Loading...
Netinfo Security

Table of Content

    10 February 2024, Volume 24 Issue 2 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    New Research Progress on Intrusion Detection Techniques for the Internet of Things
    FENG Guangsheng, JIANG Shunpeng, HU Xianlang, MA Mingyu
    2024, 24 (2):  167-178.  doi: 10.3969/j.issn.1671-1122.2024.02.001
    Abstract ( 232 )   HTML ( 55 )   PDF (15179KB) ( 373 )  

    Compared to traditional intrusion detection mechanisms, the intelligent intrusion detection technology can fully extract data features, demonstrating higher detection efficiency, however, it also imposes greater demands on data sample labels. Considering data sample labels, this article provided a comprehensive review of the latest developments in the intrusion detection technology for the Internet of things(IoT) from the perspectives of supervised and unsupervised learning. Firstly, it outlined signature-based intrusion detection methods and analyzed recent traditional machine learning based intrusion detection methods based on the classification of supervised and unsupervised learning. Then, it analyzed recent deep learning based intrusion detection methods based on supervised, unsupervised, generative adversarial network, and deep reinforcement learning, respectively. Finally, it summarized the research challenges and future trends in the IoT intrusion detection technology.

    Figures and Tables | References | Related Articles | Metrics
    An Identity Authentication Method Based on SM9 and Blockchain in the IoT Environment
    ZHAI Peng, HE Jingsha, ZHANG Yu
    2024, 24 (2):  179-187.  doi: 10.3969/j.issn.1671-1122.2024.02.002
    Abstract ( 116 )   HTML ( 17 )   PDF (10303KB) ( 276 )  

    Terminal devices in the Internet of Things (IoT) environment need to identify and authenticate each other to ensure network security and data security, and authentication is the first line of defense for IoT security, and the existing traditional public key cryptosystem (PKI) is cumbersome and computationally intensive, which can not satisfy the resource-constrained, open, and distributed IoT environment well. In this paper, a blockchain-based two-way authentication scheme for IoT terminals was designed based on the SM9 identity cryptography algorithm, which could greatly satisfy the confidentiality and unforgeability based on the assumptions of the computational Diffie-Hellman hard problem, the q-Diffie-Hellman inverse problem, and the bilinear Diffie-Hellman hard problem, and was more in line with the practical application environment of the IoT. The scheme adopted the device identity as the public key, which simplified the key distribution management process. In addition, the blockchain, as a decentralized underlying storage database used to record information such as keys, certificates, signatures, etc., could be used to carry out credible endorsement for the authentication process. Through performance and Proverif formalized security analysis, and comparing several current mainstream authentication methods, the scheme can meet the time, performance and security requirements in the IoT environment.

    Figures and Tables | References | Related Articles | Metrics
    Efficient and Secure Certificateless Aggregate Signature Scheme in Vehicle Networks
    GU Yanyan, SHEN Limin, GAO Chenxu, ZHU Ting
    2024, 24 (2):  188-202.  doi: 10.3969/j.issn.1671-1122.2024.02.003
    Abstract ( 82 )   HTML ( 22 )   PDF (16847KB) ( 152 )  

    Certificateless cryptography not only eliminates the key escrow problem inherent in ID-based cryptography, but also maintains the advantages of ID-based cryptography that does not need public key certificate. In order to ensure the integrity, authenticity, validity and immediacy of the communication between vehicles in the VANETs system, this paper proposed a certificateless aggregate signature scheme without bilinear pairing and the scheme could resist coalition attacks. In the random oracle model, the security of the algorithm was rigorously proved based on the elliptic curve discrete logarithm problem and bifurcation lemma. The performance and efficiency analysis show that the scheme is effective, it can ensure the integrity and authenticity of communication data, reduce bandwidth and storage overhead, and improve the verification efficiency.

    Figures and Tables | References | Related Articles | Metrics
    New Progress in Research and Application of Chaotic Cryptography Theory
    ZHAO Geng, MA Yingjie, DONG Youheng
    2024, 24 (2):  203-216.  doi: 10.3969/j.issn.1671-1122.2024.02.004
    Abstract ( 98 )   HTML ( 14 )   PDF (19845KB) ( 92 )  

    The research on chaotic cryptography mainly includes chaotic sequence cryptography, chaotic block cryptography, and chaotic public key cryptography. Chaotic sequence cryptography has the characteristics of simple software and hardware implementation, fast encryption and decryption processing speed, and no or only limited error propagation. The research achievements in the design of chaotic sequence ciphers are extremely fruitful, but their security analysis generally stays at the stage of statistical verification analysis, and there are few proofs and analyses of provable security or other conditional security. Therefore, proving the security of chaotic ciphers has become an urgent research gap in this field that needs to be filled. The research on chaotic block cipher is quite mature, but the overall structures used are generally limited by the types of cryptographic structures: Feistel structure, SPN structure, Lai-Massey, and others(mostly deformations and improvements of the basic structures). Therefore, building an innovative cryptographic architecture that breaks the traditional structures has become one of the key issues that chaotic block ciphers urgently need to solve. The research on chaotic public key cryptography is relatively weak. The chaotic public key cryptography algorithm that combines the unique cryptographic characteristics of chaotic systems with public key cryptography not only has theoretical research significance but also has practical application value. Chaos systems are also widely used in secure communication fields such as communication transmission, speech encryption, image encryption, and spread spectrum communication. The implementation of electrical and optical chaotic systems is simple, and their computational complexity does not significantly increase with the increase of key space. It can provide security protection for different scenarios such as wireless communication, physical layer link security, and application layer data security.

    Figures and Tables | References | Related Articles | Metrics
    A Task Allocation Method for Unmanned Clusters Based on Dynamic Overlapping Coalition Toward Heterogeneous Composite Tasks
    YAO Changhua, CHENG Tianyuan, QU Yuben, SU Ting
    2024, 24 (2):  217-228.  doi: 10.3969/j.issn.1671-1122.2024.02.005
    Abstract ( 61 )   HTML ( 6 )   PDF (14340KB) ( 20 )  

    Due to the diversity of platform characteristics, intelligent unmanned clusters have good resource allocation space and functional flexibility, and can respond to complex and ever-changing task requirements. However, most existing researches have not considered practical needs such as the heterogeneity and correlation of tasks, and their task allocation methods still lack adaptability to the requirements and resources, as well as dynamic response capabilities for cluster collaboration. This paper proposed a dynamic response overlapping coalition task allocation architecture for unmanned cluster systems to address problems such as uneven task allocation, poor collaboration, and weak dynamic adaptability in the process of performing multi-objective tasks. The architecture considered the value, priority, and requirements of multiple coupled heterogeneous tasks, as well as the impact of task changes, to construct a coalition game model and designed a coalition formation algorithm. It distributed and coordinated the resources of different cluster members, including unmanned aerial vehicles and unmanned ground vehicles, to achieve a reasonable match between heterogeneous member resources and heterogeneous tasks. Furthermore, it can efficiently perform dynamic adjustments according to changes in tasks. Simulation results show that the proposed algorithm can adapt to dynamic task scenarios, form stable and efficient task coalitions and resource allocation results, improve the system benefits and success rate of unmanned clusters performing diverse heterogeneous tasks, and achieve collaborative task allocation optimization under dynamic conditions.

    Figures and Tables | References | Related Articles | Metrics
    A Location Privacy Protection Scheme Based on Hybrid Blockchain
    HE Yefeng, QUAN Jiahui, LIU Yan
    2024, 24 (2):  229-238.  doi: 10.3969/j.issn.1671-1122.2024.02.006
    Abstract ( 59 )   HTML ( 10 )   PDF (10513KB) ( 149 )  

    In the location privacy service of the Internet of Vehicles, mainstream models require communication through a trusted third party, but such models’ third-party servers are vulnerable to attacks by malicious users, which poses a risk of privacy leakage. Based on a hybrid blockchain, this paper proposed a new location privacy protection scheme. The scheme divided available location points on the map using longitude and latitude, and waited for users to select location points to represent their true location using K-anonymity technology to complete preliminary anonymity, and then participated in the location privacy protection service of the hybrid blockchain. Throughout the entire process of the location privacy service, user credit mechanisms and hybrid blockchain information isolation mechanisms were used to further enhance the user’s location privacy protection level. Simulation results show that compared to existing schemes, this scheme can shorten time costs.

    Figures and Tables | References | Related Articles | Metrics
    Dual Embedding Domain Based Video Robust Reversible Watermarking Algorithm
    NIU Ke, LIANG Yucheng, MENG Yifei, WANG Jingjing
    2024, 24 (2):  239-251.  doi: 10.3969/j.issn.1671-1122.2024.02.007
    Abstract ( 44 )   HTML ( 5 )   PDF (18957KB) ( 67 )  

    Aiming at the compatibility problem of robustness and reversibility of existing video watermarking algorithms, a video robust reversible watermarking algorithm based on dual-domain marking was proposed. This algorithm used traditional robust watermark splicing technology to embed watermark information in the quantized DCT coefficient domain of H.264 video coding; it used two-dimensional histogram migration technology in the motion vector domain to embed auxiliary information to achieve watermark extraction at the decoder and lossless recovery of the original video. Experimental results show that the algorithm in this paper has good invisibility. The peak signal-to-noise ratio and average structural similarity of the experimental video are 44.7537 dB and 0.9902 respectively. The bit rate expansion is all at 16.74% and below. At the same time, it is resistant to distortion attacks of different strengths. It has strong robustness. The normalized cross-correlation coefficients of experimental videos are all above 0.970, and the bit error rates are below 0.068.

    Figures and Tables | References | Related Articles | Metrics
    Analysis of Physical Layer Security Performance in RSMA Wireless Communication Systems under Eavesdropper Attacks
    HUANG Haiyan, AI Yuxin, LIANG Linlin, LI Zan
    2024, 24 (2):  252-261.  doi: 10.3969/j.issn.1671-1122.2024.02.008
    Abstract ( 52 )   HTML ( 5 )   PDF (11047KB) ( 103 )  

    This paper studied a multiple-input single-output downlink communication system based on the Rate Splitting Multiple Access (RSMA) technique. RSMA provids optimal performance by decoding the information of the intended user and treating the information of the remaining users as noise. In addition, the public information in RSMA is not only useful data for the user, but could also be used to interfere with external eavesdroppers. For practical application scenarios where users were far away from the base station, this paper proposed an RSMA-based relay cooperative transmission scheme in the presence of eavesdroppers. The transmission process was divided into two time slots: in the first time slot, the relay receives, decodes and forwards the signal; in the second time slot, the user received the signal from the relay. Each user first decoded the public message and then decoded its private message by applying successive interference cancellation (SIC). Based on this, closed expressions for the outage probability and eavesdropper intercept probability of the system under Rayleigh fading channels were derived. Finally, the correctness of the theoretical analysis was verified by Monte Carlo simulation. The simulation results show that a reasonable choice of the transmit power and the distance between nodes can effectively reduce the interruption probability of the system as well as better trade-off between the security and reliability of the system.

    Figures and Tables | References | Related Articles | Metrics
    Federated Learning Backdoor Defense Method Based on Trigger Inversion
    LIN Yihang, ZHOU Pengyuan, WU Zhiqian, LIAO Yong
    2024, 24 (2):  262-271.  doi: 10.3969/j.issn.1671-1122.2024.02.009
    Abstract ( 77 )   HTML ( 10 )   PDF (12018KB) ( 88 )  

    As an emerging distributed machine learning paradigm, federated learning realizes distributed collaborative model training among multiple clients without uploading user original data, thereby protecting user privacy. However, since the server cannot inspect the client’s local dataset in federated learning, malicious clients can embed the backdoor into the global model by data poisoning. Traditional federated learning backdoor defense methods are mostly based on the idea of model detection for backdoor defense, but ignore the inherent distributed feature of federated learning. Therefore, this paper proposed a federated learning backdoor defense method based on trigger inversion. The aggregation server and distributed clients collaborated to generate additional data using trigger reverse technology to enhance the robustness of the client’s local model for backdoor defense. Experiments on different datasets, and the results show that the proposed method can mitigate backdoor attacks effectively.

    Figures and Tables | References | Related Articles | Metrics
    An Optimal Algorithm for Traffic Scheduling in SRv6 Network Based on Deep Learning
    ZHAO Pengcheng, YU Junqing, LI Dong
    2024, 24 (2):  272-281.  doi: 10.3969/j.issn.1671-1122.2024.02.010
    Abstract ( 70 )   HTML ( 5 )   PDF (11116KB) ( 26 )  

    Current traffic scheduling methods in SRv6 network are mainly based on fixed or heuristic rules, which lack of the ability to schedule overall network traffic flexibly and are difficult to adapt to dynamic network environment changes. To address the deficiency in key flow identification within SRv6 network, the article introduced a key flow identification algorithm based on deep reinforcement learning. This approach established a key flow learning model adapted to the dynamic changes of the network, identifying sets of key flows that significantly impact network performance across various traffic matrices. In response to the challenges of traffic scheduling in SRv6 network, the article developed an optimization algorithm for traffic scheduling, rooted in key flow analysis. This algorithm employed linear programming to determine the optimal explicit path for each key flow and utilized different routing methods for ordinary flows and key flows, effectively enhancing network performance. The experimental results demonstrate that the proposed traffic scheduling algorithm leads to a significant improvement in network load balancing and a substantial reduction in network end-to-end transmission delay.

    Figures and Tables | References | Related Articles | Metrics
    Multidimensional Depth Oriented Fuzzing Method of Java Web Applications
    WANG Juan, GONG Jiaxin, LIN Ziqing, ZHANG Xiaojuan
    2024, 24 (2):  282-292.  doi: 10.3969/j.issn.1671-1122.2024.02.011
    Abstract ( 59 )   HTML ( 14 )   PDF (12926KB) ( 43 )  

    With the popularity of Java language, the security issue of these applications is becoming more and more serious. As an effective vulnerability mining method, fuzzing has been used to detect Java application vulnerabilities. However, due to the huge code scale and complex business logic of Java Web application, existing vulnerability mining tools suffer from high randomness in testing and low depth of code detection, resulting in low accuracy of vulnerability mining. To solve these problems, this paper designed and implemented a multidimensional depth oriented fuzzing method of Java Web applications. This method generated the three address codes of the application bytecode to be tested, and then obtained the corresponding inter function call graph and intra function control flow graph. According to this information, an algorithm was designed to obtain the multidimensional depth of each basic block. Then, according to the multidimensional depth and fuzzing execution time, the fuzzing guidance strategy of the system was designed, and the corresponding input structure analysis strategy, energy allocation strategy and mutation algorithm scheduling strategy were designed to improve the efficiency of fuzzing. Compared with the existing widely used fuzzing tool Peach and Kelinci, it shows that this method can achieve better vulnerability mining effect under the condition of low performance consumption.

    Figures and Tables | References | Related Articles | Metrics
    Federated Intrusion Detection Algorithm with Bilateral Correction Merging Gradient Difference
    JIN Zhigang, DING Yu, WU Xiaodong
    2024, 24 (2):  293-302.  doi: 10.3969/j.issn.1671-1122.2024.02.012
    Abstract ( 51 )   HTML ( 2 )   PDF (10284KB) ( 14 )  

    The increasingly diverse device composition and more flexible topology led to the testing of data heterogeneity and partial participation in federated intrusion detection systems, resulting in problems such as poor model generalization, over-fitting of local nodes, and catastrophic forgetting. In order to solve the above problems, this paper proposed a federated intrusion detection algorithm with bilateral correction merging gradient difference. The proposed algorithm used the gradient difference generated by node updates to correct the gradient’s update direction at both the server and the node. In the aggregation stage, the server fited the global gradient difference to correct the update direction of the global model, and used a momentum-like gradient update strategy to balance the global prior knowledge of each node and solve the problem of poor generalization. In the training stage, the node used local information, global information and historical information to correct the local model’s update direction to alleviate the problem of local over-fitting and catastrophic forgetting. The experiments by FedAvg(Federated Average) show that the proposed algorithm has excellent multi-class classification performance in a variety of federated scenarios. While protecting data privacy, the proposed algorithm effectively realizes network intrusion detection in complex federated environment.

    Figures and Tables | References | Related Articles | Metrics
    Design and Implementation of Integrated Service Platform for Real Estate Registration Based on Domestic Cryptographic Technology
    YAN Hailong, WANG Shulan
    2024, 24 (2):  303-308.  doi: 10.3969/j.issn.1671-1122.2024.02.013
    Abstract ( 56 )   HTML ( 6 )   PDF (8153KB) ( 90 )  

    In view of the information security threats under the “Internet +” mode, a integrated service platform for “Internet + real estate mortgage registration” service mode was designed based on identity authentication, digital signature, electronic signature and other domestic cryptographic technologies. This platform ensured that users have highly reliable personal identity when applying for real estate mortgage registration by strong identity authentication. At the same time, important data encryption transmission was adopted to protect the security of sensitive information during network transmission and prevented information from being illegally obtained or tampered. In addition, key operations were verified through electronic signature and seal to ensure the authenticity and completeness of the operations. The research results indicate that the platform effectively addresses the information security challenges faced in the “Internet +” model. Furthermore, the platform exhibits a high degree of reusability in terms of its functional architecture, providing strong support for the enhancement and advancement of the “Internet + government services” system.

    Figures and Tables | References | Related Articles | Metrics
    Network Intrusion Detection Method Based on Attention-BiTCN
    SUN Hongzhe, WANG Jian, WANG Peng, AN Yulong
    2024, 24 (2):  309-318.  doi: 10.3969/j.issn.1671-1122.2024.02.014
    Abstract ( 102 )   HTML ( 12 )   PDF (10903KB) ( 154 )  

    In order to solve the problem of low accuracy of multi-classification in network intrusion detection field, the proposed algorithm analyzed the time series characteristics of network traffic data, an intrusion detection model based on attention mechanism and bi-directional temporal convolutional network (BiTCN) was convolutional neural network. In this model, the data set was pre-processed by heat-only coding and normalization to solve the problem of strong discreteness and different scale of network traffic data, and the pre-processed data were generated into bidirectional sequence by bidirectional sliding window method, attention-bitcn model was used to extract the bidirectional temporal features and integrate them in an additive manner to obtain the fusion features enhanced by temporal information. The proposed model is experimentally verified by the datasets of NSL-KDD and UNSW-NB15, and the accuracy of multiple classification reached 99.70% and 84.07% respectively, which is superior to traditional network intrusion detection algorithms and has more significant detection performance than other deep learning models.

    Figures and Tables | References | Related Articles | Metrics
    A Social Heterophily Focused Framework for Social Bot Detection
    YU Shangrong, XIAO Jingbo, YIN Qilin, LU Wei
    2024, 24 (2):  319-327.  doi: 10.3969/j.issn.1671-1122.2024.02.015
    Abstract ( 58 )   HTML ( 14 )   PDF (11736KB) ( 53 )  

    As social bot technology advances, these bots increasingly interact with human users, making their detection a more challenging problem. Existing detection methods primarily rely on the homophily assumption, often overlooking the connections between different classes of users, particularly the impact of heterophily. This oversight impairs their detection performance. To address this issue, this paper presented an innovative social bot detection framework that emphasizes social heterophily. It leveraged user connections within social networks and extensively explored various types of social information to mitigate the effects of heterophily and achieved more accurate detection. This paper examined user relationships from both homophily and heterophily perspectives. It constructed the social network as a graph and employed a message-passing mechanism to aggregate information from both homophilic and heterophilic edges, allowing for the extraction of frequency-based node features. Furthermore, it aggregated features from various nodes within the graph to generate social context features. These features are then blended and utilized for the detection task. The experimental results validate the method’s superiority over comparative approaches on publicly available datasets, confirming its effectiveness.

    Figures and Tables | References | Related Articles | Metrics