Netinfo Security

Design and Implementation of an Abnormal IP Identification System Based on Traffic Feature Classification

WEN Weiping, HU Yezhou, ZHAO Guoliang, CHEN Xiarun

2021, 21 (8): 1-9. doi: 10.3969/j.issn.1671-1122.2021.08.001

Abstract ( 540 )

HTML ( 51 )

PDF (10351KB) ( 375 )

Anomalous IP identification is an important way to track malicious hosts, and is one of the hot spots in network security research. Current applications of machine learning techniques for anomalous IP identification mostly rely on overall network traffic, which will fail under single server traffic and face the problem of high cost of labeled data. To address the above problems, the paper applies clustering algorithm and genetic algorithm to the identification and classification technology of end-to-end abnormal IP hosts, using the multidimensional features of network traffic and IP address feature data detectable on a single host, using a combination of unsupervised learning and semi-supervised learning to achieve the identification and detection of end-to-end abnormal IP, and implements the method as an abnormal IP identification system. The system can achieve the identification of 9 different types of malicious IP in the UNSW-NB15 dataset in the experiment, and the recognition accuracy can reach up to 98.84%. The article method is very effective for malicious IP classification work and can identify unknown types of malicious IP with wide applicability and robustness, and has been applied in the traffic identification system of a national network security center.

Figures and Tables | References | Related Articles | Metrics

Network Anomaly Detection Method Based on Immune Bionic Mechanism and Graph Neural Network

QIN Zhongyuan, HU Ning, FANG Lanting

2021, 21 (8): 10-16. doi: 10.3969/j.issn.1671-1122.2021.08.002

Abstract ( 372 )

HTML ( 13 )

PDF (8632KB) ( 313 )

This paper proposes a network anomaly detection method based on immune bionic mechanism and graph neural network by imitating the risk prevention mechanism of biological system, which uses graph neural network to deeply mine the sub graph information near the node. While considering the content features of the network, the structural features based on graph were integrated into the model, which can be used as the basis of anomaly detection in the network, so as to better mine the anomaly information in the network. At the same time, graph representation learning technology was integrated into network anomaly detection to solve the problem of feature representation. Based on CICIDS2017 dataset, Cora dataset and Reddit dataset, the experimental results show that this method can better mine network anomalies and improve the accuracy of anomaly detection.

Figures and Tables | References | Related Articles | Metrics

Multi-party Collaborative SM4 Encryption/Decryption Scheme in Key Management Service

YANG Yi, HE Debiao, WEN Yihong, LUO Min

2021, 21 (8): 17-25. doi: 10.3969/j.issn.1671-1122.2021.08.003

Abstract ( 344 )

HTML ( 20 )

PDF (17053KB) ( 340 )

With the increasing demand for cryptograph localization and key protection, the composite application of commercial cryptographic algorithm and key security management has become one of the focuses of experts and scholars. In order to solve the problem of easy key disclosure in encryption/decryption scheme, this paper proposes a secure and efficient multi-party collaborative SM4 encryption/decryption scheme for key management service (KMS) system. The scheme uses the Beaver’s triple, which can be calculated predicatively and once, to construct a secure two-party multiplication and addition converter to ensure multi-party S-box collaborative computing, so as to realize the secure and efficient multi-party collaborative SM4 encryption/decryption and effectively reduce the computation and communication costs in the process of online interaction. Security analysis shows that the proposed scheme is secure under the malicious model and the other performance analysis details the computation and communication costs of the proposed scheme, which show that the proposed scheme is efficient and suitable for KMS system.

Figures and Tables | References | Related Articles | Metrics

A New Parameter Masking Federated Learning Privacy Preserving Scheme

LU Honglin, WANG Liming, YANG Jing

2021, 21 (8): 26-34. doi: 10.3969/j.issn.1671-1122.2021.08.004

Abstract ( 380 )

HTML ( 22 )

PDF (9438KB) ( 138 )

With the successive promulgation of data privacy protection laws and regulations, the problem of privacy data exposure in the traditional centralized learning model has become an important factor restricting the development of artificial intelligence. The proposal of federated learning solves this problem, however, existing federated learning has problems such as model parameters leaking sensitive information and relying on trusted third-party servers. This paper proposed a new parameter masking federated learning privacy preserving scheme, which can resist server attacks, user attacks, server colluding with less than t users attacks. The scheme included three protocols: key exchange, parameter masking, and disconnection processing. User uploaded the masked model parameters after training the model locally. After the server aggregated model parameters, it can only obtain the masked parameter aggregation results. Experiments show that for 16-byte input values, our protocol offer 1.44× communication expansion for 2⁷ user and 2²⁰- dimensional vector over sending data in the clear, and compared with existing scheme, it has lower communication cost.

Figures and Tables | References | Related Articles | Metrics

A Formal Analysis Method of PoS Consensus Protocol Based on Byzantine Fault Tolerance

CHEN Kaijie, XIONG Yan, HUANG Wenchao, WU Jianshuang

2021, 21 (8): 35-42. doi: 10.3969/j.issn.1671-1122.2021.08.005

Abstract ( 437 )

HTML ( 15 )

PDF (9905KB) ( 103 )

The blockchain consensus protocol is an important mechanism to ensure that the data of different nodes reach consensus in the blockchain network. With the explosive growth of blockchain applications, attacks against blockchain consensus mechanisms continue to emerge. This paper proposes a formal analysis method of PoS consensus protocol based on Byzantine fault tolerance. To solve the problem of protocol model state space explosion, the method first inductively models the state migration process of all consensus nodes. Then, the communication channel models and attacker models are formally modeled based on the actual security threats. Finally, according to the requirements of protocol consistency, two kinds of security properties are formally modeled and verified. The experimental results show that the protocol has the claimed Byzantine fault tolerance, and the protocol has a double-spending attack against the zero-confirmation transaction. This paper further analyzes the conditions to implement the attack and puts forward suggestions for protection.

Figures and Tables | References | Related Articles | Metrics

Impossible Differential Cryptanalysis of Mysterion

YANG Yunxiao, SHEN Xuan, SUN Bing

2021, 21 (8): 43-51. doi: 10.3969/j.issn.1671-1122.2021.08.006

Abstract ( 280 )

HTML ( 6 )

PDF (15774KB) ( 121 )

The Mysterion block cipher is a specific example of the XLS-designs, the main purpose of this algorithm is to improve the LS-designs and enhance the security of LS design strategy without affecting the implementation efficiency. Impossible differential cryptanalysis is applied to analyze Mysterion. Firstly, it proves that the truncated impossible differential of the Mysterion algorithm is upper bounded by 4 rounds. Then, using the information of the S-box breaks through the upper bound of truncated impossible differential of Mysterion and manages to get 5-round impossible differential. The Mysterion’s maximum round of impossible differential is one more than the Robin algorithm, which is the representative algorithm of LS-designs. From the perspective of impossible differential, the security of XLS-designs is weaker than LS-designs.

Figures and Tables | References | Related Articles | Metrics

Research on Privacy Protection Access Control Mechanism Based on Ontology Reasoning

JIN Shuting, HE Jingsha, ZHU Nafei, PAN Shijia

2021, 21 (8): 52-61. doi: 10.3969/j.issn.1671-1122.2021.08.007

Abstract ( 304 )

HTML ( 9 )

PDF (9950KB) ( 69 )

Access control restricts illegal users’ access to data by verifying the legitimacy of the identity of visitors, thus effectively avoiding privacy leakage. However, the method does not consider the user privacy information, the granularity of access control is relatively coarse, can not meet the needs of all privacy subjects, and can not protect the user privacy information to the maximum extent. This article aims to put forward a kind of reasoning based on ontology to protect privacy information access control mechanism, this mechanism can be from the perspective of all privacy subject's privacy information, the use of ontology reasoning method used for access control, the information was optimized from the aspects of access control granularity, and from the angle of the subject of privacy and considering the privacy requirement more privacy subject. Experimental analysis shows that the access control mechanism proposed in this paper can better protect user privacy.

Figures and Tables | References | Related Articles | Metrics

Quantum Secret Sharing Scheme Based on Linear Codes

LIU Lu, LI Zhihui, LU Dianjun, YAN Chenhong

2021, 21 (8): 62-69. doi: 10.3969/j.issn.1671-1122.2021.08.008

Abstract ( 295 )

HTML ( 9 )

PDF (8357KB) ( 91 )

Based on Linear error-correcting codes, a cheating-detectable quantum secret sharing scheme with $\varepsilon $ security is proposed. In this scheme, the secret is uniquely determined by the column index of the orthogonal array and two elements in a row. The column index of the orthogonal array is recovered in the classical channel through an asymmetric bivariate polynomial. The two elements in a row are partially recovered in the quantum channel based on the linear error correction code. This scheme not only has the function of identifying and authenticating cheaters, but also realizes double encryption of secrets. Security analysis shows that the protocol is capable of resisting interception retransmission attacks and entanglement measurement attacks externally.

Figures and Tables | References | Related Articles | Metrics

Detection Algorithm of Tamper and Deepfake Image Based on Feature Fusion

ZHU Xintong, TANG Yunqi, GENG Pengzhi

2021, 21 (8): 70-81. doi: 10.3969/j.issn.1671-1122.2021.08.009

Abstract ( 617 )

HTML ( 20 )

PDF (16831KB) ( 435 )

Nowadays, malicious tampering and forgery images show an explosive growth trend. The existing image tampering detection methods generally have the problems of single application scope and low detection accuracy. To solve these problems, this paper proposes a tampering and forgery image classification detection network based on image texture features. For the first time, it combines the first step edge texture image of Cb and Cr channel through Scharr operator with the second step edge texture image of G channel through Laplacian operator. Gray Level Co-occurrence Matrix (GLCM) is used to extract the features of texture image. Finally, the tampering and forgery are monitored by EfficientNet. Experiments on various image tampering and deep forgery datasets show that the model has wide applicability and high detection accuracy in both types of detection, and the classification detection accuracy of images generated by various Deepfake algorithms can reach 99.9%.

Figures and Tables | References | Related Articles | Metrics

A Clustering and Classification-based Malicious Attack Detection Method for Internet of Things

LI Qun, DONG Jiahan, GUAN Zhitao, WANG Chao

2021, 21 (8): 82-90. doi: 10.3969/j.issn.1671-1122.2021.08.010

Abstract ( 380 )

HTML ( 24 )

PDF (17603KB) ( 314 )

The Internet of things (IoT) devices are large in number, widely distributed, weak in protection, and vulnerable to malicious attacks. At the same time, attackers can capture a large number of the IoT terminal devices to launch massive attack traffic. To solve the above problems, this paper proposes a malicious attack detection method for IoT based on clustering and classification. Firstly, the traffic data of the IoT is preprocessed, random forest is used to evaluate the importance of features, and principal component analysis is used to reduce the dimensionality of some features. Then, the improved k-means algorithm is applied to cluster the results of traffic preprocessing. For different attack clusters, attack classification is implemented based on CART decision tree. Based on Bot-IoT and KDD CUP 99, the experimental results show that the proposed method has good attack detection effect, especially can effectively improve the detection accuracy of low-frequency attacks.

Figures and Tables | References | Related Articles | Metrics

Early Warning of Web Business Security Analysis Based on Markov Chain

BAO Liang, YU Shaohua, TANG Xiaoting

2021, 21 (8): 91-96. doi: 10.3969/j.issn.1671-1122.2021.08.011

Abstract ( 309 )

HTML ( 17 )

PDF (6569KB) ( 76 )

As a part of Web security, business security has been paid more and more attention. It is very difficult to protect and forewarn when the hacker using business logic vulnerabilities. Based on the subtle difference of business process caused by the exploitation of business logic vulnerabilities, this paper uses Markov chain to form the characteristic model of normal operation sequence and abnormal operation sequence through the training of operation log data, so as to realize the effective early warning of the exploitation of business logic vulnerabilities, and explore the practical application mode and value.

Figures and Tables | References | Related Articles | Metrics

Table of Content