Please wait a minute...

����Ŀ¼

    15 June 2021, Volume 7 Issue 3
    Previous Issue    Next Issue
    TopicⅠ: Application of neural network technology
    Adversarial attack and defense on graph neural networks: a survey
    Jinyin CHEN, Dunjie ZHANG, Guohan HUANG, Xiang LIN, Liang BAO
    2021, 7(3):  1-28.  doi:10.11959/j.issn.2096-109x.2021051
    Asbtract ( 1625 )   HTML ( 369)   PDF (2817KB) ( 1798 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    For the numerous existing adversarial attack and defense methods on GNN, the main adversarial attack and defense algorithms of GNN were reviewed comprehensively, as well as robustness analysis techniques.Besides, the commonly used benchmark datasets and evaluation metrics in the security research of GNN were introduced.In conclusion, some insights on the future research direction of adversarial attacks and the trend of development were put forward.

    Architecture design of re-configurable convolutional neural network on software definition
    Peijie LI, Li ZHANG, Yunfei XIA, Liming XU
    2021, 7(3):  29-36.  doi:10.11959/j.issn.2096-109x.2021043
    Asbtract ( 343 )   HTML ( 35)   PDF (831KB) ( 198 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    In order to meet the flexibility and efficiency requirement in convolutional neural network (CNN), an architecture of re-configurable CNN based on software definition was proposed.In the architecture, the process of CNN could be normalized and the operation mode could be accelerated.The calculation pipeline was implemented by using dual bus architecture based on AHB and AXI protocols.By software definition, the proposed architecture, which could realize the real-time processing of data among different CNN structure, was implemented on FPGA.The result shows that at least 2 CNN models can be software defined on the FPGA circuit.The output measures an operation processing capacity of 10 times that of CPU, and an operation energy consumption ratio of 2 times that of GPU.

    Code vulnerability detection method based on graph neural network
    Hao CHEN, Ping YI
    2021, 7(3):  37-45.  doi:10.11959/j.issn.2096-109x.2021039
    Asbtract ( 1067 )   HTML ( 220)   PDF (842KB) ( 800 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    The schemes of using neural networks for vulnerability detection are mostly based on traditional natural language processing ideas, processing the code as array samples and ignoring the structural features in the code, which may omit possible vulnerabilities.A code vulnerability detection method based on graph neural network was proposed, which realized function-level code vulnerability detection through the control flow graph feature of the intermediate language.Firstly, the source code was compiled into an intermediate representation, and then the control flow graph containing structural information was extracted.At the same time, the word vector embedding algorithm was used to initialize the vector of basic block to extract the code semantic information.Then both of above were spliced to generate the graph structure sample data.The multilayer graph neural network model was trained and tested on graph structure data features.The open source vulnerability sample data set was used to generate test data to evaluate the method proposed.The results show that the method effectively improves the vulnerability detection ability.

    Survey on backdoor attacks targeted on neural network
    Qingyin TAN, Yingming ZENG, Ye HAN, Yijing LIU, Zheli LIU
    2021, 7(3):  46-58.  doi:10.11959/j.issn.2096-109x.2021053
    Asbtract ( 1165 )   HTML ( 178)   PDF (695KB) ( 1477 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    According to existing neural network backdoor attack research works, the concept of neural network backdoor attack is first introduced.Secondly, the research status of neural network backdoor attack is explained from three aspects: research development, summary of typical work and classification.Then, some typical backdoor attack strategies are analyzed in detail.Finally, the research status is summarized and the future research directions are discussed.

    TopicⅡ: SDN and cloud computing security
    Verification on policies for network functions in SDN/NFV-based environment
    Haoyu CHEN, Deqing ZOU, Hai JIN
    2021, 7(3):  59-71.  doi:10.11959/j.issn.2096-109x.2021035
    Asbtract ( 275 )   HTML ( 42)   PDF (1281KB) ( 288 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Although the newly introduced SDN and NFV technologies bring flexibility and convenience in network management, the dynamic forwarding policies introduced by SDN may cause invalidation in the network function policies, and the policies in different network functions may also cause conflicts due to their own behaviors.In order to verify the policies in SDN/NFV-based cloud network, the verification on policies between the network function and the SDN device, as well as across the network functions were considered.A unified policy expression for analysis was summarized, and policy verification scheme, framework and prototype implementation were proposed to verify the correctness of polices in different scenarios, then experiments were conducted to justify the effectiveness and performance

    Multi-objective optimization placement strategy for SDN security controller considering Byzantine attributes
    Tao WANG, Hongchang CHEN
    2021, 7(3):  72-84.  doi:10.11959/j.issn.2096-109x.2021060
    Asbtract ( 155 )   HTML ( 20)   PDF (887KB) ( 211 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    By giving the software defined network distributed control plane Byzantine attributes, its security can be effectively improved.In the process of realizing Byzantine attributes, the number and location of controllers, and the connection relationship between switches and controllers can directly affect the key network performance.Therefore, a controller multi-objective optimization placement strategy for SDN security controllers considering Byzantine attributes was proposed.Firstly, a Byzantine controller placement problem (MOSBCPP) model that comprehensively considered interaction delay, synchronization delay, load difference and the number of controllers was constructed.Then, a solution algorithm based on NASG-II was designed for this model, which included the initialization function, the mutation function, the fast non-dominated sorting function and the elite strategy selection function.Simulation results show that this strategy can effectively reduce interaction delay, synchronization delay, load difference and the number of controllers, while improving control plane security.

    SDN self-protection system based on Renyi entropy
    Pu ZHAO, Wentao ZHAO, Zhangjie FU, Qiang LIU
    2021, 7(3):  85-94.  doi:10.11959/j.issn.2096-109x.2021049
    Asbtract ( 230 )   HTML ( 35)   PDF (3905KB) ( 627 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Aiming at the abnormal behaviors in SDN architecture, a self-protection system based on Renyi entropy that implemented a set of detection, diagnosis and defense method of SDN abnormal behaviors was proposed.The system did not need to introduce the third-party measurement equipment, and directly used the flow table information of OpenFlow switches.Firstly, the abnormal network behavior was detected by calculating the characteristic entropy.Then, the information of the OpenFlow flow table was further analyzed to realize the diagnosis of abnormal behavior.Finally, a blacklist mechanism was established.And the system added the hosts with abnormal behavior to the blacklist and blocked the corresponding abnormal traffic.In order to verify the effectiveness of the system, a prototype was developed on the Floodlight controller.The simulation results on Mininet show that the system can effectively detect, diagnose and defend the abnormal behaviors.The system has low deployment cost, which enhances the security of SDN.

    Dynamic heterogeneous scheduling method based on Stackelberg game model in container cloud
    Wei ZENG, Hongchao HU, Lingshu LI, Shumin HUO
    2021, 7(3):  95-104.  doi:10.11959/j.issn.2096-109x.2021063
    Asbtract ( 225 )   HTML ( 35)   PDF (1211KB) ( 442 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Container technology promotes the rapid development of cloud computing with its flexible and efficient features, but it also introduces security threats such as co-resident attacks, escape attacks, and common mode attacks.In response to these security threats, a dynamic heterogeneous scheduling method based on Stackelberg game in the container cloud was proposed.First, a heterogeneous mirrored resource pool is constructed to suppress the spread of attacks based on common-mode vulnerabilities on the cloud.Then, the offensive and defense interaction process is modeled as a Stackelberg game model.Finally, the offensive and defensive model is analyzed, and the system scheduling problem is modeled as a mixed integer non-linear programming problem to solve the system's optimal scheduling strategy.Experiments show that the proposed method can improve the defense effect of the cloud platform and reduce the system defense overhead.

    Papers
    Research on inter-blockchain service framework and communication mechanism based on smart service transaction
    Bohan KANG, Ning ZHANG, Jianming ZHU
    2021, 7(3):  105-114.  doi:10.11959/j.issn.2096-109x.2021062
    Asbtract ( 569 )   HTML ( 84)   PDF (1493KB) ( 970 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Due to the lack of communication mechanism between inter-blockchain services, it is difficult to formulate effective interconnection between different blockchain.Under the smart services ecosystem, two parties of the transaction not only execute the single transaction of data assets, but also extend the scope of their services to cover a wider range of digital assets transfer scenarios.An inter-blockchain communication(IBC) framework for smart service transaction is designed.With component-based and modular design, it makes flexible for the subject and object application of smart service transaction to access IBC framework and thus promote inter-blockchain scalability.Finally, a three-phrase inter-blockchain communication protocol for smart service transaction is proposed to ensure the atomicity and consistency of inter-blockchain ecosystem.

    Research on security architecture of strong PUF by adversarial learning
    Yan LI, Wei LIU, Yuanlu SUN
    2021, 7(3):  115-122.  doi:10.11959/j.issn.2096-109x.2021019
    Asbtract ( 281 )   HTML ( 23)   PDF (2491KB) ( 263 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    To overcome the vulnerability of strong physical unclonable function, the adversarial learning model of strong PUF was presented based on the adversarial learning theory, then the training process of gradient descent algorithm was analyzed under the framework of the model, the potential relationship between the delay vector weight and the prediction accuracy was clarified, and an adversarial sample generation strategy was designed based on the delay vector weight.Compared with traditional strategies, the prediction accuracy of logistic regression under new strategy was reduced by 5.4% ~ 9.5%, down to 51.4%.The physical structure with low overhead was designed corresponding to the new strategy, which then strengthened by symmetrical design and complex strategy to form a new PUF architecture called ALPUF.ALPUF not only decrease the prediction accuracy of machine learning to the level of random prediction, but also resist hybrid attack and brute force attack.Compared with other PUF security structures, ALPUF has advantages in overhead and security.

    Research on improved scheme of resource public key infrastructure data synchronization
    Feng LENG, Qi ZHAO, Zhiwei YAN, Yu ZENG
    2021, 7(3):  123-133.  doi:10.11959/j.issn.2096-109x.2021064
    Asbtract ( 209 )   HTML ( 28)   PDF (1149KB) ( 317 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    RPKI Relying party needs to synchronizing data from repository periodically to verify information.In general, Rsync and RRDP are the two common means to complete data synchronization, however, each of them has related problems.In order to solve these problems, through analyzingthe way for synchronizing data from repository by the relying party, a mathematical model was established.Furthermore, based on the current problems faced by the two synchronization means, an improved RPKI data synchronization scheme was proposed.The advantages and disadvantages of the improved scheme were analyzed in detail, as well as the applicable scenarios.The improved scheme could provide a reference for optimizing the deployment and application of RPKI.

    Research on anonymous identity authentication technology in Fabric
    Yueyang YE, Xinglan ZHANG
    2021, 7(3):  134-140.  doi:10.11959/j.issn.2096-109x.2021036
    Asbtract ( 516 )   HTML ( 86)   PDF (681KB) ( 542 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Solving the privacy problem of users in the consortium blockchain becomes the key to accelerate the implementation of the practical application of blockchain.A set of anonymous identity authentication scheme based on PKI is designed based on Hyperledger Fabric platform, a typical representative of the consortium blockchain.By splitting the private key d into two parts, different roles use each private key to generate the joint signature of the anonymous certificate to achieve the separation of permissions in the process of certificate generation and solve the single point attack problem in the process of anonymous certificate tracking.The analysis shows that the improved scheme can achieve higher security than the original scheme with lower computing and storage overhead.

    Human action recognition method based on multi-view semi-supervised ensemble learning
    Shengnan CHEN, Xinmin FAN
    2021, 7(3):  141-148.  doi:10.11959/j.issn.2096-109x.2021061
    Asbtract ( 313 )   HTML ( 35)   PDF (1052KB) ( 164 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Mass labeled data are hard to get in mobile devices.Inadequate training leads to bad performance of classifiers in human action recognition.To tackle this problem, a multi-view semi-supervised ensemble learning method was proposed.First, data of two different inertial sensors was used to construct two feature views.Two feature views and two base classifiers were combined to construct co-training framework.Then, the confidence degree was redefined in multi-class task and was combined with active learning method to control predict pseudo-label result in each iteration.Finally, extended training data was used as input to train LightGBM.Experiments show that the method has good performance in precision rate, recall rate and F1 value, which can effectively detect different human action.

    Effect of the difference enumeration attack on LowMC instances
    Xinxin GE, Zhihu LI, Meiqin WANG, Kai HU
    2021, 7(3):  149-155.  doi:10.11959/j.issn.2096-109x.2021046
    Asbtract ( 279 )   HTML ( 26)   PDF (710KB) ( 197 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    The LowMC is an algorithm with low multiplicative complexities.For the parameter with limited data complexities and low number of S-boxes, the difference enumeration attack was proposed, which could theoretically attack all rounds of the LowMC.Considering that the original attack is based on the random linear layer,the strength of LowMC algorithm against differential enumeration attacks under a specific linear layer deserves more study.The difference enumeration attack cannot reach theoretical rounds through the research on the so-called key initial round.In terms of some LowMC instances, the key initial round is smaller than the theoretical value, which leads to the failure of the difference enumeration attack.Since the number of rounds of the LowMC is completely based on existing attacks, the analysis is of great significance to the rounds design of the LowMC.

    Operation mechanism for ensuring the stable migration of top-level domain name resolution hosting services with DNSSEC
    Zheng HE, Feng LENG, Cuiling ZHANG
    2021, 7(3):  156-165.  doi:10.11959/j.issn.2096-109x.2021059
    Asbtract ( 156 )   HTML ( 17)   PDF (754KB) ( 182 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Based on the migration and deployment practice of the top-level domain resolution service hosting platform, in order to avoid the occurrence of domain name system security extension (DNSSEC, DNS security ex-tension) trust chain and resolution service interruption, domain name NS record inconsistency and other security issues in the DNSSEC environment, research and analysis was focused on how to migrate the resolution service between the old and new service hosting platform and the internet assigned numbers authority (IANA) without breaking the integrity of the DNSSEC trust chain during the key rollover, DS and NS record changes, data update and other stages.To improve the availability of domain name system services, the key points of the platform migration operation were analyzed in detail, and the migration mechanism that can ensure business continuity during the migration process were proposed.

    Education and teaching
    Reverse teaching design of curriculum ideological and political in information security major—Take the wireless communication network security course of Xidian University as an example
    Jin LI, Jin CAO, Yueyu ZHANG, Meiru ZHANG, Hui LI
    2021, 7(3):  166-174.  doi:10.11959/j.issn.2096-109x.2021058
    Asbtract ( 532 )   HTML ( 61)   PDF (831KB) ( 423 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Curriculum ideological and political is a new topic in the teaching of information security major courses.The wireless communication network security course of Xidian University was taken as an example by the theory of reverse instructional design.By clarifying the concepts and principles of curriculum ideological and political construction, the curriculum ideological and political teaching design was carried out by the means of curriculum front-end design, teaching objective design, determine evaluation evidence, design learning activities, teaching Feedback.Through the demonstration of this case, the reference for how to carry out curriculum ideological and political teaching design in other courses were provided.

Copyright Information
Bimonthly, started in 2015
Authorized by:Ministry of Industry and Information Technology of the People's Republic of China
Sponsored by:Posts and Telecommunications Press
Co-sponsored by:Xidian University, Beihang University, Huazhong University of Science and Technology, Zhejiang University
Edited by:Editorial Board of Chinese Journal of Network and Information Security
Editor-in-Chief:FANG Bin-xing
Executive Editor-in-Chief:LI Feng-hua
Director:Xing Jianchun
Address:F2, Beiyang Chenguang Building, Shunbatiao No.1 Courtyard, Fengtai District, Beijing, China
Tel:010-53879136/53879138/53879139
Fax:+86-81055464
ISSN 2096-109X
CN 10-1366/TP
Links
More...
visited
Total visitors:
Visitors of today:
Now online:
Copyright of website: Editorial Office of Chinese Journal of Network and Information Security