Loading...
Netinfo Security

Table of Content

    10 February 2021, Volume 21 Issue 2 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    Industrial Control Intrusion Detection Method Based on Optimized Kernel Extreme Learning Machine
    DU Ye, WANG Zimeng, LI Meihong
    2021, 21 (2):  1-9.  doi: 10.3969/j.issn.1671-1122.2021.02.001
    Abstract ( 436 )   HTML ( 20 )   PDF (1327KB) ( 463 )  

    In view of the long detection time of the existing industrial control system intrusion detection algorithm, which can’t meet the real-time performance of the system, an industrial control intrusion detection model based on optimized kernel extreme learning machine is proposed. The regularization coefficient C and kernel parameter g of KELM are jointly optimized by an improved sparrow search algorithm. In the population intialization stage, the good point set theory is introduced to increase the diversity of the initial population to enhance the global search ability, and a nonlinear decreasing safety value strategy is proposed. In the algorithm iteration process, a chaotic algorithm is introduced to avoid falling into the local minimum to expand the search area. Experimental results show that this algorithm has the advantages of high detection rate and low false positive rate, and meets the high real-time requirement of industrial control system.

    Figures and Tables | References | Related Articles | Metrics
    Vulnerability Analysis of Geohash Code Against k-nearest Neighbor Attack
    TU Guoqing, YANG Yanhao, LIU Shubo
    2021, 21 (2):  10-15.  doi: 10.3969/j.issn.1671-1122.2021.02.002
    Abstract ( 358 )   HTML ( 24 )   PDF (1136KB) ( 185 )  

    As a dimensionality reduction technology, Geohash coding has been applied to many spatial databases and spatial data engines, but there is no research on its security. This paper focuses on the security vulnerabilities in Geohash encoding, theoretically analyzes the reason why this dimensionality reduction technology produces inference channels, and proposes an encrypted Geohash field reconstruction algorithm based on k nearest neighbor query, by observing a large number of k nearest neighbor query responses for plaintext information, perform statistical inference and reconstruct the original value of encrypted Geohash. Reconstruction experiments on the encrypted interest point database show that the more the number of query responses observed, the higher the accuracy of the reconstruction value. In the case of Geohash coding accuracy of 30bit, when 100000 to 3000000 query responses are observed, the average error between the reconstructed value and the original value is 0.074% to 0.015%. This work reveals the vulnerability and formation mechanism of Geohash coding in resisting k nearest neighbor query inference attacks, and will promote the security application and research of related geographic information system industries.

    Figures and Tables | References | Related Articles | Metrics
    A White-box Implementation Scheme of Lightweight Block Cipher GIFT
    CHEN Jie, TONG Peng, YAO Si
    2021, 21 (2):  16-23.  doi: 10.3969/j.issn.1671-1122.2021.02.003
    Abstract ( 392 )   HTML ( 16 )   PDF (1203KB) ( 546 )  

    The white-box implementation is to design the known cryptographic algorithm through the white-box cryptographic technology, so that it has the same function as the original algorithm in the white-box attack environment, and at the same time guarantees that the security of the algorithm will not be destroyed. This paper gives a white-box implementation of a lightweight block cipher GIFT. The main idea is to use look-up tables to represent the input and output of the cryptographic algorithm in each round, and then use different sizes of affine functions to encode the input and output of the look-up tables. This scheme requires 13.92 MB of memory and proves that it can resist the algebraic analysis attack, including BGE attack, MGH attack, affine equivalence algorithm attack and difference matrix analysis attack, among them the complexity of the affine equivalence algorithm attack is greater than $O({{2}^{82}})$.

    Figures and Tables | References | Related Articles | Metrics
    Moving Target Defense Method Based on Double Address Hopping
    LI Zhaoyang, TAN Jinglei, HU Ruiqin, ZHANG Hongqi
    2021, 21 (2):  24-33.  doi: 10.3969/j.issn.1671-1122.2021.02.004
    Abstract ( 449 )   HTML ( 28 )   PDF (1431KB) ( 283 )  

    The determinism and static nature of the network system make the network defense in a passive state. As a defense concept, moving target defense is proposed, which changes the offensive and defensive situation. Aiming at sniffing and scanning attacks, this paper proposes a moving target defense method based on double address hopping—DAH. Through double virtual address hopping frequency classification, DAH effectively solves the contradiction between communication service quality and hopping frequency. It utilizes low-frequency virtual address hopping to ensure network availability, and utilizes high-frequency virtual address hopping to resist sniffing attacks. By detecting abnormal communication behaviors of the host, DAH constructs spoofed packets to confuse and block scanning attacks. The experimental results show that DAH can not only ensure the normal communication delay and CPU load of the network, but also effectively resist sniffing and scanning attacks.

    Figures and Tables | References | Related Articles | Metrics
    Multi-keyword Fine-grained Searchable Encryption Scheme Based on Blockchain
    ZHANG Yinghui, ZHU Tian, ZHENG Dong
    2021, 21 (2):  34-44.  doi: 10.3969/j.issn.1671-1122.2021.02.005
    Abstract ( 573 )   HTML ( 21 )   PDF (1209KB) ( 395 )  

    Ciphertext-policy attribute-based keyword search (CP-ABKS) technology can achieve fine-grained control and retrieval of encrypted data. However, the existing CP-ABKS scheme seldom considered the malicious behavior of the cloud server and the fair payment of the search process, and usually only supported single-keyword ciphertext retrieval. This paper proposes a multi-keyword fine-grained searchable encryption scheme based on blockchain. The use of ciphertext policy attribute-based encryption (CP-ABE) technology satisfies multi-user retrieval and realizes fine-grained access control and access policy hiding. The combination of blockchain technology prevents malicious cloud servers from tampering with the index, and the use of smart contracts ensures fair payment between users and data owners. In addition, the scheme also implements multi-keyword retrieval, and can ensure that users get correct retrieval results without the need for a third-party verification entity. The security analysis shows that the proposed scheme can guarantee the indistinguishability of keywords and access policies, and the performance evaluation verifies that the scheme has better functions while ensuring efficiency.

    Figures and Tables | References | Related Articles | Metrics
    Research on Dynamic Desensitization Method of Civil Aviation Passenger Information Based on Generalized FPE Encryption
    DING Jianli, CHEN Pan, MA Yong
    2021, 21 (2):  45-52.  doi: 10.3969/j.issn.1671-1122.2021.02.006
    Abstract ( 265 )   HTML ( 12 )   PDF (1202KB) ( 241 )  

    With the development of e-tickets and biometric security inspection, the civil aviation business system keeps a large number of passenger information, which has laid a digital foundation for the development of "intelligent civil aviation", but also brought new challenges to the data security protection of civil aviation. In order to solve the situation of malicious or unintentional disclosure of passenger information by insiders, this paper proposed to use generalized FPE encryption to desensitize the sensitive information of passengers in real time, and to ensure the security of passenger information on the basis of preserving the original format features of passengers. The experimental results show that this method can efficiently and safely process the passenger information query request, so as to ensure the passenger information security while the internal personnel query the passenger information.

    Figures and Tables | References | Related Articles | Metrics
    Research on Intrusion Detection of Industrial Control System Based on Improved Whale Algorithm
    WANG Huazhong, CHENG Qi
    2021, 21 (2):  53-60.  doi: 10.3969/j.issn.1671-1122.2021.02.007
    Abstract ( 361 )   HTML ( 15 )   PDF (1379KB) ( 264 )  

    Aiming at the problem of long optimization time and low classification accuracy of industrial control intrusion detection model, an improved whale algorithm(IWOA) is proposed to optimize the parameters in SVM intrusion detection model. Firstly, the improved whale optimization algorithm introduces the adaptive step size and congestion factor of the AFSA. The adaptive step size can balance the ability of the whale algorithm to explore and accelerate the convergence speed. The congestion factor can avoid the premature phenomenon of the algorithm caused by overcrowding of the population search location. Secondly, the improved Gaussian mutation operator is added to the local search mechanism to make the algorithm jump out of the local optimal region. Applying it to the SVM intrusion detection model, the simulation on the natural gas pipeline data set of the industrial control system proves that the model detection accuracy rate and detection speed are significantly improved.

    Figures and Tables | References | Related Articles | Metrics
    Hybrid DDoS Attack Distributed Detection System Based on Hadoop Architecture
    LUO Wenhua, CHENG Jiaxing
    2021, 21 (2):  61-69.  doi: 10.3969/j.issn.1671-1122.2021.02.008
    Abstract ( 340 )   HTML ( 23 )   PDF (1651KB) ( 163 )  

    Hybrid DDoS attack adopts the attack mode combining multiple data types, and gradually replaces the single type of DDoS attack because of its strong penetrating power and difficult to be accurately detected. For the detection of hybrid DDoS attacks, a distributed intrusion detection architecture based on Hadoop cluster is designed, and a multi-attribute fusion detection algorithm using MapReduce model is proposed. This algorithm improves the traditional algorithm which only detects from IP single angle, and can realize intrusion traffic detection by integrating IP, data frame length, flag bit and other multiple attributes and adaptive adjustment threshold. The experimental results show that the distributed intrusion detection system designed in this paper has good scalability, and better detection performance can be achieved by expanding the cluster scale and increasing the HDFS block size. Compared with the traditional detection algorithm, the detection rate of hybrid DDoS attack is significantly improved without significant increase in detection time, and the specific attack type can be determined.

    Figures and Tables | References | Related Articles | Metrics
    Generative Image Steganography Based on Digital Cardan Grille
    WANG Yaojie, YANG Xiaoyuan, LIU Wenchao
    2021, 21 (2):  70-77.  doi: 10.3969/j.issn.1671-1122.2021.02.009
    Abstract ( 376 )   HTML ( 8 )   PDF (2081KB) ( 195 )  

    In order to solve the problem that the carrier modification in image steganography will leave the modification trace, this paper proposes an image steganography scheme based on digital Cardan Grille. The scheme first generates the digital Cardan Grille automatically as the key of information steganography and extraction. Secondly, the blank image is used as the carrier to fill in the secret information according to the area of digital Cardan Grille. Under the condition that the secret message is kept unchanged in the whole steganography process, the damaged image of the model is generated by depth to generate the stego image with natural semantics. The results of experiments on CelebA dataset and LUSN dataset show that the new steganography scheme is feasible. Compared with other steganographic methods, this scheme is more secure in actual communication.

    Figures and Tables | References | Related Articles | Metrics
    Network Abnormal Flow Detection Method Based on Feature Attribute Information Entropy
    LIU Yi, LI Jianhua, ZHANG Yitao, MENG Tao
    2021, 21 (2):  78-86.  doi: 10.3969/j.issn.1671-1122.2021.02.010
    Abstract ( 597 )   HTML ( 32 )   PDF (2130KB) ( 275 )  

    Aiming at the problem of network abnormal flow detection, this paper proposes an abnormal flow detection method based on network flow feature attribute information entropy. This method firstly calculates the four feature attribute information entropies of source port number, destination port number, source IP address and destination IP address which describe the change of network flow feature. At the same time, normalization is performed to reduce the impact of abnormal sample data on classification performance. Then, the adaptive genetic algorithm is used to optimize the penalty parameters and kernel function parameters of the support vector machine classifier to improve the generalization ability of the classifier. At the same time, the crossover operator and mutation operator of the genetic algorithm are improved to reduce the training time of the support vector machine classifier. Finally, the trained support vector machine classifier is used to recognize the change of the four flow feature attribute information entropies to realize the network abnormal flow detection. Simulation experiments show that the four flow feature attribute information entropies extracted by the method can effectively characterize abnormal flow change. Under a variety of abnormal flow types, the method has a high abnormal flow recognition rate and a low false positive rate, and the robustness of the detection method is better.

    Figures and Tables | References | Related Articles | Metrics
    A Distributed Off-chain Storage Framework Based on Blockchain
    CHU Zhiqiang, WU Jiying, XU Lei, DU Cong
    2021, 21 (2):  87-93.  doi: 10.3969/j.issn.1671-1122.2021.02.011
    Abstract ( 460 )   HTML ( 21 )   PDF (1070KB) ( 263 )  

    With the continuous development of distributed storage technology, more and more enterprises and government agencies save their data in the cloud to realize distributed storage of big data and data resource sharing. The decentralized, traceable, non-tamperable, and data consistency features of block-chain technology have brought new opportunities to address the privacy and security challenges of cloud storage. In this paper, we propose a distributed off-chain storage framework based on block-chain. Block nodes and storage nodes are deployed in the block-chain, where the block nodes are used to execute the underlying block-chain operation mechanism and the storage nodes are used to store data and files, and off-chain storage is achieved by separating the block and storage functions. In addition, a global interaction verification method using a classical data possession based mechanism is proposed to ensure distributed, reliable and provable storage of data files. The audit mechanism of the fair challenge mechanism is triggered when users add blocks (stored files) to the block-chain, thus implicitly verifying the integrity of all files stored off-chain.

    Figures and Tables | References | Related Articles | Metrics