Please wait a minute...

����Ŀ¼

    15 August 2021, Volume 7 Issue 4
    Previous Issue    Next Issue
    Comprehensive Review
    Survey of code-based digital signatures
    Yongcheng SONG, Xinyi HUANG, Wei WU, Haixia CHEN
    2021, 7(4):  1-17.  doi:10.11959/j.issn.2096-109x.2021079
    Asbtract ( 446 )   HTML ( 100)   PDF (1313KB) ( 454 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    The rapid development of quantum computing theory and practice brings great uncertainty to the security of cryptography based on hard problems in number theory.Code-based hard problem is recognized as NP-complete problem, the complexity increases exponentially, and there is currently no threat of quantum computing to code-based cryptographic algorithm.Therefore, code-based algorithm can resist the quantum algorithm attack, which is one of the main directions of quantum-resistant cryptography.It is still an open problem to design secure and efficient code-based signatures.For many years, international researchers use classical and new methods to construct code-based signatures, but existing constructions are weak in security or poor in performance.Code-based signatures were comprehensively summarized and analyzed, and future research directions were indicated.

    TopicⅠ: Network Security: Attack and Defense
    Container intrusion detection method based on host system call frequency
    Yimu JI, Weidong YANG, Kui LI, Shangdong LIU, Qiang LIU, Sisi SHAO, Shuai YOU, Naijiao HUANG
    2021, 7(4):  18-29.  doi:10.11959/j.issn.2096-109x.2021073
    Asbtract ( 408 )   HTML ( 69)   PDF (1577KB) ( 250 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Container technology has become a widely used virtualization technology in cloud platform due to its lightweight virtualization characteristics.However, it shares the kernel with the host, so it has poor security and isolation, and is vulnerable to flood, denial of service, and escape attacks.In order to effectively detect whether the container is attacked or not, an intrusion detection method based on host system call frequency was proposed.This method took advantage of the different frequency of system call between different attack behaviors, collected the system call generated when the container was running, extracted the system call features by combining the sliding window and TF-IDF algorithm, and classified by comparing the feature similarity.The experimental results show that the detection rate of this method can reach 97%, and the false alarm rate is less than 4%.

    High resistance botnet based on smart contract
    Hao ZHAO, Hui SHU, Fei KANG, Ying XING
    2021, 7(4):  30-41.  doi:10.11959/j.issn.2096-109x.2021070
    Asbtract ( 313 )   HTML ( 64)   PDF (1015KB) ( 273 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    The development and application of blockchain technology makes it possible to build a more robust and flexible botnet command and control channel.In order to better study this type of potential new botnet threats, a highly confrontational botnet model based on blockchain smart contracts-SCBot was proposed.The SCBot model adopts a hierarchical hybrid topology structure, builds a command transmission channel based on smart contracts at the zombie subnet layer, and establishes a credibility evaluation mechanism to determine the authenticity of nodes, and enhances the confrontation of the network from the two major levels of traffic and terminals.The construction of small botnet clusters were simulated, comparative experiments on SCBot's command transmission efficiency and robustness were conducted, and its feasibility in the real environment from the perspective of economic costs was analyzed.Finally, a brief analysis and discussion of the defense strategy of this type of botnet were given.

    Research on deception defense techniques based on network characteristics obfuscation
    Jinlong ZHAO, Guomin ZHANG, Changyou XING
    2021, 7(4):  42-52.  doi:10.11959/j.issn.2096-109x.2021045
    Asbtract ( 462 )   HTML ( 72)   PDF (2238KB) ( 595 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    There is usually a reconnaissance stage before a network attack, the attacker obtains the key information of the target system through techniques such as traffic analysis and active scanning, to formulate a targeted network attack.Deception defense techniques based on network characteristics obfuscation is an effective strategy to confront network reconnaissance, which makes the attacker launch an ineffective attack by thwarting the attacker's reconnaissance stage.The technical principle of the existing obfuscation defense solutions was analyzed, the formal definition of network obfuscation was given, the existing research works were discussed from three aspects, and finally the development trend of the obfuscation deception defense technique were analyzed.

    Using side-channel and quantization vulnerability to recover DNN weights
    Jinghai LI, Ming TANG, Chengxuan HUANG
    2021, 7(4):  53-67.  doi:10.11959/j.issn.2096-109x.2021038
    Asbtract ( 273 )   HTML ( 28)   PDF (2522KB) ( 210 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Model extraction attack focuses on reverse engineering architecture and weights of DNN model deployed in edge.Model extraction attack is a basic security problem in AI security, it underlies advanced attacks as data provider, such as adversarial sample and data poisoning.A novel method named Cluster-based SCA was proposed,this method did not need leakage model.Cluster-based SCA was based on vulnerability of quantized inference.There exist a phenomenon in multiplication operation in quantized inference, which the output of different weights were not equivalent in respect of classification.It can be used to distinguish different weights.The proposed method computed output activations of each DNN layer with guessing weight.Then acquired side channel signal were classified into different class, the taxonomy was corresponding output activations' value.Average dispersion of all classes σ ¯ was used to decide whether guess was right.The effectiveness of Cluster-based SCA method was verified by simulation experiment and HW model was used as target leakage model.For all weights from first convolution layer of target CNN model, TOP2 recovery rate was 52.66%.And for large weights in significant interval,TOP2 recover rate was 100%.

    Survey of generative adversarial network
    Zhenglong WANG, Baowen ZHANG
    2021, 7(4):  68-85.  doi:10.11959/j.issn.2096-109x.2021080
    Asbtract ( 1220 )   HTML ( 228)   PDF (5736KB) ( 826 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Firstly, the basic theory, application scenarios and current state of research of GAN (generative adversarial network) were introduced, and the problems need to be improved were listed.Then, recent research, improvement mechanism and model features in 2 categories and 7 subcategories revolved around 3 points (improving model training efficiency, improving the quality of generated samples, and reducing the possibility of model collapse) were generalized and summarized.Finally, 3 future research directions were discussed.

    Survey of intention recognition for opponent modeling
    Wei GAO, Junren LUO, Weilin YUAN, Wanpeng ZHANG
    2021, 7(4):  86-100.  doi:10.11959/j.issn.2096-109x.2021052
    Asbtract ( 379 )   HTML ( 29)   PDF (1139KB) ( 676 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Several different methods of opponent modeling were introduced, leading to the problem of intention recognition in behavior modeling.Then, the process, classification, main methods, research prospects and practical applications of intention recognition were analyzed inductively, the latest research in related fields were summarized.Finally, some shortcomings of the current intention recognition and design methods were pointed out and some new insights for the future research were presented.

    TopicⅡ: Technology and Application of Cryptology
    Study on privacy preserving encrypted traffic detection
    Xinyu ZHANG, Bingsheng ZHANG, Quanrun MENG, Kui REN
    2021, 7(4):  101-113.  doi:10.11959/j.issn.2096-109x.2021057
    Asbtract ( 638 )   HTML ( 94)   PDF (1137KB) ( 533 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Existing encrypted traffic detection technologies lack privacy protection for data and models, which will violate the privacy preserving regulations and increase the security risk of privacy leakage.A privacy-preserving encrypted traffic detection system was proposed.It promoted the privacy of the encrypted traffic detection model by combining the gradient boosting decision tree (GBDT) algorithm with differential privacy.The privacy-protected encrypted traffic detection system was designed and implemented.The performance and the efficiency of proposed system using the CICIDS2017 dataset were evaluated, which contained the malicious traffic of the DDoS attack and the port scan.The results show that when the privacy budget value is set to 1, the system accuracy rates are 91.7% and 92.4% respectively.The training and the prediction of our model is efficient.The training time of proposed model is 5.16 s and 5.59 s, that is only 2-3 times of GBDT algorithm.The prediction time is close to the GBDT algorithm.

    Survey of side channel attack on encrypted network traffic
    Ding LI, Yuefei ZHU, Bin LU, Wei LIN
    2021, 7(4):  114-130.  doi:10.11959/j.issn.2096-109x.2021050
    Asbtract ( 494 )   HTML ( 60)   PDF (1114KB) ( 679 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    By analyzing and extracting information such as packet size and timing leaked during Web application communication, side channel attack on encrypted network traffic is able to recognize users' identity and behavior and even restore the original data entered by users.A model of side channel attack on encrypted network traffic according to information theory was developed.Based on the unified model, the methods and results of representative attacks such as fingerprinting attacks, keystroke attacks and speech attacks were analyzed in detail.Furthermore, defense methods of hiding packet size and timing information were discussed.At last, possible research directions were prospected with the frontiers of technology development.

    Differential-linear cryptanalysis of PRINCE cipher
    Zhengbin LIU
    2021, 7(4):  131-140.  doi:10.11959/j.issn.2096-109x.2021072
    Asbtract ( 503 )   HTML ( 51)   PDF (1368KB) ( 549 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    PRINCE is a low-latency lightweight block cipher, which is widely used in a lot of resource constrained devices.It is based on the FX construction and the core component is PRINCEcore.Differential-linear cryptanalysis is a classical cryptographic technique, which combines differential cryptanalysis and linear cryptanalysis together.Short differential characteristics and linear characteristics with high-probability were concatenated to break the cipher.Differential-linear cryptanalysis were applied to attack PRINCEcore.Using 2-round differential-linear distinguisher, 4-round PRINCEcorecan be broken with 26chosen plaintext and 214.58encryption.For 6-round and 7-round PRINCEcore, the data complexity is 212.84and 229.02respectively, and the time complexity is 225.58and 241.53.

    Secure key-sharing algorithm based on smart grid
    Wei GU, Jian SHEN, Yongjun REN
    2021, 7(4):  141-146.  doi:10.11959/j.issn.2096-109x.2021081
    Asbtract ( 166 )   HTML ( 20)   PDF (2028KB) ( 316 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Most of establishment-key protocols suffer from both session-specific temporary information attack and private key leakage issue.Therefore, a novel public key sharing-based symmetric encryption algorithm (PKS-SE) was proposed, in order to maintain the security of communication between smart meter and service providers.Based on bilinear mapping and super-singular curve, PKS-SE algorithm constructed the communication key between intelligent electricity meter and service provider, in order to avoid the key escrow problem.At the same time, PKS-SE algorithm reduced the number of required messages during the mutual authentication to only two messages, thus controlling the communication cost and operation cost of PKS-SE algorithm.Simulation results show that the proposed PKS-SE algorithm can effectively realize public key-sharing

    Partial blind signature scheme based on SM9 algorithm
    Yao LYU, Jinpeng HOU, Chong NIE, Mang SU, Bin WANG, Hongling JIANG
    2021, 7(4):  147-153.  doi:10.11959/j.issn.2096-109x.2021037
    Asbtract ( 327 )   HTML ( 32)   PDF (811KB) ( 361 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Ordinary digital signatures have many deficiencies in effectively protecting users' privacy, and signature repudiation and tracking occur from time to time.In order to solve the above problems, a partial blind signature scheme based on the SM9 algorithm was proposed.Partially means that the signature message contains the user's message and other related information, so it can effectively resist signature repudiation and tracking, and introduce a trusted third party to prevent malicious users from tampering with information.Through experimental results and theoretical analysis, the security and efficiency of the proposed algorithm are proved.

    Papers
    Auto forensic detecting algorithms of malicious code fragment based on TensorFlow
    Binglong LI, Jinlong TONG, Yu ZHANG, Yifeng SUN, Qingxian WANG, Chaowen CHANG
    2021, 7(4):  154-163.  doi:10.11959/j.issn.2096-109x.2021048
    Asbtract ( 341 )   HTML ( 58)   PDF (3836KB) ( 295 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    In order to auto detect the underlying malicious code fragments in complex,heterogeneous and massive evidence data about digital forensic investigation, a framework for malicious code fragment detecting algorithm based on TensorFlow was proposed by analyzing TensorFlow model and its characteristics.Back-propagation training algorithm was designed through the training progress of deep learning.The underlying binary feature pre-processing algorithm of malicious code fragment was discussed and proposed to address the problem about different devices and heterogeneous evidence sources from storage media and such as AFF forensic containers.An algorithm which used to generate data set about code fragments was designed and implemented.The experimental results show that the comprehensive evaluation index F1of the method can reach 0.922, and compared with CloudStrike, Comodo, FireEye antivirus engines, the algorithm has obvious advantage in dealing with the underlying code fragment data from heterogeneous storage media.

    Research on the trusted environment of container cloud based on the TPCM
    Guojie LIU, Jianbiao ZHANG, Ping YANG, Zheng LI
    2021, 7(4):  164-174.  doi:10.11959/j.issn.2096-109x.2021068
    Asbtract ( 446 )   HTML ( 61)   PDF (1645KB) ( 387 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Container technology is a lightweight operating system virtualization technology that is widely used in cloud computing environments and is a research hotspot in the field of cloud computing.The security of container technology has attracted much attention.A method for constructing a trusted environment of container cloud using active immune trusted computing was proposed, and its security meet the requirements of network security level protection standards.First, container cloud servers were measured through the TPCM and a trust chain from the TPCM to the container's operating environment was established.Then, by adding the trusted measurement agent of the container to the TSB, the trusted measurement and trusted remote attestation of the running process of the container were realized.Finally, an experimental prototype based on Docker and Kubernetes and conduct experiments were built.The experimental results show that the proposed method can ensure the credibility of the boot process of the cloud server and the running process of the container and meet the requirements of the network security level protection standard evaluation.

    Permission clustering-based attribute value optimization
    Wenchao WU, Zhiyu REN, Xuehui DU
    2021, 7(4):  175-182.  doi:10.11959/j.issn.2096-109x.2021077
    Asbtract ( 170 )   HTML ( 14)   PDF (806KB) ( 143 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    In new large-scale computing environment, the attributes of entities were massive and they had complex sources and uneven quality, which were great obstacles to the application of ABAC (attribute-based access control).The attributes were also hard to be corrected manually, making it difficult to be applied in access control system straightly.To solve the optimization problem of nominal attributes, a novel algorithm of attribute value optimization based on permission clustering was designed, in which entities were presented by the privilege set related to them.So that the entities were tagged by density-based clustering method with distances of their privilege set presentations.Then the attribute values were reduced and corrected based on rough set theory.Finally, the algorithm was verified on UCI data sets, which proved that after applying it, ABAC policy mining was improved in the evaluation criteria, such as the true positive rate and F1-score.

    Education and Teaching
    Exploration and practice of PRIDE teaching mode oriented to cybersecurity talent cultivation
    Jianwei LIU, Dawei LI, Ying GAO, Yu SUN, Hua GUO
    2021, 7(4):  183-189.  doi:10.11959/j.issn.2096-109x.2021078
    Asbtract ( 287 )   HTML ( 41)   PDF (725KB) ( 472 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    In the long-term practice of cybersecurity talent cultivation, the teaching team of School of Cyber Science and Technology of Beihang University, aiming at the knowledge goal, ability goal and quality goal of talent cultivation of cybersecurity discipline and related majors, puts forward the innovative teaching idea of “fine teaching, strong practice, excellent assessment, abundant resources” according to the knowledge characteristics, thinking characteristics and psychological characteristics of students.The teaching team integrates political teaching,research teaching, inspiration teaching, seminar teaching and example teaching methods, puts forward the PRIDE teaching mode,which has been widely applied in the teaching of core professional courses such as “Information Network Security” and “Modern Cryptography”, and has got remarkable teaching achievement.Through the practice of PRIDE teaching mode, a high-level teaching team with high political quality and strong teaching ability has been also built.

Copyright Information
Bimonthly, started in 2015
Authorized by:Ministry of Industry and Information Technology of the People's Republic of China
Sponsored by:Posts and Telecommunications Press
Co-sponsored by:Xidian University, Beihang University, Huazhong University of Science and Technology, Zhejiang University
Edited by:Editorial Board of Chinese Journal of Network and Information Security
Editor-in-Chief:FANG Bin-xing
Executive Editor-in-Chief:LI Feng-hua
Director:Xing Jianchun
Address:F2, Beiyang Chenguang Building, Shunbatiao No.1 Courtyard, Fengtai District, Beijing, China
Tel:010-53879136/53879138/53879139
Fax:+86-81055464
ISSN 2096-109X
CN 10-1366/TP
Links
More...
visited
Total visitors:
Visitors of today:
Now online:
Copyright of website: Editorial Office of Chinese Journal of Network and Information Security