Loading...
Netinfo Security

Table of Content

    10 January 2021, Volume 21 Issue 1 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    The Generation Method of Network Defense Strategy Combining with Attack Graph and Game Model
    JIN Zhigang, WANG Xinjian, LI Gen, YUE Shunmin
    2021, 21 (1):  1-9.  doi: 10.3969/j.issn.1671-1122.2021.01.001
    Abstract ( 779 )   HTML ( 35 )   PDF (9658KB) ( 367 )  

    In recent years, incidents threatening network security have become more frequent, hackers’ attack methods have become more and more sophisticated, and the difficulty of network security protection has continued to increase Aiming at the problem of the complex and changeable attack strategies and the imperfect rationality of the attacker in the actual network attack and defense environment, the article integrated the attack graph into the attack and defensive game model, and introduced a reinforcement learning algorithm to design a network active defense strategy generation method. The article first proposed a network vulnerability assessment model based on an improved attack graph, this model successfully compresses strategy space and effectively reduces the difficulty of modeling; then the article built a game model for network attack and defense, designed the attacker and defender’s decision-making on the network attack and defense strategy as a multi-stage random game model. At the same time, the article introduces reinforcement learning Minimax-Q Learning to design a self-learning network defense algorithm, through this algorithm, the defender can learn a series of attack behaviors to solve the optimal defense strategy for the attacker. Finally, the article verifies the effectiveness and advancement of the algorithm through simulation experiments. At the same time, the article introduced reinforcement learning Minimax-Q to design a self-learning network defense strategy selection algorithm, through this algorithm, the defender can learn a series of attack behaviors to solve the optimal defense strategy for the attacker. Finally, the article verified the effectiveness and advancement of the algorithm through simulation experiments., it shows that the proposed method has certain guiding significance for network defense.

    Figures and Tables | References | Related Articles | Metrics
    The Nonlinearity Optimization Algorithm of S-box Based on TD-ERCS Sequence
    ZHANG Xuefeng, WEI Kaili, JIANG Wen
    2021, 21 (1):  10-18.  doi: 10.3969/j.issn.1671-1122.2021.01.002
    Abstract ( 443 )   HTML ( 4 )   PDF (8710KB) ( 92 )  

    Aiming at the problems that the S-boxes generated by chaotic systems have lower nonlinearity, in this paper, aims at the method of generating S-boxes based on a mapping system of tangent-delay ellipse reflecting cavity(TD-ERCS), proves the S-boxes have bijection firstly. On this basis, an improved hill-climbing algorithm is designed. By dynamically reducing the selection ranges of Walsh-Hadamard transform(WHT) of Boolean functions, and inverting six Boolean values satisfying the conditions, the nonlinearities of bijective S-boxes are improved. Theoretical and experimental simulation analysis shows that, the performance of S-boxes generated by optimization algorithm is improved effectively, and has better performance in algorithm efficiency, nonlinearity, strict avalanche criterion and differential approximation probability.

    Figures and Tables | References | Related Articles | Metrics
    Two-Party ECDSA for Blockchain Based on Hash Proof Systems
    LIU Feng, YANG Jie, QI Jiayin
    2021, 21 (1):  19-26.  doi: 10.3969/j.issn.1671-1122.2021.01.003
    Abstract ( 1126 )   HTML ( 18 )   PDF (8999KB) ( 381 )  

    Elliptic curve signature ECDSA is one of the common digital signatures in blockchain cryptography technology, which has been widely used in cryptocurrency, key identity authentication, etc. However, current blockchain ECDSA algorithm is inflexible, weakly anonymous and poorly decentralized, and have limited examples of relatively high-performing applications. This study intended to propose a two-party elliptic curve signature suitable for blockchain with the help of Hash proof systems. Given the mathematical logic of the signature algorithm and its security model, its incorporation into the blockchain was evaluated to show the feasibility of the scheme. Finally, the security of the signature scheme was analyzed, and a simulation-based security proof was used to demonstrated that the scheme did not require interactive security assumptions and can reduce the overhead in communication with zero knowledge proof.

    Figures and Tables | References | Related Articles | Metrics
    A SDN Dynamic Honeypot with Multi-phase Attack Response
    WANG Juan, YANG Hongyuan, FAN Chengyang
    2021, 21 (1):  27-40.  doi: 10.3969/j.issn.1671-1122.2021.01.004
    Abstract ( 674 )   HTML ( 21 )   PDF (15008KB) ( 432 )  

    As an active defense mechanism, a honeypot can actively attract attackers to interact with imitative and illusive resources by deploying decoy targets, which can not only prevent valuable real assets from being destroyed, but also analyze and deal with the attack behaviors according to the collected data. However, the existing honeypot systems have some limitations, such as unable to deploy specific defense honeypots for complex attack scenarios, unable to select the best defense strategy according to the benefits and costs because of the insufficient dynamic consideration in honeypot attack and defense game, and the performance overhead is large. This paper proposes a SDN dynamic honeypot architecture based on multi-phase attack response and dynamic game theory, presents a deployment strategy for SDN dynamic honeypot by using Docker, and implements a novel dynamic honeypot system which can be dynamically adjusted according the different attack phases. Experiments show that the system can quickly and dynamically generate a targeted honeypot for response according to the network situation and the behaviors of attackers, which effectively improves the dynamic and deception ability of honeypot.

    Figures and Tables | References | Related Articles | Metrics
    Identification of LoRa Device Based on Differential Constellation Trace Figure
    SONG Yubo, GENG Yijin, LI Guyue, LI Tao
    2021, 21 (1):  41-48.  doi: 10.3969/j.issn.1671-1122.2021.01.005
    Abstract ( 679 )   HTML ( 14 )   PDF (9062KB) ( 182 )  

    As a long-distance wireless transmission technology based on spread spectrum, LoRa is widely used in the field of Internet of Things, and the safety of LoRa device has also become a hot research direction. Aiming at the modulation principle and signal characteristics of LoRa, the identification method of LoRa device based on differential constellation trace figure is proposed, which cleverly transforms the device authentication problem into an image processing problem. The constellation trace figure of the received signals are processed by differential processing, and the clustering center of the differential constellation trace figure is obtained based on the clustering algorithm, which is used as the unique identifier of the device.In addition, the similarity calculation method based on Euclidean distance is used to match the cluster centers of devices to realize the authentication of terminal devices. The experimental results show that the LoRa device identification method based on differential constellation trace figure can accurately identify five LoRa transmission modules, and still has a high recognition rate in the case of low signal-to-noise ratio, which verifies the effectiveness and stability of the method.

    Figures and Tables | References | Related Articles | Metrics
    Feedback Control Method for Mimic Defense in Cloud Environment
    CHEN Fucai, ZHOU Mengli, LIU Wenyan, LIANG Hao
    2021, 21 (1):  49-56.  doi: 10.3969/j.issn.1671-1122.2021.01.006
    Abstract ( 397 )   HTML ( 7 )   PDF (8744KB) ( 97 )  

    The virtualization technology in the cloud environment brings some data and privacy security issues to users. Aiming at the problems of the singleness, homogeneity and static stateof virtual machines in the cloud environment, a feedback control method for mimic defense under the cloud environment is proposed. This method is based on the virtual machine in the cloud and uses mimic defense technology to mimic encapsulation of virtual machines, through the feedback control architecture to achieve closed-loop negative feedback control, and based on the dynamic rotation of heterogeneous virtual machines to change the execution environment to ensure the randomness of the virtual machine system environment. Experiments show that the design achieves error tolerance for user services, suspicious virtual machine detection and dynamic rotation, which increases the difficulty for attackers to exploit vulnerabilities.

    Figures and Tables | References | Related Articles | Metrics
    High-speed Implementation of FESH Block Cipher Algorithm Based on FPGA
    WANG Jianxin, ZHOU Shiqiang, XIAO Chaoen, ZHANG Lei
    2021, 21 (1):  57-64.  doi: 10.3969/j.issn.1671-1122.2021.01.007
    Abstract ( 601 )   HTML ( 12 )   PDF (8238KB) ( 105 )  

    The FESH block cipher algorithm is the cipher algorithm that entered the second round of selection in the 2019 national encryption algorithm competition. In this paper, the FESH-128-128 type of the algorithm is implemented in Verilog HDL at a high speed. On the basis of the finite state machine, the top-level module adopts the pipeline design method to optimize, and the intermediate data is stored in the register to improve the operating efficiency. The results show that the 5CEFA7F31C6 chip is used for synthesis on the software Quartus II 15.0, and the pipeline design method is used to optimize the maximum operating speed of 296.74 MHz, which is 98.28% higher than the finite state machine implementation; the throughput rate reaches 37.98 Gbps, which Compared with the finite state machine, the realization is improved by about 33 times.

    Figures and Tables | References | Related Articles | Metrics
    Research and Implementation on WebShell Comprehensive Detection and Traceability Technology Based on High-speed Network
    WANG Yueda, HUANG Pan, JING Tao, SONG Yaxi
    2021, 21 (1):  65-71.  doi: 10.3969/j.issn.1671-1122.2021.01.008
    Abstract ( 523 )   HTML ( 22 )   PDF (8100KB) ( 151 )  

    WebShell is a common Web script intrusion attack tool. By implanting WebShell into the Website server, the Website server can be controlled and the server operating program permissions can be obtained. WebShell is usually nested in normal Webpage scripts, which has strong concealment and brings great harm to the Website itself and visitors. In response to the above problems, this paper proposes a high-speed network traffic analysis and detection technology based on DPDK, which captures and analyzes network traffic in a high-speed network environment, and realizes efficient detection of WebShell in traffic data packets through feature code matching. At the same time, the WebShell file and the attacker are traced and analyzed.

    Figures and Tables | References | Related Articles | Metrics
    GlusterFS-based Distributed Data Integrity Verification System
    ZHANG Fucheng, FU Shaojing, XIA Jing, LUO Yuchuan
    2021, 21 (1):  72-79.  doi: 10.3969/j.issn.1671-1122.2021.01.009
    Abstract ( 472 )   HTML ( 5 )   PDF (8535KB) ( 79 )  

    Cloud Storage provides users with a flexible and reliable data storage solution, which enables users to access data stored on the cloud server through network at any time, greatly reducing the cost of data maintenance by users themselves, but it also causes a series of security problems. For cloud storage, it is very important to take audit measures to check the integrity of data, but most of the existing cloud data integrity audit mechanisms only prove the efficiency of the proposed scheme through simulation experiments, and do not analyze and experiment combining with specific cloud storage scenarios. To solve above problems, this paper designs a distributed parallel data audit scheme based on the GlusterFS distributed file system and BLS short signature mechanism, which uses multiple storage nodes of GlusterFS to calculate the corresponding labels of data blocks in parallel, and verify the integrity of data by verifying the integrity of the corresponding labels of data. The scheme realizes single block audit, multi-block audit, multi-user audit and asynchronous audit, and the privacy information of users could not be disclosed. In addition, the security analysis is carried out. The experimental results show that the scheme can achieve efficient parallel auditing of multi-block data, and the concurrent amount can increase linearly with the increase of nodes.

    Figures and Tables | References | Related Articles | Metrics
    Research on Active Learning-based Intrusion Detection Approach for Industrial Internet
    SHEN Yeming, LI Beibei, LIU Xiaojie, OUYANG Yuankai
    2021, 21 (1):  80-87.  doi: 10.3969/j.issn.1671-1122.2021.01.010
    Abstract ( 636 )   HTML ( 24 )   PDF (8846KB) ( 193 )  

    Aiming at the problem of low accuracy of intrusion detection caused by complex industrial Internet structure and few known attack samples, an active learning-based intrusion detection system for Industrial Internet is proposed. The system introduces expert tagging into the process of intrusion detection, combines active learning query strategy with LightGBM, and solves the problem of low accuracy of intrusion detection system when training samples are scarce. Firstly, the system extracts features from the original network flow and the payload of the Industrial Internet and fills the missing data by the nearest neighbor method. Secondly, sampling with uncertainty, the most valuable training samples are selected to be labeled by experts. Then, the labeled samples are added to the training set, and Bayesian Optimization is used to optimize the hyper parameters of the LightGBM model. Finally, the validity of the intrusion detection is verified by the binary classification and multi-classification experiments on the data set.

    Figures and Tables | References | Related Articles | Metrics
    Research on Authentication and Key Agreement Method of IMS-based Mobile Communication Private Network
    DONG Qiang, LUO Guoming, SHI Hongkui, ZHANG Yongyue
    2021, 21 (1):  88-96.  doi: 10.3969/j.issn.1671-1122.2021.01.011
    Abstract ( 340 )   HTML ( 6 )   PDF (10286KB) ( 80 )  

    In order to adapt to the development of the industry's mobile communication private network and the demand for confidential call services, in view of the independent service control characteristics of the private network, a forward compatible private network functional structure model is proposed in the mobile communication private network using IMS technology architecture, focusing on research and analysis of several authentication and key agreement schemes which can be applied to IMS private network. According to whether the home server participates in the authentication process, this article is divided into two types of application scenarios, end-to-end and end-to-server, and comprehensively compares the security performance and computing overhead of various authentication and key agreement schemes, and gives a better scheme, which is a private network provide reference for the construction of communication security related mechanisms.

    Figures and Tables | References | Related Articles | Metrics