Netinfo Security

Interpretation of the Top 10 Development Trends of Network Security in 2022 by CCF Computer Security Professional Committee

JIN Bo, TANG Qianjin, TANG Qianlin

2022, 22 (4): 1-6. doi: 10.3969/j.issn.1671-1122.2022.04.001

Abstract ( 315 )

HTML ( 38 )

PDF (882KB) ( 122 )

This paper interpretes the development trends, and discusses that the network security trend is greatly affected by the policy, and analyzes the reasons why the trends such as network vehicle security and audio and video deepfake fail to be on the list of the top 10 development trends. Compared with the top 10 development trends in 2021, it can tell that the Data Security Law(DSL) and Personal Information Protection Law(PIPL) of the People's Republic of China, Key Information Infrastructure Security Protection Regulations are selected, and the attention to the DSL and PIPL is obviously raised this year.

References | Related Articles | Metrics

Study on Static Detection of Timing Side Channel for RISC-V Architecture

TANG Ming, LI Cong, LI Yongbo, YUE Tianyu

2022, 22 (4): 7-19. doi: 10.3969/j.issn.1671-1122.2022.04.002

Abstract ( 205 )

HTML ( 18 )

PDF (1272KB) ( 112 )

Timing side channel attacks pose a serious threat to software confidentiality for the open source RISC-V architecture, but there is currently lack of research on static analysis of timing side channel leakage on the RISC-V architecture. This paper evaluated the scope of application, advantages and disadvantages of common static analysis methods for timing side channel leakage, optimized the analysis algorithms according to the characteristics of RISC-V assembly language, and implemented a combined information flow analysis method for the 64-bit general instruction set of RISC-V RV64G and a temporal side-channel analysis model that simplified symbolic execution theory. This paper tests the implementation of AES, RSA and also other cryptographic algorithms of the general open source network communication cryptographic library OpenSSL and NaCl. The test results show that compared with the existing analysis tool that has the highest accuracy rate, the model in this paper approximately improved the accuracy by 17% and reduced the false negative rate by 22% under the same test vector, which improved the analysis speed and alleviated the path explosion problem to a certain extent, providing a reference for the design of side-channel analysis tools on RISC-V architecture.

Figures and Tables | References | Related Articles | Metrics

Fast-Flux Malicious Domain Name Detection Method Based on Multimodal Feature Fusion

LANG Bo, XIE Chong, CHEN Shaojie, LIU Hongyu

2022, 22 (4): 20-29. doi: 10.3969/j.issn.1671-1122.2022.04.003

Abstract ( 294 )

HTML ( 13 )

PDF (1283KB) ( 166 )

Fast-Flux malicious domain name is an important technique in Botnet communication which aims to resist detection by quickly changing the resolved IP address of the domain. At present, most of the malicious domain name detection methods are based on the traditional machine learning models. These methods need complex data processing, feature extraction, and the help of a large amount of third-party data, which greatly reduces the efficiency of detection. Domain name resolution is a very complex process with rich features, this paper designed a Fast-Flux malicious domain name detection method based on multi-modal feature fusion using deep learning. Firstly, a GCN module was used to extract spatial features, and a BiLSTM module was used to extract text features. Secondly, an MLP module was used to extract side information features. Thirdly, the three kinds of features were fused using neural networks structure. This paper has conducted experiments on the Fast-Flux-Attack-Datasets, the experimental results show that this method achieves the accuracy of 99.94% with recall of 99.76% and precision of 99.69%, which is better than the state-of-the-art methods at present. The method effectively fuses multimodal features, and promotes the performance of Fast-Flux domain name detection, and is meaningful for enhancing the capability of Botnet detection.

Figures and Tables | References | Related Articles | Metrics

Log Compression Optimization Method Based on Parser Tree

LIU Jiqiang, HE Jiahao, ZHANG Jiancheng, HUANG Xuezhen

2022, 22 (4): 30-39. doi: 10.3969/j.issn.1671-1122.2022.04.004

Abstract ( 232 )

HTML ( 11 )

PDF (1229KB) ( 72 )

Information system log data is very important for security analysis, but its size is growing with each passing day, and efficient log data storage and auditing has become one of the key issues for information system security. Log data compression can reduce the huge overhead on log data storage, and has become a hot research topic in the field of log data. Traditional compression tools and algorithms work well for small-scale text processing, but are not applicable to large-scale log data generated by information systems; existing log compression algorithms achieve data compression by extracting log structures, but the compression rate and compression speed of the numerical variable part of log data are not significantly improved. This paper proposes a parser tree based log compression optimization method(TOLC), which extracts the corresponding log templates and performs template compression by constructing a parser tree using a parser, and then encodes and compresses the remaining variable parts. In this paper, TOLC is evaluated on five different types of large log datasets, and by comparing with other methods, TOLC achieves the highest compression ratio on all datasets and also shows good compression speed on large log datasets, and its overall performance is optimal.

Figures and Tables | References | Related Articles | Metrics

Design and Implementation of a SDN Honeynet Based on Dynamic Docker

ZHANG Wei, XU Zhigang, CHEN Yunfang, HUANG Haiping

2022, 22 (4): 40-48. doi: 10.3969/j.issn.1671-1122.2022.04.005

Abstract ( 199 )

HTML ( 14 )

PDF (1561KB) ( 279 )

In recent years, facing with more and more advanced and organized hacker attacks, the traditional means of protection are often inadequate. Honeynet is an active defense technology, which is playing an increasingly important role in capturing and analyzing malicious traffic and even unknown attack behavior. Aiming at the problem that the existing honeynet technology can not realize fine-grained data control and the deployment of honeypot system in honeynet is complex as well as the resource consumption is large, this paper designs and implements a SDN Honeynet by combining Docker with SDN technology. Under the premise of ensuring that the honeypot systems are isolated from each other, Docker technology simplifies and reduces the difficulty of Honeynet deployment, reduces resource consumption and realizes the dynamic allocation of resources. At the same time, SDN technology is used to decouple data forwarding and control, which effectively realizes flexible control of data flow. Experiment results showed that the proposed Honeynet architecture is of great value in large-scale rapid deployment scenarios with high degree of automation.

Figures and Tables | References | Related Articles | Metrics

Cross-Network Implementation of Superlattice Key Distribution Based on VLAN

WANG Ziheng, WU Han, XIE Jianguo, CHEN Xiaoming

2022, 22 (4): 49-57. doi: 10.3969/j.issn.1671-1122.2022.04.006

Abstract ( 441 )

HTML ( 23 )

PDF (1104KB) ( 78 )

As a new technology based on physical methods key distribution, superlattice key distribution system can generate keys through the chaotic effect of superlattice physical devices, and the security of key distribution process is guaranteed by the physical non-clonability of devices. Therefore, superlattice key distribution system enjoys a broad prospect. In order to solve the problem that the superlattice key distribution system cannot be a long-distance network in the process of real-time key distribution, this paper studied the virtual local area network(VLAN) and the virtual extensible local area network(VXLAN). In the superlattice key distribution system, the VXLAN technology under the modern SDN architecture was used to logically divide a new network for both parties of the communication, so that under different LANs, both parties of the communication can communicate real-time without relying on public network IP and domain name in cross-network key distribution, which solves the limitations of the key distribution in different places.

Figures and Tables | References | Related Articles | Metrics

Research on Association Algorithm of Heterogeneous Network Security Monitoring

LIU Longgeng

2022, 22 (4): 58-66. doi: 10.3969/j.issn.1671-1122.2022.04.007

Abstract ( 130 )

HTML ( 3 )

PDF (1192KB) ( 68 )

Big data brings convenience to people, but it also brings some security risks. Ensuring network security in big data environment has become an important topic nowadays, especially in civil aviation air traffic control data security. In view of its complex query and analysis and large amount of data, by analyzing the heterogeneous network air traffic control security monitoring technology in big data environment, it further simplifies and cleans the real data to get the core database, and then builds a cluster experimental environment that can provides a test environment and simulates the actual attack behavior. Finally, by testing and verifying the improvement of FP-Growth algorithm of heterogeneous network ATC security monitoring platform under big data environment, and analyzing the overall situation of network security ATC monitoring through the correlation of security events of MDFP-Growth algorithm and the mode of distributed sequence diagram, the big data security management of heterogeneous network can be further strengthened, It also provides a reference model for the analysis of relevant civil aviation enterprises to improve the hidden law in the big data environment.

Figures and Tables | References | Related Articles | Metrics

Ship AIS Trajectory Classification Algorithm Based on Federated Random Forest

LYU Guohua, HU Xuexian, YANG Ming, XU Min

2022, 22 (4): 67-76. doi: 10.3969/j.issn.1671-1122.2022.04.008

Abstract ( 281 )

HTML ( 14 )

PDF (1724KB) ( 116 )

To improve the classification performance of the algorithm on AIS trajectory data, and combine multi-participants data with security data mining in the process of federal training, this article proposed an algorithm named ship AIS trajectory classification algorithm based on federated random forest. By integrating the BCP homomorphic encryption algorithm to design a protection with average privacy-preserving, it solved the problem of multi-participants securely training decision tree on federated learning. The algorithm analyzed the ship’s trajectory data and extracted the optimal trajectory features, which could be used as the input of the model. It realized the federal classification of four typical ships, namely fishing boat, passenger ship, cargo ship and oil tanker. Further experiment from two aspects of accuracy and efficiency shows that, besides its security advantage, the algorithm performs well in terms of classification effect, reduces the computation overhead of the participant client, and realizes the security and federal data mining by multi-participants. At the same time, it can be applied to ship trajectory identification and ship navigation risk analysis.

Figures and Tables | References | Related Articles | Metrics

Optimal Information Rate Calculation Based on a Class of Graph Access Structure

LYU Kaixin, LI Zhihui, HEI Jiliao, SONG Yun

2022, 22 (4): 77-85. doi: 10.3969/j.issn.1671-1122.2022.04.009

Abstract ( 132 )

HTML ( 4 )

PDF (1086KB) ( 46 )

Secret sharing provides a very effective way for key management and the information rate of access structure provides a theoretical guarantee for the design of efficient secret sharing scheme. In this paper, by using the relationship between access structure and connected graph, a class of access structure with 8 participants is transformed into a class of 63 graph access structures with 8 vertices, 9 edges and a maximum vertex degree of 3. The accurate value or upper and lower bounds of the optimal information rate of these 63 graph access structures are calculated by splitting construction method, entropy method, vertex degree theorem, decomposition construction method and weighted decomposition method. The accurate values of the optimal information rates of 30 graph access structures and the upper and lower bounds of the optimal information rates of the other 33 graph access structures are obtained.

Figures and Tables | References | Related Articles | Metrics

A Credit-Based Byzantine Fault Tolerance Consensus Algorithm

HUANG Baohua, QU Xi, ZHENG Huiying, XIONG Tinggang

2022, 22 (4): 86-92. doi: 10.3969/j.issn.1671-1122.2022.04.010

Abstract ( 297 )

HTML ( 9 )

PDF (1005KB) ( 101 )

Consensus algorithm PBFT is widely used in alliance chains, but it has problems such as high latency, low throughput, and poor scalability. In response to these problems, this paper proposes a credit-based Byzantine fault tolerant consensus algorithm(CBFT). First, a set of candidate nodes is added to ensure that consensus nodes can dynamically join and exit. Second, a credit evaluation scheme is introduced. The credit values are calculated based on the completion of the consensus process of the consensus node, and are used to evaluate the credit of the node. Finally, a node replacement scheme is designed. When the credit value of a consensus node is lower than the threshold, this node will be replaced with a candidate node to reduce the participation rate of low credit values in the consensus process. As shown in the simulation experiment, the CBFT algorithm has lower consensus time delay and higher throughput and algorithm efficiency than the PBFT algorithm.

Figures and Tables | References | Related Articles | Metrics

Table of Content