Loading...
Netinfo Security

Table of Content

    10 December 2020, Volume 20 Issue 12 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    An Intel SGX-based Proof of Encryption in Clouds
    YOU Weijing, LIU Limin, MA Yue, HAN Dong
    2020, 20 (12):  1-8.  doi: 10.3969/j.issn.1671-1122.2020.12.001
    Abstract ( 545 )   HTML ( 40 )   PDF (1201KB) ( 397 )  

    With the evolvement of the Internet of Things (IoT), the edging computing, and the fog computing, the volume of data on the Internet surges by years. In this case, the cloud storage technique comes and provides centralized, formalized, and efficient storage services to the cloud users. Despite the convenience attributed to using the cloud storage, it also brings great challenges on information security and privacy. The assurance of data confidentiality in the cloud storage has become a significant security issue. First, this paper analyzes existing proof of confidentiality schemes. Second, an Intel sgx-based proof of confidentiality in cloud storage is proposed. The security analysis and performance evaluation show the proposal is efficient and without degrading security.

    Figures and Tables | References | Related Articles | Metrics
    Research on Node Authentication Mechanism in Self-organizing Network Environment
    YU Beiyuan, LIU Jianwei, ZHOU Ziyu
    2020, 20 (12):  9-18.  doi: 10.3969/j.issn.1671-1122.2020.12.002
    Abstract ( 340 )   HTML ( 10 )   PDF (1254KB) ( 176 )  

    In recent years, with the rapid development of Internet industry, mobile terminal has become an indispensable part of people's life. However, due to the lack of infrastructure and other external factors, mobile cellular Internet cannot provide high-quality data communication services in specific environment. As the next generation Internet technology, self-organizing network can form a temporary multi-hop self-governing system with a group of mobile nodes with wireless transceiver devices, which provides users with emergency communication services in limited area in specific environment. Aiming at the problems of lacking security mechanism for wireless self-organizing network data and short coverage, this paper proposes the self-organizing network node authentication and confidential communication system, which can authenticate the legitimacy of nodes and apply data encryption scheme to ensure effectively the security of network node data during the transmission. It has been verified that in the OLSR self-organizing network environment, relatively stable transmission efficiency can be obtained, and to a certain extent, the security of network nodes data can be effectively guaranteed.

    Figures and Tables | References | Related Articles | Metrics
    Research and Optimization of Intrusion Detection Based on Improved V-detector Algorithm
    HE Jingsha, HAN Song, ZHU Nafei, GE Jiake
    2020, 20 (12):  19-27.  doi: 10.3969/j.issn.1671-1122.2020.12.003
    Abstract ( 460 )   HTML ( 12 )   PDF (1509KB) ( 198 )  

    With the rapid increase in the number of Internet users, network threats are also growing rapidly. Traditional passive defense measures are not enough to defend against the ever-changing network intrusions. The principle of traditional intrusion detection system is to collect virus features and then match them. For unknown viruses, the traditional detection mechanism lags behind. Facing the increasingly complex network security environment, it is of great significance to study intrusion detection system based on artificial immune theory. This paper first introduces the core idea of artificial immune theory, which is negative selection algorithm, and then introduces real value negative selection algorithm and V-detector algorithm. In view of the shortcomings of V-detector algorithm, three improvements are made. The clonal selection algorithm based on distance variation is proposed to improve the efficiency of detector generation. The de-redundancy algorithm is proposed to reduce detector redundancy and accelerate algorithm convergence. The improved hypothesis testing method is used to evaluate the coverage of the detector set. Experiments show that the improved V-detector algorithm can effectively improve the detection accuracy, reduce the detection of black holes, and greatly reduce the detection time.

    Figures and Tables | References | Related Articles | Metrics
    A Method of Adaptive Abnormal Network Traffic Detection
    ZHANG Xinyue, HU Anlei, LI Jurong, FENG Yanchun
    2020, 20 (12):  28-32.  doi: 10.3969/j.issn.1671-1122.2020.12.004
    Abstract ( 445 )   HTML ( 22 )   PDF (1052KB) ( 238 )  

    In this paper, we propose a new adaptive attack detection method for DDoS abnormal traffic attacks. The method is based on the characteristics of network access behavior for rapid learning modeling, and then through a traffic TOP-N ranking table to achieve dynamic filtering of abnormal traffic. The sample template of TOP-N table adopts adaptive convergence algorithm to quickly self-learning update. This method can quickly and accurately identify abnormal traffic and attack behavior, and greatly improve the accuracy of abnormal traffic attack detection. It is especially suitable for the detection and protection of slow application DDoS attacks.

    Figures and Tables | References | Related Articles | Metrics
    A Secure Identity Authentication Scheme for Space-ground Integrated Network Based on Bilinear Pairing
    ZHAO Guofeng, ZHOU Wentao, XU Chuan, XU Lei
    2020, 20 (12):  33-39.  doi: 10.3969/j.issn.1671-1122.2020.12.005
    Abstract ( 436 )   HTML ( 16 )   PDF (1386KB) ( 240 )  

    This paper proposes a secure identity authentication scheme for space-ground integrated network based on bilinear pairing. In the process of authentication, the two-way authentication between entities in the network can be completed without the participation of a third party, and the session key will be negotiated during the authentication process. The key provides confidentiality protection for the subsequent data transmission. In addition, the security of the proposed scheme is based on the elliptic curve discrete logarithm difficulty problem(ECDLP) and the elliptic curve computational Diffie-Hellman difficult problem(ECCDHP). It has high security and can defend against various forms of attacks. Finally, thisp paper conducts a theoretical analysis for the scheme of the feasibility and effectiveness.

    Figures and Tables | References | Related Articles | Metrics
    A Bi-directional Use Scheme of Quantum Key Pool
    FENG Yan, LIU Nian, XIE Sijiang
    2020, 20 (12):  40-46.  doi: 10.3969/j.issn.1671-1122.2020.12.006
    Abstract ( 405 )   HTML ( 12 )   PDF (1168KB) ( 165 )  

    Both sides of the communication may read the key from the shared quantum key pool at the same time in the quantum secure communication system. If the key is not allowed to be reused, there will be competition in the use of the key in the quantum key pool. To solve this problem, a bi-directional key use scheme of quantum key pool is proposed, and the interaction and implementation mechanism of the specific protocol are given. The scheme is based on the idea of half duplex communication, which effectively solves the competitive use of key in the key pool by controlling the permission for obtaining key actively from the quantum key pool, and realizes that both sides of communication can read the encryption key and decryption key correctly from the shared quantum key pool.

    Figures and Tables | References | Related Articles | Metrics
    Virtual Identity Identification Based on Semantic for Network Trading Platform
    ZHANG Xuan, YUAN Deyu, JIN Bo
    2020, 20 (12):  47-53.  doi: 10.3969/j.issn.1671-1122.2020.12.007
    Abstract ( 410 )   HTML ( 6 )   PDF (1377KB) ( 157 )  

    In recent years, the development of IT technology has given rise to the prosperity of online trading platforms, which are deeply integrated into people's production and life. The diversification and differentiation of online transactions also encourage both parties to register accounts on different platforms and use multiple virtual identities to buy and sell commodities. Due to the non-sharing of information between different platforms and the lack of effective association between virtual identities, data cannot be aggregated and it is difficult to identify users through the traditional data association comparison method. Therefore, new technical methods are urgently needed to effectively identify the virtual identities of participants of network trading platforms and form accurate identity mapping. Training data using multiple network trading platform, this paper generated virtual identity based on Doc2Vec semantic similarity analysis identity recognition unsupervised model, description of goods on sale text similarity calculation, dig the hidden sellers in the same virtual identity, and picture for the user, recommend, risk control and other technical application support.

    Figures and Tables | References | Related Articles | Metrics
    A Malware Detection Method Based on XGBoost and LightGBM Two-layer Model
    XU Guotian, SHEN Yaotong
    2020, 20 (12):  54-63.  doi: 10.3969/j.issn.1671-1122.2020.12.008
    Abstract ( 411 )   HTML ( 22 )   PDF (1633KB) ( 278 )  

    At present, most of the malware detection methods based on network traffic rely on expert experience to acquire features. This process is time-consuming and laborious, and less traffic features are extracted. At the same time, the complexity of traditional feature engineering will greatly increase when the feature dimension is high. According to the above problem, this paper presents a use of limit gradient tree (XGBoost) and lightweight gradient hoist (LightGBM) malware detection method of double model, in the access network traffic and extract the target software related characteristics, using the characteristics of filtering method and mutual information method, and the data set into the first floor training XGBoost model, combined with the grid search of ways to get the optimal parameter combination, for obtaining the best XGBoost model in each sample of each tree in the leaf node position, to create a new collection, The LightGBM model is used to train the new data set so as to obtain the final detection model. The experimental results show that compared with other detection methods, the accuracy and real-time performance of the malware detection proposed in this paper are significantly improved.

    Figures and Tables | References | Related Articles | Metrics
    Generative Steganography Scheme Based on StarGAN
    BI Xinliang, YANG Haibin, YANG Xiaoyuan, HUANG Siyuan
    2020, 20 (12):  64-71.  doi: 10.3969/j.issn.1671-1122.2020.12.009
    Abstract ( 413 )   HTML ( 15 )   PDF (1293KB) ( 250 )  

    Aiming at the problems that the generated image and the real image are different in the generative steganography, and the image translation steganography needs to train a large number of models, a generative image steganography scheme based on StarGAN is proposed. Only one model can complete multi-style image translation task. The sender encodes the secret information, maps it to the style tag of the image, generates an image of the corresponding style, and sends it to the receiver. The receiver uses the extraction model which passed by the secret channel to extract the style tag of the image, and compares the encoding method to decode the secret informatione. The experimental results show that while reducing the number of training models, the scheme has significantly improved image quality and information extraction accuracy.

    Figures and Tables | References | Related Articles | Metrics
    Malware Familial Classification of Deep Auto-encoder Based on Mixed Features
    TAN Yang, LIU Jiayong, ZHANG Lei
    2020, 20 (12):  72-82.  doi: 10.3969/j.issn.1671-1122.2020.12.010
    Abstract ( 452 )   HTML ( 12 )   PDF (1419KB) ( 266 )  

    Malware authors usually evolve software versions to form malware families. The existing malware family classification methods need to be improved in terms of the robustness of feature selection, the effectiveness and accuracy of classification algorithms. To this end, this paper proposes a deep auto-encoder malware classification method based on mixed features. Firstly, by extracting the dynamic API sequence features and static byte entropy features of the malicious samples as mixed features, the global structure of the malicious samples can be obtained; then, the deep auto-encoder is used to reduce the dimensionality of the high-dimensional features; finally, the resulting low-dimensional features are input into the XGBoost algorithm classifier to obtain the malware's family classification. The experimental results show that this method can correctly and effectively distinguish different families, the micro average AUC reaches 98.3%, and the macro average AUC of the classification reaches 97.9%.

    Figures and Tables | References | Related Articles | Metrics
    A Threat Intelligence Generation Method for Malware Family
    WANG Changjie, LI Zhihua, ZHANG Ye
    2020, 20 (12):  83-90.  doi: 10.3969/j.issn.1671-1122.2020.12.011
    Abstract ( 363 )   HTML ( 16 )   PDF (1445KB) ( 235 )  

    In view of the current high redundancy of threat intelligence and the inability to quickly generate and share intelligence, a rapid threat intelligence generation method for malware families is proposed. Run the malware through the open source automated malware analysis platform and extract the malicious features, calculate the feature fuzzy hash value, use the improved CFSFDP algorithm to cluster the malware based on the fuzzy Hash value of the malicious code, and finally according to each type of malware family The characteristics of generate threat intelligence that meets the STIX1.2 standards. Experiments show that this method can effectively generate machine-readable and shareable threat intelligence, and significantly shorten the time for threat intelligence generation.

    Figures and Tables | References | Related Articles | Metrics
    PUF-based Kerberos Extension Protocol with Formal Analysis
    ZHANG Zheng, ZHA Daren, LIU Yanan, FANG Xuming
    2020, 20 (12):  91-97.  doi: 10.3969/j.issn.1671-1122.2020.12.012
    Abstract ( 401 )   HTML ( 9 )   PDF (1087KB) ( 182 )  

    This paper proposes an extended Kerberos protocol based on the physical unclonable function (PUF). In basis of the challenge-response authentication mechanism, this paper employs the PUF challenge-response pairs to substitute the password or the certificate in standard Kerberos protocol, so as to resist the password guessing attack and impersonation attack. The advantages of this extended protocol lie in the following aspects: it provides mutual authentication between the authentication server and the device; the device is not pre-distributed with any password or key, which reduces the storage overhead and the disclosure risk of password or key. The formal analysis based on BAN Logic and comparison with different protocols are both given to prove the security of the PUF-based extended protocol.

    Figures and Tables | References | Related Articles | Metrics