Loading...
Netinfo Security

Table of Content

    10 December 2023, Volume 23 Issue 12 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    Brand-Specific Phishing Expansion and Detection Solutions
    WEN Weiping, ZHU Yifan, LYU Zihan, LIU Chengjie
    2023, 23 (12):  1-9.  doi: 10.3969/j.issn.1671-1122.2023.12.001
    Abstract ( 228 )   HTML ( 50 )   PDF (11070KB) ( 203 )  

    In recent years, both the number of phishing attacks and the losses caused by them have been increasing, and phishing attacks have become one of the main network security threats that people face. Currently, many phishing detection methods have been proposed to defend against phishing attacks, but most of the known phishing detection methods are passive detection and are prone to cause a large number of false positives. In response to the above issues, this paper proposed a phishing expansion method. Firstly, according to the phishing website information, it was analyzed in a multi-dimensional manner, and other related websites were obtained, so as to find more phishing websites that have not been discovered yet. Then, aiming at the visual counterfeiting characteristics of phishing websites, this paper proposed a phishing detection method based on deep learning, cutting the screenshots to obtain the area judged as a logo, and using EfficientNetV2 to mine visual counterfeiting characteristic. Finally, conducted a comprehensive evaluation of suspected phishing websites to reduce the false positive rate. The effectiveness of the method proposed in this paper was proved by the experimental verification of the existing phishing websites.

    Figures and Tables | References | Related Articles | Metrics
    A Hierarchical Federated Learning Framework Based on Shared Dataset and Gradient Compensation
    LIU Jiqiang, WANG Xuewei, LIANG Mengqing, WANG Jian
    2023, 23 (12):  10-20.  doi: 10.3969/j.issn.1671-1122.2023.12.002
    Abstract ( 169 )   HTML ( 19 )   PDF (11344KB) ( 137 )  

    Federated learning(FL) enables vehicles to locally retain data for model training, enhancing privacy. However, due to variations in conditions such as onboard sensors and driving routes, vehicles participating in FL may exhibit different data distributions, thereby reducing model generalization and increasing convergence challenges. To ensure real-time performance, asynchronous stochastic gradient descent(SGD) techniques widely employes in Internet of vehicle. Nevertheless, the issue of gradient delay can lead to inaccuracies in model training. To address these challenges, this paper proposes a layered FL framework based on shared datasets and gradient compensation. The framework utilized shared datasets and an aggregation method weighted by ReLU values to reduce model bias. Additionally, it employed a Taylor expansion approximation of the original loss function using the gradient function to compensate for asynchronous SGD. Experimental results on the MNIST and CIFAR-10 datasets indicate that compared to FedAVG, MOON, and HierFAVG, the proposed method achieves an average accuracy improvement of 13.8%, 2.2%, and 3.5%, respectively. The time cost is only half that of both synchronous SGD and asynchronous SGD.

    Figures and Tables | References | Related Articles | Metrics
    Endogenous Security Methods for Container Cloud Based on IPv6
    LI Dong, YU Junqing, WEN Ruibin, XIE Yiding
    2023, 23 (12):  21-28.  doi: 10.3969/j.issn.1671-1122.2023.12.003
    Abstract ( 116 )   HTML ( 23 )   PDF (9409KB) ( 94 )  

    Container is increasingly used in cloud computing resource management in data center because of its low resource consumption, high resource utilization, fast startup speed, and strong elasticity. Relevant studies have shown that current container cloud lack trustwworthy access mechanism. IPv6 with large address space and high safety can establish end-to-end transparent connection and achieve trustworthy access in container platform. To solve the trustworthy issue of container cloud platform, an improved method for authenticating the real source address of IPv6 was proposed. This method embeded real user identity information into the last 64 bits of the IPv6 address. Meanwhile, to account for the highly dynamic nature of container backups, user identifier was generated based on hash and salt-add algorithm, and the data index was also embedded in the IPv6 address, replacing the original encryption method with low efficiency because of key management and linear matching. By this way, the address generation process could be optimized, the time complexity of address resolution could be reduced, and the address allocation requirements of container cloud platform can be satisfied. Experimental results show that the optimized method could improve authenticating the real source address of IPv6 efficiency by approximately 35% in the address generation stage and reduce the time complexity from O(n) to O(1) in the address tracing stage. It can adapt to highly dynamic container environment and significantly enhance the endogeous security of container cloud platform.

    Figures and Tables | References | Related Articles | Metrics
    A Malicious Code Recognition Model Fusing Image Spatial Feature Attention Mechanism
    LIU Jun, WU Zhichao, WU Jian, TAN Zhenhua
    2023, 23 (12):  29-37.  doi: 10.3969/j.issn.1671-1122.2023.12.004
    Abstract ( 139 )   HTML ( 25 )   PDF (11742KB) ( 153 )  

    When converted into images, malicious software exhibits two prominent characteristics. Firstly, during the visualization process, black pixels are typically added to pad the end of the file, creating a distinct separation in the image between significant features (code part) and non-significant features (filled part). Secondly, there is a semantic feature correlation among code segments that is preserved in sequential pixel conversion. While existing models for malicious code detection have achieved reasonably good recognition results to some extent, they have not been specifically designed to leverage the unique traits of malicious code. Consequently, their capability to extract deep-level features from malicious images has been relatively weak and often requires complex model architectures. Therefore, this paper proposed a novel model for detecting malicious code that addressed two key characteristics of malicious images. Firstly by transforming original malicious code into images and applying preprocessing techniques. Secondly by utilizing an FA-SA module for extracting key features along with two FA-SeA modules for capturing pixel-wise correlations. This model not only simplifies the architecture but also enhances its capability for deep-level feature extraction thereby improving detection accuracy. On the Malimg dataset, our model achieves an accuracy of 96.38%, representing a 3.56% improvement compared to previous CNN-based models. Experimental results highlight the effectiveness of designing network models based on the characteristics of malicious images with significant contributions from our proposed fusion attention module towards enhancing recognition performance.

    Figures and Tables | References | Related Articles | Metrics
    MI-PUF-Based Secure Authentication Protocol for V2X Communication
    TAN Weijie, YANG Yuting, NIU Kun, PENG Changgen
    2023, 23 (12):  38-48.  doi: 10.3969/j.issn.1671-1122.2023.12.005
    Abstract ( 109 )   HTML ( 11 )   PDF (12843KB) ( 70 )  

    Aiming at the current problem that the authentication protocols for vehicle-to-infrastructure (V2I) and vehicle-to-vehicle (V2V) communication in V2X have high computational overheads and are vulnerable to attacks by attackers impersonating legitimate identities, a secure authentication protocol for V2X communication based on the Map-Index physical unclonable function (MI-PUF) is proposed. By introducing PUF to reduce the computational and communication costs of vehicles with its lightweight computing characteristics, the protocol solves the problem of identity impersonation attack with the help of PUF’s unclonable characteristics, and effectively solves the problem of machine learning attack by constructing a key-map and a hash function to process the output signal of PUF. The security under the Dolve-Yao model is verified using the formal verification tool AVISPA, and the protocol can provide basic security for V2I and V2V communication.

    Figures and Tables | References | Related Articles | Metrics
    Image Encryption Algorithm Based on Cascade Chaotic System and Quantum Baker Map
    LIU Xingbin, LIU Cong
    2023, 23 (12):  49-58.  doi: 10.3969/j.issn.1671-1122.2023.12.006
    Abstract ( 85 )   HTML ( 15 )   PDF (12434KB) ( 69 )  

    Quantum image encryption can greatly improve the efficiency with help of quantum entanglement and superposition characteristics, and has advantages over traditional image encryption algorithms in ensuring the security of information transmission. Aiming at the problem that quantum images could not be fully scrambled and confused only in the spatial domain or the transform domain, a scramble and confusion method combining the spatial domain and the transform domain was proposed. Firstly, the positions of image pixels were scrambled in spatial domain by quantum Baker map. Secondly, the gray information of pixels in spatial domain was changed by the rotation of quantum bits. The rotation angle was determined by the pseudo-random sequence generated by the cascade chaotic system. Then, the quantum state in the spatial domain was converted to the Fourier transform domain, and the quantum bits were rotated in the Fourier domain. Finally, the information in the transform domain was converted to the spatial domain by the inverse quantum Fourier transform to obtain the ciphertext image. Because the Baker map has a longer period, the key space of the proposed algorithm is larger. In addition, the rotation parameter generation based on the cascade chaotic system can reduce the burden of keys transmission. Numerical simulation results verify the security and effectiveness of the proposed algorithm, and the complexity is superior to the classical image encryption algorithm.

    Figures and Tables | References | Related Articles | Metrics
    An Advanced Persistent Threat Detection Method Based on Attack Graph
    GAO Qingguan, ZHANG Bo, FU Anmin
    2023, 23 (12):  59-68.  doi: 10.3969/j.issn.1671-1122.2023.12.007
    Abstract ( 150 )   HTML ( 33 )   PDF (12823KB) ( 101 )  

    Aiming at the problem that traditional intrusion detection tools can’t detect advanced persistent threat (APT) attacks and threat alert fatigue, this paper proposed an advanced persistent threat detection method based on attack graph, which generated attack graph according to network topology, vulnerability report and other information to analyze the attacker’s behavior in advance, which effectively combated the threat alert fatigue problem. Combining adversarial tactics, techniques and common knowledge (ATT&CK) model and APT attack three-phase detection model, a scoring algorithm for missing path matching was designed to analyze and detect APT attacks from the global perspective. At the same time, a multi-attack entity association method based on grey list was designed to ensure the accuracy of the generated APT attack evidence chain. In this paper, experiments were carried out on public data sets, and the results show that ADBAG can effectively detect APT attacks and APT attacks that exploit zero-day vulnerabilities, and further locate the scope of attacks.

    Figures and Tables | References | Related Articles | Metrics
    Review of Federal Learning and Offensive-Defensive Confrontation
    YANG Li, ZHU Lingbo, YU Yueming, MIAO Yinbin
    2023, 23 (12):  69-90.  doi: 10.3969/j.issn.1671-1122.2023.12.008
    Abstract ( 198 )   HTML ( 34 )   PDF (26484KB) ( 159 )  

    With the continuous development of machine learning technology, personal privacy issues have attracted widespread attention. Centralized learning is subject to a considerable degree of constraints due to the fact that user data is sent to the central node. Therefore, federal learning as a data can be completed locally. The framework of model training came into being. However, the federated learning mechanism will still be affected by various attacks and reduce the security and privacy. This paper started with the basic definition of federal learning, and then analyzed and summarized the threats and defense means in federal learning from two aspects of confidentiality and integrity. Finally, through these problems, the future development direction of this field was discussed.

    Figures and Tables | References | Related Articles | Metrics
    A Real-Time Anomaly Detection System for Container Clouds Based on Unsupervised System Call Rule Generation
    WU Shenglin, LIU Wanggen, YAN Ming, WU Jie
    2023, 23 (12):  91-102.  doi: 10.3969/j.issn.1671-1122.2023.12.009
    Abstract ( 120 )   HTML ( 22 )   PDF (14443KB) ( 79 )  

    Container technology is currently one of the mainstream technologies in cloud computing. Compared with virtual machines, containers have significant advantages such as fast startup, high portability, and high scalability. However, the lower resource isolation and shared kernel characteristics introduce new security risks to containers and cloud platforms, which can easily lead to serious threats such as resource appropriation, data leakage, and host hijacking. To achieve security and observability of container cloud platform, this paper proposed a container cloud real-time anomaly detection system based on unsupervised system call filtering rule generation, which collected system call behavior data of containers in the cluster through agentless mode, then mined filtering rules online through a method that applied to system call data and focuses on specific parameters, and finally adapted the original rules to specific rule engines, thus achieving real-time anomaly detection. The experimental results show that this system can correctly mine comparatively accurate syscall templates and convert them into corresponding detection rules, and the detection effect is basically consistent with manually written rules.

    Figures and Tables | References | Related Articles | Metrics
    Controllable and Supervised Privacy Protection Scheme for Blockchain Organization Transaction Based on Attribute Encryption
    LI Jiahui, QIN Sujuan, GAO Fei, SUN Dongxu
    2023, 23 (12):  103-112.  doi: 10.3969/j.issn.1671-1122.2023.12.010
    Abstract ( 121 )   HTML ( 10 )   PDF (11559KB) ( 89 )  

    Blockchain technology has broad application prospects, and has been widely deployed in the financial industry, supply chain, and digital assets. However, in practical applications, since the blockchain data is public, private information may be leaked in some cases, and there are still some challenges in privacy protection in the blockchain. In an organization-based blockchain system, in order to meet the cooperation within or between organizations, it is necessary to control access to transaction content while protecting privacy to achieve controllable privacy protection. While protecting user privacy, blockchain also needs to be supervised to protect the legality and security of data. Therefore, this paper proposed a controllable and supervised privacy protection scheme for blockchain multi-organization transactions based on attribute encryption. The scheme did not rely on a specific privacy protection method, and used attribute-based encryption to control access to privacy protection trapdoors, which could be used as an independent module. This scheme allowed trading organizations to control the scope of privacy protection on their own, and the supervisory department could assign different supervisors according to different trading organizations. Experimental analysis shows that the scheme realizes the controllable privacy protection and multi-regulator hierarchical supervision of multi-organization transactions in the blockchain, and has high security and high performance at the same time.

    Figures and Tables | References | Related Articles | Metrics