Loading...
Netinfo Security

Table of Content

    10 December 2024, Volume 24 Issue 12 Previous Issue   
    For Selected: Toggle Thumbnails
    Content
    2024, 24 (12):  0-0. 
    Abstract ( 26 )   PDF (1573KB) ( 7 )  
    Related Articles | Metrics
    A Survey on Trusted Execution Environment Based Secure Inference
    SUN Yu, XIONG Gaojian, LIU Xiao, LI Yan
    2024, 24 (12):  1799-1818.  doi: 10.3969/j.issn.1671-1122.2024.12.001
    Abstract ( 62 )   HTML ( 14 )   PDF (25055KB) ( 29 )  

    Machine learning technologies, especially deep neural networks, have gained popularity in various fields such as autonomous driving, smart homes, and voice assistants. In scenarios with high real-time requirements, many service providers deploy models on edge devices to avoid network latency and communication costs. However, service providers have no absolute control of edge devices, making deployed models vulnerable to attacks like model stealing, fault injection, and membership inference. This can lead to serious consequences such as theft of high-value models, manipulation of inference results, and leakage of private training data, ultimately undermining the competitiveness of service providers. To address these issues, numerous researchers have worked on trusted execution environments (TEE) based secure inference, which ensures security while maintaining model availability. This paper began by introducing relevant background knowledge, providing a definition of secure inference, and summarizing security models in edge deployment scenarios. Subsequently, existing solutions for model confidentiality and inference integrity were categorized and introduced, with a comparative analysis and summary. Finally, the paper outlined research challenges and directions for the future of secure inference.

    Figures and Tables | References | Related Articles | Metrics
    A Review of Incremental Intrusion Detection
    JIN Zhigang, CHEN Xuyang, WU Xiaodong, LIU Kai
    2024, 24 (12):  1819-1830.  doi: 10.3969/j.issn.1671-1122.2024.12.002
    Abstract ( 26 )   HTML ( 2 )   PDF (14835KB) ( 12 )  

    Intrusion detection system is an important component of network defense framework which can monitor the network security situation and detect attacks in real time. However, the traditional intrusion detection systems are oriented to static networks, and it is hard to deal with new attack methods which are coming in all the time. Some researchers have begun to explore how to enable intrusion detection to have incremental capabilities, so that it can quickly update existing models for new types of attacks and learn new knowledge without consuming a lot of resources for retrain, in order to adapt to the complex network environment. This paper aims to summarize the recent research on incremental intrusion detection. Firstly, this paper introduced the basic concepts of incremental learning and intrusion detection, summarized commonly used datasets. Then this paper analyzed existing methods. Finally, this paper analyzed the problems existing in research results, and looked forward to the future development trends in this field.

    Figures and Tables | References | Related Articles | Metrics
    A Review of Federated Learning Application Technologies
    HE Zeping, XU Jian, DAI Hua, YANG Geng
    2024, 24 (12):  1831-1844.  doi: 10.3969/j.issn.1671-1122.2024.12.003
    Abstract ( 29 )   HTML ( 6 )   PDF (17455KB) ( 14 )  

    Security problems, such as privacy leakage and reasoning distortion, arising from training and reasoning in AI have heightened concerns, even involving ideology and national strategic security. As an emerging machine learning architecture, federated learning provides effective privacy protection capabilities for multi-party data analysis, processing, and sharing by achieving global model training while maintaining private data locality. Then, from the perspective of research motivation, technical methods, and other aspects of federated learning, how to apply this technology in typical application scenarios to solve practical problems effectively is its core. Therefore, this article conducted a comprehensive survey on the current research status of application technology of federated learning in typical scenarios, which would be valuable to further research and practice of federated learning. Firstly, a comprehensive classification and sorting of relevant literature were conducted from the perspective of research application scenarios, and the research status in each scenario was analyzed from a multidisciplinary perspective. Secondly, from the perspective of technical implementation, a comparative analysis was conducted on the data sets, performance characteristics, evaluation indicators, and other aspects of different schemes in various application scenarios. Finally, the key challenges and development directions faced by federated learning research, especially system applications, were analyzed and summarized.

    Figures and Tables | References | Related Articles | Metrics
    The Spectral Invariant Subspace of Word-Based Block Ciphers
    CUI Ting, ZHOU Yidong, CHEN Shiwei, ZHANG Yi
    2024, 24 (12):  1845-1854.  doi: 10.3969/j.issn.1671-1122.2024.12.004
    Abstract ( 27 )   HTML ( 9 )   PDF (10368KB) ( 20 )  

    This paper combined the idea of invariant subspace attacks with linear cryptanalysis, and proposed a spectral invariant subspace analysis method. This approach leveraged the property of spectral invariant subspaces to distinguish a block cipher by examining whether a pair of input/output linear masks resides within the same non-trivial subspace. Firstly, it demonstrated that if an S-box satisfied the spectral invariant subspace property, it was linearly equivalent to several smaller S-boxes operating in parallel. Secondly, an efficient algorithm for searching spectral invariant subspaces of S-boxes was presented, which proved effective for commonly used sizes of S-boxes. Furthermore, if the S-boxes employed in a word-based block cipher shared the same spectral invariant subspace, then it followed that the entire cipher possesses this characteristic as well. By utilizing this property, an infinite-round distinguisher with probability 1 for the target cipher was constructed. This paper offered new insights into the relationship between S-boxes and block cipher security and provided valuable guidance for designing new block ciphers. As application, an infinite-round distinguisher with probability 1 specifically for variant Midori128 was developed.

    Figures and Tables | References | Related Articles | Metrics
    Anonymization General Process and Risk Assessment Method for Data Compliance
    YUAN Yulin, YUAN Shuguang, YU Jing, CHEN Chi
    2024, 24 (12):  1855-1870.  doi: 10.3969/j.issn.1671-1122.2024.12.005
    Abstract ( 21 )   HTML ( 4 )   PDF (24559KB) ( 5 )  

    The leakage of personal privacy has emerged as a critical challenge in data security. Anonymization can effectively reduce the risk of privacy leakage by deidentification of personal information. However, inappropriate data processing methods can affect the results. Moreover, a residual risk of re-identification remains after data release. As domestic security supervision on data circulation intensifies, it is of great significance for personal information sharing to establish a reasonable anonymization process and assess the residual risks of anonymized data under data compliance. The previous anonymous risk assessment primarily center on evaluating data security through attack models. Additionally, these studies often overlook inherent risks within the anonymous process itself and the compliance of anonymous data. Therefore, this article introduced an anonymization general process. Building upon it, a risk assessment around data security and compliance was devised. The risk assessment method focused on process risk and data re-identification risk. It contained a supporting evaluation method and index system. In compliance evaluation, this article summarized existing standards. It proposed quantifiable compliance requirements to ensure compliance while assessing data risks. Finally, this article conducted a simulation experiment of anonymous process to verify process feasibility. The experimental result verifies that the risk assessment method can effectively detect potential threats in anonymization by simulating different risk scenarios.

    Figures and Tables | References | Related Articles | Metrics
    A White-Box Improvement Scheme of SM4 for Collision Attack
    LI Kehui, CHEN Jie, LIU Jun
    2024, 24 (12):  1871-1881.  doi: 10.3969/j.issn.1671-1122.2024.12.006
    Abstract ( 20 )   HTML ( 3 )   PDF (22287KB) ( 18 )  

    In a white-box attack model, the attacker can access the implementation process of the cryptographic algorithm, observe or modify the internal details of the cryptographic algorithm. Based on the concept of white-box cryptography, Yao-Chen’s white-box SM4 scheme presents a design idea for expanding the internal state of white-box SM4, but the scheme fails to resist the analysis of collision attack, and the time complexity of recovering the key is only O(223.02). In order to ensure the normal operation of white-box SM4 in the collision attack context, this paper proposed a white-box improvement scheme of SM4 for collision attack. This improvement scheme introduced more random affine transformations and random vectors to complicate the internal encoding to resist the collision attack. By using the counter proof method, it was proven that the round encryption function of the improved scheme couldn’t be converted into a collision function, and the analysis of collision attack couldn’t be carried out. In addition, this paper demonstrated that the scheme can also resist BGE attack, code extraction attacks and a combination of differential analysis and methods for solving systems of equations. For the attack method of differential analysis with adjusted affine constant, the key space size of the improved scheme was 61200×2128, and the time complexity for affine equivalent attack was O(297).

    Figures and Tables | References | Related Articles | Metrics
    Traffic Obfuscation Method for Temporal Features Based on Adversarial Example
    ZHANG Guomin, TU Zhixin, XING Changyou, WANG Zipeng, ZHANG Junfeng
    2024, 24 (12):  1882-1895.  doi: 10.3969/j.issn.1671-1122.2024.12.007
    Abstract ( 21 )   HTML ( 4 )   PDF (16811KB) ( 4 )  

    While deep learning-based traffic analysis technology improves network management efficiency, it also opens up new intrusion paths for malicious attackers. Users’ sensitive information can be extracted by analyzing the temporal characteristics of encrypted traffic, thereby posing a serious threat to individual privacy and security. The current defense strategies mainly relied on adversarial example to mislead adversaries’ classifiers. However, the application of these strategies encountered significant limitations in real-world scenarios. On the one hand, existing strategies confine to perturbing the feature space and are unable to impact real traffic. On the other hand, defense methods depend on understanding the attacker model, only proving effective in white-box environments. Given the insufficient research on obfuscating real traffic in black-box environments, the paper proposed a traffic obfuscation method for temporal features based on adversarial example named TAP. TAP was capable of generating effective adversarial perturbations targeting temporal features without requiring access to the adversary’s classifier. The core concept of TAP involved inserting a small number of packets into unidirectional communication flows, effectively resisting traffic analysis based on temporal features without disrupting normal communication. The experimental results show that TAP significantly reduce the accuracy of adversary traffic classification methods, with a bandwidth overhead of no more than 7%.

    Figures and Tables | References | Related Articles | Metrics
    Control Flow Transformation Based Adversarial Example Generation for Attacking Malware Detection GNN Model
    LI Yixuan, JIA Peng, FAN Ximing, CHEN Chen
    2024, 24 (12):  1896-1910.  doi: 10.3969/j.issn.1671-1122.2024.12.008
    Abstract ( 21 )   HTML ( 2 )   PDF (19743KB) ( 3 )  

    The GNN(Graph Neural Network) detector based on control flow graphs has achieved significant results in the field of malware detection, being the current mainstream and most advanced method. Existing adversarial sample generation methods for GNN detection models targeting malware mainly achieve their goals by modifying the basic blocks or edge features of the control flow graph rather than altering the original binary program input to the model. These methods are limited in real-world scenarios, where attackers find it difficult to directly access the feature extraction process of the control flow graph or obtain the intermediate layer features of the model. This paper proposed an adversarial attack framework, IRAttack, that changes the control flow graph of a binary program by transforming the IR (Intermediate Representation) to efficiently generate adversarial samples against control flow graph-based GNN detection models. This paper modify the IR using three operations: inserting semantic NOP(No Operation) instructions, control flow flattening, and control flow obfuscation, to alter the node and structural features of the control flow graph extracted from the binary program. Additionally, This paper combine fuzz testing ideas to select the positions to be modified and the content to be added, thus more effectively generating samples that can mislead GNN detection models. This paper conducted experiments on 5472 benign samples and 5230 malicious samples, using two different feature extraction methods and three model architectures in pairwise combinations, resulting in six models as attack targets. Experimental results show that the average attack success rate of IRAttack, compared to SRLAttack and IMalerAttack under the same conditions, has increased by 46.39% and 62.69%, respectively.

    Figures and Tables | References | Related Articles | Metrics
    A k-Anonymity Completion Method Generated Based on Semantic Fusion Trajectories
    XU Jianfeng, ZHANG Wei, TU Min, WEI Qingting, LAI Zhanqing, WANG Qianqian
    2024, 24 (12):  1911-1921.  doi: 10.3969/j.issn.1671-1122.2024.12.009
    Abstract ( 17 )   HTML ( 1 )   PDF (12592KB) ( 4 )  

    Trajectory privacy protection is one of the hot issues in the field of data security and personal privacy protection. Aiming at the problem that the number of anonymous trajectories might be insufficient in k-anonymous trajectory computation, the article proposed an anonymous trajectory generation method based on semantic fusion. The method selected pairs of trajectories with spacing less than a specified threshold and with pathways, and generates two virtual trajectories with better semantic interpretations after fusion and calibration. Based on the above research results, the article further proposed an anonymous trajectory set complementation algorithm based on semantic fusion trajectory generation. The method first selected trajectories from the anonymous trajectory set as the candidate trajectory set; then, the eligible trajectory pairs were selected from the candidate trajectory set to execute the semantic fusion-based anonymous trajectory generation method, and the eligible generated trajectories were added into the anonymous trajectory set. If the number of anonymous trajectory sets was still not enough to meet the requirements, suitable trajectories could also be selected again from the trajectories eliminated by the k-anonymous trajectory computation to be added to the candidate trajectory set, and the trajectory fusion generation could be performed again. This step also added the eligible generated trajectories into the anonymous trajectory set again until the number of anonymous trajectory sets reached the requirement. The trajectory generation and anonymous trajectory complementation method proposed in the article not only has good interpretability, but also can effectively solve the problem of insufficient number of trajectories that may be encountered in k-anonymous trajectory computation.

    Figures and Tables | References | Related Articles | Metrics
    Research on Malicious URL Detection Using a Multi-Channel Neural Network that Integrates Adversarial Training with BERT-CNN-BiLSTM
    LIU Zhuoxian, WANG Jingya, SHI Tuo
    2024, 24 (12):  1922-1932.  doi: 10.3969/j.issn.1671-1122.2024.12.010
    Abstract ( 17 )   HTML ( 1 )   PDF (14351KB) ( 4 )  

    Malicious URL are identifiers used to locate network resources and are frequently exploited to execute malicious activities such as fraud, extortion, and data theft. They have become critical mediums for numerous cyberattacks in recent years, causing significant harm to victims. Given the increasing prevalence of malicious URL attacks and the inherent complexity, ambiguity, and deceptive nature of malicious URL characteristics, along with the limitations of existing research in terms of insufficient feature extraction and inadequate focus on model robustness and generalization, this paper proposed a malicious URL detection model that integrates adversarial training with a BERT-CNN-BiLSTM multi-channel neural network. The proposed model treated URLs as textual sequences, leveraging the BERT model for preprocessing to extract semantic features, followed by the CNN layer to capture local features and the BiLSTM layer to extract contextual sequential features. Furthermore, adversarial training using the Fast Gradient Method(FGM) introduced perturbations to the embedding layer, enhancing the model’s accuracy and robustness. Experimental results on public datasets demonstrate that the model achieves a classification accuracy of 97.2% on the binary classification task of URL detection. Ablation studies and comparative experiments further validate the model’s significant advantages across multiple evaluation metrics. Additionally, the model exhibits outstanding performance in fine-grained classification tasks of malicious URL, achieving a classification accuracy of 98.25% in a five-class URL classification task.

    Figures and Tables | References | Related Articles | Metrics
    Automated Botnet Detection Method Based on Two-Stage Graph Learning
    ZHANG Xuan, WAN Liang, LUO Heng, YANG Yang
    2024, 24 (12):  1933-1947.  doi: 10.3969/j.issn.1671-1122.2024.12.011
    Abstract ( 25 )   HTML ( 5 )   PDF (19134KB) ( 10 )  

    Botnets had become one of the most serious threats to network infrastructure. Existing botnet detection methods heavily rely on feature engineering, which significantly limits their detection performance in real-world environments. Botnet detection methods based on raw traffic had more advantages in this aspect, especially when leveraging graphs and raw traffic to enhance the identification of abnormal botnet behaviors, which is the focus of this study. This paper proposed an automated botnet detection method based on two-stage graph learning called Graph2BotNet. The approach involved constructing a flow graph from the interaction packets of each bidirectional network flow and building a communication graph based on the communication topology between IPs. The graph isomorphism network model was used to learn the vector representation of the flow graph, embedding the vector representation into the corresponding communication graph nodes, and finally passing it into the second stage-graph neural networks model to classify the nodes. Graph2BotNet leveraged the graph structure to automatically extract flow graph features and, without requiring extensive expert features, combined graph neural network models to perform two-stage graph learning for fast and accurate botnet detection. The experimental results on the ISCX-2014, CTU-13, and CICIDS2017 botnet datasets demonstrate that Graph2BotNet outperforms the current state-of-the-art methods.

    Figures and Tables | References | Related Articles | Metrics
    Analysis for Hotspots and Trends in the Field of Personal Information Protection Based on CiteSpace Tools
    DIAO Yigang
    2024, 24 (12):  1948-1954.  doi: 10.3969/j.issn.1671-1122.2024.12.012
    Abstract ( 18 )   HTML ( 2 )   PDF (8517KB) ( 1 )  

    This essay reviews over 1021 documents from SCI, EI, CSSCI, and CSCD core databases available on CNKI, using CiteSpace tools for literature data visualization and analysis of research hotspots and trends. The essay systematically examined publication volume, collaboration relationships, research hotspots, and emerging trends based on bibliometric theories such as network analysis and thematic evolution analysis. The findings of the essay indicate that the overall research quantity in the field of personal information protection shows a fluctuating upward trend, there is a large number of researchers and institutions involved in this field, and current research hotspots focus on the connotation of personal information, policies and regulations, and technical applications. In addition, future research is expected to move towards empowering the digital economy, improving policies and regulations, and ensuring compliance with personal information protection audits.

    Figures and Tables | References | Related Articles | Metrics
    Cybersecurity Protection Technologies for Critical Information Infrastructure in Hydropower Plants
    LI Wanqing, ZHU Li, LIU Xing’an, ZHENG Wei, GU Yishun
    2024, 24 (12):  1955-1962.  doi: 10.3969/j.issn.1671-1122.2024.12.013
    Abstract ( 28 )   HTML ( 6 )   PDF (8855KB) ( 33 )  

    With the gradual implementation of “Industry 4.0”, the critical information infrastructure in hydropower plants has become increasingly digitalized, intelligent, and networked. However, this progress is accompanied by more severe cybersecurity challenges. This paper provided a brief overview of the application and role of cybersecurity technologies in critical information infrastructure for hydropower plants. It analyzed the current shortcomings of security protection technologies, elaborated on a trusted security architecture for new critical information infrastructure, and proposed an integrated strategy to enhance the security of critical infrastructure. Additionally, it offered a perspective on the future of security protection technologies, providing theoretical and practical references for improving the cybersecurity level of critical information infrastructure in hydropower plants.

    Figures and Tables | References | Related Articles | Metrics