Most Read articles

Published in last 1 year |  In last 2 years |  In last 3 years |  All

Published in last 1 year

Please wait a minute...


For Selected: Download Citations EndNote Ris BibTeX Toggle Thumbnails

Select

A Survey of Network Topology Obfuscation Techniques Journal of Information Security Reserach    2025, 11 (4): 296-.   Abstract （246）      PDF （1248KB）（123）       Knowledge map    Save LinkFlooding Attack (LFA) is a novel distributed denialofservice (DDoS) attack that exploits network topology detection. Network Topology Obfuscation serves as an effective deceptive defense mechanism against this attack, aiming to provide proactive protection before an attack occurs. Over the past decade, relevant research has continuously made progress, proposing corresponding obfuscation solutions for different scenarios and objectives. This paper comprehensively reviews the network topology obfuscation techniques. First, it combines the basic principles and classifications of network topology discovery to point out the risks of topology leakage in current network topology discovery. Next, it formally defines network topology obfuscation design and presents a proactive defense model. Then, based on the obfuscation concept, the technologies are divided into packet modification, decoy traps, routing mutation, and metric forgery schemes, and proposes a set of metrics to comprehensively compare the current mainstream network topology obfuscation techniques. Reference | Related Articles | Metrics

Select

Design and Implementation of Resourceefficient SM4 Algorithm on FPGA Journal of Information Security Reserach    2025, 11 (6): 490-.   Abstract （243）      PDF （2238KB）（99）       Knowledge map    Save In the hardware implementation of the SM4 algorithm, the lookup table method is commonly adopted for realizing the Sbox, which consumes a significant amount of hardware resources. This paper proposes an implementation scheme for the SM4 algorithm based on polynomial basis. Two construction schemes are developed for the 8×8 Sbox used in the SM4 algorithm, one based on composite field GF((24)2) and the other on composite field GF(((22)2)2). The test results indicate that the scheme based on polynomial bases GF((24)2) is optimal. Taking into account both resource utilization and performance, this paper designs two hardware implementation structures for SM4: a state machine parallel structure and a pipelined structure. Compared with the traditional lookup table approach, the state machine parallel structure reduces resource utilization by 21.98% while increasing the operating frequency by 14.4%. The pipelined structure achieves a reduction in resource utilization by 54.23%. Reference | Related Articles | Metrics

Select

Deep Learningbased Method for Encrypted Website Fingerprinting Journal of Information Security Reserach    2025, 11 (4): 304-.   Abstract （236）      PDF （1407KB）（109）       Knowledge map    Save Website fingerprinting is an important research area within the fields of network security and privacy protection. Its goal is to identify websites accessed by users within an encrypted network environment by analyzing network traffic characteristics. In response to the problems of limited application scenarios, such as restricted application scenarios, insufficient applicability, and the singularity of feature selection, this paper proposes a deep learningbased method for encrypted website fingerprinting. Initially, a new preprocessing method for raw data packets is introduced, which processes directly captured raw packet files to generate a feature sequence with both spatial and temporal characteristics, structured hierarchically. Following this, a hybrid deep learning model combining convolutional neural networks and long shortterm memory networks is designed to thoroughly learn the spatial and temporal features present in the data. The study further investigates various activation functions, model parameters, and optimization algorithms to improve the model’s accuracy and generalization capability. Experimental results indicate that this method provides higher website fingerprinting accuracy in the onion router anonymous network environment when it does not rely on cell packets. And it also achieves better accuracy compared to current mainstream machine learning methods in virtual private network scenarios. Reference | Related Articles | Metrics

Select

Innovative and Professional Talent Education Architecture of  Cyberspace Security in New Situation Journal of Information Security Reserach    2025, 11 (4): 385-.   Abstract （212）      PDF （3780KB）（124）       Knowledge map    Save The emerging new problems and technologies in the field of cybersecurity currently do not match the applicability and timeliness of existing talent cultivation in technological development. In response to this, this paper investigates the innovative professional training system for cybersecurity talents under new circumstances. We systematically examine key issues in talent cultivation, dynamic updates of training objectives, evolution of knowledge systems, and cultivation of innovative competencies. The study proposes and constructs a comprehensive, multilevel, and dynamic talent cultivation framework for cyberspace security professionals, encompassing core theoretical research, critical technology R&D, and comprehensive innovation capability development that adapts to new technological trends. Through innovative processes including instructional objective design, content adaptation, teaching implementation, and feedback mechanisms, we establish an internationally adaptable training system that dynamically responds to technological advancements. This approach strengthens the dynamism, adaptability, and practical orientation of cybersecurity talent cultivation, effectively addressing the demand for innovative professionals in cyberspace security under evolving technological landscapes and emerging requirements. Reference | Related Articles | Metrics

Select

A Blackbox Antiforensics Method of GANgenerated Faces Based on #br# Invertible Neural Network#br# Journal of Information Security Reserach    2025, 11 (5): 394-.   Abstract （206）      PDF （1920KB）（77）       Knowledge map    Save Generative adversarial network GANgenerated faces forensics models are used to distinguish real faces and GANgenerated faces. But due to the fact that forensics models are susceptible to adversarial attacks, the antiforensics techniques for GANgenerated faces have emerged. However, existing antiforensic methods rely on whitebox surrogate models, which have limited transferability. Therefore, a blackbox method based on invertible neural network (INN) is proposed for GANgenerated faces antiforensics in this paper. This method embeds the features of real faces into GANgenerated faces through the INN, which enables the generated antiforensics faces to disturb forensics models. Meanwhile, the proposed method introduces a feature loss during training to maximize the cosine similarity between the features of the antiforensics faces and the real faces, further improving the attack performance of antiforensics faces. Experimental results demonstrate that, under the scenarios where no whitebox models are involved, the proposed method has good attack performance against eight GANgenerated faces forensics models with better performance than seven comparative methods, and can generate highquality antiforensics faces. Reference | Related Articles | Metrics

Select

The Finegrained Executor Scheduling Algorithm for Unknown  Attacks Perception Journal of Information Security Reserach    2025, 11 (6): 569-.   Abstract （201）      PDF （1456KB）（40）       Knowledge map    Save Addressing security threats from unknown attacks exploiting software and system vulnerabilities in power grid devices often overlooks potential issues within operating systems and communication protocols at the programming languarg level. This paper proposes a finegrained scheduling algorithm that quantifies the similarity of execution components and incorporates parameters such as attack timing and frequency to assess historical trust deficit. By combining similarity and historical trust deficit, a quantitative algorithm for redundant execution body heterogeneity is introduced. Simulation experiments demonstrate that this algorithm significantly outperforms other methods in distinguishing execution body similarity, effectively reducing the risk of exploiting similar vulnerabilities or defects, and minimizing redundant wastage from similar execution bodies. The failure rate remains consistently below 0.55, indicating superior practical performance compared to commonly used algorithms. Reference | Related Articles | Metrics

Select

Design and Implementation of 3D Model Matching Algorithm Journal of Information Security Reserach    2025, 11 (6): 539-.   Abstract （199）      PDF （2587KB）（23）       Knowledge map    Save 3D model matching plays a vital role in model copyright protection and transaction facilitation by effectively preventing redundant authentication and enabling convenience for research, testing, and management in related fields. However, traditional matching approaches predominantly rely on plaintext matching, which, despite ensuring a certain level of matching accuracy and robustness, falls short in data privacy protection. To address this gap, ciphertext matching performs matching computations on encrypted data, thus enabling model matching while safeguarding data privacy. This approach offers significant practical value and broad application prospects. Therefore, this paper presents three matching strategies. 1) Under plaintext conditions, precise registration of 3D point clouds is achieved via the Iterative Closest Point (ICP) algorithm, followed by model matching using peak signaltonoise ratio (PSNR). 2) Under plaintext conditions, 3D point cloud features are extracted using the PointNet deep learning model, and feature similarity is calculated via cosine similarity. 3) Under ciphertext conditions, the extracted features are encrypted using homomorphic encryption. Cosine similarity is then used to compute the similarity of the encrypted features, thereby effectively protecting data privacy. Reference | Related Articles | Metrics

Select

A Latticebased CPABE Scheme with Policy Splitting and #br# Attribute Revocation#br# Journal of Information Security Reserach    2025, 11 (6): 548-.   Abstract （190）      PDF （1755KB）（17）       Knowledge map    Save Ciphertextpolicy attributebased encryption (CPABE) is suitable for providing secure datasharing services in the cloud storage scenario. However, attribute revocation is a challenging issue in CPABE. With the advancements in quantum computing research, traditional CPABE are no longer secure. Latticebased CPABE can resist quantum attacks. This paper proposes a latticebased CPABE scheme with policy splitting and attribute revocation. This scheme is resistant to quantum and collusion attacks. When attribute revocation occurs, this paper uses policy splitting to reduce the affected ciphertexts (blocks) and uses the lazy mode ciphertext update method to reduce the number and scope of ciphertexts that need to be updated. Theoretical analysis demonstrates that the overall storage cost of our scheme remains within a reasonable range. Finally, it is shown that, under the standard model, the scheme is proven secure against chosenplaintext attacks (CPA), and its security can be attributed to the ring learning with errors (RLWE) difficulty problem. Reference | Related Articles | Metrics

Select

Constructing Lightweight Trusted Execution Environment on  RISCV Dualcore Processor Journal of Information Security Reserach    2025, 11 (6): 500-.   Abstract （188）      PDF （2551KB）（33）       Knowledge map    Save With the rapid development of Internet of Things (IoT) technology, resourceconstrained embedded IoT devices face particularly severe challenges in information security. The Trusted Execution Environment (TEE) provides an effective approach to addressing the security issues of terminal devices. By dividing the system into secure and ordinary areas and employing mechanisms such as memory access control, TEE ensures the separate execution of secure and ordinary application software, thereby significantly enhancing the overall system security. This paper addresses the problem of trusted isolation of secure application software and proposes a lightweight TEE SystemonChip (SoC) solution based on a RISCV dualcore architecture. Specifically, the solution leverages the Physical Memory Protection (PMP) mechanism to achieve trusted isolation. Additionally, to prevent unauthorized access to secure area resources by ordinary area applications, a lowresource IOPMP design is presented, which uses a physical address access firewall mechanism to block unauthorized access. Furthermore, to facilitate efficient message transfer between the secure and ordinary areas, a Mailbox communication scheme based on the “message queue & interrupt” mechanism is proposed. Experimental results indicate that the design proposed in this paper has lower hardware resource consumption compared to similar designs, with a power consumption of only 0.256W, a 14% reduction. In the CoreMark test for the TEE CPU, the score reached 2.40 CoreMarks/MHz, which is double the performance of similar designs. Reference | Related Articles | Metrics

Select

Multiciphertext Equality Test Scheme Based on RLWE Journal of Information Security Reserach    2025, 11 (6): 511-.   Abstract （188）      PDF （1049KB）（29）       Knowledge map    Save With the rapid development of technology, privacy protection has become an important issue. In order to ensure the security of data, it is usually chosen to encrypt the data and store it on the cloud server. However, in this way, the cloud server cannot effectively process the encrypted data such as calculation and statistics, which limits many application scenarios. To address this issue, this paper proposes a PKEMET(publickey encryption with a multiciphertext equality test) scheme based on RLWE (ring learning with error) problem, and provides a correctness and security analysis. This solution allows the cloud server to perform equality tests on multiple ciphertexts at the same time, and is also resistant to quantum computing attacks. This paper also implements the scheme based on the Palisade library, and compares it with other schemes from the perspective of theory and implementation. Compared with other solutions, this solution has the advantages of high efficiency and short running time. Reference | Related Articles | Metrics

Select

Multiparty Data Security Sharing Scheme Based on Decentralized Verification Journal of Information Security Reserach    2025, 11 (6): 578-.   Abstract （184）      PDF （4817KB）（68）       Knowledge map    Save With the development of the Internet of Things, collaborative work between multiple devices is becoming increasingly common. However, in the process of data sharing, user privacy may face the risk of data theft and tampering. Existing FL methods rely on mobile edge computing (MEC) servers for model aggregation, and have problems with trust, security threats, and single points of failure. To solve these problems, a new multiparty data sharing scheme based on blockchain is proposed, in which a decentralized verification mechanism and a consensus mechanism inspired by proof of stake (PoS) are introduced. The decentralized verification mechanism ensures the legitimacy of each local model update by evaluating node behavior and voting, and only legitimate updates are used for global model building. In the process of model construction, homomorphic encryption and key sharing techniques are used to encrypt the local model parameters to ensure the security integrity of model parameters in the process of transmission and aggregation. The PoS consensus mechanism rewards honest behavior devices, increasing their chances of becoming block generators. In addition, the cache mechanism of information search is introduced to reduce the number of multiparty search. The data sharing scheme has been verified to enhance data security. Reference | Related Articles | Metrics

Select

Fake News Detection Model Based on Crossmodal Attention Mechanism and#br#  Weaksupervised Contrastive Learning#br# Journal of Information Security Reserach    2025, 11 (8): 693-.   Abstract （184）      PDF （1508KB）（44）       Knowledge map    Save With the widespread popularization of the Internet and smart devices, social media has become a major platform for news dissemination. However, it also provides conditions for the widespread of fake news. In the current social media environment, fake news exists in multiple modalities such as text and images, while existing multimodal fake news detection techniques usually fail to fully explore the intrinsic connection between different modalities, which limits the overall performance of the detection model. To address this issue, this paper proposes a hybrid model of crossmodal attention mechanism and weaksupervised contrastive learning(CMAWSCL) for fake news detection. The model utilizes pretrained BERT and ViT models to extract text and image features respectively, and effectively fuses multimodal features through the crossmodal attention mechanism. At the same time, the model introduces weaksupervised contrast learning, which utilizes the prediction results of effective modalities as supervisory signals to guide the contrast learning process. This approach can effectively capture and utilize the complementary information between text and image, thus enhancing the performance and robustness of the model in multimodal environments. Simulation experiments show that the CMAWSCL performs well on the publicly available Weibo17 and Weibo21 datasets, with an average improvement of 1.17 percentage points in accuracy and 1.66 percentage points in F1 score compared to the current stateoftheart methods, which verifies its effectiveness and feasibility in coping with the task of multimodal fake news detection. Reference | Related Articles | Metrics

Select

A Survey on Backdoor Attacks and Defenses in Federated Learning Journal of Information Security Reserach    2025, 11 (9): 778-.   Abstract （182）      PDF （2638KB）（50）       Knowledge map    Save Federated learning is a machine learning framework that enables participants in different fields to participate in largescale centralized model training together under the condition of protecting local data privacy. In the context of addressing the pressing issue of data silos, federated learning has rapidly emerged as a research hotspot. However, the heterogeneity of training data among different participants in federated learning also makes it more vulnerable to model robustness attacks from malicious participants, such as backdoor attacks. Backdoor attacks inject backdoors into the global model by submitting malicious model updates. These backdoors can only be triggered by carefully designed inputs and behave normally when input clean data samples, which poses a great threat to the robustness of the model. This paper presents a comprehensive review of the current backdoor attack methods and backdoor defense strategies in federated learning. Firstly, the concept of federated learning, the main types of backdoor attacks and backdoor defenses and their evaluation metrics were introduced. Then, the main backdoor attacks and defenses were analyzed and compared, and their advantages and disadvantages were pointed out. On this basis, we further discusses the challenges of backdoor attacks and backdoor defenses in federated learning, and prospects their research directions in the future. Reference | Related Articles | Metrics

Select

Research on Distributed Identity Authentication Technology Based on  Revocable Proxy Signature Journal of Information Security Reserach    2025, 11 (6): 521-.   Abstract （180）      PDF （1936KB）（30）       Knowledge map    Save With the proliferation of digital services in people’s daily lives, traditional identities have found a new form of expression—digital identities. In conventional network digital activities, the digital identity management is handled by centralized service providers, which brings a series of issues such as difficulties in centralized storage management and insufficient protection of user privacy. Consequently, the identity authentication technology based on decentralized identifier (DID) has become a current research hotspot. However, distributed digital identity authentication schemes often face problems of privacy leakage and cumbersome user signature authentication processes, presenting significant pain points in current distributed identity authentication technology. To address the aforementioned issues, this paper constructs a distributed identity authentication protocol based on revocable proxy signatures, verifiable credentials, and blockchain technology. This protocol achieves a userfriendly and secure signature authentication process, requiring low device performance from users participating in digital activities, making it suitable for a wider range of user digital activities. Reference | Related Articles | Metrics

Select

Design of a Large Model Data Supervision System Based on Blockchain Journal of Information Security Reserach    2025, 11 (8): 682-.   Abstract （175）      PDF （2618KB）（69）       Knowledge map    Save Large model (LM) has shown great potential in the fields of natural language processing, image and speech recognition, and has become a key force driving the technological revolution and social progress. However, the wide application of LM technology brings challenges such as data privacy risks, data compliance regulation, and data regulatory activation and intelligence.  This paper aims to explore how to utilize blockchain to design and construct an effective data regulatory system to promote its healthy development, in order to meet the challenges brought by the application of massive data to LM. This paper analyzes the trends and current status of the development of LM at home and abroad, and points out the main challenges to LM data regulation, including data privacy risks, data compliance, and the difficulty of effective supervision by regulators . A blockchainbased data regulation system design scheme is proposed to address these challenges, which realizes the fullcycle data regulation of LM data from the native metadata to the input of training until the posttraining feedback through four interconnected modules, namely, privacy protection, consensus algorithm, incentive mechanism, and smart contract. Finally, the application prospect of blockchain in LM data supervision is summarized, and the future trend of data supervision is outlooked. Reference | Related Articles | Metrics

Select

A Deceptionresistant Multilevel Visual Cryptography Scheme  Based on Random Grids Journal of Information Security Reserach    2025, 11 (6): 532-.   Abstract （169）      PDF （2395KB）（34）       Knowledge map    Save Visual cryptography is a technique for encryption by dividing a secret image into n shares and recovering the image by superimposing the shares. However, there may be deceptive behavior during the process of reconstructing the secret image. This paper proposed a multi-level visual cryptography scheme based on random grids to address this problem. The scheme introduces a trusted third party (TTP) to address this issue. The scheme verified XOR on shares at each level during secret distribution and recovery processes. Experimental results demonstrate that the proposed scheme effectively detects deception by distributors and participants, enhancing security during implementation. Reference | Related Articles | Metrics

Select

Design and Verification of V2V Authentication and Key Exchange Protocol  for Internet of Vehicles Journal of Information Security Reserach    2025, 11 (5): 465-.   Abstract （168）      PDF （1252KB）（31）       Knowledge map    Save In the Internet of vehicles system, vehicles need to achieve communications of vehicle to vehicle(V2V), which needs strong security, low latency, user anonymity and other security characteristics. Authentication and key exchange protocol(AKE) is based on cryptographic algorithms, aiming to complete session key negotiation for subsequent information exchange between communication parties. It is an important means to ensure the security of vehicle networking. However, the existing protocol registration phase requires offline secure channels, which is inconsistent with reality. Also the authentication phase is mostly based on third parties and requires multiple rounds of information exchange, increasing the complexity of the protocol interactions. In this paper, a lightweight V2V protocol is designed for public channels, which does not rely on the third party and only requires two rounds of information exchange during login and authentication phases. At the same time, a fast login phase is added to solve the delay of information exchange caused by sudden network interruptions. Theoretical analysis and formal verification results show that the designed protocol satisfied security properties such as authentication and confidentiality. Reference | Related Articles | Metrics

Select

Android Malware Detection Based on Threeway Decision Feature Selection Journal of Information Security Reserach    2025, 11 (6): 561-.   Abstract （165）      PDF （1077KB）（28）       Knowledge map    Save There are a large number of irrelevant and redundant features in the Android malware detection dataset. A single feature selection method cannot effectively remove irrelevant or redundant features. If the features with large amount of information are removed, it is easy to cause the problem of model collapse. To address these issues, this paper proposed an Android malware detection method based on ThreeWay Decision Feature Selection (3WDFS). The algorithm combines the idea of threeway decision, and uses a variety of feature selection methods to evaluate the features of the dataset in parallel. The features are divided into disjoint positive region, negative region and boundary region. Then, the interclass redundancy feature and the intraclass redundancy feature in the boundary region are deleted by using the approximate Markov blanket and the information difference respectively to form a lowredundancy boundary region. Finally, the positive region and the low redundancy boundary region are concatenated by the learnable weight parameter, and the classification model is input for training and learning. Experimental results on public datasets show that 3WDFS can effectively remove irrelevant and redundant features in Android malware detection and improve the detection efficiency and accuracy of malware detection. Reference | Related Articles | Metrics

Select

Research and Implementation of a Blockchainbased Biometric #br# Information Sharing Scheme#br# Journal of Information Security Reserach    2025, 11 (5): 402-.   Abstract （160）      PDF （1559KB）（42）       Knowledge map    Save Traditional informationsharing solutions typically rely on data center servers for data storage and verification. However, this centralized model is vulnerable to issues such as data tampering, privacy breaches, and operational irregularities when under attack, making it difficult to meet the requirements for data trustworthiness. To address these challenges, this paper proposes a solution that combines blockchain technology with biometric information authentication. By using biometric features such as fingerprints and facial recognition to generate a unique authentication key, which is securely stored on the blockchain, the solution leverages the decentralized, tamperproof, and traceable characteristics of blockchain to ensure secure data storage and trusted sharing, thereby effectively safeguarding privacy and security during the information verification process. Taking the education sector as an example, this solution can effectively address issues like exam cheating and resource infringement, providing a new approach to data security and sharing that also ensures privacy protection. Reference | Related Articles | Metrics

Select

A Blockchainbased Privacypreserving Data Aggregation System for #br# Vehicular Networks#br# Journal of Information Security Reserach    2025, 11 (4): 367-.   Abstract （160）      PDF （2631KB）（30）       Knowledge map    Save Aiming at the privacy risks and challenges of data aggregation in vehicular networks, this paper proposes a secure and anonymous data aggregation scheme based on blockchain in vehicular networks. The scheme integrates cloud computing with blockchain and designs a blockchainbased data aggregation system that enables efficient and secure data collection and analysis in vehicular networks. The solution uses key escrow resilience to ensure the security of the keys in the system, preventing the security issues previously caused by thirdparty key generation. Additionally, the scheme employs a twostage data aggregation process to achieve finegrained data aggregation, providing effective support for cloud service in vehicular networks. Security analysis and performance evaluations demonstrate that the proposed scheme is secure and offers higher computational and communication efficiency. Reference | Related Articles | Metrics

Select

Task Independent Privacy Protection in Personalized Federated Learning  for Battery Monitoring Journal of Information Security Reserach    2025, 11 (5): 481-.   Abstract （160）      PDF （4140KB）（27）       Knowledge map    Save For the health management of batteries in new energy vehicles, it is essential to collaboratively share distributed battery data and establish a federated learning model to extract valuable information. To counteract the privacy leakage risks associated with battery data sharing, this paper designs a taskindependent privacy protection and communicationefficient federated learningempowered edge intelligence model. This model learns personalized subnetworks that generalize well to local data and uses network pruning to find the optimal subnetwork, ensuring inference accuracy. Meanwhile, to resist feature reconstruction attacks and privacy leakage risks, it constructs taskindependent privacyprotective anonymous intermediate representations. By employing adversarial training, it maximizes the reconstruction error of the adversarial reconstructor and the classification error of the adversarial classifier, while minimizing the classification error of the target classifier. Experimental simulations show that this method improves inference accuracy by 8.85%  and reduces communication overhead by 1.95 times. The balance analysis of utility and privacy demonstrates that it ensures the accuracy of target feature extraction while protecting privacy. Reference | Related Articles | Metrics

Select

Research on Tor Traffic Classification Based on Improved Bidirectional  Memory Residual Network Journal of Information Security Reserach    2025, 11 (5): 447-.   Abstract （157）      PDF （2384KB）（23）       Knowledge map    Save In order to solve the problem of difficulty in correctly classifying Tor traffic and regulating it due to the encryption characteristics of Tor links, a Tor traffic classification method based on an improved bidirectional memory residual neural network (CBAMBiMRNet) is proposed. Firstly, the SMOTETomek (SMOTE and Tomek links) comprehensive sampling algorithm is adopted to balance the dataset, so that the model could learn from the traffic data of all categories. Secondly, CBAM is used to assign greater weights to important features, combining 1D convolution with bidirectional long shortterm memory modules to extract temporal and local spatial features of Tor traffic data. Finally, by adding identity maps, the phenomenon of gradient vanishing and exploding caused by the increase in model layers was avoided, and the problem of network degradation was solved. The experimental results show that on the ISCXTor2016 dataset, the accuracy of our model for Tor traffic recognition reached 99.22%, and the accuracy for Tor traffic application service type classification reached 93.10%, proving that the model can effectively recognize and classify Tor traffic. Reference | Related Articles | Metrics

Select

Research on Critical Information Infrastructure Security Protection Journal of Information Security Reserach    2025, 11 (10): 878-.   Abstract （156）      PDF （324KB）（73）       Knowledge map    Save Related Articles | Metrics

Select

Malicious Behavior Detection Method Based on Behavior Clustering LSTMNN#br# Journal of Information Security Reserach    2025, 11 (4): 343-.   Abstract （153）      PDF （2288KB）（43）       Knowledge map    Save With the progress and development of society, the safety requirements for public places have further increased. Malicious behavior detection can monitor and identify potential safety hazards in real time. To solve this problem, the Kmeans clustering method is used to divide the molecular data set and distinguish different forms of malicious behavior. To solve this problem, the Kmeans clustering method is used to divide the subdatasets to distinguish different forms of malicious behaviors. The DTW time warping method solves the problem of inconsistent lengths of malicious behavior time series. In order to solve the problem of image recognition, the excessive amount of data in the malicious behavior frame set makes the model calculation accuracy low, and the Attention mechanism is used to focus on special information points to ensure the accuracy of model training. This method was applied to the malicious behavior data set of UBIFights. The results showed that the final classification accuracy of the subdataset after clustering division by weighted average calculation reached 95.03%. This model effectively identifies malicious behavior videos and improves safety. Reference | Related Articles | Metrics

Select

Research on Security Assurance of Egovernment Journal of Information Security Reserach    2025, 11 (10): 879-.   Abstract （152）      PDF （865KB）（48）       Knowledge map    Save government encompasses critical domains including government operations, public services, and data management, and its security directly affects national interests, public wellbeing, and social stability. In recent years, cyberattacks targeting Egovernment systems have become more frequent and continue to rise, security risks of government administrative networks continued to mount up and challenge security protection. This paper analyzes the development paths of Egovernment security protection at home and abroad and proposes relevant policy recommendations, with the aim of providing strong support for building a more perfect and optimized Egovernment security protection system. Reference | Related Articles | Metrics

Select

A Symbioticbased Framework for AI Safety Governance Journal of Information Security Reserach    2025, 11 (10): 897-.   Abstract （151）      PDF （2070KB）（64）       Knowledge map    Save Artificial intelligence technology is currently developing at an unprecedented pace, with safety concerns becoming a global focal point. Traditional AI safety research has predominantly relied on a “control paradigm”, emphasizing limitations, regulations, and value alignment to control AI behavior and prevent potential risks. However, as AI capabilities continue to strengthen, unidirectional control strategies are revealing increasingly significant limitations, with issues such as transparency illusions, adversarial evolution, and innovation suppression gradually emerging. Industry leaders like Sam Altman and Dario Amodei predict that AI may comprehensively surpass human capabilities in multiple fields within the next 23 years, making the reconstruction of AI governance paradigms particularly urgent. This paper proposes a new perspective—the “symbiotic paradigm”—emphasizing humanmachine collaboration as the core and understanding and trust as the foundation. Through establishing four pillars: transparent communication, bidirectional understanding, creative resonance, and dynamic boundaries, it promotes AI safety’s transition from control to cocreation, serving as one of the foundational paths for digital governance transformation. This paper systematically demonstrates the feasibility and necessity of the symbiotic paradigm through four dimensions: theoretical analysis, technological paths, practical cases, and governance recommendations, aiming to provide a sustainable alternative for future AI safety research and digital governance practices. Reference | Related Articles | Metrics

Select

Network Coding Hybrid Encryption Scheme for IoT System Journal of Information Security Reserach    2025, 11 (4): 326-.   Abstract （151）      PDF （1258KB）（37）       Knowledge map    Save Network coding allows the intermediate node to encode the received message and forward it to the downstream node. However, there exists the insecurity of transmission data and the polluted information network nodes to waste many network resources. To solve the problems, a network coding hybrid encryption scheme (NCHES) suitable for Internet of things (IoT) system is devised in this article. NCHES realizes secure communication of arbitrary messages and uses a homomorphic hash function to resist the data pollution attacks; it has lower calculation overhead and higher data transmission efficiency in the IoT system. Reference | Related Articles | Metrics

Select

Multiaccess Controls for Defense Against Smart Contract Reentry Attacks Journal of Information Security Reserach    2025, 11 (4): 333-.   Abstract （151）      PDF （2401KB）（26）       Knowledge map    Save In order to solve the problem of reentry attacks caused by the vulnerability of smart contracts in handling external contract calls, a smart contract reentry attack defense method based on Multiple Access Controls (MAC) is proposed. By using MAC, only the contract owner is allowed to make calls and prevent functions from repeatedly entering the same transaction during execution; at the same time, the state variable is modified to store the secure contract address and update the contract state. Finally, formal verification is used to run the defended smart contract. In this paper, we verifies the method with a bank deposit and withdrawal transaction model. The experimental results show that the smart contract using this defense method can effectively solve the problem of reentry attacks when external contracts are invoked. Compared with other mainstream defense methods, it has higher feasibility, effectiveness, logical correctness and comprehensibility; compared with the undefended contract, the defended smart contract reduces the equivalent memory usage by 64.51%, and the running time is also shortened. Reference | Related Articles | Metrics

Select

Hybrid Neural Network Encrypted Malicious Traffic Detection  in the Industrial Internet with Domain Adaptation Journal of Information Security Reserach    2025, 11 (5): 457-.   Abstract （150）      PDF （2591KB）（26）       Knowledge map    Save With the rapid development of information technology in the field of industrial control, the industrial Internet has become a major target for cyberattacks, making malicious traffic detection increasingly important. However, the widespread use of encryption allows attackers to easily hide malicious communication content, rendering traditional contentbased detection methods ineffective. This paper proposes an encrypted malicious traffic detection scheme based on a hybrid neural network and domain adaptation. The scheme integrates ResNet, ResNext, DenseNet, and similarity detection algorithms to construct a hybrid neural network. On this basis, a domain adaptation module is added to reduce data bias. By preprocessing streams from a public industrial Internet dataset, deep features are extracted from encrypted traffic without decryption. The hybrid neural network outputs higherdimensional feature vectors that leverage the strengths of each model. A domain classifier within the domain adaptation module enhances the model’s stability and generalization across different network environments and time periods, enabling accurate classification of malicious traffic. Experimental results show that the proposed scheme improves accuracy and efficiency in detecting encrypted malicious traffic. Reference | Related Articles | Metrics

Select

Model of Insider Threat Behavior Detection Based on Graph Neural Network Journal of Information Security Reserach    2025, 11 (7): 586-.   Abstract （149）      PDF （1890KB）（86）       Knowledge map    Save This paper designs a new detection model based on graph neural networks to address the shortcomings of existing models for insider threat behavior detection based on user behavior sequences, which cannot handle long sequences well. The model converts user behavior sequences into a graph structure and transforms the processing of long sequences into the processing of subgraph structures. The experiment designs a graph structure to describe user behavior, which is used to store user behavior in the form of graph data. The baseline GNN model is optimized for this graph structure, which is heterogeneous and has data stored on its edges. The experimental results show that, for the binary classification task of distinguishing normal and threatening behavior, the ROC AUC value of the proposed model is improved by 7% and the MacroF1 value is improved by 7% compared to the baseline model. In the sixclass classification task of distinguishing specific threat types, the MacroF1 value of the proposed model improves by 10% compared to the baseline model. Reference | Related Articles | Metrics

Select

Hardware Trojan Detection Method Integrating Multiple Sidechannel #br# Analysis and Pearson Correlation Coefficient#br# Journal of Information Security Reserach    2025, 11 (5): 420-.   Abstract （149）      PDF （1024KB）（20）       Knowledge map    Save For the chip power consumption data acquisition when the influence of the noise problem, this paper proposes a multiple sidechannel analysis method based on correlation analysis, using the intrinsic relationship between dynamic current and electromagnetic radiation to identify the existence of hardware trojans. A dual channel detection platform is built to simultaneously collect and store the dynamic power consumption and electromagnetic radiation of the chip. Pearson correlation coefficient curves of power consumption and electromagnetism are obtained to distinguish hardware Trojan horse chip from hardware Trojan horse chip. The experimental results show that the hardware Trojan detection method based on multipleparameter sidechannel analysis can screen out the chip containing hardware Trojan whose area is only 0.28% of the chip to be tested, and can distinguish the two hardware Trojan horses whose area difference is only 0.08% of the chip to be tested. Reference | Related Articles | Metrics

Select

Research on Dataenhanced Multimodal False Information #br# Detection Framework#br# Journal of Information Security Reserach    2025, 11 (4): 377-.   Abstract （148）      PDF （1878KB）（38）       Knowledge map    Save With the development of multimedia technology, rumor spreaders tend to create false information with multimodal content to attract the attention of news readers. However, it is challenging to extract features from sparsely annotated multimodal data and effectively integrate implicit clues in the multimodal data to generate vector representations of false information. To address this issue, we propose a DEMF(dataenhanced multimodal false information detection framework). DEMF leverages the advantages of pretrained models and data augmentation techniques to reduce reliance on annotated data; it utilizes multilevel modal feature extraction and fusion to simultaneously capture finegrained elementlevel relationships and coarsegrained modallevel relationships, in order to fully extracting multimodal clues. Experiments on realworld datasets show that DEMF significantly outperforms stateoftheart baseline models. Reference | Related Articles | Metrics

Select

Research on Auxiliary Classification Model Based on Extracting  Keypoints of Graph Structure Journal of Information Security Reserach    2025, 11 (5): 473-.   Abstract （148）      PDF （1504KB）（20）       Knowledge map    Save Auxiliary secret classification is a special text classification task that divides undecided encrypted text into different levels of confidentiality.. In order to solve the problems of the traditional method, such as weak feature representation and extraction ability and low interpretability of the classification process, keypoints feature representation method based on graph structure was proposed. On that basis, an auxiliary secret classification model based on keypoints extraction was further proposed, so as to enhance the ability of secret point features in describing the confidential matters, thus the performance of the auxiliary classification model is enhanced. Specifically, this paper deeply analyze the characteristics of classification rules, constructs the keypoints template with reference to text representation method of the graphic structure, extracts the keypoints and calculates the confidence level of the keypoints of the text to be classified, and obtains the secret level prediction results and the classification basis items through the filtered effective keypoints. The experimental result on the ACD indicates that the accuracy and recall rate of this model are 10% and 7% higher than those of BERT and TextCNN, which verifies the effectiveness of keypoints feature representation method based on the graph structure. Reference | Related Articles | Metrics

Select

Confidential Computation of Association Values of Set Intersection Elements Journal of Information Security Reserach    2025, 11 (7): 645-.   Abstract （145）      PDF （846KB）（23）       Knowledge map    Save The computation of association values for intersection elements is an extension of the privacypreserving set intersection problem, representing a novel challenge in the domain of secure multiparty computation. This paper proposes a scheme for computing the association values of intersection elements securely. Initially, leveraging secret sharing combined with dual cloud servers, we implement a distributed oblivious pseudorandom function (OtdPRF). On this basis, we integrate the concept of oblivious polynomial interpolation with the ElGamal encryption algorithm to achieve a secure computation scheme for the sum of association values of intersection elements between two parties. In the above scheme，homomorphic computation overhead is outsourced to the cloud, thereby reducing computational complexity for participants. Furthermore, we expand the application scenarios based on the scheme for sum of association values of intersection elements, designing and implementing secure determination of threshold relationships and computation of average values of intersection elements. Finally, employing a simulation paradigm, we demonstrate the security of the proposed scheme under a semihonest model and analyze its performance in terms of computation and communication complexity. Reference | Related Articles | Metrics

Select

Encrypted Traffic Detection Method Based on Knowledge Distillation Journal of Information Security Reserach    2025, 11 (8): 702-.   Abstract （143）      PDF （2774KB）（35）       Knowledge map    Save In recent years, with the rapid growth of Internet traffic, especially the popularity of encrypted communication, malicious traffic detection is facing a huge challenge, due to the limited resources and performance of mobile devices, which makes it more difficult to identify malicious behaviors in encrypted traffic on mobile. Therefore this paper proposes a knowledge distillation based encrypted traffic detection method. First, the traffic is transformed into images through visualization techniques; second, based on the ConvNeXt network architecture, the SK_SwiGLU_ConvNeXt network is constructed as the teacher network by introducing the SKNet attention mechanism and replacing the activation function GELU with SwiGLU; finally, the lightweight MobileNetV2 is selected as the student network and the use the teacher network to guide the student network training. The experimental results of this paper’s detection method on the publicly available dataset ISCX VPNNonVPN show that even in the resourceconstrained mobile device environment, the student network can improve the detection effect of the teacher model while reducing the model complexity, which proves that this method has efficient deployment potential on mobile devices. Reference | Related Articles | Metrics

Select

Research on Network Unknown Attack Detection Based on Machine Learning#br# #br# Journal of Information Security Reserach    2025, 11 (9): 807-.   Abstract （143）      PDF （1297KB）（35）       Knowledge map    Save In the complex context of the continuous evolution of cybersecurity threats, the threats posed by unknown network attacks to digital infrastructure are increasing daily. Consequently, The technology for detecting unknown network attacks based on machine learning has emerged as a focal point in research. This paper first discusses the classification of intrusion detection systems and the commonly used technologies for detecting unknown network attacks. Subsequently, it conducts an indepth exploration of the methods for detecting unknown attacks based on machine learning from three dimensions: anomaly detection, openset recognition, and zeroshot learning. Furthermore, it summarizes the commonly used datasets and key evaluation indicators. Finally, it summarizes and looks ahead to the development trends and challenges of unknown attack detection. This article can provide references for further exploring new methods and technologies in the field of cyberspace security. Reference | Related Articles | Metrics

Select

A Lightweight Image Steganalysis Model Based on Multidirectional  Hybrid Filters Journal of Information Security Reserach    2025, 11 (4): 318-.   Abstract （143）      PDF （1561KB）（27）       Knowledge map    Save Aiming at the problems of large number of parameters, limited generalization ability and low accuracy of current image steganalysis model, a lightweight image steganalysis model based on multidirection hybrid filters is constructed. In this model, a multidirectional and multisize high and low frequency hybrid filter bank is designed and the channel attention mechanism is used to preprocess the image, so as to adaptively extract the effective features in the image and improve the generalization ability of the model. The feature extraction module designs a multilayer convolution including the residual module to extract the image features in depth and improve the ability of the model to capture features. The dimensionality reduction module adopts depthwise separable convolution instead of traditional convolution, which effectively reduces the number of model parameters and achieves lightweight. Comparative analysis of experimental data showed that the model had the characteristics of lightweight and good generalization ability, and improved the accuracy of steganalysis. Reference | Related Articles | Metrics

Select

Active Tor Website Fingerprint Recognition Journal of Information Security Reserach    2025, 11 (5): 439-.   Abstract （138）      PDF （2335KB）（33）       Knowledge map    Save The anonymous communication system Tor is often exploited by criminals, disrupting the network environment and social stability. Website fingerprinting can effectively monitor Tor activities. However, user behavior and website content on Tor change over time, leading to the problem of concept drift, which degrades model performance. Additionally, existing models suffer from large parameter sizes and low efficiency. To address these issues, a Tor website fingerprinting model based on active learning, named TorAL, is proposed. This method utilizes the image classification model ShuffleNetV2 for feature extraction and classification, and improves its downsampling module with Haar wavelet transform to losslessly reduce image resolution. The model’s recognition accuracy surpasses that of existing models. Moreover, by combining active learning, the model is trained with a small amount of highly contributive data, effectively addressing the concept drift problem. Reference | Related Articles | Metrics

Select

A Searchable Proxy Reencryption Scheme Supporting Dynamic Verification Journal of Information Security Reserach    2025, 11 (4): 311-.   Abstract （137）      PDF （1602KB）（28）       Knowledge map    Save Traditional searchable proxy reencryption schemes typically assume that cloud servers are honestbutcurious, an assumption that is not applicable in realworld scenarios. Therefore, this paper designs a Dynamic Verifiable Searchable Proxy Reencryption Scheme. The scheme employs a threelayer counting Bloom filter to reduce users’ query costs and support deletion operations. Additionally, blockchain technology is introduced to verify search results, and an innovative verification tag leveraging the XOR property is proposed to further enhance the flexibility of the verification process. Furthermore, by exploiting the tamperproof characteristics of blockchain, the scheme ensures the fairness and credibility of the verification process. Experimental comparisons and security analysis confirm the feasibility and security of the proposed scheme. Reference | Related Articles | Metrics

Select

Research on Malware Detection Based on Word Embedding and Feature Fusion#br# #br# Journal of Information Security Reserach    2025, 11 (5): 412-.   Abstract （135）      PDF （1435KB）（34）       Knowledge map    Save To address the limitations of traditional methods in feature extraction and representation, which are unable to simultaneously capture the spatial and temporal features of API sequences and fail to capture key features that determine the target task, a malware detection method based on word embedding and feature fusion has been proposed. First, the word embedding technology from the field of natural language processing is utilized to encode API sequences, obtaining their semantic feature representations. Then, multiple convolutional networks and BiLSTM networks are employed to extract ngram local spatial features and temporal features of the API sequences, respectively. Finally, a selfattention mechanism is used to deeply fuse the captured features of critical positions, thereby achieving the classification task by characterizing deep malicious behavior features. Experimental results show that in binary classification tasks, the accuracy of this method reaches 94.79%, which is an improvement of 12.37% on average compared to traditional machine learning algorithms, and 5.78% higher on average compared to deep learning algorithms. In multiclass classification tasks, the accuracy of this model also reaches 91.95%, effectively enhancing the detection accuracy of malware. Reference | Related Articles | Metrics