Most Read articles

    Published in last 1 year |  In last 2 years |  In last 3 years |  All

    Please wait a minute...
    For Selected: Toggle Thumbnails
    An Overview of Application and Technology of Artificial Intelligence in Cybersecurity
    Journal of Information Security Reserach    2022, 8 (2): 110-.  
    Abstract360)      PDF (1142KB)(266)       Save
    Compared with the developed countries, the basic research and technology application in the field of artificial intelligence in China started later, especially the application of artificial intelligence in the important field of network security. Domestic and abroad disparity is still very obvious, which seriously affects the improvement of China's cybersecurity capability. This paper elaborates the relationship between artificial intelligence, network attack and network defense, and widely investigates the application status of artificial intelligence in major information security companies at home and abroad. It points out that APT detection, 0day vulnerability mining and cloud security are three core areas that affect the level of cybersecurity capability, This paper deeply analyzes the key technologies of artificial intelligence technology applied in these three fields, and puts forward the safety risks of artificial intelligence technology, and points out that artificial intelligence technology is not a panacea for all diseases, This Paper provides a scientific reference for the further research and application of artificial intelligence technology in China's information security industry.
    Reference | Related Articles | Metrics
    Data Security Governance Technology and Practice in Big Data Applications
    Journal of Information Security Reserach    2022, 8 (4): 326-.  
    Abstract243)      PDF (2139KB)(355)       Save
    The wide application of big data technology makes data burst into unprecedented value and vitality. However, due to the large amount of data, multiple data sources, and complex data access relationships, data security lacks refined and standardized management, and the importance of data security governance becomes increasingly prominent. By analyzing data security problems in existing big data applications and common pitfalls in data security governance, this paper puts forward the ideas, principles and methods of data security governance, and with classification and grading as the entry point, presents the technical architecture of data security governance. Finally, taking the big data platform as an example, presents the application practice of data security governance technology.
    Reference | Related Articles | Metrics
    Automated Vulnerability Mining and Attack Detection
    Journal of Information Security Reserach    2022, 8 (7): 630-.  
    Abstract243)      PDF (434KB)(209)       Save
    Related Articles | Metrics
    A Survey of Deep Face Forgery Detection
    Journal of Information Security Reserach    2022, 8 (3): 241-.  
    Abstract240)      PDF (2995KB)(218)       Save
    Video media has developed rapidly with the popularity of the mobile Internet in recent years. At the same time, face forgery technology has also made great progress with the development of computer vision. Face forgery technology can be adopted to make interesting short video applications, but due to characteristics such as high fidelity, easy and quick generation, its malicious use poses a great threat to social stability and information security. Therefore, how to detect fake videos of faces in the Internet has become an urgent problem to be solved. With the efforts of scholars in the world, forgery detection has also made great breakthroughs in recent years. Therefore, this review aims to summarize the existing forgery detection methods in detail. In particular, we first introduce the forgery detection data set, and then summarizes the existing methods from the aspects of forgery video trace, neural network architecture, temporal information of videos, face identity information, and generalization of detection algorithms. Then we compare and analyze their corresponding detection results. Finally, we summarize the research directions and existing problems of deep forgery detection and discusses the challenges and development trends, providing reference for relevant research. 
    Reference | Related Articles | Metrics
    Research on Memorycorruption Vulnerability Defense Methods  Based on Memory Protection Technology
    Journal of Information Security Reserach    2022, 8 (7): 694-.  
    Abstract233)      PDF (1030KB)(118)       Save
    Since its outbreak of COVID19 in the world, the process of digital transformation has been further accelerated in all sectors around the world. With the increasing value of information assets, information security problems follow. Vulnerability attacks are the root cause of frequent security incidents in recent years. Vulnerability defense ability directly affects the security of the system. How to prevent vulnerability exploitation without patches has become an urgent need. Vulnerability exploitation defense has also become an important research content in the field of attack and defense confrontation of information security. This paper studies the binary memorycorruption vulnerability defense methods and puts forward a new method to deal with the increasing vulnerability attacks.Key words memory protection technology; memorycorruption vulnerability; network security; behavior monitoring; vulnerability defense; endpoint security
    Related Articles | Metrics
    Computing Force Network Security Architecture and Data Security Governance Technology
    Journal of Information Security Reserach    2022, 8 (4): 340-.  
    Abstract229)      PDF (2657KB)(191)       Save
    As a new information infrastructure which provides deep integration of computing force and network services, computing force network (CFN) provides important support for national cyber power, digital China and smart society. At present, the planning and construction of CFN has entered a critical period, and the work related to CFN security is gradually advancing, but the systematic security architecture has not been formed. This paper summarizes the relevant research progress of CFN, analyzes the security opportunities and challenges faced by CFN, and proposes a security reference architecture based on sorting out the key security technologies, so as to provide a reference for promoting the construction of CFN security system and deploying CFN security mechanism.Key words computing force network; new information infrastructure; security reference architecture; orchestration security; privacy computation; data security; artificial intelligence
    Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (6): 522-.  
    Abstract219)      PDF (440KB)(147)       Save
    Related Articles | Metrics
    Research on a New Generation Network Security Framework for Network Security Assurance of Major Event
    Journal of Information Security Reserach    2022, 8 (5): 492-.  
    Abstract207)      PDF (5642KB)(423)       Save
    Due to the open network environment,complex information system and widespread social concern, major event faces increasing network security risks. The traditional plugin network security protection is more and more difficult to adapt to the increasingly complex network security situation of major event. Based on the network security assurance work of 2022 Beijing Winter Olympic Games and 2022 Beijing Winter Paralympic Games, this paper systematically sorts out the main characteristics of network security assurance for major event, puts forward a new generation network security framework, and analyzes the structure, characteristics and models of the framework in detail. The “zero accident” in the network security assurance work of Beijing Winter Olympic Games and Beijing Winter Paralympic Games shows that the framework can effectively guide the network security assurance work for major event, and provides a successful model for network security assurance work for major event.
    Related Articles | Metrics
    Data Security and Governance in the Context of Digital Economy
    Journal of Information Security Reserach    2022, 8 (4): 316-.  
    Abstract194)      PDF (452KB)(308)       Save
    Related Articles | Metrics
    Security Risk Analysis and Countermeasures of Government APP Zhang Heng and Lu Kai
    Journal of Information Security Reserach    2022, 8 (1): 71-.  
    Abstract194)      PDF (1688KB)(117)       Save

    With the development of Internet + government service, the traditional government service model has changed. Mobile applications have penetrated into all aspects of government service, bringing efficiency and convenience, but also bringing security risks. This article analyzes the security status of government APPs from the characteristics of government APPs, mobile malicious programs, excessive use of permissions, piracy and counterfeiting,etc.; statistically analyzes the security vulnerabilities of government APPs; and focuses on the analysis of three typical risk scenarios, include sensitive information leakage, content tampering, and third-party related transaction certification. At the end of this article, suggestions for dealing with the security risks of government APP are given from the aspects of security development awareness, security testing specifications, and release channel management. This article has certain reference significance for the healthy development of government mobile applications.

    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (9): 856-.  
    Abstract185)      PDF (391KB)(201)       Save
    Related Articles | Metrics
    Key Points and Practice of Compliance Assessment for Government Data Security
    Journal of Information Security Reserach    2022, 8 (11): 1050-.  
    Abstract183)      PDF (719KB)(175)       Save
    With the development of digital government, the security of government data has become a crucial task. The state attaches great importance to the security risk prevention of government data, and has issued a series of laws, regulations and policy documents, which put forward clear requirements for strengthening the security management of government data. Based on the requirements of government data security compliance, this article proposes the evaluation method and index system of compliance assessment for government data security, which will provide reference for the manager of government data to carry out government data security compliance assessment.
    Reference | Related Articles | Metrics
    Technology and Research Progress of Generative Adversarial Networks
    Journal of Information Security Reserach    2022, 8 (3): 235-.  
    Abstract182)      PDF (866KB)(134)       Save
    In recent years, generative adversarial networks (GANs) researches have increased exponentially. The generative adversarial networks utilize zero-sum game theory to combine two competing neural networks, so that they can produce clearer and much more discrete outputs. In the fields of computer vision, medical treatment, finance, etc., significant progress has been made in the field of image and video processing and generation, data set enhancement, and time sequence prediction. This paper introduces the basic framework, theory and implementation process of generative adversarial networks, and analyzes the mainstream research status in recent years, and lists the problems which need to be improved by reviewing the variants of generative adversarial networks and their application scenarios. In addition, this paper also focuses on how to apply generative adversarial networks to arrange privacy measures and deal with sensitive data, as well as the future development trend of generation countermeasure network technology in related fields.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (8): 734-.  
    Abstract181)      PDF (422KB)(190)       Save
    Related Articles | Metrics
    Journal of Information Security Reserach    2021, 7 (E2): 90-.  
    Abstract177)      PDF (2497KB)(201)       Save
    Related Articles | Metrics
    The Research on Artificial Intelligence Law of European Union in 2021
    Journal of Information Security Reserach    2022, 8 (2): 117-.  
    Abstract174)      PDF (860KB)(59)       Save
    At present, the global digital economy is gradually moving towards a new stage of intelligent economy with artificial intelligence (AI) as the core driving force. With the wide application of AI technology in various industries, it not only injects new momentum into economic and social development, but also brings a series of rules and regulatory problems. In April 2021, the European Union issued the proposal of Artificial Intelligence Law, which proposed the unified AI regulatory rules, aiming to limit the potential risks and adverse effects brought by the development of AI technology from the national legal level, so as to further strengthen the technological application innovation of AI technology on the basis of conforming to European values and basic rights and make Europe become a trusted global AI center. The proposal is the first AI control law of the world. The study of its content and innovations has important reference significance for the formulation of AI and other digital technology governance programs of China.
    Reference | Related Articles | Metrics
    Active Safety Network Architecture and Baseline for Classified Protection of Cybersecurity
    Journal of Information Security Reserach    2022, 8 (1): 28-.  
    Abstract174)      PDF (1137KB)(137)       Save
    This is the sixth article in a series of articles on active safety network architecture. Classified Protection of Cybersecurity 2.0 proposes a "one center, triple protection" in-depth security protection system of security management center, secure communication network, secure area boundary, and secure computing environment, and proposes a new dimension of network security, further highlighting the importance of boundary management and centralized management and control.. The active safety network architecture can support the technical, management and expansion requirements of Classified Protection of Cybersecurity 2.0,, and highlights the realization of innovative technologies in new dimensions such as the safety management center and the boundary of the safe area,  enabling technical support for the implementation. The active security network architecture not only meets the requirements for security protection, but also enables the inherent security capabilities of the network to be actively and dynamically defended, which changes the thinking and mode of network security protection, and can significantly improve the efficiency and effectiveness of network security protection.
    Reference | Related Articles | Metrics
    Research and Prospect of Adversarial Attack in the Field of Natural Laguage Processing
    Journal of Information Security Reserach    2022, 8 (3): 202-.  
    Abstract170)      PDF (1351KB)(218)       Save
    With the continuous development of artificial intelligence, deep learning has been applied to vari-ous fields. However, in recent years, relevant studies have shown that deep learning is suscepti-ble to adversarial attacks, which can deceive deep learning models into making wrong judgments about sample categories. At present, the research of computer vision adversarial attack has grad-ually become mature, but because of the special structure of text data, the research of natural lan-guage processing adversarial attack is still in the development stage. Therefore, by introducing the concept of adversarial attack and its application in the field of computer vision, this paper introduces the current research status of adversarial attack in the field of natural language pro-cessing, and investigates popular adversarial attack schemes according to specific downstream tasks of natural language processing. Finally, prospects for the development of adversarial attack in the field of natural language processing are proposed. This paper has reference value for re-searchers in the field of natural language processing adversarial attack.
    Reference | Related Articles | Metrics
    Exploration and Practice of Classified Protection 2.0 System Construction Under the New Situation
    Journal of Information Security Reserach    2022, 8 (2): 196-.  
    Abstract162)      PDF (695KB)(170)       Save
    Network classified protection system is a basic system for the country to improve the ability and level of information security, maintain national security, social stability and public interests, and ensure and promote the healthy development of information construction in the process of national economy and social informatization. With the emergence of new technologies such as cloud computing and big data, great changes have taken place in the construction of information system. In the construction of network security level protection, the original standard system can no longer meet the needs of level protection under the new situation. This paper focuses on the systematic construction of hierarchical protection 2.0, analyzes the ideas and practice of the construction of network security hierarchical protection 2.0 system, explores the shortcomings and improvements, and makes a systematic analysis, summary and generalization through the methods of comparison, qualitative research, case analysis and expert interview, Extract systematic suggestions for the construction of network security level protection 2.0 system. Finally, it can promote China's information development, accelerate information construction, and improve the practical, comprehensive and systematic emergency response ability of network security, in order to provide theoretical reference for relevant workers.
    Reference | Related Articles | Metrics
    Secure Sharing Scheme of Sensitive Data Based on Blockchain
    Journal of Information Security Reserach    2022, 8 (4): 364-.  
    Abstract159)      PDF (2009KB)(202)       Save
    At present, blockchain technology mainly realized the protection and verification of data subjects in data sharing applications, and for sensitive data, it should also focus on the storage and supervision of user behavior and authorized information. In this regard, this paper proposes a blockchainbased secure sharing scheme for sensitive data: a basic environment for secure sharing and data verification is built through technologies such as consortium blockchain and interplanetary file system. Then the secure sharing of sensitive data, reliable storage of user’s behavior and reasonable supervision of authorized information can be realized by sensitive data storage and sharing algorithms. The system implementation and analysis show that the scheme can share all kinds of sensitive data securely, ensure the security of storage, access and authorization of sensitive data, and meet the needs of sensitive data sharing.
    Related Articles | Metrics
    Model of Data Security Governance Based on Business Scenarios
    Journal of Information Security Reserach    2022, 8 (4): 392-.  
    Abstract157)      PDF (1743KB)(187)       Save
    With the rapid development of the digital economy, all countries around the world regard data assets as important resources that may affect national security, and have taken actions to issue laws and regulations related to data security in order to comprehensively improve data security capabilities. In this context, organizations involved in data processing activities on the one hand need to face constraints related to data security policy requirements; on the other hand, they want to protect the data that may affect the vital interests of the organization. Therefore, in addition to data security compliance work, it is also necessary to implement data securityrelated requirements effectively. Based on the organization’s own business, the realization of business goals as the driving force is the key element of sustainable improvement of data security capability. This paper reviews the typical data security framework and proposes a data security governance model based on business scenarios, which can provide some references for organizations to carry out data security governance work.Key words business scenarios; data security governance model; data flow transformation; data classification and grading; data security operation; data security risks
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (5): 416-.  
    Abstract156)      PDF (497KB)(171)       Save
    Related Articles | Metrics
    Challenges and Countermeasures of Artificial Intelligence Security Governance
    Journal of Information Security Reserach    2022, 8 (4): 318-.  
    Abstract149)      PDF (2934KB)(204)       Save
    AbstractThe development of artificial intelligence has gone through several ups and downs. In recent years, it has once again attracted the great attention of academia and industry. Its technology is being rapidly applied in various fields and has become a new round of strategic technology for countries to realize industrial transformation and upgrading. However, the indepth application of artificial intelligence with machine learning as the core technology has brought about increasingly prominent technical and social risks. This paper summarizes and analyzes the security risks faced by artificial intelligence and its governance status from three aspects: potential security vulnerabilities, excessive abuse, and social ethics. To further deal with the issue of AI security governance, this paper puts forward solutions and suggestions from the perspectives of technology, standards, and laws, aiming to provide an idea for the establishment of AI security governance systems and industrial applications. Meanwhile, this paper also gives a direction for the exploration of AI security technology research.Key wordsartificial intelligence; security governance; machine learning; social ethics; lasws and regulations
    Reference | Related Articles | Metrics
    A Survey on Threats to Federated Learning
    Journal of Information Security Reserach    2022, 8 (3): 223-.  
    Abstract145)      PDF (1579KB)(124)       Save
    At present, federated learning has been considered as an effective solution to solve data island and privacy protection. Its own security and privacy protection issues have attracted widespread attentions from industry and academia. The existing federated learning systems have been proven to have vulnerabilities. These vulnerabilities can be exploited by adversaries, whether within or without the system, to destroy data security.  Firstly, this paper introduces the concept, classification and threat models of federated learning in specific scenarios. Secondly, it introduces the confidentiality, integrity, and availability (CIA) model of federated learning. Then, it carries out a classification study on the attack methods that destroy the federated learning CIA model. Finally, it explores the current challenges and future research directions of federated learning CIA model.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (2): 158-.  
    Abstract142)      PDF (1626KB)(91)       Save
    5G is an important part of critical information infrastructure.5G supply chain is closely related to ICT supply chain. At present, China has started ICT supply chain security standards, but there is still a lack of effective supply chain security standards in the field of critical information infrastructure, especially 5G industry. This paper analyzes the research progress of the existing ICT supply chain, critical information infrastructure security, 5G security and other standards at home and abroad, so as to provide an important reference for formulating the 5G supply chain security standard system in line with China's development.
    Reference | Related Articles | Metrics
    DCR Defense Mechanism of Federated Learning Model for  Data Governance Poison
    Journal of Information Security Reserach    2022, 8 (4): 357-.  
    Abstract137)      PDF (1091KB)(115)       Save
    Federated learning is a new mode of data security governance, which can make available data invisible, but federated learning is facing the threat of model poisoning attack, and its security needs to be improved. To this end, a Dynamic Cacheable Revocable (DCR) model poison defense mechanism based on federated learning is proposed. Based on the lossbased model poisoning defense method, the Dynamic threshold is calculated and used before each iteration. It makes the enemy unable to know the defense mechanism a priori, which increases the difficulty of the enemy’s attack. Moreover, the buffer period is set in the mechanism to reduce the risk of benign nodes being “killed by mistake”. At the same time, the system stores the global model parameters of each round. In case of model poisoning, the global model parameters before the round in buffer period are reloaded to achieve callback. The callable setting can reduce the negative impact of model poisoning attack on the global model, so that the federated learning model can still achieve convergence with good performance after being attacked, and ensure the security and performance of the federated learning model. Finally, in the experimental environment of TFF, the defense effect and model performance of this mechanism are verified.Key words data governance; federated learning; model poisoning; malicious node; dynamic cacheable revocable
    Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (5): 418-.  
    Abstract129)      PDF (2768KB)(114)       Save
    Most consortium blockchains now run in closed and deterministic environments, and their smart contracts cannot have IO operations with the outside world. Some application scenarios (such as crediting blockchain, carbon trading blockchain, supply chain, express tracking, etc.) require a mechanism responsible for data interaction with the outside of consortium blockchains, generally called an oracle machine. The existing oracle techniques in the consortium chain have the following shortcomings: 1) The limited data interaction mode cannot meet the needs of distributed applications; 2) With the increase in the number of distributed oracle nodes, the consensus delay will also increase. 3) The participants of the consortium blockchain usually maintain the oracle nodes in the distributed oracle system, and the behavior in the data consensus process is invisible to the blockchain, which is not conducive to data governance. To address the problems, this paper proposes the following methods: 1) Based on the eventdriven mechanism, four oracle design patterns or interaction patterns are proposed, which support Pull and Push, Inbound and Outbound, four combinations of the oracle data interactions; 2) The threshold signature algorithm is used to reach a consensus on the data, which improves the scalability of the oracle system while ensuring the credibility of the data; 3) A reputation mechanism is introduced for data governance to maintain a local and global reputation for each oracle node, and dynamic update is carried out in the data consensus process. Finally, by designing multichain scenairos in crediting blockchain and carbon trading blockchain, the applications of the four oracle design patterns, scalability, and reliability of the oracle nodes are evaluated and analyzed.
    Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (5): 484-.  
    Abstract128)      PDF (1191KB)(108)       Save
    Smart contract is the program code that can be shared on the blockchain, involving account address, digital assets and other information. In recent years, smart contracts develop rapidly, expanding the blockchain platform from a simple distributed ledger system to a rich decentralized operating system, leading the era of blockchain 2.0. However, smart contracts are facing a serious problem of privacy disclosure, which limits the further development and application of smart contract technology. This paper analyzes four smart contract privacy protection key technologies of zero knowledge proof, secure multiparty computing, homomorphic encryption and trusted execution environment, summarizes the latest research results of current smart contract privacy protection solutions, and prospects the future research direction.
    Related Articles | Metrics
    Data sharing model based on privacy computing
    Journal of Information Security Reserach    2022, 8 (2): 122-.  
    Abstract128)      PDF (2404KB)(185)       Save
    At present, there are still many problems to be solved in government data sharing, such as the mismatch between data demand and supply, the weakness of data security and personal privacy protection, and the difficulty of business collaboration.By analyzing the current operation mechanism of government data sharing, combined with the theory of privacy computing technology, this paper proposes a data sharing model.This model adopts the method of "computable but invisible" to carry out data sharing,  gives the data sharing and system security architecture based on privacy computing.This model includes two main application processes: data statistical analysis and anonymous query.This model has theoretical and application value for better supporting data sharing with high security management requirements.
    Reference | Related Articles | Metrics
    Research and Design of Unified Platform for Vulnerability Management
    Journal of Information Security Reserach    2022, 8 (2): 190-.  
    Abstract124)      PDF (1069KB)(196)       Save
    With the development of the network technology, information security has been paid more and more attention. As one of the most frequently used attacking methods, security vulnerability has also been widely concerned. At present, Most of the organizations or enterprises rely on manual methods to manage vulnerabilities, and do not have unified tracking、 disposition、 display and analysis. These methods are not only inefficient, but also error-prone. A unified platform for vulnerability management was proposed, which allowed the automatic closed loop controlling of the life cycle of vulnerabilities. The platform integrated different vulnerability management capabilities into specific functional modules. General development languages and standards-based service interfaces were developed to allow integration of this platform with other infrastructure platform systems or network security tools. Practices show that, this platform can effectively improve the performance of the vulnerability management, and make vulnerability management to be centralized, streamlined and automated.
    Reference | Related Articles | Metrics
    Design of Risk Assessment Model Based on GB/T 31509—2015
    Journal of Information Security Reserach    2022, 8 (1): 93-.  
    Abstract120)      PDF (1262KB)(81)       Save
    Information technology not only brings convenience to people, but also brings many security risks. The accumulation of security risks forces people to improve their security awareness, so they realize that network security is an indispensable part of social security and an important part of national security. Security risk assessment provides an important prediction basis for the degree of network security, the safety risk assessment standard is a strong theoretical support. However, the implementation of safety risk assessment standards needs to be refined, in order to more objectively implement the information security risk assessment implementation guide GB/T 31509—2015(the "guide" for short), the author studied the theoretical knowledge of information security risk assessment, followed the risk assessment process guidance, and designed the information security risk assessment model on the basis of level protection 2.0. By analyzing and assigning information assets, existential vulnerability and potential threat, the calculation of risk value is closer to reality. Practice has proved that the risk assessment model after analytic hierarchy process can assess the risk more effectively, make the assessed risk value more scientific, and provide a basis for subsequent safety protection measures
    Reference | Related Articles | Metrics
    GAN Based Data Watermarking For Text Generative
    Journal of Information Security Reserach    2022, 8 (1): 2-.  
    Abstract120)      PDF (2880KB)(93)       Save
    Coverless steganography realizes covert writing by establishing mapping relationship between digital watermarking information and image characteristic information, to realize data integrity protection and content traceability tracking of image data transmission in the Internet environment. However, the existing image steganography requires many natural images to be prepared in advance to form the image data set, and the natural image selection bias will lead to incomplete or incorrect information transmission. To solve the above problems, this paper proposes an image watermarking steganography method without carrier based on generating countermeasure network. The method uses the generator of the generated adversarial network to generate the forged image like the original image from random noise, image label and digital watermark information, and the discriminator of the generated adversarial network is responsible for determining the true and false of the input image, and extracting the label and digital watermark information at the same time. After several rounds of confrontation training, the generator finally outputs image data like the original image and containing digital watermark, while the naked eye cannot distinguish the difference between the original image and the generated image. The experimental analysis shows that SCRMQ1 is used for feature extraction, and the error detection rate of integrated classifier is 48.5%. Embedding capacity up to 1 BPP; The accuracy of digital watermark extraction is up to 99.5%.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (9): 863-.  
    Abstract120)      PDF (1580KB)(96)       Save
    Firstly, this paper proposes a generalized concept of privacy preserving computing from the perspective of technology essence with an open concept, that is, privacy preserving computing can be understood as a computing paradigm that correctly realizes the computing goal under the premise of effectively protecting sensitive information. Then, based on five party architecture model of cyberidentity authentication, aiming at the protection level of sensitive information in the two links of identity issuance and identity authentication, a hierarchical method of privacy preserving computing in cyberidentity authentication is proposed. Finally, the privacy preserving computing level analysis of three kinds of mainstream cyberidentity authentication mechanisms of smart key, static password and biometrics is performanced, and targeted improvement schemes are proposed for nonprivacy preserving computing identity authentication mechanisms that do not meet the requirements of privacy preserving computing level.
    Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (2): 165-.  
    Abstract118)      PDF (1275KB)(55)       Save
    In the context of the continuous advancement of artificial intelligence technology, the fraud methods of crimes of telecommunication network fraud are becoming more and more diversified, the fraud technology is more intelligent, and it has the characteristics of cross-platform implementation and black and gray industrialization. The division of labor and cooperation between upstream and downstream criminals in the black and gray industrial chain of the crime of telecommunication network fraud has brought serious harm to citizens’ property security and social harmony and stability. Violating citizens' personal information security is the upstream link of the industry chain of crimes of telecommunication network fraud. Therefore, strengthening the protection of personal information security is the key to the governance of the source of crimes of telecommunication network fraud. In the process of maintaining citizens’ information security and preventing crimes of telecommunication network fraud, as the subject of supervision responsibility, the network service provider should perform their statutory information network security management obligations, otherwise they need to bear corresponding liability of omissions for the harm caused by this.
    Reference | Related Articles | Metrics
    Physical Adversarial Attacks Against Deep Reinforcement Learning Based Navigation
    Journal of Information Security Reserach    2022, 8 (3): 212-.  
    Abstract115)      PDF (3659KB)(122)       Save
    In this paper, the security of deep reinforcement learning (DRL) based laser navigation system is studied, and the concept of adversarial map and a physical attack method based on it is proposed for the first time. The method uses the adversarial example generation algorithm to calculate the noise on the laser sensor and then modifies the original map to realize these noises and get the adversarial map. The adversarial map can induce the agent to deviate from the optimal path in a particular area and finally makes the robot navigation fail. In the physical simulation experiment, this paper compares the navigation results of an agent in multiple original maps and adversarial maps, proves the effectiveness of the countermeasure map attack method, and points out the hidden security dangers of the current application of DRL technology in the navigation system.
    Reference | Related Articles | Metrics
    The Review of Generation and Detection Technology for Deepfakes
    Journal of Information Security Reserach    2022, 8 (3): 258-.  
    Abstract111)      PDF (1583KB)(133)       Save
    In recent years, deepfakes technology can tamper with or generate highly realistic and difficult to distinguish audio and video content, and has been widely used in benign and malicious applications. For the generation and detection of deepfakes, experts and scholars at home and abroad have conducted in-depth research, and put forward the corresponding generation and detection scheme. This paper gives a comprehensive overview and detailed analysis of the existing audio and video deepfakes generation and detection technology based on deep learning , data set and future research direction, which will help relevant personnel to understand deepfakes and research on malicious deepfakes prevention and detection.
    Reference | Related Articles | Metrics
    Security Analysis and Research on Smart Home Gateway
    Journal of Information Security Reserach    2022, 8 (2): 178-.  
    Abstract108)      PDF (985KB)(66)       Save
    With the development of mobile Internet, big data, cloud computing and other technologies, the continuous emergence of home intelligent devices, and the formulation of the national dual gigabit network coordinated development action plan, the development of smart home is beginning to enter the fast lane. The smart home gateway is the heart of home intelligence, which can realize the functions of information collection, information input, information output, centralized control, remote control, and linkage control of the terminal equipments in the home. Smart home gateway security escorts the future smart home security. 
    Reference | Related Articles | Metrics
    Research on Evaluation Anti-attack Capability for  High Security Level System
    Journal of Information Security Reserach    2022, 8 (7): 666-.  
    Abstract108)      PDF (2273KB)(83)       Save
    High security level protection objects are generally threelevel or above protection systems, which are extremely important protection objects. However, at present, the evaluation of high security level protection objects focuses on compliance security evaluation, and the evaluation work is limited to static security configuration inspection. It is difficult to confirm the actual utility of security mechanisms and security products, and there is a lack of antiattack ability evaluation of such protection objects. Therefore, this paper analyzes the antiattack capability evaluation requirements of the high security level system, and puts forward the antiattack capability evaluation model based on the APT threat path. By constructing APT threat capability library in the high security level system, different types of APT organizations are simulated to analyze the protection capability of the level protection object. In this paper, the construction method and key technologies of threat capability model are presented, and the model is implemented. Finally, this paper constructs 520 threat path test cases to test and evaluate the antiattack ability of the evaluation object.Key words advanced persistent threat; evaluation model; threat capability model; APT; classified security protection
    Related Articles | Metrics
    Data Security Governance Practices
    Journal of Information Security Reserach    2022, 8 (11): 1069-.  
    Abstract108)      PDF (5897KB)(118)       Save
    Data security governance has been written into the Data Security Law of the People’s Republic of China. At the same time, data security governance is also one of the key points in the construction of systematic network security. This paper analyzes the data security governance concepts of Gantner and Microsoft, combines enterprise architecture, stakeholder theory, data flow security assessment, maturity security assessment and other methodologies, forms a set of data security governance concepts, and designs a data security management and operation platform for dynamic supervision and data security operation of data security governance indicators. Since 2018, this methodology and platform have been put into practice in the project to solve the construction and optimization of users’ data management and defense system.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (8): 777-.  
    Abstract103)      PDF (1830KB)(62)       Save
    With the rapid growth of mobile applications and their users, the security of mobile applications has increasingly become the primary concern of the users. At present, there are more and more variants of malware based on the Android platform. There is an urgent need for efficient and effective malware detection methods to ensure the security and reliability of the Android app platform. To address these concerns, we present our lightweight solution ISEDroid which is based on the Instruction Sequence Embedding method to detect Android malware. ISEDroid extracts the instruction execution sequences from the Dalvik code fragments of Android apps, which are used to represent all executable and traceable paths of malware during runtime. Then, it transforms the instruction sequence into a low dimensional numerical vector through the embedding method in natural language processing, and then generates the semantic summary of the sample code behaviors using the average pooling algorithm. Finally, by evaluating different machine learning algorithms, adjusting the dimension of embedded vectors, and optimizing various hyperparameters, we ensure that the parameters of the model are all optimal, so as to achieve the best classification performance. A large number of experiments show that the method proposed in this paper can accurately identify Android malware, and achieved an F1 score of 0.952.

    Related Articles | Metrics