Loading...
Netinfo Security

Table of Content

    10 March 2025, Volume 25 Issue 3 Previous Issue   
    For Selected: Toggle Thumbnails
    CONTENTS
    2025, 25 (3):  0-0. 
    Abstract ( 33 )   PDF (1441KB) ( 39 )  
    Related Articles | Metrics
    A Review of Research on Industrial Control System Security
    JIN Zengwang, JIANG Lingyang, DING Junyi, ZHANG Huixiang, ZHAO Bo, FANG Pengfei
    2025, 25 (3):  341-363.  doi: 10.3969/j.issn.1671-1122.2025.03.001
    Abstract ( 35 )   HTML ( 7 )   PDF (28957KB) ( 20 )  

    With the rapid advancement of Industry 4.0 and smart manufacturing, the security of industrial control systems (ICS) has become a critical concern. As the core communication mechanisms of ICS, industrial control protocols are essential for maintaining system stability and protecting data. However, many industrial control protocols lack sufficient network security considerations in their design, making the systems vulnerable to cyberattacks such as malicious software and denial of service, which may endanger corporate interests and even national security. This paper provided a comprehensive review of the security landscape, major challenges, and development trends of industrial control protocols. Firstly, the basic concepts and classifications of industrial control protocols were introduced, and their security characteristics and vulnerabilities were analyzed. Subsequently, the application of symbolic execution, reverse analysis, and fuzz testing in vulnerability mining was discussed in detail. These technologies were particularly effective when dealing with complex industrial protocols. The paper also examined security measures such as encryption, authentication, intrusion detection, and layered defenses. Finally, it explored the application of generative large language models in ICS security, focusing on code generation, network protection, and automation control. These advancements enable ICS to transition from passive defense to proactive protection strategies. Through this research, we aim to enhance the understanding of the security challenges in industrial control protocols and provide practical solutions to improve the reliability and safety of ICS, thereby effectively safeguarding critical infrastructure from potential threats and attacks.

    Figures and Tables | References | Related Articles | Metrics
    A Survey of Anomaly Detection Model for Time Series Data Based on Deep Learning
    CHEN Hongsong, LIU Xinrui, TAO Zimei, WANG Zhiheng
    2025, 25 (3):  364-391.  doi: 10.3969/j.issn.1671-1122.2025.03.002
    Abstract ( 31 )   HTML ( 9 )   PDF (34869KB) ( 11 )  

    Anomaly detection for time series data is an important area of data mining and network security research. This paper focuses on time series anomaly detection techniques, employing literature survey and comparison analysis to thoroughly examine the applications and research progress of deep learning models in this domain. The research firstly introduced the definition and applications of deep time series anomaly detection, followed by an identification of the nine key challenges faced in this area. Time series anomalies were categorized into ten types, and sixteen typical anomaly detection datasets were enumerated, including five datasets related to social network public opinion security. Deep time series anomaly detection models were classified, the paper categorized and summarized nearly fifty relevant models, including those based on semi-supervised incremental learning for detecting abnormal information disseminators in social networks. Furthermore, the research classified these models into three categories according to their learning modes: reconstruction-based, prediction-based, and a fusion model, their advantages, disadvantages and applications were compared. Finally, the research outlined future research directions for deep time series anomaly detection in eight key areas, providing comprehensive perspects on potential advancements in the fields, potential values and technological bottlenecks were analyzed.

    Figures and Tables | References | Related Articles | Metrics
    An Offline-Online Signature Scheme for Industrial Internet of Things Environment
    LI Qiang, SHEN Yuanhai, WANG Jinze, HUANG Yanyu, SUN Jianguo
    2025, 25 (3):  392-402.  doi: 10.3969/j.issn.1671-1122.2025.03.003
    Abstract ( 33 )   HTML ( 4 )   PDF (13233KB) ( 18 )  

    In recent years, industrial Internet of things (IIoT) technology and related industries have developed rapidly, and the data security issues of industrial equipment have received widespread attention. In the past to ensure the legitimacy of industrial equipment identity and data authenticity often use traditional digital signature technology, while the traditional digital signature program has a certificate management or key escrow problems, can not meet the current requirements. In this paper, an offline-online signature scheme for industrial Internet of things environment was proposed, constructing system parameters through bilinear pairing technology, and generating signatures that were divided into two-phase signatures based on offline-online technology. In the offline signature stage there was no need for message participation, responsible for completing computationally intensive cryptographic operations to generate offline signature values. In the online signature stage, only needed to use the prepared offline signature value, the system parameters, and the message that needed to be signed to carry out a small portion of the cryptographic operations to obtain the complete signature value. The scheme was proved to be secure against malicious attacks in the stochastic predicate machine model. This scheme reduces the number of time-consuming calculations in online signatures, significantly reduces the computational cost, while also overcoming the security issues of two types of adversaries.

    Figures and Tables | References | Related Articles | Metrics
    Research on LLM-Based Fuzzing of Native Multimedia Libraries
    XIE Mengfei, FU Jianming, YAO Renyi
    2025, 25 (3):  403-414.  doi: 10.3969/j.issn.1671-1122.2025.03.004
    Abstract ( 29 )   HTML ( 5 )   PDF (16268KB) ( 30 )  

    Multimedia native libraries written in C/C++ can efficiently process audio and video streams by directly accessing underlying system resources, while posing persistent memory threats. However, existing native library fuzzing research lacks specificity for multimedia libraries and faces difficulties in implementing runtime monitoring of closed-source binary programs. The article proposed MediaFuzzer, a fuzzing scheme of native multimedia libraries based on LLM. Through a self-heuristic LLM querying approach, MediaFuzzer could accurately extracted functional semantic information contained in function signatures and subsequently identified potential multimedia native library functions as execution entry points. Furthermore, MediaFuzzer designed and implemented an emulation-based fuzzing framework that built comprehensive runtime monitoring mechanisms at three different levels, including system dependencies, memory management, and code execution, enabling coverage-guided mutation and active memory anomaly detection during the fuzzing process. Experimental evaluation shows that MediaFuzzer identify 1557 multimedia functions across 7 categories from 500 mobile applications, successfully discovering one disclosed vulnerability in WhatsApp and three zero-day vulnerabilities, including one in WeChat.

    Figures and Tables | References | Related Articles | Metrics
    Endogenous Secure Microcontroller Design and Implementation
    YU Hong, LAN Julong, OUYANG Ling
    2025, 25 (3):  415-424.  doi: 10.3969/j.issn.1671-1122.2025.03.005
    Abstract ( 23 )   HTML ( 3 )   PDF (10922KB) ( 5 )  

    In response to the problem that microcontrollers were currently unable to prevent the security threats brought by unknown vulnerabilities and unknown backdoors, the paper first proposed a microcontroller architecture based on dynamic heterogeneous redundancy, grounded in the theory of intrinsic security. Secondly, to overcome the performance bottlenecks caused by the arbitration of dynamic heterogeneous redundancy architecture and to meet the low latency requirements of microcontroller applications, an arbitration output method was proposed to enhance the system’s real-time capabilities, reducing system response latency without compromising system security. In addition, a prototype system of the intrinsically secure microcontroller was designed and implemented, and the system’s security and response latency metrics were tested. The test results indicate that the realized intrinsically secure microcontroller system has higher precision in identifying system attacks, and can reduce the response time by up to 13.78% compared to the traditional method of arbitration before output.

    Figures and Tables | References | Related Articles | Metrics
    Optimization of Real-Time Synchronization Model Based on Rsync Algorithm
    QIN Jinlei, SUN Shanshan, LI Zheng
    2025, 25 (3):  425-437.  doi: 10.3969/j.issn.1671-1122.2025.03.006
    Abstract ( 27 )   HTML ( 5 )   PDF (14897KB) ( 10 )  

    To address the problem of high overheads of computation and comparison of checksums and the complexity of synchronization during the executing of the remote synchronous (Rsync) algorithm, a remote synchronous algorithm with SipHash strong check (RSip_sync) was proposed. First, the SipHash algorithm was adopted while the strong check was calculated. Then the checksum calculation function was reconstructed and its internal structure was also segmented. Second, the verification logic of checksum was updated in order to adapt to the SipHash internal segmentation algorithm whose simple operation and fewer iteration rounds reduced the cost of checksum calculation and comparison. Finally, by the Inotify real-time monitoring file technology, the changes of files in the specified backup directory were monitored in real time so that the real-time automatic synchronization of data could be achieved. The simulation results based on two datasets show that, compared with the Rsync algorithm, RSip_Sync reduces the time by 40.28% for calculating differential data, reduces the synchronization time by 4.91% in overall data synchronization, and improves the synchronization speed by 8.86%. The experimental results have verified the effectiveness of the RSip_sync algorithm which uses strong checksum that is more suitable for remote synchronization, reduces the complexity of block comparison, and enables faster data synchronization.

    Figures and Tables | References | Related Articles | Metrics
    Research on Non-Intrusive Endogenous Security Microservice Model Based on Dynamic Heterogeneous Redundancy
    SHI Lei, LI Shibo, CHENG Guozhen, GAO Yufei
    2025, 25 (3):  438-450.  doi: 10.3969/j.issn.1671-1122.2025.03.007
    Abstract ( 29 )   HTML ( 6 )   PDF (15858KB) ( 5 )  

    Cloud-Native applications based on microservices architecture are highly flexible and efficient but also face multiple security threats. Due to the loosely coupled nature, dynamic independent deployment, and collaborative response of microservice architecture, traditional mimetic Web server adjudication strategies are not adaptable, resulting in issues such as low adjudication efficiency, high memory consumption, and high latency. To address these challenges, this paper proposed a non-intrusive endogenous security microservice model (EnSecDHR) based on a dynamic heterogeneous redundant architecture. The model leveraged a cloud-native API gateway to achieve dynamic heterogeneous redundancy transformation of microservice components. It selected the frequency and categories of system calls, kernel stack, and user stack call information as features, constructed a continuous adjudication model based on a whitelisting mechanism, and provided a short-circuit adjudication mechanism for the adjudicator. This avoided the time consumption associated with waiting for the complete response from each component. Comparative experiments were conducted using buffer overflow vulnerability attacks and vulnerability scanning. The results demonstrate that the EnSecDHR model can effectively enhance the security of the proposed Web server while reducing performance loss and resource consumption, thereby improving the microservice adaptability of the DHR architecture.

    Figures and Tables | References | Related Articles | Metrics
    Construction Method of Cybersecurity Knowledge Graph Based on Ontology
    XU Zhishuang, ZHANG Kun, FAN Junchao, CHANG Xiaolin
    2025, 25 (3):  451-466.  doi: 10.3969/j.issn.1671-1122.2025.03.008
    Abstract ( 40 )   HTML ( 12 )   PDF (18408KB) ( 26 )  

    With the rapid development of information technology, the connection between cyberspace and the real world has become increasingly close. Applying knowledge graph technology to the field of cybersecurity allows for the extraction and integration of fragmented, valuable security knowledge from vast amounts of data in cyberspace, providing support for decision-making. Existing methods face issues such as the lack of a unified standard for ontology models and poor knowledge extraction performance. This paper proposed an ontology-based method for constructing a cybersecurity knowledge graph, which included two models: named entity recognition and relation extraction. The named entity recognition model integrated the BERT pre-trained model, bidirectional long short-term memory network, multi-head attention mechanism, and conditional random fields; the relation extraction model combined the BERT pre-trained model, self-attention mechanism and convolutional neural network. These two models improved the accuracy of named entity recognition and enhanced the accuracy and automation of relation extraction tasks. The proposed method for constructing the cybersecurity knowledge graph can integrate and analyze cybersecurity data, enabling intelligent retrieval of cybersecurity knowledge and automatic updates and expansion of the knowledge graph.

    Figures and Tables | References | Related Articles | Metrics
    ARX Block Cipher Distinguisher Based on Quantum Convolutional Neural Network
    QIN Guangxue, LI Lisha
    2025, 25 (3):  467-477.  doi: 10.3969/j.issn.1671-1122.2025.03.009
    Abstract ( 30 )   HTML ( 6 )   PDF (12371KB) ( 23 )  

    With the development of quantum computers, quantum neural network technology continues to make new breakthroughs. Although the current quantum computing environment is still limited, exploring the potential application areas of quantum neural networks is of great significance for the development of future technologies. Quantum convolutional neural networks, which combine the advantages of quantum computing and the powerful feature extraction capabilities of neural networks, have demonstrated excellent performance in binary classification tasks. This paper proposed a quantum convolutional neural distinguisher, in which data features were encoded into the quantum circuit as a whole rather than in multiple partitions, parameterized quantum convolutional circuit was then trained. Taking SPECK-32 as an example, by used 8 qubits, the accuracy of this distinguisher which runned 5 rounds is 76.8%, surpassed the classical distinguisher under the same resource conditions, and successfully runned to 6 rounds. This paper compared quantum neural distinguishers using convolutional circuits and hardware-efficient Ansatz as training circuits, and the results indicate that the former exhibits higher efficiency. In addition, the quantum convolutional distinguisher successfully operated on reduced-round versions of Speckey, LAX32, SIMON-32 and SIMECK-32 algorithms. Finally, factors influencing the performance of the quantum convolutional neural distinguisher were analyzed.

    Figures and Tables | References | Related Articles | Metrics
    CAN Bus Intrusion Detection Method Based on Spatio-Temporal Graph Neural Networks
    LIU Chenfei, WAN Liang
    2025, 25 (3):  478-493.  doi: 10.3969/j.issn.1671-1122.2025.03.010
    Abstract ( 24 )   HTML ( 6 )   PDF (19529KB) ( 11 )  

    The Controller Area Network in modern intelligent vehicles serves as the primary communication medium connecting various Electronic Control Units. However, it faces numerous security threats due to the lack of encryption and authentication mechanisms. Traditional deep learning-based intrusion detection methods fail to fully consider the contextual relationships and temporal dynamics of CAN messages, leading to insufficient accuracy in detecting complex attacks. This paper proposed a spatio-temporal graph neural network-based intrusion detection method, GNLNet. The method constructed CAN message graphs within predefined time windows using message IDs, captured temporal associations of CAN messages to enhance the modeling of spatio-temporal information. The model first extracted local spatial features using GraphSage, then enhanced node interactions with a bidirectional graph attention network, and finally analyzed time series data with Long Short-Term Memory networks to capture dynamic changes over time. Experimental results on the Car_hacking and Survival_Analysis datasets demonstrate that GNLNet achieve detection accuracy and F1 score to 99% in identifying and classifying complex attacks such as DoS and Fuzzy, surpasses existing methods.

    Figures and Tables | References | Related Articles | Metrics
    An Anonymous Routing Federated Learning Framework for Data Privacy Protection
    LI Jiadong, ZENG Haitao, PENG Li, WANG Xiaoding
    2025, 25 (3):  494-503.  doi: 10.3969/j.issn.1671-1122.2025.03.011
    Abstract ( 28 )   HTML ( 5 )   PDF (11559KB) ( 7 )  

    Federated learning is a distributed machine learning framework that enables multiple participants to collaboratively train a global model without sharing their training data, thereby effectively protecting client data privacy. However, federated learning still faces risks related to model parameter leakage and identity privacy during communication. To address these issues, an anonymous routing federated learning framework for data privacy protection (SecFL) was designed, aimed at ensuring the secure and trustworthy transmission of model parameters in federated learning. SecFL introduced a novel group-pairing the onion router protocol, which used pairing cryptography to encrypt data layer by layer and incorporated the concept of “groups”, allowing all nodes within a group to decrypt the corresponding layer. This not only ensured the confidentiality and security of messages, but also enhanced system anonymity. Experimental results show that compared to the classic onion router and broadcast anonymous routing anonymous routing systems, SecFL achieves a 100% message delivery rate in a shorter time. The anonymity of the source and destination nodes is improved by up to 3.9% and 1.9%, respectively. The path anonymity can be increased by up to 24.8% when half of the nodes are compromised. Additionally, the SecFL framework demonstrates excellent convergence performance in federated learning.

    Figures and Tables | References | Related Articles | Metrics