Loading...
Netinfo Security

Table of Content

    10 July 2021, Volume 21 Issue 7 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    An Authentication Protocol Achieving Online Registration and Privilege Separation for Industrial Internet of Things
    LIU Xin, YANG Haorui, GUO Zhenbin, WANG Jiayin
    2021, 21 (7):  1-9.  doi: 10.3969/j.issn.1671-1122.2021.07.001
    Abstract ( 408 )   HTML ( 48 )   PDF (1239KB) ( 416 )  

    In order to resist the internal malicious attackers, protect the security of control instructions and industrial data, achieve the authentication of users and facilities, this paper designs a secure identity authentication protocol for the industrial Internet of things. Based on the realization of legitimacy verification, this paper introduces the mechanism of separation of users’ privilege and online registration of participating entities to improve the security and availability of the protocol. Finally, the security of the protocol is verified by simulation tool AVISPA and non-formal security analysis. Performance analysis and comparative analysis show that the protocol can be applied to industrial Internet of things identity authentication.

    Figures and Tables | References | Related Articles | Metrics
    Coordination of Functional Safety and Information Security for Intelligent Instrument Based on Fuzzy Multi-objective Decision
    HU Bowen, ZHOU Chunjie, LIU Lu
    2021, 21 (7):  10-16.  doi: 10.3969/j.issn.1671-1122.2021.07.002
    Abstract ( 427 )   HTML ( 12 )   PDF (1250KB) ( 138 )  

    Aiming at the typical functional modules and security requirements of instruments, this paper designs a coordination framework that eliminate strategy overlap and resolve strategy conflicts. Based on the framework, the attributes of the security strategy are extracted and the formal modeling is completed. Then, this paper strikes a balance among security protection capabilities, risk mitigation degrees, instrument resource constraints and various factors comprehensively, and considers the difference of fuzzy preference of network communication security strategy and control behavior security strategy in the strategy integration process. Furthermore, the optimal deployment plan of security protection strategy is drawn. Finally, simulation experiments verify the feasibility and effectiveness of the proposed approach. In this paper, through a combination of fuzzy multi-objective decision-making and priority selection, the integration process of functional safety strategy and information security strategy for intelligent instrument is realized.

    Figures and Tables | References | Related Articles | Metrics
    A Code Obfuscation System against Symbolic Execution Attacks
    WEN Weiping, FANG Ying, YE He, CHEN Xiarun
    2021, 21 (7):  17-26.  doi: 10.3969/j.issn.1671-1122.2021.07.003
    Abstract ( 640 )   HTML ( 22 )   PDF (1160KB) ( 329 )  

    Symbolic execution technology has made great progress in the areas of assisting the discovery of software vulnerabilities and software de-obfuscation. As one of the most effective means to protect software security, the existing code obfuscation system can be hardly resilient against symbolic execution attacks. To solve the problem mentioned above, starting from the function extension of the obfuscation system and the weakness exploitation of the symbolic execution tool, this paper enriches the synonymous instruction replacement set and the identical truth predicate set, and designs opaque predicates to obfuscate the control flow and reinforce the branching conditions of the software, and proposes a code obfuscation system that is compatible with multiple programming languages, scalable, and can resist symbolic execution attacks. The experimental results show that this obfuscation system can induce symbolic execution tools to enter unreachable paths, or protect some right paths from being explored by symbolic execution tools without changing the original functions of the software, so that it can be resilient against the attacks of symbolic execution tools. Compared with traditional obfuscation systems, this system has obvious advantages in combating symbolic execution attacks.

    Figures and Tables | References | Related Articles | Metrics
    Network Intrusion Detection Algorithm Integrating Blockchain and Federated Learning
    REN Tao, JIN Ruochen, LUO Yongmei
    2021, 21 (7):  27-34.  doi: 10.3969/j.issn.1671-1122.2021.07.004
    Abstract ( 680 )   HTML ( 69 )   PDF (1264KB) ( 357 )  

    In order to improve the classification effect of the varied and small sample data faced by the intrusion detection field, this paper adopts the federated learning mechanism, which is widely used in distributed training recently, to solve the problem that network data is stored in independent devices and not shared with each other. This paper proposes a federated learning mechanism that integrates blockchain, which replace the central server to optimize federated learning, and designs a network intrusion detection algorithm for lightweight devices with this learning mechanism. By integrating the blockchain mechanism into federated learning, it overcomes the shortcoming of federated learning that is too dependent on a single server so as to solve the single point failure of the federated learning servers. Tested on representative data sets, the accuracy rate can reach 98.8%; In the network intrusion detection framework, the support vector machine optimized by the sparrow search algorithm is introduced. Compared with the traditional support vector machine algorithm, the accuracy rate is increased by 5.01% on average, and the false positive rate is reduced by 6.24% on average.

    Figures and Tables | References | Related Articles | Metrics
    A Multiple Paths Routing Scheme with Least Number of Public Nodes Based on Trust Relaying Quantum Key Distribution Network
    XIE Sijiang, GAO Qiong, FENG Yan
    2021, 21 (7):  35-42.  doi: 10.3969/j.issn.1671-1122.2021.07.005
    Abstract ( 358 )   HTML ( 15 )   PDF (998KB) ( 149 )  

    With the development of quantum information technology, quantum key distribution network is gradually applied to real life. In order to improve the security of quantum key distribution network, this paper compares and analyzes the random routing and multi-path routing schemes, and proposes a multi-path scheme with the least common nodes. This scheme is suitable for network structures with densely distributed links. By finding multiple disjoint paths, the scheme reduces redundant paths, improves the security of key routing, and reduces the consumption of quantum key in the routing process. Finally, an example is given to verify the routing scheme.

    Figures and Tables | References | Related Articles | Metrics
    Research on SQL Injection Attacks Detection Method Based on the Truncated Key Payload
    GUO Chun, CAI Wenyan, SHEN Guowei, ZHOU Xuemei
    2021, 21 (7):  43-53.  doi: 10.3969/j.issn.1671-1122.2021.07.006
    Abstract ( 446 )   HTML ( 32 )   PDF (1276KB) ( 156 )  

    SQL injection attack is one of the common methods used by hackers to attack the database, which poses a great threat to the security of current Web applications. Considering that there are a lot of the same strings between the SQL injection and the normal HTTP statements, it will decrease the discrimination results of these statements. With the analysis of the difference between the SQL injection and the normal HTTP statements, this paper proposes a key payload truncating method based on keyword pairs. This method can truncate the key payloads from SQL injection statements to decrease the number of the same strings with the SQL injection attacks statements. Integrate with natural language processing technology, the truncated payloads, word2vec, and a classification algorithm, this paper constructs a SQL injection attacks detection method based on the truncated key payloads(SDMTKP), and constructs a Web system to test this method. The experimental results show that SDMTKP is better than the method based on the complete statements and word2vec in terms of detection accuracy and detection efficiency.

    Figures and Tables | References | Related Articles | Metrics
    Network Traffic Anomaly Detection Technology Based on Convolutional Recurrent Neural Network
    XU Hongping, MA Zewen, YI Hang, ZHANG Longfei
    2021, 21 (7):  54-62.  doi: 10.3969/j.issn.1671-1122.2021.07.007
    Abstract ( 502 )   HTML ( 31 )   PDF (2535KB) ( 500 )  

    With the wide spread of Internet technology, network security issues also increase. As one of the main defense means of the network system, the method of anomaly detection of network traffic has gradually changed from the detection methods based on traffic load characteristics and anomaly feature database matching to classification methods based on machine learning and deep learning. Firstly, this paper proposes a network traffic data sample partition method based on the number of data packets, and then combining convolutional neural network and recurrent neural network in deep learning, proposes a network traffic anomaly detection algorithm based on convolutional recurrent neural network, which can more fully extract the characteristics of network traffic data in spatial domain and time domain. Finally, this paper uses the public network traffic data set to detect traffic anomaly. High precision, recall and accuracy are obtained by experiments, which verifies the effectiveness of the proposed method.

    Figures and Tables | References | Related Articles | Metrics
    Research on English-Chinese Machine Translation Based on Sentence Grouping
    ZHAO Yuran, MENG Kui
    2021, 21 (7):  63-71.  doi: 10.3969/j.issn.1671-1122.2021.07.008
    Abstract ( 358 )   HTML ( 12 )   PDF (2095KB) ( 97 )  

    Although neural machine translation models can obtain improvements when using larger data set for training, the information about categories and structures of sentences in the data set has not been properly utilized. This paper proposes a neural machine translation model based on sentence grouping, which adds a discriminator based on attention mechanism after encoders. In addition, this paper proposes a method to calculate the structural information vector of sentences as well. These vectors can be used to obtain the group labels by unsupervised method. Before training, sentences in the data set will be divided according to their content category and sentence structure to get group labels. Then the model is trained with these labels and parallel corpus at the same time, which will help the model identify the group that sentences belong to. In this way, the information in the data set can be more fully utilized. Sufficient comparative experiments show the rationality of the grouping idea. The translation results of Transformer model based on group architecture have been improved. Compared with the vanilla Transformer model, the BLEU score of our model has increased by at most 1.2.

    Figures and Tables | References | Related Articles | Metrics
    Anti-noise Application Layer Binary Protocol Format Reverse Method
    FANG Minzhi, CHENG Guang, KONG Panyu
    2021, 21 (7):  72-79.  doi: 10.3969/j.issn.1671-1122.2021.07.009
    Abstract ( 303 )   HTML ( 9 )   PDF (1233KB) ( 84 )  

    The existing binary protocol format reverse methods based on network traffic deduce the protocol format by comparing multiple messages of the same type, but the noise messages in the message set will lead to low accuracy of protocol format recognition. This paper proposes a method of automatically removing the noise and deducing the protocol format. Firstly, the method mines the frequent items at each position of message sequence, identifies the special identification (FD) in the message set, and effectively removes the noise messages according to the sum of the frequency of FD at each position. Then the method performs recursive denoising and message segmentation according to the FD of the message header, performs k-means clustering in the message set obtained by message segmentation, and automatically determines the clustering number k by the contour coefficient to obtain the message subset of each single protocol format. Finally, the protocol format is obtained by using progressive multiple sequence alignment algorithm in each message subset. The experimental results show that the proposed method can effectively remove the mixed noise messages in the real environment traffic, effectively extract the key words in the protocol format, and deduce the protocol format.

    Figures and Tables | References | Related Articles | Metrics
    The Defense Scheme of S-box on LBlock Based on Secret Sharing
    CHEN Bowei, XIA Xuan, ZHONG Weidong, WU Liqiang
    2021, 21 (7):  80-86.  doi: 10.3969/j.issn.1671-1122.2021.07.010
    Abstract ( 389 )   HTML ( 11 )   PDF (1041KB) ( 134 )  

    Aiming at the problem that the LBlock algorithm is very fragile before side-channel attacks, the article proposes a threshold protection scheme that can resist first-order and second-order Differential Power Analysis (DPA). This scheme is based on the principle of secret sharing, and adopts the concept of compound domain when the algorithm is operated, and transfers the operation domain of the algorithm from GF(24) to GF(22). While reducing hardware consumption, it also improves the security of the algorithm. The virtual value method is used in the multiplier grouping to ensure the uniformity of the threshold scheme, and the decomposition method is introduced in the inverter to ensure that each information group is independent and linearly independent. Through analysis and verification, the scheme satisfies all the properties required by the threshold scheme and can resist first-order and second-order DPA attacks. Because all information groups are independent and unrelated, the solution also has corresponding protection against glitch attacks and has good practicability.

    Figures and Tables | References | Related Articles | Metrics
    Malicious Mining Web Page Detection and Forensics Based on Multi-feature Recognition
    HUANG Ziyi, QIN Yuhai
    2021, 21 (7):  87-94.  doi: 10.3969/j.issn.1671-1122.2021.07.011
    Abstract ( 584 )   HTML ( 34 )   PDF (2147KB) ( 360 )  

    In view of the current domestic and foreign malicious mining Web detection technology has a high failure rate, low timeliness, inaccurate prediction, too dependent on rules and other problems, this paper designed a malicious mining web detection model based on multi-feature recognition and multi-level evidence preservation of malicious mining web forensic method. Through analyzing the implementation methods and code characteristics of Coinhive, Jsecoin, Webmine and Crypto-loot mining Web pages, and summarizing their characteristics, the detection model constructed the multi-feature sequence of mining Web pages to realize the automatic detection of malicious mining Web pages. The research shows that the detection model can automatically detect the URLs submitted by users, distinguish malicious mining Web pages and determine their types, and the overall detection accuracy reaches 97.83%. The multi-level forensics method can fix the malicious mining Web page data from the three dimensions of plane layer, code layer and network data layer, obtain complete, legal and credible evidence, generate the forensics report, and meet the public security organs' requirements for malicious mining Web page detection and forensics.

    Figures and Tables | References | Related Articles | Metrics