provides wireless communication for mobile vehicles through dedicated short range communication (DSRC). In VANET, vehicles can communicate with other vehicles and roadside units (RSUs) that are fixed to the roadside. At the same time, the privacy issues faced by VANET cannot be ignored. VANET's features such as open access, wireless communication, and malicious node attacks may cause privacy leakage of users in VANET, which seriously affects the use of VANET. So the privacy preservation is a key topic in VANET. Many papers have summarized schemes for protecting user privacy in VANET, but most of them fail to classify privacy preservation schemes and develop a detailed criteria for evaluating these schemes. The article categorizes the privacy attacks that exist in VANET and proposes a series of evaluation criteria to enable a detailed evaluation of the performance of privacy preservation schemes.

    Figures and Tables | References | Related Articles | Metrics
    Frequent Itemsets Mining Algorithm for Privacy Protection
    Chen JIANG, Geng YANG, Yunlu BAI, Junmei MA
    2019, 19 (4):  73-81.  doi: 10.3969/j.issn.1671-1122.2019.04.009
    Abstract ( 404 )   HTML ( 3 )   PDF (9270KB) ( 121 )  

    A variety of differentially private FIM algorithms have been proposed. However, current solutions for this problem cannot well balance privacy and data utility over large-scale data. This paper proposes a new differentially private FIM algorithm(TrunSuper). This algorithm truncates the transaction datasets to reduce the dimension, and sorts the items in decreasing order, then eliminates the items with less support. In this way, it can reduce the information loss of the frequent itemsets. This paper also theoretically proves that TrunSuper can produce reasonably accurate results while satisfying differential privacy. Experiments on several real datasets shows that TrunSuper performs better than other previous solutions.

    Figures and Tables | References | Related Articles | Metrics
    Research on the Construction of Early Warning Model of Criminals Based on Big Data
    Leihua ZHANG, Hongtai NIU, Zhongni WANG, Xuehong LIU
    2019, 19 (4):  82-89.  doi: 10.3969/j.issn.1671-1122.2019.04.010
    Abstract ( 923 )   HTML ( 46 )   PDF (9693KB) ( 241 )  

    Based on the existing crime data, the artificial crime and machine learning are used to construct the re-criminal prediction model of the criminals, so as to improve the accuracy of crime prediction and provide a scientific reference for the prevention and control of crimes. Collect basic attribute information, inferior information, activity trajectory and other data of the former staff, and construct a scientific and reasonable perceptual early warning analysis model through data cleaning, feature structure, model establishment, model evaluation and optimization,and select the random forest algorithm as the model training algorithm. The positive sample has an accuracy of 0.85 and a recall rate of 0.86. Crime early warning research is a useful exploration of the implementation of data policing by public security organs in the era of big data. It is the application of data mining and artificial intelligence technology in the field of public security, which is of great significance to the public security organs to implement the feed control of crime. Research shows that crime data can be used to prevent crime, and it can help us understand the causes of crime from a higher perspective.

    Figures and Tables | References | Related Articles | Metrics