Table of Content

20 April 2024, Volume 10 Issue 4

Previous Issue   

Constructing a Secure and Innovative Framework for Digital Financial  Infrastructure Security Based on a Multidimensional Security Perspective

2024, 10(4):  290. 

Asbtract ( )   PDF (865KB) ( )  

Related Articles | Metrics

Research on Source Code Vulnerability Detection Based on BERT Model

2024, 10(4):  294. 

Asbtract ( )   PDF (3199KB) ( )  

References | Related Articles | Metrics

Techniques such as code metrics, machine learning, and deep learning are commonly employed in source code vulnerability detection. However, these techniques have problems, such as their inability to retain the syntactic and semantic information of the source code and the requirement of extensive expert knowledge to define vulnerability features. To cope with the problems of existing techniques, this paper proposed a source code vulnerability detection model based on BERT(bidirectional encoder representations from transformers) model. The model splits the source code to be detected into multiple small samples, converted each small sample into the form of approximate natural language, realized the automatic extraction of vulnerability features in the source code through the BERT model, and then trained a vulnerability classifier with good performance to realize the detection of multiple types of vulnerabilities in Python language. The model achieved an average detection accuracy of 99.2%, precision of 97.2%, recall of 96.2%, and an F1 score of 96.7% across various vulnerability types. This represents a performance improvement of 2% to 14% over existing vulnerability detection methods. The experimental results showed that the model was a general, lightweight and scalable vulnerability detection method.

 A Survey of Forensic Network Attack Source Traceback

2024, 10(4):  302. 

Asbtract ( )   PDF (1134KB) ( )  

References | Related Articles | Metrics

The concealment and anonymity of cyber attackers pose significant challenges to the field of network attack traceback. This study provides a comprehensive overview of the current state of research on network attack traceback analysis techniques, focusing on three aspects: traffic, scenarios, and samples. Firstly, with respect to traffic traceback, the paper outlines methods and applications based on log records, packet marking, ICMP tracing, and link testing. Secondly, it categorizes traceback techniques for different scenarios, encompassinganonymous networks, zombie networks, springboards, local area networks, and advanced persistent threat attacks, as well as their applications and limitations in realworld environments. Finally, concerning sample analysis, the paper discusses the progress and application scenarios of static and dynamic traceback analysis in the context of malicious code analysis and attack tracing.

A Formal Modeling and Verification Method for Bitcoin Payment Protocol

2024, 10(4):  311. 

Asbtract ( )   PDF (952KB) ( )  

References | Related Articles | Metrics

As a mainstream digital Cryptocurrency, the security of Bitcoin had received widespread attention, with significant research conducted around it. However, there is currently a lack of analysis on the Bitcoin payment process, along with a deficiency in  relevant security standards and detailed modeling analysis, making it challenging to ensure the security of relevant protocols. Addressing this issue, this study began with the concept of consensus and established a symbolic model of the Bitcoin payment protocol based on the Bitcoin community specification and Bitcoin’s digital currency attributes. Corresponding adversary models and security attributes were proposed. Finally the relevant models underwent formal validation using the automatic verification tool Tamarin, completing the verification process of the Bitcoin payment protocol. Consequently, a security vulnerability in the Bitcoin payment protocol was discovered. The potential impact of this vulnerability were discussed.

Research on the Latticebased Access Control Encryption Technology

2024, 10(4):  318. 

Asbtract ( )   PDF (820KB) ( )  

References | Related Articles | Metrics

Access Control Encryption is a novel publickey encryption concept. It can not only protect the confidentiality of data, but also realize the control of information direction. The early scheme based on the DDH (decisional DiffieHellman) assumption suffers from the ciphertext leakage attack and only satisfies the chosen plaintext attack (CPA) security. For such problems, cryptologists proposed a security definition of the chosen ciphertext attack (CCA) and constructed a CCA security scheme based on NaorYung construction strategy. However, cryptologists have not fixed the security flaw of the DDH scheme, and their CCA scheme has shortcomings such as the low efficiency, complex construction and limited communication strategy. In this paper, the DDH scheme is designed generically, and the flaw of the DDH scheme subjected to the ciphertext leakage attack is remedied in an efficient way. Furthermore, a CCA secure access control encryption scheme is constructed, which is efficient, simple in design and based on the standard difficulty assumption. Finally, based on the lattice difficulty assumption and the decisional bilinear DiffieHellman (DBDH) assumption respectively, two kinds of CCA security schemes are instantiated.

Research Progress and Challenge of Industrial Control Systems  Honeypot Based on Simulation

2024, 10(4):  325. 

Asbtract ( )   PDF (1376KB) ( )  

References | Related Articles | Metrics

With the rapid development of the industrial Internet, attacks against industrial control systems have emerged one after another, causing serious consequences such as industrial infrastructure paralysis, production interruptions, economic losses, and personal injury. Honeypot for industrial control system is one kind of deceptive tools which can lure attackers and masquerade as genuine systems to provide access privileges, thus deceiving attackers into conducting subsequent attacks and safeguarding the actual industrial control systems. This paper conducts an indepth analysis of the current research status of industrial honeypots, providing definitions and characteristics of industrial honeypots. It particularly focuses on various types of simulationbased industrial honeypots, including protocolbased simulation honeypots, structurebased simulation honeypots, simulationtoolbased honeypots, vulnerabilitybased simulation honeypots, and hybrid simulation honeypots, comprehensively analyzing the research progress in simulationbased industrial honeypots. Finally, the challenges and future development directions in the simulation and emulation progress of industrial honeypots are discussed and analyzed.

Analysis of Security Blind Area of Large LAN#br#

#br#

2024, 10(4):  335. 

Asbtract ( )   PDF (784KB) ( )  

References | Related Articles | Metrics

This paper proposes the concepts of network blind area, asset blind area and security blind area  as they pretain to the security of large local area networks (LAN).  It analyzes the reasons behind the emergence of these three blind area, describes their forms, and points out their impacts on the security of large LAN. This paper proposes a new perspective for solving the security issues associated with large LAN.

Survey of 5G Network Security Vulnerability Discovery and Classification Solutions

2024, 10(4):  340. 

Asbtract ( )   PDF (1569KB) ( )  

References | Related Articles | Metrics

Discovering and solving 5G network security threats is an important means to ensure the stable operation of 5G network and user data security. By summarizing the new features of 5G network, this paper analyzes the security challenges faced by 5G network, systematically discusses the methods of discovering 5G security threats, classifies 5G security threats from the perspective of functional architecture, outlines the solutions and disposal measures of security threats, and looks forward to the impact of related technologies on the discovery and resolution of future 5G security threats. This paper aims to provide a reference framework for researchers and practitioners to discover and resolve 5G security threats.

Multi-party Shuffling Protocol Based on Elastic Secret Sharing

2024, 10(4):  347. 

Asbtract ( )   PDF (846KB) ( )  

References | Related Articles | Metrics

In order to promote data privacy protection, this paper proposes a multiparty shuffling protocol based on elastic secret sharing, which mainly adopts the intersection computing technology of elastic secret sharing, shuffling protocol and privacy set. In this paper, we firstly give a brief introduction to the multiparty shuffling protocol based on elastic secret sharing and its related technologies, then construct the model and framework. and propose the design scheme of multiparty shuffling protocol based on elastic secret sharing. Meanwhile, this paper analyses the correctness, security, performance and prospect of the protocol in details. Through the proofs of relevant theorems and comparative analysis with some schemes, this protocol has higher efficiency and better security.

Research on Data Reuse Model of Classified Protection of Cybersecurity Based on Data Mining

2024, 10(4):  353. 

Asbtract ( )   PDF (1459KB) ( )  

References | Related Articles | Metrics

Addressing the underutilization of the evaluation data in classified cybersecurity protection, this paper presents a model for reusing the evaluation data of classified protection of cybersecurity, comprising three dimensions: data classification, data reuse process and typical application scenarios. Firstly,  the data is classified according to the application scenarios, and basic data is statistically analyzed to draw conclusions from various perspectives. Secondly, utilizing the basic evaluation data and initial analysis conclusions as input, a data reuse model based on data mining is constructed to meet the diverse needs of different stakeholders. This model provides functions such as correlation analysis, classification analysis and cluster analysis, enabling a deeper exploration of the information behind the data. This approach facilitates the safe and effective utilization of data by relevant stakeholders, leveraging data as a strong support to play a more positive role in building a network security system.

Research on Banking DAO Digital Security Operation System

2024, 10(4):  360. 

Asbtract ( )   PDF (2767KB) ( )  

References | Related Articles | Metrics

In the current era of explosive growth of network threats, with the digital reshaping of business models and sustained growth of business, the banking industry is facing problems such as redundant security equipment, heavy security operation tasks, and insufficient practical combat capabilities caused by the continuous expansion of network security defense lines. This paper analyzes the challenges faced by financial institutions in the banking industry in security operations, banking DAO(defence, ability and operation) digital security operation system integrating peace and war integration security operation mechanism has been proposed, with a focus on studying the threelevel architecture of deepening the protection foundation, atomization capability center, and digital operation center, as well as the implementation path of peace and war integration mechanism for normalized, highstrength, and uninterrupted protection targets.

Research on the Evaluation of Emergency Response to Cybersecurity Events in the Securities Industry

2024, 10(4):  368. 

Asbtract ( )   PDF (1189KB) ( )  

References | Related Articles | Metrics

The emergency response to cyber security events, spanning multiple departments, covering various levels and scopes, has become a crucial link in routine security operations, serving as a key pillar for ensuring the stable and secure operation of the securities industry. Addressing the issue of inconsistent and overly subjective  traditional emergency response capability evaluation indicators in the securities industry, this paper proposes a cyber security incident emergency response process. This process includes detection response, loss prevention and blockage, source analysis, recovery, and reinforcement. The proposed evaluation model covers three tiers, encompassing  tools utilization, log coverage, personnel skills, task distribution, notification handling, and publicity education. The fuzzy hierarchical analysis method is employed to determine the weight of each level indicator, while the expert judgment method is used  to establish the evaluation indicator set. The fuzzy grey comprehensive evaluation method is introduced to assess the capability of emergency response to cyber security incidents in the securities industry. Through case validation and data analysis summary, the paper achieves quantitative demonstration of the evaluation indicators.

Theoretical and Legislative Research on State Ownership of Public Data

2024, 10(4):  377. 

Asbtract ( )   PDF (913KB) ( )  

References | Related Articles | Metrics

Public data, referring to various data collected or generated by the state and its representative organizations in the process of fulfilling public management duties and providing public services in accordance with the law, has clear ownership as the basis for its regulation. Analogous to natural resources, public data shares similarities in terms of relevance to public interests, high utilitarian value, and risks associated with improper use, suggesting the applicability of state ownership under the framework of the constitution. In practice, state ownership proves to be a relatively sound solution and can effectively promote the benign development of public data under multiple factors. Regarding legislation, there have been certain local practices, but the future direction should entail centralized legislation by the central government, focusing on refining the structural allocation of data property rights under the premise of state ownership. Additionally, it is feasible to establish a system that includes hierarchical classification and secure protection of public data, a foundational system for rights confirmation, and a utilization system emphasizing sharing, openness, and authorized operation. Research on state ownership of public data elucidates the legal framework for establishing ownership rights, offering a potential approach and proposing specific and feasible institutional ideas based on this foundation.

Research on Procuratorial Civil Public Interest Litigation System in the Field of Personal Information Protection

2024, 10(4):  383. 

Asbtract ( )   PDF (4405KB) ( )  

References | Related Articles | Metrics

In the era of big data, there are frequent incidents of stakeholder infringement on personal information rights and interests, and civil private interest litigation cannot solve the problem of largescale infringement. Procuratorial civil public interest litigation system has become a new way to protect personal information. At present, although personal information protection procuratorial civil public interest litigation has made some achievements, the relevant system and norms in this field are too principled. Moreover, there are no clear provisions on the application conditions and legal liability, which is difficult to guide judicial practice.There are difficulties such as difficult to define the damage requirements,and inflexible investigation and collection of evidence. It is necessary to strengthen the investigation and verification power of procuratorial organs, clarify the damage compensation liability of the infringer, establish a personal information protection cooperation mechanism with relevant administrative organs, and explore punitive compensation for public interest litigation of procuratorial organs in the field of personal information protection, aiming to prevent related crimes with deterrent function.