Netinfo Security

Research on Testing Approaches for Network Security Products in Cloud Computing Environment

CHEN Yan, WEI Xiang, LU Zhen

2022, 22 (12): 1-6. doi: 10.3969/j.issn.1671-1122.2022.12.001

Abstract ( 231 )

HTML ( 35 )

PDF (7146KB) ( 213 )

While cloud computing is in-depth development, it is also facing new network security risks. Traditional network security products such as firewall and intrusion prevention system cannot fully meet the security protection requirements in cloud computing environment. Meanwhile, the form and type of network security products in cloud computing environment are also undergoing great changes in the concept of network security protection. This has led to changes in the mode and method of network security product testing in laboratory. By analyzing the security risks faced in cloud computing environment, this paper found out the development trend of network security products, and on this basis, provided the detection methods of network security products in cloud computing environment. On one hand, it can provide ideas for the design departments of network security products, on the other hand, it can also provide guidance for the detection institutions to carry out the detection of network security products in cloud computing environment.

References | Related Articles | Metrics

Anomaly Detection Model Based on Generative Adversarial Network and Autoencoder

GUO Sensen, WANG Tongli, MU Dejun

2022, 22 (12): 7-15. doi: 10.3969/j.issn.1671-1122.2022.12.002

Abstract ( 492 )

HTML ( 34 )

PDF (12429KB) ( 235 )

In recent years, machine learning, especially deep learning algorithms, has been widely used in the field of network traffic intrusion detection, the distribution of dataset sample categories is an important factor affecting the performance of machine learning algorithms. To address the problem of diverse network attack categories and uneven distribution of existing network traffic dataset categories, this paper proposed a network traffic anomaly detection model based on generative adversarial networks and self-encoders. Firstly, a conditional generative adversarial network based on Wasserstein distance was used to resample the minority categories in the original network traffic data. Secondly, the resampled data were reconstructed using a stacked denoising self-encoder to obtain potential information of the data. Finally, the encoder network combined with a Softmax network was used to identify anomalous network traffic data. Experiments are conducted on the NSL-KDD intrusion detection dataset, and the experimental results show that proposed anomaly detection model can effectively improve the recognition rate of minority categories.

Figures and Tables | References | Related Articles | Metrics

Research on Proactive Generation Protocol of Beaver Triples

LYU Kewei, CHEN Chi

2022, 22 (12): 16-24. doi: 10.3969/j.issn.1671-1122.2022.12.003

Abstract ( 313 )

HTML ( 2 )

PDF (10055KB) ( 105 )

In secure multi-party computation, Beaver triples have been one of basic technique to realize the secure computation of addition and multiplication under secret sharing, which can make the number of protocol rounds reach the polynomial of the number of participating parties. This paper studied secure generation protocol of Beaver triples in the mobile adversary model. First, a computational security, effective two-party active Beaver triple generation protocol was designed based on Paillier public key cryptosystem, whose number of rounds was twice the number of renew operations and sent three ciphertexts of Paillier cryptosystem in each round. Then the effective n-party Beaver triplet initiative generation protocol for information theory security was designed using primary cryptographic tools such as Shamir secret sharing, where n ≥ 3, the total number of elements sent by the protocol was at most 6nκ+6n, and the number of execution rounds is not more than 2κ+2, where к was the number of sharing fragment updates and the number of adversary control participants does not exceed n-2. Finally, protocol design ideas were given for malicious adversary articles.

References | Related Articles | Metrics

A Provably Secure Traceability Authentication Protocol Based on Chebyshev Chaotic Map

ZHANG Yu, SUN Guangmin, ZHAI Peng, LI Yu

2022, 22 (12): 25-33. doi: 10.3969/j.issn.1671-1122.2022.12.004

Abstract ( 152 )

HTML ( 8 )

PDF (9094KB) ( 73 )

In order to reduce computational cost and improve security, a novel traceability verification algorithm was designed by means of the irreversibility of the Hash function and the semigroup characteristic of the Chebyshev chaotic map. Based on the traceability verification algorithm, an authentication protocol of registry centrel offline mode was proposed. The proposed scheme combined the traditional password, biological features and public key cryptography to realize the three-factor authentication and mutual traceability authentication. The dual-key dual-encryption mechanism was designed in the authentication scheme. The calculated one-time key was used to encrypt the transmitted information, which can effectively reduce the computation cost and realize the ciphertext transmission, privacy protection and forward security. Through security analysis, BAN logic proof, and ProVerif simulation tool verification, the results show that the protocol is secure. Compared with other similar schemes, the proposed scheme is safer and more efficient. To conclude, the proposed scheme is easy to be realized in the resource-limited mobile Internet environment.

Figures and Tables | References | Related Articles | Metrics

Defense Research of High-Hidden Data Attack in Industry Control System

XU Ruzhi, LYU Changran, LONG Yan, LIU Yuanbin

2022, 22 (12): 34-46. doi: 10.3969/j.issn.1671-1122.2022.12.005

Abstract ( 188 )

HTML ( 8 )

PDF (12922KB) ( 154 )

Industrial control systems (ICS) is the key infrastructure in the industrial production process. Attackers attack multiple devices at the same time. This kind of data attack can aggravate the disorder of the system. In view of the data attacks in industrial control systems, this paper improved the process-aware stealthy-attack detection mechanism (PASAD), and proposed a robust principal component analysis and process-aware hidden attack detection algorithm(RPCA-PASAD) suitable for multivariate environments. Firstly, this paper used pearson correlation coefficient to divide the strongly correlated data into the same cluster, and magnifies the abnormal data. In this paper, RPCA was used to reduce and de-noise the data, and the de-noised data was embedded into the Hankel matrix. Secondly, this paper used the properties of the projection matrix to analyze the internal relationship between the denoised data to obtain the center of the system’s steady state data. At last, this paper used the least squares method to quantify the data and obtain the threshold for judging whether the data was abnormal. Simulation tests are carried out with the tennessee eastman (TE) process model and the secure water treatment (SWaT) model. The experimental results show that the detection algorithm in this paper is suitable for multivariate malicious data attack detection environment. The impact of the results has a strong real-time detection of hidden data attacks and a low false alarm rate, and can be efficiently deployed in the supervisory control and data acquisition (SCADA) host and programmable logic controller (PLC). It is of great significance for industrial control systems to reduce losses in production and life.

Figures and Tables | References | Related Articles | Metrics

Progress in Blockchain Solutions Based on Zero-Knowledge Proof

WANG Yong, CHEN Lijie, ZHONG Meiling

2022, 22 (12): 47-56. doi: 10.3969/j.issn.1671-1122.2022.12.006

Abstract ( 308 )

HTML ( 19 )

PDF (11894KB) ( 212 )

Anonymity is an important characteristic in blockchain, with the application of blockchain in many fields such as traceability systems, identity authentication, auction system, and the Internet of things, the risk of blockchain de-anonymization has increased greatly, and the privacy protection and audit supervision of data need to be addressed. Researchers have found advanced encryption primitive zero-knowledge proof in the field of cryptography to enhance the anonymity and privacy of blockchain, and there have been breakthroughs. This paper started from the blockchain scheme of zero-knowledge proof, firstly explained the principle mechanism of zero-knowledge proof, then comprehensively analyzed and compared the relevant schemes, divided the three research priorities of privacy payment, privacy computing, and audit supervision, and analyzed the research objectives and progress of each scheme in three priorities, summarized the advantages and shortcomings of the existing work, and finally analyzed the existing limitations and challenges based on the current research status and elaborates the future research directions.

Figures and Tables | References | Related Articles | Metrics

Research on LSTM-Based CAN Intrusion Detection Model

YIN Ying, ZHOU Zhihong, YAO Lihong

2022, 22 (12): 57-66. doi: 10.3969/j.issn.1671-1122.2022.12.007

Abstract ( 400 )

HTML ( 20 )

PDF (13102KB) ( 129 )

The controller area network (CAN) is connected to the core electronic control units of the intelligent networked automobile system, which is crucial to ensure the safety of the vehicle system. But it is vulnerable to denial of service(DoS) attack, replay attack and fuzzy attack due to its lack of adequate information security measures and thus causes serious security threat for automobiles and drivers. In order to effectively detect whether the CAN bus was attacked, the security threats and communication features were analyzed, and a model of CAN intrusion detection based on long short term memory (LSTM) was proposed, which could preserve the timing characteristics of CAN messages and effectively perform intrusion detection and attack classification. The experimental results show that the detection accuracy of the model is 99.99%.

Figures and Tables | References | Related Articles | Metrics

Data Privacy-Preserving Scheme on Blockchain for Heterogeneous Multi-Chain

WANG Sidie, MA Zhaofeng, LUO Shoushan, XU Danheng

2022, 22 (12): 67-75. doi: 10.3969/j.issn.1671-1122.2022.12.008

Abstract ( 152 )

HTML ( 14 )

PDF (9915KB) ( 115 )

In order to solve the problem of heterogeneous blockchain data privacy security, under the application scenario of knowledge payment, this paper proposed two data privacy protection schemes that support heterogeneous multi-chain, realizing knowledge sharing in the alliance chain and knowledge payment on the public chain. In the scheme, IPFS system was used to store knowledge files, which solved the problem of overloaded blockchain storage. In addition, in order to avoid the problem that the traditional public key encryption mechanism encrypts data for many times and repeatedly encrypts the data on the chain, this scheme used proxy re-encryption technology to achieve data sharing between the two parties involved. At the end of the paper, the author analyzed the security and performance of the method proposed in this paper from both theoretical and practical aspects.

Figures and Tables | References | Related Articles | Metrics

An Encryption Algorithm Based on Improved Logistic Mapping and Dual-Image Blending

WANG Qing, XU Guotian

2022, 22 (12): 76-86. doi: 10.3969/j.issn.1671-1122.2022.12.009

Abstract ( 135 )

HTML ( 11 )

PDF (10974KB) ( 79 )

To address the problem that the range of control parameters corresponding to the logistic mapping full shot in the image encryption system is too small, and the resisting ability of the encryption system to differential cryptanalysis needs to be improved, this paper designed an encryption algorithm based on the improved logistic mapping and dual-image blending. This system was based on the plaintext associative dislocation algorithm and used the dual-image blending as the pre-processing operation of image encryption, while the improved logistic mapping was applied to generate a random matrix for image diffusion. The improved logistic mapping effectively improved the range of values of the corresponding control parameters at full shot, and the dual-image blending pre-processing improved the ability of the encryption system to resist differential cryptanalysis. The experimental results show that the proposed encryption system has good performance in histogram analysis, correlation analysis, and sensitivity analysis, and can effectively resist various attacks such as exhaustive attack, differential cryptanalysis, and information entropy attack.

Figures and Tables | References | Related Articles | Metrics

Performance Analysis of P2P Networks Based on N-Preemptive Strategy and Variable Number of Players

YAN Miao, MA Zhanyou, JIANG Zishu, QIN Guoli

2022, 22 (12): 87-95. doi: 10.3969/j.issn.1671-1122.2022.12.010

Abstract ( 85 )

HTML ( 5 )

PDF (9097KB) ( 37 )

In this paper, an M/M/c queuing model with variable number of servers was established based on the P2P node online mechanism, while N-Preemptive priority, impatience and late startup strategies were introduced. A three-dimensional Markov process was constructed for the length of two types of content and the number of online players, and the performance indexes of the system in steady state were derived using matrix geometric solution method, and the relationship between the performance indexes and the change of parameters was analyzed through numerical experiments. And by establishing the benefit function with reasonable charges for P2P nodes, the Nash equilibrium between P2P nodes and benefits is analyzed and the optimal social benefits is obtained within a certain range, which provides a theoretical basis for the scheduling of P2P nodes.

Figures and Tables | References | Related Articles | Metrics

Table of Content