Table of Content

10 September 2020, Volume 20 Issue 9 Previous Issue    Next Issue

---

For Selected:

Download Citations EndNote Ris BibTeX

Toggle Thumbnails

Select

Log Anomaly Detection Method Based on Improved Time Series Model LU Jiali 2020, 20 (9):  1-5.  doi: 10.3969/j.issn.1671-1122.2020.09.001 Abstract ( 940 )   HTML ( 55 )   PDF (5273KB) ( 330 )   Security log analysis plays an irreplaceable role in the field of network security. Aiming at the characteristics of security log, this paper proposes a multi-model combination time series anomaly detection algorithm. It combines the characteristics of time series, uses Fourier series to remove complex seasonal components, uses trend extrapolation to remove trend components, and then uses ESD testing to perform anomaly detection on random residual components. The experimental results show that the time series anomaly detection algorithm proposed in this paper has good detection accuracy. Figures and Tables | References | Related Articles | Metrics

Select

Generation of Malicious Domain Training Data Based on Improved Char-RNN Model WU Jing, LU Tianliang, DU Yanhui 2020, 20 (9):  6-11.  doi: 10.3969/j.issn.1671-1122.2020.09.002 Abstract ( 559 )   HTML ( 33 )   PDF (6984KB) ( 154 )   In recent years, new botnets have begun to use DGA (Domain Generation Algorithm) to communicate with C&C(Command and Control) servers. Aiming at the problem that the detection models based on deep learning lack the ability to recognize new DGA variants, combined with the idea of text generation, this paper improved the original character-level recurrent neural network (Char-RNN) by using LSTM and attention mechanism, which can generate malicious domain names for simulating unknown DGA variants. Experiment results showed that the domain names generated by this method is highly similar to the real data in character composition structure and frequency. Also, the detection models using the generated data as the training set maintains good performance. This verified the validity of generated data and the feasibility of using it as the training data to predict unknown DGA variants. Figures and Tables | References | Related Articles | Metrics

Select

A Generation Method of Word-level Adversarial Samples for Chinese Text Classification TONG Xin, WANG Luona, WANG Runzheng, WANG Jingya 2020, 20 (9):  12-16.  doi: 10.3969/j.issn.1671-1122.2020.09.003 Abstract ( 962 )   HTML ( 52 )   PDF (6109KB) ( 295 )   Aiming at the robustness of the Chinese text classification model based on deep learning methods, a word-level black-box adversarial sample generation method CWordAttacker is proposed. The algorithm uses the targeted deletion scoring mechanism, which can locate the key words that significantly affect the classification results when the internal details of the model are unknown. It also uses a variety of attack strategies such as traditional Chinese and Pinyin replacement to generate the adversarial samples consistent with the original sentence semantics, which can complete the targeted and non-targeted attack modes. The results of testing LSTM, TextCNN and CNN with attention on sentiment, spam messages and news classification datasets show that CWordAttacker can greatly reduce the accuracy of the target machine model with less perturbation. Figures and Tables | References | Related Articles | Metrics

Select

Method of Insider Threat Detection Based on LSTM Regression Model HUANG Na, HE Jingsha, WU Yabiao, LI Jianguo 2020, 20 (9):  17-21.  doi: 10.3969/j.issn.1671-1122.2020.09.004 Abstract ( 802 )   HTML ( 32 )   PDF (6202KB) ( 211 )   The malicious behavior initiated by internal personnel will cause security threat to the enterprise, and there are difficulties in detection, such as fuzzy boundary, less sample data. This paper proposes an LSTM regression model, which outputs the prediction results of behavior sequence through regression analysis. Considering the otherness of variety users, the model learns the behavior mode of each user according to identify the user ID, and it is trained with updating sequence periodically, and then the difference between the predicted value and the actual value was taken as the abnormal score during test. This method can not only predict the users' behavior in next period, but also detect the abnormal behavior according to the normal behavior pattern learned, solving the problem of insufficient positive samples. Figures and Tables | References | Related Articles | Metrics

Select

Research on AISecOps Automation Levels and Technology Trends ZHANG Runzi, LIU Wenmao, YOU Yang, XIE Feng 2020, 20 (9):  22-26.  doi: 10.3969/j.issn.1671-1122.2020.09.005 Abstract ( 759 )   HTML ( 32 )   PDF (5649KB) ( 198 )   Due to the highly dynamic characteristics of cyberspace and the critical decision requirements of the offensive and defensive confrontation process, AISecOps technology has encountered limitations in data integration, human-computer interaction, scene modeling, algorithm optimization and other aspects. This paper summarizes the connotation and evaluation index hierarchy of AISecOps technology, introduces AISecOps automation level partition scheme and practice in SecOps scenario, and then looks into the development trend of AISecOps technology. Figures and Tables | References | Related Articles | Metrics

Select

Research on Quantitative Analysis of System Security Based on Stochastic Petri Net WU Zenan, TIAN Liqin, CHEN Nan 2020, 20 (9):  27-31.  doi: 10.3969/j.issn.1671-1122.2020.09.006 Abstract ( 625 )   HTML ( 24 )   PDF (6008KB) ( 153 )   In response to the increasing frequency of network attack events, how to accurately and effectively perform experimental inference on the attack events and quantitatively analyze the corresponding indicators of network security has become a research hotspot in recent years. This paper discusses the main indicators and solving methods of network system security assessment in conjunction with the needs of network system security assessment. On this basis, the methods and steps of stochastic Petri nets for modeling and analyzing network system security are studied, and the calculation method of network system security indicators is given in conjunction with the Markov property of the model. Finally, the correctness of the model is verified by specific examples. The results show that it is reasonable and effective to use stochastic Petri nets to model and analyze the network system security, which provides new idea for related research on network system security assessment. Figures and Tables | References | Related Articles | Metrics

Select

Applied Research of Unsupervised Machine Learning in Game Anti-fraud XU Yu, ZHOU You, LIN Lu, ZHANG Cong 2020, 20 (9):  32-36.  doi: 10.3969/j.issn.1671-1122.2020.09.007 Abstract ( 1013 )   HTML ( 13 )   PDF (6779KB) ( 189 )   As the online game market continues to grow, there are more and more events of "get a deal" happen in the online game, which has had a serious impact on the balance of game assets, especially the interests of game publishers. This paper proposed a game bot detection method based on unsupervised machine learning, this method focused on discovering the differences in behavior between game bots and human players, introduced the word2vec idea to process the event type vector, discovered game bots and new fraud patterns through cluster analysis. After applied unsupervised machine learning to the online game anti-fraud engine, the accuracy of online game bot detection increased by about 8%, greatly improve the detection accuracy rate. Figures and Tables | References | Related Articles | Metrics

Select

A Large-scale Measurement Study of MQTT Security XU Huikai, LIU Yue, MA Zhenbang, DUAN Haixin 2020, 20 (9):  37-41.  doi: 10.3969/j.issn.1671-1122.2020.09.008 Abstract ( 673 )   HTML ( 25 )   PDF (5201KB) ( 213 )   Message Queue Telemetry Transmission Protocol (MQTT) is a lightweight protocol widely used in the Internet of Things. Through the measurement of the deployment of MQTT protocol nationwide, 27949 MQTTs are found exposed on the public network, more than 80% of the servers transmit data in plain text, and 57% of the MQTT servers do not perform client authentication at all. Even if some MQTT servers use TLS protocol which supports authentication and encryption, certificate deployment is vulnerable. Only 20.94% of the certificates can pass the verification process of trusted certificate. This paper analyzes the security threats of MQTT server, such as privacy theft, man-in the-middle attack, remote tampering of equipment, and puts forward the defense scheme and the next step work of MQTT server. Figures and Tables | References | Related Articles | Metrics

Select

Research on QR Code Phishing Detection LIU Daheng, LI Hongling 2020, 20 (9):  42-46.  doi: 10.3969/j.issn.1671-1122.2020.09.009 Abstract ( 601 )   HTML ( 23 )   PDF (5485KB) ( 232 )   In recent years, the number of fraud cases through phishing websites has been increasing year by year. Compared with traditional phishing methods, QR code is favored by criminals because of its low production threshold, wide use range, and high success rate in implementing phishing. On the basis of analyzing and summarizing the implementation process of phishing based on QR code and its destructiveness, this article focuses on detecting abnormal features from two aspects of URL structure and Web page structure, and realizes QR code phishing detection based on SVM. Figures and Tables | References | Related Articles | Metrics

Select

A Method of Privacy Preserving and Access Control in Blockchain Based on Attribute-based Encryption WANG Jinmiao, XIE Yongheng, WANG Guowei, LI Yiting 2020, 20 (9):  47-51.  doi: 10.3969/j.issn.1671-1122.2020.09.010 Abstract ( 1147 )   HTML ( 61 )   PDF (5952KB) ( 481 )   All nodes in the blockchain keep the same information. With the wide application of blockchain technology, the problem of blockchain privacy protection and access control is becoming increasingly prominent. Based on multi-authority attribute-based encryption (MA-ABE), this paper proposes a privacy preserving and access control scheme for blockchain. The authorities are acted by the nodes in blockchain, which effectively solves the problem that the centralized authority is too large. By deploying the proposed scheme, data are encrypted by using MA-ABE and stored in the blockchain. Only users whose attributes meet the access control policy can decrypt the data successfully, which achieves the purpose of privacy preserving and access control in blockchain. Figures and Tables | References | Related Articles | Metrics

Select

Research on Collaborative Defense Technology of Network Security Based on Swarm Intelligence ZENG Yingming, WANG Bin, GUO Min 2020, 20 (9):  52-56.  doi: 10.3969/j.issn.1671-1122.2020.09.011 Abstract ( 772 )   HTML ( 25 )   PDF (5715KB) ( 278 )   In this paper, a cooperative defense framework of network security based on swarm intelligence is designed, which is composed of data access and sharing, active prevention, joint perception and cooperative response, and an integrated learning algorithm with dynamic adjustment cooperative strategy is studied. it is applied to the attack event detection model to improve its detection accuracy. The cooperative response method of multiple security components based on bee colony algorithm is designed, and the experimental analysis is carried out, which provides the basic support for the research and realization of global awareness and cooperative defense among multiple security entities. Figures and Tables | References | Related Articles | Metrics

Select

Method of Network Security States Prediction and Risk Assessment for Industrial Control System Based on HMM LI Shibin, LI Jing, TANG Gang, LI Yi 2020, 20 (9):  57-61.  doi: 10.3969/j.issn.1671-1122.2020.09.012 Abstract ( 615 )   HTML ( 16 )   PDF (5601KB) ( 132 )   In this paper, the Hidden Markov Model is used to characterize the risk state transition relationship of an industrial control network attack scene, and the network risk state is predicted by the correlation probability between the risk state and the security alarm event. This paper defines the quantitative factors of network assets, threats and vulnerability and their calculation methods, normalizes the quantitative factors and applies them to the analysis of the overall risk value of the network. This paper constructs a simulation environment based on the typical four-layer industrial control system structure, and simulates and verifies the method by MATLAB. Experimental results show that the proposed method can be used in the dynamic assessment process of security states and risk value. Figures and Tables | References | Related Articles | Metrics

Select

Research on the Design of Cloud Security Architecture YU Xiaojun, WU Yabiao, ZHANG Yuqing 2020, 20 (9):  62-66.  doi: 10.3969/j.issn.1671-1122.2020.09.013 Abstract ( 589 )   HTML ( 29 )   PDF (6103KB) ( 265 )   The evolving cloud environment has brought great challenges to the design of security architecture. This paper analyzes the existing work in detail from four aspects of design motivation, typical scheme, main ideas and evaluation, clarifies the common characteristics of the existing work. Then, a definable, reconfigurable and evolvable cloud security architecture is designed based on many advanced technology ideas, and the analysis shows the rationality and advanced nature of the new architecture. At last, it points out the further research directions of the current security architecture research work. Figures and Tables | References | Related Articles | Metrics

Select

Shifting Security Protection Mindset and Mechanisms for Novel 5G Infrastructures LIU Wenmao, YOU Yang 2020, 20 (9):  67-71.  doi: 10.3969/j.issn.1671-1122.2020.09.014 Abstract ( 553 )   HTML ( 14 )   PDF (5262KB) ( 164 )   5G Networking has been becoming the most important network infrastructure in current novel infrastructure construction campaign, where a number of novel technologies and architectures are being applied.as a result, the security risk and security operation changes need to be addressed. Compared to the security technology upgrade itself, the whole protection mindset adjustment is more important. In this paper, we introduces the security challenges of 5G novel network, and the corresponding safety protection concept and mechanisms. Figures and Tables | References | Related Articles | Metrics

Select

Research and Application of 5G Cybersecurity Threat Modeling Based on STRIDE-LM BI Qinbo, ZHAO Chengdong 2020, 20 (9):  72-76.  doi: 10.3969/j.issn.1671-1122.2020.09.015 Abstract ( 721 )   HTML ( 25 )   PDF (5072KB) ( 219 )   As a "network of networks", 5G has become the link of the IoT and the driving force for integration and innovation. It uses service-based architecture and open service capabilities to provide a full range of quality services for various types of users and industries. 5G network characteristics and business attributes determine the importance of its security. Threat modeling is the starting point and very important part of cyber security best practices in the face of complex cyberspace. This article first introduces the industry's mature threat modeling methods, then introduces the six major stages of the threat modeling methodology, and finally focuses on the 5G threat modeling process and examples of key output results. Figures and Tables | References | Related Articles | Metrics

Select

Industrial Internet Identifier Resolution Security from the Perspective of Authentication YU Guo, WANG Chonghua, CHEN Xuehong, LI Jun 2020, 20 (9):  77-81.  doi: 10.3969/j.issn.1671-1122.2020.09.016 Abstract ( 502 )   HTML ( 14 )   PDF (5830KB) ( 147 )   Identifier resolution is an important network infrastructure of the Industrial Internet. As network security threats accelerate to spread to the industrial field, Industrial Internet identifier resolution has become a key target of network attacks. This paper is devoted to meet the security certification requirements of registration, access, data management, and resolution services of Industrial Internet identifier resolution. Firstly, it analyzes the security threats under typical scenarios of Industrial Internet identifier resolution applications from the perspective of authentication. Then it proposes a unified identity authorization and authentication management framework for Industrial Internet identifier resolution. The framework provides full-factor, full-process, and comprehensive security authentication capabilities. This paper provides a reference for further research on Industrial Internet identifier resolution security and strategy for defense. Figures and Tables | References | Related Articles | Metrics

Select

Ontology-based Cross-domain Security Analysis LIU Hong, XIE Yongheng, WANG Guowei, JIANG Shuai 2020, 20 (9):  82-86.  doi: 10.3969/j.issn.1671-1122.2020.09.017 Abstract ( 417 )   HTML ( 16 )   PDF (6018KB) ( 118 )   Today security threats that involve multiple disciplines or research areas, such as hardware security, cyber-physical security, and supply-chain security, are growing rapidly. However, there are no efficient methods to treat multidisciplinary security in a unified and systematical way making it difficult to analyze, evaluate, and predict these security problems. This paper proposes an approach that utilizes cross-domain ontologies to express and analyze security problems that involve several research areas. This method can helps in merging attacks and countermeasures, building multidisciplinary security knowledge base, and discovering new threats. Figures and Tables | References | Related Articles | Metrics

Select

The Safety Evaluation and Defense Reinforcement of the AI System WANG Wenhua, HAO Xin, LIU Yan, WANG Yang 2020, 20 (9):  87-91.  doi: 10.3969/j.issn.1671-1122.2020.09.018 Abstract ( 689 )   HTML ( 19 )   PDF (5682KB) ( 261 )   Deep learning models have performed well on many AI tasks, but elaborate adversarial samples can trick well-trained models into making false judgments. The success of the adversarial attack calls into question the usability of the AI system. In order to improve the security and robustness, the paper follow the security development lifecycle and propose a security evaluation and defense reinforcement scheme for the AI system. The scheme improves the system's ability to resist attacks and helps developers build a more secure AI system through measures such as accurate detection and interception of adversarial attacks, scientific evaluation of the model's robustness, and real-time monitoring of new adversarial attacks. Figures and Tables | References | Related Articles | Metrics

Select

Abnormal Behavior Detection of Virtualization Platform Based on Image and Machine Learning WANG Xiangyi, ZHANG Jian 2020, 20 (9):  92-96.  doi: 10.3969/j.issn.1671-1122.2020.09.019 Abstract ( 448 )   HTML ( 11 )   PDF (5377KB) ( 120 )   This paper proposes a method for dynamically detecting abnormal behavior of a virtualization platform based on machine learning. This method relies on the virtualization platform, extracted the system memory during normal program and malware running and dumps it into a file, extracted part of the information through SimHash to form a grayscale image and used local binary mode(LBP) to describe the texture features of the image. The features of image are used to train the constructed convolutional neural network, and the generated model determines whether the virtualization platform has abnormal behavior. Experiments show that the detection rate of virtualization platform can reach 97.5%, which can effectively detect cloud attack events. Figures and Tables | References | Related Articles | Metrics

Select

A Dynamic Link Prediction Method Based on Improved Dynamic Triad Model XIA Tianyu, GU Yijun 2020, 20 (9):  97-101.  doi: 10.3969/j.issn.1671-1122.2020.09.020 Abstract ( 390 )   HTML ( 8 )   PDF (4965KB) ( 102 )   Concerning dynamic social network link prediction, the paper proposed an improved DynamicTriad model. The dynamic triadic closure structure was the carrier, and three vertices formd a basic network unit. Combined with the network homophily and similarity index, the dynamic network was represented dynamically and each node was represented in different time slices, as to realize the dynamic individual behavior prediction of social network. Moreover, the t+1 time embedding vector was used to validate t time prediction effect. Experiments show that the improved model represents the relationship between nodes dynamically, and the effect of link prediction is better than the traditional algorithms. Besides, the proposed method supports the modeling and analysis of dynamic social network. Figures and Tables | References | Related Articles | Metrics

Select

RFID Group Tag Ownership Transfer Protocol Based on Cyclic Grouping Function SHEN Jinwei, ZHAO Yi, LIANG Chunlin, ZHANG Ping 2020, 20 (9):  102-106.  doi: 10.3969/j.issn.1671-1122.2020.09.021 Abstract ( 402 )   HTML ( 8 )   PDF (5691KB) ( 104 )   This paper designs a cyclic group function with many group transformation; and an improved RFID group tag ownership transfer protocol based on this function is proposed, then this paper gives the protocol security proof based on GNY logic. The tag side of the new protocol does not need pseudorandom number generator, which is characterized by ultra-lightweight level. At the same time, the protocol interaction mode is improved to solve the problem of denial of service attack vulnerability. The protocol can resist the common malicious attacks, and the tag side of the protocol has less computation and better performance. Figures and Tables | References | Related Articles | Metrics

Select

Spam Filtering Model Based on ALBERT Dynamic Word Vector ZHOU Zhining, WANG Binjun, ZHAI Yiming, TONG Xin 2020, 20 (9):  107-111.  doi: 10.3969/j.issn.1671-1122.2020.09.022 Abstract ( 625 )   HTML ( 20 )   PDF (5539KB) ( 271 )   In order to solve the problem of insufficient word vector learning in spam classification, this paper introduces a model with ALBERT dynamic word vector, and proposes an ALBERT-RNN model which combines the ALBERT dynamic word vector with the recurrent neural network. In the open spam dataset (TEC06C), two traditional statistical models and four ALBERT-RNN models with different RNN structure are compared, and the cross entropy loss function of ALBERT-RNN is optimized by Focal Loss method. The experimental results show that the ALBERT-LSTM model with Focal Loss achieves the highest accuracy (99.13%) on the TEC06C dataset. Figures and Tables | References | Related Articles | Metrics

Select

Research on Hierarchical Network Structure and Application of Blockchain HAN Lei, CHEN Wuping, ZENG Zhiqiang, ZENG Yingming 2020, 20 (9):  112-116.  doi: 10.3969/j.issn.1671-1122.2020.09.023 Abstract ( 661 )   HTML ( 17 )   PDF (6138KB) ( 295 )   The core problem in the application of blockchain peer-to-peer network in national defense is that the peer-to-peer flat blockchain network structure does not adapt to the hierarchical system. In this regard, this paper proposes the hierarchical network structure of blockchain, hierarchical consensus mode, hierarchical ledger structure and information classification and presentation mode. The simulation results show that the consensus mode of the proposed scheme changes from peer-to-peer consensus of the whole network nodes to consensus of the sibling nodes, which improves the consensus efficiency; the data flow realizes horizontal synchronization and vertical convergence through hierarchical associated ledgers; and the information protection realizes hierarchical and controlled protection. Figures and Tables | References | Related Articles | Metrics

Select

A Hybrid Model of Intrusion Detection Based on LMDR and CNN LI Qiao, LONG Chun, WEI Jinxia, ZHAO Jing 2020, 20 (9):  117-121.  doi: 10.3969/j.issn.1671-1122.2020.09.024 Abstract ( 426 )   HTML ( 17 )   PDF (6046KB) ( 145 )   With the rapid development of network security technology and the big data technology, the traditional machine learning model has been difficult to meet the requirements of efficient intrusion detection in big data environment. For this reason, considering the advantages of convolutional neural network in feature extraction and data analysis, this paper proposed a mixed intrusion detection model based on logarithm marginal density ratio and convolutional neural network in view of the fact that the characteristics of the original dataset was not obvious enough. Compared with the traditional machine learning algorithm and neural network model, our hybrid model can make full use of the relationship between features for feature enhancement, and effectively improve the classification accuracy and reduce the false alarm rate. Figures and Tables | References | Related Articles | Metrics