Loading...
Netinfo Security

Table of Content

    10 January 2022, Volume 22 Issue 1 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    A Two-stage DDoS Attack Detection and Defense Method in Software Defined Network
    YU Junqing, LI Zizun, WU Chi, ZHAO Yizhu
    2022, 22 (1):  1-8.  doi: 10.3969/j.issn.1671-1122.2022.01.001
    Abstract ( 310 )   HTML ( 41 )   PDF (1825KB) ( 279 )  

    Distributed denial of service (DDoS) attacks have always been a major threat to Internet. In SDN network, it will lead to the exhaustion of controller resources and affect the normal operation of the entire network. Aiming at mitigating DDoS attacks in SDN network, a two-stage attack detection and defense method is designed and implemented, which firstly collects flow data based on the controller's northbound interface to extract direct and derived features, and uses sequential probability ratio test (SPRT) and light gradient boosting machine (LightGBM) to locate attacks quickly and differentiate attack types accurately, at last filters the attack traffic in real time by installing flow rules. Experimental results show that this attack detection method can quickly locate the attack port and classify the attack traffic which accuracy reaches to 98%, and attack defense method can install defense flow rules in time to filter the attack traffic within 2 s after attack happens to protect the safety of SDN network effectively.

    Figures and Tables | References | Related Articles | Metrics
    A Secure Medical Data Sharing Scheme Based on Multi-clouds and Multi-chains Collaboration
    FENG Jingyu, WANG Tao, YU Tingting, ZHANG Wenbo
    2022, 22 (1):  9-18.  doi: 10.3969/j.issn.1671-1122.2022.01.002
    Abstract ( 373 )   HTML ( 15 )   PDF (1740KB) ( 92 )  

    In view of the defect that blockchain cannot meet the requirements of large-capacity medical data storage such as video and audio, this paper adopted the multi-cloud and multi-chain collaborative mode to share medical data safely. In order to prevent proliferation and leakage, an identity multi-anonymization method was proposed to anonymously store medical data encrypted by hospital’s public key in a private cloud. Based on the multi-chains distinguishing record method, the projection will be extracted and packaged on the corresponding blockchain in terms of the patient’s medical service type. To avoid the hijacking of hospital miner server, the trust value is evaluated according to the relevant blockchain, so as to fight against the diverse miners behaviors (DMB) attacks that may exist in the multi-chains consensus. A confidentiality relay access control protocol is designed to achieve the security of medical data sharing among alliance users without direct access. Security analysis and simulation results show that this scheme can effectively prevent the leakage of patient identity privacy, the theft and tampering of medical data. Meanwhile, the accuracy of consensus can be guaranteed at a lower cost.

    Figures and Tables | References | Related Articles | Metrics
    Research on the Method of Side Channel Attack Based on RF Algorithm
    DUAN Xiaoyi, LI You, LINGHU Yunxing, HU Ronglei
    2022, 22 (1):  19-26.  doi: 10.3969/j.issn.1671-1122.2022.01.003
    Abstract ( 250 )   HTML ( 14 )   PDF (1362KB) ( 176 )  

    At present, the full potential of random forest(RF) algorithm in the field of side channel analysis has not been fully utilized. This paper proposed a side channel attack based on RF algorithm, which optimized the model from input data processing and parameter control, and improved it from feature point selection and RF algorithm parameter optimization. For high-dimensional data, the SOST correlation coefficient method was used to select 100 feature points, and then optimize the parameters of RF algorithm. The results show that compared with the RF algorithm directly based on the default parameter value, the attack success rate of this method is dramatically, and the generalization ability of the model is also improved by a certain extent.

    Figures and Tables | References | Related Articles | Metrics
    An Internet of Vehicles Authentication Protocol Based on Blockchain and secGear Framework
    LIU Xin, WANG Jiayin, YANG Haorui, ZHANG Ruisheng
    2022, 22 (1):  27-36.  doi: 10.3969/j.issn.1671-1122.2022.01.004
    Abstract ( 314 )   HTML ( 21 )   PDF (1307KB) ( 121 )  

    In the Internet of vehicles, identity authentication is the prerequisite and core technology for security. It can not only verify the legality of the vehicle sending the data, but also negotiate a temporary session key to protect the confidentiality of key data. In this paper, the blockchain was applied to the authentication protocol, and a vehicle networking authentication protocol based on the blockchain and secGear unified confidential computing framework was designed. It met the non-repudiation requirements while achieving cross-regional authentication, and used the secGear framework to achieve the confidential calculation of the certification table, further protecting the security of the certification table. The AVISPA simulation tool and informal security analysis prove the security of this protocol, and use NS3 simulation experiment and comparative analysis to prove that this protocol has better applicability and advancement.

    Figures and Tables | References | Related Articles | Metrics
    Cloud-edge-device Collaborative Integrity Verification Scheme Based on Chameleon Authentication Tree for Streaming Data
    LI Tong, REN Shuai, WANG Gang, MENG Qingyu
    2022, 22 (1):  37-45.  doi: 10.3969/j.issn.1671-1122.2022.01.005
    Abstract ( 156 )   HTML ( 9 )   PDF (1420KB) ( 175 )  

    Devices in the Internet of things produce a lot of streaming data, such as environment perception data, industrial control, human health data, etc., all these data uploaded to the cloud server will cause a huge burden on network, and the cloud-edge collaborative calculation mode can greatly alleviate the pressure of the network bandwidth and the cloud computing, and expedite the processing of data, improve the service response ability. However, cloud-edge collaborative computing is also faced with problems such as data theft and tampering. Obviously, once these streaming data carrying important information are tampered with, it is likely to cause serious losses. Based on the chameleon authentication tree (CAT), this paper constructed a cloud-edge-device collaborative integrity verification model for streaming data (CCIVS-SD) that supports data confidentiality protection. The scheme includes five entities: devices, edge nodes, cloud servers, data users and trusted third parties, which can complete appending, query, and integrity verification of the streaming data, and can also protect data privacy.

    Figures and Tables | References | Related Articles | Metrics
    Research on Intrusion Detection Mechanism Based on Federated Learning
    BAI Hongpeng, DENG Dongxu, XU Guangquan, ZHOU Dexiang
    2022, 22 (1):  46-54.  doi: 10.3969/j.issn.1671-1122.2022.01.006
    Abstract ( 626 )   HTML ( 41 )   PDF (1259KB) ( 194 )  

    With the advent of the era of big data, data has become an important strategic resource for social development. However, with the increasing complexity of the network environment, privacy leakage and malicious attacks emerge in an endless stream. As a new data sharing model, federated learning can share data on the premise of protecting data privacy. In particular, it can effectively solve the shortcomings of traditional intrusion detection model. Therefore, this paper proposed an intrusion detection mechanism based on federated learning. This paper first introduced the structure and characteristics of federated learning and intrusion detection model, And deeply analyzed the feasibility of intrusion detection mechanism based on federated learning to effectively improve the detection accuracy and efficiency. The prototype system was developed through the requirement analysis and design of the model, and the simulation experimented with function programming. It is found that the federated learning mechanism can realize the sharing of multi-party attack logs on the premise of ensuring the data privacy security of participating clients. At the same time, through the control experiments of multiple groups of control variables, it is proved that the intrusion detection mechanism based on federated learning has significantly improved the detection accuracy and efficiency.

    Figures and Tables | References | Related Articles | Metrics
    Privacy-preserving Strategies for Federated Learning Based on Data Attribute Modification
    XU Shuo, ZHANG Rui, XIA Hui
    2022, 22 (1):  55-63.  doi: 10.3969/j.issn.1671-1122.2022.01.007
    Abstract ( 192 )   HTML ( 13 )   PDF (1788KB) ( 104 )  

    Most defense methods suffer from weak federated learning utility, low computational efficiency, and defense against a single type of attack. To solve the above problems, this paper proposed an attribute modification framework based on variational auto-encoders to achieve the purpose of protecting federated learning by pre-processing the data at the client. First, to improve the computational efficiency of the algorithm and utilize the computational and storage resources of the server, this paper proposed a transfer learning based variational auto-encoders training scheme to reduce the client training epochs. Secondly, to balance practicality and privacy and to utilize the latent variables with continuous properties of the variational auto-encoders, this paper designed an attribute modification scheme based on attribute distribution constraint rules to achieve the reconstruction of client training data. Detailed experimental results show that the attribute modification scheme can successfully separate and control the attribute vectors of an image, protecting client data privacy by changing the original image to a reconstructed image with corresponding attributes. The usability of the scheme is demonstrated by the fact that the images with three modified attributes can be used to train the federated learning classification task with accuracy of 94.44%. And the scheme successfully defends against unintended feature leakage and backdoor attacks based on data poisoning.

    Figures and Tables | References | Related Articles | Metrics
    Intrusion Detection Model Based on Extra Trees-recursive Feature Elimination and LightGBM
    HE Hongyan, HUANG Guoyan, ZHANG Bing, JIA Damiao
    2022, 22 (1):  64-71.  doi: 10.3969/j.issn.1671-1122.2022.01.008
    Abstract ( 428 )   HTML ( 11 )   PDF (2376KB) ( 256 )  

    The classification performance is seriously affected by the problems of large data dimension, unbalanced data sample and large dispersion of intrusion detection dataset. This paper proposed an intrusion detection method based on extra trees (ET)-recursive feature elimination (ET-RFE) and LightGBM (LGBM). Firstly, the network data was reconstructed by the one-hot encoding, and the attack class of a small number of samples was balanced in the data level. Secondly, ET-RFE based on ET was used for feature selection and dimension reduction of traffic features to find the optimal feature subset with the largest information. Finally, the obtained optimal feature subset was used as the LGBM input data set for classification training, and the Bayesian algorithm was used to optimize the LGBM parameters. In the real network traffic dataset UNSW-NB15, compared with the random forest (RF), XGboost algorithm and GALR-DT, the results show that the proposed method can effectively improve the detection rate, and achieve an effective recall rate for small sample attack types.

    Figures and Tables | References | Related Articles | Metrics
    Attack Detection Method Based on Flow Behavior Graph
    ZHANG Dongxin, LANG Bo, YAN Hanbing
    2022, 22 (1):  72-79.  doi: 10.3969/j.issn.1671-1122.2022.01.009
    Abstract ( 297 )   HTML ( 32 )   PDF (1805KB) ( 174 )  

    Traditional flow-based attack detection cannot fully capture network communication patterns, and it is difficult to effectively detect attack events that exist in the network. The information contained in the flow behavior graph can effectively reflect the real behavior of the host. Aiming at the detection of multiple types of network attacks, this article proposed an attack detection method based on flow behavior graph, and the attack detection based on flow behavior graph was realized. The detection method is based on clustering and a generative learning model, and consists of two stages. The first stage uses a clustering algorithm to filter benign nodes as much as possible, and the second stage uses a generative learning model to detect a variety of different attack events. The experimental results on the public data set show that the attack detection method proposed in this article can effectively detect a variety of different attack events in the network. In addition, the system uses a distributed processing framework based on Apache Spark, which can effectively process large-scale data.

    Figures and Tables | References | Related Articles | Metrics
    Intrusion Detection System Based on Dual Attention
    LIU Shuo, ZHANG Xinglan
    2022, 22 (1):  80-86.  doi: 10.3969/j.issn.1671-1122.2022.01.010
    Abstract ( 234 )   HTML ( 25 )   PDF (1205KB) ( 222 )  

    In the era of rapid development of the Internet, the number of people interacting with each other on the Internet is increasing, making network security particularly important. This paper aimed to enhance the model's ability to detect abnormal traffic, and proposed a capsule network model based on the attention mechanism. In the feature extraction stage and the dynamic routing stage, the attention mechanism was incorporated to enhance the model's ability to extract key features and improve the accuracy of intrusion detection tasks. Through experiments on the NSL-KDD data set and the CICDS2017 data set, experimental results show that the model in this paper is higher than other models in terms of generalization ability, and the accuracy rate on the CICIDS2017 test set has reached 97.56%. The accuracy of the NSL-KDD test set can reach 95.88%, which is significantly more efficient than other traditional intrusion detection models.

    Figures and Tables | References | Related Articles | Metrics
    Evaluation of the Importance of Complex Network Nodes Based on VIKOR Model
    YIN Mengmeng, WANG Lei, YAO Changhua, WU Xinrong
    2022, 22 (1):  87-94.  doi: 10.3969/j.issn.1671-1122.2022.01.011
    Abstract ( 142 )   HTML ( 10 )   PDF (1386KB) ( 79 )  

    When important nodes in a complex network are deliberately attacked, they will often cause a large-scale paralysis of the network. The existing centrality criterion for evaluating important nodes is only for a certain measure and it has certain limitation. Therefore, a new method combining the existing centrality criterion to rank the importance of nodes in a complex network was proposed. This method combined the criteria of degree centrality, betweenness centrality, proximity centrality and eigenvector centrality to evaluate the importance of nodes from multiple angles and directions. In this method, the entropy method is used to obtain the weight of each criterion, which avoids the deviation caused by human factors. The multi-attribute decision-making method (VIKOR) was used to sort the importance of nodes, and the virus propagation model (SI) was used to simulate the propagation process on three classic complex networks. The results show that it is consistent with the original degree index and intermediate centrality. Compared with index, proximity centrality index and feature vector centrality index, VIKOR method ranks the importance of nodes more comprehensively and accurately.

    Figures and Tables | References | Related Articles | Metrics