Loading...
Netinfo Security

Table of Content

    10 August 2025, Volume 25 Issue 8 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    Compatibility Evaluation and Optimization of CAN Bus Intrusion Detection Systems in In-Vehicle Ethernet Environment
    CAO Yue, FANG Boying, WEI Gaoda, LI Jinyu, YANG Yang, PENG Tao
    2025, 25 (8):  1175-1195.  doi: 10.3969/j.issn.1671-1122.2025.08.001
    Abstract ( 157 )   HTML ( 25 )   PDF (25138KB) ( 55 )  

    The rapid development of intelligent connected vehicles has driven the evolution of in-vehicle network architectures from traditional CAN bus to Ethernet with higher bandwidth and stronger scalability. By evaluating the compatibility of the CAN bus intrusion detection system in the in-vehicle Ethernet environment, it is possible to maximize the utilization of existing security resources, providing a systematic solution for the evolution of the security architecture of intelligent connected vehicles while reducing system design costs. However, there are significant differences between CAN bus and in-vehicle Ethernet in terms of communication characteristics, protocol stacks, and data transmission mechanisms. To address the issue of security resource transformation, this paper comprehensively analyzed the Ethernet compatibility of existing CAN intrusion detection systems from four dimensions, including protocol adaptability, detection method compatibility, processing capacity, and expandability. Moreover, optimization strategies such as multi-level protocol adaptation, detection method improvement, real-time performance and resource optimization, and enhanced architecture expandability were proposed.

    Figures and Tables | References | Related Articles | Metrics
    Research on Container Security Framework Based on Namespace and Filesystem Proxy
    LU Xinxi, GUO Jianwei, YUAN Lijuan, LIU Yan, XU Binbin, LIU Yang
    2025, 25 (8):  1196-1207.  doi: 10.3969/j.issn.1671-1122.2025.08.002
    Abstract ( 80 )   HTML ( 18 )   PDF (13947KB) ( 29 )  

    To address the security deficiencies in user identity isolation and filesystem permission control on current container platforms, this paper proposed SecPod, a container security hardening framework based on user namespaces and user-space filesystem proxy mechanisms. Targeting the container runtime layer, SecPod dynamically assigned per-container UID/GID mappings to enforce inter-container identity isolation. Meanwhile, it introduced a container filesystem proxy module that virtualized the container's filesystem view and provided fine-grained access control for file operations. Experimental results show that SecPod effectively blocks various typical container escape and privilege escalation attacks while maintaining compatibility with standard container applications, significantly improving the isolation strength.

    Figures and Tables | References | Related Articles | Metrics
    Deep Attention Network Architecture for Malicious Code Detection
    LI Sicong, WANG Fei, WEI Ziling, CHEN Shuhui
    2025, 25 (8):  1208-1222.  doi: 10.3969/j.issn.1671-1122.2025.08.003
    Abstract ( 134 )   HTML ( 21 )   PDF (18774KB) ( 64 )  

    To address the performance limitations of traditional detection methods caused by the proliferation of malware variants, this paper proposed a Hybrid Multi-Scale Attention Network MSA-ResNet for malware classification. The framework employed a bilinear interpolation algorithm to standardize image sizes while effectively preserving texture features of easily confusable malware families, combined with dynamic data augmentation to optimize input diversity. In the network architecture, a Multi-scale Attention Module was embedded at the end of ResNet50 residual blocks to establish cross-scale feature interaction, reducing feature point correlation distances and improving attention convergence speed. Experimental results demonstrate that the model achieves 99.47% accuracy and 99.46% macro-average F1-score on the Malimg dataset, outperforming the baseline ResNet50 by 1.95% with only a 15% increase in parameters. Compared to state-of-the-art methods, it improves classification accuracy by 0.49% and shows effectiveness in detecting complex variants like Obfuscator.AD.

    Figures and Tables | References | Related Articles | Metrics
    Generative Steganography Method Based on Diffusion Model and Generative Adversarial Network
    XIONG Ao, LIU Yuxiao, QIAN Xusheng, ZHANG Nan
    2025, 25 (8):  1223-1230.  doi: 10.3969/j.issn.1671-1122.2025.08.004
    Abstract ( 95 )   HTML ( 7 )   PDF (9636KB) ( 26 )  

    Generative steganography is an emerging technology that encodes secret messages directly into steganographic images, typically built upon existing image generation frameworks such as generative adversarial networks (GAN) and flow models. However, mainstream generative steganography methods currently exhibit significant shortcomings in two critical dimensions: the accuracy of secret information extraction and image quality. In recent years, diffusion models, as a new generation of image generation technology, have provided novel approaches to addressing this technical bottleneck.This paper proposed a generative steganography method that integrated the denoising diffusion implicit model (DDIM) with GANs. Firstly, encoding the secret message into a Gaussian noise space using GANs. Secondly, transforming the noise into steganographic images via DDIM. Finally, leveraging DDIM's determinism, reversibility, and autoencoder structure to efficiently extract the secret message from the image.Experimental results demonstrate that the proposed method outperforms existing solutions across core metrics, including steganographic security, extraction accuracy, and image quality.

    Figures and Tables | References | Related Articles | Metrics
    WebShell Detection Method Based on Multi-Dimensional Features and LightGBM-AdaBoost
    GAO Jian, HE Junpeng, MIAO Qingqing
    2025, 25 (8):  1231-1239.  doi: 10.3969/j.issn.1671-1122.2025.08.005
    Abstract ( 64 )   HTML ( 8 )   PDF (10091KB) ( 12 )  

    To address the low accuracy of traditional text-based detection methods in identifying WebShell files, as well as the limitations of existing machine learning and deep learning approaches, which tended to focus primarily on PHP WebShell and involved constrained feature selection, this paper proposed the construction of a high-dimensional feature space that incorporates file-intrinsic features, official standard features and BERT-based semantic features, additionally, a LightGBM-AdaBoost ensemble detection model was designed to tackle the challenge of distinguishing between benign files and WebShell in complex language scenarios where simple features fell short. The proposed method enabled efficient detection of both PHP and JSP WebShell types. Experimental results demonstrate that the proposed method achieves high detection accuracies of 99.81% for PHP WebShell and 98.93% for JSP WebShell. Compared with existing methods, this approach significantly improves detection accuracy and expands the types of detection.

    Figures and Tables | References | Related Articles | Metrics
    Review of Network Intrusion Detection System for Unbalanced Data
    JIN Zhigang, LI Zimeng, CHEN Xuyang, LIU Zepei
    2025, 25 (8):  1240-1253.  doi: 10.3969/j.issn.1671-1122.2025.08.006
    Abstract ( 88 )   HTML ( 13 )   PDF (17722KB) ( 32 )  

    Network intrusion detection systems based on machine learning have become a research hotspot in recent years due to their excellent feature extraction and recognition capabilities. However, traffic data is imbalanced, and attack traffic is difficult to capture in real-world networks. The issue of unbalanced data leads to challenges in model generalization and degrades detection performance. To address the problem of unbalanced data, this paper analyzed relevant research in network intrusion detection. Firstly, it introduced the concepts of intrusion detection and unbalanced data and summarized commonly used datasets and evaluation metrics. Secondly, it categorized existing methods from both data and model perspectives and analyzed their advantages and disadvantages. Finally, the paper discussed the problems in current research and the trends in future development.

    Figures and Tables | References | Related Articles | Metrics
    An Attack Path Discovery Method Based on Multi-Agent Adversarial Learning
    ZHANG Guomin, ZHANG Junfeng, TU Zhixin, WANG Zipeng
    2025, 25 (8):  1254-1262.  doi: 10.3969/j.issn.1671-1122.2025.08.007
    Abstract ( 72 )   HTML ( 4 )   PDF (10822KB) ( 33 )  

    Attack path discovery is a key technology in intelligent penetration testing. Due to factors such as security measures, target networks are often in a dynamically changing state. However, existing research methods are trained based on static virtual network environments, and agents struggle to adapt to environmental changes due to the problem of experience invalidation. To address this issue, this paper designed a fully competitive agent adversarial game framework (AGF), which simulated the adversarial game process between red and blue agents in the red team's attack path discovery within dynamic defense networks. Moreover, based on the proximal policy optimization (PPO) algorithm, an improved algorithm named PPODRP was proposed to plan and process states and actions, thereby enabling agents to adapt to dynamic environments. Experimental results show that compared with the traditional PPO algorithm, the PPODRP method achieves higher convergence efficiency in dynamic defense networks and can complete the attack path discovery task at a lower cost.

    Figures and Tables | References | Related Articles | Metrics
    Immune-Based Intrusion Detection Methods for Programmable Data Plane
    SUN Nan, QIN Zhongyuan, HU Aiqun, LI Tao
    2025, 25 (8):  1263-1275.  doi: 10.3969/j.issn.1671-1122.2025.08.008
    Abstract ( 57 )   HTML ( 8 )   PDF (15361KB) ( 14 )  

    This study, aiming at the prominent issue of performance bottlenecks in traditional intrusion detection systems, drawed inspiration from the higher biological immune system and broken through the architectural foundation of the shell-based defense approach in traditional intrusion detection systems. A bio-inspired immune intrusion detection method suitable for programmable data planes was designed. This method utilized the innate immune system to filter traffic, preliminarily intercepting some intrusive traffic. For traffic that remains suspicious, the bio-inspired adaptive immune system was activated to conduct deep feature collection, identification, and processing, achieving efficient detection of intrusive traffic. Experimental results demonstrate that this method can achieve high detection accuracy and low controller load.

    Figures and Tables | References | Related Articles | Metrics
    A Survey on Deep Learning-Based Encrypted Malicious Traffic Detection Methods
    WANG Gang, GAO Yunpeng, YANG Songru, SUN Litao, LIU Naiwei
    2025, 25 (8):  1276-1301.  doi: 10.3969/j.issn.1671-1122.2025.08.009
    Abstract ( 110 )   HTML ( 15 )   PDF (32363KB) ( 41 )  

    With the continuous improvement of network security awareness and the widespread application of encryption technology, encrypted traffic in the network is growing exponentially. Although encryption technology plays an important role in protecting user privacy and data security, it also provides a means for malicious actors to hide their attack behaviors, bringing great challenges to network security supervision and protection. With the increasing amount of encrypted traffic, traditional malicious traffic detection methods are no longer applicable. Deep learning, with its advantages in automatic feature extraction and complex data processing, has become a key technology to improve detection performance. Therefore, this paper systematically reviewed the latest achievements of deep learning in encrypted malicious traffic detection. Firstly, a general encrypted traffic detection framework was proposed according to the general steps of encrypted traffic detection. Secondly, it introduced aspects such as data collection and processing, feature extraction and selection, model methods, and evaluation metrics applied to encrypted malicious traffic detection. It also organized and analyzed existing public datasets and discusses solutions to the problem of data imbalance. Then, from the three perspectives of supervised learning, unsupervised learning, and semi-supervised learning, it compared and analyzed the advantages, disadvantages, and classification performance of different detection methods, and summarized the strengths and weaknesses of different learning methods. Finally, it discussed the open problems in the field of encrypted malicious traffic detection and looked forward to future research directions.

    Figures and Tables | References | Related Articles | Metrics
    Tracing-Free Blockchain Covert Communication Method Based on RBF Mechanism
    SHE Wei, MA Tianxiang, FENG Haige, LIU Wei
    2025, 25 (8):  1302-1312.  doi: 10.3969/j.issn.1671-1122.2025.08.010
    Abstract ( 61 )   HTML ( 5 )   PDF (13117KB) ( 5 )  

    Addressing the limitations of existing blockchain-based covert communication techniques-such as permanent storage of steganographic transaction data, low extraction efficiency, insufficient embedding strength, and poor covertness, this paper proposed an innovative solution based on bitcoin's replace-by-fee (RBF) mechanism. Firstly, the sender encoded the secret message using Base64 and established a mapping between code values and transaction fee rates, leveraging the fee rate to transmit the covert data. This significantly enhances the information embedding capacity per transaction.Secondly, before the steganographic transaction was confirmed, the sender generated a replacement transaction using RBF and abandoned the original steganographic transaction, ensuring only the replacement transaction was recorded on the blockchain. This achieves “zero retention” of steganographic transactions, eliminating security risks associated with permanent data storage. At last, the receiver tracks the sender's address and monitors transaction status in real time. By querying and extracting the embedded information before the original transaction was discarded. Experimental results demonstrate that the proposed method reduces embedding and extraction time from minutes to seconds per byte of information, with an average embedding capacity of 6 bits per transaction. The system outperforms existing solutions in both covertness and anti-traceability.

    Figures and Tables | References | Related Articles | Metrics
    Research on REST API Design Security Testing
    ZHANG Yanyi, RUAN Shuhua, ZHENG Tao
    2025, 25 (8):  1313-1325.  doi: 10.3969/j.issn.1671-1122.2025.08.011
    Abstract ( 67 )   HTML ( 9 )   PDF (15171KB) ( 18 )  

    In the process of REST API design and development, adhering to REST principles, best practices, and other specifications is paramount to ensure the consistency, usability, and security of REST API services. Addressing the issue of inadequate security measures and semantic-level detection mechanisms in REST API design detection, this article introduced the RADSD framework. RADSD was specifically designed to detect security flaws in API designs across various structural levels. Initially, a comprehensive multi-level REST API security design specification library was established by amassing and organizing relevant REST API guidance specifications, augmented by empirical research. Subsequently, tailored detection algorithms were devised for each specification requirement within this library. The integration of large language models into REST API design detection enabled diverse detection methods for both API design syntax and semantics. Experimental results demonstrate that the RADSD framework effectively conducts multi-level detection of real-world REST APIs, pinpointing design security issues, and generating detailed detection reports with an average accuracy rate of 97.1%.

    Figures and Tables | References | Related Articles | Metrics