Journal of Information Security Reserach

Select

A Survey on Backdoor Attacks and Defenses in Federated Learning

Journal of Information Security Reserach 2025, 11 (9): 778-.

Abstract （251）

PDF （2638KB）（71）

Save

Federated learning is a machine learning framework that enables participants in different fields to participate in largescale centralized model training together under the condition of protecting local data privacy. In the context of addressing the pressing issue of data silos, federated learning has rapidly emerged as a research hotspot. However, the heterogeneity of training data among different participants in federated learning also makes it more vulnerable to model robustness attacks from malicious participants, such as backdoor attacks. Backdoor attacks inject backdoors into the global model by submitting malicious model updates. These backdoors can only be triggered by carefully designed inputs and behave normally when input clean data samples, which poses a great threat to the robustness of the model. This paper presents a comprehensive review of the current backdoor attack methods and backdoor defense strategies in federated learning. Firstly, the concept of federated learning, the main types of backdoor attacks and backdoor defenses and their evaluation metrics were introduced. Then, the main backdoor attacks and defenses were analyzed and compared, and their advantages and disadvantages were pointed out. On this basis, we further discusses the challenges of backdoor attacks and backdoor defenses in federated learning, and prospects their research directions in the future.

Reference | Related Articles | Metrics

Select

Fake News Detection Model Based on Crossmodal Attention Mechanism and#br# Weaksupervised Contrastive Learning#br#

Journal of Information Security Reserach 2025, 11 (8): 693-.

Abstract （201）

PDF （1508KB）（49）

Save

With the widespread popularization of the Internet and smart devices, social media has become a major platform for news dissemination. However, it also provides conditions for the widespread of fake news. In the current social media environment, fake news exists in multiple modalities such as text and images, while existing multimodal fake news detection techniques usually fail to fully explore the intrinsic connection between different modalities, which limits the overall performance of the detection model. To address this issue, this paper proposes a hybrid model of crossmodal attention mechanism and weaksupervised contrastive learning(CMAWSCL) for fake news detection. The model utilizes pretrained BERT and ViT models to extract text and image features respectively, and effectively fuses multimodal features through the crossmodal attention mechanism. At the same time, the model introduces weaksupervised contrast learning, which utilizes the prediction results of effective modalities as supervisory signals to guide the contrast learning process. This approach can effectively capture and utilize the complementary information between text and image, thus enhancing the performance and robustness of the model in multimodal environments. Simulation experiments show that the CMAWSCL performs well on the publicly available Weibo17 and Weibo21 datasets, with an average improvement of 1.17 percentage points in accuracy and 1.66 percentage points in F1 score compared to the current stateoftheart methods, which verifies its effectiveness and feasibility in coping with the task of multimodal fake news detection.

Reference | Related Articles | Metrics

Select

Design of a Large Model Data Supervision System Based on Blockchain

Journal of Information Security Reserach 2025, 11 (8): 682-.

Abstract （183）

PDF （2618KB）（84）

Save

Large model (LM) has shown great potential in the fields of natural language processing, image and speech recognition, and has become a key force driving the technological revolution and social progress. However, the wide application of LM technology brings challenges such as data privacy risks, data compliance regulation, and data regulatory activation and intelligence. This paper aims to explore how to utilize blockchain to design and construct an effective data regulatory system to promote its healthy development, in order to meet the challenges brought by the application of massive data to LM. This paper analyzes the trends and current status of the development of LM at home and abroad, and points out the main challenges to LM data regulation, including data privacy risks, data compliance, and the difficulty of effective supervision by regulators . A blockchainbased data regulation system design scheme is proposed to address these challenges, which realizes the fullcycle data regulation of LM data from the native metadata to the input of training until the posttraining feedback through four interconnected modules, namely, privacy protection, consensus algorithm, incentive mechanism, and smart contract. Finally, the application prospect of blockchain in LM data supervision is summarized, and the future trend of data supervision is outlooked.

Reference | Related Articles | Metrics

Select

Research on Critical Information Infrastructure Security Protection

Journal of Information Security Reserach 2025, 11 (10): 878-.

Abstract （182）

PDF （324KB）（74）

Save

Related Articles | Metrics

Select

Research on Security Assurance of Egovernment

Journal of Information Security Reserach 2025, 11 (10): 879-.

Abstract （179）

PDF （865KB）（53）

Save

government encompasses critical domains including government operations, public services, and data management, and its security directly affects national interests, public wellbeing, and social stability. In recent years, cyberattacks targeting Egovernment systems have become more frequent and continue to rise, security risks of government administrative networks continued to mount up and challenge security protection. This paper analyzes the development paths of Egovernment security protection at home and abroad and proposes relevant policy recommendations, with the aim of providing strong support for building a more perfect and optimized Egovernment security protection system.

Reference | Related Articles | Metrics

Select

A Symbioticbased Framework for AI Safety Governance

Journal of Information Security Reserach 2025, 11 (10): 897-.

Abstract （179）

PDF （2070KB）（75）

Save

Artificial intelligence technology is currently developing at an unprecedented pace, with safety concerns becoming a global focal point. Traditional AI safety research has predominantly relied on a “control paradigm”, emphasizing limitations, regulations, and value alignment to control AI behavior and prevent potential risks. However, as AI capabilities continue to strengthen, unidirectional control strategies are revealing increasingly significant limitations, with issues such as transparency illusions, adversarial evolution, and innovation suppression gradually emerging. Industry leaders like Sam Altman and Dario Amodei predict that AI may comprehensively surpass human capabilities in multiple fields within the next 23 years, making the reconstruction of AI governance paradigms particularly urgent. This paper proposes a new perspective—the “symbiotic paradigm”—emphasizing humanmachine collaboration as the core and understanding and trust as the foundation. Through establishing four pillars: transparent communication, bidirectional understanding, creative resonance, and dynamic boundaries, it promotes AI safety’s transition from control to cocreation, serving as one of the foundational paths for digital governance transformation. This paper systematically demonstrates the feasibility and necessity of the symbiotic paradigm through four dimensions: theoretical analysis, technological paths, practical cases, and governance recommendations, aiming to provide a sustainable alternative for future AI safety research and digital governance practices.

Reference | Related Articles | Metrics

Select

Research on Network Unknown Attack Detection Based on Machine Learning#br#

#br#

Journal of Information Security Reserach 2025, 11 (9): 807-.

Abstract （172）

PDF （1297KB）（44）

Save

In the complex context of the continuous evolution of cybersecurity threats, the threats posed by unknown network attacks to digital infrastructure are increasing daily. Consequently, The technology for detecting unknown network attacks based on machine learning has emerged as a focal point in research. This paper first discusses the classification of intrusion detection systems and the commonly used technologies for detecting unknown network attacks. Subsequently, it conducts an indepth exploration of the methods for detecting unknown attacks based on machine learning from three dimensions: anomaly detection, openset recognition, and zeroshot learning. Furthermore, it summarizes the commonly used datasets and key evaluation indicators. Finally, it summarizes and looks ahead to the development trends and challenges of unknown attack detection. This article can provide references for further exploring new methods and technologies in the field of cyberspace security.

Reference | Related Articles | Metrics

Select

Model of Insider Threat Behavior Detection Based on Graph Neural Network

Journal of Information Security Reserach 2025, 11 (7): 586-.

Abstract （171）

PDF （1890KB）（91）

Save

This paper designs a new detection model based on graph neural networks to address the shortcomings of existing models for insider threat behavior detection based on user behavior sequences, which cannot handle long sequences well. The model converts user behavior sequences into a graph structure and transforms the processing of long sequences into the processing of subgraph structures. The experiment designs a graph structure to describe user behavior, which is used to store user behavior in the form of graph data. The baseline GNN model is optimized for this graph structure, which is heterogeneous and has data stored on its edges. The experimental results show that, for the binary classification task of distinguishing normal and threatening behavior, the ROC AUC value of the proposed model is improved by 7% and the MacroF1 value is improved by 7% compared to the baseline model. In the sixclass classification task of distinguishing specific threat types, the MacroF1 value of the proposed model improves by 10% compared to the baseline model.

Reference | Related Articles | Metrics

Select

Encrypted Traffic Detection Method Based on Knowledge Distillation

Journal of Information Security Reserach 2025, 11 (8): 702-.

Abstract （162）

PDF （2774KB）（53）

Save

In recent years, with the rapid growth of Internet traffic, especially the popularity of encrypted communication, malicious traffic detection is facing a huge challenge, due to the limited resources and performance of mobile devices, which makes it more difficult to identify malicious behaviors in encrypted traffic on mobile. Therefore this paper proposes a knowledge distillation based encrypted traffic detection method. First, the traffic is transformed into images through visualization techniques; second, based on the ConvNeXt network architecture, the SK_SwiGLU_ConvNeXt network is constructed as the teacher network by introducing the SKNet attention mechanism and replacing the activation function GELU with SwiGLU; finally, the lightweight MobileNetV2 is selected as the student network and the use the teacher network to guide the student network training. The experimental results of this paper’s detection method on the publicly available dataset ISCX VPNNonVPN show that even in the resourceconstrained mobile device environment, the student network can improve the detection effect of the teacher model while reducing the model complexity, which proves that this method has efficient deployment potential on mobile devices.

Reference | Related Articles | Metrics

Select

The Enlightenment and Reference of Cybersecurity Protection Policies for Critical Information Infrastructure

Journal of Information Security Reserach 2025, 11 (10): 885-.

Abstract （157）

PDF （920KB）（33）

Save

The security and stability of critical information infrastructure (CII) are of crucial importance to national security, economic development, and social stability. The insights and lessons learned from the CII security safeguards policies of countries and organizations such as the European Union, Japan, the United States, and Russia merit reference. CII security safeguards policies in China has gone through the stages of early exploration, rapid development, and comprehensive advancement; it is confronted with real predicaments including insufficient policy foresight, inadequate crossdomain coordination and collaboration, poor coordination and alignment of standards, and weak discourse power in international rules. It is suggested that China should strengthen the strategic guidance and toplevel design for CII, improve the crossdomain overall planning and linkage mechanism, formulate and refine CII protection standards.

Reference | Related Articles | Metrics

Select

Implicit Harmful Text Detection Technology Based on Knowledgeenhanced #br# Multitask Learning#br#

Journal of Information Security Reserach 2025, 11 (8): 718-.

Abstract （155）

PDF （1578KB）（57）

Save

A large number of harmful texts on the Internet adopt implicit and euphemistic expressions to evade detection by censorship systems. Most of the current work focuses on explicit harmful speech and cannot effectively detect implicit harmful text. This paper investigates the detection of implicit euphemistic harmful text in Chinese using a multitask learning approach, where euphemistic sentence recognition is used to assist harmful text detection. Firstly, methods for integrating euphemistic language vocabulary features are explored to enhance the model’s representation of implicit meanings. Subsequently, contrastive learning is applied to enhance latent semantic representations and extract common features from implicitly harmful discourse. Finally, a multitask learning framework is constructed by combining euphemistic sentence recognition tasks with harmful text detection tasks, aiming to improve the detection performance through shared multitask parameters and multifeature fusion loss functions. The experimental results demonstrate the effectiveness of the model in detecting implicit harmful text.

Reference | Related Articles | Metrics

Select

Confidential Computation of Association Values of Set Intersection Elements

Journal of Information Security Reserach 2025, 11 (7): 645-.

Abstract （154）

PDF （846KB）（27）

Save

The computation of association values for intersection elements is an extension of the privacypreserving set intersection problem, representing a novel challenge in the domain of secure multiparty computation. This paper proposes a scheme for computing the association values of intersection elements securely. Initially, leveraging secret sharing combined with dual cloud servers, we implement a distributed oblivious pseudorandom function (OtdPRF). On this basis, we integrate the concept of oblivious polynomial interpolation with the ElGamal encryption algorithm to achieve a secure computation scheme for the sum of association values of intersection elements between two parties. In the above scheme，homomorphic computation overhead is outsourced to the cloud, thereby reducing computational complexity for participants. Furthermore, we expand the application scenarios based on the scheme for sum of association values of intersection elements, designing and implementing secure determination of threshold relationships and computation of average values of intersection elements. Finally, employing a simulation paradigm, we demonstrate the security of the proposed scheme under a semihonest model and analyze its performance in terms of computation and communication complexity.

Reference | Related Articles | Metrics

Select

Compound Admissibility Rules of Blockchain Evidence in Online Litigation

Journal of Information Security Reserach 2026, 12 (2): 134-.

Abstract （153）

PDF （1088KB）（45）

Save

Blockchain evidence offers a solution to the limitations of traditional electronic evidence by establishing a new model of “evidence selfauthentication”. However, current regulations in China exhibit obvious limitations, failing to fully cover the application of blockchain evidence in both online and offline spaces, while prioritizing authenticity at the expense of admissibility. To realize the proper application of blockchain evidence in the Chinese context, this paper proposes a dualspace framework integrating technological selfauthentication with legal presumptions. This approach aims to achieve consensual justice, composite admissibility rules for preservation, presentation, crossexamination, and authentication, and thereby foster a novel form of evidence rule of law with benign interaction between rule of law and technical rule of law.

Reference | Related Articles | Metrics

Select

Research on Address Recognition of Bitcoin Mixed Coin Transactions Based on ResGCN

Journal of Information Security Reserach 2025, 11 (7): 603-.

Abstract （149）

PDF （2739KB）（22）

Save

Bitcoin has received attention for its decentralized peertopeer anonymity nature, but its pseudoanonymity makes the transaction still traceable. In order to meet the higher requirements of users for privacy, mixedcoin transactions came into being. However, mixedcoin transactions make it more difficult to trace the funds of bitcoin, and at the same time, it also becomes an accomplice in assisting criminals to illegally launder money. In order to prevent and combat money laundering and other financial crimes, this paper proposes a graph neural networkbased address recognition method for bitcoin mixedcoin transactions. Firstly, a rich and representative labeled address dataset is constructed; secondly, a residual graph convolution network ResGCN is constructed by adding residual connections for graph feature learning and embedding, which overcomes the gradient decay problem of the traditional graph convolution network GCN with the increase of the number of graph convolution layers; and then the selfattention mechanism is combined with the multilayer perceptron MLP for graph classification; and finally output the binary classification results. The experimental results show that the method in this paper can accurately recognize the mixedcoin transaction addresses.

Reference | Related Articles | Metrics

Select

Research on Analysis and Detection Methods of Adversarial Crosssite #br# Scripting Attacks Based on LSTM and CNN#br#

Journal of Information Security Reserach 2025, 11 (8): 761-.

Abstract （149）

PDF （1115KB）（35）

Save

In recent years, machine learning and deep learning techniques have achieved significant success in detecting crosssite scripting (XSS) attacks. However, they still face challenges in defending adversarial attacks. To address this issue, this paper proposes an optimized method based on soft actorcritic (SAC) reinforcement learning combined with long shortterm memory (LSTM) and convolutional neural network (CNN). Firstly, adversarial samples are generated by leveraging the SAC and LSTMCNN detection model to simulate attacker strategies. These samples are then used for incremental training of the detection model, progressively narrowing the adversarial data generation space and improving the model’s robustness and detection accuracy. Experimental results show that the generated adversarial data achieves an evasion success rate of over 90% across multiple detection tools. After incremental training, the detection model’s defense capability against adversarial XSS attacks is significantly enhanced, with the evasion rate continuously decreasing.

Reference | Related Articles | Metrics

Select

Dualbranch Malicious Code Homology Analysis Model Based on Feature Fusion

Journal of Information Security Reserach 2025, 11 (7): 594-.

Abstract （147）

PDF （2563KB）（66）

Save

In the homology analysis of malicious code, a large number of malicious code variants are generated due to techniques such as encryption, obfuscation, and packing, which leads to the problem that the deep learning model has insufficient ability to extract the features of malicious code. To solve this problem, a multibranch convolution and transformernet (MCATNet) homology analysis model based on feature fusion was proposed. Firstly, an MCATNet dualbranch network was constructed, one branch was a multibranch convolutional MBC (Multibranch convolution) module, and the MBC module was used to construct the CNN branch, and the CBAM hybrid attention mechanism was introduced to make the network pay more attention to the core features while taking into account the local features. Another branch is the Transformer module with ViT as the backbone, which extracts global feature information of malicious code images and proposes a downsampling module to finely preserve global features while aligning the feature maps of Transformer and CNN at the spatial scale. Secondly, the cascading strategy is used to fuse the local features of the CNN branch and the global features of the Transformer branch to solve the problem that the network only focuses on a single feature. Finally, the Softmax classifier was used to analyze the homology of the malicious code family. Experimental results show that the classification accuracy of the twobranch model based on feature fusion reaches 99.24%, which is 0.11% and 0.65% higher than that of the singlebranch CNN and singlebranch Transformer models, respectively.

Reference | Related Articles | Metrics

Select

SM9based Decentration Crosschain Medical Data Sharing Scheme

Yu Huifang and Li Shunkai

Journal of Information Security Reserach 2025, 11 (9): 832-.

Abstract （140）

PDF （2204KB）（64）

Save

To solve the problems of data leakage and data silos between medical institutions in medical system, a SM9based decentration crosschain medical data sharing scheme (DCCMDSS) is proposed in this article. Relay chain and hash time lock contract (HTLC) realize the crosschain data sharing between medical institutions, the interplanetary file system (IPFS) reduces the storage pressure of blockchain and ensures the integrity of medical data. SM9based algorithm encrypts medical data and group signature allows the group members to sign the data on behalf of the whole group without revealing their personal identities. Consequently, DCCMDSS effectively avoids the privacy leakage and ensures the traceability of signature. DCCMDSS reduces the crosschain transaction overhead and improves the security of medical data.

Reference | Related Articles | Metrics

Select

Personalized Differential Privacy Trajectory Publishing Scheme Fusing Semantic

Journal of Information Security Reserach 2025, 11 (7): 670-.

Abstract （137）

PDF （3808KB）（36）

Save

Trajectory databases contain massive information, and direct release may lead to the disclosure of personal sensitive information. The location semantic information of users encompasses abundant details about daily activities and access preferences. The existing personalized differential privacy trajectory publishing scheme does not consider the semantic information between location points in determining the privacy level, and there is still an imbalance between privacy and data availability. To solve the above problems, a semantically integrated personalized differential privacy trajectory publishing scheme (PRTDP) is proposed, which determines the dynamic privacy level according to the mobile characteristics of the user’s own trajectory. Firstly, an algorithm for determining sensitive location points is proposed. The DBSCAN clustering algorithm is used to obtain the user’s sensitive location points. Then, a personalized privacy level partitioning algorithm is proposed. By leveraging the semantic information between the location points, we construct a digraph model of the sensitive location point relationships and design an enhanced PageRank algorithm to determine the privacy level of the location points. Laplace noise corresponding to the privacy level is added to the trajectory data before publication. PRTDP scheme can effectively protect the sensitive information of users while enhancing trajectory data usability of trajectory data. Experiments show that the scheme outperforms the existing schemes NFRP algorithm and FPT algorithm in three dimensions: privacy protection degree, availability and time efficiency.

Reference | Related Articles | Metrics

Select

Research on Traffic Anomaly Detection Method and System for API Gateway

Journal of Information Security Reserach 2025, 11 (10): 917-.

Abstract （135）

PDF （1061KB）（39）

Save

With the rise of cloud services and the widespread use of API technology, many network capabilities of operators are usually outputted and empowered through APIs. API gateways have become an important way for northsouth and eastwest system interconnection and data sharing. This paper proposes a method for API gateway traffic anomaly detection based deep learning. Firstly, a heterogeneous graph is constructed to comprehensively represent the gateway traffic network. Then, based on graph attention neural network, node representations in the heterogeneous graph are learned by considering both structural and temporal dimensions. We introduce graph structure refinement to compensate for sparse connections between entities in the heterogeneous graph and obtain more robust node representation learning; Finally, the meta learning algorithm is used to optimize the model and improve its generalization ability in small sample scenarios. The model can be deployed on gateway devices. The algorithm model was experimentally evaluated on the CICIDS2017 dataset, and the results showed that compared with the baseline algorithm, the detection method proposed in this paper has good performance in small sample and multi classification problems.

Reference | Related Articles | Metrics

Select

Research on Frontier Technologies for Critical Information Infrastructure Security Protection

Journal of Information Security Reserach 2025, 11 (12): 1075-.

Abstract （135）

PDF （994KB）（44）

Save

Currently, China’s critical information infrastructure (CII) faces significant threats, including statesponsored cyber attacks and supply chain disruptions. This research aims to systematically analyze the key technological frameworks and development trends in CII security protection, assess China’s current technological capabilities and core bottlenecks in this domain, and propose development strategies and implementation pathways aligned with national conditions. Focusing on key technology clusters such as dynamic active defense, intelligent analysis and response, and resilience architectures, the study explores their synergistic application mechanisms and integration points with existing policies. The study seeks to provide critical technical support and policy recommendations for enhancing the security resilience and compliance of CII.

Reference | Related Articles | Metrics

Select

A Buildin Fuzzing Framework for Opensource BMC Firmware

Journal of Information Security Reserach 2025, 11 (7): 611-.

Abstract （134）

PDF （1321KB）（42）

Save

The baseboard management controller (BMC) is a remote management component of servers with high system privileges, and its firmware security is crucial. Currently, opensource BMC firmware, such as OpenBMC, is favored due to its good compatibility, high openness, and shorter development cycles. Facing challenges such as limited computational resources and complex execution environments in firmware dynamic analysis, fuzzing technology combined with firmware emulation can effectively perform vulnerability analysis. However, existing tools mainly target simple closedsource embedded firmware and are not wellsuited for the complex structure of BMC firmware. This paper presents a buildin fuzzing framework, BMCfuzz, tailored for opensource BMC firmware, which supports generalpurpose program analysis tools. The framework relies on full system emulation, allowing generalpurpose fuzzing tools to be directly deployed in the emulated firmware, bypassing the complex emulation environment and directly working on firmware programs. Additionally, the framework leverages opensource features to enhance fuzzing efficiency through source code instrumentation. For complex network service programs that are difficult to emulate, this paper proposes a simple method for generating fuzzed network packet injections to handle fuzzed data input, enabling better emulation and analysis. Experimental results show that the framework’s execution efficiency is improved by 12.1 times, and code coverage is increased by 6.17 times compared to binary instrumentation methods, demonstrating better testing performance.

Reference | Related Articles | Metrics

Select

Internet of Things Intrusion Detection Model Based on Federated Learning

Journal of Information Security Reserach 2025, 11 (9): 788-.

Abstract （134）

PDF （1432KB）（39）

Save

The Internet of things (IoT) has shown a wide range of application prospects and huge development potential in many fields. However, as the scale of the IoT continues to expand, independent IoT devices lack highquality attack instances, making it difficult to effectively respond to increasingly complex and diverse attack behaviors. Consequently, addressing IoT security issues has become a critical challenge that requires urgent attention. To address this problem, the paper proposes an IoT intrusion detection model based on federated learning and attention mechanisms, which allows multiple devices to train the global model collaboratively while protecting their data privacy. Firstly, this paper constructs an intrusion detection model combining convolutional neural network and mixed attention mechanism to extract key features of network traffic data, so as to improve detection accuracy. Secondly, the paper introduces the model contrast loss to correct the training direction of the local model to alleviate the global model convergence difficulties caused by the nonindependent and same distribution of data between devices. The experimental results show that the proposed model is significantly superior to the existing methods in terms of accuracy, accuracy and recall, demonstrating stronger intrusion detection capabilities, and can effectively deal with complex data distribution problems in the IoT environment.

Reference | Related Articles | Metrics

Select

Government Data Catalog Security Sharing Model Based on Editable Blockchain

Journal of Information Security Reserach 2025, 11 (10): 966-.

Abstract （133）

PDF （6159KB）（65）

Save

As government demand for data sharing rises, ensuring data security and reliability has become critical. This paper proposes a secure sharing model for government data catalogs using editable blockchain, which facilitates collaborative updates both onchain and offchain, incorporates finegrained editing permissions, and implements robust security controls. The model employs a dualtrapdoor chameleon hash function with a temporary trapdoor key for onchain updates, addressing the problem that traditional key splitting and recovery schemes cannot balance security and efficiency. Additionally, it introduces an editing permission authorization mechanism that combines user IDbased multiinstitution attribute encryption with temporary trapdoor keys, ensuring accurate permission management across departments. A thorough security analysis confirms the model’s effectiveness in mitigating various security threats. The analysis reveals that the proposed model significantly enhances the trustworthiness of government data sharing by effectively addressing security challenges and ensuring data integrity. These findings highlight the potential of editable blockchain technology in transforming how government entities manage and share sensitive information.

Reference | Related Articles | Metrics

Select

Robust Malicious Encrypted Traffic Detection Method Based on Dual Confidence Sample Selection

Journal of Information Security Reserach 2025, 11 (10): 924-.

Abstract （132）

PDF （1679KB）（20）

Save

In the task of detecting malicious encrypted traffic, the existence of noise tags seriously affects the generalization ability and detection accuracy of the model. To solve the above problems, a noise label learning method based on DCASS (dualconfidence adaptive sample selection) is proposed to realize robust malicious encryption traffic detection. Firstly, the low dimensional features of samples are extracted by self encoder, and the feature confidence of samples is constructed.Then, the label confidence of samples is evaluated according to their performance in classification training. Finally, an adaptive selection threshold is proposed to select samples based on the dual confidence of feature space and label space, and filter noise samples dynamically to improve the robustness of the model. Experiments on CIRACICDoHBrw2020 dataset show that the proposed method has good performance and stability in dealing with noise labels. The F1 scores of the method reach 86.686%, 86.749%, 83.199% respectively when the noise rate is 20%, 30%, 40%. Compared with the existing three methods, the method proposed in this paper shows the best performance under different noise rates, with the average performance improvement of 18.89%, 37.34%, 6.32% respectively.

Reference | Related Articles | Metrics

Select

Imperceptible Proactive Defense Method Against Face Attribute Editing

Journal of Information Security Reserach 2025, 11 (10): 941-.

Abstract （132）

PDF （2504KB）（22）

Save

Although the face attribute editing forgery active defense method based on generative adversarial network (GAN) generates adversarial perturbations faster than the gradient attackbased methods, existing methods still fail in balancing the proactive defense effect with the imperceptibility of generated perturbations. Therefore, this paper proposed a highly imperceptible proactive defense method against face attribute editing based on GAN. To enhance the imperceptibility of the perturbations, the method designed a highfrequency information compensation mechanism to enable the generator to generate more highfrequency perturbations that are less sensitive to the human eye. To improve the proactive defense performance of generated perturbations, the proposed method also designed a multilevel dense connection mechanism for reducing semantic loss during the encoding process. Meanwhile, the method introduced face saliency adversarial loss in training stage to enable perturbations to disrupt face forgery areas better. The experiments were conducted in both singlemodel and crossmodel defense scenarios. The results indicate that compared to existing methods, the proposed method generates more imperceptible adversarial perturbations and obtains high success rates for defending against target models.

Related Articles | Metrics

Select

Security Resource Scheduling Methods in Virtualization Environment

Journal of Information Security Reserach 2025, 11 (7): 652-.

Abstract （126）

PDF （1729KB）（33）

Save

In the era of cloud computing, The integration of security technology and cloud computing has given rise to an innovative security defense approachvirtualization of security resources. This novel architecture serves as a basis for a comprehensive security protection system that consolidates multiple security functionsincluding firewalls, intrusion detection and prevention systems, and antivirus solutionsinto a flexible resource set through virtualization and softwaredefined technologies. This article delves into the relevant concepts, advantages, typical scheduling algorithms, and future development directions of secure resource virtualization. This article provides a detailed analysis of the composition devices and functional characteristics of virtualized security resources, and points out their advantages in resource virtualization and sharing, flexible expansion, unified management, and deep integration with cloud environments. In terms of scheduling algorithms, this article studies various typical virtualization security resource and task scheduling strategies, such as coral reef task scheduling algorithm, immune genetic algorithm, improved pollen transmission algorithm, and improved algorithm based on Pareto optimal theory, and explores their advantages and applicable scenarios. The article looks forward to the future development direction of security resource virtualization, The aim is to provide reference for further optimization configuration and cost control of security resource virtualization, and promote more efficient and stable development in the field of cloud computing under the premise of ensuring security.

Reference | Related Articles | Metrics

Select

Research on Security Challenges and Countermeasures for Critical Information Infrastructure in the Artificial Intelligence Era

Journal of Information Security Reserach 2025, 11 (12): 1087-.

Abstract （126）

PDF （944KB）（36）

Save

With the rapid advancement of artificial intelligence (AI) technologies, critical information infrastructure is confronting unprecedented security challenges. This paper employs systematic analysis and comparative research methods to examine the security threats faced by critical information infrastructure in the AI era, specifically focusing on structural vulnerabilities, governance lag, and dual technical risks. Drawing on the strategic practices of major economies such as the United States, the European Union, and Japan, it proposes that China should enhance AI security policy standards, establish a security risk governance framework, and strengthen security technology innovation. Through these pathways, China can build a selfreliant, secure, and reliable AIenabled critical information infrastructure system, thereby enhancing national digital security capabilities and global competitiveness.

Reference | Related Articles | Metrics

Select

FastHotStuff Blockchain Consensus Algorithm with Adaptive View Dynamic Timeouts

Journal of Information Security Reserach 2025, 11 (7): 619-.

Abstract （125）

PDF （1301KB）（16）

Save

The FastHotStuff algorithm achieves a twostage pipelined Byzantine fault tolerant consensus through aggregated signatures. When the leader node of FastHotStuff fails, the deadlock problem in the view change phase brings communication complexity of O(n2). However, current studies have only focused on the deadlock problem and have not considered the issue of continuous view timeouts caused by Byzantine nodes and volatile networks. To address this problem, we propose a FastHotStuff blockchain consensus algorithm with adaptive view dynamic timeouts, called AVDHotStuff. First, the view dynamic timeout strategy algorithm adaptively controls the duration of the next view timeout to avoid continuous view timeouts caused by volatile networks. Second, the leader waiting strategy algorithm reduces the communication complexity of view change from O(n2) to O(n), and ensures the efficiency of view change by adaptively controlling the leader waiting time. Finally, the reputationbased leader selection strategy algorithm introduces reliable nodes into the consensus process, avoiding continuous view timeouts by removing Byzantine nodes during the view change phase. We have conducted experiments to compare our algorithm with FastHotStuff. When Byzantine nodes are present, the average throughput of AVDHotStuff increases by approximately 51.4%, and its average latency decreases by about 59.9%.

Reference | Related Articles | Metrics

Select

A PUFbased Identity Authentication and Key Negotiation Protocol for Telemedicine

Journal of Information Security Reserach 2025, 11 (7): 626-.

Abstract （125）

PDF （2116KB）（36）

Save

Telemedicine is rapidly developing due to its high service efficiency and good medical experience, but the secure transmission of medical data is a critical challenge that needs urgent resolution. Although a large number of authentication and key negotiation protocols suitable for telemedicine environments exist, some of the protocols suffer from security risks and inefficiencies. To address the existing problems, we propose a PUFbased authentication and key negotiation protocol. The protocol employs a trusted gateway to implement a manytomany authentication and key negotiation mechanism, uses the PUF function to generate a “device fingerprint” for unique identification, and leverages the ECC algorithm to ensure the confidentiality of the data. The semantic security of the session key is proved under the random oracle model, the confidentiality and authenticity of the protocol are verified by the ProVerif simulation tool, and the nonformal analysis proves that the protocol is resistant to common attacks such as offline password guessing and session key compromise. Comparison results with related protocols in terms of computation overhead, storage overhead, communication overhead and security show that this protocol exhibits notable feasibility and advantages.

Reference | Related Articles | Metrics

Select

Multireceiver Multimessage Adaptive Broadcast Signcryption Mechanism

Journal of Information Security Reserach 2025, 11 (7): 636-.

Abstract （125）

PDF （1048KB）（27）

Save

To address the issues of user privacy protection and adaptive message quantity in multireceiver broadcast signcryption, a certificateless multireceiver multimessage adaptive broadcast signcryption mechanism was proposed. The receiver identity ID is input into the Lagrange interpolation polynomial to calculate the ciphertext index, and the receiver uniquely locates the signcryption ciphertext, which solves the problem of selfadaptation of the number of messages in the broadcast signcryption. Based on the elliptic curve cryptography, the user decryption key is associated with a random element on the group to solve the privacy protection problem of multireceiver users. Under the random Oracle model, based on the discrete logarithmic assumption and the computational DiffieHellman assumption on the elliptic curve additive cyclic group, it is proved that the scheme satisfies confidentiality and unforgeability. The functional efficiency analysis shows that the scheme is superior to the traditional multireceiver signcryption scheme.

Reference | Related Articles | Metrics

Select

Research on Domain Adaptive Intrusion Detection Method Based on Dynamic Feature Fusion

Journal of Information Security Reserach 2026, 12 (4): 294-.

Abstract （123）

PDF （1452KB）（90）

Save

Aiming at the problems of incomplete feature extraction and limited model generalization ability in intrusion detection research, a domain adaptive intrusion detection method with dynamic feature fusion is proposed. Firstly, a convolutional neural network is used to extract spatial features, while a bidirectional long shortterm memory network is utilized for temporal feature extraction. This approach enables comprehensive extraction of multidimensional feature information from network traffic data. Secondly, the uncertainty is measured by calculating the information entropy of the two features, and different weights are assigned according to the entropy value, and the extracted features are weighted and fused according to the weights. Finally, during the training process, the proposed adaptive domain weight loss algorithm is used to dynamically adjust the contribution of the source domain and target domain data to improve the generalization ability of the model on the target domain data. Experiments are carried out using the NSLKDD and UNSWNB15 datasets. Compared with the existing mainstream methods, this method has higher detection accuracy, which is 0.8563 and 0.916 respectively.

Reference | Related Articles | Metrics

Select

A Privacy Budget Allocation Method Based on Differential #br# Privacy kmeans++#br#

Journal of Information Security Reserach 2025, 11 (8): 710-.

Abstract （121）

PDF （1126KB）（31）

Save

For the traditional differential privacy kmeans++ algorithm, uniform budget allocation by the equal division method cannot meet varying privacy needs. Meanwhile, binary division rapidly depletes the budget, leading to excessive noise later on, both impairing clustering performance. To solve this problem, a new privacy budget allocation method combining the arithmetic and equal allocation methods was proposed. For initial center selection, use an equal division budget allocation. For center updates, early stage uses arithmetic progression, later stage switches to equal division, both focused on minimal budget. This approach ensures substantial initial privacy budget for minimal cluster center distortion, and moderate budget depletion later to prevent excessive noise that could compromise clustering outcomes. A series of experiments based on real data show that, compared to the original kmeans++, the minimum error is only 0.09%. Compared to the equal distribution method and the binary method, the clustering accuracy is improved by up to 14.9% and 16.9% respectively. It can be seen that this method is significantly better than the equal division and the binary division, and can improve the usability and accuracy of clustering results to a certain extent.

Reference | Related Articles | Metrics

Select

A Lightweight PUFbased Anonymous Authentication Protocol for Wireless Medical Sensor Networks

Journal of Information Security Reserach 2025, 11 (12): 1134-.

Abstract （121）

PDF （2231KB）（28）

Save

In response to the current challenges of resource constraints and the vulnerability of wireless medical sensor nodes, this paper proposes a lightweight anonymous authentication protocol specifically designed for wireless medical sensor networks. The protocol utilizes a physical unclonable function (PUF), deployed by the gateway, to facilitate secure authentication and key negotiation between medical experts and wireless medical sensor nodes via the gateway. The Proverif protocol analysis tool, the ROR Oracle model and nonformal analysis demonstrate that this protocol achieves mutual authentication and session key negotiation between medical specialists and wireless medical sensors, and is resistant to common attacks with good security properties. A comparison of the proposed protocol with other authentication protocols from recent years reveals that it has the lowest computational costs, with the total computational costs outperforming other protocols by more than 22.7% when the number of authentication times reaches 3500. Furthermore, experiments demonstrate that the protocol has good security attributes and lightweight characteristics, making it suitable for resourceconstrained wireless medical sensor networks.

Reference | Related Articles | Metrics

Select

Authenticated Key Agreement Protocol for Postquantum Anonymous Communication

Journal of Information Security Reserach 2025, 11 (7): 661-.

Abstract （120）

PDF （1449KB）（34）

Save

As the scale of data in the network becomes more and more enormous. These data are highly associated with the users, once the data is leaked, the identity information and personal privacy of the users will be seriously threatened. The encryption system based on traditional number theory becomes no longer secure with the rapid development of quantum technology, in response to this problem, this paper proposes a key negotiation protocol that gives anonymous authentication on the lattice, based on lattice cryptography security challenges can resist quantum attacks, its security has been analyzed by the security model and theoretical and compared with similar schemes to obtain a significant improvement. This novel protocol is based on the authentication cryptography of lattice ciphers, which is capable of accomplishing mutual authentication and establishing secure communication, and is able to optimize the deployment of certificate system components of public key infrastructure.

Reference | Related Articles | Metrics

Select

Research on the Governance System of Ensuring Both Crossborder #br# Data Flow and Safety#br#

#br#

Journal of Information Security Reserach 2025, 11 (9): 840-.

Abstract （119）

PDF （1493KB）（26）

Save

Crossborder data flow is a fundamental part of digital trade, and it is also a key issue in the international data governance game. At present, China has preliminarily formed a system of rules and regulations for crossborder data flow, but there are still prominent problems such as difficulties in crossborder risk screening, slightly rough rules and systems, difficulties in the dominance of international rules, and weak crossborder regulatory means. To seriously solve the problem of crossborder data flow, it is urgent to better coordinate development, security and openness to build a crossborder data governance system. The policy system clarifies basic propositions, improves the legal system, refines institutional rules, consolidates technology platforms and expands practice carriers, in order to align with highstandard international economic and trade rules, and gradually form a plan for crossborder data flow with Chinese characteristics.

Reference | Related Articles | Metrics

Most Read articles