Announcement
Editors Recommend
15 August 2021, Volume 7 Issue 4
Comprehensive Review
Survey of code-based digital signatures
Yongcheng SONG, Xinyi HUANG, Wei WU, Haixia CHEN
2021, 7(4):  1-17.  doi:10.11959/j.issn.2096-109x.2021079
Asbtract ( 33 )   HTML ( 18)   PDF (1313KB) ( 31 )
Figures and Tables | References | Related Articles | Metrics

The rapid development of quantum computing theory and practice brings great uncertainty to the security of cryptography based on hard problems in number theory.Code-based hard problem is recognized as NP-complete problem, the complexity increases exponentially, and there is currently no threat of quantum computing to code-based cryptographic algorithm.Therefore, code-based algorithm can resist the quantum algorithm attack, which is one of the main directions of quantum-resistant cryptography.It is still an open problem to design secure and efficient code-based signatures.For many years, international researchers use classical and new methods to construct code-based signatures, but existing constructions are weak in security or poor in performance.Code-based signatures were comprehensively summarized and analyzed, and future research directions were indicated.

TopicⅠ: Network Security: Attack and Defense
Container intrusion detection method based on host system call frequency
Yimu JI, Weidong YANG, Kui LI, Shangdong LIU, Qiang LIU, Sisi SHAO, Shuai YOU, Naijiao HUANG
2021, 7(4):  18-29.  doi:10.11959/j.issn.2096-109x.2021073
Asbtract ( 33 )   HTML ( 9)   PDF (1577KB) ( 17 )
Figures and Tables | References | Related Articles | Metrics

Container technology has become a widely used virtualization technology in cloud platform due to its lightweight virtualization characteristics.However, it shares the kernel with the host, so it has poor security and isolation, and is vulnerable to flood, denial of service, and escape attacks.In order to effectively detect whether the container is attacked or not, an intrusion detection method based on host system call frequency was proposed.This method took advantage of the different frequency of system call between different attack behaviors, collected the system call generated when the container was running, extracted the system call features by combining the sliding window and TF-IDF algorithm, and classified by comparing the feature similarity.The experimental results show that the detection rate of this method can reach 97%, and the false alarm rate is less than 4%.

High resistance botnet based on smart contract
Hao ZHAO, Hui SHU, Fei KANG, Ying XING
2021, 7(4):  30-41.  doi:10.11959/j.issn.2096-109x.2021070
Asbtract ( 38 )   HTML ( 16)   PDF (1015KB) ( 19 )
Figures and Tables | References | Related Articles | Metrics

The development and application of blockchain technology makes it possible to build a more robust and flexible botnet command and control channel.In order to better study this type of potential new botnet threats, a highly confrontational botnet model based on blockchain smart contracts-SCBot was proposed.The SCBot model adopts a hierarchical hybrid topology structure, builds a command transmission channel based on smart contracts at the zombie subnet layer, and establishes a credibility evaluation mechanism to determine the authenticity of nodes, and enhances the confrontation of the network from the two major levels of traffic and terminals.The construction of small botnet clusters were simulated, comparative experiments on SCBot's command transmission efficiency and robustness were conducted, and its feasibility in the real environment from the perspective of economic costs was analyzed.Finally, a brief analysis and discussion of the defense strategy of this type of botnet were given.

Research on deception defense techniques based on network characteristics obfuscation
Jinlong ZHAO, Guomin ZHANG, Changyou XING
2021, 7(4):  42-52.  doi:10.11959/j.issn.2096-109x.2021045
Asbtract ( 24 )   HTML ( 7)   PDF (2238KB) ( 20 )
Figures and Tables | References | Related Articles | Metrics

There is usually a reconnaissance stage before a network attack, the attacker obtains the key information of the target system through techniques such as traffic analysis and active scanning, to formulate a targeted network attack.Deception defense techniques based on network characteristics obfuscation is an effective strategy to confront network reconnaissance, which makes the attacker launch an ineffective attack by thwarting the attacker's reconnaissance stage.The technical principle of the existing obfuscation defense solutions was analyzed, the formal definition of network obfuscation was given, the existing research works were discussed from three aspects, and finally the development trend of the obfuscation deception defense technique were analyzed.

Using side-channel and quantization vulnerability to recover DNN weights
Jinghai LI, Ming TANG, Chengxuan HUANG
2021, 7(4):  53-67.  doi:10.11959/j.issn.2096-109x.2021038
Asbtract ( 20 )   HTML ( 2)   PDF (2522KB) ( 6 )
Figures and Tables | References | Related Articles | Metrics

Model extraction attack focuses on reverse engineering architecture and weights of DNN model deployed in edge.Model extraction attack is a basic security problem in AI security, it underlies advanced attacks as data provider, such as adversarial sample and data poisoning.A novel method named Cluster-based SCA was proposed,this method did not need leakage model.Cluster-based SCA was based on vulnerability of quantized inference.There exist a phenomenon in multiplication operation in quantized inference, which the output of different weights were not equivalent in respect of classification.It can be used to distinguish different weights.The proposed method computed output activations of each DNN layer with guessing weight.Then acquired side channel signal were classified into different class, the taxonomy was corresponding output activations' value.Average dispersion of all classes $\overline{\sigma }$ was used to decide whether guess was right.The effectiveness of Cluster-based SCA method was verified by simulation experiment and HW model was used as target leakage model.For all weights from first convolution layer of target CNN model, TOP2 recovery rate was 52.66%.And for large weights in significant interval,TOP2 recover rate was 100%.

Survey of generative adversarial network
Zhenglong WANG, Baowen ZHANG
2021, 7(4):  68-85.  doi:10.11959/j.issn.2096-109x.2021080
Asbtract ( 49 )   HTML ( 9)   PDF (5736KB) ( 28 )
Figures and Tables | References | Related Articles | Metrics

Firstly, the basic theory, application scenarios and current state of research of GAN (generative adversarial network) were introduced, and the problems need to be improved were listed.Then, recent research, improvement mechanism and model features in 2 categories and 7 subcategories revolved around 3 points (improving model training efficiency, improving the quality of generated samples, and reducing the possibility of model collapse) were generalized and summarized.Finally, 3 future research directions were discussed.

Survey of intention recognition for opponent modeling
Wei GAO, Junren LUO, Weilin YUAN, Wanpeng ZHANG
2021, 7(4):  86-100.  doi:10.11959/j.issn.2096-109x.2021052
Asbtract ( 29 )   HTML ( 6)   PDF (1139KB) ( 16 )
Figures and Tables | References | Related Articles | Metrics

Several different methods of opponent modeling were introduced, leading to the problem of intention recognition in behavior modeling.Then, the process, classification, main methods, research prospects and practical applications of intention recognition were analyzed inductively, the latest research in related fields were summarized.Finally, some shortcomings of the current intention recognition and design methods were pointed out and some new insights for the future research were presented.

TopicⅡ: Technology and Application of Cryptology
Study on privacy preserving encrypted traffic detection
Xinyu ZHANG, Bingsheng ZHANG, Quanrun MENG, Kui REN
2021, 7(4):  101-113.  doi:10.11959/j.issn.2096-109x.2021057
Asbtract ( 34 )   HTML ( 6)   PDF (1137KB) ( 17 )
Figures and Tables | References | Related Articles | Metrics

Existing encrypted traffic detection technologies lack privacy protection for data and models, which will violate the privacy preserving regulations and increase the security risk of privacy leakage.A privacy-preserving encrypted traffic detection system was proposed.It promoted the privacy of the encrypted traffic detection model by combining the gradient boosting decision tree (GBDT) algorithm with differential privacy.The privacy-protected encrypted traffic detection system was designed and implemented.The performance and the efficiency of proposed system using the CICIDS2017 dataset were evaluated, which contained the malicious traffic of the DDoS attack and the port scan.The results show that when the privacy budget value is set to 1, the system accuracy rates are 91.7% and 92.4% respectively.The training and the prediction of our model is efficient.The training time of proposed model is 5.16 s and 5.59 s, that is only 2-3 times of GBDT algorithm.The prediction time is close to the GBDT algorithm.

Survey of side channel attack on encrypted network traffic
Ding LI, Yuefei ZHU, Bin LU, Wei LIN
2021, 7(4):  114-130.  doi:10.11959/j.issn.2096-109x.2021050
Asbtract ( 30 )   HTML ( 7)   PDF (1114KB) ( 18 )
Figures and Tables | References | Related Articles | Metrics

By analyzing and extracting information such as packet size and timing leaked during Web application communication, side channel attack on encrypted network traffic is able to recognize users' identity and behavior and even restore the original data entered by users.A model of side channel attack on encrypted network traffic according to information theory was developed.Based on the unified model, the methods and results of representative attacks such as fingerprinting attacks, keystroke attacks and speech attacks were analyzed in detail.Furthermore, defense methods of hiding packet size and timing information were discussed.At last, possible research directions were prospected with the frontiers of technology development.

Differential-linear cryptanalysis of PRINCE cipher
Zhengbin LIU
2021, 7(4):  131-140.  doi:10.11959/j.issn.2096-109x.2021072
Asbtract ( 25 )   HTML ( 2)   PDF (1368KB) ( 8 )
Figures and Tables | References | Related Articles | Metrics

PRINCE is a low-latency lightweight block cipher, which is widely used in a lot of resource constrained devices.It is based on the FX construction and the core component is PRINCEcore.Differential-linear cryptanalysis is a classical cryptographic technique, which combines differential cryptanalysis and linear cryptanalysis together.Short differential characteristics and linear characteristics with high-probability were concatenated to break the cipher.Differential-linear cryptanalysis were applied to attack PRINCEcore.Using 2-round differential-linear distinguisher, 4-round PRINCEcorecan be broken with 26chosen plaintext and 214.58encryption.For 6-round and 7-round PRINCEcore, the data complexity is 212.84and 229.02respectively, and the time complexity is 225.58and 241.53.

Secure key-sharing algorithm based on smart grid
Wei GU, Jian SHEN, Yongjun REN
2021, 7(4):  141-146.  doi:10.11959/j.issn.2096-109x.2021081
Asbtract ( 23 )   HTML ( 4)   PDF (2028KB) ( 11 )
Figures and Tables | References | Related Articles | Metrics

Most of establishment-key protocols suffer from both session-specific temporary information attack and private key leakage issue.Therefore, a novel public key sharing-based symmetric encryption algorithm (PKS-SE) was proposed, in order to maintain the security of communication between smart meter and service providers.Based on bilinear mapping and super-singular curve, PKS-SE algorithm constructed the communication key between intelligent electricity meter and service provider, in order to avoid the key escrow problem.At the same time, PKS-SE algorithm reduced the number of required messages during the mutual authentication to only two messages, thus controlling the communication cost and operation cost of PKS-SE algorithm.Simulation results show that the proposed PKS-SE algorithm can effectively realize public key-sharing

Partial blind signature scheme based on SM9 algorithm
Yao LYU, Jinpeng HOU, Chong NIE, Mang SU, Bin WANG, Hongling JIANG
2021, 7(4):  147-153.  doi:10.11959/j.issn.2096-109x.2021037
Asbtract ( 26 )   HTML ( 5)   PDF (811KB) ( 9 )
Figures and Tables | References | Related Articles | Metrics

Ordinary digital signatures have many deficiencies in effectively protecting users' privacy, and signature repudiation and tracking occur from time to time.In order to solve the above problems, a partial blind signature scheme based on the SM9 algorithm was proposed.Partially means that the signature message contains the user's message and other related information, so it can effectively resist signature repudiation and tracking, and introduce a trusted third party to prevent malicious users from tampering with information.Through experimental results and theoretical analysis, the security and efficiency of the proposed algorithm are proved.

Papers
Auto forensic detecting algorithms of malicious code fragment based on TensorFlow
Binglong LI, Jinlong TONG, Yu ZHANG, Yifeng SUN, Qingxian WANG, Chaowen CHANG
2021, 7(4):  154-163.  doi:10.11959/j.issn.2096-109x.2021048
Asbtract ( 26 )   HTML ( 6)   PDF (3836KB) ( 14 )
Figures and Tables | References | Related Articles | Metrics

In order to auto detect the underlying malicious code fragments in complex，heterogeneous and massive evidence data about digital forensic investigation, a framework for malicious code fragment detecting algorithm based on TensorFlow was proposed by analyzing TensorFlow model and its characteristics.Back-propagation training algorithm was designed through the training progress of deep learning.The underlying binary feature pre-processing algorithm of malicious code fragment was discussed and proposed to address the problem about different devices and heterogeneous evidence sources from storage media and such as AFF forensic containers.An algorithm which used to generate data set about code fragments was designed and implemented.The experimental results show that the comprehensive evaluation index F1of the method can reach 0.922, and compared with CloudStrike, Comodo, FireEye antivirus engines, the algorithm has obvious advantage in dealing with the underlying code fragment data from heterogeneous storage media.

Research on the trusted environment of container cloud based on the TPCM
Guojie LIU, Jianbiao ZHANG, Ping YANG, Zheng LI
2021, 7(4):  164-174.  doi:10.11959/j.issn.2096-109x.2021068
Asbtract ( 27 )   HTML ( 7)   PDF (1645KB) ( 9 )
Figures and Tables | References | Related Articles | Metrics

Container technology is a lightweight operating system virtualization technology that is widely used in cloud computing environments and is a research hotspot in the field of cloud computing.The security of container technology has attracted much attention.A method for constructing a trusted environment of container cloud using active immune trusted computing was proposed, and its security meet the requirements of network security level protection standards.First, container cloud servers were measured through the TPCM and a trust chain from the TPCM to the container's operating environment was established.Then, by adding the trusted measurement agent of the container to the TSB, the trusted measurement and trusted remote attestation of the running process of the container were realized.Finally, an experimental prototype based on Docker and Kubernetes and conduct experiments were built.The experimental results show that the proposed method can ensure the credibility of the boot process of the cloud server and the running process of the container and meet the requirements of the network security level protection standard evaluation.

Permission clustering-based attribute value optimization
Wenchao WU, Zhiyu REN, Xuehui DU
2021, 7(4):  175-182.  doi:10.11959/j.issn.2096-109x.2021077
Asbtract ( 25 )   HTML ( 3)   PDF (806KB) ( 14 )
Figures and Tables | References | Related Articles | Metrics

In new large-scale computing environment, the attributes of entities were massive and they had complex sources and uneven quality, which were great obstacles to the application of ABAC (attribute-based access control).The attributes were also hard to be corrected manually, making it difficult to be applied in access control system straightly.To solve the optimization problem of nominal attributes, a novel algorithm of attribute value optimization based on permission clustering was designed, in which entities were presented by the privilege set related to them.So that the entities were tagged by density-based clustering method with distances of their privilege set presentations.Then the attribute values were reduced and corrected based on rough set theory.Finally, the algorithm was verified on UCI data sets, which proved that after applying it, ABAC policy mining was improved in the evaluation criteria, such as the true positive rate and F1-score.

Education and Teaching
Exploration and practice of PRIDE teaching mode oriented to cybersecurity talent cultivation
Jianwei LIU, Dawei LI, Ying GAO, Yu SUN, Hua GUO
2021, 7(4):  183-189.  doi:10.11959/j.issn.2096-109x.2021078
Asbtract ( 27 )   HTML ( 5)   PDF (725KB) ( 7 )
Figures and Tables | References | Related Articles | Metrics

In the long-term practice of cybersecurity talent cultivation, the teaching team of School of Cyber Science and Technology of Beihang University, aiming at the knowledge goal, ability goal and quality goal of talent cultivation of cybersecurity discipline and related majors, puts forward the innovative teaching idea of “fine teaching, strong practice, excellent assessment, abundant resources” according to the knowledge characteristics, thinking characteristics and psychological characteristics of students.The teaching team integrates political teaching,research teaching, inspiration teaching, seminar teaching and example teaching methods, puts forward the PRIDE teaching mode，which has been widely applied in the teaching of core professional courses such as “Information Network Security” and “Modern Cryptography”, and has got remarkable teaching achievement.Through the practice of PRIDE teaching mode, a high-level teaching team with high political quality and strong teaching ability has been also built.

 Chinese Journal of Network and Information Security. 2017 Vol. 3 (3): 71-77 doi: 10.11959/j.issn.2096-109x.2017.00157 Abstract （5735）   HTML （52）    PDF （169KB）（61266）
 Survey of block chain Xin SHEN,Qing-qi PEI,Xue-feng LIU Chinese Journal of Network and Information Security. 2016 Vol. 2 (11): 11-20 doi: 10.11959/j.issn.2096-109x.2016.00107 Abstract （15636）   HTML （886）    PDF （461KB）（24018）
 Study on BGP route leak Jia JIA,Zhi-wei YAN,Guang-gang GENG,Jian JIN Chinese Journal of Network and Information Security. 2016 Vol. 2 (8): 54-61 doi: 10.11959/j.issn.2096-109x.2016.00074 Abstract （2651）   HTML （46）    PDF （472KB）（20052）
 Research on host malcode detection using machine learning Dong ZHANG,Yao ZHANG,Gang LIU,Gui-xiang SONG Chinese Journal of Network and Information Security. 2017 Vol. 3 (7): 25-32 doi: 10.11959/j.issn.2096-109x.2017.00179 Abstract （2366）   HTML （62）    PDF （648KB）（11567）
 Supply chain dynamic multi-center coordination authentication model based on block chain Jian-ming ZHU,Yong-gui FU Chinese Journal of Network and Information Security. 2016 Vol. 2 (1): 27-33 doi: 10.11959/j.issn.2096-109x.2016.00019 Abstract （5705）   HTML （91）    PDF （1052KB）（10695）
 Research progress and trend of text summarization Tuosiyu MING, Hongchang CHEN Chinese Journal of Network and Information Security. 2018 Vol. 4 (6): 1-10 doi: 10.11959/j.issn.2096-109x.2018048 Abstract （5242）   HTML （56）    PDF （568KB）（9440）
 Define cyberspace security Binxing FANG Chinese Journal of Network and Information Security. 2018 Vol. 4 (1): 1-5 doi: 10.11959/j.issn.2096-109x.2018002 Abstract （3929）   HTML （114）    PDF （456KB）（9428）
 Machine learning security and privacy:a survey Lei SONG, Chunguang MA, Guanghan DUAN Chinese Journal of Network and Information Security. 2018 Vol. 4 (8): 1-11 doi: 10.11959/j.issn.2096-109x.2018067 Abstract （5216）   HTML （124）    PDF （701KB）（8345）
 Analysis and enlightenment on the cybersecurity strategy of various countries in the world Yu-xiao LI,Yong-jiang XIE Chinese Journal of Network and Information Security. 2016 Vol. 2 (1): 1-5 doi: 10.11959/j.issn.2096-109x.2016.00017 Abstract （2181）   HTML （32）    PDF （374KB）（8266）
 Research of phishing detection technology Xi ZHANG,Zhi-wei YAN,Hong-tao LI,Guang-gang GENG Chinese Journal of Network and Information Security. 2017 Vol. 3 (7): 7-24 doi: 10.11959/j.issn.2096-109x.2017.00180 Abstract （2036）   HTML （27）    PDF （870KB）（7989）
 Survey of DDoS defense:challenges and directions Fei CHEN,Xiao-hong BI,Jing-jing WANG,Yuan LIU Chinese Journal of Network and Information Security. 2017 Vol. 3 (10): 16-24 doi: 10.11959/j.issn.2096-109x.2017.00202 Abstract （2288）   HTML （37）    PDF （555KB）（7783）
 Machine learning algorithm for intelligent detection of WebShell Hua DAI,Jing LI,Xin-dai LU,Xin SUN Chinese Journal of Network and Information Security. 2017 Vol. 3 (4): 51-57 doi: 10.11959/j.issn.2096-109x.2017.00126 Abstract （2549）   HTML （34）    PDF （671KB）（7613）
 Review of key technology and its application of blockchain Feng ZHANG, Boxuan SHI, Wenbao JIANG Chinese Journal of Network and Information Security. 2018 Vol. 4 (4): 22-29 doi: 10.11959/j.issn.2096-109x.2018028 Abstract （4079）   HTML （190）    PDF （690KB）（7562）
 Symbolic execution based control flow graph extraction method for Android native codes Hui-ying YAN,Zhen-ji ZHOU,Li-fa WU,Zheng HONG,He SUN Chinese Journal of Network and Information Security. 2017 Vol. 3 (7): 33-46 doi: 10.11959/j.issn.2096-109x.2017.00178 Abstract （1361）   HTML （7）    PDF （619KB）（7453）
 Suggestions on cyber security talents cultivation Hui LI,Ning ZHANG Chinese Journal of Network and Information Security. 2015 Vol. 1 (1): 18-23 doi: 10.11959/j.issn.2096-109x.2015.00003 Abstract （1913）   HTML （30）    PDF （357KB）（7021）
 Data security and protection techniques in big data:a survey Kai-min WEI,Jian WENG,Kui REN Chinese Journal of Network and Information Security. 2016 Vol. 2 (4): 1-11 doi: 10.11959/j.issn.2096-109x.2016.00046 Abstract （3484）   HTML （61）    PDF （1446KB）（7016）
 Malware classification method based on static multiple-feature fusion Bo-wen SUN,Yan-yi HUANG,Qiao-kun WEN,Bin TIAN,Peng WU,Qi LI Chinese Journal of Network and Information Security. 2017 Vol. 3 (11): 68-76 doi: 10.11959/j.issn.2096-109x.2017.00217 Abstract （1357）   HTML （42）    PDF （529KB）（6598）
 Progress of research on privacy protection for data publication and data mining Jiao WANG,Ke-feng FAN,Yong WANG Chinese Journal of Network and Information Security. 2016 Vol. 2 (1): 18-26 doi: 10.11959/j.issn.2096-109x.2016.00021 Abstract （1409）   HTML （14）    PDF （965KB）（6392）
 Analysis of cyberspace security based on game theory Jian-ming ZHU,Qin WANG Chinese Journal of Network and Information Security. 2015 Vol. 1 (1): 43-49 doi: 10.11959/j.issn.2096-109x.2015.00006 Abstract （1821）   HTML （16）    PDF （764KB）（6076）
 Study of Row Hammer attack Wenwei WANG,Peishun LIU Chinese Journal of Network and Information Security. 2018 Vol. 4 (1): 69-75 doi: 10.11959/j.issn.2096-109x.2018007 Abstract （993）   HTML （12）    PDF （577KB）（5893）
 Survey of block chain Xin SHEN,Qing-qi PEI,Xue-feng LIU Chinese Journal of Network and Information Security. 2016 Vol. 2 (11): 11-20 doi: 10.11959/j.issn.2096-109x.2016.00107 Abstract( 15636 )   HTML PDF (461KB) (24018)
 Relation extraction based on CNN and Bi-LSTM Xiaobin ZHANG, Fucai CHEN, Ruiyang HUANG Chinese Journal of Network and Information Security. 2018 Vol. 4 (9): 44-51 doi: 10.11959/j.issn.2096-109x.2018074 Abstract( 8289 )   HTML PDF (618KB) (3471)
 Blockchain-based digital copyright trading system Li LI,Siqin ZHOU,Qin LIU,Debiao HE Chinese Journal of Network and Information Security. 2018 Vol. 4 (7): 22-29 doi: 10.11959/j.issn.2096-109x.2018060 Abstract( 8148 )   HTML PDF (771KB) (3310)
 Chinese Journal of Network and Information Security. 2017 Vol. 3 (3): 71-77 doi: 10.11959/j.issn.2096-109x.2017.00157 Abstract( 5735 )   HTML PDF (169KB) (61266)
 Supply chain dynamic multi-center coordination authentication model based on block chain Jian-ming ZHU,Yong-gui FU Chinese Journal of Network and Information Security. 2016 Vol. 2 (1): 27-33 doi: 10.11959/j.issn.2096-109x.2016.00019 Abstract( 5705 )   HTML PDF (1052KB) (10695)
Copyright Information
Bimonthly, started in 2015
Authorized by:Ministry of Industry and Information Technology of the People's Republic of China
Sponsored by:Posts and Telecommunications Press
Co-sponsored by:Xidian University, Beihang University, Huazhong University of Science and Technology, Zhejiang University
Edited by:Editorial Board of Chinese Journal of Network and Information Security
Editor-in-Chief:FANG Bin-xing
Executive Editor-in-Chief:LI Feng-hua
Director:YI Dong-shan
Address:F8,You Dian Publisher Building,No.11,Chengshousi Road,Fengtai District,Beijing 100078,PR China
Tel:+8610-81055479, 81055456
Fax:+86-81055464
ISSN 2096-109X
CN 10-1366/TP
Links
visited
Total visitors:
Visitors of today:
Now online: