Loading...
Netinfo Security

Table of Content

    10 October 2021, Volume 21 Issue 10 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    Forged Voice Identification Method Based on Feature Fusion and Multi-channel GRU
    PAN Xiaoqin, DU Yanhui
    2021, 21 (10):  1-7.  doi: 10.3969/j.issn.1671-1122.2021.10.001
    Abstract ( 495 )   HTML ( 50 )   PDF (7553KB) ( 283 )  

    In order to solve the problems of poor generalization ability and low detection accuracy of existing counterfeit authentication models, this article proposes a three-channel GRU forged voice identification model based on hybrid feature fusion. Validated on the ASVspoof2019 dataset, the accuracy of the proposed method reaches 96.30% for the detection of fake Logical Access samples and 87.33% for that of the fake Physical Access samples, which is better than other algorithms. The experimental results prove that the fake voice detection method based on time-frequency domain feature fusion can learn more effective authenticity identification features and obtain higher detection accuracy.

    Figures and Tables | References | Related Articles | Metrics
    SM Algorithm Analysis and Software Performance Research
    HU Jingxiu, YANG Yang, XIONG Lu, WU Jintan
    2021, 21 (10):  8-16.  doi: 10.3969/j.issn.1671-1122.2021.10.002
    Abstract ( 1471 )   HTML ( 147 )   PDF (10547KB) ( 928 )  

    Encryption technology is the core of information security, and the promotion of national secret algorithms is of great significance to safeguarding country’s network information security. In recent years, commercial encryption industry of China has developed rapidly, but the SM algorithm generally has the problem of low implementation efficiency. In order to explored the feasibility of the SM algorithm to replace the international encryption algorithm, this article mainly focused on the SM3, SM2, SM4 of SM algorithm and comprehensive comparison of the target international cryptographic algorithms, analyzed the calculation amount and security of the algorithms, and used OpenSSL and a SM algorithm optimized by a domestic manufacturer A to test the performance of each algorithm. The performance test results show that the SM3 is similar to the SHA-256, the performance of the SM2 digital signature algorithm and the ECDSA algorithm is affected by the Hash function they select, but the overall performance is similar. With small amount of data, the performance of SM2 public key encryption algorithm and ECIES algorithm depend on the size of the encrypted data. As the amount of data increases, the performance of the latter is significantly better than the former. The performance of the SM4 algorithm is between AES and 3DES.

    Figures and Tables | References | Related Articles | Metrics
    Threats and Future Development Trends to the Cloud Security
    ZHENG Luxin, ZHANG Jian
    2021, 21 (10):  17-24.  doi: 10.3969/j.issn.1671-1122.2021.10.003
    Abstract ( 813 )   HTML ( 79 )   PDF (9606KB) ( 328 )  

    With the widespread application and development of cloud computing technology, the importance of cloud security has become increasingly important. Attacks against the cloud environment are becoming more and more frequent, and related attack techniques and methods are constantly upgraded. Firstly, this article summarized the development status of cloud security, and then analyzed the security challenges faced by each level of the cloud architecture and the current mainstream countermeasures. Next, this article summarized and analyzed the current cloud security research results from the two dimensions of feature data acquisition and feature processing, and pointed out the development trend of related technologies. Finally, the article looked forward to the development prospects of cloud security, and proposed a multi-cloud platform management architecture.

    Figures and Tables | References | Related Articles | Metrics
    Static Detection Model of Malware Based on Image Recognition
    YANG Ming, ZHANG Jian
    2021, 21 (10):  25-32.  doi: 10.3969/j.issn.1671-1122.2021.10.004
    Abstract ( 483 )   HTML ( 47 )   PDF (8077KB) ( 277 )  

    Malware is one of the main threats to Internet security at present. This paper took the rapid and effective detection of malware as the research purpose, proposed SIC model,which used SimHash method to transform malware into feature vector by using the location and quantity characteristics of the opcode of malware,and finally converted it into gray-scale image. Then, the convolutional neural network CNN was used to identify the family of the malware. During this period, this paper used MutiHash and block selection algorithm to optimize the SIC model. The malware classification challenge data set released by Microsoft in 2015 was selected for model training. The experimental results show that the detection and recognition accuracy of the SIC model can reach 96.774%, which is improved to a certain extent compared with other traditional machine learning malware classification methods and achieves good results.

    Figures and Tables | References | Related Articles | Metrics
    Resource Access Control Scheme Based on User Credit in SDN
    WEI Zhanzhen, PENG Xingyuan, ZHAO Hong
    2021, 21 (10):  33-40.  doi: 10.3969/j.issn.1671-1122.2021.10.005
    Abstract ( 327 )   HTML ( 22 )   PDF (8052KB) ( 183 )  

    Existing resource access control schemes have problems such as the inability to dynamically change user access permissions, and the security risks in the formulation of access control policies. In view of these problems, this paper proposes a resource access control scheme based on user credit in SDN. This scheme introduces the concept of user credit and uses the characteristics of SDN that management and control separation and flow-driven to design a resource access control system based on user credit. The controller evaluates the user’s credit based on the user’s attributes, and classifies users accordingly. By issuing flow tables, different types of users are granted different permissions. When the user’s trust level changes, their access permissions will also change, realizing the function of dynamically granting permissions. And the program is simulated through Mininet and compares it with ordinary SDN networks and traditional networks, the results show that the program has a certain degree of dynamics and security in resource access control.

    Figures and Tables | References | Related Articles | Metrics
    DGA Malicious Domain Name Detection Method Based on Fusion of CNN and LSTM
    XU Guotian, SHENG Zhenwei
    2021, 21 (10):  41-47.  doi: 10.3969/j.issn.1671-1122.2021.10.006
    Abstract ( 678 )   HTML ( 46 )   PDF (7951KB) ( 392 )  

    At present, the malicious domain generation algorithm (DGA) is widely used in all kinds of network attacks. In order to solve the problems in DGA malicious domain name detection, such as low efficiency of feature engineering, too high domain name coding dimension, and partial domain name information feature loss, etc. This paper proposed a deep learning model for malicious domain name detection based on convolution neural networks and long short-term memory network. In the model, word vector embedding is used to encode domain name characters, and a dense vector is constructed, which is encoded by the correlation between words. This method could effectively solve the problems of sparse matrix and dimension disaster caused by single hot coding, shorten the character coding time and improve the coding efficiency. This model could not only extract the local features of domain name information, but also effectively extract the contextual relevance features between domain name characters. The experimental results show that compared with the traditional malicious domain name detection mode, the article method can obtain better classification effect and detection rate.

    Figures and Tables | References | Related Articles | Metrics
    A Security Management Framework for Data Sensitivity and Multidimensional Classification
    LIU Hong, ZHANG Yuejin, ZHAO Wenxia, YANG Mu
    2021, 21 (10):  48-53.  doi: 10.3969/j.issn.1671-1122.2021.10.007
    Abstract ( 325 )   HTML ( 17 )   PDF (7694KB) ( 259 )  

    In view of there has been no consensus on the standard and the technical architecture of data sensitivity and classification management, and conventional tools to realize data sensitivity and classification have very limited expressive power, a framework for expressing and computing data sensitivity and multidimensional data classification was proposed. The method was based on a declarative logic programming language and was capable of defining and analyzing data sensitivity and classification with fine granularity and high efficiency. Firstly, in terms of expression ability and complexity, besides supported conventional security labels, sensitivity and classification assigned not on data records, or parameterized, or concerning multiple data resources could also be expressed and computed. Then based on sensitivity and classification, examples were given to show the expressiveness and complexity of the method. Various data security analysis and management mechanisms could be implemented on the same framework. In addition, utilizing the declarative nature of the language, realizing data security on existing systems incurs low overhead to performance and was transparented to underlying computation and storage details, which was beneficial to system migration and optimization, could reduce the impact of security mechanism on system performance, and facilitates the deployment of data sensitivity and classification-based security mechanisms.

    Figures and Tables | References | Related Articles | Metrics
    Malicious Code Visual Classification Algorithm Based on Behavior Knowledge Graph Sieve
    ZHU Chaoyang, ZHOU Liang, ZHU Yayun, LIN Qingwen
    2021, 21 (10):  54-62.  doi: 10.3969/j.issn.1671-1122.2021.10.008
    Abstract ( 382 )   HTML ( 19 )   PDF (9947KB) ( 124 )  

    In recent years, the virus industry has gradually formed a well-organized market and involves a huge amount of money. The main challenge facing today’s anti malware is to evaluate a large number of data and file samples to determine the potential malicious intent. Based on this, this paper proposes a visual classification algorithm of malicious code based on behavior graph sieve. The algorithm analyzes the assembly instruction flow of malicious code samples, extracts the program behavior fingerprint, and uses the knowledge map to escape the fingerprint content, so as to generate the fingerprint screen of the specified samples. By locating the spots in the fingerprint screen, the algorithm cleans up the noise in the malware samples and generates the corresponding fingerprint after screening. On the premise of retaining the original fingerprint features, the compression rate of the sifted fingerprint is 76.3%. Finally, the algorithm carries out visual analysis and opcode sequence analysis on the sifted fingerprint, and uses random forest algorithm for classification, which achieves 98.8% accuracy. Experiments show that the visual classification algorithm of malicious code based on behavior graph sieve can achieve better results in the classification of malicious code.

    Figures and Tables | References | Related Articles | Metrics
    A Distance-based Fuzzing Mutation Method
    WU Jiaming, XIONG Yan, HUANG Wenchao, WU Jianshuang
    2021, 21 (10):  63-68.  doi: 10.3969/j.issn.1671-1122.2021.10.009
    Abstract ( 356 )   HTML ( 21 )   PDF (6789KB) ( 216 )  

    In order to solve the problem that the inputs generated by the existing directed greybox fuzzing tools account for a very low proportion of the input which can reach the target code segment, this paper proposed a distance-based mutation method. The mutation method proposed in this paper is based on a reinforcement learning algorithm which can minimize the distance between the new input and the target code segment. It could make the directed greybox fuzzing select the modification action that generates the new input with minimum distance to the target program locations, thereby increasing the proportion of inputs that can reach the target program locations. This paper implemented a directed greybox fuzzing tool based on this mutation method, and compare experiments with the existing directed greybox fuzzing tool. The experimental results shows that the directed greybox fuzzing tool based on the mutation method in this paper can effectively increase the proportion of inputs that can reach the target program locations.

    Figures and Tables | References | Related Articles | Metrics
    Malicious Domain Name Training Data Generation Technology Based on Improved CNN Model
    MA Xiao, CAI Manchun, LU Tianliang
    2021, 21 (10):  69-75.  doi: 10.3969/j.issn.1671-1122.2021.10.010
    Abstract ( 339 )   HTML ( 19 )   PDF (7674KB) ( 158 )  

    In recent years, new botnets have begun to use command and control (C&C) server communication to attack and use domain name generation algorithms (DGA) to avoid detection. The traditional algorithm of domain name generation has some disadvantages,such as low addressing efficiency and easy detection due to the corresponding code traffic of a large number of domains. In this paper, we use the self-attention mechanism of BI-LSTM to generate malicious domain name by improving the traditional CNN model and combining with the related ideas of text generation. The final results show that the domain name data generated by this method can be used as real domain name data in the comparative experiment, which improves the efficiency of detecting malicious domain name.

    Figures and Tables | References | Related Articles | Metrics
    Research on Threat Intelligence Entity Recognition Method Based on MRC
    CHENG Shunhang, LI Zhihua
    2021, 21 (10):  76-82.  doi: 10.3969/j.issn.1671-1122.2021.10.011
    Abstract ( 478 )   HTML ( 28 )   PDF (6862KB) ( 140 )  

    In the field of threat intelligence entity extraction, due to the complex structure of network data sources, more irrelevant information, and the strong professional and fuzzy classification of threat intelligence entities, the efficiency of traditional entity recognition methods for threat intelligence mining is not high. To solve this problem, this paper put forward a kind of MRC pointer annotation model(TIMRC) by transforming entity recognition into machine reading comprehension. The model could find the corresponding beginning and end index for each entity problem. Based on this, a threat intelligence entity identification(TIEI) method was further constructed. Experiments on 978 security articles show that TIEI method is effective and efficient in entity mining.

    Figures and Tables | References | Related Articles | Metrics
    A Password Authentication Key Agreement Protocol for IoT Devices
    XIAO Shuai, ZHANG Hanlin, XIAN Hequn, CHEN Fei
    2021, 21 (10):  83-89.  doi: 10.3969/j.issn.1671-1122.2021.10.012
    Abstract ( 305 )   HTML ( 19 )   PDF (7740KB) ( 195 )  

    Establishing an underwater wireless sensor network (UWSN) with high energy efficiency and high security is of great significance for monitoring resource-rich oceans and lakes. Due to the resource-constraint of UWSN and the high-energy consumption of underwater wireless communication, most of the current research on wireless communication starts with low energy consumption and ignores security issues. As the first line of defense for Communications security, identity authentication plays an important role in the secure interaction of UWSN. This paper proposes a new password-based identity authentication scheme for UWSN, which uses the advantages of password authentication to reduce the dependence on public key infrastructure. Utilizing the hash function simulation key distribution center (KDC) reduces the dependence on the KDC, which avoids additional communication costs and single point of failure, achieves a higher security. Finally, the proposed authentication key exchange protocol is implemented, and the performance of the authentication scheme is evaluated.

    Figures and Tables | References | Related Articles | Metrics
    Malicious Code Detection Based on Image Feature Fusion
    TAN Ruhan, ZUO Liming, LIU Ergen, GUO Li
    2021, 21 (10):  90-95.  doi: 10.3969/j.issn.1671-1122.2021.10.013
    Abstract ( 577 )   HTML ( 21 )   PDF (6912KB) ( 183 )  

    With the continuous upgrading of malicious code obfuscation technology, the traditional detection methods are not enough to meet the security requirements. A malicious code detection method based on image feature fusion was proposed in this paper. The weighted-HOG features were used to extract the local texture features of the malicious code converted by B2M algorithm, and different weights were given according to the influence of different paragraph positions of malicious code on classification. At the same time, the Dense SIFT was used to extract the global texture structure features, which could not only reflect the detail of malicious code, but also not ignore the overall structure characteristics. SVM was used to classify the extracted features. The experimental results show that the performance of combined features is better than that of single features.

    Figures and Tables | References | Related Articles | Metrics