工业以太网协议脆弱性与安全防护技术综述

doi:10.11959/j.issn.1000-436x.2017277

通信学报 ›› 2017, Vol. 38 ›› Issue (Z2): 185-196.doi: 10.11959/j.issn.1000-436x.2017277

工业以太网协议脆弱性与安全防护技术综述

冯涛¹,鲁晔^2,^3,⁴,方君丽¹

¹ 兰州理工大学计算机与通信学院，甘肃兰州 730050
² 兰州理工大学电气工程与信息工程学院，甘肃兰州 730050
³ 甘肃省工业工程先进控制重点实验室，甘肃兰州 730050
⁴ 兰州理工大学电气与控制工程国家级实验教学示范中心，甘肃兰州 730050

出版日期:2017-11-01 发布日期:2018-06-07
作者简介:冯涛（1970-），男，甘肃临洮人，博士，兰州理工大学研究员、博士生导师，主要研究方向为网络与信息安全、密码学。|鲁晔（1986-），男，陕西宝鸡人，兰州理工大学博士生，主要研究方向为工业控制网络安全与协议安全。|方君丽（1985-），女，甘肃天水人，兰州理工大学讲师，主要研究方向为网络与信息安全。
基金资助:
国家自然科学基金资助项目(61462060);国家自然科学基金资助项目(61762060);甘肃省科技计划青年科技基金计划(1610RJYA008)

Research on vulnerability and security technology of industrial Ethernet protocol

Tao FENG¹,Ye LU^2,^3,⁴,Jun-li FANG¹

¹ College of Computer and Communication,Lanzhou University of Technology,Lanzhou 730050,China
² College of Electrical and Information Engineering,Lanzhou University of Technology,Lanzhou 730050,China
³ Key Laboratory of Gansu Advanced Control for Industrial Processes,Lanzhou University of Technology,Lanzhou 730050,China
⁴ National Demonstration Center for Experimental Electrical and Control Engineering Education,Lanzhou University of Technology,Lanzhou 730050,China.

Online:2017-11-01 Published:2018-06-07
Supported by:
The National Natural Science Foundation of China(61462060);The National Natural Science Foundation of China(61762060);Gansu Science and Technology Plan Youth Science and Technology Fund Project(1610RJYA008)

摘要/Abstract

摘要：

为解决工业控制系统信息安全问题，对工业以太网协议安全进行深入研究，报告了协议安全防护的研究现状。首先论述了工业控制系统和工业以太网协议的体系结构，分析了5种主要协议的脆弱性。其次从外部主动防御技术、内部被动防御技术和协议安全改进三个方面，提出完善的工业以太网协议安全防护模型，并对主要防护技术进行论述，最后指出未来工业以太网协议信息安全改进的发展方向和研究方法。

关键词: 工业控制系统, 工业以太网协议, 信息安全, 防御技术

Abstract:

To solve the information security of industrial control system,the safety of industrial Ethernet protocol was studied deeply,the research status of protocol security protection was reported and the vulnerability of the five-major protocol was analyzed.Firstly,the architecture of industrial control system and industrial Ethernet protocol was discussed.Secondly,from the three aspects of external active defense technology,internal passive defense technology and protocol security improvement,a perfect industrial Ethernet protocol security protection model was put forward,and the main protection technology was discussed.Finally,the future development direction and research ideas of information security improvement of industrial Ethernet protocol were pointed out.

Key words: industrial control system, industrial Ethernet protocol, information security, defense technology

中图分类号:

TP309

冯涛,鲁晔,方君丽. 工业以太网协议脆弱性与安全防护技术综述[J]. 通信学报, 2017, 38(Z2): 185-196.

Tao FENG,Ye LU,Jun-li FANG. Research on vulnerability and security technology of industrial Ethernet protocol[J]. Journal on Communications, 2017, 38(Z2): 185-196.

图/表 13

图1

图2

表1

图3

表2

表3

表4

图4

表5

图5

表6

图6

表7

参考文献 72

[1]	袁胜 . 中国制造 2025,工控安全不容忽视——工业控制系统被谁“反控”[J]. 中国信息安全, 2016(4): 44-47.
	YUAN S . Made in China 2025,industrial safety can not be ignored industrial control system who "anti-control"[J]. China Information Security, 2016(4): 44-47.
[2]	罗军舟, 杨明, 凌振 ,等. 网络空间安全体系与关键技术[J]. 中国科学:信息科学, 2016,46(8):939.
	LUO J Z , YANG M , LIN Z ,et al. Cyberspace security system and key technologies[J]. Scientia Sinica Information, 2016,46(8): 9-39.
[3]	屈婉莹, 魏为民, 朱苏榕 . 工业控制系统通信协议安全研究[C]\\ 全国智能电网用户端能源管理学术年会. 2015.
	QU W Y , WEI W M , ZHU S R . Research on communication protocol security of industrial control system[C]// Clients nationwide smart grid energy management Annual Conference. 2015.
[4]	陶耀东, 李宁, 曾广圣 . 工业控制系统安全综述[J]. 计算机工程与应用, 2016,52(13): 8-18.
	TAO Y D , LI N , ZENG G S.Review of industrial control systems security . Computer Engineering and Applications[J]. Computer Engineering and Applications, 2016,52(13): 8-18.
[5]	柴天佑 . 工业过程控制系统研究现状与发展方向[J]. 中国科学:信息科学, 2016,46(8):1003.
	CHAI T Y . Research status and development direction of industrial process control system[J]. Scientia Sinica Information, 2016,46(8):1003.
[6]	夏春明, 刘涛, 王华忠 ,等. 工业控制系统信息安全现状及发展趋势[J]. 信息安全与技术, 2013,4(2): 13-18.
	XIA C M , LIU T , WANG Z H ,et al. Industrial control system security analysis[J]. Information Security and Technology, 2013,4(2): 13-18.
[7]	PIGGIN R S H , . Development of industrial cyber security standards:IEC 62443 for SCADA and industrial control system security[C]// Control and Automation 2013:Uniting Problems and Solutions,IET, 2013: 1-6.
[8]	彭勇, 江常青, 谢丰 ,等. 工业控制系统信息安全研究进展[J]. 清华大学学报自然科学版, 2012(10): 1396-1408.
	PENG Y , JIANG C Q , XIE F ,et al. Industrial control system cyber security research[J]. Tsinghua Univ (Sci＆Tech), 2012(10): 1396-1408.
[9]	SHAHZAD A , LEE M , LEE Y K ,et al. Real time MODBUS transmissions and cryptography security designs and enhancements of protocol sensitive information[J]. Symmetry, 2015,7(3): 1176-1210.
[10]	NARDONE R , RODRíGUEZ R J , MARRONE S . Formal security assessment of Modbus protocol[C]// Internet Technology and Secured Transactions. 2017.
[11]	KOBAYASHI T H , JR A B B , MEDEIROS J P S ,et al. Analysis of malicious Traffic in Modbus/TCP Communications[C]// International Workshop on Critical Information Infrastructures Security. Springer Berlin Heidelberg, 2008: 200-210.
[12]	HUITSING P , CHANDIA R , PAPA M ,et al. Attack taxonomies for the Modbus protocols[J]. International Journal of Critical Infrastructure Protection, 2008,1(1): 37-44.
[13]	GRANDGENETT R , GANDHI R , MAHDNEY W . Exploitation of Allen Bradley's implementation of Ethernet/IP for denial of service against industrial control systems[C]\\ 9th International Conference on Cyber Warfare and Security, 2014: 58-65.
[14]	LAUGHTER S A , WILLIAMS R D . An Ethernet/IP security review with intrusion detection applications[J]. Science, 2006,105(2731): 475-6.
[15]	孙溪 . CIP Safety网络协议通信层协议关键技术的分析[J]. 仪器仪表标准化与计量, 2014(4): 28-30.
	SUN X , . Analysis of the key technology for communication layer protocol in CIP [J]. safety and Metrology 2014(4): 28-30.
[16]	ZHANG D , WANG J , ZHANG H . Peach improvement on PROFINET-DCP for industrial control system vulnerability detection[C]// International Conference on Electrical,Computer Engineering and Electronics. 2015.
[17]	?KERBERG J , BJ?RKMAN M , . Exploring security in PROFINET IO[C]// Computer Software and Applications Conference,2009.COMPSAC '09.IEEE International. 2009: 406-412.
[18]	LEHNHOFF S , ROHJANS S , USLAR M ,et al. OPC unified architecture:a service-oriented architecture for smart grids[C]// International Workshop on Software Engineering for the Smart Grid. 2012: 1-7.
[19]	PUYS M , POTET M L , LAFOURCADE P . Formal analysis of security properties on the OPC-UA SCADA protocol[C]// International Conference on Computer Safety,Reliability,and Security. Springer International Publishing, 2016: 67-75.
[20]	HUANG R , FENG L , PAN D . Research on OPC UA security[C]// Industrial Electronics and Applications. 2010: 1439-1444.
[21]	QIAO J X . Research on OPC security mechanism based on MTS/COM+[J]. Computer Technology ＆ Development, 2007.
[22]	BAGARIA S , PRABHAKAR S B , SAQUIB Z . Flexi-DNP3:flexible distributed network protocol version 3 (DNP3) for SCADA security[C]// International Conference on Recent Trends in Information Systems. 2012: 293-296.
[23]	MAJDALAWIEH M , PARISIPRESICCE F , WIJESEKERA D . DNPSec:distributed network protocol version 3 (DNP3) security framework[M]. Advances in Computer,Information,and Systems Sciences,and Engineering. 2007： 227-234.
[24]	CRAIN J A , BRATUS S . Bolt-on security extensions for industrial control system protocols:A case study of DNP3 SAv5[J]. IEEE Security ＆ Privacy Magazine, 2015,13(3): 74-79.
[25]	IAN Y X , . Real-time and interactive attacks on DNP3 critical infrastructure using Scapy[C]// Australasian Information Security Conference (ACSW-AISC). 2015.
[26]	DARWISH I , IGBE O , SAADAWI T . Vulnerability assessment and experimentation of Smart Grid DNP3[J]. Journal of Cyber Security, 2016,5(1): 23-54.
[27]	JIN D , NICOL D M , YAN G . An event buffer flooding attack in DNP3 controlled SCADA systems[C]// Simulation Conference. 2011: 2619-2631.
[28]	张盛山, 尚文利, 万明 ,等. 基于区域/边界规则的Modbus TCP通讯安全防御模型[J]. 计算机工程与设计, 2014,35(11): 3701-3707.
	ZHANG S S , SHANG W L , WAN M ,et al. Security defense module of Modbus TCP communication based on region/enclave rules[J]. Computer Engineering and Design, 2014,35(11): 3701-3707.
[29]	KATO W M I , KOIKE M , MATTA M . Dynamic zoning based on situational activities for ICS security[C]// The 10th Asian Control Conference(ASCC). 2015: 1-5.
[30]	JEON B S , NA J C . A study of cyber security policy in industrial control system using data diodes[C]// The 18th International Conference on Advanced Communication Technology (ICACT). 2016: 314-317.
[31]	ICS-CERT.Targeted cyber intrusion detection and mitigation strategies[R]. Washington:DHS, 2013-02.
[32]	FOVINO I N , CARCANO A , MUREL T D L ,et al. Modbus/DNP3 State-Based Intrusion Detection System[C]// IEEE International Conference on Advanced Information NETWORKING and Applications. 2010: 729-736.
[33]	姜伟伟, 刘光杰, 戴跃伟 . 基于Snort的Modbus TCP工控协议异常数据检测规则设计[J]. 计算机科学, 2015,42(11): 212-216.
	JIANG W W , LIU G J , DAI Y W . Design of Modbus TCP industrial control network protocol abnormal data detection rules based on snort[J]. Computer Science, 2015,42(11): 212-216.
[34]	赖英旭, 刘增辉, 蔡晓田 ,等. 工业控制系统入侵检测研究综述[J]. 通信学报, 2017,38(2): 143-156.
	LAI Y X , LIU Z H , CAI X T ,et al. Research on intrusion detection of industrial control system[J]. Journal on Communications, 2017,38(2): 143-156.
[35]	WILHIOT K . Who’s really attacking your ICS equipment[R]. Silicon Valley：Trend Micro Incorporated, 2013.
[36]	周昆 . 一种基于 Honeyd 的过程控制蜜罐系统的平台搭建研究[D]. 上海:华东理工大学, 2014.
	ZHOU K . A honeypot process control system platform based on honeyd[D]. Shanghai:East China University of Science and Technology, 2014.
[37]	PONOMAREV S , ATKISON T . Industrial control system network intrusion detection by telemetry analysis[J]. IEEE Transactions on Dependable and Secure Computing, 2016,13(2): 252-260.
[38]	于长奇 . 工控设备漏洞挖掘技术研究[D]. 北京:北京邮电大学, 2015.
	YU C Q . The Study of Industrial Control System Device Vulnerability Discovery[D]. Beijing:Beijing University of Posts and Telecommunications, 2015.
[39]	王欢欢 . 工控系统漏洞扫描技术的研究[D]. 北京:北京邮电大学, 2015.
	WANG H H . Research on vulnerability scanning technology of industrial control system[D]. Beijing University of Posts and Telecommunications, 2015.
[40]	伊胜伟, 张翀斌, 谢丰 ,等. 基于Peach的工业控制网络协议安全分析研究[J]. 清华大学学报自然科学版, 2017,57(1): 50-54.
	YI S W , ZHANG C B , XIE F ,et al. Security analysis of industrial control network protocols based on Peach[J]. J Tsinghua Univ (Sci ＆Technol), 2017,57(1): 50-54.
[41]	CHEUNG S , DUTERTRE B , FONG M ,et al. Using model-based intrusion detection for SCADA networks[C]// The Scada Security Scientific Symposium. 2016.
[42]	FOVINO I N , CARCANO A , MUREL T D L ,et al. Modbus/DNP3 state-based intrusion detection system[J]. Advanced Information Networking and Applications, 2010: 729-736.
[43]	YANG D Y , USYNIN A , HINES J W . Anomaly-based intrusion detection for SCADA systems[J]. International Atomic Energy Agency (IAEA),Technical Meeting on Cyber Security,Idaho, 2016.
[44]	TSANG C H , KWONG S . Multi-agent intrusion detection system in industrial network using ant colony clustering approach and unsupervised feature extraction[M]. 2016.
[45]	NSS E , FRINCKE D A , MCKINNON A D ,et al. Configurable Middleware-Level Intrusion Detection for Embedded Systems[C]// International Workshop on Security in Distributed Computing Systems. IEEE Computer Society, 2015: 144-151.
[46]	罗新强 . 低开销工业无线网络安全机制研究[D]. 北京:北京科技大学, 2015.
	LUO X Q . Research on Low-Cost Security Mechanism of Industrial Wireless Network[D]. Beijing:University of Science and Technology Beijing, 2015.
[47]	MOREIRA N , MOLINA E , LáZARO J ,et al. Cyber-security in substation automation systems[J]. Renewable ＆ Sustainable Energy Reviews, 2016,54: 1552-1562.
[48]	BINOD V , DIMITRIOS M , HUSSEIN T M . Authentication and Authorization Mechanisms for Substation Automation in Smart Grid Network[J]. IEEE Network, 2013(1): 5-11.
[49]	TSANG P P , SMITH S W . YASIR:a low-latency,high-integrity security retrofit for legacy SCADA systems[C]// The 23rd International Axiomatic Security Conference. Springer US, 2008: 445-459.
[50]	SOLOMAKHIN R , TSANG P , SMITH S . High security with low latency in legacy SCADA systems[J]. Advances in Information ＆Communication Technology, 2010,342: 63-79.
[51]	WEI D , LU Y , JAFARI M ,et al. Protecting smart grid automation systems against cyberattacks[J]. IEEE Transactions on Smart Grid, 2011,2(4): 782-795.
[52]	PREMNATH A P , JO J Y , KIM Y . Application of NTRU cryptographic algorithm for SCADA security[C]// International Conference on Information Technology. 2014: 341-346.
[53]	PATEL S C , BHATT G D , GRAHAM J H . Improving the cyber security of SCADA communication networks[J]. Communications of the ACM, 2009,52(7): 139-142.
[54]	SABALIAUSKAITE G , MATHUR A P . Design of intelligent checkers to enhance the security and safety of cyber physical systems[C]// The 38th Annual International Computers,Software and Applications Conference Workshops, 2014: 7-12.
[55]	HAO J P , PIECHOCKI R J , KALESHI D ,et al. Sparse malicious false data injection attacks and defense mechanisms in smart grids[J]. IEEE Transactions on Industrial Informatics, 2015,11(5): 1198-1209.
[56]	辛耀中, 石俊杰, 周京阳 ,等. 智能电网调度控制系统现状与技术展望[J]. 电力系统自动化, 2015,39(1): 2-8.
	XIN Y Z , SHI J J , ZHOU J Y ,et al. Technology development trends of smart grid dispatching and control systems[J]. Automation of Electric Power Systems, 2015,39(1): 2-8.
[57]	陈来军, 梅生伟, 陈颖 . 智能电网信息安全及其对电力系统生存性的影响[J]. 控制理论与应用, 2012,29(2): 240-244.
	CHEN L J , MEI S W , CHEN Y . Smart grid information security and its influence on power system survivability[J]. Control Theory ＆ Applications, 2012,29(2): 240-244.
[58]	曾鸣, 李红林, 薛松 ,等. 系统安全背景下未来智能电网建设关键技术发展方向—印度大停电事故深层次原因分析及对中国电力工业的启示[J]. 中国电机工程学报, 2012,32(25): 175-181.
	ZENG M , LI H L , XUE S ,et al. Key technologies of future smart grid construction based on power system security:a view of blackout in India and experience and enlightment to power industry in China[J]. Proceedings of the CSEE, 2012,32(25): 175-181.
[59]	丁冠军, 樊邦奎, 兰海滨 ,等. 智能电网信息安全威胁及防御策略研究[J]. 电力信息与通信技术, 2014,12(5): 58-63.
	DING G J , FAN B K , LAN H B ,et al. Research on information security threats and defense strategies for smart grid[J]. Electric Power ICT, 2014,12(5): 58-63.
[60]	刘雪艳, 张强, 李战明 . 智能电网信息安全研究综述[J]. 智能电网, 2014,12(4): 56-60.
	LIU X Y , ZHANG Q , LI Z M . A Survey on information security for smart grid[J]. Electric Power ICT, 2014,12(4): 56-60.
[61]	张海鹏 . 智能电网信息安全威胁及防御技术研究[D]. 石家庄：河北科技大学, 2014.
	ZHANG H P . Smart grid information security threats and defense technology research[D]. Shijiazhuang:Hebei University of Science and Technology, 2014.
[62]	LU Z , LU X , WANG W ,et al. Review and evaluation of security threats on the communication networks in the smart grid[C]// Proceedings of IEEE Military Communications Conference,San Jose. 2010. 1830-1835.
[63]	LI H , MAO R , LAI L ,et al. Compressed meter reading for delay-sensitive and secure load report in smart grid[C]// Proceedings of the 1st IEEE International Conference on Smart Grid Communications,Gaithersburg. 2010: 114-119.
[64]	RIAL A , DANEZIS G . Privacy-preserving smart metering[C]// In:Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society. 2011: 49-60.
[65]	RUJ S , NAYAK A . A decentralized security framework for data aggregation and access control in smart grids[J]. IEEE Trans Ind Electron, 2013,4: 196-205
[66]	ROTTONDI C , VERTICALE G , CAPONE A . Privacy-preserving smart metering with multiple data consumers[J]. Computer Network, 2013,57: 1699-1713
[67]	BIRMAN K , JELASITY M , KLEINBERG R ,et al. Building a secure and privacy-preserving smart grid[J]. ACM Special Interest Group Operating Syst Rev, 2015,49: 131-136
[68]	LI H , LAI L , QIU R C . Communication capacity requirement for reliable and secure state estimation in smart grid[C]// Proceedings of the 1st IEEE International Conference on Smart Grid Communications,Gaithersburg. 2010: 191-196
[69]	张彤 . 电力可信网络体系及关键技术的研究[D]. 北京:华北电力大学, 2013.
	ZHANG T . Research on theory and key technologies of trustednetwork in electric power industry control system[D]. Beijing:North China Electric Power University, 2013.
[70]	詹静, 杨静 . 基于远程证明的可信 Modbus/TCP 协议研究[J]. 四川大学学报(工程科学版), 2017,49(1): 197-205.
	ZHAN J , YANG J . Research on remote attestation-based trusted Modbus/TCP protocol[J]. Advanced Engineering Sciences, 2017,49(1): 197-205.
[71]	邵诚, 钟梁高 . 一种基于可信计算的工业控制系统信息安全解决方案[J]. 信息与控制, 2015,44(5): 628-633.
	SHAO C , ZHONG L G . Research of information security solutions of industrial control system based on trusted computing[J]. Information and Control, 2015,44(5): 628-633.
[72]	袁勇, 王飞跃 . 区块链技术发展现状与展望[J]. 自动化学报, 2016,42(4): 481-494.
	YUAN Y , WANG F Y . Blockchain:the state of the art and future trends[J]. Acta Automatica Sinica, 2016,42(4): 481-494.

漏洞	文献
加密	文献[9,10]
认证	文献[10]
校验	文献[12]
可编程	文献[11,12]
溢出	文献[11,12]
广播风暴	文献[10,11]

漏洞	文献
加密	文献[13,15]
认证	文献[14,15]
重放	文献[15]
拒绝服务	文献[11,15]

漏洞	文献
加密	文献[10,19]
认证	文献[19]
完整性	文献[10,19]
DOS	文献[20]
主机	文献[21]

协议	可用性	可靠性	完整性	保密性	不可抵赖性	安全版本	系统关联度
Modbus/TCP	○	○	×	×	×	×	×
Ethernet/IP	○	○	○	×	×	○	×
Profinet	○	○	×	×	×	×	×
OPC	○	○	○	×	×	○	○
DNP3	○	○	○	○	○	○	×

文献	支持协议	防御策略	防御技术	防御效果	局限性
文献[28]	Modbus TCP	纵深防御	数据匹配	中	难以防范具备专业知识的攻击
文献[29]	ICS	纵深防御	行为感知	中	仅针对单一协议数据
文献[30]	ICS	纵深防御	数据二极管	中	数据单向传输
文献[31]	ICS	纵深防御	白名单	中	需制定大量规则，维护难度大，易误操作
文献[32]	DNP3/ Modbus	入侵检测	数据匹配	中	难以防范具备专业知识的攻击
文献[33]	Modbus TCP	入侵检测	数据匹配	中	需制定大量规则，维护难度大，易误操作
文献[35]	ICS	蜜罐	Conpot	低
文献[36]	ICS	蜜罐	Honeyd	低	无法实际防御，仅对攻击行为进行收集
文献[37]	ICS	蜜罐	Conpot	低
文献[38]	Modbus TCP	漏洞挖掘	Fuzzing	低
文献[39]	Modbus TCP	漏洞挖掘	Fuzzing	低	不能直接防御攻击、存在误报
文献[40]	Modbus TCP	漏洞挖掘	Fuzzing	低

工业以太网协议脆弱性与安全防护技术综述

Research on vulnerability and security technology of industrial Ethernet protocol

在线阅读

PDF下载

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 13

参考文献 72

相关文章 15

Metrics

推荐阅读 0

文献	支持协议	评估技术	评估效果	局限性
文献[41]	Modbus TCP	攻击图	中	行为摸型不够精确时，导致较高的误报率
文献[42]	DNP3	HLPSL语言	中	仅模拟关键状态
文献[30]	ICS	状态矩阵	中	漏报率和误报率取决于阈值的设定
文献[31]	ICS	蚁群聚类算法	中	聚类尺度标准的划定影响检测精度
文献[45]	Modbus TCP	中间件	低	不适当的策略配置，导致系统的不确定行为

文献	支持协议	改进策略	改进技术	改进效率	局限性
文献[46]	WLAN	链路加密	Hash-Chain	低
文献[47]	ICS	链路加密	Mac	低	链路负荷增加，实时性降低
文献[30]	ICS	链路加密	ECC	低
文献[31]	Modbus TCP	节点加密	BITW	中
文献[32]	ICS	节点加密	YASIR	中	每一个节点都需要绑定加解密设备，成本高，实时性低
文献[33]	Modbus TCP	节点加密	BITW	中
文献[52]	ICS	端到端加密	NTRU	高
文献[53]	ICS	端到端加密	SSL、TLS、IPsec	高	端节点需要绑定加解密设备，成本高，实时性低

[1]	陈炜宇, 骆俊杉, 王方刚, 丁海洋, 王世练, 夏国江. 无线隐蔽通信容量限与实现技术综述[J]. 通信学报, 2022, 43(8): 203-218.
[2]	张晗,胡永进,郭渊博,陈吉成. 信息安全领域内实体共指消解技术研究[J]. 通信学报, 2020, 41(2): 165-175.
[3]	印曦,黄伟庆. 基于混沌理论的彩色QR编码水印技术研究[J]. 通信学报, 2018, 39(7): 50-58.
[4]	王秦,朱建明. 基于Gordon-Loeb模型的信息安全投资博弈研究[J]. 通信学报, 2018, 39(2): 174-182.
[5]	汤光明,孙艺,徐潇雨,王宇. 动态更新失真代价的自适应JPEG隐写算法[J]. 通信学报, 2017, 38(9): 1-8.
[6]	赖英旭,刘增辉,蔡晓田,杨凯翔. 工业控制系统入侵检测研究综述[J]. 通信学报, 2017, 38(2): 143-156.
[7]	刘牧洲,仇剑书,张云勇,严斌峰,张思遥,汤雅妃. 基于标识密钥技术的证书集成管理平台[J]. 通信学报, 2016, 37(Z1): 197-203.
[8]	温涛,张玉清,刘奇旭,杨刚. UVDA：自动化融合异构安全漏洞库框架的设计与实现[J]. 通信学报, 2015, 36(10): 235-244.
[9]	张玉清,武倩如,刘奇旭,董颖. 第三方追踪的安全研究[J]. 通信学报, 2014, 35(9): 1-11.
[10]	汪洁,何小贤. 基于种子——扩充的多态蠕虫特征自动提取方法[J]. 通信学报, 2014, 35(9): 12-19.
[11]	丁宇新，肖骁，吴美晶，张逸彬，董丽. 基于半监督学习的社交网络用户属性预测[J]. 通信学报, 2014, 35(8): 3-22.
[12]	李晖，李凤华，曹进，牛犇，孙文海，耿魁. 移动互联服务与隐私保护的研究进展[J]. 通信学报, 2014, 35(11): 1-8.
[13]	董婵,范修斌,李有文,王建荣. 应用规律下的BLP模型密级赋值方法[J]. 通信学报, 2013, 34(9): 142-149.
[14]	李卫卫. 平衡H布尔函数的相关免疫性研究[J]. 通信学报, 2013, 34(8): 82-87.
[15]	李卫卫. 平衡H布尔函数的相关免疫性研究[J]. 通信学报, 2013, 34(8): 11-87.