Editors Recommend
15 October 2022, Volume 8 Issue 5
Comprehensive Review
Survey on explainable knowledge graph reasoning methods
Yi XIA, Mingjng LAN, Xiaohui CHEN, Junyong LUO, Gang ZHOU, Peng HE
2022, 8(5):  1-25.  doi:10.11959/j.issn.2096-109x.2022063
Asbtract ( 56 )   HTML ( 6)   PDF (4689KB) ( 34 )
Figures and Tables | References | Related Articles | Metrics

In recent years, deep learning models have achieved remarkable progress in the prediction and classification tasks of artificial intelligence systems.However, most of the current deep learning models are black box, which means it is not conducive to human cognitive reasoning process.Meanwhile, with the continuous breakthroughs of artificial intelligence in the researches and applications, high-performance complex algorithms, models and systems generally lack the transparency and interpretability of decision making.This makes it difficult to apply the technologies in a wide range of fields requiring strict interpretability, such as national defense, medical care and cyber security.Therefore, the interpretability of artificial intelligence should be integrated into these algorithms and systems in the process of knowledge reasoning.By means of carrying out explicit explainable intelligence reasoning based on discrete symbolic representation and combining technologies in different fields, a behavior explanation mechanism can be formed which is an important way for artificial intelligence to realize data perception to intelligence perception.A comprehensive review of explainable knowledge graph reasoning was given.The concepts of explainable artificial intelligence and knowledge reasoning were introduced briefly.The latest research progress of explainable knowledge graph reasoning methods based on the three paradigms of artificial intelligence was introduced.Specifically, the ideas and improvement process of the algorithms in different scenarios of explainable knowledge graph reasoning were explained in detail.Moreover, the future research direction and the prospect of explainable knowledge graph reasoning were discussed.

Topic: Big Data and Artifical Intelligence Security
GRU-based multi-scenario gait authentication for smartphones
Qi JIANG, Ru FENG, Ruijie ZHANG, Jinhua WANG, Ting CHEN, Fushan WEI
2022, 8(5):  26-39.  doi:10.11959/j.issn.2096-109x.2022060
Asbtract ( 41 )   HTML ( 4)   PDF (3072KB) ( 25 )
Figures and Tables | References | Related Articles | Metrics

At present, most of the gait-based smartphone authentication researches focus on a single controlled scenario without considering the impact of multi-scenario changes on the authentication accuracy.The movement direction of the smartphone and the user changes in different scenarios, and the user’s gait data collected by the orientation-sensitive sensor will be biased accordingly.Therefore, it has become an urgent problem to provide a multi-scenario high-accuracy gait authentication method for smartphones.In addition, the selection of the model training algorithm determines the accuracy and efficiency of gait authentication.The current popular authentication model based on long short-term memory (LSTM) network can achieve high authentication accuracy, but it has many training parameters, large memory footprint, and the training efficiency needs to be improved.In order to solve the above problems a multi-scenario gait authentication scheme for smartphones based on Gate Recurrent Unit (GRU) was proposed.The gait signals were preliminarily denoised by wavelet transform, and the looped gait signals were segmented by an adaptive gait cycle segmentation algorithm.In order to meet the authentication requirements of multi-scenario, the coordinate system transformation method was used to perform direction-independent processing on the gait signals, so as to eliminate the influence of the orientation of the smartphone and the movement of the user on the authentication result.Besides, in order to achieve high-accuracy authentication and efficient model training, GRUs with different architectures and various optimization methods were used to train the gait model.The proposed scheme was experimentally analyzed on publicly available datasets PSR and ZJU-GaitAcc.Compared with the related schemes, the proposed scheme improves the authentication accuracy.Compared with the LSTM-based gait authentication model, the training efficiency of the proposed model is improved by about 20%.

Access control relationship prediction method based on GNN dual source learning
Dibin SHAN, Xuehui DU, Wenjuan WANG, Aodi LIU, Na WANG
2022, 8(5):  40-55.  doi:10.11959/j.issn.2096-109x.2022062
Asbtract ( 45 )   HTML ( 9)   PDF (2153KB) ( 25 )
Figures and Tables | References | Related Articles | Metrics

With the rapid development and wide application of big data technology, users’ unauthorized access to resources becomes one of the main problems that restrict the secure sharing and controlled access to big data resources.The ReBAC (Relationship-Based Access Control) model uses the relationship between entities to formulate access control rules, which enhances the logical expression of policies and realizes dynamic access control.However, It still faces the problems of missing entity relationship data and complex relationship paths of rules.To overcome these problems, a link prediction model LPMDLG based on GNN dual-source learning was proposed to transform the big data entity-relationship prediction problem into a link prediction problem with directed multiple graphs.A topology learning method based on directed enclosing subgraphs was designed in this modeled.And a directed dual-radius node labeling algorithm was proposed to learn the topological structure features of nodes and subgraphs from entity relationship graphs through three segments, including directed enclosing subgraph extraction, subgraph node labeling calculation and topological structure feature learning.A node embedding feature learning method based on directed neighbor subgraph was proposed, which incorporated elements such as attention coefficients and relationship types, and learned its node embedding features through the sessions of directed neighbor subgraph extraction and node embedding feature learning.A two-source fusion scoring network was designed to jointly calculate the edge scores by topology and node embedding to obtain the link prediction results of entity-relationship graphs.The experiment results of link prediction show that the proposed model obtains better prediction results under the evaluation metrics of AUC-PR, MRR and Hits@N compared with the baseline models such as R-GCN, SEAL, GraIL and TACT.The ablation experiment results illustrate that the model’s dual-source learning scheme outperforms the link prediction effect of a single scheme.The rule matching experiment results verify that the model achieves automatic authorization of some entities and compression of the relational path of rules.The model effectively improves the effect of link prediction and it can meet the demand of big data access control relationship prediction.

Privacy-preserving federated learning framework with dynamic weight aggregation
Zuobin YING, Yichen FANG, Yiwen ZHANG
2022, 8(5):  56-65.  doi:10.11959/j.issn.2096-109x.2022069
Asbtract ( 43 )   HTML ( 5)   PDF (2209KB) ( 18 )
Figures and Tables | References | Related Articles | Metrics

There are two problems with the privacy-preserving federal learning framework under an unreliable central server.① A fixed weight, typically the size of each participant’s dataset, is used when aggregating distributed learning models on the central server.However, different participants have non-independent and homogeneously distributed data, then setting fixed aggregation weights would prevent the global model from achieving optimal utility.② Existing frameworks are built on the assumption that the central server is honest, and do not consider the problem of data privacy leakage of participants due to the untrustworthiness of the central server.To address the above issues, based on the popular DP-FedAvg algorithm, a privacy-preserving federated learning DP-DFL algorithm for dynamic weight aggregation under a non-trusted central server was proposed which set a dynamic model aggregation weight.The proposed algorithm learned the model aggregation weight in federated learning directly from the data of different participants, and thus it is applicable to non-independent homogeneously distributed data environment.In addition, the privacy of model parameters was protected using noise in the local model privacy protection phase, which satisfied the untrustworthy central server setting and thus reduced the risk of privacy leakage in the upload of model parameters from local participants.Experiments on dataset CIFAR-10 demonstrate that the DP-DFL algorithm not only provides local privacy guarantees, but also achieves higher accuracy rates with an average accuracy improvement of 2.09% compared to the DP-FedAvg algorithm models.

Robust reinforcement learning algorithm based on pigeon-inspired optimization
Mingying ZHANG, Bing HUA, Yuguang ZHANG, Haidong LI, Mohong ZHENG
2022, 8(5):  66-74.  doi:10.11959/j.issn.2096-109x.2022064
Asbtract ( 45 )   HTML ( 2)   PDF (2332KB) ( 19 )
Figures and Tables | References | Related Articles | Metrics

Reinforcement learning(RL) is an artificial intelligence algorithm with the advantages of clear calculation logic and easy expansion of the model.Through interacting with the environment and maximizing value functions on the premise of obtaining little or no prior information, RL can optimize the performance of strategies and effectively reduce the complexity caused by physical models .The RL algorithm based on strategy gradient has been successfully applied in many fields such as intelligent image recognition, robot control and path planning for automatic driving.However, the highly sampling-dependent characteristics of RL determine that the training process needs a large number of samples to converge, and the accuracy of decision making is easily affected by slight interference that does not match with the simulation environment.Especially when RL is applied to the control field, it is difficult to prove the stability of the algorithm because the convergence of the algorithm cannot be guaranteed.Considering that swarm intelligence algorithm can solve complex problems through group cooperation and has the characteristics of self-organization and strong stability, it is an effective way to be used for improving the stability of RL model.The pigeon-inspired optimization algorithm in swarm intelligence was combined to improve RL based on strategy gradient.A RL algorithm based on pigeon-inspired optimization was proposed to solve the strategy gradient in order to maximize long-term future rewards.Adaptive function of pigeon-inspired optimization algorithm and RL were combined to estimate the advantages and disadvantages of strategies, avoid solving into an infinite loop, and improve the stability of the algorithm.A nonlinear two-wheel inverted pendulum robot control system was selected for simulation verification.The simulation results show that the RL algorithm based on pigeon-inspired optimization can improve the robustness of the system, reduce the computational cost, and reduce the algorithm’s dependence on the sample database.

Papers
Proof of storage with corruption identification and recovery for dynamic group users
Tao JIANG, Hang XU, Liangmin WANG, Jianfeng MA
2022, 8(5):  75-87.  doi:10.11959/j.issn.2096-109x.2022071
Asbtract ( 31 )   HTML ( 5)   PDF (2624KB) ( 17 )
Figures and Tables | References | Related Articles | Metrics

The outsourced storage mode of cloud computing leads to the separation of data ownership and management rights of data owners, which changes the data storage network model and security model.To effectively deal with the software and hardware failures of the cloud server and the potential dishonest service provider and also ensure the availability of the data owners’ data, the design of secure and efficient data availability and recoverability auditing scheme has both theoretical and practical importance in solving the concern of users and ensuring the security of cloud data.However, most of the existing studies were designed for the security and efficiency of data integrity or recoverability schemes, without considering the fast identification and reliable recovery of damaged data under dynamic group users.Thus, to quickly identify and recover damaged data, a publicly verifiable proof of storage scheme was proposed for dynamic group cloud users.The designed scheme enabled a trusted third-party auditor to efficiently identify the damaged files through a challenge-response protocol and allowed the cloud storage server to effectively recover them when the degree of data damage is less than an error correction ability threshold.The scheme combined association calculation and accumulation calculation, which effectively reduced the number of calculations for the identification of damaged data.By combining erasure coding and shared coding technology, the scheme achieved effective recovery of damaged data of dynamic group users.At the same time, the scheme also supported dynamic user revocation, which ensured the integrity audit and reliable recovery of the collective data after user revocation.The network model and threat model of the designed scheme were defined and the security of the scheme under the corresponding security model was proved.Through the prototype implementation of the scheme in the real environment and the modular performance analysis, it is proved that the proposed scheme can effectively identify the damaged data and reliably recover the cloud data when the data is damaged.Besides, compared with other schemes, it is also proved that the proposed scheme has less computational overhead in identifying and recovering damaged data.

New image encryption algorithm based on double chaotic system and compressive sensing
Yuguang YANG, Guodong CAO
2022, 8(5):  88-97.  doi:10.11959/j.issn.2096-109x.2022058
Asbtract ( 27 )   HTML ( 2)   PDF (7609KB) ( 13 )
Figures and Tables | References | Related Articles | Metrics

Image encryption technology plays an important role in today’s multimedia applications and Internet information security transmission.However, most image encryption algorithms still have problems, for example, cipher images occupied high bandwidth during transmission, image encryption speed is slow, image encryption algorithms are not associated with plain image, and there is no complete ciphertext feedback mechanism.These problems all affect the security and easy use of image encryption algorithms.In order to solve the above problems, the compressive sensing technology and chaotic system were studied, and a new image encryption algorithm based on double chaotic system and compressive sensing with plaintext association was proposed.The plaintext image association key was used to associate the plain image hash value with the Logistic chaotic system parameters.Discrete wavelet transform, was used to sparse the plain image.Then the random measurement matrix was generated by the Logistic chaos system, and the image was encrypted once by combining the compressive sensing technique and the random measurement matrix to obtain the intermediate image.The intermediate image was hashed again, and the Rucklidge chaos system initial value was associated with the plain image hash value together.The Rucklidge chaotic system and encryption algorithm were used to control the intermediate image for secondary encryption and accordingly obtain the cipher image.The encryption algorithm was a new plaintext correlation encryption algorithm, which used the image’s own pixel value to control the scrambling of the intermediate image.It also enhanced the plaintext association and established a ciphertext feedback mechanism.Simulation results and performance analysis show that the algorithm has good encryption performance.The encrypted image can be compressed according to the compression ratio, effectively reducing the size of the cipher image.Moreover, it is resistant to common attacks such as known plaintext attack, selective plaintext attack and differential attack, which is better than other common image encryption algorithms.

Hardcoded vulnerability detection approach for IoT device firmware
Chao MU, Xin WANG, Ming YANG, Heng ZHANG, Zhenya CHEN, Xiaoming WU
2022, 8(5):  98-110.  doi:10.11959/j.issn.2096-109x.2022070
Asbtract ( 32 )   HTML ( 5)   PDF (2603KB) ( 21 )
Figures and Tables | References | Related Articles | Metrics

With the popularization of IoT devices, more and more valuable data is generated.Analyzing and mining big data based on IoT devices has become a hot topic in the academic and industrial circles in recent years.However, due to the lack of necessary detection and protection methods, many IoT devices have serious information security risks.In particular, device hard-coded information is closely related to system encryption and decryption, identity authentication and other functions, which can provide confidentiality protection for core data.Once this information is exploited by malicious attackers, serious consequences such as sensitive information leakage, backdoor attacks, and unauthorized logins will occur.In response to this problem, a multi-type character recognition and positioning scheme was designed and a hard-coded vulnerability detection method in executable files was proposed based on the study of the characteristics of hard-coded vulnerabilities in IoT devices.The proposed method extracted the firmware of IoT devices and filtered all executable files as the source to be analyzed.Then, a solution to identify and locate three types of hard-coded characters was provided.Further, the reachability of the function, where the hard-coded character was located, was analyzed according to the function call relationship.Meanwhile, the instruction heterogeneity was mitigated by an intermediate representation (IR) model.The character and parameter hard-coded values was obtained through a data flow analysis approach.A symbolic execution method was devised to determine the trigger conditions of the hard-coded vulnerabilities, and then the vulnerability detection result was output.On the one hand, the proposed method introduced the method of symbolic execution based on the use of the intermediate representation model, which eliminated the dependency of instruction architecture and reduces the false positive rate of vulnerabilities; On the other hand, this method can integrate characters, files, and cryptographic implementation to realize the different characteristics of three types of hard-coded characters, which increased the coverage of vulnerability detection and improves the versatility of the detection method.The experimental results show that the proposed method can effectively detect three types of hard-coded vulnerabilities of characters, files and cryptographic implementation in various IoT devices, and has good detection accuracy, which can provide certain guidance for the deployment of subsequent security protection technologies.

Bytecode-based approach for Ethereum smart contract classification
Dan LIN, Kaixin LIN, Jiajing WU, Zibin ZHENG
2022, 8(5):  111-120.  doi:10.11959/j.issn.2096-109x.2022046
Asbtract ( 35 )   HTML ( 4)   PDF (1144KB) ( 18 )
Figures and Tables | References | Related Articles | Metrics

In recent years, blockchain technology has been widely used and concerned in many fields, including finance, medical care and government affairs.However, due to the immutability of smart contracts and the particularity of the operating environment, various security issues occur frequently.On the one hand, the code security problems of contract developers when writing contracts, on the other hand, there are many high-risk smart contracts in Ethereum, and ordinary users are easily attracted by the high returns provided by high-risk contracts, but they have no way to know the risks of the contracts.However, the research on smart contract security mainly focuses on code security, and there is relatively little research on the identification of contract functions.If the smart contract function can be accurately classified, it will help people better understand the behavior of smart contracts, while ensuring the ecological security of smart contracts and reducing or recovering user losses.Existing smart contract classification methods often rely on the analysis of the source code of smart contracts, but contracts released on Ethereum only mandate the deployment of bytecode, and only a very small number of contracts publish their source code.Therefore, an Ethereum smart contract classification method based on bytecode was proposed.Collect the Ethereum smart contract bytecode and the corresponding category label, and then extract the opcode frequency characteristics and control flow graph characteristics.The characteristic importance is analyzed experimentally to obtain the appropriate graph vector dimension and optimal classification model, and finally the multi-classification task of smart contract in five categories of exchange, finance, gambling, game and high risk is experimentally verified, and the F1 score of the XGBoost classifier reaches 0.913 8.Experimental results show that the algorithm can better complete the classification task of Ethereum smart contracts, and can be applied to the prediction of smart contract categories in reality.

Qualitative modeling and analysis of attack surface for process multi-variant execution software system
Fukang XING, Zheng ZHANG, Ran SUI, Sheng QU, Xinsheng JI
2022, 8(5):  121-128.  doi:10.11959/j.issn.2096-109x.2022059
Asbtract ( 25 )   HTML ( 4)   PDF (1047KB) ( 10 )
Figures and Tables | References | Related Articles | Metrics

Attack surface is an important index to measure security of software system.The general attack surface model is based on the I/O automata model to model the software system, which generally uses a non-redundant architecture and it is difficult to apply to heterogeneous redundant system architectures such as multi variant systems.Manadhatad et al.proposed a method to measure the attack surface in a dissimilar redundancy system.However, the voting granularity and voting method of the system architecture adopted by Manadhatad are different from those of the multi-variant system, which cannot accurately measure the attack surface of the multi variant system.Therefore, based on the traditional attack surface model, combined with the characteristics of heterogeneous redundant architecture of multi variant systems, the traditional attack surface model was extended and the attack surface model of multivariant systems was constructed.The attack surface of the multi variant system was represented in a formal way, and the traditional attack surface model was improved according to the voting mechanism of the multi variant system at the exit point of the system, so that it can explain the phenomenon that the attack surface of the multi variant system shrinks.Through this modeling method, the change of the attack surface of the multi variant system adopting the multi variant architecture can be explained in the running process.Then, two groups of software systems with multi variant execution architecture were used as analyzing examples.The attack surface of the software systems with the same functions as those without multi variant architecture were compared and analyzed in two situations of being attacked and not being attacked, reflecting the changes of the multi variant system in the attack surface.Combining the attack surface theory and the characteristics of the multi variant execution system, an attack surface modeling method for the multi variant execution system was proposed.At present, the changes of the attack surface of the multi variant execution system can be qualitatively analyzed.In-depth research in the quantitative analysis of the attack surface of the multi variant execution system will be continually conducted.

Further accelerating the search of differential characteristics based on the SAT method
Zheng XU
2022, 8(5):  129-139.  doi:10.11959/j.issn.2096-109x.2022066
Asbtract ( 30 )   HTML ( 2)   PDF (1624KB) ( 12 )
Figures and Tables | References | Related Articles | Metrics

Sun et al.’s method of using Matsui’s bounding conditions to accelerate the search of differential characteristics was reviewed.Matsui’s boundary conditions and Sun et al.’s method of using Matsui’s bounding conditions to accelerate the search of differential characteristics were improved for better search efficiency.Then an improved method to search for the optimal differential characteristics in block ciphers was proposed.Besides, the accelerating effects of the number of threads and the query condition were investigated, and a strategy for choosing the number of threads and the query condition were proposed.STP and CryptoMiniSat were used to search for 8-round SPECK96 differential characteristics with probabilities of 2- 24, 2- 25, 2- 26and 11-round HIGHT differential characteristics with a probability of 2- 39, then the time-consuming of solving SAT/SMT problems under different number of threads and query conditions were compared.It was found that the number of threads has a great effect on the time consumption of searching for differential characteristics, while the query condition may have little effect on the time consumption of searching for differential characteristics.Then, a strategy on how to select the number of threads and the query condition was proposed.Furthermore, it was found that STP can affect the overall efficiency of the search.According to the proposed strategy, the 11-round optimal differential characteristics of HIGHT were searched by using the improved bounding conditions and improved method.A tight bound for the probability of the 11-round optimal differential characteristics of HIGHT was obtained for the first time, i.e.2- 45.To the best of our knowledge, the existing tightest bound of the optimal 11-round HIGHT is ${P}_{\text{Opt}}^{11}\ge {2}^{-45}$ .This means that using the existing tightest bound of the optimal 11-round HIGHT cannot give an accurate evaluation of the security of 11-round HIGHT against differential cryptanalysis.Therefore, the result is the best-known result.

Post-quantum encryption technology based on BRLWE for internet of things
Yitian GAO, Liquan CHEN, Tianyang TU, Yuan GAO, Qianye CHEN
2022, 8(5):  140-149.  doi:10.11959/j.issn.2096-109x.2022024
Asbtract ( 27 )   HTML ( 1)   PDF (864KB) ( 21 )
Figures and Tables | References | Related Articles | Metrics

With the development of quantum computers, the classical public key encryption system is not capable enough to guarantee the communication security of internet of things (IoT).Because the mathematical puzzles which post-quantum encryption algorithms are based on cannot yet be broken by quantum computers, these new algorithms have good anti-quantum computing security.In particular, the lattice-based cryptography is expected to become the main technology of the next generation public key cryptosystem.However, post-quantum encryption algorithms have the disadvantages of large amount of computation and high storage space.The communication efficiency of IoT will be affected if post-quantum encryption algorithms are directly applied to the lightweight device under IoT environment.In order to better guarantee the communication security and improve the commutation efficiency of IoT, Sym-BRLWE (symmetrical binary RLWE) encryption scheme was proposed.Sym-BRLWE was improved from the existing post-quantum encryption scheme based on BRLWE (binary ringlearning with errors) problem.Specifically, Sym-BRLWE encryption algorithm met the efficiency requirements of IoT via improving the random number selection on the discrete uniform distribution and the calculation of the polynomial multiplication.Sym-BRLWE encryption algorithm achieved high efficiency and high security via adding encryption security precautions, then it is more suitable for IoT lightweight devices.From the security analysis, the proposed Sym-BRLWE encryption scheme had high security.It could theoretically resist lattice attacks, timing attacks, simple power analysis (SPA) and differential power analysis (DPA).From simulation experiments, which were carried out in a binary computing environment simulating an 8-bit micro-device, the proposed Sym-BRLWE encryption scheme has high efficiency and small key size in encryption and decryption.It could reduce the total encryption time by 30% to 40% when compared with other BRLWE-based encryption schemes with the parameter selection of the 140 bit quantum security level.

Analysis on anonymity and regulation of digital currency transactions based on game theory
Xian ZHANG, Jianming ZHU, Zhiyuan SUI, Shengzhi MING
2022, 8(5):  150-157.  doi:10.11959/j.issn.2096-109x.2022068
Asbtract ( 36 )   HTML ( 6)   PDF (1282KB) ( 14 )
Figures and Tables | References | Related Articles | Metrics

By using technologies such as blockchain, digital currency, as a new type of monetary asset, has been promoting the development of digital economy.Digital currency trading platform plays an important role in the use of private digital currency by digital currency users.Existing digital currency trading platforms may expose users’ privacy and provide illegal elements with the conditions to participate in various abnormal trading behaviors such as“air dropping” events, extortion, fraud, etc.The strong anonymity protection of users by digital currency trading platforms also make it more difficult for regulatory authorities to supervise digital currency transactions.Therefore, the strength of the anonymity protection of users by digital currency trading platforms need to consider not only the privacy protection of users, but also meet the regulatory requirements.For this reason, based on the analysis of the relationship between the digital currency trading platforms and the supervisory departments, an evolutionary game model was established, the digital currency trading platform and the supervisory game model were defined and constructed, and the replication dynamic equation was solved and the balanced solution was obtained according to the income matrix between the digital currency trading platform and the supervisory department.By building a Jacobian matrix, the stability of the evolutionary system under different parameters was analyzed.Besides, the evolutionary stable selection and strategy of the digital currency trading platform and the regulatory authority under different conditions were also analyzed.With Matlab, different strategies of anonymity protection of the digital currency trading platform and different strategies of supervision strategy of the regulatory department were simulated to verify the accuracy of the game model.Based on the results of the simulations, some suggestions on the supervision of digital currency trading platforms are put forward, which provides a theoretical basis for the future supervision of digital currency trading platforms in China.

CAT-RFE: ensemble detection framework for click fraud
Yixiang LU, Guanggang GENG, Zhiwei YAN, Xiaomin ZHU, Xinchang ZHANG
2022, 8(5):  158-166.  doi:10.11959/j.issn.2096-109x.2022065
Asbtract ( 23 )   HTML ( 1)   PDF (1355KB) ( 13 )
Figures and Tables | References | Related Articles | Metrics

Click fraud is one of the most common methods of cybercrime in recent years, and the Internet advertising industry suffers huge losses every year because of click fraud.In order to effectively detect fraudulent clicks within massive clicks, a variety of features that fully combine the relationship between advertising clicks and time attributes were constructed.Besides, an ensemble learning framework for click fraud detection was proposed, namely CAT-RFE ensemble learning framework.The CAT-RFE ensemble learning framework consisted of three parts: base classifier, recursive feature elimination (RFE) and voting ensemble learning.Among them, the gradient boosting model suitable for category features-CatBoost was used as the base classifier.RFE was a feature selection method based on greedy strategy, which can select a better feature combination from multiple sets of features.Voting ensemble learning was a learning method that combined the results of multiple base classifiers by voting.The framework obtained multiple sets of optimal feature combinations in the feature space through CatBoost and RFE, and then integrated the training results under these feature combinations through voting to obtain integrated click fraud detection results.The framework adopted the same base classifier and ensemble learning method, which not only overcame the problem of unsatisfactory integrated results due to the mutual constraints of different classifiers, but also overcame the tendency of RFE to fall into a local optimal solution when selecting features, so that it had better detection ability.The performance evaluation and comparative experimental results on the actual Internet click fraud dataset show that the click fraud detection ability of the CAT-RFE ensemble learning framework exceeds that of the CatBoost method, the combined method of CatBoost and RFE, and other machine learning methods, proving that the framework has good competitiveness.The proposed framework provides a feasible solution for Internet advertising click fraud detection.

Image recoloring detection based on inter-channel correlation
Nuo CHEN, Shuren QI, Yushu ZHANG, Mingfu XUE, Zhongyun HUA
2022, 8(5):  167-178.  doi:10.11959/j.issn.2096-109x.2022057
Asbtract ( 29 )   HTML ( 3)   PDF (13200KB) ( 21 )
Figures and Tables | References | Related Articles | Metrics

Image recoloring is an emerging editing technique that can change the color style of an image by modifying pixel values.With the rapid proliferation of social networks and image editing techniques, recolored images have seriously hampered the authenticity of the communicated information.However, there are few works specifically designed for image recoloring.Existing recoloring detection methods still have much improvement space in conventional recoloring scenarios and are ineffective in dealing with hand-crafted recolored images.For this purpose, a recolored image detection method based on inter-channel correlation was proposed for conventional recoloring and hand-crafted recoloring scenarios.Based on the phenomenon that there were significant disparities between camera imaging and recolored image generation methods, the hypothesis that recoloring operations might destroy the inter-channel correlation of natural images was proposed.The numerical analysis demonstrated that the inter-channel correlation disparities can be used as an important discriminative metric to distinguish between recolored images and natural images.Based on such new prior knowledge, the proposed method obtained the inter-channel correlation feature set of the image.The feature set was extracted from the channel co-occurrence matrix of the first-order differential residuals of the differential image.In addition, three detection scenarios were assumed based on practical situations, including scenarios with matching and mismatching between training-testing data, and scenario with hand-crafted recoloring.Experimental results show that the proposed method can accurately identify recolored images and outperforms existing methods in all three hypothetical scenarios, achieving state-of-the-art detection accuracy.In addition, the proposed method is less dependent on the amount of training data and can achieve fairly accurate prediction results with limited training data.

Novel continuous identity authentication method based on mouse behavior
Cong YI, Jun HU
2022, 8(5):  179-188.  doi:10.11959/j.issn.2096-109x.2022067
Asbtract ( 29 )   HTML ( 8)   PDF (1115KB) ( 14 )
Figures and Tables | References | Related Articles | Metrics

With the rapid development of Internet technologies, security issues have always been the hot topics.Continuous identity authentication based on mouse behavior plays a crucial role in protecting computer systems, but there are still some problems to be solved.Aiming at the problems of low authentication accuracy and long authentication latency in mouse behavior authentication method, a new continuous identity authentication method based on mouse behavior was proposed.The method divided the user’s mouse event sequence into corresponding mouse behaviors according to different types, and mined mouse behavior characteristics from various aspects based on mouse behaviors.Thereby, the differences in mouse behavior of different users can be better represented, and the authentication accuracy can be improved.Besides, the importance of mouse behavior features was obtained by the ReliefF algorithm, and on this basis, the irrelevant or redundant features of mouse behavior were removed by combining the neighborhood rough set to reduce model complexity and modeling time.Moreover binary classification was adopted.The algorithm performed the training of the authentication model.During identity authentication, the authentication model was used to obtain a classification score based on the mouse behavior collected each time, and then the user’s trust value was updated in combination with the trust model.When the user’s trust value fell below the threshold of the trust model, it might be judged as illegal user.The authentication effect of the proposed method was simulated on the Balabit and DFL datasets.The results show that, compared with the methods in other literatures, this method not only improves the authentication accuracy and reduces the authentication latency, but also has a certain robustness to the illegal intrusion of external users.

 Chinese Journal of Network and Information Security. 2017 Vol. 3 (3): 71-77 doi: 10.11959/j.issn.2096-109x.2017.00157 Abstract （5944）   HTML （73）    PDF （169KB）（61619）
 Survey of block chain Xin SHEN,Qing-qi PEI,Xue-feng LIU Chinese Journal of Network and Information Security. 2016 Vol. 2 (11): 11-20 doi: 10.11959/j.issn.2096-109x.2016.00107 Abstract （18284）   HTML （1718）    PDF （461KB）（25949）
 Study on BGP route leak Jia JIA,Zhi-wei YAN,Guang-gang GENG,Jian JIN Chinese Journal of Network and Information Security. 2016 Vol. 2 (8): 54-61 doi: 10.11959/j.issn.2096-109x.2016.00074 Abstract （2911）   HTML （86）    PDF （472KB）（20379）
 Research on host malcode detection using machine learning Dong ZHANG,Yao ZHANG,Gang LIU,Gui-xiang SONG Chinese Journal of Network and Information Security. 2017 Vol. 3 (7): 25-32 doi: 10.11959/j.issn.2096-109x.2017.00179 Abstract （2563）   HTML （90）    PDF （648KB）（11758）
 Supply chain dynamic multi-center coordination authentication model based on block chain Jian-ming ZHU,Yong-gui FU Chinese Journal of Network and Information Security. 2016 Vol. 2 (1): 27-33 doi: 10.11959/j.issn.2096-109x.2016.00019 Abstract （6006）   HTML （118）    PDF （1052KB）（10901）
 Define cyberspace security Binxing FANG Chinese Journal of Network and Information Security. 2018 Vol. 4 (1): 1-5 doi: 10.11959/j.issn.2096-109x.2018002 Abstract （4425）   HTML （199）    PDF （456KB）（10072）
 Research progress and trend of text summarization Tuosiyu MING, Hongchang CHEN Chinese Journal of Network and Information Security. 2018 Vol. 4 (6): 1-10 doi: 10.11959/j.issn.2096-109x.2018048 Abstract （5474）   HTML （76）    PDF （568KB）（9850）
 Review of key technology and its application of blockchain Feng ZHANG, Boxuan SHI, Wenbao JIANG Chinese Journal of Network and Information Security. 2018 Vol. 4 (4): 22-29 doi: 10.11959/j.issn.2096-109x.2018028 Abstract （4917）   HTML （388）    PDF （690KB）（9016）
 Machine learning security and privacy:a survey Lei SONG, Chunguang MA, Guanghan DUAN Chinese Journal of Network and Information Security. 2018 Vol. 4 (8): 1-11 doi: 10.11959/j.issn.2096-109x.2018067 Abstract （5666）   HTML （194）    PDF （701KB）（8996）
 Analysis and enlightenment on the cybersecurity strategy of various countries in the world Yu-xiao LI,Yong-jiang XIE Chinese Journal of Network and Information Security. 2016 Vol. 2 (1): 1-5 doi: 10.11959/j.issn.2096-109x.2016.00017 Abstract （2393）   HTML （48）    PDF （374KB）（8722）
 Research of phishing detection technology Xi ZHANG,Zhi-wei YAN,Hong-tao LI,Guang-gang GENG Chinese Journal of Network and Information Security. 2017 Vol. 3 (7): 7-24 doi: 10.11959/j.issn.2096-109x.2017.00180 Abstract （2241）   HTML （61）    PDF （870KB）（8299）
 Survey of DDoS defense:challenges and directions Fei CHEN,Xiao-hong BI,Jing-jing WANG,Yuan LIU Chinese Journal of Network and Information Security. 2017 Vol. 3 (10): 16-24 doi: 10.11959/j.issn.2096-109x.2017.00202 Abstract （2440）   HTML （53）    PDF （555KB）（8003）
 Machine learning algorithm for intelligent detection of WebShell Hua DAI,Jing LI,Xin-dai LU,Xin SUN Chinese Journal of Network and Information Security. 2017 Vol. 3 (4): 51-57 doi: 10.11959/j.issn.2096-109x.2017.00126 Abstract （2674）   HTML （50）    PDF （671KB）（7762）
 Symbolic execution based control flow graph extraction method for Android native codes Hui-ying YAN,Zhen-ji ZHOU,Li-fa WU,Zheng HONG,He SUN Chinese Journal of Network and Information Security. 2017 Vol. 3 (7): 33-46 doi: 10.11959/j.issn.2096-109x.2017.00178 Abstract （1444）   HTML （8）    PDF （619KB）（7756）
 Data security and protection techniques in big data:a survey Kai-min WEI,Jian WENG,Kui REN Chinese Journal of Network and Information Security. 2016 Vol. 2 (4): 1-11 doi: 10.11959/j.issn.2096-109x.2016.00046 Abstract （3737）   HTML （89）    PDF （1446KB）（7458）
 Suggestions on cyber security talents cultivation Hui LI,Ning ZHANG Chinese Journal of Network and Information Security. 2015 Vol. 1 (1): 18-23 doi: 10.11959/j.issn.2096-109x.2015.00003 Abstract （2032）   HTML （50）    PDF （357KB）（7165）
 Malware classification method based on static multiple-feature fusion Bo-wen SUN,Yan-yi HUANG,Qiao-kun WEN,Bin TIAN,Peng WU,Qi LI Chinese Journal of Network and Information Security. 2017 Vol. 3 (11): 68-76 doi: 10.11959/j.issn.2096-109x.2017.00217 Abstract （1483）   HTML （54）    PDF （529KB）（7072）
 Progress of research on privacy protection for data publication and data mining Jiao WANG,Ke-feng FAN,Yong WANG Chinese Journal of Network and Information Security. 2016 Vol. 2 (1): 18-26 doi: 10.11959/j.issn.2096-109x.2016.00021 Abstract （1458）   HTML （15）    PDF （965KB）（6606）
 Analysis of cyberspace security based on game theory Jian-ming ZHU,Qin WANG Chinese Journal of Network and Information Security. 2015 Vol. 1 (1): 43-49 doi: 10.11959/j.issn.2096-109x.2015.00006 Abstract （2024）   HTML （41）    PDF （764KB）（6491）
 Survey on research of mini-drones security Wei LIU,Bing-wen FENG,Jian WENG Chinese Journal of Network and Information Security. 2016 Vol. 2 (3): 39-45 doi: 10.11959/j.issn.2909-109x.2016.00037 Abstract （2950）   HTML （42）    PDF （546KB）（6085）
 Survey of block chain Xin SHEN,Qing-qi PEI,Xue-feng LIU Chinese Journal of Network and Information Security. 2016 Vol. 2 (11): 11-20 doi: 10.11959/j.issn.2096-109x.2016.00107 Abstract( 18284 )   HTML PDF (461KB) (25949)
 Relation extraction based on CNN and Bi-LSTM Xiaobin ZHANG, Fucai CHEN, Ruiyang HUANG Chinese Journal of Network and Information Security. 2018 Vol. 4 (9): 44-51 doi: 10.11959/j.issn.2096-109x.2018074 Abstract( 8525 )   HTML PDF (618KB) (3731)
 Blockchain-based digital copyright trading system Li LI,Siqin ZHOU,Qin LIU,Debiao HE Chinese Journal of Network and Information Security. 2018 Vol. 4 (7): 22-29 doi: 10.11959/j.issn.2096-109x.2018060 Abstract( 8457 )   HTML PDF (771KB) (3630)
 Supply chain dynamic multi-center coordination authentication model based on block chain Jian-ming ZHU,Yong-gui FU Chinese Journal of Network and Information Security. 2016 Vol. 2 (1): 27-33 doi: 10.11959/j.issn.2096-109x.2016.00019 Abstract( 6006 )   HTML PDF (1052KB) (10901)
 Chinese Journal of Network and Information Security. 2017 Vol. 3 (3): 71-77 doi: 10.11959/j.issn.2096-109x.2017.00157 Abstract( 5944 )   HTML PDF (169KB) (61619)
Bimonthly, started in 2015
Authorized by:Ministry of Industry and Information Technology of the People's Republic of China
Co-sponsored by:Xidian University, Beihang University, Huazhong University of Science and Technology, Zhejiang University
Edited by:Editorial Board of Chinese Journal of Network and Information Security
Editor-in-Chief:FANG Bin-xing
Executive Editor-in-Chief:LI Feng-hua
Director:YI Dong-shan