Loading...
Netinfo Security

Table of Content

    10 July 2022, Volume 22 Issue 7 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    A Method to Distinguish DDoS Attack Types Based on RNN
    FAN Mingyu, LI Ke
    2022, 22 (7):  1-8.  doi: 10.3969/j.issn.1671-1122.2022.07.001
    Abstract ( 288 )   HTML ( 39 )   PDF (10225KB) ( 192 )  

    With the wide application of network technology, there are a variety of network attacks, among which distributed denial of service (DDoS) attacks are more harmful. The 12 types of DDoS attacks are mixed with normal data flows and are difficult to distinguish. The primary problem of defending against DDoS attacks is to distinguish them effectively. For the first time, this paper aimed to distinguish for research purposes attack types. It is proposed a method to distinguish DDoS attack types based on Recurrent neural network(RNN). RNN is a research object, with the modularization research methods and techniques, three types of simple modules are abstracted, and combined to form the RNN-IDDoS model. This model has five layers, three-time steps. Experiments on public datasets show that the proposed model can achieve an accuracy of 99.8%, which is better than the experimental test conclusions of the other three current models and has achieved good discrimination results.

    Figures and Tables | References | Related Articles | Metrics
    Decision Tree Classification Model Based on Double Trapdoor Homomorphic Encryption
    QIN Baodong, YU Peihang, ZHENG Dong
    2022, 22 (7):  9-17.  doi: 10.3969/j.issn.1671-1122.2022.07.002
    Abstract ( 269 )   HTML ( 18 )   PDF (9709KB) ( 102 )  

    Decision tree model is a simple and efficient classifier, which has been widely used in telemedicine, credit evaluation, text classification and other fields. Classification service providers usually obtain feature data from the client, input the feature data into the private classification model, get the classification results and return them to the client. In order to protect the privacy of client data and decision tree model parameters, this paper proposed a secure and efficient two-party comparison protocol based on double trapdoor homomorphic encryption technology, and designed an efficient privacy protection decision tree classification model. In the stage of threshold comparison, the model encrypted the user’s eigenvalue and the decision tree threshold of the model provider by using the double notch homomorphic encryption technology, and carried out the evaluation process of the decision tree by judging the positive and negative difference between them. In addition, this model simplified the user key management, and the user only needed to generate and store part of the public key. Security analysis show that this scheme has high privacy. The efficiency analysis shows that this model has low computational overhead.

    Figures and Tables | References | Related Articles | Metrics
    Mobile Traffic Application Recognition Based on Multi-Feature Fusion
    LIU Guangjie, DUAN Kun, ZHAI Jiangtao, QIN Jiayu
    2022, 22 (7):  18-26.  doi: 10.3969/j.issn.1671-1122.2022.07.003
    Abstract ( 276 )   HTML ( 21 )   PDF (11191KB) ( 92 )  

    Mobile application recognition is a key technology in the research field of mobile network security and management. Aiming at the failure of manual feature extraction after mobile applications update and insufficient feature extraction, this paper proposed a new traffic-based mobile application recognition model called MAITSF. The model adopted a multi-channel parallel architecture. In this model, the convolutional neural network (CNN) was used to extract the spatial characteristics of mobile application traffic, and the long short-term memory (LSTM) network was used to extract the temporal characteristics, and the features extracted from each channel were fused. On this basis, a channel attention module was introduced to allocate a series of weight parameters, so that the model can focus more on the key features extracted by the neural network, and enhance the ability of traffic characteristics characterization. In this paper, comparative experiments were carried out on the public dataset (CIC-AAGM2017) and the actual dataset collected in the laboratory. The experimental results show that the classification accuracy of MAITSF on the above two datasets reached 98%, which is more than 4% higher than the existing typical models.

    Figures and Tables | References | Related Articles | Metrics
    Smart Contract-Based Log Secure Storage and Fair Access Method
    WANG Jian, HUANG Jun
    2022, 22 (7):  27-36.  doi: 10.3969/j.issn.1671-1122.2022.07.004
    Abstract ( 110 )   HTML ( 12 )   PDF (20141KB) ( 56 )  

    Current information systems face security risks such as log data being easily tampered, forged and deleted, as well as unauthorized access to data. The existing research methods of log storage and access mostly use searchable encryption technology. Although the encrypted storage of sensitive log data is realized, there is a lack of research on the fairness of the ciphertext retrieval process and the control of ciphertext access rights. Aiming at the above research problems, this paper designed a method for secure storage and fair access of logs based on smart contracts. As a participant in the searchable encryption process, the smart contract performed the comparison of search trapdoors and the verification of ciphertext search results, so that the correctness of ciphertext search process could be verified without a third-party entity. At the same time, the deposit mechanism was used to ensure fair payment between data users and cloud storage servers during the search process. In this method, the role-based access control policy was embedded in the searchable encryption process. Through the one-to-many mapping between the role public key and the entity identity public key, the searchable encryption was extended to the many-to-many mode, and the authorized access of the log ciphertext data was realized. Experiments and analyses show that this method can meet the requirements of integrity and confidentiality of log data storage, ensure fairness and correctness of ciphertext retrieval process through smart contract and deposit mechanism, and avoid unauthorized access of data through role-based access control.

    Figures and Tables | References | Related Articles | Metrics
    A Lightweight Authentication Protocol Based on Confidential Computing for Federated Learning Nodes
    LIU Xin, LI Yunyi, WANG Miao
    2022, 22 (7):  37-45.  doi: 10.3969/j.issn.1671-1122.2022.07.005
    Abstract ( 309 )   HTML ( 23 )   PDF (11384KB) ( 146 )  

    Federated learning frameworks keep the balance between the security of user privacy data and the needs of models requiring massive data for training. Thus, it is widely used in various fields, such as the Internet of vehicles, smart medical and finance. However, considering the complex identity of the clients in federated learning systems and unreliable channels used to transmit model parameters between clients and the server, the systems meet great security challenges. In this case, it is important for the federated learning system to identify the legitimacy of the identity of each node efficiently and accurately. This paper proposed an identity authentication protocol based on the characteristics and needs of federated learning, which realized online registration on the client side and digital signature functions. Also, SGX confidential computing environment was applied in the central server to protect the security of master keys and other essential parameters. Finally, AVISPA simulation tool and informal security analysis were used to verify the security of our protocol, which was compared with other advanced authentication protocols in terms of computing, communication and storage performance. The results indicate that our protocol has better practicability and advancement.

    Figures and Tables | References | Related Articles | Metrics
    Information Steganography Algorithm for Automatic Generation of Song Ci
    YANG Wanxia, CHEN Shuai, GUAN Lei, YANG Zhongliang
    2022, 22 (7):  46-54.  doi: 10.3969/j.issn.1671-1122.2022.07.006
    Abstract ( 151 )   HTML ( 9 )   PDF (10242KB) ( 111 )  

    It is hard to balance the contradiction between hiding capacity and imperceptibility by traditional text steganography methods. Taking advantage of the semantic richness and syntactic flexibility of Song Ci, an algorithm to generate steganographic Song Ci based on the Seq2Seq model with bidirectional encoder representation from transformers (BERT) and attention mechanism was proposed in this paper. BERT was used as the semantic vector transformation in the generation model. Its rich word vector space ensured the semantic coherence between the generated sentences and improved the quality of the generated Song Ci. In addition, the algorithm designed the word selection method using the rule template and mutual information to restrict the generation of steganographic sentences, which enhanced the security of the hiding algorithm. Compared with the existing and advanced text information hiding algorithms, the experimental results indicate that the embedding rate of the algorithm proposed in this paper is improved by more than 7% in comparison with Ci-stega, and it has good performance in security and robustness.

    Figures and Tables | References | Related Articles | Metrics
    Research on Data Security Threats and Protection of Key Technologies in Cloud Environment
    YU Chengli, ZHANG Yang, JIA Shijie
    2022, 22 (7):  55-63.  doi: 10.3969/j.issn.1671-1122.2022.07.007
    Abstract ( 348 )   HTML ( 31 )   PDF (11457KB) ( 268 )  

    With the rapid development of cloud computing technology, the cloud has gradually become the main way to store data. Cloud storage owns massive storage space, which provides storage, management and other services and enables the users to access the cloud data at any time without limitations by location or device factors. However, after outsourcing data to the cloud, users usually lose their physical control over data, and data security has become the key factor to restrict the development of the cloud computing market. This paper started with the security threats faced by data in the cloud environment, followed by data security requirements. Then, this paper summarized and described the key technologies of the protection technologies for cloud data. Finally, current challenges and future research trends in the field of cloud data security were introduced, so as to promote the cloud data protection system.

    Figures and Tables | References | Related Articles | Metrics
    A Static Detection Method of ROP Traffic Based on Bytes Fluctuation Characteristics
    ZHANG Mengjie, WANG Jian, HUANG Kaijie, YANG Gang
    2022, 22 (7):  64-72.  doi: 10.3969/j.issn.1671-1122.2022.07.008
    Abstract ( 192 )   HTML ( 9 )   PDF (10256KB) ( 55 )  

    Under the function of vulnerability mitigation mechanism of modern computer system, the traditional injection attack cannot realize function. Return-oriented programming (ROP) has become an indispensable part of vulnerability attack, which uses multiple gadgets to form the ROP chain to achieve the function of arbitrary operation execution. The detection of ROP chains in network traffic plays a vital role in preventing vulnerability attacks. This paper proposed a static detection method of ROP traffic that combined information entropy and variance to quantify the byte fluctuation characteristics of ROP chains through sequence extraction. Then, this paper leveraged CNN to capture such characteristics to precisely detect ROP chains in the traffic. The ROP chain was extracted from the real-world ROP code and randomly mixed with normal traffic to form a dataset for classification training. The model’s highest accuracy can reach 99.6%, the false negative rate can be kept below 2%, and the false positive rate can be kept below 1%. The method proposed in this paper realizes pure static ROP traffic detection with low system overhead and does not rely on information about memory addresses.

    Figures and Tables | References | Related Articles | Metrics
    A Lightweight Trusted Execution Environment Construction Method for Fabric Chaincode Based on SGX
    KELEKET GOMA Christy Junior Yannick, YI Wenzhe, WANG Juan
    2022, 22 (7):  73-83.  doi: 10.3969/j.issn.1671-1122.2022.07.009
    Abstract ( 194 )   HTML ( 21 )   PDF (12597KB) ( 61 )  

    Hyperledger Fabric is an open source distributed ledger platform, which not only takes advantage of the tamper-proof and distributed accounting features of the public chain, but also incorporates advantages such as identity recognition, data confidentiality, low latency and high throughput. The chaincode in the traditional Fabric architecture lacks a secure execution environment, and its container operating environment will bring the risk of privacy leakage. And the existing smart contract privacy protection scheme cannot be applied to the Go language chaincode architecture, and there are defects such as high performance overhead. Therefore, a method and framework were proposed for constructing a lightweight trusted execution environment for Fabric chaincode based on SGX-called E-Fabric, which built trusted images and containers that supported native Go language, created trusted execution environment for chaincode, and verified whether the chaincode was trusted through the remote attestation protocol. Theoretical evaluations and experimental tests show that the creating of the SGX Enclave will increase the overhead. Compared with the original Fabric network, the E-Fabric’s latency increases by about 8%, the throughput decreases by about 4%, and the overall performance can reach 94% of the original Fabric network. At the same time, E-Fabric has a small trusted computing base and stronger security.

    Figures and Tables | References | Related Articles | Metrics
    Localization Network of Deep Inpainting Based on Dense Connectivity
    FU Zhibin, QI Shuren, ZHANG Yushu, XUE Mingfu
    2022, 22 (7):  84-93.  doi: 10.3969/j.issn.1671-1122.2022.07.010
    Abstract ( 142 )   HTML ( 8 )   PDF (12972KB) ( 59 )  

    Reconstructing the missing regions of an image is a typical requirement in computer vision. With deep inpainting algorithms, one can generate realistic inpainted images at a very low cost. However, such a powerful tool has potentially illegal or unethical uses, such as removing specific objects from images to deceive the public. Although many forensic methods for image inpainting have been proposed, their detection capabilities are still limited in complex inpainted images. Motivated by that, this paper proposed an efficient network based on dense connectivity to locate tampered regions in a realistic deep inpainting image. The network was an encoder-decoder architecture based on dense connectivity, where the introduced dense connected module can better capture subtle manipulation traces in realistic inpainted images. Furthermore, embedding the Ghost modules, dilated convolutions, and the channel attention mechanism in dense connected blocks could achieve better localization performance.Experiments demonstrate that the proposed method can effectively locate the inpainted regions in sophisticated deep inpainting images, and also show that the method fulfilling the robustness requirements of JPEG compression and rotation.

    Figures and Tables | References | Related Articles | Metrics