Netinfo Security

Optimization of Measurement Methods in the Assessment of Classified Protection of Cybersecurity

MA Li

2020, 20 (5): 1-10. doi: 10.3969/j.issn.1671-1122.2020.05.001

Abstract ( 895 )

HTML ( 95 )

PDF (1085KB) ( 623 )

This paper analyzes the possible impact of the new changes of the national standard in classified protection of cybersecurity in the period of 2.0 on the assessment conclusions, and discusses the limitations of the quantitative analysis methods based on assessment indicators and assessment objects described in the past with actual cases and data, and puts forward the idea of adjusting and optimizing quantitative calculation to produce the assessment conclusions according to the new characteristics of the structure and content of the national standard in classified protection of cybersecurity. The principle of defect deduction and the quantitative calculation method of defect deduction are given, and the difference in the calculation results of various quantitative calculation methods is compared with the example, and the quantitative calculation formula of the assessment conclusion is proposed suitable for the new standard for the reader to analyze and reference.

Figures and Tables | References | Related Articles | Metrics

DDoS Attack Detection Based on Catastrophe Theory in SDN Environment

WANG Jian, WANG Yujie, HAN Lei

2020, 20 (5): 11-20. doi: 10.3969/j.issn.1671-1122.2020.05.002

Abstract ( 790 )

HTML ( 30 )

PDF (1326KB) ( 366 )

This paper proposes a DDoS detection method based on a cusp catastrophe model. By analyzing the behavioral characteristics of DDoS attacks and the characteristics of the flow table under SDN, an improved control variable and state variable based on the flow table are proposed for the model. Finally, this paper also collects data through simulation experiments, and conducts multiple comparison experiments with common methods.After analyzing the experimental results, it is concluded that this method can effectively detect DDoS attacks, and has a higher detection rate and a lower false alarm rate than other methods.

Figures and Tables | References | Related Articles | Metrics

Secure Virtual Network Embedding Algorithm Based on Entropy Weight VIKOR

MENG Xiangru, XU Jiang, KANG Qiaoyan, HAN Xiaoyang

2020, 20 (5): 21-28. doi: 10.3969/j.issn.1671-1122.2020.05.003

Abstract ( 645 )

HTML ( 15 )

PDF (1252KB) ( 302 )

In recent years, as the key technology of network virtualization, virtual network embedding technology has become one of the focuses of academic and industrial research. In order to solve the problem of low embedding performance caused by incomplete security awareness and unreasonable matching of nodes, this paper proposes a secure virtual network embedding algorithm based on entropy weight VIKOR. Firstly, a mixed integer linear programming model for secure virtual network embedding problems is designed, and the node security priority indicators are designed to realize the joint security awareness of virtual nodes and physical nodes. Secondly, the node resource attributes, topological attributes and security attributes are considered in the embedding process, and the entropy weight VIKIOR method is used to rank the nodes. Finally, the nodes are sequentially embedded according to the results of node ranking, and the k-shortest path algorithm is used for link embedding. The simulation results show that the algorithm can improve the acceptance ratio of virtual network embedding and the revenue to cost ratio while satisfying the node security constraints.

Figures and Tables | References | Related Articles | Metrics

Research on Trusted QoS-Aware Path Finding and Load Balancing in Service Composition

DONG Xuewen, LIU Qihang

2020, 20 (5): 29-38. doi: 10.3969/j.issn.1671-1122.2020.05.004

Abstract ( 544 )

HTML ( 13 )

PDF (2046KB) ( 285 )

Web services are effective ways to invoke resources in cloud computing. A single web service often has limited functions and can only accomplish specific tasks. Service composition can make Web services form an effective call sequence and achieve more powerful functions. The rapid growth of service publishing and service requests has brought new security problems. First of all, the existing service composition schemes are based on QoS for web service selection, but the QoS value usually provided by the services publisher, and there is a certain fraud phenomenon: the service publisher publishes false QoS value to lure users. Secondly, the traditional service composition scheme only generates an optimal path, when malicious requests continue to visit, and this will cause a service node to be paralyzed, or even the whole service composition system to fail. Therefore, in order to solve the problem of QoS malicious fraud, we propose a trusted QoS computing model, which comprehensively evaluates QoS value according to the credit of the web service publisher. To solve the problem which a single optimal path cannot satisfy a large number of requests, a multipaths method of path discovery and load balancing is proposed. Simulation results show that the method proposed in this paper can not only improve the success rate of service composition, but also find more execution options of service composition schemes.

Figures and Tables | References | Related Articles | Metrics

Test Case Generation Technology Based on Symbol Divide and Conquer Area for Vulnerability Mining

LI Minglei, HUANG Hui, LU Yuliang

2020, 20 (5): 39-46. doi: 10.3969/j.issn.1671-1122.2020.06.000

Abstract ( 561 )

HTML ( 23 )

PDF (1386KB) ( 393 )

In vulnerability mining, symbol execution technology is a common test case generation technology. However, when the software contains complex mathematical operation functions such as encryption and decryption, checksum verification, using symbol execution technology to generate test cases cannot effectively solve constraint expressions, which results in low efficiency in vulnerability mining. In order to solve this problem, combining the idea of divide and conquer algorithm, this paper proposes a test case generation technique based on symbol divide and conquer area. Firstly, the functions of encryption and decryption, checksum verification in software are identified through static analysis technology. Then using the functions of encryption and decryption, checksum verification in the program as the partition point to partition the software. Every time the symbol execution engine executes to a divide and conquer area of software, a new symbol variable is introduced into this area for constraint construction. When solving constraints, the software will start to solve recursively from the last divide and conquer area of software. Based on this method, this paper implements a vulnerability mining prototype system Divide on the symbolic execution platform S2E, and compares with the existing symbol execution generation test case technologies. The experimental results show that this method can generate test cases quickly and effectively, and improve the efficiency of vulnerability mining.

Figures and Tables | References | Related Articles | Metrics

Research on Intrusion Detection Method Based on Modified CGANs

PENG Zhonglian, WAN Wei, JING Tao, WEI Jinxia

2020, 20 (5): 47-56. doi: 10.3969/j.issn.1671-1122.2020.05.006

Abstract ( 818 )

HTML ( 29 )

PDF (1269KB) ( 617 )

In recent years, more and more attention has been paid to the application of machine learning algorithms in intrusion detection systems (IDS). However, traditional machine learning algorithms rely more on known samples, so they need as many data samples as possible to train the model. Unfortunately, as more and more unknown attacks emerge and the attack samples used for training become unbalanced, traditional machine learning models may run into bottlenecks. This paper proposes an intrusion detection model combining improved conditional generation countermeasures network (CGANs) and deep neural network (DNN), namely CGANs-DNN, to improve the detection rate of the detection model against unknown attack types or only a few attack sample types by solving the problem of sample imbalance. Deep neural network (DNN) has the ability to represent the potential characteristics of data, while the improved conditional CGANs can generate new attack samples based on the specified type by learning the potential data distribution of known attack samples. In addition, compared with the unsupervised generation models such as GANs and VAE, the supervised generation model CGANs-DNN in this paper was improved by adding the gradient penalty item, which greatly improved the stability of training. In this paper, NSL-KDD data set was used to evaluate the results of the model. Compared with the traditional algorithm, the results show that CGANs-DNN not only has better performance in terms of overall accuracy, recall rate and false positives rate, but also has a higher detection rate for unknown attacks and attack types with only a few samples.

Figures and Tables | References | Related Articles | Metrics

Generating Universal Adversarial Perturbations with Generative Adversarial Networks

LIU Heng, WU Dexin, XU Jian

2020, 20 (5): 57-64. doi: 10.3969/j.issn.1671-1122.2020.05.007

Abstract ( 909 )

HTML ( 25 )

PDF (1545KB) ( 660 )

Deep neural networks have high accuracy in image classification. However, when small adversarial perturbation is added to the original image, the accuracy of classification will decrease significantly. Studies show that there is an universal adversarial perturbation for a classifier and a data set, which can attack most of the original images. This paper designs a method for making universal adversarial perturbation with generative adversarial network. Through the training of the generative adversarial network, the generator can make an universal adversarial perturbation which added to the original image to make the adversarial sample, so as to achieve the purpose of attack. This paper conducts no target attack, target attack and transfer attack experiments on the CIFAR-10 dataset. Experiments show that the universal adversarial perturbation generated by the generative adversarial network can reach an attack success rate of 89% under lower norm constraints, and the trained generator can produce a large number of adversarial samples in a short time, which is conducive to the robustness research of deep neural network.

Figures and Tables | References | Related Articles | Metrics

Comparative Research of Benchmark Security Capacity of Visible Light Communication Physical Links

DING Jupeng, YI Zhiling, WANG Jintao, YANG Hui

2020, 20 (5): 65-71. doi: 10.3969/j.issn.1671-1122.2020.05.008

Abstract ( 650 )

HTML ( 15 )

PDF (1909KB) ( 318 )

In the process of 5G evolution, the physical layer security of visible light communication (VLC) is gradually earning attention and discussion. However, the current research paradigm is limited to the discussion of visible light communication secure link based on conventional Lambertian LED sources, and there is no quantitative comparative study on the link security characteristics of commercial non-Lambertian sources, especially the benchmark security capacity under non-Lambertian link configurations. In view of the above problems, this paper extends the existent VLC security link modeling scheme, and quantifies the benchmark characteristics of typical non-Lambertian VLC security links within typical indoor environment. The numerical results show that compared with the conventional Lambert beam, the typical non Lambert beams could compress the spatial dynamic range of the benchmark security capacity from 0~10.78 bps/Hz to 0~6.40 bps/Hz, and the relevant mean value is dramatically reduced from the original 5.25 bps/Hz to 2.78 bps/Hz. Therefore, in the design and optimization of the VLC links, the influence of diverse source beams on the secrecy capacity characteristics should be considered, which could be viewed as a potential optimization dimension.

Figures and Tables | References | Related Articles | Metrics

Research on Active Defense Decision-making Method Based on QRD in Complex Network

JIN Hui, ZHANG Hongqi, ZHANG Chuanfu, HU Hao

2020, 20 (5): 72-82. doi: 10.3969/j.issn.1671-1122.2020.05.009

Abstract ( 633 )

HTML ( 22 )

PDF (1440KB) ( 557 )

Aiming at the problem that unknown information makes the optimal defense strategy difficult to select accurately in an unknown network attack and defense scenario. By analyzing the network attack and defense game with incomplete information, firstly,theattack and defense evolutionary game model with an exploration mechanism is constructed. Then, based on Q-learning replication dynamic equationswithexploration of Boltzmann,the dynamic evolution equations ofattack and defense decision are constructed. Finally, the optimal defense strategy selection method is given by solving the evolutionary stable equilibrium, and the evolutionary trajectory of attack and defense strategies are described.The simulation experiment results show that the generated optimal defense strategy has better interpretability and stabilityfor small-scale local area networks, when the exploration degree parameter is around 10, which can enable the defense subject to obtain the maximum defense benefit.

Figures and Tables | References | Related Articles | Metrics

Multi-key Fully Homomorphic Encryption Scheme over Prime Power Cyclotomic Rings

ZHOU Haonan, LI Ningbo, CHE Xiaoliang, YANG Xiaoyuan

2020, 20 (5): 83-87. doi: 10.3969/j.issn.1671-1122.2020.05.010

Abstract ( 869 )

HTML ( 12 )

PDF (1090KB) ( 649 )

The traditional fully homomorphic encryption scheme allows arbitrary evaluations on the ciphertext from a single user.After decryption, a result consistent with the plaintext evaluations can be obtained.The multi-key fully homomorphic encryption schemes allow the cloud server to perform arbitrary evaluations on ciphertexts from multiple parties, which is more suitable for cloud computing application. The multi-key fully homomorphic encryption schemes based on NTRU have the characteristics of short keys, small ciphertext sizes, high operation speed and potential resistant from quantum attacks. However, the existing NTRU multi-key fully homomorphic encryption schemes have the problems that they have rare optional ring structures, and the ring structure is vulnerable to subfield attacks. In this paper, the power of 2 cyclotomic ring in the multi-key homomorphic scheme LTV12 was changed into the prime power cyclotomic ring. The key generation algorithm uses the Gaussian distribution over canonical embedding. Therefore, the number of optional ring structures increased and the scheme is not vulnerable to subfield attacks anymore, which has a driving significance for the practicability and security of the scheme, which has a driving significance for the practicability and security of the scheme.

References | Related Articles | Metrics

Portrait Intelligent Analysis Application and Algorithm Optimization in Video Investigation

ZHANG Leihua, HUANG Jin, ZHANG Tao, WANG Shengyu

2020, 20 (5): 88-93. doi: 10.3969/j.issn.1671-1122.2020.05.011

Abstract ( 685 )

HTML ( 21 )

PDF (2254KB) ( 491 )

Intelligent portrait analysis refers to the structural and visual analysis of portraits in video or video, and intelligent identification of the target person’s gender, age, hairstyle, etc. This technology has extremely high application value in video reconnaissance. The early algorithm of portrait recognition is to manually extract features and learn low-level visual features to classify and learn different attributes. This model based on traditional methods is often not satisfactory. In the field of computer vision, neural networks learned from massive image data have richer information and feature extraction than traditional methods. This paper attempts to train neural network models to detect and recognize pedestrians through deep learning technology, and intelligently treat pedestrians with different clothes. Recognition has better robustness, improves the accuracy of video portrait recognition, and expands the artificial intelligence technology for identity recognition.

Figures and Tables | References | Related Articles | Metrics

Table of Content