Loading...
Netinfo Security

Table of Content

    10 May 2025, Volume 25 Issue 5 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    An Overview on Lattice-Based Zero-Knowledge Proofs
    PAN Jing, LI Boxun, WAN Beilin, ZHONG Yantao
    2025, 25 (5):  679-688.  doi: 10.3969/j.issn.1671-1122.2025.05.001
    Abstract ( 394 )   HTML ( 150 )   PDF (11488KB) ( 257 )  

    With the rapid development of quantum computing and increasing attentions on privacy protection, post-quantum zero-knowledge proofs have received a permanent interest. This paper primarily focused on the study for lattice-based zero-knowledge proofs. First, a brief overview on current zero-knowledge proofs from lattces was given. Subsequently, we classified these mainstream protocols into three types according to the underlying key techniques they use, followed by deep analysis for their design principle and performance. Finally, we gave a short discussion about the potential reseach line in the future.

    Figures and Tables | References | Related Articles | Metrics
    An Intelligent Detection Method for IEC 61850 Network Attacks Incorporating Temporal and Sequence Features
    LI Jun’e, MA Ziyu, LU Qiuyu, YU Kailong
    2025, 25 (5):  689-699.  doi: 10.3969/j.issn.1671-1122.2025.05.002
    Abstract ( 182 )   HTML ( 53 )   PDF (11478KB) ( 71 )  

    The current intelligent detection methods for IEC 61850 network attacks consider the temporal and sequence features between messages insuficiently and lack of interpretability. To address this issue, an intelligent detection method for IEC 61850 network attacks Incorporating Temporal and sequence features was proposed. Field features and sequence features were extracted with the use of sliding window. The improved AlexNet with optimized activation function, batch normalization algorithm and less dimension of the full connection layers was used as the detection model. Class activation picture generated by gradient-weighted class activation mapping was used for the result interpretation. The experimental results in defediry IEC 61850 network attacks show that the proposed method has a higher accuracy than current methods and can generate class activation pictures with result-related feature markers, which can help to determine the reliability of the result and grasp the details of the attack features.

    Figures and Tables | References | Related Articles | Metrics
    Privacy-Preserving Methods for Streaming Data in Wearable Medical Devices Based on Local Differential Privacy
    ZHAO Feng, FAN Song, ZHAO Yanqi, CHEN Qian
    2025, 25 (5):  700-712.  doi: 10.3969/j.issn.1671-1122.2025.05.003
    Abstract ( 159 )   HTML ( 34 )   PDF (13448KB) ( 70 )  

    The real-time medical data generated by wearable medical devices provide convenience for health monitoring and chronic disease management in terms of real-time monitoring, personalized management. However, the application of these medical data (such as heart rate, blood sugar) is vulnerable to privacy disclosure, especially when the data is shared with third parties. Therefore, how to protect the medical data generated by wearable medical devices has become a crucial issue to be solved. This paper proposed a method of stream data privacy protection for wearable medical devices based on local differential privacy (LDP). First, significant points that can effectively represent the curve trend were identified according to the characteristics of the original stream data, and redundant points other than significant points were deleted to reduce the consumption of the privacy budget, based on which random noise was generated adaptively according to the time scale of significant points. Then, combined with Laplace mechanism, random noise was added to the significant points to protect data privacy. In order to prevent data attackers from inferring the privacy information of the original data stream based on the statistical information contained in the significant points of noise, a Kalman filtering mechanism was designed in the final solution to predict the redundant point data. The experiments on the PAMAP real dataset indicate that, under the same privacy budget, our proposed solution exhibits higher data utility compared to existing privacy protection schemes for wearable medical devices.

    Figures and Tables | References | Related Articles | Metrics
    Dynamic Detection of Ransomware Based on Enhanced API Sequences with Running Parameters
    WEI Songjie, WU Qinqin, YUAN Junyi
    2025, 25 (5):  713-721.  doi: 10.3969/j.issn.1671-1122.2025.05.004
    Abstract ( 143 )   HTML ( 40 )   PDF (10438KB) ( 64 )  

    Current ransomware detection techniques based on API call sequence analysis have been extensively validated for their effectiveness. However, most existing solutions overlooked the impact of runtime parameters in API calls on behavioral analysis, resulting in limited generalization capabilities of the trained models. The article proposed a novel detection method that integrates both unsupervised and supervised learning approaches, considering both API call sequences and runtime parameter configurations. The proposed mechanism first employed feature hashing to map the diverse API call sequences into a finite, controllab le feature space. An unsupervised pre-training approach was then utilized to generate a model capable of learning rich, complex semantic relationships from a large corpus of unlabeled API parameter sequence samples. Subsequently, the model was fine-tuned using labeled ransomware samples to enhance its detection capability. Through extensive experiments, the proposed model achieved an accuracy of 0.978 on a real-world test dataset, demonstrating superior performance compared to other state-of-the-art detection methods.

    Figures and Tables | References | Related Articles | Metrics
    Research on Orthomorphic Permutations Based on Cryptographic Structure
    YANG Yijia, LI Kangquan, SUN Bing
    2025, 25 (5):  722-731.  doi: 10.3969/j.issn.1671-1122.2025.05.005
    Abstract ( 100 )   HTML ( 21 )   PDF (9228KB) ( 40 )  

    Orthomorphic permutations have wide applications in cryptography and coding theory. This paper studied the constructions of orthomorphic permutation using cryptographic structures. Firstly, a two-round-function was constructed based generalized Feistel structure over the extension field with even characteristic and based on this structure, the conditions were given for the transformation being orthomorphic using the rank of matrix. After then, two specific examples of orthomorphic permutations were given. The first one was based on the left shift transform, while the other was based on Feistel and L-MISTY structures. In summary, this paper aims to construct orthomorphic permutations that follow specific cryptographic structures, which will enrich the types of orthomorphic permutations.

    Figures and Tables | References | Related Articles | Metrics
    Research on Price Oracle Manipulation Source Code Detection Method Based on Static Analysis
    YE Jiajun, GAO Cuifeng, XUE Yinxing
    2025, 25 (5):  732-746.  doi: 10.3969/j.issn.1671-1122.2025.05.006
    Abstract ( 126 )   HTML ( 30 )   PDF (17448KB) ( 47 )  

    Aiming at the problem of price oracle manipulation attacks on smart contracts, this paper proposed a price oracle manipulation source code detection method based on static analysis. This approach first established correspondences between caller function variables and called function parameters, as well as between callee function return values and caller variables based on user-input function call relationships. Subsequently, static analysis was applied to the source code of the tested function and other contracts involved during runtime to obtain data flow and controled flow information for each contract. Then, utilized the data flow and controled flow information for individual contracts, along with function call relationships, cross-contract data flow graphs and control flow graphs were constructed to ascertain variable data dependencies and controled dependencies. Finally, the method detected whether the transfer amount in transfer operations and controled statements which the transfer operations controled depend involve manipulation-prone information to determine the existence of price oracle manipulation risk in the tested contract. Experimental results demonstrate that this method effectively detects price oracle manipulation attacks in smart contracts with high precision and recall rates.

    Figures and Tables | References | Related Articles | Metrics
    Lightweight Fine-Grained Multi-Dimensional Multi-Subset Privacy-Preserving Data Aggregation for Smart Grid
    QIN Jinlei, KANG Yimin, LI Zheng
    2025, 25 (5):  747-757.  doi: 10.3969/j.issn.1671-1122.2025.05.007
    Abstract ( 108 )   HTML ( 25 )   PDF (12809KB) ( 28 )  

    In the smart grid, when using smart meters for data collection and transmission, there is a risk of user privacy leakage. Additionally, it faces challenges such as insufficient fine-grained data analysis, high computational overhead, and poor system stability. To address these challenges, a lightweight fine-grained multi-dimensional multi-subset privacy-preserving data aggregation(LFMMP-DA) scheme was proposed. Firstly, the advanced encryption standard (AES) algorithm was used to ensure secure data transmission. Secondly, multi-secret sharing and super-increasing sequences were utilized to achieve fine-grained multi-dimensional and multi-subset aggregation. This method not only enabled the management center to obtain multi-subset data and users’ counts across different dimensions but also ensured that the system could still perform data aggregation and decryption normally, even if smart meters and fog nodes fail simultaneously. Finally, by integrating fog computing, blockchain and interplanetary file system, a data aggregation model with distributed storage was designed. The security analysis and experimental results show that the LFMMP-DA scheme can effectively protect user privacy and data integrity, reducing computational and communication overheads by up to 94.94% and 80.00%, respectively, thus validating the effectiveness of the proposed scheme.

    Figures and Tables | References | Related Articles | Metrics
    Research on Rowhammer Vulnerability Defense Method Based on Remapping Matrix
    WANG Jianxin, XU Hongke, XIAO Chaoen, ZHANG Lei
    2025, 25 (5):  758-766.  doi: 10.3969/j.issn.1671-1122.2025.05.008
    Abstract ( 114 )   HTML ( 24 )   PDF (10371KB) ( 34 )  

    Aiming at the problem of Rowhammer vulnerability in dynamic random access memory (DRAM) of domestic Advanced RISC Machines (ARM) architecture computers, this paper firstly introduced the remapping matrix, and analyzed the causes of Rowhammer vulnerability based on the remapping matrix. Secondly, a Rowhammer vulnerability defense method based on remapping matrix was proposed, which combined physical address remapping with disabling pagemap interface to defend against Rowhammer attacks. Finally, the remapping matrix was realized by changing the DRAM line decoder and column selectors, and the Rowhammer vulnerability defense method was tested on the domestic ARM architecture computers and Xilinx Zynq7000 series. At the same time, the security and performance of this method were analyzed by setting up Vivado integrated development environment. The functional test results show that the Rowhammer vulnerability defense method can effectively resist the Rowhammer attack. The security analysis results show that compared to not taking defensive measures, the occurrence rate of Rowhammer vulnerability decreased by 98.6%. The performance analysis results show that the decoder obtained after the introduction of this defense method has a latency of 0.783ns and a resource occupancy of about 0.002%, which is extremely low, and has little impact on the performance of domestic ARM architecture computers.

    Figures and Tables | References | Related Articles | Metrics
    Universal Perturbations Generation Method Based on High-Level Features and Important Channels
    ZHANG Xinglan, TAO Kejin
    2025, 25 (5):  767-777.  doi: 10.3969/j.issn.1671-1122.2025.05.009
    Abstract ( 94 )   HTML ( 21 )   PDF (12552KB) ( 27 )  

    Deep convolutional neural networks (DCNN) often exhibit insufficient robustness against carefully crafted adversarial examples. Existing gradient-based adversarial example generation methods frequently suffer from weak cross-model transferability due to overfitting to white-box models. To address this issue, this paper proposed a universal perturbations generation method based on high-level features and important channels to enhance the transferability of adversarial examples. The method incorporated three loss modules designed through deep mining of high-level features. First, the category gradient matrix of clean samples for specific classes was multiplied with the high-level feature maps of adversarial examples to construct the high-level feature important channel loss, which guided the perturbation direction in key regions of high-level features. Second, the similarity between global and local high-level feature matrices was calculated as the high-level feature similarity loss to control the perturbation guidance direction. Finally, the classification loss regulated the overall optimization direction during targeted attacks. The proposed method could be jointly trained with gradient update strategies such as DIM, TIM, and SIM during the gradient update process. Extensive experiments on ImageNet and Fashion MNIST datasets against various normally trained and adversarially trained DCNN models demonstrates that the adversarial examples generated by this method achieved significantly superior transferability attack performance compared to existing gradient-based adversarial example generation methods.

    Figures and Tables | References | Related Articles | Metrics
    Multi-State Causal Representation and Inference Model in Uncertain Network Attack Scenarios
    DONG Chunling, FENG Yu, FAN Yongkai
    2025, 25 (5):  778-793.  doi: 10.3969/j.issn.1671-1122.2025.05.010
    Abstract ( 101 )   HTML ( 31 )   PDF (19620KB) ( 39 )  

    One of the challenges in the field of cybersecurity is to conduct a systematic analysis of the uncertainties of cyber-attacks. To solve this challenge, attack graphs are widely used in network security, aiming to describe attacker behavior characteristics and construct attack scenarios. However, current attack graph tools, such as attribute attack graphs, state attack graphs, and Bayesian attack graphs, cannot comprehensively consider the uncertainty factors in network attacks and provide a unified framework for describing network uncertainties. In addition, the time complexity of the algorithm related to calculating the risk probability of nodes in the current attack graph is relatively high, which is difficult to apply in practice. To solve the above problems, this paper proposed a multi-state Dynamic Uncertain Causality Attack Graph (M-DUCAG) model and a node risk probabilistic inference algorithm based on one-side causal chains (One Side-CCRP) to represent and inference the uncertainty factors of the network. The M-DUCAG could represent multiple states of nodes and describe the uncertainties in the process of network attacks based on alarm information. The One Side-CCRP algorithm effectively improved the efficiency and accuracy of inference by expanding the upstream causal chains of the node. Experiments show that the M-DUCAG model is robust in dealing with parameter disturbances and can effectively represent the uncertainties in the process of network attacks. Compared with the variable elimination method, the One Side-CCRP algorithm has higher inference efficiency under limited number alarm evidence, which can satisfy the needs of real-world inference applications.

    Figures and Tables | References | Related Articles | Metrics
    Research on Covert Transformation Method for Malicious Communication Behavior Based on Packet Length Sequence
    YANG Judong, CHEN Xingshu, ZHU Yi
    2025, 25 (5):  794-805.  doi: 10.3969/j.issn.1671-1122.2025.05.011
    Abstract ( 87 )   HTML ( 25 )   PDF (15264KB) ( 48 )  

    To supply variant malicious traffic to network intrusion detection systems (NIDS) for evaluating detection models, this paper investigated a concealment transformation method for malicious communication behavior. First, the paper characterized traffic via packet-length sequences; by modifying these sequences, one can guide data-level transformations of malicious traffic to produce realistic and usable variants, thereby altering packet-length-related statistical features to interfere with NIDS detection. Next, based on packetlength sequences, this paper designed a concealment transformation method which selected, as reference traffic, the normal flow whose packetlength sequence most closely matches that of the malicious flow to be transformed, and then apply two strategies—TCP payload padding and segmentation—to adjust the packet sizes in the malicious flow so that its packetlength sequence resembles that of normal traffic, effectively mimicking normal communication behavior. Finally, this paper constructed test datasets using the DoH-Brw and CIC-AAGM datasets. Experimental results show that the variant malicious traffic generated from DoH-Brw achieves an average detection-rate reduction of over 60% across six NIDS, and variants based on CIC-AAGM yield an average reduction of over 30% across four NIDS, thereby demonstrating the effectiveness of proposed method.

    Figures and Tables | References | Related Articles | Metrics
    Security Analysis of Continuous-Variable Quantum Key Distribution Based on Discretized Polar Modulation and Coarse-Grained Measurement with Finite Range
    YANG Wen, WANG Tianyi, DU Junnan, WANG Cheng
    2025, 25 (5):  806-816.  doi: 10.3969/j.issn.1671-1122.2025.05.012
    Abstract ( 66 )   HTML ( 19 )   PDF (11979KB) ( 21 )  

    The unconditional security of continuous-variable quantum key distribution has been demonstrated under theoretical conditions. However, due to the non-ideal experimental devices in the experimental system, the ideal continuously distributed quantum signals are degraded, which in turn triggers the degradation of the system performance. To bridge the gap between the theory and practice of continuous-variable quantum key distribution, the article considering the impacts of the limited resolution of the modulator at the transmitting end and the detector at the receiving end on the system performance, proposed a model based on discretized polar modulation and coarse-grained measurement with finite range. It also evaluated the bias characteristics of parameter estimation under this model and its impact on the security key rate. Numerical results show that the coupling effect of the discrete effects at the transmitter and the receiver causes deviations in the estimated value of excess noise, leading to an initial increase followed by a decrease and ultimately a sharp decline in the system security key rate. When the channel transmission is between 0.2 and 0.6, the estimation deviation of excess noise can lead to a severe underestimation of the system security key rate, which in turn restricts the maximum transmission distance of the system. The finite range effect of the homodyne detector is the most significant factor inducing the estimation deviation of excess noise, which can be effectively compensated for by adjusting the modulation variance.

    Figures and Tables | References | Related Articles | Metrics
    Lightweight Distributed Authentication Scheme Based on Trusted Digital Identity
    ZHU Xiaoqiang, ZHANG Haowen, LIN Yanzi, LIU Jiqiang
    2025, 25 (5):  817-827.  doi: 10.3969/j.issn.1671-1122.2025.05.013
    Abstract ( 160 )   HTML ( 40 )   PDF (12145KB) ( 81 )  

    Trusted digital identity is a universal credential for real-life and online behavior. With the popularization and application of distributed systems, traditional digital identity management systems have security challenges such as single point failure, lack of interoperability, and privacy infringement. Therefore, it is very important to protect the user’s privacy in the process of trusted digital identity authentication while reducing the system’s resource overhead and improving the authentication efficiency. This paper proposed a lightweight distributed authentication scheme based on trusted digital identity for typical application scenarios of identity authentication. The scheme was based on a trusted digital identity, mapped into a decentralized identity, and combined with a verifiable credential for the verification of the trusted digital identity. Users can control their own identity based on real-person authentication, thereby realizing user-centric identity authentication. Security analysis and performance analysis show that the scheme in this paper has higher security and better performance.

    Figures and Tables | References | Related Articles | Metrics
    Double Branch Neural Network Watermarking Algorithm Based on Wavelet Decomposition and Dynamic Dense Dilated Convolution
    LI Jingyou, XI Xiaotian, WEI Rongle, ZHANG Guangda
    2025, 25 (5):  828-839.  doi: 10.3969/j.issn.1671-1122.2025.05.014
    Abstract ( 68 )   HTML ( 25 )   PDF (13297KB) ( 38 )  

    Deep learning based digital watermarking algorithms mainly tended to embed watermark information into the mid to high frequency regions of the carrier image. They only used convolutional neural networks to map the watermark information to the feature space of the carrier image and ignored the role of frequency domain algorithms. The article proposed a dual branch neural network watermarking algorithm based on wavelet decomposition and dynamic dense dilated convolution. By using wavelet decomposition, it better guided the embedding and extraction of watermark information. This algorithm used discrete wavelet transform to process carrier images and watermark images, decomposed them into high-frequency and low-frequency information, and then used neural networks for targeted learning. Dynamic dense dilated convolution was used to expand the receptive field, enhanced the ability to capture global information while reducing the number of neural network layers. It could also avoid using too many pooling layers that affected the quality of reconstructed images. The experiment show that the algorithm has good invisibility and robustness.

    Figures and Tables | References | Related Articles | Metrics