Loading...
Netinfo Security

Table of Content

    10 January 2023, Volume 23 Issue 1 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    A Review of IDS Research in Smart Grid AMI Field
    JIN Zhigang, LIU Kai, WU Xiaodong
    2023, 23 (1):  1-8.  doi: 10.3969/j.issn.1671-1122.2023.01.001
    Abstract ( 384 )   HTML ( 35 )   PDF (9098KB) ( 195 )  

    As a key component of smart grid, advanced metering infrastructure (AMI) effectively supports important links such as real-time interactive distributed energy generation and storage in smart grid. However, the access of the network in AMI also puts the smart grid at severe security risks. In the field of AMI security, intrusion detection system (IDS) is widely used in AMI security protection due to its ability to actively detect attacks. By introducing the architecture of AMI, a key component of smart grid, this paper analyzed and determined the security weak points of AMI facing abnormal access. On this basis, this paper investigated the research status of connection-oriented and device-oriented IDS, detailed the application and development of IDS in the field of AMI in recent years, summarized and analyzed the problems that still exist in the field of IDS in the field of AMI, and gave a hierarchy outlook.

    Figures and Tables | References | Related Articles | Metrics
    Task Data Migration Solution Based on SM2 and SM4 Under TEE
    LIU Qin, GUO Kaiyuan, TU Hang
    2023, 23 (1):  9-17.  doi: 10.3969/j.issn.1671-1122.2023.01.002
    Abstract ( 282 )   HTML ( 20 )   PDF (10776KB) ( 116 )  

    Trusted execution environment (TEE) technology is often used to protect the confidentiality and integrity of users’ critical task data on cloud servers, which often need to be migrated considering the load balancing and service response latency of cloud servers. In order to solve the problems of how to confirm the identity credibility of the migration parties, how to ensure the security of migrating data transmission, and how to improve the migration performance. This paper proposed an efficient and secure migration scheme for task data under TEE. The scheme used software guard extension(SGX) remote attestation to verify the identity credibility of the migration parties, and it ensured the secure transmission of the migrated data based on the SM2 and SM4 algorithms. The security analysis shows that the solution can ensure the trustworthiness of the identity of both parties and the security of the migration data transmission. And the simulation results show that the migration solution can improve the speed of task data migration under TEE.

    Figures and Tables | References | Related Articles | Metrics
    Vulnerability Similarity Algorithm Evaluation Based on NLP and Feature Fusion
    JIA Fan, KANG Shuya, JIANG Weiqiang, WANG Guangtao
    2023, 23 (1):  18-27.  doi: 10.3969/j.issn.1671-1122.2023.01.003
    Abstract ( 301 )   HTML ( 20 )   PDF (21216KB) ( 180 )  

    The study of vulnerability similarity helps security researchers to find solutions to new vulnerabilities from historical vulnerability information. The existing work on vulnerability similarity is not much, and the selection of its model is also lack of objective experimental data support. On this basis, this paper combined various word embedding technologies and deep learning auto-encoders to calculate semantic similarity from the perspective of vulnerability description text. At the same time, multi-dimensional feature data were extracted from public databases such as NVD, to calculate vulnerability feature similarity from the perspective of vulnerability features, and finally a dual angle vulnerability similarity measurement algorithm and evaluation scheme based on NLP and feature fusion was designed. Based on objective experimental analysis, the effects of various model combinations were compared from the aspects of numerical distribution, similarity discrimination, accuracy, etc. The final optimized model combination can obtain the highest F1 score of 0.927 in the determination of vulnerability similarity.

    Figures and Tables | References | Related Articles | Metrics
    A Revocable Identity-Based Broadcast Encryption Scheme Based on SM9
    ZHANG Xuefeng, HU Yixiu
    2023, 23 (1):  28-35.  doi: 10.3969/j.issn.1671-1122.2023.01.004
    Abstract ( 177 )   HTML ( 15 )   PDF (8385KB) ( 98 )  

    This paper proposed an improved revocable broadcast encryption scheme based on the national secret identification algorithm SM9. Based on the SM9 identification broadcast encryption scheme and the revocable broadcast encryption scheme, the scheme manages the user’s rights through a binary tree, and realized the revocation and joining of authorized users. The key generation center used the binary tree to generate an update key for the user who was not revoked. The user can only obtain the corresponding session key through the key, so as to decrypt the broadcast ciphertext to obtain data. In the random oracle model, the scheme is proved to be indistinguishable under the selective plaintext attack. The efficiency analysis shows that this scheme is a revocable broadcast encryption scheme with high efficiency and better practicability.

    Figures and Tables | References | Related Articles | Metrics
    Intrusion Detection Method of ICS Based on Improved CGAN Algorithm
    WANG Huazhong, TIAN Zilei
    2023, 23 (1):  36-43.  doi: 10.3969/j.issn.1671-1122.2023.01.005
    Abstract ( 217 )   HTML ( 17 )   PDF (8518KB) ( 101 )  

    In this paper, an improved conditional generative adversarial network algorithm was proposed, and the Wasserstein distance was added to measure the distance between synthetic and real samples, for solving the instability problem that cause the generator gradient to disappear when two types of samples were ignored to overlap in CGAN. The effectiveness of the algorithm was verified on the UCI dataset with different imbalance rates. Then the WCGAN-SVM intrusion detection model of industrial control system was constructed and verified on the industrial control dataset SWaT. The experimental results show that the method increases the accuracy of detecting attack samples by 3.51% and decreases the false alarm rate and the false negative rate by 2.29% and 2.19% compared with SVM.

    Figures and Tables | References | Related Articles | Metrics
    Community-Detection-Based Influence Blocking Maximization Algorithm in Social Network
    MU Zhiying, XU Jiaquan, LI Xiaoyu
    2023, 23 (1):  44-56.  doi: 10.3969/j.issn.1671-1122.2023.01.006
    Abstract ( 229 )   HTML ( 13 )   PDF (13828KB) ( 88 )  

    With the increasing popularity of social networks, social networks have become the main platform for information dissemination. The relative difficulty of regulating the content of social networks has led to some negative messages spreading easily and producing large adverse effects. The influence blocking maximization aims to find the set of nodes that need to adopt positive influence to minimize the number of nodes affected by negative messages in the process of information dissemination. To address the problem of high running time complexity of existing social network influence blocking algorithms, in this paper, we proposed an influence blocking maximization algorithm based on community detection, which first utilized the extended h-index centrality of social network nodes to select candidate seed nodes, and then used these seed nodes as the starting point to discover communities in social networks with a label propagation algorithm, followed by calculating the social network communities by of the relationship matrix and the modularity of the current relationship matrix to merge the communities, and finally, the labeling metric rank of the initial seed nodes was calculated and the top k nodes were selected as the members with the maximum blocking influence. The experimental results show that the algorithm has good blocking performance and low time complexity.

    Figures and Tables | References | Related Articles | Metrics
    An Approach to Identifying Key Hackers in Social Networks
    MA Xiangjun, HE Jingsha, WU Tiejun, FAN Dunqiu
    2023, 23 (1):  57-65.  doi: 10.3969/j.issn.1671-1122.2023.01.007
    Abstract ( 232 )   HTML ( 26 )   PDF (9894KB) ( 137 )  

    The situation of computer network security is very serious, so the research on the hackers who carry out network attacks and the organizations where the hackers are located becomes more and more important. Social networks have become the main platform for hackers to communicate with each other and an important channel for network security researchers to obtain information because of their characteristics of not being restricted by time and space. In order to analyze the hackers in social networks, this paper proposed a community detection-based method for identifying key hackers in social networks. Firstly, the article imlemented community segmentation of the network in an unsupervised manner through graph convolutional networks. Secondly, through the improved PageRank algorithm, the topic similarity and interaction between users were used to measure the influence of users in the community. Finally, the efficiency of key hackers in network propagation was evaluated through an independent cascade model. Experiments on the Twitter dataset show that the method can effectively identify key hacker users in social networks.

    Figures and Tables | References | Related Articles | Metrics
    Lightweight IoT Intrusion Detection Method Based on Feature Selection
    LIU Xiangyu, LU Tianliang, DU Yanhui, WANG Jingxiang
    2023, 23 (1):  66-72.  doi: 10.3969/j.issn.1671-1122.2023.01.008
    Abstract ( 291 )   HTML ( 19 )   PDF (7891KB) ( 144 )  

    With the large-scale use of the Internet of Things (IoT), the security problem has become increasingly prominent. How to detect network attacks accurately and in real time in the IoT environment with limited resources is a key problem that needs to be solved urgently. Intrusion detection system based on network traffic features is a solution to the security of IoT. This solution remains the problem of the large number of features make training fast and lightweight detection models difficult. To address this issue, this paper proposed a feature selection technique based on Pearson correlation coefficient and variance expansion factor. In this method, traffic characteristics were selected under flow granularity, and normal and malicious traffic were classified by machine learning algorithm. The experimental results show that this method can quickly and effectively detect network attacks with limited resources, and the overall precision and recall reach 99.4%.

    Figures and Tables | References | Related Articles | Metrics
    DNS Covert Channel Detection Based on Graph Attention Network
    SHEN Chuanxin, WANG Yongjie, XIONG Xinli
    2023, 23 (1):  73-83.  doi: 10.3969/j.issn.1671-1122.2023.01.009
    Abstract ( 234 )   HTML ( 11 )   PDF (11668KB) ( 127 )  

    Domain name system (DNS) covert channel is increasingly frequent in APT attacks, which is a potential threat to cyberspace security. Aiming at the lack of correlation analysis in DNS covert channel detection based on domain name, this paper proposed a DNS covert channel detection method DSR-GAT based on domain semantic representation (DSR) and graph attention network (GAT), which transformed DNS covert channel detection at domain name level into an undirected graph node classification task. First, based on domain name correlation, domain graph (DG) was constructed using undirected graph structure. Then, using the text data attribute of domain name and its semantic representation was extracted by one-dimensional convolutional neural network as feature representation of nodes in DG. Finally, the feature representation of each domain name was enhanced by the message propagation mechanism and multiple self-attention mechanism of graph attention network. Experimental results on public dataset and our own dataset based on real APT samples show that the proposed DSR-GAT has an ideal detection effect, reduces the failure rate while solving the above problems, and reduces security risks to some extent.

    Figures and Tables | References | Related Articles | Metrics
    Evaluation Method for Cross-Chain Security Strength Access
    FENG Yiting, MA Zhaofeng, XU Danheng, DUAN Pengfei
    2023, 23 (1):  84-92.  doi: 10.3969/j.issn.1671-1122.2023.01.010
    Abstract ( 153 )   HTML ( 10 )   PDF (9420KB) ( 103 )  

    In view of the current security issues of various blockchain cross-chain systems, this paper proposed a set of cross-chain blockchain security strength evaluation methods, and divided security issues into four types: cross-chain trust issues, cross-chain consensus issues, cross-chain security issues, and cross-chain network issues. At the same time, according to their evaluation characteristics, the combination of the analytic hierarchy process and the fuzzy comprehensive evaluation method was used to construct an evaluation matrix to refine the weight coefficients, conducted quantitative and qualitative evaluations of the system and calculated the membership degree, and analyzed the system security according to the result. It is meaningful for cross-chain platforms or systems to evaluate their own security and make advancement. Through the security strength evaluation on the cross-chain system, the result is that the system is better than normal, with a score of 78.27, and still have some improvement. This method has a certain effect on the security evaluation of cross-chain blockchain system.

    Figures and Tables | References | Related Articles | Metrics
    An Image Information Hiding Algorithm Based on Cross-Domain Adversarial Adaptation
    LI Jiyu, FU Zhangjie, ZHANG Yubin
    2023, 23 (1):  93-102.  doi: 10.3969/j.issn.1671-1122.2023.01.011
    Abstract ( 231 )   HTML ( 14 )   PDF (14860KB) ( 91 )  

    Image information hiding is one of the important methods to ensure information security. With the growth of deep learning, numerous deep learning-based image to image steganography models have been presented. Most of them are deficient in terms of image quality, hiding security, or embedding capability balance. So, this paper proposed an image information hiding algorithm based on cross-domain adversarial adaptation to address the above problems. First, a super-resolution network was built to embed the secret information into the image content unaffected by zooming in and out, to increase the secret information’s embedding capability. Then, an attention mechanism was introduced to the encoding network to enable the network to focus on the primary features and suppress superfluous features, so enhancing the image’s resolution. Finally, a domain adaption loss was introduced to the generator network to guide the production of the stego image, and the model was trained in a generative adversarial way to reduce the cross-domain difference between the carrier image and the stego image. The experimental results demonstrate that, compared to other steganography techniques, the proposed algorithm improves the security and embedding capability of information hiding while maintaining image quality.

    Figures and Tables | References | Related Articles | Metrics