Netinfo Security

Research on a New Scoring Algorithm of Testing and Evaluation for Classified Cybersecurity Protection

LI Shuilin, ZHU Guobang, FAN Chunling, CHEN Guangyong

2020, 20 (2): 1-6. doi: 10.3969/j.issn.1671-1122.2020.02.001

Abstract ( 593 )

HTML ( 8 )

PDF (6417KB) ( 197 )

The report template (2015 edition) gives the scoring algorithm of testing and evaluation for classified cybersecurity protection, however, there are some problems in this algorithm, such as the heavy workload of calculation and the result of calculation does not affect the evaluation conclusion. In this paper, aiming at the problem of scoring algorithm in 2015 edition report template, a new scoring algorithm of classified cybersecurity protection evaluation is proposed. The algorithm reduces the score range of coincidence degree of evaluation items, simplifies the calculation method of weighted score of evaluation items, greatly reduces the computational workload, and realizes the quantitative determination of evaluation conclusion. The experimental results show that the new scoring algorithm achieves a reasonable result in quantitative evaluation of information system, and effectively improves the accuracy and scientificity of evaluation conclusion.

Figures and Tables | References | Related Articles | Metrics

Research on Dynamic Monitoring Mechanism for Virtual Machine Based on Trusted Software Base

WANG Xiao, ZHAO Jun, ZHANG Jianbiao

2020, 20 (2): 7-13. doi: 10.3969/j.issn.1671-1122.2020.02.002

Abstract ( 582 )

HTML ( 9 )

PDF (7730KB) ( 142 )

In cloud computing environment, virtual machine（VM）is the main carrier for cloud service providers to provide services for cloud users. The security and credibility of VM is very important in the process of VM running, which is directly related to the security and credibility of cloud user services. Aiming at the problem of behavior credibility in the process of VM running, this paper proposes a dynamic monitoring mechanism of VM based on active immune trusted computing technology. By deploying the dual-system architecture of active immune trusted computing in the VM system, and using the trusted software base (TSB) to realize the active trusted measurement and active control of the VM running behavior, the mechanism ensures the security credibility of the VM running process, and solves the security credibility problem of cloud user services.

Figures and Tables | References | Related Articles | Metrics

Network Intrusion Detection Based on Improved MajorClust Clustering

LUO Wenhua, XU Caidian

2020, 20 (2): 14-21. doi: 10.3969/j.issn.1671-1122.2020.02.003

Abstract ( 710 )

HTML ( 5 )

PDF (9799KB) ( 129 )

Based on the supervised intrusion detection algorithm, the intrusion detection model cannot be accurately trained for network access connections without category marking or identification features. Therefore, an unsupervised intrusion detection algorithm based on improved main class clustering algorithm is proposed, which can dynamically improve the MajorClust clustering algorithm, with the sum of the ungrouped neighbors and the smallest point as the initial cluster center, according to the cluster Center and other conventional distance distribution characteristics, the spatial distribution curve between points is fitted by the least squares principle, the inflection point value of the curve is used as the clustering slice, the cluster abstraction is broken into clusters, and the network behavior data is realized. Automatic clustering and optimization. MajorClust algorithm, k-means algorithm and unsupervised intrusion detection model of DBSCAN algorithm, based on the optimization process, use NSL-KDD dataset to analyze and compare the detection results. The experimental results show that the MajorClust algorithm has a significant advantage in terms of its intrusion detection performance and effect stability.

Figures and Tables | References | Related Articles | Metrics

A Blockchain-based Behavior Regulation and Activities Management Scheme for Internet of Things

LANG Weimin, ZHANG Han, ZHAO Yifeng, YAO Jinfang

2020, 20 (2): 22-29. doi: 10.3969/j.issn.1671-1122.2020.02.004

Abstract ( 704 )

HTML ( 9 )

PDF (9717KB) ( 159 )

As a typical representative of the new generation of information technology, the value and significance of Internet of things (IoT) has been widely recognized by the countries all over the world. At the same time, IoT is facing serious scalability and security challenges. For the purpose of improving the security of the IoT, this paper takes IoT and blockchain as the research object, presents the six-domain model of IoT, studies the data format of blockchain, analyzes the security threats faced by IoT, explains the integration framework of IoT and blockchain, and elaborates the IoT security solutions based on the blockchain. This paper designs the detailed IoT behavior regulation workflow, pricing-based resource allocation algorithm and credit-based behavior management system, and conducts extensive experiments to evaluate the proposed scheme. The results show that while gaining the security benefits of blockchain and smart contracts, the cost of integrating them into IoT security scheme is within a reasonable and acceptable range.

Figures and Tables | References | Related Articles | Metrics

Formal Analysis of Security Protocol Based on Strand Space

YAO Mengmeng, TANG Li, LING Yongxing, XIAO Weidong

2020, 20 (2): 30-36. doi: 10.3969/j.issn.1671-1122.2020.02.005

Abstract ( 573 )

HTML ( 5 )

PDF (8539KB) ( 256 )

Security protocols are an important component in the field of information security. With the rapid development of emerging technologies, security protocols have become more and more complex, posing a challenge to the formal analysis of security protocols. In recent years, the formal analysis method based on the strand space theory is a hot spot, and it has received attention and research in the field of security protocol analysis, and has achieved certain results. This paper extends the theory of strand space, the concepts of matching strings, matching nodes, and the same execution cluster are proposed , and formalizes the fair multi-party non-repudiation protocol based on block chain using extend strand space theory, and finds the defect the protocol can’t satisfy fairness.

Figures and Tables | References | Related Articles | Metrics

A Differential Private Data Publishing Algorithm via Principal Component Analysis Based on Maximum Information Coefficient

PENG Changgen, ZHAO Yuanyuan, FAN Meimei

2020, 20 (2): 37-48. doi: 10.3969/j.issn.1671-1122.2020.02.006

Abstract ( 812 )

HTML ( 7 )

PDF (13505KB) ( 306 )

The privacy and availability of data are important issues of privacy protection. Principal component analysis (PCA) differential privacy can effectively protect the privacy of high-dimensional data and maintain the high availability of data by integrating the dimensionality reduction and noise addition of the principal component of high-dimensional data. The existing principal component analysis differential privacy protection algorithm relies on Pearson correlation coefficient, which can only capture the linear relationship of high-dimensional data in the privacy protection process, and does not consider to optimize the allocation of difference budget on the data set after dimension reduction, resulting in insufficient applicability of the algorithm and low data utility. To this end, a differential private data publishing algorithm (MIC-PCA-DPPD) is proposed via principal component analysis based on maximum information coefficient. The experimental results show that the proposed privacy protection algorithm is suitable for dimensionality maintenance of linear relationships, nonlinear relationships, multi-function relationships, etc. Its principal component dimensionality reduction can achieve efficient raw data information bearing. Compared with the classic differential privacy algorithm and PCA-based PPDP algorithm, the noise added to the data is smaller and the data availability can be effectively maintained, under the same constraint of privacy protection intensity.

Figures and Tables | References | Related Articles | Metrics

Risk Assessment of Mobile Payment System Based on STRIDE and Fuzzy Comprehensive Evaluation

LIU Yonglei, JIN Zhigang, HAO KUN, ZHANG Weilong

2020, 20 (2): 49-56. doi: 10.3969/j.issn.1671-1122.2020.02.007

Abstract ( 440 )

HTML ( 6 )

PDF (8313KB) ( 135 )

With the development of mobile communication technology and the popularity of smart phones, mobile payment is becoming more and more popular. However, the security weaknesses of wireless networks, system vulnerabilities in mobile devices, and account hijacking have all contributed to the security of mobile payments. This paper starts with the mobile payment transaction process, analyzes the security threat of mobile payment system, and proposes a risk assessment method, so that both parties can conduct security assessment on the transaction process to make security decisions. The method uses the STRIDE threat model to build an indicator system and uses a fuzzy comprehensive evaluation method to assess the risk of the transaction. A threat mitigation model based on trusted network connection (TNC) is established, and the security of mobile payment system is enhanced according to the evaluation result. Quantitative indicators are used in the assessment and a transaction-level fine-grained risk assessment is achieved. At the end of this paper, the risk assessment method is validated and analyzed by using two typical application scenarios.

Figures and Tables | References | Related Articles | Metrics

Dynamic Detection of Ransomware Based on Stacking Model Fusion

LÜ Zongping, ZHAO Chundi, GU Zhaojun, ZHOU Jingxian

2020, 20 (2): 57-57. doi: 10.3969/j.issn.1671-1122.2020.02.008

Abstract ( 676 )

HTML ( 7 )

PDF (9748KB) ( 114 )

In view of the characteristics of polymorphic deformation of ransomware, dynamic behavior feature analysis and detection method is widely used, but this method also has the problems of single detection feature and over-fitting of machine learning algorithm. Based on the Stacking model fusion method, a new ransomware detection algorithm, XRLStacking, is proposed. Firstly, all the original dynamic features of ransomware are extracted and de-redundant processing is carried out. Only three kinds of features, namely API name, thread number and sequence number, are retained for each sample call. Then, the features with little effect on classification are optimized by using fusion of N-gram and TF-IDF algorithm to ensure that each sample API has some features. Finally, classification based on Stacking model fusion algorithm and multi-feature combination are used to identify blackmail software. Experiments based on Cuckoo Sandbox to generate a large number of real data show that the proposed algorithm has high recognition accuracy. At the same time, compared with XGBoost and random forest, this algorithm can avoid over-fitting to some extent.

Figures and Tables | References | Related Articles | Metrics

Abnormal Traffic Detection Technology Based on Data Augmentation and Model Update

ZHANG Hao, CHEN Long, WEI Zhiqiang

2020, 20 (2): 66-74. doi: 10.3969/j.issn.1671-1122.2020.02.009

Abstract ( 771 )

HTML ( 16 )

PDF (11605KB) ( 498 )

Due to the endless network attack means, the data samples are constantly changing, resulting in low accuracy of anomaly detection. The traditional network abnormal traffic detection method is detected by rule matching. The detection method is relatively simple, and it is difficult to adapt to a complex and flexible large-scale network environment. To this end, this paper proposes an abnormal traffic detection technology based on data augmentation and model update. In order to solve the problem of data imbalance, this paper introduces the SMOTE algorithm to oversample the minority samples, and removes the noise data with the ENN algorithm. The important features are extracted by the random forest algorithm, and the model update is implemented with the feature importance as the distance metric in the improved KNN algorithm. Finally, the CatBoost classification algorithm is used to classify network traffic data. In the model iterative update process, the detection of abnormal traffic is better. Compared with HCPTC-IDS, the detection accuracy and false positive rate are improved. The experimental results on the KDD 99 dataset show that the multi-classification detection accuracy of this model is as high as 96.52%, and the false positive rate is only 0.92%.

Figures and Tables | References | Related Articles | Metrics

GPU High Speed Implementation of SHA1 in Big Data Environment

JI Zhaoxuan, YANG Zhi, SUN Yu, SHAN Yiwei

2020, 20 (2): 75-82. doi: 10.3969/j.issn.1671-1122.2020.02.010

Abstract ( 740 )

HTML ( 13 )

PDF (8917KB) ( 150 )

In the era of big data, data security is facing enormous challenges. Due to the rapid increase of network communication and data storage, a large number of cryptographic operations will affect the performance of the system, how to quickly perform cryptographic operations on data is a key issue in data security. SHA1 is a common cryptographic hash algorithm, which is mainly used for digital signature, file integrity checking and so on,widely used in all aspects of the Internet. The running time of cryptographic hash algorithm is proportional to the file size, so it is very time-consuming to calculate the message summary of large file.To further improve the performance of SHA1,based on the GPU technology, this paper achieves the acceleration operation of SHA1, a cryptographic hash algorithm, with a speed of 791 GB/s. Compared with the existing algorithms, the performance of the algorithm has been significantly improved.

Figures and Tables | References | Related Articles | Metrics

A Method of Internal Intrusion Detection of Database in RBAC Mode

YU Lu, LUO Senlin

2020, 20 (2): 83-90. doi: 10.3969/j.issn.1671-1122.2020.02.011

Abstract ( 485 )

HTML ( 5 )

PDF (8686KB) ( 97 )

In view of the current intrusion detection method of RBAC mode database, the user behavior is not sufficient, the use of user role tag information is lacking, and the detection ability of the detection model in the specific environment is insufficient, these lead to the problem that the internal intrusion detection method of the database is not effective. An integrated intrusion detection method IID_WRF based on s-triplet, LDA dimension reduction method and weighted random forest algorithm is proposed. The method first optimizes the existing user behavior representation method, refines the numerical features, and fully represents the user behavior; then uses the LDA method that can use the user role label information to reduce the dimension; finally, the weighted random forest is used for classification detection. The experimental results show that IID_WRF has the lowest false positive rate and false negative rate on X and Y data sets, can effectively improve the internal intrusion detection effect of the database.

Figures and Tables | References | Related Articles | Metrics

Outsourcing Database Join Query Verification Scheme Based on Authentication Tree

HOU Lin, FENG Da, XUAN Pengkai, ZHOU Fucai

2020, 20 (2): 91-97. doi: 10.3969/j.issn.1671-1122.2020.02.012

Abstract ( 574 )

HTML ( 7 )

PDF (7764KB) ( 106 )

While outsourcing database is widely used, its security is greatly challenged. Users cannot guarantee the correctness and integrity of the query results when querying data. Aiming at the problem that the existing outsourcing databases can not support connection query verification, this paper proposes a connection query verification model based on authentication tree, and gives the formal definition of the model and the definition of the correctness and security of the model. This paper uses bilinear map accumulator, authentication tree and other technologies to build a connection query verification scheme of outsourcing database based on authentication tree, and uses the VBDHE and q-BSDH difficulty assumption of cryptography to give the security analysis. This paper proves that the adversary can’t make the verification pass by falsifying the wrong results, thus proving the correctness of the scheme. Experimental results and performance analysis show that the proposed scheme has higher efficiency than other schemes in key generation, query verification, communication overhead, storage overhead, etc.

Figures and Tables | References | Related Articles | Metrics

Table of Content