Loading...
Netinfo Security

Table of Content

    10 June 2023, Volume 23 Issue 6 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    Service Protection Scheme Based on Software Defined Perimeter
    HUANG Jie, HE Chengjun
    2023, 23 (6):  1-10.  doi: 10.3969/j.issn.1671-1122.2023.06.001
    Abstract ( 195 )   HTML ( 30 )   PDF (11220KB) ( 135 )  

    Aiming at the issue of service exposure resulting from the gradual collapse of the traditional network security architecture based on physical perimeter protection under a zero-trust environment, this paper proposed a service protection scheme based on software defined perimeter. The terminal was authorized by gathering user and device attributes of the request terminal. The single packet authorization mechanism performed authentication before connection, enabling features such as service hiding, identity authentication, and access control. Based on the concept of zero-trust continuous authentication, this scheme measured the access terminal at the firmware layer before initializing the operating system, and then constantly measured it depending on the service after the operating system was initialized. Finally, a trust evaluation algorithm based on analytic hierarchy process(AHP) was designed to assess terminal security. Results from the analysis of performance and security show that this scheme can effectively improve communication efficiency and withstand a variety of network security attacks.

    Figures and Tables | References | Related Articles | Metrics
    A Survey of Cyber Security Open-Source Intelligence Knowledge Graph
    WANG Xiaodi, HUANG Cheng, LIU Jiayong
    2023, 23 (6):  11-21.  doi: 10.3969/j.issn.1671-1122.2023.06.002
    Abstract ( 387 )   HTML ( 64 )   PDF (13519KB) ( 267 )  

    With the development of informatization, a large amount of cyber security information is generated online every day. However, the majority of security intelligence consists of multi-source and heterogeneous text data that are challenging to directly analyze and apply. Therefore, the introduction of a knowledge graph assumes paramount significance in order to facilitate profound semantic knowledge mining and enable intelligent reasoning analysis. On this basis, this paper first described how the cybersecurity knowledge graph was built. Then, it outlined the core technologies of the knowledge graph and related research work, including information extraction and knowledge reasoning. Finally, the challenges of building a cybersecurity knowledge graph were discussed, and some directions for further research were suggested.

    Figures and Tables | References | Related Articles | Metrics
    A False Data Injection Attack Detecting and Compensating Method
    XIE Ying, ZENG Zhu, HU Wei, DING Xuyang
    2023, 23 (6):  22-33.  doi: 10.3969/j.issn.1671-1122.2023.06.003
    Abstract ( 308 )   HTML ( 30 )   PDF (15071KB) ( 162 )  

    To accurately detect false data injection attacks in industrial control networks and quickly compensate for their impact on the system, this paper proposed an attack detecting and compensating method based on state estimation. The method constructed a sequence Kalman filter to optimally estimate the state vector based on the mathematical model of the industrial control system. Additionally, a double-judgment mechanism was designed to eliminate unstable states caused by noise and perturbation. Furthermore, the paper proposed a multi-step estimating attack compensation strategy that utilized the previously measured data in the safe state to provide a compensation control signal for the system. The experimental results conducted on the load frequency control system of the dual-area interconnected power system demonstrate the effectiveness of the proposed method in detecting and compensating for false data injection attacks. Moreover, the method outperforms the comparison algorithms in terms of frequency deviation control and control signal compensation.

    Figures and Tables | References | Related Articles | Metrics
    A Dynamic and Hierarchical Quantum Secret Sharing Protocol Based on Starlike Cluster States
    YANG Yuguang, LU Jiayu
    2023, 23 (6):  34-42.  doi: 10.3969/j.issn.1671-1122.2023.06.004
    Abstract ( 222 )   HTML ( 54 )   PDF (9581KB) ( 369 )  

    A hierarchical cluster state was constructed on the basis of the starlike cluster state, and then a dynamic, hierarchical quantum confidentiality sharing protocol was proposed using the constructed cluster state. The secret possessor distributed cluster particles with a hierarchical structure to each agent as his share. Agents assigned to higher ranking particles had higher authority while agents assigned to lower ranking particles had lower authority. Each class of agent did not have access to share information for agents of the same class, higher classes and lower classes. Due to the scalability of the cluster states, the proposed hierarchical quantum secret sharing scheme was dynamic, allowing for the additon of new agents at the same level, removal of old agents, and the upgrading and downgrading of agents between different layers. Finally, the article analysed the security of the proposed protocol.

    Figures and Tables | References | Related Articles | Metrics
    IoT Device Identification Method Based on LCNN and LSTM Hybrid Structure
    LI Zhihua, WANG Zhihao
    2023, 23 (6):  43-54.  doi: 10.3969/j.issn.1671-1122.2023.06.005
    Abstract ( 174 )   HTML ( 27 )   PDF (13256KB) ( 151 )  

    With the increasing number of IoT devices, the scale of network traffic in IoT environments has also skyrocketed. In order to efficiently identify and classify IoT devices from massive network traffic, this paper proposed a IoT devices recognition method. Firstly, in order to eliminate non-standard data samples in network traffic, a sliding window based data pre processing (SW based DPP) algorithm is studied and proposed, which uses the SW based DPP algorithm to clean the data; Then, in order to reduce the complexity of IoT devices recognition methods, a lightweight convolutional neural network (LCNN) was proposed, and a neural network model based on LCNN-LSTM hybrid structure was proposed by combining LCNN and LSTM structures; Input the preprocessed network traffic into the LCNN-LSTM model for IoT devices classification; Finally, based on the aforementioned hybrid structure neural network model, a further Internet of Things Devices Identification based on LCNN and LSTM Hybrid Structure (LCNN-LSTM-based IoTDI) method was proposed. The LCNN-LSTM-Based IoTDI method iteratively traind the LCNN-LSTM model to deeply mine the temporal and spatial dual features in network traffic, and used a softmax classifier to achieve the goal of IoT devices recognition. The experimental results show that on the UNSW, CIC IoT, and Laboratory datasets, the running time of the LCNN-LSTM model decreased by an average of about 47.63% compared to the CNN-LSTM model, and the F1 values of the LCNN-LSTM-Based IoTDI method are 88.6%, 95.6% and 99.7%. It has been proven that the LCNN-LSTM-Based IoTDI method has efficient devices recognition capabilities.

    Figures and Tables | References | Related Articles | Metrics
    A Privacy Protection Scheme for Information-Centric Networking Based on Intel SGX
    TANG Yu, ZHANG Chi
    2023, 23 (6):  55-65.  doi: 10.3969/j.issn.1671-1122.2023.06.006
    Abstract ( 127 )   HTML ( 19 )   PDF (13094KB) ( 94 )  

    As a novel network architecture, Information-Centric Networking (ICN) maximizes the utilization of network bandwidth and provides fast, reliable, and scalable content exchange services. However, the routing nodes in ICN are required to perform additional functions, such as data storage and name retrieval, making their software and hardware architecture more complex than traditional networks. This complexity can lead to increased vulnerabilities in the network infrastructure. Therefore, this paper proposed a privacy protection scheme for ICN based on a trusted execution environment. The scheme used skip lists to store the primary memory data within the network and leveraged the trusted execution environment provided by Intel SGX to ensure the confidentiality and integrity of data stored in untrusted memory. Furthermore, a forwarding scheme was proposed to protect the privacy of network content packet names. The experimental results demonstrate that the proposed approach can provide enhanced security, with only a slight increase of approximately 10% in average network-level latency compared to the NDN baseline solution.

    Figures and Tables | References | Related Articles | Metrics
    Software Tamper Resistance Scheme Based on White-Box CLEFIA Implementation
    LUO Yinuo, YAO Si, CHEN Jie, DONG Xiaoli
    2023, 23 (6):  66-73.  doi: 10.3969/j.issn.1671-1122.2023.06.007
    Abstract ( 189 )   HTML ( 8 )   PDF (8678KB) ( 69 )  

    In 2002, Chow et al. defined the concept of white-box attack context according to the application scenario of digital rights management (DRM), and modeled it as an extreme attack model, namely white-box model. The white-box model subverts many restrictions on the ability of the attacker in the previous attack model. From the point of view of software protection, the attacker is considered to have complete control over the target software and its execution. Therefore, in the white-box model, devices in digital rights management systems, such as smart cards and set-top boxes, may be tampered with by attackers. Based on the white-box implementation scheme of CLEFIA algorithm, this paper proposed a software tamper-resistance scheme for digital rights management system. This scheme hided the lookup table interpreted by the binary code file of the software in the lookup table set of the white-box implementation scheme of the CLEFIA algorithm, so that the tamper-resistance security of the software was combined with the encryption and decryption correctness of the white-box implementation scheme of the CLEFIA algorithm. If the software suffers tampering, an error will occur in the encryption and decryption result of the white-box implementation of CLEFIA algorithm. In addition, it is difficult for the attacker to repair the correctness of the encryption and decryption of the white-box implementation of the CLEFIA algorithm.

    Figures and Tables | References | Related Articles | Metrics
    Review of Adversarial Samples for Modulation Recognition
    JIANG Zenghui, ZENG Weijun, CHEN Pu, WU Shitao
    2023, 23 (6):  74-90.  doi: 10.3969/j.issn.1671-1122.2023.06.008
    Abstract ( 243 )   HTML ( 27 )   PDF (20260KB) ( 138 )  

    Modulation recognition is a key component in the fields of cognitive radio, electronic warfare, and other related areas. It is also an important prerequisite for efficient signal processing in receivers. Due to the unique advantages of deep learning, such as autonomous analysis, automatic feature extraction, and nonlinear fitting, which traditional methods cannot match, it has great potential in modulation recognition. However, deep learning models are vulnerable to adversarial attacks, which seriously affect the task of modulation recognition. Although adversarial sample attacks have been widely studied in the fields of computer vision and natural language processing, research results in the field of modulation recognition are relatively scattered. This article introduced the modulation recognition technology based on deep learning, established the problem model of modulation recognition, and elaborated on the application status of common neural networks in modulation recognition, as well as listed and compared commonly used datasets and simulation results of modulation recognition. By reviewing attack types, adversarial sample generation, and defense strategies, we summarized the latest research results, established a classification system for different types of attacks and defence, and discussed the future prospects of adversarial samples in wireless communication.

    Figures and Tables | References | Related Articles | Metrics
    Threat Intelligence-Driven Dynamic Threat Hunting Method
    WU Shangyuan, SHEN Guowei, GUO Chun, CHEN Yi
    2023, 23 (6):  91-103.  doi: 10.3969/j.issn.1671-1122.2023.06.009
    Abstract ( 204 )   HTML ( 27 )   PDF (14804KB) ( 124 )  

    In recent years, with the development of automatic extraction technology of open source threat intelligence, threat hunting on Provenance Graph driven by threat intelligence has the advantages of not requiring expert knowledge and providing complete attack scenarios, which is an effective threat detection method. However, existing threat hunting methods still suffer from several limitations. On the one hand, they rely on Indicators of Compromise (IOC) for threat searches, which makes them difficult to effectively detect threats in cases where the attack evades detection; on the other hand, existing methods often neglect the application scenarios of continuous hunting, ignoring the high costs associated with such hunting. To address these issues, this paper proposed a Threat Intelligence-Driven Dynamic Threat Hunting Method (DyHunter), which can perform continuous threat hunting even when threat intelligence is inconsistent with the actual attack due to attack evasion. DyHunter used a composite candidate subgraph selection algorithm to avoid missing attack nodes and attack subgraphs, and employed a multi-layer graph similarity learning method to learn topology and node attribute similarity to improve model robustness. It generated and maintained a suspicious subgraph to reduce the cost of continuous hunting. Experimental results show that, compared with existing methods, DyHunter can effectively ensure high accuracy under the impact of attack evasion, and reduce more than 94.1% of space overhead during the continuous hunting process.

    Figures and Tables | References | Related Articles | Metrics
    Research on Countermeasures for Network Security Governance
    SUN Chengcheng
    2023, 23 (6):  104-110.  doi: 10.3969/j.issn.1671-1122.2023.06.010
    Abstract ( 177 )   HTML ( 30 )   PDF (7873KB) ( 131 )  

    In order to deeply implement the national cybersecurity law and address the difficulties and challenges faced by cybersecurity governance in both technology and management, this article took the cybersecurity law as the basic principle and explored how to continuously promote the in-depth development of cybersecurity governance in accordance with the law. It proposed to establish a governance orientation strategy based on the logic of cybersecurity and achieve balance and progress in ensuring security and promoting development. Highlighting the key element of data security governance, establishing agile and efficient risk assessment methods and other strategies, this article aimed to build a solid network security firewall through comprehensive governance with multiple measures, and create a green and sustainable network ecosystem.

    Figures and Tables | References | Related Articles | Metrics