Loading...
Netinfo Security

Table of Content

    10 February 2022, Volume 22 Issue 2 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    Insider Threat Detection Model Based on LSTM-Attention
    ZHANG Guanghua, YAN Fengru, ZHANG Dongwen, LIU Xuefeng
    2022, 22 (2):  1-10.  doi: 10.3969/j.issn.1671-1122.2022.02.001
    Abstract ( 503 )   HTML ( 71 )   PDF (1708KB) ( 424 )  

    Information materials are illegally leaked, copied and tampered by insider personnel, which often cause huge financial losses to governments and enterprises. In order to prevent information from being illegally stolen by insiders, an insider threat detection model ITDBLA based on LSTM-Attention was proposed. Firstly, the user’s behavior sequence, user behavior characteristics, role behavior characteristics and psychological data were extracted to describe the daily activities of users. Secondly, the long short-term memory (LSTM) network and the attention mechanism were used to learn the user’s behavior pattern, and calculate the deviation between the real behavior and the predicted behavior. Finally, multilayer perceptron was used to make comprehensive decisions based on these deviations to identify abnormal behaviors. Experimental results on the CERT insider threat dataset show that the proposed ITDBLA model achieves an AUC score of 0.964, which show a stronger ability to learn user activity patterns and detect abnormal behaviors.

    Figures and Tables | References | Related Articles | Metrics
    An Enhanced Lattice Attack to DSA and ECDSA Scheme
    YU Fajiang, JIA Yaomin
    2022, 22 (2):  11-20.  doi: 10.3969/j.issn.1671-1122.2022.02.002
    Abstract ( 482 )   HTML ( 46 )   PDF (1124KB) ( 243 )  

    The basic idea behind one type of lattice attack to DSA and ECDSA scheme is to construct a system of congruences, and convert the hidden number problem into the nearest vector problem. if one of the solutions of the congruences is below a certain bound, the private key can be found by solving the closest vector. If the bound becomes larger, the size of solution within which the attack is effective can be broadened accordingly, thus reducing the level to construct such congruences. A new bound based on the oretical analysis and calculation was presented. The new bound was 6.92 times larger than the original one, reducing the level to launch an effective lattice attack significantly. This paper designed and implemented experiment to verify this new bound by collecting signatures from OpenSSL. The results show that under the new bound, the lattice attack only require solution vector’s elements’ 3 most significant bits to be known, compared with 6 most significant bits to be known before. For DSA, the success rate is about 80% with a lattice of size 350. For ECDSA, the success rate is about 97% with a lattice of size 260. Furthermore, by subtracting a base vector from the solution vector, the requirement of known bits can be reduced to just one, the difficulty to mount an attack can be reduced even further.

    Figures and Tables | References | Related Articles | Metrics
    Blockchain-based Mechanism for Judicial Data Management and Electronic Evidence Storage
    WANG Jian, ZHANG Yunjia, LIU Jiqiang, CHEN Zhihao
    2022, 22 (2):  21-31.  doi: 10.3969/j.issn.1671-1122.2022.02.003
    Abstract ( 367 )   HTML ( 35 )   PDF (1320KB) ( 196 )  

    According to the requirements of judicial data classification, entity types and storage and sharing of electronic evidence in practical application, combined with blockchain technology and fully considering its security and efficiency, this paper proposed a blockchain-based structure for secure storage of electronic evidence in judicial scene. With complete node authentication scheme and block generation process, this structure is composed of a judiciary alliance chain called JudChain and a storage chain for electronic evidence named EviChain, which realized efficient management and secure storage of judicial data and electronic evidence. Furthermore, this paper proposed a consensus protocol applied to JudChain, which comprehensively improves the traditional PBFT algorithm to reduce consensus overhead and transaction delay, and improve consensus efficiency and throughput.

    Figures and Tables | References | Related Articles | Metrics
    Security Protection Scheme of Power IoT Based on SDP
    WU Kehe, CHENG Rui, JIANG Xiaochen, ZHANG Jiyu
    2022, 22 (2):  32-38.  doi: 10.3969/j.issn.1671-1122.2022.02.004
    Abstract ( 344 )   HTML ( 37 )   PDF (1152KB) ( 210 )  

    The rapid development of the IoT and the ubiquitous connection and intelligent interaction of a large number of heterogeneous terminals have made the network boundaries of the power IoT blurred, and the network structure is more complex, and the security risk points and exposed areas have increased significantly. This paper abandoned the traditional security mechanism of connection before authentication and put forward a kind of security protection scheme for the power IoT with the zero trust security mechanism, while applying the SPA to effectively solve the problems of identity authentication, resource hiding, and access control of power IoT terminals. Finally, the scheme was compared and analyzed from security and communication performance. The results show that the proposed scheme can effectively resist multiple types of network attacks, and save computing and communication resources, and effectively solve the problems of identify authentication existing in the power IoT.

    Figures and Tables | References | Related Articles | Metrics
    Spectral Graph Convolutional Neural Network for Decentralized Dual Differential Privacy
    LIU Feng, YANG Chengyi, YU Xincheng, QI Jiayin
    2022, 22 (2):  39-46.  doi: 10.3969/j.issn.1671-1122.2022.02.005
    Abstract ( 456 )   HTML ( 21 )   PDF (1218KB) ( 108 )  

    Graph convolution neural network is a multi-task oriented and widely-used deep learning model. This paper focused on the protection of node relationship information and node feature information of graph convolutional neural network in spectral domain for decentralized scenes, and proposed a spectral graph convolutional neural network based on dual differential privacy protection mechanism called DDPSGCN. Given the total amount of privacy budget, the Laplacian mechanism and Gaussian mechanism are allocated privacy budget, and the parameters of the two distributions are estimated by privacy loss and Chernoff bound theory. The paper proposed a graph convolution neural network training algorithm based on block chain decentralized differential privacy processing mechanism under the influence of two kinds of distributed noise. Experiments show that the decentralized dual differential privacy mechanism can ensure the privacy of the original data without leakage under the premise that the accuracy of semi-supervised node classification task is reduced by less than 1%,which has higher privacy protection efficiency and stronger robustness against attacks compared with the single privacy protection mechanism.

    Figures and Tables | References | Related Articles | Metrics
    Research on Emergency Communication Strategy Based on the Integration of IPSec VPN and Multipath Transmission Protocol
    YAN Jinghua, HOU Yi, XIN Lang
    2022, 22 (2):  47-54.  doi: 10.3969/j.issn.1671-1122.2022.02.006
    Abstract ( 257 )   HTML ( 19 )   PDF (4698KB) ( 91 )  

    Aiming at the problems of single means, insufficient bandwidth and poor security of information transmission in emergency communication practice, this paper adopted the key technologies of 4G public network multi-channel aggregation transmission and multi-path transmission wireless communication based on IPSec VPN, and proposed multi-SIM cards wireless public network networking using security aggregation gateway to realize multi-path real-time transmission of data flow. The technology of low delay aggregation and security encryption is integrated, and the TCP acceleration program in the modem is transplanted to the satellite security module, which realizes the combination of satellite communication TCP acceleration and encryption technology, and completes the multi-path transmission of security satellite networking. This research adopts the layered design idea to provide a safe and reliable multi-path wireless channel for the new generation of emergency communication.

    Figures and Tables | References | Related Articles | Metrics
    Research and Implementation of Data Security Sharing and Controlled Distribution Technology Based on Blockchain
    HOU Yutong, MA Zhaofeng, LUO Shoushan
    2022, 22 (2):  55-63.  doi: 10.3969/j.issn.1671-1122.2022.02.007
    Abstract ( 467 )   HTML ( 30 )   PDF (1389KB) ( 274 )  

    Data sharing and data distribution is the inevitable trend of social development. Meanwhile the security issues caused by data sharing also need to be concerned. Blockchain has the characteristics of traceability and non-tampering, which can effectively solve the single point of failure problem caused by the traditional data sharing and distribution scheme, and protect the data security at the same time. This paper proposed a data security sharing and controlled distribution model based on blockchain and cryptography, including data upload algorithm, data sharing algorithm and data distribution algorithm. IPFS is used to store data, and blockchain is used to record the whole process of data from upload to sharing and distribution, which traceable and fully ensures the security of data.

    Figures and Tables | References | Related Articles | Metrics
    An Efficient Enhancement Algorithm of Cover Image Based on Universal Adversarial Noise
    XIA Qiang, HE Peisong, LUO Jie, LIU Jiayong
    2022, 22 (2):  64-75.  doi: 10.3969/j.issn.1671-1122.2022.02.008
    Abstract ( 253 )   HTML ( 17 )   PDF (1318KB) ( 105 )  

    In the field of steganography, applying adversarial example technology to enhance cover image is an important method to improve the security of steganography. However, current enhancement methods of cover image based on adversarial example need to generate specific adversarial noise for each cover image independently, which leads to low efficiency and poor practicability. Furthermore, enhanced cover images have poor transfer ability against different steganalyzers. In order to solve the above-mentioned problems, this paper proposed an efficient enhancement algorithm of cover image based on universal adversarial noise. The proposed algorithm applied the adversarial example generation method DeepFool as the basic technique to construct a universal adversarial noise, which used a cyclic iterative strategy and assigned the success rate of attack on the steganalyzer as the target of optimization. Then the enhancement of cover image was achieved by adding universal adversarial noise to the cover image. For the proposed method, a single universal adversarial noise can enhance different cover images, which improves the time efficiency of cover enhancement significantly. Besides, to further improve the transfer ability of enhanced cover image, this paper fused the universal adversarial noise of different steganalyzers to obtain a fused universal adversarial noise. The use of fused universal adversarial noise can improve the security of the enhanced cover image to different steganalyzers. The experimental results show that the proposed method can achieve a significant improvement of time efficiency with other state-of-the-art algorithms. Futhermore, the cover image enhanced by the fused universal adversarial noise has much better security to different steganalyzers after embedding secret information.

    Figures and Tables | References | Related Articles | Metrics
    Dynamic Hopping Technology of Double Virtual IP Address for SDN Data Layer
    HU Ruiqin, TAN Jinglei, PENG Xinhe, ZHANG Hongqi
    2022, 22 (2):  76-85.  doi: 10.3969/j.issn.1671-1122.2022.02.009
    Abstract ( 311 )   HTML ( 35 )   PDF (1288KB) ( 126 )  

    Sniffing attack is a common and highly concealed network attack, and it poses a serious threat to the confidentiality of communication data. However, the traditional defense means are limited by the serious asymmetry of the network offensive and defensive countermeasures, and it is difficult to deal with this threat effectively. The dynamic hopping technology of double bogus IP address for SDN data layer was proposed. Firstly, the double bogus IP address was used to destroy the spatial correlation of communication data. Secondly, the correlation of communication data was destroyed in time dimension by periodic IP address hopping, to increase the level and cost of sniffing the attacker’s recombination of communication data. The analysis of anti-attack effectiveness and simulation experiments results show that the technology can improve the ability of anti-sniffing attack, and it can also ensure the lower CPU consumption and communication delay.

    Figures and Tables | References | Related Articles | Metrics
    Identity-based and Dynamic Operating Solution for Cloud Storage
    YI Zhengge, YUAN Wenyong, LI Ruifeng, YANG Xiaoyuan
    2022, 22 (2):  86-95.  doi: 10.3969/j.issn.1671-1122.2022.02.010
    Abstract ( 201 )   HTML ( 14 )   PDF (1296KB) ( 70 )  

    Almost traditional remote data integrity checking (RDIC) schemes are suffering from the issue of high key management cost, because they rely on the expensive public key infrastructure (PKI). According to this phenomenon, this paper proposed an identity-based cloud storage audit scheme. Merkle Hash Tree (MHT) technology is used to realize the dynamic update of users data. It is proved that this scheme is safe and feasible through the scheme analysis. It is proved that this scheme has a good application prospect by the construction of cloud medical data management model.

    Figures and Tables | References | Related Articles | Metrics