Netinfo Security

A Multi-View and Multi-Task Learning Detection Method for Android Malware

TONG Xin, JIN Bo, WANG Jingya, YANG Ying

2022, 22 (10): 1-7. doi: 10.3969/j.issn.1671-1122.2022.10.001

Abstract ( 218 )

HTML ( 18 )

PDF (2096KB) ( 65 )

In recent years, there is a dramatic increase in malware targeting the Android platform, which brings great challenges to the anti-malware field. Although the current detection methods based on machine learning provide a new direction to make up for the shortcomings of traditional detection technology. These methods are often based on an individual model or a combination of similar models. It is difficult to extract semantic information at different levels from multi-view, which ultimately limits the detection effect. To address this vulnerability, this paper proposed an Android malware detection model based on multi-view and multi-task learning. First of all, the system call information was input into the gradient boosting decision tree model to mine the frequency view features. Then, the system call information was also transformed into a grayscale image and input to the learner based on a vision graph neural network and a convolutional neural network to learn co-occurrence and association features. Finally, the paper also introduced a multi-task learning method based on hierarchical labeling to complete model training, and achieved multi-view feature extraction and analysis for Android malware. Experimental results on the fine-grained public dataset from UNB show that this method is generally superior to the traditional method based on a single view, with better accuracy and reliability.

Figures and Tables | References | Related Articles | Metrics

Identifying Tor Website Fingerprinting Model Based on MHA and SDAE

JIANG Shouzhi, CAO Jinxuan, YIN Haozhan, LU Tianliang

2022, 22 (10): 8-14. doi: 10.3969/j.issn.1671-1122.2022.10.002

Abstract ( 132 )

HTML ( 12 )

PDF (1416KB) ( 40 )

This paper aims at addressing the poor performance of identification technology in open world and the issue of concept drift by developing a new method to identify Tor website fingerprinting based on MHA and SDAE. First, this paper processed website traces into sequence form and extracts essential information of input data with muti-head attention, then the robustness was enhanced via learning deep features of traces with denoising autoencoder. The results were output by using Softmax after learning sequence relation with GRU. The results of experiments presents that accuracy of MHA-SDAE-GRU model in closed world is higher than CUMUL algorithm, accuracy and robustness in open world are better than other algorithms and adaptability to new data in concept drift experiments is better than the others. MHA-SDAE-GRU model plays an effective role in identifying tor website fingerprinting.

Figures and Tables | References | Related Articles | Metrics

Image Camera Fingerprint Extraction Algorithm Based on MPRNet

GAO Changfeng, XIAO Yanhui, TIAN Huawei

2022, 22 (10): 15-23. doi: 10.3969/j.issn.1671-1122.2022.10.003

Abstract ( 163 )

HTML ( 9 )

PDF (2903KB) ( 112 )

The uniqueness and stability of Photo-Response Non-Uniformity (PRNU) noise determine can be used as a digital camera fingerprint and for traceability and forensics of digital images. In order to improve the quality of PRNU and the accuracy of image traceability, this paper proposed a PRNU camera fingerprint extraction algorithm based on multi-stage progressive image restoration network. The network uses an encoder-decoder architecture to learn contextual features and utilizes a high-resolution branch to mine local features, while introducing an attention module at each stage to reweigh local features. In this way, the global information can be fused, and the local information can be accurately obtained, so that the potential PRNU fingerprints in the natural noise of the image can be fully mined. The comparative experiments with other algorithms on the Daxing smartphone dataset and the Dresden camera dataset demonstrate the effectiveness of proposed PRNU algorithm.

Figures and Tables | References | Related Articles | Metrics

Detection of Abnormal Transactions in Blockchain Based on Multi Feature Fusion

LIN Wei

2022, 22 (10): 24-30. doi: 10.3969/j.issn.1671-1122.2022.10.004

Abstract ( 297 )

HTML ( 19 )

PDF (9255KB) ( 139 )

With the development of blockchain technology, virtual currency represented by bitcoin has become an important tool for money laundering, hacker attacks, telecommunications network fraud and other crimes, which poses a serious threat to the personal and property security of citizens, and even threatens the stability of the national financial market. Therefore, the research on abnormal transaction data detection of virtual currency based on blockchain technology is of great significance. Firstly, this paper use the custom sliding window mechanism to extract the characteristics of blockchain transaction data. Secondly, it procesed from three channels to form three feature vectors according to the characteristics of blockchain transaction data. Finally, it spliced these three feature vectors to build a blockchain abnormal transaction data detection model. This paper verified the feasibility and superiority of the model with the data set released by the blockchain intelligence company Elliptic. The precision, recall and F1 values of the model reached 92.96%, 85% and 92.43%. The experimental results show that the feature vector based on multi-feature fusion contains more abundant blockchain transaction information, which can effectively improve the performance of blockchain abnormal transaction detection.

Figures and Tables | References | Related Articles | Metrics

Malware Classification Method Based on Multi-Scale Convolutional Neural Network

LIU Jiayin, LI Fujuan, MA Zhuo, XIA Lingling

2022, 22 (10): 31-38. doi: 10.3969/j.issn.1671-1122.2022.10.005

Abstract ( 180 )

HTML ( 17 )

PDF (1976KB) ( 99 )

Because of the huge difference in size between different malware, one has to manually unify the resolution of their visualization images while training deep neural networks for malware classification, which may in turn cause severe information loss due to resolution adjustments. To this regard, this paper proposed a novel malware classification method based on the merits of multi-scale convolutional neural networks. Specifically, this method first visualized malware of different sizes into images of various specific resolutions, and then adopted the DenseNet network for feature extraction to avoid information loss in resolution unification. Finally, multi-scale features were processed through the spatial pyramid model to train the classification model. Extensive experimental results show that the proposed method could effectively improve the performance of malware classification.

Figures and Tables | References | Related Articles | Metrics

Research of Vulnerability Assessment and Risk Probability Base on General Attack Tree

HUANG Bo, QIN Yuhai, LIU Yang, JI Duo

2022, 22 (10): 39-44. doi: 10.3969/j.issn.1671-1122.2022.10.006

Abstract ( 176 )

HTML ( 13 )

PDF (1244KB) ( 65 )

The proposed general network attack tree model takes each branch node as a unit to perform hierarchical analysis on network security vulnerability and calculate the risk probability. The identification information of vulnerability assessment and elements of each attack node are discussed with a proposed attack tree model. A novel calculation method for the analysis of risk probability is introduced. Combined with a practical case, the vulnerability assessment and risk probability of this model in network attack events are illustrated and analyzed.

Figures and Tables | References | Related Articles | Metrics

Overview of the Research on Governance of Cross-Border Data Flow in China

XIAO Xiaolei, ZHAO Xuelian

2022, 22 (10): 45-51. doi: 10.3969/j.issn.1671-1122.2022.10.007

Abstract ( 522 )

HTML ( 34 )

PDF (1318KB) ( 248 )

The normalized development of cross-border data flows has brought impact and challenge to our country’s data security, the relevant research could provide a reference for enriching academic theory for exploring governance schemes for cross-border data flows in China. By using the method of systematic literature review, this paper expounded the research status of China’s cross-border data flow governance from the perspectives of interest concern, governance model and governance path. Through analyzing, the study found that the research on governance of cross-border data flow in China was still in primary stage, and it was necessary to establish a mechanism for balancing interests, explore a diversified cooperative governance model, and build a dual track governance path. In the future, the data governance criterion should be established with the overall view of national security, focus on the innovation of cross-border data compliance system construction, and explore the necessity evaluation system of data regulation measures.

Figures and Tables | References | Related Articles | Metrics

Research of Improved k-Anonymity Algorithm and Its Application in Privacy Protection

GU Haiyan, JIANG Tong, MA Zhuo, ZHU Jipeng

2022, 22 (10): 52-58. doi: 10.3969/j.issn.1671-1122.2022.10.008

Abstract ( 186 )

HTML ( 11 )

PDF (2977KB) ( 103 )

At present, the problem of privacy disclosure in public data of the network frequently appears, which has caused adverse effects and even serious harm to the relevant individuals. Therefore, the research on privacy protection technology has attracted more and more global attention. As a technology that can effectively protect privacy information, k-anonymization has developed a variety of algorithms, however, some of these algorithms have low data processing efficiency and weak anti-attack performance. This paper established an improved algorithm of (k, e) anonymous privacy protection based on K-means by using the K-means algorithm and the Mondrian algorithm for clustering; and it not only compared the computational efficiency with the representative privacy protection algorithm (k, e)- MDAV algorithm, but also used the improved algorithm to analyze an application case involving personal location information. The results show that the improved algorithm proposed in this paper can effectively improve the operation efficiency based on the implementation of anonymous data, and has strong anti-link attack and anti-homogeneity attack performance.

Figures and Tables | References | Related Articles | Metrics

Detection Method for C Language Family Based on Graph Neural Network and Generic Vulnerability Analysis Framework

ZHU Lina, MA Mingrui, ZHU Dongzhao

2022, 22 (10): 59-68. doi: 10.3969/j.issn.1671-1122.2022.10.009

Abstract ( 185 )

HTML ( 7 )

PDF (1807KB) ( 58 )

Most of the existing automated vulnerability mining tools have poor generalization ability and high false positive and false negative rale. In this paper, a static detection model called CSVDM was proposed for multi-class vulnerabilities in C language family. CSVDM used code similarity detection and generic vulnerability analysis framework module to perform vulnerability mining at the source code level. The similarity detection module integrated longest common subsequence(LCS) algorithm and graph neural network to implement code cloning and homology detection, generating the vulnerability similarity list according to a preset threshold. The generic vulnerability analysis framework module performed context-dependent data flow and controled flow analysis of the source code to be tested to compensate for the the similarity detection module’s high false negatives in detecting vulnerabilities not caused by code cloning, and generated the vulnerability analysis list. CSVDM combined the vulnerability similarity list and the vulnerability analysis list to generate the final vulnerability detection report. The experimental results show that CSVDM has a substantial improvement in evaluation metrics compared to other vulnerability mining tools such as checkmarx.

Figures and Tables | References | Related Articles | Metrics

Detection of Malicious Ethereum Account Based on Time Series Transaction and Graph Attention Neural Network

SHI Tuo, LIANG Fei, SHANG Gangchuan, TIAN Yangjun

2022, 22 (10): 69-75. doi: 10.3969/j.issn.1671-1122.2022.10.010

Abstract ( 199 )

HTML ( 8 )

PDF (1376KB) ( 46 )

With the rapid development of blockchain, using ethereum to engage in pyramid selling, fraud, and money laundering crimes has increased year by year. Therefore, the detection of ethereum accounts has become an effective method to crack new types of crimes. The information was integrated into the characteristics of the ethereum address and account as a model to detect whether the account was a malicious one. The model in this paper improves the the neural network of graph attention mechanism and the time-series transaction information to realize the final expression of the address account characteristics. It is verified by experiments that the purposed model is superior to the graph neural network classification algorithm established by the traditional classification method.

Figures and Tables | References | Related Articles | Metrics

Study on Counter Intelligence Mechanism and Optimization Strategy for Network Information Security

MENG Xi

2022, 22 (10): 76-81. doi: 10.3969/j.issn.1671-1122.2022.10.011

Abstract ( 273 )

HTML ( 16 )

PDF (1261KB) ( 132 )

The intelligence threat under the network information environment is becoming an increasingly prominent problem, and the counter intelligence mechanism facing this security situation is still inadequate. This paper studied the counter intelligence mechanism and put forward the optimization strategy. From the perspective of intelligence governance of network information security, this paper interprets the challenges faced by counter intelligence work under the new situation of network information security. And around the problems exiting in the current counter intelligence mechanism, this paper explains the necessity of establishing the network information security intelligence mechanism, the innovative counter intelligence workflow and optimization strategy for network information security is proposed. The counter intelligence mechanism is systematically improved and the mechanism from recognition to evaluation feedback is reconstituted in the process.

Figures and Tables | References | Related Articles | Metrics

Analysis of Botnet Attack Data Based on Log

ZHU Tao, XIA Lingling, LI Penghui, XU Zhongyi

2022, 22 (10): 82-90. doi: 10.3969/j.issn.1671-1122.2022.10.012

Abstract ( 336 )

HTML ( 20 )

PDF (1547KB) ( 81 )

Botnet is an important means of organized hacker attack in recent years. Its unique attack mode makes its data different from other network attack methods. Based on the collected network attack packets, this paper extracted and analyzed the botnet attack data. Firstly, the network attack log analysis system was constructed by using honeypot domain name service agent technology, and the storage format of the attack log file was designed. Then, it realized the cleaning and extraction of the plaintext of the network attack through a variety of ciphertext identification methods, and extracted the botnet attack data according to the characteristics of the botnet attack behavior different from the network scanning and hacker attack. At the same time, the regular matching method was used to find that the botnet attack data contains five types of specific keywords, which could improve the identification efficiency of the botnet by building a string library. Finally, specific clustering features were selected based on the botnet attack data and analyzed by using two-stage clustering algorithm. The experimental results show that botnet attacks have port-biased characteristics. Virus downloading is an important means for botnet attacks. The attribute data distribution of specific port attacks was obviously different from that of other ports. Except for the four attributes related to the size of the sent packet, most of the selected attributes have strong clustering and discrimination ability, which can be used as an important feature for further intelligent analysis.

Figures and Tables | References | Related Articles | Metrics

Design of Collaborative Filtering Approach Recommendation Algorithm Based on Hadoop

YU Xianrong, FAN Jiejie

2022, 22 (10): 91-97. doi: 10.3969/j.issn.1671-1122.2022.10.013

Abstract ( 137 )

HTML ( 22 )

PDF (1803KB) ( 40 )

While dealing with complex computing tasks, the large number of heterogeneous data from different populations will cause abnormal values and noise in heterogeneous networks, which will lead to low performance of the recommendation algorithm easily. Thus, a personalized recommendation algorithm is proposed for such issue based on the items. Firstly, based on the Pearson correlation and cosine similarity method, the weight function of the item contribution is introduced in the similarity calculation.Secondly, according to the construction of the heterogeneous network, the similarity of two items is calculated by the design of the weight function, the insensitive performance of the outliers is realized. Finally, according to the movie data, we realized the collaborative filtering of the recommendation algorithm based on the Hadoop platform. Experimental results show that the method can effectively improve the accuracy and real-time performance of recommendation algorithm, improve the quality of network monitoring and prolong the network lifetime.

Figures and Tables | References | Related Articles | Metrics

Research on Security and Privacy Threats of Smart Wearable Devices

NI Xueli, WANG Qun, LIANG Guangjun

2022, 22 (10): 98-107. doi: 10.3969/j.issn.1671-1122.2022.10.014

Abstract ( 211 )

HTML ( 11 )

PDF (6163KB) ( 152 )

This paper studied the widespread security problems of smart wearable devices from two aspects: device architecture and data communication. Taking Apple Watch as an example, this paper proposed an extraction model of sensitive data based on the storage and transmission mode of sensitive data on the smart watch. This model innovatively combined the device itself and paired device, analyzed the sensitive data collected and stored by smart wearable devices and the existing security risks. Finally, the feasibility and validity of the proposed model was confirmed through the experiments. Wearable computing devices not only have the ability to collect a large amount of sensitive data, but also have security and privacy threats in data storage and pairing mechanism. The proposed model and the process of experimental verification is of great significance for further research on the security of various intelligent terminal devices in the Internet of Things.

Figures and Tables | References | Related Articles | Metrics

Research on Smart Speaker Security and Forensics

LIANG Guangjun, XIN Jianfang, NI Xueli, MA Zhuo

2022, 22 (10): 108-113. doi: 10.3969/j.issn.1671-1122.2022.10.015

Abstract ( 125 )

HTML ( 11 )

PDF (1283KB) ( 50 )

This article first analyzed the composition and principle of smart speakers. On this basis, the privacy and security issues of smart speakers were discussed, focusing on three types of attacks and their defense methods on smart speakers. Then, a smart speaker ecosystem evidence collection framework based on the cloud-net-end was proposed, and a smart speaker evidence collection analysis model was further proposed. This model includes device-side forensics, network forensics and cloud forensics. Finally, the mobile phone and the cloud were used for verification. The analysis results show that the built model is safe and effective, which can accurately obtain the user data in the smart speaker.

Figures and Tables | References | Related Articles | Metrics

Construction of Crime Predicting Model Based on Macro Data of Society

XU Boyang, WANG Dawei, TANG He, JIN Yifeng

2022, 22 (10): 114-120. doi: 10.3969/j.issn.1671-1122.2022.10.016

Abstract ( 379 )

HTML ( 31 )

PDF (2352KB) ( 151 )

The fluctuation of crime is affected by various macro social factors. Scientific predicting of the regular patterns of crime is undoubtedly of great guiding value for the organizations of social governing. Based on criminological theories and six sides elastic equilibrium model, the current study utilized social structure variables and crime rates’ data in Chinese statistical yearbook from 2001 to 2021 and the major analysing method of Granger causality test to construct the six sides elastic equilibrium model for crime predicting in China. Results showed that education level, urbanization’s rate, population mobility, GDP per capita, gender structure and population’s number had significant effects on crime rates in China. The determining coefficient of crime rates in 2025, 2027, 2031, 2032, 2033 and 2035 may break through the warning line of stable standardization. The conclusion aims to provide systematic suggestions for social governing departments on the application of prediction via big data, transformation of social structure under the background of normalization of pandemic prevention, and crime control in cyberspace.

Figures and Tables | References | Related Articles | Metrics

Research on Multi-Strategy Data Enhancement Technology for Fraud Short Message Identification

HU Mianning, LI Xin, LI Mingfeng, SUN Haichun

2022, 22 (10): 121-128. doi: 10.3969/j.issn.1671-1122.2022.10.017

Abstract ( 204 )

HTML ( 10 )

PDF (4794KB) ( 145 )

Aiming at the low robustness of the fraud short message identification model to the new fraud short message identification model, this paper proposed a model training method that included text generation and deep synthesis of data fusion enhancement technology. Through statistical analysis, it is found that the content and structural characteristics of the new fraud short message are different from those of ordinary fraud short message. By using data enhancement methods such as text generation, deep synthesis and integration technologies, the training set of native fraud short message is enhanced respectively, and comparative experiments are conducted on new fraud short message and native fraud short message in CNN, LSTM, GRU and other models to verify the optimization degree of model performance. Experimental results show that after using the data fusion enhancement technology, the recognition rate of the model for the new fraud short message increases from 73.4% to 98.4%, and the F1 value increases from 0.64 to 0.98. The overall performance of the fraud short message identification model is improved.

Figures and Tables | References | Related Articles | Metrics

CAPTCHA Security Enhancement Method Incorporating Multiple Style Migration and Adversarial Examples

ZHANG Zhi, LI Xin, YE Naifu, HU Kaixi

2022, 22 (10): 129-135. doi: 10.3969/j.issn.1671-1122.2022.10.018

Abstract ( 190 )

HTML ( 8 )

PDF (9026KB) ( 84 )

Completely automated public turing test to tell computers and humans apart(CAPTCHA) plays an important role in preventing automated attacks against Web services, but it is difficult to provide effective security protection when facing cracking tools with automatic recognition technology. If highly distorted and other brute force methods are used, it is difficult to recognize even by human eyes. This paper proposed a CAPTCHA security enhancement method incorporating multiple style migration and adversarial examples to defend unknown machine recognition by multiple style transfer while preserving the original content, and added noise to attack common models by adversarial examples to deceive neural networks. Experimental results on the text CAPTCHA dataset show that the generation algorithm proposed in this paper has a lower machine recognition rate and effectively improves the security of text CAPTCHA.

Figures and Tables | References | Related Articles | Metrics

Table of Content