Netinfo Security

Model of Cloud Computing Security and Compliance Capability for Classified Protection of Cybersecurity 2.0

Zhenfeng ZHANG, Zhiwen ZHANG, Ruichao WANG

2019, 19 (11): 1-7. doi: 10.3969/j.issn.1671-1122.2019.11.001

Abstract ( 1180 )

HTML ( 25 )

PDF (8210KB) ( 563 )

Based on the baseline for classified protection of cybersecurity, this paper identified the classified protection object, safety measures and security capabilities of cloud computing platform/system, building the model of cloud computing security and compliance capability for classified protection of cybersecurity 2.0. The security technology capability of cloud computing platform/system can be obtained by comparing with each evaluation item of classified protection of cybersecurity, and the vulnerability of cloud platform/system can be found, which is convenient for cloud service providers and cloud service customers to make corresponding security reinforcement to enhance the security protection ability of cloud computing platform/system resist risk.

Figures and Tables | References | Related Articles | Metrics

Industrial Control System Intrusion Detection Model Based on S7 Protocol

Zheng TIAN, Shu LI, Yizhen SUN, Xi LI

2019, 19 (11): 8-13. doi: 10.3969/j.issn.1671-1122.2019.11.002

Abstract ( 620 )

HTML ( 12 )

PDF (6843KB) ( 180 )

With the proposal of “made in China 2025” strategy, the integration of industrial control network and Internet technology is getting higher and higher. At the same time, the closeness of industrial control network has been broken to a certain extent, making the problem of industrial control network security increasingly serious. S7 protocol is a private protocol of Siemens company in Germany, which is widely used in the communication process of industrial control network. This paper proposes an industrial control composite intrusion detection model based on deep analysis and white list self-learning. The model uses deep analysis algorithm to realize the analysis of S7 data packets, dynamically builds a white list through white list self-learning algorithm, and uses the composite intrusion detection method of white list detection and abnormal behavior detection to detect anomalies. The experiments show that the method can effectively detect the abnormal S7 protocol packets in the industrial control network, and the detection accuracy can reach 98.3% at 5000/s packet rate.

Figures and Tables | References | Related Articles | Metrics

A HIBE Scheme of Differentiates the Number of Identity Layers

Quanming LIU, Jie FENG, Yinnan LI, Shasha SU

2019, 19 (11): 14-23. doi: 10.3969/j.issn.1671-1122.2019.11.003

Abstract ( 556 )

HTML ( 3 )

PDF (10988KB) ( 125 )

In order to identify the internal attack threat of the encryption system, this paper divides the encryption process based on the hierarchical identity encryption structure into two cases: odd and even. By dividing the ciphertext into two forms, the system can distinguish the identity layer of the internal adversary. Decryption requires only one bilinear pair computation, which improves the decryption efficiency to a certain extent. The method of security proof is the double system encryption technology, which proves that the scheme is secure and anonymous under the adaptive ID model. Compared with the original scheme, the scheme uses fewer parameters and the encryption efficiency is improved. The scheme can resist the external attack, and can effectively identify the threat from the internal information leakage of the system, so that the security of the encryption scheme has been improved.

Figures and Tables | References | Related Articles | Metrics

Research and Analysis of Anomaly Detection Technology for Operation and Maintenance Data in the Era of Artificial Intelligence

ZHU Haiqi, JIANG Feng

2019, 19 (11): 24-35. doi: 10.3969/j.issn.1671-1122.2019.11.004

Abstract ( 847 )

HTML ( 12 )

PDF (14206KB) ( 198 )

With the arrival of the information age and the landing and practice of artificial intelligent technology in various fields, IT operation and maintenance ushers in a new era of IT intelligent operations and maintenance. In order to ensure the safe and reliable operation of large-scale hardware and software system, it is necessary to have professional operation and maintenance personnel to deploy, operate and maintain the system. Operation and maintenance data is a series of parameters related to the running state of large-scale hardware and software system. The anomaly detection technology of operation and maintenance data is designed to detect the health status of large-scale system and free operation and maintenance personnel from complicated alarms and noises. However, the scarcity of labeled data and the high requirements of enterprises for accuracy bring severe challenges to the practical application of operation and maintenance data anomaly detection technology. This paper describes the abnormal operation and maintenance data, and introduces the research status of operation and maintenance data anomaly detection in detail. On this basis, this paper presents a preliminary solution and gives experimental results. This paper expounds the potential problems and possible development directions of operation and maintenance data anomaly detection, and tries to provide feasible research ideas for the development of operation and maintenance data anomaly detection technology.

References | Related Articles | Metrics

Analysis and Implementation of SQL Injection Vulnerability Mining Technology Based on Machine Learning

Jianwei HU, Wei ZHAO, Zheng YAN, Rui ZHANG

2019, 19 (11): 36-42. doi: 10.3969/j.issn.1671-1122.2019.11.005

Abstract ( 1120 )

HTML ( 55 )

PDF (8226KB) ( 382 )

With the advent of the Web2.0 era, the presentation ability of Web applications has been improved dramatically, and the supporting functions have increased significantly. Therefore, Web applications have penetrated into all aspects of people’s lives. The biggest characteristic of the Web2.0 is that ordinary users participate in the process of creating Internet content, their identities changed from the pure recipients of information to the contributors and the winner of information.Thus the data saved by Web application is larger on and more complex in the structure, which leads the large and small web applications today maintain their own databases to store those data.The data stored in the database is the most valuable part of a Web application. However, an attacker can obtain the data or even modify the data through SQL injection vulnerability. This attack seriously affects the integrity and confidentiality of the data in the database, and it is one of the most serious security problems of the Web application. Vulnerability mining technology can identify SQL injection vulnerabilities and fix it before the product goes live.This paper briefly introduces the traditional SQL injection vulnerability mining technology and its shortcomings, and then discusses the development direction and difficulties of SQL injection vulnerability mining technology in today’s machine learning and big data environment.

Figures and Tables | References | Related Articles | Metrics

A Quantum Identity Authentication Based on Bell State

Shun ZHANG, Zhangkai CHEN, Fengyu LIANG, Runhua SHI

2019, 19 (11): 43-48. doi: 10.3969/j.issn.1671-1122.2019.11.006

Abstract ( 537 )

HTML ( 4 )

PDF (6908KB) ( 210 )

This paper proposes a new quantum identity authentication protocol based on Bell states which can realize two users simultaneously authenticate each other. Compared with previous quantum identity authentication protocols, this protocol can achieve bidirectional simultaneous identity authentication without the third party which is a trusted certification authority in some previous protocols. Therefore various unsafe factors are avoided in this protocol. The decoy-particle and entangle state’s correlation check method are used to ensure that the quantum states transmitted between the authentication parties are not changed. At the same time, the classical information transmitted between the authentication parties is calculated by the secure one-way Hash function, which can guarantee the security of the process of identity authentication. This protocol can certify two bits classical string with one Bell state which can save much quantum resources. The operations that users need to execute are classical XOR operations which make this protocol easier to be implemented. Analysis shows that this protocol can resist various inside and outside attacks such as intercept-resend attack and man-in-the-middle attack.

Figures and Tables | References | Related Articles | Metrics

Statistics-based Browser Fingerprint Acquisition Technology

Liangfeng ZHANG, Yi WANG, Yuanyi WU, Rui KONG

2019, 19 (11): 49-55. doi: 10.3969/j.issn.1671-1122.2019.11.007

Abstract ( 669 )

HTML ( 14 )

PDF (8928KB) ( 144 )

Browser’s fingerprint is a new technology used as a unique identifier for the user,it can learn enough information about your browser to uniquely distinguish you from all the other visitors to that site. When it is used to marketing advertising and defend fraud, attackers use this technology to track users at the same time. To protect users’ privacy, researchers have proposed many solutions to avoid being tracked. One of the newest is randomizing key attributes of browser’s fingerprint to disruptive relevance between user’s different sessions. This paper proposed an attack on a recent proposal that randomizes browser features to defeat fingerprinting and demonstrated the attack’s effectiveness. With a statistics method and Side-channel attack method, this paper can restore the truth of the key attribute of browser’s fingerprint and distinguishdifferent users . The experimental results show that with our method, the accuracy of restore the browser’s fingerprint is more than 98%.

Figures and Tables | References | Related Articles | Metrics

Signature Verification Based Legality Discrimination Technology for Mobile Terminal APPs

Tao LI, Junxian SHI, Aiqun HU

2019, 19 (11): 56-62. doi: 10.3969/j.issn.1671-1122.2019.11.008

Abstract ( 539 )

HTML ( 2 )

PDF (7751KB) ( 98 )

With the increasing popularity of mobile terminal devices, more and more users choose to install third-party application software to meet their different needs. Due to the lack of ability to discriminate against the legality of applications, most users have inadvertently installed illegal applications. Illegal application software is repackaged by modifying the source code of the legitimate application software and embedding malicious code in it. The modification of other people’s application software infringes the legitimate rights and interests of the original software developer, and the malicious code contained therein will obtain the user’s information, resulting in the user’s privacy violation and property loss. The illegal application software has seriously threatened the security of the mobile terminal device. This paper proposes a discriminant technology based on signature verification. The whitelist database is built by collecting the characteristic parameters in the digital certificate of the legal application software, and then the corresponding feature parameters in the digital certificate of the application software to be tested are compared with the data in the whitelist database to determine its legality. The experimental results show that the technology has high detection speed, high accuracy and strong practicability.

Figures and Tables | References | Related Articles | Metrics

Research on Inter-domain Routing Anomaly Detection Technology

Hailian DENG, Yujing LIU, Yixuan GE, Jinshu SU

2019, 19 (11): 63-70. doi: 10.3969/j.issn.1671-1122.2019.11.009

Abstract ( 559 )

HTML ( 7 )

PDF (9292KB) ( 177 )

Due to the shortcomings of BGP protocol design, the inter-domain routing system suffers serious security problems such as prefix hijacking, path tampering and route leakage. Currently, the related routing anomaly detection systems usually use the abnormal characteristics of routing message and data traffic to detect. However, due to the instantaneous change of network environment and the variety of routing attacks, it is difficult to locate abnormal events effectively and accurately. This paper analyzes the massive real inter-domain routing data and finds that the routing changes show power law, that is, the routing between the vast majority of source target pairs is stable, and the routing between a few source target pairs will change frequently. Based on the observation results, this paper proposes a detection method of detecting abnormal routing behavior by comparing the deviation of routing behavior from the normal model, and tests and verifies the real hijacking of Japanese network events on the Internet. This method can provide powerful support for the detection and analysis of routing abnormal events, and is of great significance for improving the rapid response of abnormal events.

Figures and Tables | References | Related Articles | Metrics

Network Security Risk Analysis of Industrial Control System Based on Time Automata

Zongping LV, Lei DING, He SUI, Zhaojun GU

2019, 19 (11): 71-81. doi: 10.3969/j.issn.1671-1122.2019.11.010

Abstract ( 547 )

HTML ( 6 )

PDF (13657KB) ( 110 )

With the increasing openness of industrial control system, a large number of industrial control protocol vulnerabilities are exposed on the Internet, causing a sharp rise in industrial control system security risks. In this paper, a network security analysis method of industrial control system based on time automata is proposed based on the Modbus protocol, which is the most commonly used Modbus protocol in industrial control system. Firstly, the network structure, safety attributes and security threats of the control system are summarized according to the filling production process. Then, the state, behavior, security policy and attack behavior of the control system are modeled by time automata, and the models are connected into a network by clock synchronization. Finally, the UPPAAL tool is used to write the security attribute formula, and the security attribute is verified in two cases with or without attack. The comparison of experimental results shows that the man-in-the-middle attack against Modbus protocol successfully destroys the integrity and availability of the control system.

Figures and Tables | References | Related Articles | Metrics

A High-speed Network Flow Reassembly Optimized Scheme for Network Security Analysis

Liangguo CHEN, Shuhua RUAN, Xingshu CHEN, Yonggang LUO

2019, 19 (11): 82-90. doi: 10.3969/j.issn.1671-1122.2019.11.011

Abstract ( 606 )

HTML ( 9 )

PDF (9753KB) ( 140 )

In high-speed network environment, network traffic collection and reassembly is an important prerequisite for network security analysis. To meet the need of the accuracy and real-time requirement of network security analysis, a high-speed network flow reassembly optimization scheme is proposed in this paper. Firstly, a parallel mechanism of multi-flow tables is designed in the Hash-based flow table scheme, the load balancing problem of high-speed network flows distributed among multiple flow tables is solved by introducing feedback information into the distribution strategy of high-speed network flows. Secondly, in order to further reduce the overhead of flow aging detection, an active queue is designed in the flow table scheme. Records are arranged in the order of least recent usage, which could avoid full flow table traversal operation and reduce the time complexity of flow aging detection. Finally, a high-speed network flow reassembly system based on flow table optimization scheme is implemented by DPDK, and the accuracy and real-time performance of the flow table optimization scheme are verified. The experimental results show that when the network bandwidth is 10 Gbps, the packet loss rate is 0.002%, which can effectively meet the data requirements of network security analysis in high-speed network environment.

Figures and Tables | References | Related Articles | Metrics

Table of Content