Loading...
Netinfo Security

Table of Content

    10 August 2024, Volume 24 Issue 8 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    CONTENTS
    2024, 24 (8):  0-0. 
    Abstract ( 80 )   PDF (1608KB) ( 75 )  
    Related Articles | Metrics
    A Cross-Domain Interoperability Method of Distributed Numerical Control Network Based on Task and Trust Level
    QIN Yuanqing, DONG Zeyang, HAN Wenjun
    2024, 24 (8):  1143-1151.  doi: 10.3969/j.issn.1671-1122.2024.08.001
    Abstract ( 152 )   HTML ( 27 )   PDF (9246KB) ( 111 )  

    With the continuous deepening of industry 4.0, the openness of distributed numerical control network has led to increased vulnerability to cyber-attacks. Traditional cross-domain interoperability models face issues such as insufficient objectivity in access subject authentication, low execution efficiency of tasks, and insufficient precision in identity and permission allocation. To address these challenges, this paper proposed a cross-domain interoperability method of distributed numerical control network based on task and trust level. The method utilized trusted computing 3.0 technology to conduct a trustworthiness assessment of access subjects, objectively evaluated their trustworthiness and enhanced the security of cross-domain requests. Furthermore, this paper proposed a novel interoperability method, which was based on tasks to ensure fine-grained security during interoperation while also enhancing task execution efficiency. Simulation experiments validated the effectiveness and applicability of the proposed cross-domain interoperability method.

    Figures and Tables | References | Related Articles | Metrics
    Software Defect Detection Method Based on Improved Whale Algorithm to Optimize SVM
    DU Ye, TIAN Xiaoqing, LI Ang, LI Meihong
    2024, 24 (8):  1152-1162.  doi: 10.3969/j.issn.1671-1122.2024.08.002
    Abstract ( 107 )   HTML ( 19 )   PDF (11135KB) ( 68 )  

    To enhance the performance of software defect detection, a refined model called LFWOA-SVM has been proposed, utilizing an improved Whale algorithm to optimize traditional SVM. This approach aims at inherent issues of SVM, such as low classification accuracy and complex parameter tuning. First, in view of the problems of slow convergence speed, low optimization efficiency and local optimal solution in the whale algorithm during the solution process, the whale foraging stage was optimized based on the levy flight strategy to maximize the diversification of search agents, and a hybrid mutation perturbation was proposed operators were used to improve WOA’s global optimization capabilities. Secondly, the improved whale algorithm LFWOA was used to optimize the penalty factor and kernel function parameters of SVM, which can be effectively used in software defect detection while obtaining the optimal parameters. Finally, data simulation experiments show that among 6 benchmark test functions, LFWOA exhibits higher optimization speed and global search capabilities; tests on 8 public software defect data sets show that LFWOA-SVM method can effectively improve identification performance and prediction accuracy.

    Figures and Tables | References | Related Articles | Metrics
    Invisible Backdoor Attack Based on Feature Space Similarity
    XIA Hui, QIAN Xiangyun
    2024, 24 (8):  1163-1172.  doi: 10.3969/j.issn.1671-1122.2024.08.003
    Abstract ( 100 )   HTML ( 15 )   PDF (11209KB) ( 345 )  

    Backdoor attack refers to an attack that leads to model misjudgment by implanting a specific trigger to the original model during the model training process of deep neural networks. However, the current backdoor attack schemes generally face the problems of poor trigger concealment, low success rate of attack, low poisoning efficiency with easy detection of the poison model. To solve the above problems, the article proposed a model inversion stealthy backdoor attack scheme based on feature space similarity theory under supervised learning mode. The scheme first obtaind the original triggers through a training-based model inversion method and a set of random target label category samples. After that, the benign samples were segmented into feature regions by Attention U-Net network, the original triggers were added to the focus regions, and the generated poison samples were optimized to improve the stealthiness of the triggers and enhance the poisoning efficiency. After expanding the poison dataset by image enhancement algorithm, the original model was retrained to generate the poison model. The experimental results show that the scheme achieves 97% attack success rate with 1% poisoning ratio in GTSRB and CelebA datasets while ensuring the stealthiness of the trigger. At the same time, the scheme ensures the similarity between target samples and poison samples in the feature space, and the generated poison model can successfully escape detection by the defense algorithm, which improves the indistinguishability of the poison model. Through in-depth analysis of this scheme, it can also provide ideas for defending against such backdoor attacks.

    Figures and Tables | References | Related Articles | Metrics
    A Multi-Scale Feature Fusion Deepfake Detection Algorithm Based on Reconstruction Learning
    XU Kaiwen, ZHOU Yichao, GU Wenquan, CHEN Chen, HU Xiyuan
    2024, 24 (8):  1173-1183.  doi: 10.3969/j.issn.1671-1122.2024.08.004
    Abstract ( 95 )   HTML ( 13 )   PDF (14974KB) ( 68 )  

    With the rapid development of deepfake technology, the detection of deepfake faces has become a research hotspot in the field of computer vision. Although existing detection methods based on noise, local texture, or frequency features can exhibit good detection performance to a certain extent or in specific scenarios, these methods lack in-depth exploration of fine-grained facial representation features, limiting their generalization ability. To address the above issues, this paper proposed a novel classification network model based on multi-scale feature fusion reconstruction MSFFR. This network explored fine-grained facial content and gradient representation features from the perspective of reconstruction learning and achieved deepfake face detection through multi-scale feature fusion. The model included three innovative modules, a dual-branch feature extraction module designed to reveal distribution differences between real and fake faces; a fine-grained content and gradient feature fusion module to explore the correlation between fine-grained content features and gradient features of faces; a bidirectional attention module based on reconstruction disparity, effectively guiding the model to classify the fused features. Extensive experiments conducted on large-scale benchmark datasets demonstrate that, compared with existing state-of-the-art techniques, the proposed method significantly improves detection performance, especially in terms of generalization ability.

    Figures and Tables | References | Related Articles | Metrics
    Research on a High Robust Detection Model for Malicious Software
    XU Ruzhi, ZHANG Ning, LI Min, LI Zixuan
    2024, 24 (8):  1184-1195.  doi: 10.3969/j.issn.1671-1122.2024.08.005
    Abstract ( 81 )   HTML ( 13 )   PDF (16934KB) ( 54 )  

    In recent years, malware has become increasingly harmful to the security of cyberspace. In order to cope with large-scale malware detection tasks in the network environment, researchers have proposed automatic detection methods based on machine learning and deep learning. However, these methods need to spend more time on feature engineering, resulting in low detection efficiency. At the same time, the existence of malware countersamples also affects these methods to make correct judgments, causing harm to information security. Therefore, this paper proposed a robust malware detection method (MDCAM). This method firstly analyzed the characteristics of different families of malware and malware adversarial examples based on code visualization technology, and then builded a detection model that integrated improved ConvNeXt network, mixed domain attention mechanism and FocalLoss function, which significantly improved the comprehensive ability and robustness of the detection model.

    Figures and Tables | References | Related Articles | Metrics
    Hierarchical Clustering Federated Learning Framework for Personalized Privacy-Preserving
    GUO Qian, ZHAO Jin, GUO Yi
    2024, 24 (8):  1196-1209.  doi: 10.3969/j.issn.1671-1122.2024.08.006
    Abstract ( 69 )   HTML ( 8 )   PDF (14114KB) ( 29 )  

    Federated learning (FL) is an emerging framework of privacy-preserving distributed machine learning that effectively deals with the privacy leakage problem by utilizing cryptographic primitives. However, how to prevent poisoning attacks in distributed situations has recently become a research hotspot FL concern. Currently, most existing works rely on an independently identical distribution situation and identify malicious gradients using plaintext, which cannot handle the data heterogeneity scenario challenges and imposes significant privacy leakage risks due to releasing unencrypted gradients. To address these challenges, this paper proposed a hierarchical clustering federated learning framework for personalized privacy-preserving. The framework exploited homomorphic encryption by employing the median coordinate as the benchmark. Subsequently, it employed a secure cosine similarity scheme to identify poisonous gradients, and it innovatively utilized clustering as part of the defense mechanism and developed a hierarchical aggregation that enhances the proposed mode’s robustness in IID and non-IID scenarios. Experimental results on the MNIST, CIFAR-10 and Fashion-MNIST datasets indicates that it has powerful privacy-preserving capabilities, and compared to existing defense strategies of FedAVG, PPeFL Media, Trimmed Mean and Clustering, the proposed method achieves an average improvement of 14.90%, 9.59%, 29.50%, 26.57% and 23.19% on accuracy, respectively.

    Figures and Tables | References | Related Articles | Metrics
    MD5 Collision Attack Model Based on Grover’s Quantum Search Algorithm
    ZHANG Xinglan, LI Dengxiang
    2024, 24 (8):  1210-1219.  doi: 10.3969/j.issn.1671-1122.2024.08.007
    Abstract ( 55 )   HTML ( 3 )   PDF (12706KB) ( 36 )  

    Quantum computing’s inherent parallelism underscores its immense potential in cryptography and in information security, where Hash function security stands paramount. Consequently, the emergence of post-quantum cryptography underscores the importance of Hash functions research in this new era. This paoper proposed an MD5 collision attack model based on Grover’s quantum search algorithm. This model applied modular difference analysis to constrain input quantum superposition states. The goal was to seek the target state meeting collision criteria. Upon finding it, this paper constructed a colliding message based on the identified difference. Moreover, this paper delved into the iterative procedures and pivotal operations of quantum search algorithms. This paper also crafted tailored Oracle black box quantum circuits, and assessed the performance of these circuits to evaluate their effectiveness. Findings reveal that this model drastically cuts down on computational intricacies during attacks. It presents novel perspectives and approaches for the research of Hash functions in the post-quantum cryptography era. It also provides useful reference for defending against such attacks.

    Figures and Tables | References | Related Articles | Metrics
    System Broadcast Information Authentication Protocol Based on Certificateless Signature for 5G Network
    SUN Zhongxiu, PENG Cheng, FAN Wei
    2024, 24 (8):  1220-1230.  doi: 10.3969/j.issn.1671-1122.2024.08.008
    Abstract ( 63 )   HTML ( 10 )   PDF (12646KB) ( 38 )  

    The popularization of 5G technology has promoted the development of productivity in various industries, but the security of 5G networks has gradually become prominent, and the security of base stations, as a hub connecting user equipment and the core network, has attracted much attention. Due to the lack of authenticity and integrity protection of the system information messages sent by the base station through broadcasting, attackers can modify the system information messages to attract user devices to connect to the fake base station during initial access or cell reselection, so as to launch a variety of subsequent attacks. In order to solve this problem, this paper proposed a base station identity authentication protocol based on certificateless signature, which provided a method for user equipment to verify the legitimacy of base station broadcasting system messages, and optimized the selection of signed messages, the overhead of signing and verification, and the defense against replay attacks. Simulation results show that the computational overhead introduced by this scheme is acceptable to the base station and user equipment, and compared with the existing base station identity authentication protocols, the proposed scheme improves the security and achieves the minimum signature length.

    Figures and Tables | References | Related Articles | Metrics
    Endogenous Security Heterogeneous Entity Generation Method Based on Large Language Model
    CHEN Haoran, LIU Yu, CHEN Ping
    2024, 24 (8):  1231-1240.  doi: 10.3969/j.issn.1671-1122.2024.08.009
    Abstract ( 77 )   HTML ( 22 )   PDF (11370KB) ( 39 )  

    To address the security challenges posed by unknown vulnerabilities and backdoors in software systems, the paper proposed an endogenous security heterogeneous entity generation method based on large language models. This method, centered around endogenous security strategies, diversified the execution bodies of code that were vulnerable within the program, enabling the system to swiftly switch to a healthy heterogeneous entity upon attack, thereby ensuring stable operation. Furthermore, it leveraged large language models to generate a variety of heterogeneous entities and optimized existing fuzz testing techniques with a seed distance-based method, enhancing the quality of test case generation and code coverage rates, ensuring the functional equivalence of these heterogeneous entities. Experimental results demonstrate that this method can effectively repair code vulnerabilities and produce functionally equivalent heterogeneous entities. Additionally, compared to the existing AFL algorithm, the optimized fuzz testing method consumes less time to achieve the same code coverage rate. It is evident that the method put forward in the paper can significantly improve the security and robustness of software systems, offering a new strategy for the defense against unknown threats.

    Figures and Tables | References | Related Articles | Metrics
    Inducement Game Model of Data-Stealing Trojan Based on Stochastic Game Nets
    GUO Yuzheng, GUO Chun, CUI Yunhe, LI Xianchao
    2024, 24 (8):  1241-1251.  doi: 10.3969/j.issn.1671-1122.2024.08.010
    Abstract ( 71 )   HTML ( 15 )   PDF (13322KB) ( 19 )  

    To achieve the long-term goal of information theft, data-stealing Trojans typically employ the trigger execution strategy, providing high concealment and uncertainty in the execution of their malicious actions. The mainstream defense model against data-stealing Trojans adopts a passive defense strategy that involves monitoring and detecting the behavior of these Trojans, but is prone to omissions and delayed detection. To improve the defense effectiveness, this paper introduced the concept of inducement operation to construct an inducement-based defense strategy targeting data-stealing Trojans. Using stochastic game nets, this paper modeled and analyzed the confrontation process between the data-stealing Trojans and defenders, resulting in the development of the Inducement Game Model of Data-Stealing Trojan (IGMDT-SGN). IGMDT-SGN provides a clear illustration of the strategic logic and temporal dynamics of employing the inducement defense strategy against these Trojans. Quantitative analysis conducted through model calculations shows that the inducement defense strategy, as presented in IGMDT-SGN, outperforms the passive defense strategy in terms of defense success rate and average defense time. This finding provides useful guidance for defending against data-stealing Trojans.

    Figures and Tables | References | Related Articles | Metrics
    Membership Inference Attacks Method Based on Ensemble Learning
    ZHAO Wei, REN Xiaoning, XUE Yinxing
    2024, 24 (8):  1252-1264.  doi: 10.3969/j.issn.1671-1122.2024.08.011
    Abstract ( 51 )   HTML ( 16 )   PDF (15880KB) ( 20 )  

    With the rapid development and widespread application of machine learning technology, the issues related to data privacy have garnered significant attention. Membership inference attacks, which involve analyzing whether specific data samples are used in a model’s training, have raised concerns, particularly in sensitive domains such as healthcare and finance. Existing membership inference attacks exhibit limited attack performance, and various defense mechanisms, including differential privacy and knowledge distillation, have been employed to mitigate their threat to individual privacy. This paper conducted an in-depth analysis of various black-box membership inference attacks targeting classification models and proposed a membership inference attacks method based on ensemble learning that had stronger attack performance and less easily defensible membership inference attacks. Firstly, the experiment analyzed the relationships among target model generalization gap, attack success rate, and attack difference. Secondly, representative membership inference attacks were selected based on an analysis of the difference among different attacks. Finally, ensemble technology was used to integrate the selected attacks to obtain attacks with stronger performance. The experiments show that compared to existing membership inference attacks, ensemble-based membership inference attacks method based on ensemble learning has stronger and more stable attack performance across a wide range of models and datasets. By conducting an in-depth analysis of the attack methodology, including factors such as datasets, model architecture, and generalization gap, valuable insights can be provided for defending against membership inference attacks.

    Figures and Tables | References | Related Articles | Metrics
    Weighted Network Structural Hole Node Discovery Algorithm for Multi-Dimensional Attribute Fusion
    WANG Wentao, LIU Yanfei, MAO Bowen, YU Chengbo
    2024, 24 (8):  1265-1276.  doi: 10.3969/j.issn.1671-1122.2024.08.012
    Abstract ( 61 )   HTML ( 14 )   PDF (12695KB) ( 19 )  

    In large-scale complex network spaces, quickly identifying structural hole nodes is of great significance for controlling the spread of viruses and public opinion. Aiming at the problem that the existing methods for identifying structural hole nodes have low recognition accuracy when the network structure changes, this paper proposed a structural hole node recognition algorithm. The algorithm combined adjacency information entropy and adjacency centrality based on multi-dimensional attribute mapping and fusion. The algorithm used weighted adjacency information entropy as the amount of information of neighbor nodes, used adjacency centrality to measure the importance of a node in propagating information about its neighbor nodes, and identified key structural hole nodes in the network by representing the local attributes of structural hole nodes as the ability of nodes to propagate information. Experimental results show that, compared with existing methods, under datasets with different network scales and network structures, the total scores of the three evaluation indicators of ξ, τ and network average information entropy are 0.470, 1.679, and 4.027, respectively, which are all optimal. It shows that the algorithm has more superior and stable performance. Moreover, the algorithm still has a low time cost when applied to large-scale networks.

    Figures and Tables | References | Related Articles | Metrics
    IoT Device Identification Method Based on Pre-Trained Transformers
    XING Changyou, WANG Zipeng, ZHANG Guomin, DING Ke
    2024, 24 (8):  1277-1290.  doi: 10.3969/j.issn.1671-1122.2024.08.013
    Abstract ( 92 )   HTML ( 17 )   PDF (17777KB) ( 36 )  

    To help network administrators quickly isolate anomalous and vulnerable IoT devices in the LAN to prevent attackers from exploiting device vulnerabilities to penetrate the internal network for latent and subsequent deep attacks, efficient IoT device identification methods are particularly important. However, existing machine learning-based classification methods generally suffer from the problems of cumbersome feature selection process and unstable data flow features, which affect the identification accuracy. Accordingly, IoT device identification method based on pre-trained transformers was proposed. This method mainly realized the goal of IoT device identification by processing the device traffic through the model IoTBERT model. IoTBERT included two major components, the pre-training module and the device identification module. The pre-training module trained the ALBERT model by using the unlabeled IoT device flow data, and embedding data feature encoding into high-dimensional feature vectors to achieve the acquisition of traffic feature representation models. While the device identification module used the labeled data to fine-tune the parameter weights of the pre-trained model, and combined the residual networks to accomplish the identification of IoT devices using the packet-level information. This method automatically learnt traffic feature representations and performed classification and identification decisions, eliminating the need for manually designing feature engineering and manually building multi-stage processing flows. It directly mapped raw data grouping codes to corresponding category labels for end-to-end IoT device identification. The experimental results on the publicly available datasets Aalto, UNSW and CIC IoT show that this method is able to recognize and classify IoT devices effectively, and the average recognition accuracy of the method reaches 97.2%, 92.1% and 99.8% respectively.

    Figures and Tables | References | Related Articles | Metrics
    A Lifecycle-Manageable Public Data Sharing Scheme
    LYU Qiuyun, ZHOU Lingfei, REN Yizhi, ZHOU Shifei, SHENG Chunjie
    2024, 24 (8):  1291-1305.  doi: 10.3969/j.issn.1671-1122.2024.08.014
    Abstract ( 79 )   HTML ( 23 )   PDF (19096KB) ( 47 )  

    Public data as a data element can significantly empower government public services and social governance. However, frequent data breaches severely hinder the progress of public data sharing. Existing attribute-based encryption schemes, while enabling secure access to public data, suffer from inefficiencies in authorization management and difficulties in control after sharing, making them unsuitable for current public data sharing models. Therefore, this paper proposed a public data sharing scheme that was controllable throughout the entire lifecycle. The scheme began with a data capsule encapsulation method that deeply bound shared public data with access authorization policies; it then constructed a multi-party, layered authorization and lifecycle-aware access control method for the shared data. Security and experimental simulation analyses demonstrate that the scheme achieves controllable public data sharing throughout its entire lifecycle, with minimal overhead and meeting practical needs.

    Figures and Tables | References | Related Articles | Metrics