Loading...
Netinfo Security

Table of Content

    10 February 2023, Volume 23 Issue 2 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    Research on Man-in-the-Middle Attack Detection in LTE Access Network Based on Weighted Bayesian Classifier
    PENG Cheng, FAN Wei, ZHU Dali, YANG Fen
    2023, 23 (2):  1-10.  doi: 10.3969/j.issn.1671-1122.2023.02.001
    Abstract ( 305 )   HTML ( 16 )   PDF (10618KB) ( 122 )  

    The air interface of radio access network is exposed to the outdoors and can be accessed to anyone, which is easy to be controlled and attacked by others. Man-in-the-middle (MITM) attack is one of the typical attacks. This paper aimed to detect MITM attack on the air interface of LTE access network, and focused on the access process that was vulnerable to MITM attack. It analyzed the changes of signaling and parameters and extracted eight identifiable features. Considering the different effects of each feature on the classification results, this paper used the advantages of genetic algorithm in combination optimization problem to solve the optimal weights combination of weighted Bayesian classifiers, improved the calculation method of weighted parameters, and proposed a new MITM attack detection algorithm from the perspective of signaling and logging. Finally, this paper compared the detection algorithm based on the weighted Bayesian classifier with the common detection methods of MITM attack. The result shows that the algorithm in this paper is obviously superior to other algorithms in terms of accuracy and false negatives.

    Figures and Tables | References | Related Articles | Metrics
    Research on Integrity Measurement Scheme Based on Virtual Trusted Platform Module
    QIN Zhongyuan, GE Zhenwei, PAN Jingwei, CHEN Liquan
    2023, 23 (2):  11-18.  doi: 10.3969/j.issn.1671-1122.2023.02.002
    Abstract ( 244 )   HTML ( 17 )   PDF (9691KB) ( 94 )  

    Aiming at the problem that the SHA-1 digest algorithm is no longer secure, which makes the hardware TPM untrustworthy, this paper proposed an integrity measurement scheme based on the virtual trusted platform module, added a new measurement framework called self-updating measurement, appended the summary value of the timestamp as additional content to the measurement component, and added random numbers to avoid clock attacks. At the same time, a self-updating log similar to the form of vTPM measurement list was designed to improve the measurement verification process. Finally, the functional verification was carried out in the experimental environment based on Xen. The experimental results show that this scheme can increase the attacker’s attack time cost squarely, and the security of the integrity measurement has been greatly improved.

    Figures and Tables | References | Related Articles | Metrics
    Method of Local Differential Privacy Method for High-Dimensional Data Based on Improved Bayesian Network
    ZHAO Jia, GAO Ta, ZHANG Jiancheng
    2023, 23 (2):  19-25.  doi: 10.3969/j.issn.1671-1122.2023.02.003
    Abstract ( 264 )   HTML ( 9 )   PDF (8277KB) ( 96 )  

    In this paper, a local differential privacy method for high-dimensional data based on improved Bayesian network was proposed. By using the differential privacy protection algorithm of data source, the client data set was disturbed to generate the disturbed data set, so that the privacy of the local original data set was protected, and the privacy security of users was fundamentally protected. Then the high-dimensional data set was reduced to several low-dimensional attribute sets by the improved Bayesian network, and the new data set was finally synthesized,and the artificial bee colony algorithm was used to further improve the construction of Bayesian network structure. Finally, the experimental results show that the research method in this paper has advantages in data practicability, and the Bayesian network structure achieved better convergence.

    Figures and Tables | References | Related Articles | Metrics
    An Advanced Persistent Threat Model of New Power System Based on ATT&CK
    LI Yuancheng, LUO Hao, WANG Qingle, LI Jianbin
    2023, 23 (2):  26-34.  doi: 10.3969/j.issn.1671-1122.2023.02.004
    Abstract ( 318 )   HTML ( 21 )   PDF (10403KB) ( 129 )  

    The establishment of a new power system with new energy as the main body has greatly increased the proportion of new energy and multiple load forms. The high proportion of renewable energy and power electronic equipment access, as well as the randomness of the supply side and the demand side, lead to an increase in the attack surface of the power grid. Advanced persistent threat (APT), which tamper or block data, seriously affect grid scheduling and energy consumption. Based on the ATT&CK knowledge base, a kill chain model for APT attacks on new power systems was established. It is difficult to divide the APT attack technology into the kill chain attack stage, resulting in the inability of security personnel to make defense decision-making quickly, a method of dividing APT attack technology stages based on the kill chain model was proposed. The Bert model was used to perform semantic analysis on technical texts, and the attack technologies were automatically divided into their respective stages by training the model. Experimental results show that this method achieves better results than existing models.

    Figures and Tables | References | Related Articles | Metrics
    Intelligent Optimization and Decision Method of Cloud Resources Based on Trusted Service
    WANG Yan, ZHANG Kunpeng, JI Zhicheng
    2023, 23 (2):  35-44.  doi: 10.3969/j.issn.1671-1122.2023.02.005
    Abstract ( 206 )   HTML ( 14 )   PDF (10106KB) ( 88 )  

    With the application and development of cloud computing, cloud security has attracted much attention. Cloud resources cannot be matched under malicious attacks. Rational allocation of cloud resources is a prerequisite for cloud security. In order to solve the problems of resource trusted service, resource allocation optimization and security scheme evaluation, this paper innovatively proposed intelligent optimization and decision method of cloud resource security based on trusted service. Firstly, a multi-objective optimization model of resource security reliability, time, cost and service quality was established. Then, the improved particle swarm optimization algorithm was used to solve it, and the VIKOR evaluation method based on G1-improved entropy weight method was used to select the optimal cloud security scheme. Meanwhile, in order to overcome the premature convergence of particle swarm, dynamic inertia weight and velocity perturbation strategy were integrated to improve the algorithm. Finally, simulation experiments show that the improved algorithm has a wider solution set and better convergence than other algorithms, and verifies the effectiveness of the evaluation method under trusted services, and improves the security of cloud resource services.

    Figures and Tables | References | Related Articles | Metrics
    Research on Physical Layer Security Technologies for Smart Eavesdropper Attack
    LIU Jue, CHENG Kaixin, YANG Weiwei
    2023, 23 (2):  45-53.  doi: 10.3969/j.issn.1671-1122.2023.02.006
    Abstract ( 373 )   HTML ( 19 )   PDF (11358KB) ( 127 )  

    With the continuous development of wireless electromagnetic devices, the smart eavesdropper attack brings new security challenges to wireless communication. As an alternative option to wireless communication security, physical layer security technology has attracted the attention of researchers in recent years. The researches of physical layer security on smart eavesdropping attacks have made rich achievements. From the perspectives of signal processing technologies and wireless resource management methods, this paper summarized the current research status of anti-smart eavesdropper based on physical layer security technology from two aspects, and the prospect of future research directions was discussed.

    Figures and Tables | References | Related Articles | Metrics
    A Scheme of Optimizing Deep Learning Model Using Bi-ADMM
    XU Zhanyang, CHENG Luofei, CHENG Jianchun, XU Xiaolong
    2023, 23 (2):  54-63.  doi: 10.3969/j.issn.1671-1122.2023.02.007
    Abstract ( 314 )   HTML ( 6 )   PDF (9812KB) ( 90 )  

    ADMM is widely used in the field of traditional machine learning model optimization, and it has solved some deep learning optimization problems, and its performance in deep learning optimization has exceeded most of the gradient-based optimization algorithms. Compared with ADMM, Bi-ADMM converges faster and it is more stable. This paper proposed a optimization scheme (dlBi-ADMM) to optimize deep learning problem, and used an accelerated proximal gradient algorithm to optimize coupled variables to reduce the complexity of matrix inversion operations. Then, it provided the specific function of the optimization subproblem for each variable in detail. Finally, experiments show that the optimization results of the dlBi-ADMM algorithm proposed in this paper can improve the accuracy of the model more than the results of the dlADMM optimization, and the dlBi-ADMM algorithm performs better than the dlADMM algorithm in time efficiency.

    Figures and Tables | References | Related Articles | Metrics
    Research on Membership Inference Attack Method Based on Double Threshold Function
    CHEN Depeng, LIU Xiao, CUI Jie, ZHONG Hong
    2023, 23 (2):  64-75.  doi: 10.3969/j.issn.1671-1122.2023.02.008
    Abstract ( 209 )   HTML ( 6 )   PDF (15035KB) ( 70 )  

    The emergence of massive data and powerful computing power has brought deep learning to an unprecedented height, and its wide application in areas such as intelligent transportation and medical diagnosis has brought many conveniences to people’s daily lives. However, privacy leakage in machine learning cannot be ignored. Among them, the membership inference attack infers that whether the data sample can used in the training set of the machine learning model, thus interfering with the user’s training data. Firstly, this paper introduced the single-threshold-based membership inference attack and its characteristics, visualized the data distribution of members and non-members for different attack methods, then analyzed the internal mechanism of the successful membership inference attack, and proposed an attack model based on a double-threshold function, and systematically analyzed and compared single-threshold and double-threshold membership inference attacks through experiments, and analyzed the attack performance of threshold-based membership inference attacks on different models and different datasets. The comparative experiments on multiple groups of control variables show that the membership inference attack based on the double-threshold function has better performance on some data sets and models, and the overall performance is more stable.

    Figures and Tables | References | Related Articles | Metrics
    Dependency-Based Vulnerability Detection Method in Container Supply Chain
    XIA Yihang, ZHANG Zhilong, WANG Muzi, CHEN Libo
    2023, 23 (2):  76-84.  doi: 10.3969/j.issn.1671-1122.2023.02.009
    Abstract ( 317 )   HTML ( 10 )   PDF (10813KB) ( 95 )  

    As a lightweight isolation method, the container has been widely applied due to its convenient deployment and portability. However, its isolation also naturally prevents its internal software components from being known by external detection tools. It will result in the inability to carry out general software component analysis and evaluation, further hindering threats in the software supply chain. To address this dilemma, this paper proposed a dependency-based vulnerability detection method in container supply chain, which was different from the popular tools that usually analyze by launching the target container. This method took the image as the granularity. The correlation between the layers in different images was used, this paper extracted the software formed based on the container image dependency on the basis of deconstructing the software image. The proposed method could detect supply chain security problems caused by multiple dimensions, such as image-content dependencies, execution-configuration dependencies, and dynamic build dependencies. The experimental results show that the proposed method can make sense in detecting various risks in the software supply chain and efficiently discover a large number of risks in public container repositories (such as Docker Hub).

    Figures and Tables | References | Related Articles | Metrics
    Static Detection Method of Android Adware Based on Improved Random Forest Algorithm
    HU Zhijie, CHEN Xingshu, YUAN Daohua, ZHENG Tao
    2023, 23 (2):  85-95.  doi: 10.3969/j.issn.1671-1122.2023.02.010
    Abstract ( 204 )   HTML ( 10 )   PDF (11784KB) ( 120 )  

    Android adware shows advertisement in a disruptive way, and has the possibility to further transform into malware which posed a serious threat to user’s smartphone. The traditional adware detection method has high time costs and depends on dynamic feature of Android adware, making it difficult to respond to large-scale, high-precision detection requirements. To solve this problem, an Android adware static detection method based on improved random forest algorithm was proposed. Based on the characteristics of android adware, on the basis of traditional application programming interface, permission and intent, the third party library was included in the scope of feature selection. Statically decompile all the APK of adware collected in the dataset and extract the static information from them, and the static information was statistically analyzed to obtain the high-frequency information. After filtering this information, the base feature set was determined, and the static information in each APK was extracted and transforms into the feature vector, based on the idea of ensemble, used a variety of feature selection algorithms to joinly select features for model training and gave feature weights. Finally, the improved random forest algorithm based feature weights was used to improve the accuracy of the classifier, 5751 adware and 3465 non-adware application were selected for classification detection. The experimental results prove that the method has a faster speed while ensuring the accuracy.

    Figures and Tables | References | Related Articles | Metrics
    Unsupervised Matrix Factorization Based Trigger Action Programming Rules Recommendation
    WANG Ming, XING Yongheng, WANG Feng
    2023, 23 (2):  96-103.  doi: 10.3969/j.issn.1671-1122.2023.02.011
    Abstract ( 239 )   HTML ( 8 )   PDF (10038KB) ( 54 )  

    TAP has been widely used in customized IoT device linkage. In addition to the conditional trigger relationship between items, the TAP data also contains the text description information about the relevant rules. How to use the multi-source heterogeneous attributes of TAP data is one of the important researches in the application of the IoT. In this paper, TAP data was modeled as a heterogeneous graph containing multiple types of nodes and edges, which realized the fusion of multiple types of relationships between multi-source heterogeneous data, and then generated a relationship matrix according to the connection between different types of nodes. Non-negative matrix factorization (NMF) was used to unsupervised learn the feature of each node in the TAP heterogeneous graph for TAP rule recommendation. This paper proposed three weighted relational matrix generation methods, which were called co-occurrence frequency weight (CFW), concept similarity weight (CSW) and TF-IDF weight (TIW). The experimental results show that feature vectors obtained from NMF, which decomposes the matrix generated by CFW have better performance in TAP rule recommendation.

    Figures and Tables | References | Related Articles | Metrics