Loading...
Netinfo Security

Table of Content

    10 August 2023, Volume 23 Issue 8 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    Review of Fuzzing Based on Machine Learning
    WANG Juan, ZHANG Chong, GONG Jiaxin, LI Jun’e
    2023, 23 (8):  1-16.  doi: 10.3969/j.issn.1671-1122.2023.08.001
    Abstract ( 554 )   HTML ( 81 )   PDF (20467KB) ( 406 )  

    Fuzzing is one of the most popular vulnerability discovering techniques today. Traditional fuzzing often requires a lot of labor, which increases the application cycle of fuzzing. Besides, expert experience determines the effect of fuzzing. The wide application of machine learning has enabled machine learning techniques to be applied to software security testing. Many research works use machine learning to optimize the fuzzing process, making up for many defects of traditional fuzzing technology. This paper provided a review of fuzzing based on machine learning. Firstly, common vulnerability discovery methods, fuzzing process and classification, and the shortcomings of traditional fuzzing were summarized. Then, from the perspective of test case generation, mutation, screening, and scheduling of fuzzing, this paper focused on the application research of machine learning methods in fuzzing, as well as the research work on combining machine learning and fuzzing to realize other functions. Finally, based on the existing work, this paper analyzed and summarized the limitations and challenges in the current research work, and prospected the future development directions of this field.

    Figures and Tables | References | Related Articles | Metrics
    SDP-CoAP: Design of Security Enhanced CoAP Communication Framework Based on Software Defined Perimeter
    ZHANG Wei, LI Zixuan, XU Xiaoyu, HUANG Haiping
    2023, 23 (8):  17-31.  doi: 10.3969/j.issn.1671-1122.2023.08.002
    Abstract ( 160 )   HTML ( 23 )   PDF (17783KB) ( 97 )  

    Constrained Application Protocol(CoAP), as a new Internet of Things(IoT) protocol, can not meet the new security requirements despite considering its security design. This paper proposed a security enhanced CoAP communication framework (SDP-CoAP) based on Software Defined Perimeter(SDP-CoAP). SDP-CoAP used Single Packet Authentication(SPA) technology. The client added authentication information, the tunnel encryption method of the Datagram Transport Layer Security(DTLS) and the CoAP request method to the first packet in the handshake process and send it to the SDP controller to achieve authentication before communication. For authenticated access requests, the credibility of the access was evaluated in real time from multiple dimensions such as environment and behavior, and multi-dimensional dynamic access authorization was realized by combining different request methods of the client. This paper also analyzed the specific deployment mode of SDP-CoAP architecture, and designed a deployment mode that integrated security performance, energy consumption and processing delay. Experiments verify that the client gateway deployment mode of SDP-CoAP can effectively enhance the security of CoAP network without introducing significant energy consumption and network delay.

    Figures and Tables | References | Related Articles | Metrics
    Quantum Secret Sharing Schemes Based on a Class of Restricted Access Structures
    LI Zhihui, LUO Shuangshuang, WEI Xingjia
    2023, 23 (8):  32-40.  doi: 10.3969/j.issn.1671-1122.2023.08.003
    Abstract ( 135 )   HTML ( 23 )   PDF (9385KB) ( 67 )  

    In this paper, a multi-party quantum secret sharing based on a restricted access structure was designed using the quantum correlation of GHZ entangled state. In this paper, firstly, the participants were divided into two mutually disjoint subsets with three particles of the $d$-dimensional GHZ state as information carriers, and the participants in the two mutually disjoint subsets held the second and third particles of the GHZ state, respectively, and these participants hide their secret shares in quantum states which were acted the unitary transformations.Then, the participants in the subsets recovered the secret with the aid of the classical model. Finally, this scheme is more economical in terms of quantum resources compared to the same type of schemes, and the scheme is simpler and more efficient.

    Figures and Tables | References | Related Articles | Metrics
    A QKD-Based Multiparty Byzantine Consensus Agreement
    XIE Sijiang, CHENG Andong, GONG Pengfei
    2023, 23 (8):  41-51.  doi: 10.3969/j.issn.1671-1122.2023.08.004
    Abstract ( 209 )   HTML ( 20 )   PDF (11505KB) ( 67 )  

    The digital signature used in the classic Byzantine consensus protocol exposes its vulnerability under quantum computing attacks. Many existing quantum secure Byzantine consensus protocols use technologies such as quantum entanglement, which is costly to construct and difficult to popularize. The protocol using more mature entanglement-free quantum technology, such as quantum key distribution(QKD), ensures better practicability while resisting quantum attacks. Based on the nonentangled multiparty quantum Byzantine protocol, a multiparty Byzantine consensus protocol based on QKD was proposed by adding bulletin boards, changing the consensus process, and using unconditionally secure MAC. Compared to the nonentangled multiparty quantum Byzantine protocol, it fixes three security risks, reduces the use of QKD-generated keys, increases the consensus target from detectable Byzantine agreement(DBA) to Byzantine agreement(BA), and maintains the tolerance for any number of Byzantine nodes, which improves security, scalability, and operational efficiency.

    Figures and Tables | References | Related Articles | Metrics
    Secure Sharing of Power Application Data Based on Blockchain
    QIN Sihang, DAI Weiqi, ZENG Haiyan, GU Xianjun
    2023, 23 (8):  52-65.  doi: 10.3969/j.issn.1671-1122.2023.08.005
    Abstract ( 198 )   HTML ( 21 )   PDF (19175KB) ( 143 )  

    With the development of power network intelligence, massive business data is scattered in different power equipment or databases, and due to the importance and privacy of power data, the sharing security of power agency data has become a problem. At present, business data is stored in clear text in centralized data nodes, which has the disadvantages of poor security and difficult circulation control. In view of the above problems, this paper proposed a secure sharing mechanism of power application data based on blockchain. Security in data flow was improved through attribute-based access control mechanisms to avoid multiple encryption during one-to-many data sharing. The blockchain distributed ledger was used to protect the security of private data such as data identification, encryption policies, user identities and attribute passwords, and to prevent users from defrauding the access control mechanism by tampering with attribute information according to smart contract audits. After testing and analyzing the system, the blockchain smart contract can realize the data flow control between institutions, and has the ability to track and trace and find anomalies. The on-chain delay of data identification on the blockchain network built on the HyperLedger Fabric framework is between 60 ms and 100 ms, and the TPS greater than 400.

    Figures and Tables | References | Related Articles | Metrics
    Research on Adversarial Machine Learning-Based Network Intrusion Detection Method
    SHEN Hua, TIAN Chen, GUO Sensen, MU Zhiying
    2023, 23 (8):  66-75.  doi: 10.3969/j.issn.1671-1122.2023.08.006
    Abstract ( 231 )   HTML ( 39 )   PDF (13255KB) ( 145 )  

    The diversity of attack categories and uneven distribution of numbers in network attack data result in the weak generalization ability of existing machine-learning algorithm-based network intrusion detection models for some types of attacks, and the vulnerability of deep learning models to adversarial examples leads to many constraints on the application of deep learning models in network intrusion detection. In this paper, we first proposed a random subspace-based intrusion detection model named BAVE-ELM (Bat Algorithm Voting Ensemble Extreme Learning Machines), which better balanced the generalization ability and false alarm rate of the model. Then, by using BAVE-ELM as a kind of base classifier, an adaptive ensemble-based network intrusion detection model named EA-NIDS (Ensemble Adaptive Network Intrusion Detection System) was proposed, which could significantly enhance the generalization ability of the detection model against various attacks. Finally, we proposed an adversarial machine learning-based network intrusion detection method, which significantly improved the robustness of the model by introducing adversarial training in EA-NIDS. The experimental results indicate that the proposed method can enhance the detection performance and generalization of network intrusion detection effectively, and the robustness of machine learning-based network intrusion detection models against adversarial attacks can be significantly improved without affecting its detection accuracy.

    Figures and Tables | References | Related Articles | Metrics
    Research on Intrusion Detection Mechanism Optimization Based on Federated Learning Aggregation Algorithm under Consortium Chain
    PENG Hanzhong, ZHANG Zhujun, YAN Liyue, HU Chenglin
    2023, 23 (8):  76-85.  doi: 10.3969/j.issn.1671-1122.2023.08.007
    Abstract ( 162 )   HTML ( 16 )   PDF (12108KB) ( 93 )  

    In recent years, federated learning has received widespread attention because it can train and aggregate intrusion detection models while protecting user privacy. As an efficient and controllable distributed ledger technology, consortium blockchain is combined with federated learning technology and applied to multi-node intrusion detection scenarios. However, the algorithm for aggregating intrusion detection models based on federated learning under traditional consortium chains has defects, such as the inability to dynamically adjust aggregation algorithm parameters based on network environment, resulting in high communication costs. Therefore, this paper designed an adaptive federated learning aggregation algorithm based on the consortium chain network environment, dynamically adjusting the intrusion detection model aggregation interval, which balancing the model accuracy and communication cost. Theoretical analysis and experimental results show that, compared with traditional federated learning aggregation algorithms, the intrusion detection model aggregation process in this study reduces the system communication cost while ensuring model accuracy, improves model aggregation efficiency, and has good application prospects.

    Figures and Tables | References | Related Articles | Metrics
    Multi-Source Heterogeneous Data Collaboration via Private Set Intersection
    DING Jiang, ZHANG Guoyan, WEI Zichong, WANG Mei
    2023, 23 (8):  86-98.  doi: 10.3969/j.issn.1671-1122.2023.08.008
    Abstract ( 150 )   HTML ( 16 )   PDF (16823KB) ( 147 )  

    The main point of multi-source heterogeneous data fusion is the low value density and dispersion of data. The multi-source heterogeneity of data increases the difficulty of data aggregation, leading to extreme fragmentation of data value, making data fusion methods to face multi-source heterogeneous big data with no target, and unable to effectively correlate data with fragmented value. Private Set Intersection (PSI) not only enables data providers to provide data with peace of mind, but also effectively integrates the value of heterogeneous data from multiple sources, and mines effective data to carry out data fusion work as a new tool. To this end, the article gave three new ideas for the fusion of heterogeneous data from multiple sources with respect to three types of problems: integration of heterogeneous data, multiple sources of data, and parallel processing of large-scale data.

    Figures and Tables | References | Related Articles | Metrics
    Directed Fuzzing Based on Dynamic Time Slicing and Efficient Mutation
    ZHONG Yuanxin, LIU Jiayong, JIA Peng
    2023, 23 (8):  99-108.  doi: 10.3969/j.issn.1671-1122.2023.08.009
    Abstract ( 124 )   HTML ( 25 )   PDF (11143KB) ( 77 )  

    Directed grey box fuzzing (DGF) is a novel technology in the field of vulnerability mining whose biggest advantage is high efficiency. DGF has been widely used in many fields such as patch testing, information flow detection, and crash reproduction. However, there are two problems with existing DGF technologies. First, traditional DGF does not consider that long-path seeds can also trigger vulnerabilities, and does not consider the priority of seeds. Second, strong random mutation wastes a lot of resources, thereby reducing the efficiency of directed fuzzing. This paper proposed a directed grey-box fuzzing method based on dynamic time slicing and efficient mutation. Firstly, this paper proposed a dynamic time slicing strategy, which divided time into three stages, including indiscriminate exploration stage, short-path priority stage and long-path priority stage, and also applied a simulated annealing algorithm based on the execution frequency of seed paths for energy distribution. Secondly, the ε-greedy algorithm was also used to guide the havoc stage of the mutation process to improve the mutation efficiency. Based on these three strategies, this paper implements a system called DyFuzz and compares it with AFLGo on 8 real datasets, which can effectively improve the probability and speed of triggering vulnerabilities, cover more edges and trigger more crashes.

    Figures and Tables | References | Related Articles | Metrics
    An Improved Weighted Byzantine Fault Tolerance Algorithm for Cross-Chain System
    SHAO Zhenzhe, JIANG Jiajia, ZHAO Jiahao, ZHANG Yushu
    2023, 23 (8):  109-120.  doi: 10.3969/j.issn.1671-1122.2023.08.010
    Abstract ( 141 )   HTML ( 11 )   PDF (13371KB) ( 62 )  

    The relay chain is one of the widely recognized cross-chain technologies. Currently, practical Byzantine fault tolerance and its improved algorithms, such as weighted practical Byzantine fault tolerance(WPBFT), are mostly used in cross-chain scenarios. WPBFT attaches weights to nodes to reduce the impact of malicious nodes, but its weight update mechanism is simple, in which the cost of evil is low, thus threatening the security of the whole system. To solve the problem, an improved practical weighted Byzantine fault tolerance(IWPBFT) was proposed for relay chains with safety and efficiency requirements, which improved the consensus process and weight change mechanism of WPBFT. This algorithm proposed a new weight update mechanism and node reward and punishment mechanism. Experiments show that the leader node has a lower error rate and a higher consensus success rate. IWPBFT improves the security, reliability, and fault tolerance of the relay chain, reduces the delay, and improves the cross-chain efficiency of the relay chain.

    Figures and Tables | References | Related Articles | Metrics
    Exploration and Practice of Security Protection of Critical Information Infrastructure of Water Conservancy
    FU Jing
    2023, 23 (8):  121-127.  doi: 10.3969/j.issn.1671-1122.2023.08.011
    Abstract ( 131 )   HTML ( 28 )   PDF (9477KB) ( 125 )  

    Water conservancy is one of the important industries of national critical information infrastructure, so it is very urgent and necessary to carry out water conservancy research and application of network security protection. This paper expounded the laws, regulations and standard requirements for the security protection of critical information infrastructure of water conservancy, and summarized the protection basis and the risks and challenges faced by the water conservancy industry. On this basis, a comprehensive water conservancy network security system was proposed that focused on improving the organizational management system, innovating the security technology system, strengthening the supervision and inspection system, which standardizing the security operation system, and improving the four capabilities of monitoring and early warning, defense in depth, emergency response, and actual combat confrontation. At the same time, this paper proposed critical technical paths and applications such as network IPv6 upgrade, domestic password data protection, and water conservancy industrial control partition management and control, which can provide guidance and reference for the construction of industry network security.

    Figures and Tables | References | Related Articles | Metrics