Netinfo Security

Research on 5G Network Slicing Security Model

LIU Jianwei, HAN Yiran, LIU Bin, YU Beiyuan

2020, 20 (4): 1-11. doi: 10.3969/j.issn.1671-1122.2020.04.001

Abstract ( 1457 )

HTML ( 84 )

PDF (13352KB) ( 759 )

With the advent of the 5G communication era, network slicing technology will be deeply integrated with vertical industries to provide users with richer mobile Internet and IoT services. However, the introduction of network slicing technology brings many new security risks and challenges, and some of the original security protection technologies are no longer applicable. In addition, the different characteristics of various slices make the original security services unable to meet the different needs of network slices. Therefore, studying the security problems and corresponding countermeasures of network slicing technology and proposing new security policies are the key to guarantee the realization of 5G network security. This article first describes the existing security problems of network slicing technology from three aspects of network slicing architecture, management model, and implementation technology, then proposes relevant measures to maintain slice security in response to these security problems. Finally, a network slicing security model is established to provide differentiated security services for 5G network slicing.

Figures and Tables | References | Related Articles | Metrics

Survey of Trust Management Mechanism in Wireless Sensor Network

JIANG Jinfang, HAN Guangjie

2020, 20 (4): 12-20. doi: 10.3969/j.issn.1671-1122.2020.04.002

Abstract ( 830 )

HTML ( 27 )

PDF (11117KB) ( 433 )

Trust management mechanism is a research hotspot in the field of wireless sensor network security in recent years. Begin with the basic concept of trust management, this paper analyzes and summarizes the existing attack models, including the attacks against network models and trust models. Then, this paper introduces the main algorithms used in trust management mechanisms, including Bayesian statistics, subjective logic, fuzzy logic, D-S evidence theory, entropy theory, cloud theory, analytic hierarchy process, fog computing and machine learning, etc., and expounds the main ideas, the research progress and existing problems. On this basis, this paper looks forward to the development trend of trust management mechanism in wireless sensor networks, summarizes the main problems existing in the current trust management mechanisms and the possible research direction in the future.

Figures and Tables | References | Related Articles | Metrics

A Scheme of Measurement for Terminal Equipment Based on DICE in IoT

CHEN Lu, SUN Yajie, ZHANG Liqiang, CHEN Yun

2020, 20 (4): 21-30. doi: 10.3969/j.issn.1671-1122.2020.04.003

Abstract ( 921 )

HTML ( 21 )

PDF (10650KB) ( 299 )

With the widespread applications of the IoT, the security protection of terminal device is weak and the security events occurr frequently. Only effective measures are taken from the bottom of the system, the security of IoT can be improved. As the latest achievement of the trusted computing, DICE technology applies a new solution for security problems of IoT terminal. It can provide not only device identity protection, data encryption and identity authentication, but also the updating mechanism coping with the complex IoT environment. Based on the DICE technology, it takes the RFID reader as the research object in this paper. By analyzing the startup process of this device, an approach of the establishment and extension of the chain of trust is designed and the scheme of DICE-based mesurement and updating for IoT terminal is proposed, which can ensure the security of read-write operation and data uploading of the RFID reader. In the C compiler environment, the scheme of chain of trust transfer and measurement based on DICE are implemented.

Figures and Tables | References | Related Articles | Metrics

A Ransomware Classification Method Based on Visualization

GUO Chun, CHEN Changqing, SHEN Guowei, JIANG Chaohui

2020, 20 (4): 31-39. doi: 10.3969/j.issn.1671-1122.2020.04.004

Abstract ( 783 )

HTML ( 34 )

PDF (10629KB) ( 227 )

Ransomware is a special kind of malware that causes irreversible data loss or system resource blockage of the victim system, causing huge economic losses to the victim system. Classifying ransomware can effectively reduce the work of security analysts. Methods based on dynamic analysis and static analysis require complex feature engineering and are not suitable for large-scale ransomware classification. To achieve fast and large-scale ransomware classification, a method of visualization proposed to classify ransomware. Firstly, the binary files of ransomware and normal software are converted into grayscale images, then the image features are extracted from the VGG16 neural network using transfer learning, and finally, the SVM machine learning classification model is used for classification. The experimental results show that the classification accuracy is 96.7%.

Figures and Tables | References | Related Articles | Metrics

Impossible Differential Attacks on 9-Round Block Cipher Rijndael-192

DONG Xiaoli, SHANG Shuai, CHEN Jie

2020, 20 (4): 40-46. doi: 10.3969/j.issn.1671-1122.2020.04.005

Abstract ( 551 )

HTML ( 6 )

PDF (8059KB) ( 111 )

With high speed, easy standardization and easy implement in hardware and software, block cipher has a wide range of applications in the field of information security. It is necessary to study the security of block cipher. Impossible differential attack is one of the effective attack methods against block cipher. In this paper, we focus on impossible differential (ID) attacks on Rijndael-192. According to the property that the difference branch number of the MixColumns is 5, a new 5-round impossible differential is proposed; then based on this impossible differential, with property of S-box and the key schedule weakness, the key recovery on the 9-round Rijndael-192 is given. It is shown or the attack on 9-round Rijndael-192 with key size of 192, it requires data complexity of about 2^176.6 chosen plaintexts ,time complexity of about 2^188.2 encryptions and memory complexity of about 2¹²⁰ blocks, which is better than previous known results in terms of the data, time and memory complexity; for the attack on 9-round Rijndael-192 with key size of 224 and 256, it requires data complexity of about 2^178.2 chosen plaintexts, time complexity of about 2^197.8 encryptions and memory complexity of about 2¹²⁰blocks,which is better than previous known results in terms of the data and memory complexity.

Figures and Tables | References | Related Articles | Metrics

An Intrusion Detection Method Based on Federated Learning and Convolutional Neural Network

WANG Rong, MA Chunguang, WU Peng

2020, 20 (4): 47-54. doi: 10.3969/j.issn.1671-1122.2020.04.006

Abstract ( 1643 )

HTML ( 92 )

PDF (8159KB) ( 767 )

At present, intrusion detection based on deep learning is a hot topic in the field of intrusion detection, but most of the research focuses on how to improve the algorithm to improve the accuracy of intrusion detection, while neglecting that the limited label data generated by a single mechanism is not enough to train a depth model with high accuracy. In this paper, an intrusion detection method based on federated learning and convolution neural network is proposed, which can expand the amount of data through the joint training model of multiple participants. In this method, an intrusion detection model of deep learning is designed by using federated learning framework. Firstly, the data dimension is reconstructed to form two-dimensional data through data filling, and then the feature extraction learning is carried out by using DCNN network under the mechanism of federated learning. Finally, the training model of softmax classifier is combined and detected. The experimental results show that the method reduces the training time to a great extent and maintains a high detection rate. In addition, compared with the general intrusion detection model, the model also ensures the security and privacy of the data.

Figures and Tables | References | Related Articles | Metrics

HBase Secondary Ciphertext Indexing Method Based on Homomorphic Encryption

FU Zhizhou, WANG Liming, TANG Ding, ZHANG Shuguang

2020, 20 (4): 55-64. doi: 10.3969/j.issn.1671-1122.2020.04.007

Abstract ( 804 )

HTML ( 9 )

PDF (11557KB) ( 316 )

In the era of big data, the data storage model is drastically changing. As a data processing carrier, the traditional relational database has no capability to meet the requirements of efficient storage and query of massive data because of its single storage structure and poor scalability. Storage Raster HBase can meet the storage requirement of massive data and use LSM tree structure to improve data query efficiency. However, since big data security events continue to occur, how to achieve efficient query of encrypted data under the premise of ensuring data semantic security is an urgent problem to be solved for the LSM tree which is only for plaintext data. In this paper, a HBase ciphertext indexing method based on homomorphic encryption is proposed. Combining the improved homomorphic encryption algorithm and coprocessor, a second ciphertext indexing mechanism is constructed. Our method enable ciphertext to be indexed without decrypting ciphertext data and maximize the encryption data query efficiency with ensuring the semantic security of the index and the data. Extensive experimental evalutions shows that the method has high safety and availability.

Figures and Tables | References | Related Articles | Metrics

A Dynamic Access Control Method for Fog Computing Based on Trust Value

DU Yifeng, GUO Yuanbo

2020, 20 (4): 65-72. doi: 10.3969/j.issn.1671-1122.2020.04.008

Abstract ( 584 )

HTML ( 6 )

PDF (8516KB) ( 137 )

Fog computing is usually applied to industrial control, Internet of vehicles, intelligent medical and other real-time scenarios. These scenarios require dynamic, adaptive and low delay access control methods. Traditional access control methods are not suitable. This paper proposes a dynamic access control method based on trust value. This method extracts device behavior features from log files. And then calculates the trust value of active devices using machine learning models, while the trust value of inactive devices is calculated using grayscale method. The method proposed in this paper can not only realize fast and dynamic access control, but also can be easily migrated to multiple scenarios. The author have implemented the method based on equipment and data set provided by the research group.

Figures and Tables | References | Related Articles | Metrics

Ethereum Malicious Account Detection Method Based on LightGBM

BIAN Lingyu, ZHANG Linlin, ZHAO Kai, SHI Fei

2020, 20 (4): 73-80. doi: 10.3969/j.issn.1671-1122.2020.04.009

Abstract ( 1125 )

HTML ( 36 )

PDF (8759KB) ( 235 )

Due to the anonymity of the blockchain, Ethereum has gradually become a platform for malicious accounts to scam through vulnerabilities, phishing, and other methods. An Ethereum malicious account detection method based on LightGBM is proposed. By collecting and annotating 8028 Ethereum accounts, handcrafted features are extracted based on the history of transactions, and statistical features are extracted using featuretools. Finally, the LightGBM classifier is trained to detect malicious accounts in Ethereum through the fusion of two types of features. The experimental results show that the F1-Measure of the proposed method is 94.9%, which is more efficient and accurate than SVM, KNN and other methods. The introduction of handcrafted features can effectively improve the detection performance of malicious accounts.

Figures and Tables | References | Related Articles | Metrics

Research on VoLTE Traffic Based on Association Fusion

LIU Min, CHEN Shuhui

2020, 20 (4): 81-86. doi: 10.3969/j.issn.1671-1122.2020.04.010

Abstract ( 572 )

HTML ( 12 )

PDF (8070KB) ( 127 )

With the increasing popularity of VoLTE, VoLTE users and VoLTE traffic in mobile networks continue to increase. In the context of the continuous popularization of 4G and 5G networks, it is of great significance to carry out research on VoLTE traffic. This paper introduces VoLTE network architecture and the principle of speech coding. Based on the analysis of the correlation between VoLTE signaling data and voice data, combined with the fact that the integrity of VoLTE session message is insufficient, this paper proposes a method of VoLTE speech analysis and processing based on signaling guidance and without signaling guidance. By comparing AMR voice transmission format and audio format, this paper proposes the method of format conversion and AMR voice recovery. Through association fusion, the connection information related to VoLTE calls are obtained, which provides important information guarantee for lawful network forensics.

Figures and Tables | References | Related Articles | Metrics

Research on the Intelligent Fusion Model of Network Security Situation Awareness

ZHAO Zhiyan, JI Xiaomo

2020, 20 (4): 87-93. doi: 10.3969/j.issn.1671-1122.2020.04.011

Abstract ( 858 )

HTML ( 29 )

PDF (9209KB) ( 287 )

In view of the limitation of the depth and breadth of data analysis of current network security situation awareness model, as well as the lack of logical collaboration and functional linkage, this paper proposes an intelligent fusion model of network security situation awareness, which adopts modularization and componentization to organize the structure of the model. The model contains six modules: network security vulnerability detection module, network security data preprocessing module, network security data element extraction module, network security situation analysis module, network security situation prediction module, and network security situation visualization module. And the technical details of modules are denoted in this paper, that includes K-means clustering, PCA feature extraction, Bayesian network, artificial neural network, etc. The model has the abilities of continuous monitoring, threat early warning, visual data presentation with multi angles, and the function design of modular and pluggable middleware. The model would provide data protection service and trustaccessment serviceaccording to different combination of model applications. The model could improve the monitoring and alert ability of network security situation awareness system effectively.

Figures and Tables | References | Related Articles | Metrics

Table of Content