Please wait a minute...

����Ŀ¼

    15 December 2021, Volume 7 Issue 6
    Comprehensive Review
    Survey on image non-additive steganography
    Yaofei WANG, Weiming ZHANG, Kejiang CHEN, Wenbo ZHOU, Nenghai YU
    2021, 7(6):  1-10.  doi:10.11959/j.issn.2096-109x.2021102
    Asbtract ( 194 )   HTML ( 29)   PDF (1145KB) ( 128 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Image non-additive steganography not only can better maintain the distribution of image elements, but also has high detection resistance.Firstly, the image non-additive image steganography methods were sorted out and divided into two major categories: non-additive distortion design and non-additive steganography coding design.The non-additive distortion was designed into three categories: theoretical models based, modification principles based and adversarial detection based, and compared these methods.Finally, the difficult problems faced by non-additive steganography and the future development ideas were analyzed.

    TopicⅠ: Novel Network Technology and Security
    Survey of control and management mechanisms for time-sensitive network
    Shuo WANG, Shuwen YIN, Hua LU, Jidong ZHANG
    2021, 7(6):  11-20.  doi:10.11959/j.issn.2096-109x.2021105
    Asbtract ( 127 )   HTML ( 31)   PDF (1737KB) ( 103 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Time-sensitive network can provide deterministic transmission services with bounded low latency for applications.Besides, it brings a unified architecture and standards to heterogeneous real-time Ethernet in the industry.However, the implementation and deployment of time-sensitive network based on IEEE Std 802.1Qcc face many challenges in various application scenarios.The research on the control and management mechanisms in time-sensitive network was summarized.Then the problems to be solved were analyzed and summarized from transmission performance, scalability and technology fusion.The latest research progress of control and management mechanisms was shown.The open issues and future research directions were discussed.

    Aeronautical Ad Hoc network node failure analysis method
    Lixia XIE, Liping YAN, Hongyu YANG
    2021, 7(6):  21-30.  doi:10.11959/j.issn.2096-109x.2021084
    Asbtract ( 70 )   HTML ( 9)   PDF (1590KB) ( 28 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    To analyze the stability changes of aeronautical ad hoc network (AANET) caused by node failure affecting reaction effectively, an AANET node failure analysis method was proposed.Firstly, the model of business-entity asymmetric dependent network was established based on the characteristics of AANET.Secondly, an improved failure traffic redistribution algorithm was designed to obtain the affected node set.Finally, the AANET affecting impact value was calculated according to the node weight, then the affecting impact degree was determined.The experimental results show that the proposed method has better accuracy in the failure affecting impact analysis of AANET.

    Key path analysis method for large-scale industrial control network
    Yaofang ZHANG, Zheyu ZHANG, Haikuo QU, Ge ZHANG, Zibo WANG, Bailing WANG
    2021, 7(6):  31-43.  doi:10.11959/j.issn.2096-109x.2021069
    Asbtract ( 105 )   HTML ( 16)   PDF (2035KB) ( 48 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    In order to solve the problem of high time-consuming and resource-consuming quantitative calculation of large-scale industrial control network attack graphs, a key path analysis method for large-scale industrial control networks was proposed.Firstly, the idea of cut set was used to calculate the key nodes set of Bayesian attack graph by combining the atomic attack income in industrial control network, which solved the problem that the current cut set algorithm only considers the key nodes in graph structure.Secondly, a dynamic updating strategy of Bayesian attack graph which only updated the attack probability of key nodes was proposed to efficiently calculate the attack probability of the whole graph and analyze the key path of attack graph.The experimental results show that the proposed method can not only ensure the reliability of the calculation results of large-scale industrial control attack graphs, but also can significantly reduce the time consumption and have a significant improvement in the calculation efficiency.

    Research progress on dynamic hopping technology for network layer
    Weizhen HE, Fucai CHEN, Jie NIU, Jinglei TAN, Shumin HUO, Guozhen CHENG
    2021, 7(6):  44-55.  doi:10.11959/j.issn.2096-109x.2021104
    Asbtract ( 108 )   HTML ( 17)   PDF (2085KB) ( 46 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Firstly, the basic concept of network layer hopping technology was introduced and the security threats it faced were given.Then, two type of models and communication methods of network layer hopping technology based on traditional networks and software-defined networks were given.And the network layer hopping technology was classified from three aspects of hopping attributes, the method of hopping realization and the method of hopping trigger, two evaluation models of network layer hopping were given.Finally, the problems that still exist in the network layer hopping technology and the corresponding development direction were summarized.

    Research of public infrastructure system and security policy in cyberspace
    Jie QIU, Rui HAN, Zhifeng WEI, Zhiyang WANG
    2021, 7(6):  56-67.  doi:10.11959/j.issn.2096-109x.2021106
    Asbtract ( 107 )   HTML ( 22)   PDF (1734KB) ( 83 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Considering the key elements, such as object, resources, activities, and other equipment, as same as system, data, environmental and other aspects of demand, the public infrastructure system and security policy between physical space and cyberspace were taken as a basic point.A scientific system of public infrastructure in cyberspace was constructed.From the perspective of dual authentication of management authentication and application authentication, some corresponding safety policies and implementation suggestions were given from the aspects of user/device management and identity authentication.

    TopicⅡ: Blockchain Technology
    Research progress of access control based on blockchain
    Zhensheng GAO, Lifeng CAO, Xuehui DU
    2021, 7(6):  68-87.  doi:10.11959/j.issn.2096-109x.2021044
    Asbtract ( 176 )   HTML ( 43)   PDF (2179KB) ( 139 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Blockchain technology has the features of decentralization, high credibility, non-tampering and traceability, which can address the trust problem in traditional access control technology.Based on the implementation with blockchain, the unique advantages of applying blockchain to access control are analyzed from two aspects: based on transaction and based on smart contract.Based on the key issues in blockchain application, the current research progress is summarized from three key technologies: dynamic access control, blockchain space optimization, and privacy data protection.Based on the challenges faced by the current blockchain-based access control mechanism, five research prospects are proposed.

    Credible distributed identity authentication system of microgrid based on blockchain
    Guanqun YANG, Yin LIU, Hao XU, Hongwei XING, Jianhui ZHANG, Entang LI
    2021, 7(6):  88-98.  doi:10.11959/j.issn.2096-109x.2021054
    Asbtract ( 162 )   HTML ( 31)   PDF (1952KB) ( 134 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Most of the blockchain-based identity authentication systems are based on public blockchain, which are still essentially traditional centralized identity management and verification methods, making it difficult to meet the needs of trusted access and fine-grained access control in microgrids.Therefore, based on the FISCO BCOS consortium blockchain technology, a distributed identity authentication system supporting multi-center was designed.A DID-based identity management protocol to achieve autonomous control of user identity in a practical scenarios was designed.Distributed trusted access technology for end nodes in microgrids was studied, and privacy-protecting credentials based on zero-knowledge proof were designed.This scheme meets the requirements of trustworthy and verifiable user identity in different privacy security scenarios, and achieves autonomous control of entity identity, fine-grained access control and trusted data exchange.The usability and effectiveness of the proposed algorithm are demonstrated through system experiments and performance analysis.

    Federated learning scheme for mobile network based on reputation evaluation mechanism and blockchain
    Ming YANG, Xuexian HU, Qihui ZHANG, Jianghong WEI, Wenfen LIU
    2021, 7(6):  99-112.  doi:10.11959/j.issn.2096-109x.2021083
    Asbtract ( 169 )   HTML ( 37)   PDF (2425KB) ( 243 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Federated learning is a new distributed machine learning technology, where training tasks are deployed on user side and training model parameters are sent to the server side.In the whole process, participants do not need to share their own data directly, which greatly avoids privacy issues.However, the trust relationship between mobile users in the learning model has not been established in advance, there is hidden safety when users perform cooperative train with each other.In view of the above problems, a federated learning scheme for mobile network based on reputation evaluation mechanism and blockchain was proposed.The scheme allowed the server side to use subjective logic models to evaluate the reputation of participating mobile users and provided them with credible reputation opinions sharing environment and dynamic access strategy interface based on the technique of smart contract of blockchain.Theoretical and experimental analys is results show that the scheme can enable the server side to select reliable users for training.And it can achieve more fair and effective reputation calculations, which improves the accuracy of federated learning.

    Multi-party efficient audit mechanism for data integrity based on blockchain
    Jiashun ZHOU, Na WANG, Xuehui DU
    2021, 7(6):  113-125.  doi:10.11959/j.issn.2096-109x.2021107
    Asbtract ( 131 )   HTML ( 35)   PDF (2266KB) ( 76 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    A blockchain-based data integrity multi-party high-efficiency audit mechanism (MBE-ADI) for the big data environment was proposed.A hybrid Merkle DAG structure based on data domain was built to organize data, and realized the simultaneous verification of a large number of unstructured data in the big data environment.In order to deal with the problem of large amount of data in the big data environment, a multi copy deterministic verification method based on BLS signature was designed to realize the efficient verification of data integrity supporting multiple copies.A dual verification audit architecture based on consortium blockchain was designed to realize decentralized automatic audit and audit history credible traceability.At the same time, data integrity verification services were provided for data owners and data users to realize reliable acquisition of data.The test proves the feasibility of the system and the efficiency of data integrity audit.

    Papers
    Application progress of SGX in trusted computing area
    Bo ZHAO, Anqi YUAN, Yang AN
    2021, 7(6):  126-142.  doi:10.11959/j.issn.2096-109x.2021066
    Asbtract ( 131 )   HTML ( 23)   PDF (1862KB) ( 96 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    The trusted computing technology SGX protects the confidentiality and integrity of key codes and data by isolating a trusted execution environment, which can help prevent all kinds of attacks.Firstly, the research background and working principle of SGX were introduced, the research status of SGX in the field of trusted computing were analyzed.Then, sorted out the current application difficulties and solutions of SGX were sorted out and compared with other trusted computing technologies.Finally, SGX technology development direction in the field of trusted computing was discussed.

    Webshell malicious traffic detection method based on multi-feature fusion
    Yuan LI, Yunpeng WANG, Tao LI, Baoqiang MA
    2021, 7(6):  143-154.  doi:10.11959/j.issn.2096-109x.2021103
    Asbtract ( 142 )   HTML ( 41)   PDF (2100KB) ( 251 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Webshell is the most common malicious backdoor program for persistent control of Web application systems, which poses a huge threat to the safe operation of Web servers.For most Webshell detection method based on the request packet data for training, the method for web-based Webshell recognition effect is poorer, and the model of training efficiency is low.In response to the above problems, a Webshell malicious traffic detection method based on multi-feature fusion was proposed.The method was characterized by the three dimensions of Webshell packet meta information, packet payload content and traffic access behavior.Combining domain knowledge, feature extraction of request and response packets in the data stream.Transformed into feature extraction information for information fusion, forming a discriminant model that could detect different types of attacks.Compared with the previous research method, the accuracy rate of the method here in the two classification of normal and malicious traffic has been improved to 99.25%.The training efficiency and detection efficiency have also been significantly improved, and the training time and detection time have been reduced by 95.73% and 86.14%.

    Graph clustering method based on structure entropy constraints
    Zhiying ZHANG, Youliang TIAN
    2021, 7(6):  155-166.  doi:10.11959/j.issn.2096-109x.2021098
    Asbtract ( 94 )   HTML ( 11)   PDF (1525KB) ( 49 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Aiming at the problem of how to decode the true structure of the network from the network embedded in the large-scale noise structure at the open information sharing platform centered on big data, and furthermore accurate mining results can be obtained in the mining related information process, the method of clustering based on structure entropy was proposed to realize divide the correlation degree of nodes in the graph.A solution algorithm for calculating two-dimensional structural information and a module division algorithm based on the principle of entropy reduction were proposed to divide the nodes in the graph structure to obtain corresponding modules.The K-dimensional structural information algorithm was used to further divide the divided modules to realize the clustering of nodes in the graph structure.An example analysis shows that the proposed graph clustering method can not only reflect the true structure of the graph structure, but also effectively mine the degree of association between nodes in the graph structure.At the same time, the other three clustering schemes are compared, and the experiment shows that this scheme has higher efficiency in execution time and guarantees the reliability of the clustering results.

    Preventing man-in-the-middle attacks in DNS through certificate less signature
    Yang HU, Zengjie HAN, Guohua YE, Zhiqiang YAO
    2021, 7(6):  167-177.  doi:10.11959/j.issn.2096-109x.2021093
    Asbtract ( 107 )   HTML ( 21)   PDF (1263KB) ( 67 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Aiming at resisting the man-in-the-middle attacks in the domain name system protocol, a lightweight solution was proposed.The scheme introduced certificate less signature algorithm, removed the difficult-to-deploy trust chain to improve the efficiency and security of authentication.By using symmetric encryption technology, the proposed solution ensured the confidentiality of the message and increase the attack difficulty.The theoretical analysis proved the proposed scheme can resist common man-in-the-middle attacks.Experimental comparison results show the scheme has better performance than similar schemes.

Copyright Information
Bimonthly, started in 2015
Authorized by:Ministry of Industry and Information Technology of the People's Republic of China
Sponsored by:Posts and Telecommunications Press
Co-sponsored by:Xidian University, Beihang University, Huazhong University of Science and Technology, Zhejiang University
Edited by:Editorial Board of Chinese Journal of Network and Information Security
Editor-in-Chief:FANG Bin-xing
Executive Editor-in-Chief:LI Feng-hua
Director:YI Dong-shan
Address:F8,You Dian Publisher Building,No.11,Chengshousi Road,Fengtai District,Beijing 100078,PR China
Tel:+8610-81055479, 81055456
Fax:+86-81055464
ISSN 2096-109X
CN 10-1366/TP
visited
Total visitors:
Visitors of today:
Now online: