Loading...
Netinfo Security

Table of Content

    10 March 2026, Volume 26 Issue 3 Previous Issue   
    For Selected: Toggle Thumbnails
    A Survey on Prompt Injection Attacks and Defenses in Large Language Models
    YUAN Ming, ZOU Qilin, YUAN Wenqi, WANG Qun
    2026, 26 (3):  341-354.  doi: 10.3969/j.issn.1671-1122.2026.03.001
    Abstract ( 33 )   HTML ( 19 )   PDF (16367KB) ( 15 )  

    With the widespread application of Large Language Models and their powered AI Agents in various domains, the security of LLMs has become increasingly prominent. As an emerging security threat, prompt injection attacks pose huge security risks to large language models. They exploit the weakness that large language models cannot distinguish user instructions from injected instructions, thereby inducing the model to deviate from the intended task and execute the attacker’s commands, leading to issues such as data leakage and system intrusion. This paper systematically reviewed the current research status of prompt injection attacks, covering attack types such as early direct injection, role-based injection, payload splitting, obfuscation injection, and optimization-based injection. In terms of defenses, this paper classified existing methods into detection-based defenses and prevention-based defenses according to defense mechanisms.

    Figures and Tables | References | Related Articles | Metrics
    Research Progress of Cyber Ranges
    LI Fujuan, WANG Qun
    2026, 26 (3):  355-366.  doi: 10.3969/j.issn.1671-1122.2026.03.002
    Abstract ( 19 )   HTML ( 6 )   PDF (15910KB) ( 5 )  

    Cyber ranges serve as fundamental experimental platforms for cybersecurity research. They provide critical support for security technology validation, professional training, and attack-defense exercises by establishing controlled, reproducible, and virtualized environments. This paper traced the development trajectory of cyber ranges. It begined with early platforms such as the U.S. national cyber range (NCR), Europe’s cyber range federation (CRF), and Japan’s StarBED, illustrating an evolution from isolated, single-function testbeds to collaborative, federated architectures. The analysis further examined the rapid progression within China, highlighting a shift from fundamental technology verification towards integrated, collaborative innovation. Regarding technical architecture, modern cyber ranges demonstrated a multi-layered structure. Core components, including the infrastructure, virtualization, and container layers, leverage advanced virtualization and simulation techniques to construct high-fidelity environments. Key enabling technologies concentrated on three principal areas: automated scenario generation and adversarial interaction, cross-domain coordination, and standardized automated evaluation, collectively forming a robust and comprehensive technological framework. This review concluded that cyber ranges have transformed from static simulation containers into dynamic platforms for capability generation. Consequently, their application has broadened into advanced domains such as federated situational awareness and supply chain security provenance.

    Figures and Tables | References | Related Articles | Metrics
    A Review on the Authenticity Verification of Deepfake Speech
    XU Yanwei, TU Min, ZHANG Liang
    2026, 26 (3):  367-377.  doi: 10.3969/j.issn.1671-1122.2026.03.003
    Abstract ( 15 )   HTML ( 4 )   PDF (14390KB) ( 5 )  

    With the misuse of deepfake speech technology in telecom fraud and online disinformation dissemination, the authenticity verification of high-fidelity synthetic speech presents severe challenges for forensic practice. This paper focused on deepfake-oriented forensic speech authentication as the research subject, and established an integrated technical framework consisting of originality verification, integrity verification, and deepfake detection.For originality verification, this study examined the methodologies and applicable scopes of consistency checking for recording devices and system environments, as well as logical verification of file attributes and metadata. For integrity verification, it systematically elaborated the technical approaches of auditory examination, spectrographic analysis, and other signal-based forensic examinations. For deepfake detection, it summarized detection algorithms, benchmark datasets, and evaluation metrics from the perspectives of global discrimination and local tampering localization. The results demonstrate that an integrated technical paradigm combining file metadata analysis, traditional acoustic forensic examination, and deep learning detection is conducive to ensuring the interpretability, verifiability, and judicial admissibility of forensic identification, thereby providing a theoretical foundation and technical support for speech authenticity verification in complex network environments.

    Figures and Tables | References | Related Articles | Metrics
    DiffGuard: Network Traffic Anomaly Detection Based on Diffusion Models and Adaptive Sequence Learning
    HU Wentao, DING Weijie
    2026, 26 (3):  378-388.  doi: 10.3969/j.issn.1671-1122.2026.03.004
    Abstract ( 30 )   HTML ( 9 )   PDF (13437KB) ( 11 )  

    To address the detection bottlenecks of traditional deep learning methods in handling high-dimensional and dynamic network traffic, this paper proposed DiffGuard, an unsupervised anomaly detection framework. The framework reframed anomaly detection as a generative inpainting task, distinguishing itself from reconstruction-based methods by integrating the generative denoising power of diffusion models with adaptive sequence modeling techniques. Through a conditional reverse denoising process, DiffGuard restored the normal form of a potentially anomalous sequence and quantified the anomaly score by the reconstruction error between the original and the restored data. To enhance temporal modeling, the framework incorporated a Transformer-based conditional encoder to capture long-term dependencies. Concurrently, an adaptive sequence length mechanism based on traffic entropy was designed to dynamically adjust the analysis window to adapt to traffic dynamics. Experiments show that DiffGuard achieves an F1-score of 0.965 on the CIC-IDS-2018 dataset, outperforming mainstream methods. It also obtains an F1-score of 0.955 in detecting stealthy attacks such as Web penetration. The results validate the effectiveness and application potential of the proposed method in complex network security scenarios.

    Figures and Tables | References | Related Articles | Metrics
    Research on Collaborative Defense against Cryptojacking Malware Based on Multi-Source Detection and AI Behavior Analysis
    KANG Wenjie, LIU Yiguo, LIU Xuchong, ZHAO Wei, OUYANG Tianjian, LI Jiaxin
    2026, 26 (3):  389-398.  doi: 10.3969/j.issn.1671-1122.2026.03.005
    Abstract ( 17 )   HTML ( 3 )   PDF (13597KB) ( 2 )  

    With the deep integration of the internet and emerging information technologies, multi-dimensional interconnectivity across industries, regions, and systems has become a core characteristic of modern technological development. The continuous growth and proliferation of blockchain cryptocurrencies have driven the large-scale expansion of illegal mining activities, posing persistent threats to personal privacy, corporate data assets, and critical information infrastructure. In this context, emergency response mechanisms against mining malware have been elevated to the national cybersecurity strategy level. This paper focused on the defense and remediation of mining malware attack chains by constructing a multi-dimensional monitoring system. To verify the feasibility of collaboration between multi-source detection and AI-based behavioral anomaly detection, the study integrated static, host, and network-level feature collection within an isolated environment. A stacking-based ensemble learning approach was adopted to unify multi-source scores and anomaly assessments for final decision-making, with periodic comparative evaluations conducted on detection performance and response latency. By leveraging multi-source detection techniques to reverse-model the propagation pathways of mining malware, a comprehensive emergency response framework was established, covering attack prevention, infection detection, and threat removal. The proposed collaborative defense mechanism combining multi-source detection and AI-driven behavioral analysis demonstrates superior detection effectiveness compared to traditional single-method detection techniques.

    Figures and Tables | References | Related Articles | Metrics
    An AI-Generated Speech Detection Method Integrating Self-Supervised Representations and Multi-Scale Modeling
    LIU Yanfei, LIU Dezhi, FENG Chuanlin, LI A, MAO Bowen
    2026, 26 (3):  399-411.  doi: 10.3969/j.issn.1671-1122.2026.03.006
    Abstract ( 20 )   HTML ( 5 )   PDF (15011KB) ( 4 )  

    With the rapid advancement of artificial intelligence technologies, AI-generated speech has been increasingly exploited for illegal activities such as voice impersonation and telecommunications fraud, posing significant challenges to law enforcement agencies in speech forensics and intelligent prevention systems. Accurately distinguishing genuine human speech from AI-synthesized speech in complex real-world environments has thus become a critical research problem in smart policing and speech security. Existing AI speech detection methods largely rely on traditional acoustic features or single-scale temporal modeling architectures, which exhibit limited capability in characterizing multi-scale synthesis artifacts and suffer from notable performance degradation under cross-model, cross-speaker and noisy conditions. To address these challenged, this paper proposed an AI-generated speech detection method that integrated a self-supervised Wav2Vec2.0 pre-trained model with a multi-scale convolutional neural network. The proposed approach leveraged the pre-trained model to extract high-level speech representations, employed parallel multi-scale convolution to model local anomalous features across different temporal receptive fields, and introduced a multi-head residual gated attention-based statistical pooling mechanism to adaptively aggregate key temporal information. Experimental results demonstrate that the proposed method consistently outperforms traditional baseline models in AI speech detection tasks, achieving improvements of approximately 6.6% in F1-score and 2.1% in AUC, thereby significantly enhancing the detection capability and robustness against synthesized speech. Ablation studies further verify the effectiveness and stability of the multi-scale convolutional architecture and the multi-head gated attention-based statistical pooling mechanism under complex acoustic conditions and cross-generation model scenarios.

    Figures and Tables | References | Related Articles | Metrics
    Research on Network Information Security Gateway Technology Based on Polymorphic Load Balancing Algorithm
    XU Wei, LUO Juan
    2026, 26 (3):  412-419.  doi: 10.3969/j.issn.1671-1122.2026.03.007
    Abstract ( 18 )   HTML ( 4 )   PDF (9590KB) ( 5 )  

    Due to a lack of flexibility and intelligence, traditional network information security gateway techniques struggle to cope with the complex and ever-changing network environment and the increasing threat of network attacks. Performance test results show that in uneven data tests, when the packet sending speed is 1200 Mbps, the packet loss rate of the load balancing model is only 0.11%, and the load balancing degree is optimal. When the number of concurrent requests is 8000, the node balance degree of the fusion model is 1.024, the response time is 2567 ms, and the throughput is 799 packets/second. Experimental results indicate that this method is significantly superior to traditional methods in terms of processing efficiency and throughput. It can significantly reduce server load, improve system response speed, and effectively resist various network attacks in high-traffic and complex network environments.

    Figures and Tables | References | Related Articles | Metrics
    Multi-Level Speech Emotion Recognition Model Integrating Gender and Emotional Intensity Cue Features
    QIN Zhenkai, LUO Qining, NONG Xunyi, YU Xiaochuan, CAO Xiaochun
    2026, 26 (3):  420-431.  doi: 10.3969/j.issn.1671-1122.2026.03.008
    Abstract ( 17 )   HTML ( 6 )   PDF (16170KB) ( 3 )  

    To address the issue of low accuracy in speech emotion recognition under complex scenarios, a sex- and affect-aware convolutional emotion recognition(SACER) model was constructed based on deep convolutional neural networks to enhance the recognition performance. Firstly, the spectral features of the speech signal were extracted using mel-frequency cepstral coefficients (MFCC) to accurately capture the key frequency information in the speech; subsequently, the dynamic prompt feature embedding technique was employed to integrate background information such as gender and emotional intensity, thereby improving the model’s adaptability to individual differences in complex contexts; finally, the local and global features of the speech signal were extracted and jointly modeled at multiple levels through deep convolutional networks to comprehensively capture the subtle emotional fluctuations and global background characteristics of the speech signal. Empirical results on the RAVDESS speech emotion dataset demonstrates that this model outperforms mainstream methods such as attention mechanisms and LSTM-based speech emotion recognition in various emotion categories and different individual differences, achieving an accuracy rate of 94.58%, which is approximately 11.73% higher than the comparison methods on average, proving its high accuracy in the task of speech emotion recognition.

    Figures and Tables | References | Related Articles | Metrics
    FEViT: A Frequency Domain Enhanced ViT for Deepfake Detection
    CHEN Yuqi, QIAN Hanwei, XIA Lingling, WANG Qun
    2026, 26 (3):  432-441.  doi: 10.3969/j.issn.1671-1122.2026.03.009
    Abstract ( 14 )   HTML ( 1 )   PDF (12281KB) ( 4 )  

    The rapid advancement of deepfake technology has led to increasing concerns over social security issues, including AI-based face-swapping, identity forgery, portrait rights violations, and the dissemination of false information. Current deepfake detection methods often rely heavily on specific datasets, resulting in data bias and making it challenging to capture generalizable forgery features across different algorithms and scenarios. Consequently, these methods generally exhibit reduced detection accuracy and limited generalization ability when faced with novel forgery techniques. In response to this, the present study proposed a deepfake detection method FEViT that integrated high-frequency artifact information with visual transformers to enhance the model’s ability to generalize across forgeries from diverse sources. The approach employed a multi-dimensional optimization strategy: first, high-frequency artifact features were accurately extracted by combining Fourier transform and high-pass filtering, thereby amplifying frequency domain differences; second, three optimizations were applied to the visual transformer architecture to improve sensitivity to local anomalies and enhance the classification of complex features. Experimental results demonstrate that the proposed method outperforms existing detection techniques across multiple public datasets, with significant improvements in accuracy, AUC, and F1 score, achieving an average accuracy increase of 8% to 16.4%, and showing strong detection performance and generalization ability.

    Figures and Tables | References | Related Articles | Metrics
    Blockchain Data Provenance Mechanism Integrating Cuckoo Filters and Temporal B+ Tree
    LUO Wenhua, XU Shilong, LYU Tao, ZHANG Ning
    2026, 26 (3):  442-451.  doi: 10.3969/j.issn.1671-1122.2026.03.010
    Abstract ( 14 )   HTML ( 2 )   PDF (11967KB) ( 3 )  

    With the rapid growth of storage scale, information systems generally face challenges such as high security risks to raw data and low efficiency in composite retrieval. To address these issues, this paper proposed a blockchain data provenance mechanism integrating cuckoo filters and temporal B+ tree. By uploading key parameters of off-chain information system data onto the blockchain, the mechanism leveraged the immutability and distributed trust of blockchain to ensure data security. On this basis, smart contracts embedded an optimized cuckoo filter into each level of the temporal B+ tree nodes, adopting a time-slicing strategy to achieve physically isolated storage. Furthermore, a hierarchical hash fingerprint system was constructed through a dynamic network of cuckoo filters, combined with event bitmap aggregation to enable rapid composite queries. Experimental results demonstrate that while maintaining a low false positive rate and efficient storage, the proposed system improves provenance efficiency by more than 20% compared to traditional key-value queries.

    Figures and Tables | References | Related Articles | Metrics
    Anomaly Detection Method for Bitcoin Transactions Based on ADASYN, Lasso Regression, and Ensemble Learning
    CHEN Chao, WANG Nuoxuan, ZHOU Shengli
    2026, 26 (3):  452-461.  doi: 10.3969/j.issn.1671-1122.2026.03.011
    Abstract ( 14 )   HTML ( 2 )   PDF (11262KB) ( 4 )  

    Class imbalance, feature redundancy, and insufficient single-model performance pose major challenges in bitcoin transaction anomaly detection. This paper proposed a anomaly detection method for bitcoin transactions based on adaptive synthetic sampling (ADASYN), Lasso regression, and ensemble learning. The method employed the ADASYN algorithm to oversample an imbalanced dataset, used Lasso regression for feature selection, and adopted a stacking ensemble strategy integrating multiple base classifiers for anomalous transaction identification. Experimental results on the Elliptic++ dataset show that the proposed method achieves the F1-score of 0.7915, a 14.9% improvement over the baseline random forest (RF) model. Ablation experiments show that the synergistic effect of ADASYN and Lasso regression contributes to a 14.6% performance improvement for the RF model. In a small-sample experiment with only 20% training samples, the method achieves the F1-score of 0.6433, with a performance degradation of merely 18.7%.

    Figures and Tables | References | Related Articles | Metrics
    Hidden Link Headline Detection Method Based on Multi-Modal Features
    YIN Jie, LIU Jiayin, HUANG Xiaoyu, LAN Haoliang, XIE Wenwei
    2026, 26 (3):  462-470.  doi: 10.3969/j.issn.1671-1122.2026.03.012
    Abstract ( 16 )   HTML ( 2 )   PDF (9795KB) ( 2 )  

    As the growing phenomenon of web page tampering with implanted hidden links, and the popularity of automatic detection methods, hidden link headline implantation has become one of the important factors endangering network security. Currently, the detection rate of unimodal, natural language processing-based detection techniques gradually decreases as hidden link attackers adopt disguises such as morphological close characters, interference symbols, and emoticons. To address this problem, this paper proposed a multimodal detection method based on image features and text features. The proposed method first extracted the semantic features and image features of the headline text with BERT and ResNet respectively, and then based on the gate function and multi-headed attention methods, the features were deeply fused to achieve the classification of hidden link headlines. Experimental results on the evaluation dataset show that the recognition accuracy of the proposed method can reach 0.966, which is about 1 percentage points higher than that of the benchmark method. This indicates that the image features can effectively overcome the shortage that text features cannot cope with the problem of headline disguise.

    Figures and Tables | References | Related Articles | Metrics
    Key Element Identification of Low-Resource Cases with Label Semantic Enhancement
    XIAO Wen, TU Min
    2026, 26 (3):  471-481.  doi: 10.3969/j.issn.1671-1122.2026.03.013
    Abstract ( 14 )   HTML ( 2 )   PDF (12633KB) ( 2 )  

    The identification of key elements in cases is a core task in intelligent analysis of judicial texts, and has significant value in scenarios such as case retrieval and judicial decision support. However, the “low-resource” nature of scarce labeled data in the judicial domain limits the performance of traditional named entity recognition methods that rely on large-scale labeled data. This paper proposed a recognition model that integrated label semantic information, embedding entity type labels as prompt information into the text encoding process. By constructing an interaction mechanism between label anchor vectors and contextual text vectors, the model explicitly captured the semantic associations between labels and text, enhancing its understanding of element type semantics and its ability to locate element boundaries in low-resource scenarios. Experimental results show that the proposed method outperforms baseline models on low-resource case datasets, demonstrating the enhancement effect of label semantics on key element identification and providing a new solution for low-resource information extraction tasks in the judicial domain.

    Figures and Tables | References | Related Articles | Metrics
    Blockchain Virtual Currency Traceability and Analysis
    LIANG Guangjun, QIU Yuchen, SI Hongtao, WANG Qun, MA Zhuo, CHEN Yuqi
    2026, 26 (3):  482-490.  doi: 10.3969/j.issn.1671-1122.2026.03.014
    Abstract ( 16 )   HTML ( 2 )   PDF (9738KB) ( 4 )  

    The rapid development and surging transaction scale of virtual currencies have provided covert channels for illegal and criminal activities such as money laundering and fraud, threatening financial order and public security. As a public and traceable distributed ledger, the blockchain contains implicit address association topology in its full-chain transaction data, which can serve as the core basis for identifying involved wallets and tracking fund flows. Based on graph theory and data mining technologies, this paper designed and implemented a virtual currency traceability system integrating transaction visualization and anomaly detection. A transaction network model was constructed using Python and Neo4j to visually present address links. The k-means algorithm was applied to cluster multi-dimensional features of addresses, and the Euclidean distance between samples and cluster centers was used to identify anomalies, thus realizing the discrimination of address attributes. After dynamically adjusting feature dimensions and weights, the system successfully located 2 blocked addresses, which verifies the effectiveness and practicality of the proposed method.

    Figures and Tables | References | Related Articles | Metrics
    Analysis of Hotspots and Trends in Cybersecurity Education - A Graph-Based Quantitative Analysis Using CiteSpace
    HUANG Dong, CHEN Zhijun
    2026, 26 (3):  491-499.  doi: 10.3969/j.issn.1671-1122.2026.03.015
    Abstract ( 13 )   HTML ( 3 )   PDF (11513KB) ( 4 )  

    This study employed CiteSpace-generated visual maps to analyze research hotpots and trends across 1172 cybersecurity education-related publications in the CNKI database. Findings indicate that the field has reached a mature stage with stable publication volumes. Research focus has shifted from technical applications and foundational education toward educational practices and strategic policies, with recent emphasis on ideological guidance. Future research trends lean toward comprehensive educational stages, multidimensional approaches and international strategic planning, driving the deepening development of cybersecurity education. National-level guidance in cybersecurity research orientation will better provide robust talent support for the nation’s strategic transformation. Therefore, cybersecurity education and research is not merely a technical issue but also a matter of social and national strategy. Future research will evolve toward intelligent and strategic approaches, providing theoretical support for the increasingly severe cybersecurity challenges ahead.

    Figures and Tables | References | Related Articles | Metrics