Loading...
Netinfo Security

Table of Content

    10 October 2023, Volume 23 Issue 10 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    A Hybrid Method of Joint Entropy and Multiple Clustering Based DDoS Detection in SDN
    WANG Zhi, ZHANG Hao, Jason GU
    2023, 23 (10):  1-7.  doi: 10.3969/j.issn.1671-1122.2023.10.001
    Abstract ( 315 )   HTML ( 52 )   PDF (8370KB) ( 259 )  

    Software Defined Networking (SDN), an emerging networking paradigm, has introduced more severe Distributed Denial of Service attacks (DDoS) along with convenience. Existing works typically use machine learning models to detect DDoS attacks, but ignore the additional overhead that models impose on SDN controllers. In order to detect DDoS attacks more efficiently and accurately, this paper adoptd a strategy of multi-level detection modules: the first-level module detectd suspicious traffic by calculating the joint entropy of the traffic in the current window; the second-level module used a semi- supervised model that used techniques such as feature selection, multi-training algorithms, and multiple clustering to improve detection performance by training multiple local models. Compared with other existing models, this model performs best on multiple data sets and has better detection accuracy and generalization ability.

    Figures and Tables | References | Related Articles | Metrics
    Research on DGA Malicious Domain Name Detection Method Based on Transfer Learning and Threat Intelligence
    YE Huanrong, LI Muyuan, JIANG Bo
    2023, 23 (10):  8-15.  doi: 10.3969/j.issn.1671-1122.2023.10.002
    Abstract ( 226 )   HTML ( 34 )   PDF (9615KB) ( 158 )  

    Domain name generation algorithms have been widely used in various types of cyber attacks, which have the characteristics of rapid sample change, many variants, and difficult to obtain, leading to low detection accuracy and poor warning capability of existing traditional models. To address this situation, a DGA malicious domain detection method based on transfer learning and threat intelligence was proposed, which extracted malicious domain context and semantic relationship features by building a combined model of bidirectional long short-term memory neural network and Transformer, pre-trains by using a publicly available large-sample malicious domain dataset, and transfered the training parameters to a new unknown small-sample malicious domain of APT organizations held by threat intelligence for model detection performance testing. The experimental results show that the model can achieve an average detection accuracy of 96.14% in a small-sample dataset of malicious domains used by APT organizations, and the detection performance is good.

    Figures and Tables | References | Related Articles | Metrics
    A Log Anomaly Detection Method with Variables
    ZHANG Yuchen, LI Lianghui, MA Chenyang, ZHOU Hongwei
    2023, 23 (10):  16-20.  doi: 10.3969/j.issn.1671-1122.2023.10.003
    Abstract ( 150 )   HTML ( 22 )   PDF (6116KB) ( 123 )  

    In order to fully tap the potential of variables in logs and optimize the effectiveness of log anomaly detection, this paper proposed a novel log anomaly detection method SiEv with the variables. Firstly, this method identified the subject variable in the log, and divided the log into different fragments based on the subject variable. Then, SiEv took these fragments as input for LSTM to avoid mutual interference between log sequence features of different subjects. Finally, according to different log fragments, SiEv was able to be divided into multiple categories to detect logs with the view of different perspectives. To verify the effectiveness of the method, SiEv was tested with the log dataset provided by the Loghub. The experimental results indicate that SiEv is able to detect anomalies in various types of logs, identify the activity behavior patterns and trends of the same subject.

    Figures and Tables | References | Related Articles | Metrics
    A Malicious SMS Detection Method Blending Adversarial Enhancement and Multi-Task Optimization
    TONG Xin, JIN Bo, WANG Binjun, ZHAI Hanming
    2023, 23 (10):  21-30.  doi: 10.3969/j.issn.1671-1122.2023.10.004
    Abstract ( 113 )   HTML ( 12 )   PDF (11574KB) ( 46 )  

    Existing malicious SMS detection methods often focus on improving the detection accuracy or speed, ignoring the security problems of the model itself, thus likely to suffer from adversarial examples attack in real-world scenarios. To alleviate this pain point, this paper proposed a malicious SMS detection model that blended adversarial enhancement and multi-task optimization. During the input stage, a random matching pool was used to generate “original text-adversarial example” pairs as input, and the semantic type encoding technique was adopted to help the model distinguish the data boundaries. Then, a single-tower neural network based on ChineseBERT was used as the backbone model to excavate the semantic, pinyin, and glyph features of the SMS. In the output stage, the supervised classification cross-entropy loss and the unsupervised input consistency loss were used as multi-task optimization objectives to help the model learn the correlated features of text pairs and complete the classification. Experimental results based on the public datasets show that the proposed method outperforms a variety of machine learning and deep learning detection methods in terms of accuracy and robustness.

    Figures and Tables | References | Related Articles | Metrics
    Design of Ransomware Defense System Based on Fine-Grained Access Control Scheme
    ZHU Yixin, MIAO Zhangwang, GAN Jinghong, MA Cunqing
    2023, 23 (10):  31-38.  doi: 10.3969/j.issn.1671-1122.2023.10.005
    Abstract ( 121 )   HTML ( 13 )   PDF (10027KB) ( 114 )  

    Ransomware has become one of the most dominant forms of cybercrime, endangering the security of public society. The goal of this paper is to defend against ransomware to protect the security of host file resources, but current defense schemes using access control schemes still have defects such as too coarse authorization granularity, inflexible permission management, and inability to properly handle exceptions. In this paper, a ransomware defense scheme based on fine-grained access control, which includes three main functions, firstly, fine-grained dynamic access control to the file system was proposed. Secondly program intent analysis by context. Finally hierarchical confirmation of exceptions. This paper implements a prototype of the scheme, which can effectively intercept the file behavior of ransomware after analysis and reduce the damage caused by ransomware.

    Figures and Tables | References | Related Articles | Metrics
    Design of an End-to-Cloud Trusted Transmission Solution for Location Information
    ZHANG Lu, TU Chenyang, MIAO Zhangwang, GAN Jinghong
    2023, 23 (10):  39-47.  doi: 10.3969/j.issn.1671-1122.2023.10.006
    Abstract ( 107 )   HTML ( 24 )   PDF (10707KB) ( 75 )  

    Due to the deep integration and development of BeiDou navigation technology and mass consumer applications, the importance of location information has become increasingly prominent, but most applications have not fully protected the location information. The traditional Cryptography solutions with high computational complexity cannot be directly used in the resource constrained BeiDou navigation application environment, and the software execution environment of the terminal is not safe. This article was based on a dedicated BeiDou navigation chip, which utilized cryptographic and communication modules to achieve a lightweight end-to-cloud trusted transmission mechanism for location information within the chip. The mechanism protected the authenticity, integrity, and confidentiality of location information during transmission based on the TLS (Transport Layer Security) protocol concept. This solution not only minimizes the use of complex calculations, verification, and certificate management to ensure data processing performance, but also resists attacks such as man in the middle, replay, and denial of service, with a certain degree of security and robustness.

    Figures and Tables | References | Related Articles | Metrics
    A Multi-View Hardware Trojan Detection Method Based on Static Analysis
    CHEN Xingren, XIONG Yan, HUANG Wenchao, FU Guilu
    2023, 23 (10):  48-57.  doi: 10.3969/j.issn.1671-1122.2023.10.007
    Abstract ( 119 )   HTML ( 20 )   PDF (12786KB) ( 81 )  

    With the globalization of the integrated circuit industry, a significant portion of the design, manufacturing, and testing processes has been shifted to untrusted third-party entities around the world. This has led to the potential risk of malicious circuit insertion in hardware designs by attackers, known as hardware trojans. Early detection of hardware trojans is crucial because removing them after the design or manufacturing stages can be extremely costly. Therefore, this paper presented a static analysis-based multi-view hardware trojan detection method. By analyzing Verilog code, variable data dependency graphs and variable control dependency graphs were generated to extract semantic information from multiple perspectives in hardware design. Then, this method employed multi-view representation learning to derive behavioral representation vectors for the target hardware design from different viewpoints. Finally, a multi-view fusion approach was applied to collaboratively integrate the obtained representation vectors and feed them into a classifier to detect the presence of hardware trojans in Verilog code. Experimental validation demonstrated that the presented detection method achieves accurate and comprehensive hardware trojan detection without relying on design specifications and without being limited to pattern libraries, enabling fully automated analysis of Verilog code.

    Figures and Tables | References | Related Articles | Metrics
    A Windows Malware Detection Method Based on Semantic Analysis
    WANG Yu, LYU Liangshuang, XIA Chunhe
    2023, 23 (10):  58-63.  doi: 10.3969/j.issn.1671-1122.2023.10.008
    Abstract ( 168 )   HTML ( 36 )   PDF (7054KB) ( 130 )  

    Windows malware has posed a serious threat to personal, enterprise, and national security. In order to detect new malware effectively and analyze the working mechanism of malware in depth, this paper proposed a Windows malware detection method based on semantic analysis. The proposed method extracted the API call dependency graph as the low-level behavior feature of the software by leveraging symbolic execution technology. Subsequently, this graph was mapped to the attack techniques in the adversarial tactics, techniques, and common knowledge (ATT & CK) framework through pattern discovery and matching methods, which could reflect the behavioral semantics of malware. Moreover, in this paper, a support vector machine classifier was built, and the attack technique features were used as inputs for the classifier to perform training and testing. Experimental results indicate that the proposed method can effectively discover new malware.

    Figures and Tables | References | Related Articles | Metrics
    Research and Implementation on Abnormal Behavior Detection Technology of Virtualization Platform Based on HPC
    XING Lingkai, ZHANG Jian
    2023, 23 (10):  64-69.  doi: 10.3969/j.issn.1671-1122.2023.10.009
    Abstract ( 87 )   HTML ( 8 )   PDF (6778KB) ( 53 )  

    This paper proposed a dynamic detection method based on Hardware Performance Counter(HPC) and ensemble learning to solve the abnormal behavior detection problem of virtualization platform. This method collected HPC values of samples running on the KVM virtualization platform, and used feature importance scores generated during RF learning to filter features, so as to improve the accuracy of RF classification model and realized anomaly detection. This paper collected 1040 benign program samples and 1040 malicious program samples on the platform, and selected 8 important HPC events to judge malicious samples in the feature selection stage. The experimental results show that the RF classification model after feature selection can reach 95.38% accuracy on the test set, which has higher accuracy and stability than the similar model before feature selection and other traditional machine learning models. The method proposed in this paper can effectively detect the abnormal behavior on the virtualization platform

    Figures and Tables | References | Related Articles | Metrics
    Research on Feature Extraction Technology of Electronic Medical Record Data Based on Neural Networks
    QIN Yifang, ZHANG Jian, LIANG Chen
    2023, 23 (10):  70-76.  doi: 10.3969/j.issn.1671-1122.2023.10.010
    Abstract ( 142 )   HTML ( 17 )   PDF (9091KB) ( 88 )  

    With the implementation of laws and regulations such as “Data Security Law of the People’s Republic of China”, data security is becoming increasingly important. Electronic medical records contain sensitive personal information such as citizens’ medical and health care. In order to protect the safety of the data, this paper studied the feature extraction technology of the data to provide technical support for the implementation of data security protection. This paper proposed a feature extraction method for electronic medical record data based on deep neural networks. Using generative adversarial networks, a small amount of electronic medical record data was expanded to a larger dataset through text generation methods. Then, the convolutional neural networks were used for feature extraction, and the classification results were generated by the classifier to detect and recognize the electronic medical record data. The experimental results show that this method has a good feature extraction effect for electronic medical record data.

    Figures and Tables | References | Related Articles | Metrics
    Detection and Identification Model of Gambling Websites Based on Multi-Modal Data
    ZHAO Xinhe, XIE Yongheng, WAN Yueliang, WANG Jinmiao
    2023, 23 (10):  77-82.  doi: 10.3969/j.issn.1671-1122.2023.10.011
    Abstract ( 169 )   HTML ( 33 )   PDF (7382KB) ( 110 )  

    This paper proposed a gambling website detection and recognition model based on multimodal data. Firstly, it constructed a Bert feature extraction model based on text features and a VGG19 feature extraction model based on image features; secondly, the method improved the classification effect of gambling website detection and recognition based on feature fusion and changing the loss function; lastly, this paper validated the method on self-constructed positive and negative samples of 1:5, 1:10, and 1:20 datasets. The experimental results indicate that the more obvious the imbalance of positive and negative samples is, the more obvious the advantage of the proposed method is, and it can detect and recognise gambling websites well.

    Figures and Tables | References | Related Articles | Metrics