Please wait a minute...

Current Issue

    25 August 2018, Volume 39 Issue 8
    Artificial Intelligence and Network Security
    Application of artificial intelligence technology in the field of security vulnerability
    Hongyu SUN,Yuan HE,Jice WANG,Ying DONG,Lipeng ZHU,He WANG,Yuqing ZHANG
    2018, 39(8):  1-17.  doi:10.11959/j.issn.1000-436x.2018137
    Asbtract ( 2290 )   HTML ( 182)   PDF (1066KB) ( 3800 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    The large number of software and the enhancement of complexity have brought severe challenges to the research of software security vulnerabilities.The efficiency of manual research on security vulnerabilities is low and cannot meet the needs of cyberspace security.Therefore,how to apply artificial intelligence techniques such as machine learning and natural language processing to the study of security vulnerabilities has become a new hot spot.Artificial intelligence technology can intelligently process vulnerability information,which can assist in the research of security vulnerabilities and improve the efficiency of research on security vulnerabilities such as vulnerability mining.Firstly,the key technologies of automatic mining,automatic assessment,automatic exploitation and automatic repair of security vulnerabilities were analyzed,which pointed out that the automation of security vulnerability mining was the key of the application of artificial intelligence in the field of security vulnerability.Then,the latest research results of applying artificial intelligence technology to the research on security vulnerabilities was analyzed and summarized in recent years,which pointed out some problems in the application and gave corresponding solutions.Finally,the development trend of intelligent research on security vulnerabilities was prospected.

    BotCatcher:botnet detection system based on deep learning
    Di WU,Binxing FANG,Xiang CUI,Qixu LIU
    2018, 39(8):  18-28.  doi:10.11959/j.issn.1000-436x.2018135
    Asbtract ( 1533 )   HTML ( 157)   PDF (1239KB) ( 2853 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Machine learning technology has wide application in botnet detection.However,with the changes of the forms and command and control mechanisms of botnets,selecting features manually becomes increasingly difficult.To solve this problem,a botnet detection system called BotCatcher based on deep learning was proposed.It automatically extracted features from time and space dimension,and established classifier through multiple neural network constructions.BotCatcher does not depend on any prior knowledge which about the protocol and the topology,and works without manually selecting features.The experimental results show that the proposed model has good performance in botnet detection and has ability to accurately identify botnet traffic .

    Network security threat warning method based on qualitative differential game
    Shirui HUANG,Hengwei ZHANG,Jindong WANG,Ruiyu DOU
    2018, 39(8):  29-36.  doi:10.11959/j.issn.1000-436x.2018134
    Asbtract ( 470 )   HTML ( 10)   PDF (940KB) ( 798 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Most current network security research based on game theory adopts the static game or multi-stage dynamic game model,which does not accord with the real-time change and continuity of the actual network attack-defense process.To make security threats warning more consistent with the attack-defense process,the threat propagation process was analyzed referring to the epidemic model.Then the network attack-defense game model was constructed based on the qualitative differential game theory,by which the evolution of the network security state could be predicted.Based on the model,the qualitative differential game solution method was designed to construct the attack-defense barrier and divide the capture area.Furthermore,the threat severity in different security states were evaluated by introducing multidimensional Euclidean distance.By designing the warning algorithm,the dynamic warning of the network security threat was realized,which had better accuracy and timeliness.Finally,simulation results verify the effectiveness of the proposed algorithm and model.

    Heuristic Sarsa algorithm based on value function transfer
    Jianping CHEN,Zhengxia YANG,Quan LIU,Hongjie WU,Yang XU,Qiming FU
    2018, 39(8):  37-47.  doi:10.11959/j.issn.1000-436x.2018133
    Asbtract ( 512 )   HTML ( 10)   PDF (1147KB) ( 947 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    With the problem of slow convergence for traditional Sarsa algorithm,an improved heuristic Sarsa algorithm based on value function transfer was proposed.The algorithm combined traditional Sarsa algorithm and value function transfer method,and the algorithm introduced bisimulation metric and used it to measure the similarity between new tasks and historical tasks in which those two tasks had the same state space and action space and speed up the algorithm convergence.In addition,combined with heuristic exploration method,the algorithm introduced Bayesian inference and used variational inference to measure information gain.Finally,using the obtained information gain to build intrinsic reward function model as exploring factors,to speed up the convergence of the algorithm.Applying the proposed algorithm to the traditional Grid World problem,and compared with the traditional Sarsa algorithm,the Q-Learning algorithm,and the VFT-Sarsa algorithm,the IGP-Sarsa algorithm with better convergence performance,the experiment results show that the proposed algorithm has faster convergence speed and better convergence stability.

    Website defense strategy selection method based on attack-defense game and Monte Carlo simulation
    Hao WU,Jiulun FAN,Chengzhe LAI,Jianhua LIU
    2018, 39(8):  48-55.  doi:10.11959/j.issn.1000-436x.2018131
    Asbtract ( 629 )   HTML ( 30)   PDF (1051KB) ( 955 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Aiming at the selection of security defense strategy in network attack-defense,the dynamic change process of mutual influence between attack-defense strategy was studied.Based on the game process of both offense and defense,the attack-defense game model was constructed,the attack process of the attacker based on Monte Carlo simulation was simulated and the attacker’s best attack utility was obtained,so as to calculate the best defensive utility of the defender.In order to maximize the effectiveness of network security defense,the optimal defense strategy under limited resources was implemented.Simulation experiments verify the effectiveness of the proposed method and analyze the influence of different parameter settings on the selection of defense strategy.

    Defense decision-making method based on incomplete information stochastic game and Q-learning
    Hongqi ZHANG,Junnan YANG,Chuanfu ZHANG
    2018, 39(8):  56-68.  doi:10.11959/j.issn.1000-436x.2018145
    Asbtract ( 1307 )   HTML ( 28)   PDF (1188KB) ( 1471 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Most of the existing stochastic games are based on the assumption of complete information,which are not consistent with the fact of network attack and defense.Aiming at this problem,the uncertainty of the attacker’s revenue was transformed to the uncertainty of the attacker type,and then a stochastic game model with incomplete information was constructed.The probability of network state transition is difficult to determine,which makes it impossible to determine the parameter needed to solve the equilibrium.Aiming at this problem,the Q-learning was introduced into stochastic game,which allowed defender to get the relevant parameter by learning in network attack and defense and to solve Bayesian Nash equilibrium.Based on the above,a defense decision algorithm that could learn online was designed.The simulation experiment proves the effectiveness of the proposed method.

    DeepRD:LSTM-based Siamese network for Android repackaged applications detection
    Run WANG,Benxiao TANG,Li’na WANG
    2018, 39(8):  69-82.  doi:10.11959/j.issn.1000-436x.2018148
    Asbtract ( 612 )   HTML ( 28)   PDF (947KB) ( 971 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    The state-of-art techniques in Android repackaging detection relied on experts to define features,however,these techniques were not only labor-intensive and time-consuming,but also the features were easily guessed by attackers.Moreover,the feature representation of applications which defined by experts cannot perform well to the common types of repackaging detection,which caused a high false negative rate in the real detection scenario.A deep learning-based repackaged applications detection approach was proposed to learn the program semantic features automatically for addressing the above two issues.Firstly,control and data flow analysis were taken for applications to form a sequence feature representation.Secondly,the sequence features were transformed into vectors based on word embedding model to train a Siamese LSTM network for automatically program feature learning.Finally,repackaged applications were detected based on the similarity measurement of learned program features.Experimental results show that the proposed approach achieves a precision of 95.7% and false negative rate of 6.2% in an open sourced dataset AndroZoo.

    Template attack of Crypto chip based on clustering
    Zhen WU,Zhibo DU,Min WANG,Chunling XIANG
    2018, 39(8):  83-93.  doi:10.11959/j.issn.1000-436x.2018130
    Asbtract ( 412 )   HTML ( 14)   PDF (879KB) ( 1027 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    The known-key establishment template and others full control of experimental equipment preconditions are required to implement the traditional template attack.The preconditions restrict the application scenario of template attack.The template attack is only applied to the device that the key input can be controlled.In order to resolve the restrictive preconditions,a novel method of template attack based on clustering was proposed.The clustering EM algorithm was modified according to the characteristics of information leakage model in the method.The modified clustering methods accurately fitted the leaked information probability model in the case of unknown key,the location of information leakage could be determined.Then the attack established the templates in the location,and implemented template matching.The proposed method eliminates the dependence of traditional template attacks on per-conditions and expand the application scenario of template attack.

    Papers
    UCAP:a PCL secure user authentication protocol in cloud computing
    Xuefeng LI,Junwei ZHANG,Jianfeng MA
    2018, 39(8):  94-105.  doi:10.11959/j.issn.1000-436x.2018147
    Asbtract ( 347 )   HTML ( 9)   PDF (925KB) ( 903 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    As the combine of cloud computing and Internet breeds many flexible IT services,cloud computing becomes more and more significant.In cloud computing,a user should be authenticated by a trusted third party or a certification authority before using cloud applications and services.Based on this,a protocol composition logic (PCL) secure user authentication protocol named UCAP for cloud computing was proposed.The protocol used a symmetric encryption symmetric encryption based on a trusted third party to achieve the authentication and confidentiality of the protocol session,which comprised the initial authentication phase and the re-authentication phase.In the initial authentication phase,the trusted third party generated a root communication session key.In the re-authentication phase,communication users negotiated a sub session key without the trusted third party.To verify the security properties of the protocol,a sequential compositional proof method was used under the protocol composition logic model.Compared with certain related works,the proposed protocol satisfies the PCL security.The performance of the initial authentication phase in the proposed scheme is slightly better than that of the existing schemes,while the performance of the re-authentication phase is better than that of other protocols due to the absence of the trusted third party.Through the analysis results,the proposed protocol is suitable for the mutual authentication in cloud computing.

    High-precision symbol timing algorithm for specific emitter identification
    Yiwei PAN,Hua PENG,Tianyun LI,Wenya WANG
    2018, 39(8):  106-112.  doi:10.11959/j.issn.1000-436x.2018132
    Asbtract ( 274 )   HTML ( 2)   PDF (857KB) ( 680 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    The existing symbol timing algorithms have the problems that the method of delay estimation is improper and the calculation precision of the interpolation is insufficient for the pretreatment of specific emitter identification.A high-precision symbol timing algorithm was proposed to solve these problems.Aiming at the former problem,a two-step estimation method was adopted,rough estimation of delay was firstly obtained by the forward algorithm,and then the accurate value was acquired through local search with the demodulated symbols.For the latter problem,a window-based approach was used to design an interpolating filter which could optimize the anti-aliasing characteristics and improve the calculation accuracy.Simulation results show that the proposed algorithm can effectively solve the above problems and achieve better recognition results in the radiation source recognition compared with the conventional symbol timing algorithm.

    Data integrity verification based on model cloud federation of TPA
    Junfeng TIAN,Tianle LI
    2018, 39(8):  113-124.  doi:10.11959/j.issn.1000-436x.2018144
    Asbtract ( 780 )   HTML ( 8)   PDF (814KB) ( 666 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Aiming at the untrustworthiness of third-party auditor (TPA) in the publicity verification model,a data integrity verification model based on the cloud federation of TPA was proposed.Firstly,the cloud federation of TPA’s architecture was designed and the main functional components and function of the system platform was defined.The federation could manage and control the TPA cloud members.Secondly,TPA was designed in detail by using trusted computing technology and blockchain technology to ensure the credibility of the TPA execution environment and workflow.Finally,the data integrity verification model was built by using cloud federation of TPA.The correctness,security and effectiveness of the model were analyzed theoretically and experimentally.

    Link-lifetime-based service restoration in optical datacenter network
    Ninghai BAO,Yuan YUAN,Ziqian LIU,Ming KUANG
    2018, 39(8):  125-132.  doi:10.11959/j.issn.1000-436x.2018146
    Asbtract ( 290 )   HTML ( 3)   PDF (799KB) ( 631 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Aiming at the correlated and cascading failures caused by large-scale disasters,a post-disaster service restoration scheme was proposed.This scheme utilized global service bandwidth concession and the limited lifetime of local links to mitigate resource crunch in the post-disaster network.According to their bandwidth and holding time requirements,the impacted services for restoration was prioritized firstly,then jointly employed anycast and manycast routing strategies to improve the service connectivity and bandwidth resource utilization.Simulation results show that the proposed scheme can significantly reduce the service loss ratio,effectively prolong the holding time of the impacted services and decrease the data flow loss ratio in the post-disaster network.

    Carrier frequency offsets estimation for distributed MIMO system based on SOMP method
    Yanyan HUANG,Hua PENG
    2018, 39(8):  133-139.  doi:10.11959/j.issn.1000-436x.2018142
    Asbtract ( 286 )   HTML ( 5)   PDF (750KB) ( 859 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    By utilizing the half invariant property of high-order cyclic cumulants,the equation of signals and its high-order cyclic cumulants was rederivated first.Then simultaneous orthogonal matching pursuit (SOMP) method was used to jointly reconstruct multiple receiving signals’ high-order cyclic cumulants.At last,according to the fourfold relationship between carrier frequency offsets and cyclic frequencies of main non-zeros high-order cyclic cumulants,multiple transmitting signals’ carrier frequency offsets were obtained.Comparing with existing algorithms,the correlation between receiving signals is fully used by the proposed algorithm,the carrier frequency offset estimation performance at low signal to noise is improved and the pilots numbers are reduced.

    DDoS attack detection method based on conditional entropy and GHSOM in SDN
    Junfeng TIAN,Liuling QI
    2018, 39(8):  140-149.  doi:10.11959/j.issn.1000-436x.2018140
    Asbtract ( 1050 )   HTML ( 16)   PDF (1024KB) ( 1110 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Software defined networking (SDN) simplifies the network architecture,while the controller is also faced with a security threat of “single point of failure”.Attackers can send a large number of forged data flows that do not exist in the flow tables of the switches,affecting the normal performance of the network.In order to detect the existence of this kind of attack,the DDoS attack detection method based on conditional entropy and GHSOM in SDN (MBCE&G) was presented.Firstly,according to the phased features of DDoS,the damaged switch in the network was located to find the suspect attack flows.Then,according to the diversity characteristics of the suspected attack flow,the quaternion feature vector was extracted in the form of conditional entropy,as the input features of the neural network for more accurate analysis.Finally,the experimental environment was built to complete the verification.The experimental results show that MBCE&G detection method can effectively detect DDoS attacks in SDN network.

    Modeling and analysis of multiple access channel capacity based on hybrid energy storage and energy harvesting
    Xinwei YAO,Mengna ZHANG,Chaochao WANG,Wanliang WANG
    2018, 39(8):  150-159.  doi:10.11959/j.issn.1000-436x.2018139
    Asbtract ( 373 )   HTML ( 3)   PDF (965KB) ( 764 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Energy harvesting (EH) has been considered as a promising technology to solve the constrained energy problem in the devices of IoT with its advantages of flexible deployment and sustainable energy supply.For multiple access channel with energy harvesting,a hybrid energy storage structure model composed by super capacitor and battery was proposed for the devices of IoT.According to the peculiarities of medium access channel and energy harvesting system,an optimized energy allocation strategy with exponential-type decline (ETD) was presented,the upper and lower bounds of the average throughput were deduced,in particular,the gap of two bounds was derived to be a constant.The channel capacity was further obtained by utilizing the relationship between the average throughput and the channel capacity.In the simulations,the effect of harvested energy,storage capacity and the number of nodes on the channel capacity were analyzed respectively.Experiment results show that compared with the conventional wireless node with single battery storage,the proposed hybrid energy storage structure can improve the harvested energy value and increase the multiple access channel capacity by using adaptive modulation scheme when transmitting the signals.

    Performance study of hybrid spectrum access scheme in millimeter wave cellular network
    Zhongjie LI,Yilei CHEN,Qianqian LIU,Cuitao ZHU
    2018, 39(8):  160-168.  doi:10.11959/j.issn.1000-436x.2018141
    Asbtract ( 316 )   HTML ( 6)   PDF (1278KB) ( 964 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    In millimeter wave cellular networks,the spectrum efficiency of multi-operator dual frequency hybrid spectrum access scheme under open access mode was studied.Firstly,Poisson point process was used to model the distribution of base stations of each operator,the base station and carrier frequency were selected by users based on maximum received power criterion and high frequency carrier signal to interference plus noise ratio (SINR) threshold access criterion respectively.Secondly,the rate coverage was used as performance criteria to study the spectrum efficiency,and the theoretical expression of rate coverage was derived based on stochastic geometry theory according to channel model,path loss model and antenna model.Finally,the influence of user density,base station density and antenna gain on rate coverage was analyzed by simulation.The experimental results show that the multi-operator dual frequency hybrid spectrum access scheme has better spectrum utilization efficiency.

    Verifiable special threshold secret sharing scheme based on eigenvalue
    Yanshuo ZHANG,Wenjing LI,Lei CHEN,Wei BI,Tao YANG
    2018, 39(8):  169-175.  doi:10.11959/j.issn.1000-436x.2018143
    Asbtract ( 315 )   HTML ( 10)   PDF (680KB) ( 771 )   Knowledge map   
    References | Related Articles | Metrics

    Utilizing the characteristic that the characteristic equation of the n-th order matrix have multiple roots,the secret distributor distributes two different sub-keys to each participant,and these two sub-keys satisfy two conditions:linear independent and equality of the corresponding characteristic values.In the process of sub-key distribution and master key recovery,the black box can judge the authenticity of the participants’ activities through the characteristics of the sub-keys.If the two sub-keys have satisfied two conditions of linear independence and equal feature values,it can be determined that the participant’s activity is honest,otherwise,it can be determined that there exists fraudulent activity.The analysis results show that the scheme is correct,secure,and the information rate is 12.

    Performance analysis of topic detection algorithms in distributed environment
    Lu DENG,Yan JIA,Binxing FANG,Bin ZHOU,Tao ZHANG,Xin LIU
    2018, 39(8):  176-184.  doi:10.11959/j.issn.1000-436x.2018136
    Asbtract ( 370 )   HTML ( 4)   PDF (849KB) ( 816 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Social network has become a way of life,therefore more and more people choose social network to express their views and feelings.Quickly find what people are talking about in big data gets more and more attention.And a lot of related methods of topic detection spring up in this situation.The performance analysis project was proposed based on the characteristics of social network.According to the project,the performances of some typical topic detection algorithms were tested and compared in large-scale data of Sina Weibo.What’s more,the advantages and disadvantages of these algorithms were pointed out so as to provide references for later applications.?

    Proof of work algorithm based on credit model
    Zuan WANG,Youliang TIAN,Qiuxian LI,Xinhuan YANG
    2018, 39(8):  185-198.  doi:10.11959/j.issn.1000-436x.2018138
    Asbtract ( 535 )   HTML ( 21)   PDF (588KB) ( 759 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    A consensus protocol based on the credit model was proposed.Firstly,the consensus agreement drew on the idea of personal credit risk assessment and a node credit model based on BP neural network was designed.Secondly,a piecewise rotation model was also constructed to segment the search space according to the node’s credit level to generate new blocks.At the same time,the possible attack of the protocol was analyzed and the vulnerability of this protocol was fixed.Finally,the simulation experiments show that the protocol not only effectively reduces the huge resource consumption in the process of new block generation,but also suppresses the generation of the large mine pool,making the whole blockchain system more secure and reliable.

Copyright Information
Authorized by: China Association for Science and Technology
Sponsored by: China Institute of Communications
Editor-in-Chief: Zhang Ping
Associate Editor-in-Chief:
Zhang Yanchuan, Ma Jianfeng, Yang Zhen, Shen Lianfeng, Tao Xiaofeng, Liu Hualu
Editorial Director: Wu Nada, Zhao Li
Address: F2, Beiyang Chenguang Building, Shunbatiao No.1 Courtyard, Fengtai District, Beijing, China
Post: 100079
Tel: 010-53933889、53878169、
53859522、010-53878236
Email: xuebao@ptpress.com.cn
Email: txxb@bjxintong.com.cn
ISSN 1000-436X
CN 11-2102/TN
Visited
Total visitors:
Visitors of today:
Now online: