Loading...
Netinfo Security

Table of Content

    10 November 2024, Volume 24 Issue 11 Previous Issue   
    For Selected: Toggle Thumbnails
    Content
    2024, 24 (11):  0-0. 
    Abstract ( 102 )   PDF (1977KB) ( 72 )  
    Related Articles | Metrics
    Detection of DDoS Attacks in the Internet of Things Based on Artificial Intelligence
    YIN Jie, CHEN Pu, YANG Guinian, XIE Wenwei, LIANG Guangjun
    2024, 24 (11):  1615-1623.  doi: 10.3969/j.issn.1671-1122.2024.11.001
    Abstract ( 187 )   HTML ( 36 )   PDF (10880KB) ( 136 )  

    Aiming at the optimal solution for detecting IoT DDoS attacks, this paper used multiple algorithms to detect and model IoT DDoS attacks. This paper used kernel density estimation to screen out influential traffic feature fields. A DDoS attack detection model based on machine learning and deep learning algorithms was established. The feasibility of processing data sets and performing attack detection through reversible residual neural networks and large language models was analyzed. Experimental results show that the ResNet50 algorithm performs best in comprehensive indicators. In distinguishing DDoS attack traffic from other traffic issues, the gradient boosting algorithm performs better. In terms of segmenting DDoS attack types, the optimized ResNet50-GRU algorithm performs better.

    Figures and Tables | References | Related Articles | Metrics
    Smart Contract Vulnerability Detection Method Based on Graph Convolutional Network with Dual Attention Mechanism
    LI Pengchao, ZHANG Quantao, HU Yuan
    2024, 24 (11):  1624-1631.  doi: 10.3969/j.issn.1671-1122.2024.11.002
    Abstract ( 85 )   HTML ( 12 )   PDF (8954KB) ( 62 )  

    With the widespread adoption of blockchain technology, an increasing number of smart contracts exhibiting complex internal logic are being deployed. However, most existing methods for detecting vulnerabilities in smart contracts suffer from high false positive rates and low detection accuracy. To address these challenges, this paper proposed a smart contract vulnerability detection method based on graph convolutional network with dual attention mechanism, aiming to improve both the accuracy and efficiency of the detection process. Initially, a multi-head attention mechanism was integrated into the convolutional layer of the graph convolutional network, enabling the dynamic calculation of attention weights based on the information from adjacent nodes during the feature propagation stage. This enhancement allowed the model to concentrate more on the neighbors most relevant to the current node during each feature aggregation, thereby improving the recognition of critical features. Subsequently, during the graph pooling stage, an attention-based pooling mechanism was employed to select and aggregate node features, further emphasizing key nodes and enhancing the identification of features that significantly influence vulnerability detection. The proposed method was evaluated using the ethereum smart contract (ESC) vulnerability sample dataset. Experimental results demonstrate that compared to other detection techniques, the proposed method can identify complex smart contract vulnerabilities with greater speed and accuracy.

    Figures and Tables | References | Related Articles | Metrics
    Research on Multi-Factor Continuous Trustworthy Identity Authentication for Users in Civil Aviation Air Traffic Control Operational Information Systems
    CHEN Baogang, ZHANG Yi, YAN Song
    2024, 24 (11):  1632-1642.  doi: 10.3969/j.issn.1671-1122.2024.11.003
    Abstract ( 61 )   HTML ( 11 )   PDF (11753KB) ( 31 )  

    As cybersecurity threats continue to evolve, traditional identity authentication methods face increasingly severe challenges. This paper proposed an innovative strategy for multi-factor continuous trustworthy identity authentication to address the growing complexity of security threats. The strategy included multi-factor authentication during the first stage login and multi-factor behavior characteristics continuous authentication after the second stage login. In the second stage of continuous authentication, statistical feature method and machine learning model were used to enhance the real-time monitoring and analysised of user behavior patterns, and improved the accuracy of abnormal behavior detection. Finally, the paper validated the effectiveness of the proposed continuous multi-factor behavioral characteristic-based trustworthy identity authentication through experiments under single-point anomaly and contextual anomaly scenarios, demonstrating its reliability and practicality in the field of identity authentication. The experimental results indicate that this method offers certain advantages in enhancing system security and reducing the risk of compromise.

    Figures and Tables | References | Related Articles | Metrics
    Review of Research on Blockchain-Based Federated Learning
    LAN Haoliang, WANG Qun, XU Jie, XUE Yishi, ZHANG Bo
    2024, 24 (11):  1643-1654.  doi: 10.3969/j.issn.1671-1122.2024.11.004
    Abstract ( 97 )   HTML ( 15 )   PDF (14856KB) ( 53 )  

    As an emerging decentralized distributed machine learning paradigm, blockchain based federated learning not only overcomes the shortcomings of traditional federated learning such as data silos, privacy breaches, and security threats, but also faces new challenges in terms of cost, efficiency, and effectiveness brought by blockchain technology. Therefore, this article first elaborated on federated learning and blockchain by combining basic principles, technical classifications, complementary advantages, and unresolved problems. On this basis, a systematic summary and analysis of current research on blockchain based federated learning was conducted around the architecture, performance, privacy, security, incentive mechanisms, consensus mechanisms, and applications involved in the combination of federated learning and blockchain. Finally, starting from the three dimensions of blockchain based federated learning itself, balance, and application, explored its future research trends and the main problems that urgently need to be solved.

    Figures and Tables | References | Related Articles | Metrics
    Anomaly Traffic Detection Algorithm Integrating RF and CNN
    ZHANG Zhiqiang, BAO Yadong
    2024, 24 (11):  1655-1664.  doi: 10.3969/j.issn.1671-1122.2024.11.005
    Abstract ( 66 )   HTML ( 10 )   PDF (14291KB) ( 46 )  

    Abnormal traffic detection is one of the key technologies in cybersecurity, playing a crucial role in promptly identifying network attacks, tracing evidence, and preventing data leaks. To address the shortcomings in accuracy of existing abnormal traffic detection methods, this paper proposed an anomaly traffic detection algorithm that integrates Random Forest (RF) and Convolutional Neural Network (CNN). This algorithm utilized RF for feature selection and preliminary classification, effectively reducing the input dimensionality and enhancing the model’s generalization capability; it further improved the precision of anomaly detection through deep pattern recognition by CNN on selected features. Experimental results demonstrate that, compared to traditional detection methods, this algorithm significantly enhances performance metrics such as detection accuracy and recall rate.

    Figures and Tables | References | Related Articles | Metrics
    Target Personnel Importance Ranking Algorithm Based on Improved Weighted LeaderRank
    XIA Lingling, MA Zhuo, GUO Xiangmin, NI Xueli
    2024, 24 (11):  1665-1674.  doi: 10.3969/j.issn.1671-1122.2024.11.006
    Abstract ( 43 )   HTML ( 5 )   PDF (12161KB) ( 38 )  

    At present, the manual analysis of complex interpersonal relationship data is faced with challenges, especially the problems of insufficient accuracy, low efficiency and high cost for the importance assessment of important individuals. To solve this problem, this paper comprehensively considered behavioral characteristics and activity rules of this type of personnel, based on call detail records of key personnel and the weighted LeaderRank algorithm, and assigned weight to multiple factors such as call duration, call frequency, night call frequency and the number of key individuals among contacts. As a result, it proposed an improved weighted LeaderRank algorithm to rank the importance of key contacts and screen out target people with similar behavior patterns and activity characteristics as important individuals. The experimental results show that compared with classical influence node discovery algorithms such as the degree centrality algorithm, the closeness centrality algorithm and the betweenness centrality algorithm, the improved weighted LeaderRank algorithm has a higher score for target people with similar behavior characteristics in the communication relationship, and can effectively identify potential and unobserved target people in the communication relationship.

    Figures and Tables | References | Related Articles | Metrics
    Unsupervised Network Traffic Anomaly Detection Based on Abductive Learning
    HU Wentao, XU Jingkai, DING Weijie
    2024, 24 (11):  1675-1684.  doi: 10.3969/j.issn.1671-1122.2024.11.007
    Abstract ( 62 )   HTML ( 4 )   PDF (12383KB) ( 41 )  

    The current challenge in computer network traffic anomaly detection is the lack of labeled information, while users must select appropriate technologies and adjust parameters without any labels for cross-validation. To address this issue, this paper proposed an abductive learning-based anomaly traffic detection (ABL-ATD) model, which operated in an unsupervised manner. This model automatically generated pseudo-labels and utilized deductive reasoning and consistency verification to produce high-quality labels, thereby avoiding manual intervention. The innovation of ABL-ATD lied in its ability to extract effective signals from multiple unsupervised anomaly detection models and reliably distinguish between anomalous and normal traffic through validation and correction. Experimental results demonstrate that this model exhibits accuracy comparable to that of supervised learning models trained with real labels across multiple datasets.

    Figures and Tables | References | Related Articles | Metrics
    Joint Prediction for User and Point of Interest Based on Disentangling Influences
    MA Zhuo, CHEN Dongzi, HE Jiahan, WANG Qun
    2024, 24 (11):  1685-1695.  doi: 10.3969/j.issn.1671-1122.2024.11.008
    Abstract ( 40 )   HTML ( 3 )   PDF (12529KB) ( 20 )  

    The problem of user-POI prediction, based on the user’s historical check-in records, determines whether a user checks in a specific POI. However, the user-POI data has a long-tail distribution phenomenon. To address this data sparsity challenge, existing work disentangled the geographical neighbor effect and the geographical sequence effect through self-supervised learning to improve the interpretability and accuracy of the POI prediction task. This paper further introduced the semantic sequence effect, and proposed an improved disentangled graph embedding model. The model used the pairwise constraints of point-of-interests in the geographic space and semantic space, and was based on the feature expression, feature modification, feature decoupling and multi-layer perceptron fusion of the influencing factors in the geographic coordinate space and the semantic category space. The geographic level could be combined with the semantic level to better predict the user’s access to the POI. Experimental results show that the proposed method can still achieve good prediction effects on sparse datasets.

    Figures and Tables | References | Related Articles | Metrics
    Research on the Evolution of Defrauded Network Behavior Risk Based on Eventic Graph
    ZHOU Shengli, XU Rui, CHEN Tinggui, JIANG Keyi
    2024, 24 (11):  1696-1709.  doi: 10.3969/j.issn.1671-1122.2024.11.009
    Abstract ( 49 )   HTML ( 19 )   PDF (16978KB) ( 40 )  

    Based on real case data, this study investigated the risks of defrauded network behavior from the perspective of telecom network fraud victims' online activities, which can effectively enhance the prevention and control capabilities of telecom network fraud. To this end, the study first processed the relevant data using the LTP tool. Secondly, it extracted defrauded network behavior risk events and the eventic logical relationships between these events from the relevant corpus data through template matching methods, and constructed a specific eventic graph of defrauded network behavior risks. Then, the study built a deep clustering model based on an autoencoder to generalize and cluster the extracted risk events, and constructed an abstract eventic graph of defrauded network behavior risks based on the generalization results. Finally, using the constructed specific and abstract eventic graphs, the study analyzed the composition and patterns of defrauded network behavior risks through case process analysis models and complex network analysis techniques. The study ultimately categorized the defrauded network behavior risks of telecom network fraud into four stages: contact risk, trust deception risk, psychological vulnerability exploitation risk, and behavior control risk, and summarized the temporal sequences and compositions of each risk stage.

    Figures and Tables | References | Related Articles | Metrics
    Analysis of Security Risks and Countermeasures for Modbus TCP Protocol
    MA Rupo, WANG Qun, YIN Qiang, GAO Gugang
    2024, 24 (11):  1710-1720.  doi: 10.3969/j.issn.1671-1122.2024.11.010
    Abstract ( 46 )   HTML ( 8 )   PDF (13551KB) ( 34 )  

    As the product of the deep integration of new generation information technology and industrial system, industrial internet is promoting the transformation of industrial production mode. However, in the initial design of industrial control network protocols, some security issues are overlooked due to the emphasis on efficiency improvement and functional implementation. In addition, security vulnerabilities and abnormal behaviors in applications have led to serious security risks. This paper introduced the development background and trend of industrial Internet and the characteristics of industrial control network protocol, analyzed the security risks of the typical industrial control network protocol Modbus TCP, which was widely used at present, studied the security countermeasures such as data encryption, data integrity detection, identity authentication and anomaly intrusion detection, and finally proposed a set of security scheme of Modbus TCP protocol. This scheme included data encryption and decryption modules using AES and RSA algorithms, data integrity detection module using SM3 algorithm, identity authentication module using dynamic password authentication technology, and anomaly intrusion detection system based on data features. At the same time, the scheme adopted PKI, which could further enhance the security of the industrial control system.

    Figures and Tables | References | Related Articles | Metrics
    Design and Implementation of a Cross-Domain Secure Sharing Transmission Control System for Video Surveillance Data
    PEI Bingsen, LI Xin, FAN Zhijie, JIANG Zhangtao
    2024, 24 (11):  1721-1730.  doi: 10.3969/j.issn.1671-1122.2024.11.011
    Abstract ( 65 )   HTML ( 7 )   PDF (13007KB) ( 42 )  

    With the continuous expansion of current video surveillance networks, it is essential to enable the cross-domain transmission of surveillance data. However, the streaming data of video surveillance networks demands high transmission speeds and data security during cross-domain transmission. Consequently, how to achieve secure and shared cross-domain transmission of video surveillance data has become a focal point in the field of high-performance secure transmission. In response to this requirement, this paper designd a video surveillance data cross-domain secure sharing transmission control system, integrating technologies such as the PF_RING zero copy model, channel task management, and one-way optical transmission mechanisms. It demonstrates methods for achieving high-performance, cross-domain secure transmission and sharing of video streaming data from both hardware and software perspectives. The feasibility and scientific validity of the designed system are proven through experiments, ensuring the security and efficiency of cross-domain transmission of video surveillance data.

    Figures and Tables | References | Related Articles | Metrics
    Research on Data Noise Addition Method Based on Availability
    GU Haiyan, LIU Qi, MA Zhuo, ZHU Tao, QIAN Hanwei
    2024, 24 (11):  1731-1738.  doi: 10.3969/j.issn.1671-1122.2024.11.012
    Abstract ( 47 )   HTML ( 4 )   PDF (9405KB) ( 29 )  

    As information technology rapidly advances, data privacy protection has become a focal point of interest. Effectively safeguarding personal privacy while maximizing the utility of data resources is an urgent issue to address. Implementing data privacy protection through noise addition is one of the prevalent methods, yet research on the impact of various noise addition techniques on data usability is scarce. This study experimentally introduced laplace noise and gaussian noise to “five-star” rating data indicative of user experience. It compared and analyzed the alterations in three statistical metrics of the noise data: mean absolute error, root mean square error, and variance growth rate. The paper further investigated the effects of combining noise with different ratios and varying data volumes on statistical indicators. The experimental results indicate that with larger data volumes, a higher proportion of Gaussian noise addition results in statistical properties of the noise data that more closely resemble the original data. This approach ensures data usability while achieving personal privacy protection.

    Figures and Tables | References | Related Articles | Metrics
    Blockchain-Based Log Data Provenance Mechanism Using Bloom Filter Search Tree
    ZHANG Peng, LUO Wenhua
    2024, 24 (11):  1739-1748.  doi: 10.3969/j.issn.1671-1122.2024.11.013
    Abstract ( 84 )   HTML ( 10 )   PDF (11709KB) ( 30 )  

    To address the shortcomings of existing provenance mechanisms in handling log data, this article proposed a blockchain-based log data provenance mechanism using Bloom filter search tree. This mechanism adopted a storage model combining on-chain data hashes and off-chain actual data was adopted to ensure data security and privacy. For the on-chain data hashes, this article introduced a bittimemap-Bloom filter tree (BT-BFT) mechanism centered around access time as the core index information. This mechanism indexed timestamps using a bitmap, then leveraged the number of Bloom filters to delineate the granularity of log data analysis, subsequently constructing a balanced tree-like structure that enabled efficient mapping and indexing of time-dimensional data. Deployed in the form of smart contracts, it effectively filtered out non-target provenance nodes, supported timestamp-based provenance and full-period provenance based on keywords, and incorporated an identity filtering mechanism to address the inherent conflict issues of Bloom filters. Experimental results demonstrate that the mechanism proposed in the article can accurately and efficiently trace time-sensitive data while ensuring data security.

    Figures and Tables | References | Related Articles | Metrics
    The Research and Development of Digital Forensics Technology
    LUAN Runsheng, JIANG Ping, SUN Yinxia, ZHANG Qinzhi
    2024, 24 (11):  1749-1762.  doi: 10.3969/j.issn.1671-1122.2024.11.014
    Abstract ( 99 )   HTML ( 12 )   PDF (18917KB) ( 31 )  

    As an interdisciplinary subject of computer science and law, digital forensics is now focused of research and attention. This paper introduced digital forensics and the related concepts, elaborated the research progress of forensics technology, and analyzed the types, functional characteristics and related industry test standards and specifications of forensic tools. Finally, the development trend of electronic data forensics research was prospected.

    Figures and Tables | References | Related Articles | Metrics
    Disambiguation-Based Partial Multi-Label Learning Algorithm Augmented by Fusing Instance and Label Correlations
    GAO Guangliang, LIANG Guangjun, HONG Lei, GAO Gugang, WANG Qun
    2024, 24 (11):  1763-1772.  doi: 10.3969/j.issn.1671-1122.2024.11.015
    Abstract ( 45 )   HTML ( 3 )   PDF (11827KB) ( 21 )  

    A set of candidate labels for each instance, which contains real and noisy labels, disambiguation-based partial multi-label learning aims to eliminate the noisy labels, thereby identifying and predicting the labels that are truly relevant to each instance. Traditional disambiguation strategies usually only focus on the correlation between labels and ignore the correlation between instances. To this end, a disambiguation-based partial multi-label learning algorithm augmented by fusing instance and label correlations was proposed, thereby improving the performance of disambiguation-based multi-label learning. First, a basic model was constructed based on the low-rank nature of ground-truth label matrix and the sparsity of noisy labels. Second, the kernel trick was used to map the feature vectors of the instances into a high-dimensional space so as to capture the linear and nonlinear correlations between the instances properly, which in turn helped us to eliminate noisy labels further. Finally, the associated labels of each instance was predicted by a linear mapping from the feature space to the label space. The experimental synthetic and real-world datasets show that compared with 8 comparative algorithms the algorithm proposed in the article has significant differences in statistics and performs better.

    Figures and Tables | References | Related Articles | Metrics
    Research on the Construction Method and Application of Case Knowledge Graph Based on Prompt Learning
    QIN Zhenkai, XU Mingchao, JIANG Ping
    2024, 24 (11):  1773-1782.  doi: 10.3969/j.issn.1671-1122.2024.11.016
    Abstract ( 62 )   HTML ( 7 )   PDF (13071KB) ( 42 )  

    To address the inefficiencies and time-consuming nature of traditional case processing and analysis methods, this study proposed a method for constructing case knowledge graphs aimed at improving case handling efficiency and enhancing the depth and breadth of case analysis. This method provided law enforcement personnel with more comprehensive and accurate case information support. Firstly, the CasePrompt prompt learning method was integrated into the OneKE large language model, leading to the development of a case event extraction model. Secondly, based on case domain data, a conceptual layer architecture for the knowledge graph was built, and the case event extraction model was used to achieve entity extraction. Finally, the extracted structured case data was converted into triplets and stored in the Neo4j graph database, realizing the construction of a case knowledge graph based on prompt learning. Experimental results show that the prompt learning fine-tuned large model demonstrates superior event extraction performance compared to traditional deep learning models. It effectively identifies and extracts event information from case text data, enabling the construction of high-quality case knowledge graphs, thereby enhancing case analysis efficiency.

    Figures and Tables | References | Related Articles | Metrics
    A Named Entity Recognition Model for Legal Documents
    LU Rui, LI Linying
    2024, 24 (11):  1783-1792.  doi: 10.3969/j.issn.1671-1122.2024.11.017
    Abstract ( 44 )   HTML ( 4 )   PDF (11933KB) ( 18 )  

    Accurate identification of entities in legal documents is fundamental for building an intelligent judicial system. However, generic Named Entity Recognition models often struggle with accurately recognizing entity boundaries in legal documents and integrating recognition results closely with legal practices. To improve the accuracy of entity recognition in legal documents, this paper proposed the BBAG-NER model for Named Entity Recognition in legal documents. The model first encoded character sequences using BERT, then employed Bidirectional Long Short-Term Memory and Attention mechanisms to assign different weights and enhance the ability to delineate entity boundaries. Finally, it used a global pointer network to identify potential judicial entity segments and obtained the final entity categories through an entity classifier. Experimental results on a legal document corpus dataset show that our proposed model achieves an F1 score of 89.18%, representing a 2.1% improvement compared to the BERT-CRF model, demonstrating the overall effectiveness of our proposed model.

    Figures and Tables | References | Related Articles | Metrics