Most Read articles

    Published in last 1 year |  In last 2 years |  In last 3 years |  All
    Published in last 1 year
    Please wait a minute...
    For Selected: Toggle Thumbnails
    A Trust Framework for Large Language Model Application
    Journal of Information Security Reserach    2024, 10 (12): 1153-.  
    Abstract296)      PDF (1420KB)(212)       Save
    The emergence of large language model has greatly propelled the rapid application of artificial intelligence across various domains. In practice, however, there are a series of security and trust challenges in the applications of large language models caused by “model hallucinations”. These challenges make it difficult for practical applications to trust and adopt the results returned by the large language models, especially in securityrelated application domains. In many professional fields, we find that there lacks a unified technical framework to ensure the trustworthiness of results returned by large language models, which seriously hinders the application of largescale model technology in professional fields. To address this issue, a largescale model trusted application framework DKCF, integrating sufficient data (D), expertise knowledge (K), intellectual collaboration (C), and efficient feedback (F), is proposed. This framework is developed based on our practical applications in professional fields such as finance, healthcare, and security. We believe that DKCF can shed light on secure and reliable applications of large language models, and facilitate the intellectual revolution across various professional domains.
    Reference | Related Articles | Metrics
    Overview of Regulation of Crossborder Data Flow
    Journal of Information Security Reserach    2025, 11 (2): 164-.  
    Abstract292)      PDF (1274KB)(140)       Save
    The development of the digital economy has made crossborder data flow an inevitable trend, and while bringing economic benefits, the security of crossborder data flow cannot be ignored. Due to the complexity of the subjects and scenes involved in the process of crossborder data flow, and the uncontrollability of the process, how to regulate the possible security problems in the process of crossborder data flow has become the focus of the world. So far, there is no unified governance rule system for crossborder data flow in the world, and at the same time, there are huge differences in legislation on crossborder data flow in different countries, which results in the complex situation of legislation on crossborder data flow in the world. This paper describes the current situation of crossborder data flow from the perspectives of laws and regulations, bilateral agreements and standards, and in this way develops horizontal comparisons, sorts out the existing regulatory differences, analyzes the challenges and opportunities China faces under the current trend, and gives reasonable countermeasures.
    Reference | Related Articles | Metrics
    Design of Adversarial Attack Scheme Based on YOLOv8 Object Detector
    Journal of Information Security Reserach    2025, 11 (3): 221-.  
    Abstract262)      PDF (3519KB)(67)       Save
    Currently, cameras equipped with AI object detection technology are widely used. However, AI object detection models in realworld applications are vulnerable to adversarial attacks. Existing adversarial attack methods, primarily designed for earlier models, are ineffective against the latest YOLOv8 object detector. To address this issue, we propose a novel adversarial patch attack method specifically for the YOLOv8 object detector. This method minimizes confidence output while incorporating an exponential moving average (EMA) attention mechanism to enhance feature extraction during patch generation, thereby improving the attack’s effectiveness. Experimental results demonstrate that our method achieves superior attack performance and transferability. Validation tests, in which the adversarial patches were printed on clothing, also demonstrated excellent attack results, indicating the strong practicality of our proposed method.
    Reference | Related Articles | Metrics
    Multifamily Malicious Domain Intrusion Detection Based on #br# Collaborative Attention#br#
    Journal of Information Security Reserach    2024, 10 (12): 115-.  
    Abstract239)      PDF (1317KB)(179)       Save
    The timely and accurate detection of illegal domain names can effectively prevent the information loss caused by server crashes or unauthorized intrusions. A multifamily malicious domain name intrusion detection method based on collaborative attention is proposed. Firstly, the deep autoencoder network is used to encode and compress layer by layer, extracting the domain name encoding features at the intermediate layer. Secondly, the longdistance and shortdistance encoding features of the domain name string are extracted from the temporal and spatial dimensions, and the selfattention mechanism is constructed on the temporal and spatial encoding feature maps to enhance the expressiveness of the encoding features in local space. Thirdly, the crossattention mechanism is used to establish information interaction between the temporal and spatial encoding features, enhancing the expressiveness of different dimension encoding features in the global space. Finally, the softmax function is used to predict the probability of the domain name to be tested, and quickly determine the legitimacy of the domain name according to the probability value. The results of testing on multiple families of malicious domain name datasets show that the proposed method can achieve a detection accuracy of 0.9876 in the binary classification task of normal and malicious domain names, and an average recognition accuracy of 0.9568 on 16 family datasets. Compared with other classic methods of the same kind, the proposed method achieves the best detection results on multiple evaluation metrics.
    Reference | Related Articles | Metrics
    An Optimized Computation Method for Cipher Symbol Functions  Based on Homomorphic Encryption
    Journal of Information Security Reserach    2025, 11 (2): 100-.  
    Abstract238)      PDF (1092KB)(159)       Save
    Fully homomorphic encryption extends encryption to computations, allowing ciphertext processing without decryption. Comparative operations, crucial in applications like deep learning, pose a challenge in homomorphic encryption environments restricted to addition and multiplication. Feng et al. (CNS 2023) proposed a comparison method using dynamic polynomial combinations. This paper enhances dynamic polynomial, allowing polynomial fluctuations within (-2,2). It introduces a novel equation system for solving dynamic polynomials and utilizes finite third and fifthdegree polynomials to construct more precise composite polynomials for approximating the sign function. It analyzes the method’s optimality in depth consumption and computational complexity, achieving a 32% reduction in runtime compared to the optimal method in a previous study (CNS 2023). The homomorphic comparison algorithm in this paper, for ε=2-20,α=20 requires only 0.69ms in amortized runtime.
    Reference | Related Articles | Metrics
    Research on the Development Trend of Cybersecurity Technology
    Journal of Information Security Reserach    2025, 11 (1): 2-.  
    Abstract221)      PDF (563KB)(144)       Save
    Related Articles | Metrics
    Research on Multimodal Cyberbullying Detection Model for #br# Social Networking Platforms#br#
    Journal of Information Security Reserach    2025, 11 (2): 154-.  
    Abstract206)      PDF (2099KB)(61)       Save
    With the rapid development of social networking platforms, the issue of cyberbullying has become increasingly prominent. The diverse forms of online expression that combine text and images have increased the difficulty of detecting and managing cyberbullying. This paper constructs a Chinese multimodal cyberbullying dataset that includes both text and images. By integrating the BERT(bidirectional encoder representations from transformers) model with the ResNet50 model, we extract singlemodal features from text and images, respectively, and perform decisionlevel fusion. The fused features are then detected, achieving accurate identification of text and images as either cyberbullying or noncyberbullying. Experimental results indicate that the multimodal cyberbullying detection model proposed in this paper can effectively identify social media posts or comments that contain cyberbullying characteristics in both text and images. It enhances the practicality, accuracy, and efficiency of detecting multimodal cyberbullying, providing a new approach and method for the detection and management of cyberbullying on social networking platforms. This contributes to the creation of a healthier and more civilized online environment.
    Reference | Related Articles | Metrics
    Stream Cipher Cryptosystem Recognition Scheme Based on Hamming Weight
    Journal of Information Security Reserach    2024, 10 (12): 1172-.  
    Abstract205)      PDF (1655KB)(69)       Save
    Based on the known ciphertext, cryptosystem identification is a process of identifying cryptographic algorithms by analyzing the potential feature information in ciphertext data. This paper presents a recognition scheme of sequential cryptosystem based on Hamming weight. This scheme generates labeled ciphertext feature vectors by calculating the Hamming weight of ciphertext blocks of different lengths. LDA dimensionality reduction technique is used to reduce the dimensionality of feature vectors, so as to optimize the extraction and utilization efficiency of data information. Finally, fully connected neural network is used to identify the feature vector after dimensionality reduction. The experimental results show that the proposed scheme can effectively perform two classification recognition experiments and eight classification recognition experiments on 8 stream cipher algorithms such as ZUC, Salsa20 and Decimv2, and achieve good recognition results. The average recognition rate of twoclass and eightclass recognition experiments is 99.29% and 79.12% respectively. Compared with the existing research, the accuracy of this scheme is improved by 16.29% compared with the existing literature with a small amount of ciphertext data.
    Reference | Related Articles | Metrics
    Research on Deep Learningbased Spatiotemporal Feature Fusion  Network Intrusion Detection Model
    Journal of Information Security Reserach    2025, 11 (2): 122-.  
    Abstract198)      PDF (1944KB)(166)       Save
    As the number of network attacks increases, network intrusion detection systems are becoming increasingly important in maintaining network security. Most studies have used deep learning approaches for network intrusion detection but have not fully utilized the features of traffic from multiple perspectives. Additionally, these studies often suffer from the use of outdated experimental datasets. In this paper, a parallelstructured DSCInceptionBiLSTM network is proposed to evaluate the designed network model using stateoftheart datasets. The model consists of two branches, network traffic image, and text anomaly traffic detection. Spatial and temporal features of traffic are extracted by improved convolutional neural networks and recurrent neural networks, respectively. Finally, network intrusion detection is achieved by fusing spatiotemporal features. The experimental results show that our model achieves 99.96%, 99.19%, and 99.95% accuracy on the three datasets of CICIDS 2017, CSECICIDS 2018 and CICDDoS 2019, respectively, effectively classifying the anomalous traffic with high precision and meeting the requirements of intrusion detection system.
    Reference | Related Articles | Metrics
    Privacypreserving Federated Learning Research Based on #br# Confused Modulo Projection Homomorphic Encryption#br#
    Journal of Information Security Reserach    2025, 11 (3): 198-.  
    Abstract192)      PDF (1298KB)(133)       Save
    In the current era of big data, deep learning is booming and has become a powerful tool for solving realworld problems. However, traditional centralized deep learning systems are at risk of privacy leakage. To address this problem, federated learning, a distributed machine learning approach, has emerged. Federated learning allows multiple organizations or individuals to train models together without sharing raw data, by uploading local model parameters to the server, aggregating each user’s parameters to construct a global model, and returning it to the user. This approach achieves global optimization and avoids private data leakage. However, even with federated learning, attackers may still be able to reconstruct user data by obtaining the model parameters uploaded by users, thus violating  privacy. To address this issue, privacy protection has become the focus of federated learning research. In this paper, we propose a federated learning scheme FLFC (federated learning with confused modulo projection homomorphic encryption) based on confused modulo projection homomorphic encryption to address the above issues. This scheme adopts a selfdeveloped modular fully homomorphic encryption algorithm to encrypt user model parameters. The modular fully homomorphic encryption algorithm has the advantages of high computational efficiency, support for floatingpoint operations, and localization, thus achieving stronger protection of privacy. Experimental results show that the FLFC scheme exhibits a higher average accuracy and good stability compared to the FedAvg scheme in experiments.
    Reference | Related Articles | Metrics
    Design and Implementation of Resourceefficient SM4 Algorithm on FPGA
    Journal of Information Security Reserach    2025, 11 (6): 490-.  
    Abstract191)      PDF (2238KB)(87)       Save
    In the hardware implementation of the SM4 algorithm, the lookup table method is commonly adopted for realizing the Sbox, which consumes a significant amount of hardware resources. This paper proposes an implementation scheme for the SM4 algorithm based on polynomial basis. Two construction schemes are developed for the 8×8 Sbox used in the SM4 algorithm, one based on composite field GF((24)2) and the other on composite field GF(((22)2)2). The test results indicate that the scheme based on polynomial bases GF((24)2) is optimal. Taking into account both resource utilization and performance, this paper designs two hardware implementation structures for SM4: a state machine parallel structure and a pipelined structure. Compared with the traditional lookup table approach, the state machine parallel structure reduces resource utilization by 21.98% while increasing the operating frequency by 14.4%. The pipelined structure achieves a reduction in resource utilization by 54.23%.
    Reference | Related Articles | Metrics
    An Adaptive Network Attack Analysis Method Based on Federated Learning
    Journal of Information Security Reserach    2024, 10 (12): 1091-.  
    Abstract190)      PDF (3389KB)(155)       Save
    To analyze network attack behavior issues efficiently and securely, an adaptive network attack analysis method based on federated learning (NAAFL) is proposed. This approach can fully leverage data for network attack analysis while ensuring privacy protection.. Firstly, a costeffective defense mechanism based on DQN (dynamic participant selection mechanism) is proposed to act in the process of federated learning model parameter sharing and model aggregation. It dynamically selects the best participants for each round of model updates, reducing the impact of poorly performing local models on the global model during training. It also reduces communication overhead time and improving the efficiency of federated learning. Secondly, an adaptive feature learning network intrusion detection model is designed, which is able to intelligently learn and analyze according to changing attack features to cope with complex network environments. It effectively reduces the time and space overhead of feature selection. Finally, comparative experiment is performed on a public data set (NSL KDD). The NAAFL method detects attacks with an accuracy of 98.9%. Dynamically selecting participants increases server accuracy by 4.48%. The experimental results show that the method has excellent robustness and efficiency.
    Reference | Related Articles | Metrics
    Traffic Anomaly Detection Method by Secondorder Feature 
    Journal of Information Security Reserach    2024, 10 (12): 1082-.  
    Abstract187)      PDF (2415KB)(140)       Save
    A method is proposed to address the challenge of low detection rates for minority class attack traffic in deep learning models when dealing with imbalanced massive highdimensional network traffic data. Firstly, the isolation forest (iForest) is employed to remove outliers from normal class samples, used for training an enhanced Convolutional Denoising Autoencoder (CDAE) to mitigate the impact of noise and outliers on model training, resulting in a lowdimensional enhanced representation of the original features. Secondly, leveraging ADASYN on the outlierfree dataset to synthetically generate minority class attack samples, thereby resolving the data imbalance issue. Subsequently, using iForest to clean the newly generated samples from outliers, a new dataset is obtained. Employing the pretrained CDAE on this dataset achieves a firstround feature extraction, and the extracted features serve as input for a selfdistilled ResNet model to perform secondorder feature extraction. Finally, precise identification of anomalous traffic is accomplished by combining the trained CDAE and ResNet models. The method achieves the highest fiveclass accuracy and F1 score of 91.52% and 92.05%, respectively, on the NSLKDD dataset. Experimental results demonstrate that, compared to existing methods, this approach effectively enhances the detection rates for minority class attack traffic.
    Reference | Related Articles | Metrics
    A Malicious TLS Traffic Detection Method with Multimodal Features
    Journal of Information Security Reserach    2025, 11 (2): 130-.  
    Abstract187)      PDF (3159KB)(119)       Save
    The malicious TLS traffic detection aims to identify network traffic that involves malicious activities transmitted through the TLS protocol. Due to the encryption properties of the TLS protocol, traditional textbased traffic analysis methods have limited effectiveness when dealing with encrypted traffic. To address this issue, a malicious TLS traffic detection method called MultiModal Feature Fusion for TLS Traffic Detection (MTBRL) has been proposed. This method extracts and fuses features from different modalities to detect malicious TLS traffic. Firstly, expert knowledge is employed for feature engineering, extracting key features from encrypted traffic, including protocol versions, encryption suites, and certificate information. These features are processed and transformed into twodimensional image representations. Then, ResNet is utilized to encode these images and extract their features. Simultaneously, an encrypted traffic pretrained BERT model is used to encode TLS flows, allowing the learning of contextual and semantic features of the TLS traffic. Additionally, an LSTM model is employed to encode the sequence of packet length distributions of the encrypted traffic, capturing temporal characteristics. Finally, through feature fusion techniques, the different modality features are integrated, and the model’s weight parameters are automatically learned and optimized using the backpropagation algorithm to accurately predict malicious TLS traffic. Experimental results demonstrate that this method achieves accuracy, precision, recall, and F1score of 94.94%, 94.85%, 94.15%, and 94.45%, on the DataCon2020 dataset. This performance is significantly superior to traditional machine learning and deep learning methods. 
    Reference | Related Articles | Metrics
    A Survey of Network Topology Obfuscation Techniques
    Journal of Information Security Reserach    2025, 11 (4): 296-.  
    Abstract184)      PDF (1248KB)(117)       Save
    LinkFlooding Attack (LFA) is a novel distributed denialofservice (DDoS) attack that exploits network topology detection. Network Topology Obfuscation serves as an effective deceptive defense mechanism against this attack, aiming to provide proactive protection before an attack occurs. Over the past decade, relevant research has continuously made progress, proposing corresponding obfuscation solutions for different scenarios and objectives. This paper comprehensively reviews the network topology obfuscation techniques. First, it combines the basic principles and classifications of network topology discovery to point out the risks of topology leakage in current network topology discovery. Next, it formally defines network topology obfuscation design and presents a proactive defense model. Then, based on the obfuscation concept, the technologies are divided into packet modification, decoy traps, routing mutation, and metric forgery schemes, and proposes a set of metrics to comprehensively compare the current mainstream network topology obfuscation techniques.
    Reference | Related Articles | Metrics
    A Federated Learning Method Resistant to Label Flip Attack
    Journal of Information Security Reserach    2025, 11 (3): 205-.  
    Abstract182)      PDF (3486KB)(80)       Save
    Since users participating in federated learning training have high autonomy and their identities are difficult to identify, they are vulnerable to label flip attacks, causing the model to learn wrong rules from wrong labels and reducing the overall performance of the model. In order to effectively resist label flip attacks, a dilutionprotected federated learning method for multistage training models is proposed. This method randomly divides the training data set and uses a dilution protection federated learning algorithm to distribute part of the data to clients participating in the training to limit the amount of data owned by the client and avoid malicious participants with large amounts of data from causing major damage to the model. After each training session, the gradients of all training epochs in that phase are gradient clustered by a dimensionality reduction algorithm in order to identify potentially malicious actors and restrict their training in the next phase. At the same time, the global model parameters are saved after each stage of training to ensure that the training of each stage is based on the model foundation of the previous stage. Experimental results on the data set show that this method reduces the impact of attacks without damaging the model accuracy, and helps improve the convergence speed of the model.
    Reference | Related Articles | Metrics
    Deep Learningbased Method for Encrypted Website Fingerprinting
    Journal of Information Security Reserach    2025, 11 (4): 304-.  
    Abstract176)      PDF (1407KB)(102)       Save
    Website fingerprinting is an important research area within the fields of network security and privacy protection. Its goal is to identify websites accessed by users within an encrypted network environment by analyzing network traffic characteristics. In response to the problems of limited application scenarios, such as restricted application scenarios, insufficient applicability, and the singularity of feature selection, this paper proposes a deep learningbased method for encrypted website fingerprinting. Initially, a new preprocessing method for raw data packets is introduced, which processes directly captured raw packet files to generate a feature sequence with both spatial and temporal characteristics, structured hierarchically. Following this, a hybrid deep learning model combining convolutional neural networks and long shortterm memory networks is designed to thoroughly learn the spatial and temporal features present in the data. The study further investigates various activation functions, model parameters, and optimization algorithms to improve the model’s accuracy and generalization capability. Experimental results indicate that this method provides higher website fingerprinting accuracy in the onion router anonymous network environment when it does not rely on cell packets. And it also achieves better accuracy compared to current mainstream machine learning methods in virtual private network scenarios.
    Reference | Related Articles | Metrics
    Research and Analysis of Named Entity Recognition Technology in #br# Threat Intelligence#br# #br#
    Journal of Information Security Reserach    2024, 10 (12): 1122-.  
    Abstract174)      PDF (990KB)(131)       Save
    In the face of increasingly complex network security attacks, it is very important to quickly obtain the latest network threat intelligence for realtime identification, blocking and tracking of network attacks. The key to solve this problem is how to obtain network threat intelligence data effectively, and named entity recognition technology is one of the hot technologies to solving this problem. This paper systematically analyzes several named entity recognition methods based on deep learning, and then designs a named entity recognition model suitable for threat intelligence field, and carries out experimental verification and analysis. Finally, the challenges faced by named entity recognition methods and their development prospects in the field of network security are analyzed and prospected.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2025, 11 (2): 173-.  
    Abstract170)      PDF (1383KB)(68)       Save
    With the rapid development of Internet of Things technology, smart cameras are widely used in personal and public safety due to ease of use and low cost. However, the issue of unauthorized video recording also raises concerns about privacy and security, so the detection and identification of hidden smart cameras in specific environments is of great significance. Existing covert smart camera detection methods cannot accurately detect cameras that delay data transmission or save data locally, because these methods rely primarily on camera audio and video network traffic generated when users view surveillance. To solve this problem, this paper proposes a covert intelligent camera detection method based on device WiFi reconnection traffic. The method uses MDK4 flooding attacks to make all smart devices connected to WiFi hotspots offline and reconnect, then sniffs and analyzes the encrypted traffic generated during the process of smart devices reconnecting to WiFi in the environment, and uses machine learning methods to detect hidden smart camera devices. The experimental results show that even without WiFi access, this method still has a high detection accuracy for hidden smart camera devices with delayed transmission or data stored locally.
    Reference | Related Articles | Metrics
    Indoor Localization Security Scheme Based on Geographic  Indistinguishability and Flexible WiFi Deployment
    Journal of Information Security Reserach    2025, 11 (2): 107-.  
    Abstract162)      PDF (1351KB)(75)       Save
    In indoor localization services, WiFi fingerprinting technology has received widespread attention due to its extensive coverage  and high localization accuracy. However, for the online phase of location query, the user’s personal sensitive information is vulnerable to malicious attacks resulting in location privacy leakage. Existing WiFi fingerprintbased indoor positioning technologies primarily focus on single flat surfaces within indoor environments, which restricts the flexibility of WiFi deployment. When WiFi is deployed in multidimensional scenarios, addressing spatial location privacy issues becomes imperative. In this paper, a WiFi fingerprinting indoor localization privacy protection scheme based on geographic indistinguishability is proposed, in which the user generates a new received signal strength vector by using his own received signal strength and sends the obtained data to the location service provider through noise obfuscation, and introduces a digital signature technique to ensure that the client’s identity is not forged before obfuscating the position to be sent to the location service provider to achieve localization. Experimental results based on the simulation experimental platform show that the new scheme supports flexible deployment of WiFi, and is able to realize highprecision localization for the first time in the case of flexible deployment of 12 WiFi access points with guaranteed localization error of less than 1m while protecting location privacy.
    Reference | Related Articles | Metrics
    Innovative and Professional Talent Education Architecture of  Cyberspace Security in New Situation
    Journal of Information Security Reserach    2025, 11 (4): 385-.  
    Abstract154)      PDF (3780KB)(103)       Save
    The emerging new problems and technologies in the field of cybersecurity currently do not match the applicability and timeliness of existing talent cultivation in technological development. In response to this, this paper investigates the innovative professional training system for cybersecurity talents under new circumstances. We systematically examine key issues in talent cultivation, dynamic updates of training objectives, evolution of knowledge systems, and cultivation of innovative competencies. The study proposes and constructs a comprehensive, multilevel, and dynamic talent cultivation framework for cyberspace security professionals, encompassing core theoretical research, critical technology R&D, and comprehensive innovation capability development that adapts to new technological trends. Through innovative processes including instructional objective design, content adaptation, teaching implementation, and feedback mechanisms, we establish an internationally adaptable training system that dynamically responds to technological advancements. This approach strengthens the dynamism, adaptability, and practical orientation of cybersecurity talent cultivation, effectively addressing the demand for innovative professionals in cyberspace security under evolving technological landscapes and emerging requirements.
    Reference | Related Articles | Metrics
    A Blackbox Antiforensics Method of GANgenerated Faces Based on #br# Invertible Neural Network#br#
    Journal of Information Security Reserach    2025, 11 (5): 394-.  
    Abstract154)      PDF (1920KB)(71)       Save
    Generative adversarial network GANgenerated faces forensics models are used to distinguish real faces and GANgenerated faces. But due to the fact that forensics models are susceptible to adversarial attacks, the antiforensics techniques for GANgenerated faces have emerged. However, existing antiforensic methods rely on whitebox surrogate models, which have limited transferability. Therefore, a blackbox method based on invertible neural network (INN) is proposed for GANgenerated faces antiforensics in this paper. This method embeds the features of real faces into GANgenerated faces through the INN, which enables the generated antiforensics faces to disturb forensics models. Meanwhile, the proposed method introduces a feature loss during training to maximize the cosine similarity between the features of the antiforensics faces and the real faces, further improving the attack performance of antiforensics faces. Experimental results demonstrate that, under the scenarios where no whitebox models are involved, the proposed method has good attack performance against eight GANgenerated faces forensics models with better performance than seven comparative methods, and can generate highquality antiforensics faces.
    Reference | Related Articles | Metrics
    Traffic Anomaly Detection Based on Improved Pigeon Inspired Optimizer and #br# Pyramid Convolution#br#
    Journal of Information Security Reserach    2024, 10 (12): 1107-.  
    Abstract152)      PDF (1717KB)(107)       Save
    The Improved Pigeon Inspired Optimizer (IPIO) and Pyramid Convolution Neural Network (PyConv) are the foundation of a traffic anomaly detection approach that aims to address the issues of a high number of redundant features in network traffic and the low detection accuracy of machine learning methods. Firstly, a feature selection method based on IPIO is designed to reduce feature redundancy. The pigeon group is initialized to increase population quality and quicken convergence by estimating the feature set’s information gain rate. The present ideal solution is modified at random using a twostage mutation process, which also looks for solutions close to it to prevent local optimum formation. Second, deep feature extraction is implemented using PyConv. PyConv is made to use multiscale convolution kernels to extract features of various sizes and fuse them to create new features. Finally, the classification is realized by Softmax classifier to improve the accuracy of traffic anomaly detection. Experimental results on the UNSWNB15 dataset show that the proposed method significantly reduces redundant features while improving accuracy.
    Reference | Related Articles | Metrics
    Research of Invisible Backdoor Attack Based on Interpretability
    Journal of Information Security Reserach    2025, 11 (1): 21-.  
    Abstract151)      PDF (1740KB)(56)       Save
    Deep learning has achieved remarkable success on a variety of critical tasks. However, recent work has shown that deep neural networks are vulnerable to backdoor attacks, where attackers release inverse models that behave normally on benign samples, but misclassify samples imposed by any trigger to the target label. Unlike adversarial samples, backdoor attacks are mainly implemented in the model training phase, perturbing samples with triggers and injecting backdoors into the model. This paper proposes an invisible backdoor attack based on interpretability algorithms. Different from the existing works that arbitrarily set the trigger mask, this paper carefully designs a trigger mask determination based on interpretability, and uses the latest random pixel perturbation as the trigger style design, so that the sample pairs imposed by the trigger are more natural and undetectable to avoid the detection of the human eye, and the defense strategy against the backdoor attack. In this paper, we conduct a large number of comparative experiments on CIFAR10, CIFAR100 and ImageNet datasets to demonstrate the effectiveness and superiority of our attack. The SSIM index is also used to evaluate the difference between the backdoor samples designed in this paper and the benign samples, and an evaluation index close to 0.99 is obtained, which proves that the backdoor samples generated in this paper are not identifiable under visual inspection. Finally, this paper also proves that the proposed attack is defensible against the existing backdoor defense methods.
    Reference | Related Articles | Metrics
    EU Data Protection Certification System and China’s Mirror
    Journal of Information Security Reserach    2025, 11 (1): 91-.  
    Abstract149)      PDF (2512KB)(45)       Save
    Achieving secure, orderly, and free crossborder data transfer is a significant policy issue for countries worldwide. Article 38 of the “Personal Information Protection Law of the People’s Republic of China” explicitly stipulates a certification system for crossborder transfer of personal information. However, this system is still in its nascent stage and faces fundamental and implementation challenges, such as determining the objects of certification. The European Union, as the progenitor of data protection certification systems, offers a reference for the perfection of China’s certification system through its institutional framework and distinctive features. This paper takes the EU’s data protection certification system and China’s personal information crossborder transfer certification system as its research subjects, compares with the differences in their institutional designs, and proposes five improvement suggestions, including clarifying the objects of certification, to address the systemic challenges in the construction of China’s certification system. These suggestions aim to provide valuable support for the improvement and innovation of the personal information crossborder transfer certification system.
    Reference | Related Articles | Metrics
    Constructing Lightweight Trusted Execution Environment on  RISCV Dualcore Processor
    Journal of Information Security Reserach    2025, 11 (6): 500-.  
    Abstract145)      PDF (2551KB)(23)       Save
    With the rapid development of Internet of Things (IoT) technology, resourceconstrained embedded IoT devices face particularly severe challenges in information security. The Trusted Execution Environment (TEE) provides an effective approach to addressing the security issues of terminal devices. By dividing the system into secure and ordinary areas and employing mechanisms such as memory access control, TEE ensures the separate execution of secure and ordinary application software, thereby significantly enhancing the overall system security. This paper addresses the problem of trusted isolation of secure application software and proposes a lightweight TEE SystemonChip (SoC) solution based on a RISCV dualcore architecture. Specifically, the solution leverages the Physical Memory Protection (PMP) mechanism to achieve trusted isolation. Additionally, to prevent unauthorized access to secure area resources by ordinary area applications, a lowresource IOPMP design is presented, which uses a physical address access firewall mechanism to block unauthorized access. Furthermore, to facilitate efficient message transfer between the secure and ordinary areas, a Mailbox communication scheme based on the “message queue & interrupt” mechanism is proposed. Experimental results indicate that the design proposed in this paper has lower hardware resource consumption compared to similar designs, with a power consumption of only 0.256W, a 14% reduction. In the CoreMark test for the TEE CPU, the score reached 2.40 CoreMarks/MHz, which is double the performance of similar designs.
    Reference | Related Articles | Metrics
    Encrypted Traffic Detection Technology for Multisession Coordinated #br# Attack Based on Deep Learning#br#
    Journal of Information Security Reserach    2025, 11 (1): 66-.  
    Abstract143)      PDF (1497KB)(52)       Save
    Malicious encrypted traffic detection is currently an important research topic in the field of network security. Attacker used multisession encrypted traffic to achieve multistage coordinated attacks, which is becoming a trend. This paper analyzes the existing problems of current mainstream malicious encrypted traffic detection methods, and proposes an malicious encrypted traffic detection method for multisession coordinated attack scenarios. Based on the advantages of deep learning methods in the field of image recognition, this method extracts multisession features and converts them into images, converting encrypted traffic identification problems into image recognition problems, thereby indirectly realizes malicious encrypted traffic detection. The preliminary test results on the experimental data have verified the effectiveness of the method.
    Reference | Related Articles | Metrics
    Design and Implementation of 3D Model Matching Algorithm
    Journal of Information Security Reserach    2025, 11 (6): 539-.  
    Abstract142)      PDF (2587KB)(18)       Save
    3D model matching plays a vital role in model copyright protection and transaction facilitation by effectively preventing redundant authentication and enabling convenience for research, testing, and management in related fields. However, traditional matching approaches predominantly rely on plaintext matching, which, despite ensuring a certain level of matching accuracy and robustness, falls short in data privacy protection. To address this gap, ciphertext matching performs matching computations on encrypted data, thus enabling model matching while safeguarding data privacy. This approach offers significant practical value and broad application prospects. Therefore, this paper presents three matching strategies. 1) Under plaintext conditions, precise registration of 3D point clouds is achieved via the Iterative Closest Point (ICP) algorithm, followed by model matching using peak signaltonoise ratio (PSNR). 2) Under plaintext conditions, 3D point cloud features are extracted using the PointNet deep learning model, and feature similarity is calculated via cosine similarity. 3) Under ciphertext conditions, the extracted features are encrypted using homomorphic encryption. Cosine similarity is then used to compute the similarity of the encrypted features, thereby effectively protecting data privacy.
    Reference | Related Articles | Metrics
    The Finegrained Executor Scheduling Algorithm for Unknown  Attacks Perception
    Journal of Information Security Reserach    2025, 11 (6): 569-.  
    Abstract142)      PDF (1456KB)(26)       Save
    Addressing security threats from unknown attacks exploiting software and system vulnerabilities in power grid devices often overlooks potential issues within operating systems and communication protocols at the programming languarg level. This paper proposes a finegrained scheduling algorithm that quantifies the similarity of execution components and incorporates parameters such as attack timing and frequency to assess historical trust deficit. By combining similarity and historical trust deficit, a quantitative algorithm for redundant execution body heterogeneity is introduced. Simulation experiments demonstrate that this algorithm significantly outperforms other methods in distinguishing execution body similarity, effectively reducing the risk of exploiting similar vulnerabilities or defects, and minimizing redundant wastage from similar execution bodies. The failure rate remains consistently below 0.55, indicating superior practical performance compared to commonly used algorithms.
    Reference | Related Articles | Metrics
    Multiciphertext Equality Test Scheme Based on RLWE
    Journal of Information Security Reserach    2025, 11 (6): 511-.  
    Abstract141)      PDF (1049KB)(25)       Save
    With the rapid development of technology, privacy protection has become an important issue. In order to ensure the security of data, it is usually chosen to encrypt the data and store it on the cloud server. However, in this way, the cloud server cannot effectively process the encrypted data such as calculation and statistics, which limits many application scenarios. To address this issue, this paper proposes a PKEMET(publickey encryption with a multiciphertext equality test) scheme based on RLWE (ring learning with error) problem, and provides a correctness and security analysis. This solution allows the cloud server to perform equality tests on multiple ciphertexts at the same time, and is also resistant to quantum computing attacks. This paper also implements the scheme based on the Palisade library, and compares it with other schemes from the perspective of theory and implementation. Compared with other solutions, this solution has the advantages of high efficiency and short running time.
    Reference | Related Articles | Metrics
    An Intrusion Detection Method for Internet of Things by Fusing #br# Spatiotemporal Features#br#
    Journal of Information Security Reserach    2025, 11 (3): 241-.  
    Abstract139)      PDF (3194KB)(59)       Save
    Aiming at the problems of insufficient attack samples and more categories in unbalanced IoT traffic datasets reducing the classification accuracy and generalization ability of the detection model, an intrusion detection method for the Internet of things by fusing spatiotemporal features (BGAREU) is proposed. The data were first normalized and the SMOTEENN method was used to improve the data distribution of the training samples; then temporal features and global information were extracted by Bidirectional gated recurrent unit (BiGRU) and multihead attention, and combined ResNext network and UNet network to construct a multiscale spatial feature extraction network, and then incorporate efficient channel attention (ECANet) into the residual units to enhance the local characterization capability; finally, the fused features are fed into the Softmax classifier for multiclassification. Experiments show that the proposed model has more than 2% improvement in all the metrics compared with other models on IoT traffic datasets UNSWNB15, NSLKDD, and WSNDS. In addition, this paper verifies that the ECANet has stronger characterization ability by comparing multiple attention mechanisms, and explores the effect of different numbers of attention heads in multihead attention on the model performance.
    Reference | Related Articles | Metrics
    A Secure and Efficient Sharing Method for Electronic Medical Records #br# Based on Blockchain#br#
    Journal of Information Security Reserach    2025, 11 (1): 74-.  
    Abstract137)      PDF (1096KB)(51)       Save
    In response to the challenges faced by medical institutions in sharing electronic medical records, such as privacy leakage risks and inefficient retrieval issues, this paper proposes an efficient encrypted retrieval and sharing scheme for electronic medical records based on blockchain technology. We propose a blockchainbased scheme for efficient encryption, retrieval, and sharing of EMRs. Firstly, the scheme stores encrypted EMRs on cloud servers and implements the retrieval process on a consortium blockchain, effectively achieving separation of storage and retrieval. It incorporates a confusion trapdoor set, significantly reducing the risk of keyword guessing attacks. Secondly, considering the unique nature of medical data, we introduce an optimized inverted index structure that effectively resolves efficiency concerns when handling a large volume of EMRs. Lastly, based on this index structure, we develop a ciphertext retrieval algorithm that efficiently retrieves ciphertexts by combining searchable encryption’s trapdoor technique with keyword ciphertexts in the inverted index. Experimental results demonstrate that our proposed solution successfully addresses the challenges in the healthcare industry’s EMR sharing, enhancing system operational efficiency while ensuring privacy protection. 
    Reference | Related Articles | Metrics
    Group Key Management Mechanism for Internet of Vehicles
    Journal of Information Security Reserach    2025, 11 (2): 139-.  
    Abstract137)      PDF (873KB)(59)       Save
    Based on the characteristics of the Internet of vehicles(IoV), a treebased lightweight group key management mechanism (Lightweight Tree Group Key Management Mechanism, LTGKM) is proposed to realize the security of multicast and broadcast communications in the IoV. LTGKM adopts a hierarchical approach to generate, distribute and update the group keys. The management node of various layers generates the corresponding group key using the HMAC function as the key derivation function, and distributes the group key to the child node based on the encrypted certification algorithm; When a new node joins, the parent node generates a new group key and distribute it to the new node, and the remaining nodes update the group key by themselves; when the user leaves, the nonleaf node updates the group key by themselves, and the new group key is distributed to the leaf node by its father node. Security analysis shows that LTGKM realizes the randomness, forward security, and backward security during the group key generation and update, and the confidentiality, integrity and uniformity during key distribution. Performance analysis shows that LTGKM has obvious advantages in storage, computing and communication.
    Reference | Related Articles | Metrics
    Traffic Feature Obfuscation Method Based on Adversarial Samples
    Journal of Information Security Reserach    2024, 10 (12): 1137-.  
    Abstract136)      PDF (2316KB)(78)       Save
    The continuous development of deep learning poses new challenges for smart home traffic privacy protection. Traditional traffic privacy protection techniques cannot effectively defend against deep learningbased traffic analysis attacks in blackbox scenarios. To address this, this paper investigates a traffic feature obfuscation method based on adversarial samples. It transforms traffic data into image data, leverages transfer learning to build a device recognition model as the target adversarial model, and uses a generator network to construct adversarial samples based on traffic features. Simultaneously, the network is trained to learn the mapping relationship between regular traffic and adversarial samples while restricting the position and size of perturbations in the adversarial samples. This approach utilizes the model’s transferability to achieve device traffic privacy protection in blackbox scenarios. Experimental results demonstrate that the traffic feature obfuscation method based on adversarial samples can effectively resist attacks from unknown recognition models, thereby safeguarding user privacy.
    Reference | Related Articles | Metrics
    Research and Application of Trusted Data Security Management #br# Technology Based on Chameleon Hash#br#
    Journal of Information Security Reserach    2025, 11 (2): 189-.  
    Abstract136)      PDF (2544KB)(60)       Save
    To simultaneously address the demands for data updates and data security management in the field of data circulation, this paper investigates a trusted data security management scheme based on chameleon hash. Initially, the mathematical foundations of chameleon hash are analyzed and three construction methods are compared. A data security management approach that integrates chameleon hash with homomorphic encryption is summarized and applied to digital rights protection. This method not only permits the updating and modification of submitted data but also ensures data security and userfriendliness. Finally, the efficiency of the proposed method is evaluated through experimental simulations. The results demonstrate that the data security management and update method proposed in this paper is suitable for environments requiring frequent data updates and certain security needs. This method effectively reduces the overall cost of data updates, providing an efficient and secure solution for the circulation of data elements.
    Reference | Related Articles | Metrics
    Design of a Large Model Data Supervision System Based on Blockchain
    Journal of Information Security Reserach    2025, 11 (8): 682-.  
    Abstract135)      PDF (2618KB)(58)       Save
    Large model (LM) has shown great potential in the fields of natural language processing, image and speech recognition, and has become a key force driving the technological revolution and social progress. However, the wide application of LM technology brings challenges such as data privacy risks, data compliance regulation, and data regulatory activation and intelligence.  This paper aims to explore how to utilize blockchain to design and construct an effective data regulatory system to promote its healthy development, in order to meet the challenges brought by the application of massive data to LM. This paper analyzes the trends and current status of the development of LM at home and abroad, and points out the main challenges to LM data regulation, including data privacy risks, data compliance, and the difficulty of effective supervision by regulators . A blockchainbased data regulation system design scheme is proposed to address these challenges, which realizes the fullcycle data regulation of LM data from the native metadata to the input of training until the posttraining feedback through four interconnected modules, namely, privacy protection, consensus algorithm, incentive mechanism, and smart contract. Finally, the application prospect of blockchain in LM data supervision is summarized, and the future trend of data supervision is outlooked.
    Reference | Related Articles | Metrics
    Container Anomaly Detection Based on Attention Mechanism and  Multiscale Convolutional Neural Network
    Journal of Information Security Reserach    2025, 11 (1): 35-.  
    Abstract132)      PDF (1437KB)(53)       Save
    Containers are widely used in cloud computing due to their lightweight, flexibility, and ease of deployment, making them an indispensable technology. However, they also face security concerns due to their shared kernel and weaker resource isolation compared to virtual machines. Based on attention mechanism and convolutional neural network, this paper proposes a method of process anomaly detection in container based on system call sequence, which uses the data generated by container process operation to analyze and judge the abnormal behavior of process. The experimental results on public datasets and simulated attack scenarios show that this method can detect anomalies in the behavior of processes within containers, and is higher in accuracy and precision than comparison methods such as random forest and LSTM.
    Reference | Related Articles | Metrics
    Research on Distributed Identity Authentication Technology Based on  Revocable Proxy Signature
    Journal of Information Security Reserach    2025, 11 (6): 521-.  
    Abstract131)      PDF (1936KB)(22)       Save
    With the proliferation of digital services in people’s daily lives, traditional identities have found a new form of expression—digital identities. In conventional network digital activities, the digital identity management is handled by centralized service providers, which brings a series of issues such as difficulties in centralized storage management and insufficient protection of user privacy. Consequently, the identity authentication technology based on decentralized identifier (DID) has become a current research hotspot. However, distributed digital identity authentication schemes often face problems of privacy leakage and cumbersome user signature authentication processes, presenting significant pain points in current distributed identity authentication technology. To address the aforementioned issues, this paper constructs a distributed identity authentication protocol based on revocable proxy signatures, verifiable credentials, and blockchain technology. This protocol achieves a userfriendly and secure signature authentication process, requiring low device performance from users participating in digital activities, making it suitable for a wider range of user digital activities.
    Reference | Related Articles | Metrics
    A Latticebased CPABE Scheme with Policy Splitting and #br# Attribute Revocation#br#
    Journal of Information Security Reserach    2025, 11 (6): 548-.  
    Abstract131)      PDF (1755KB)(11)       Save
    Ciphertextpolicy attributebased encryption (CPABE) is suitable for providing secure datasharing services in the cloud storage scenario. However, attribute revocation is a challenging issue in CPABE. With the advancements in quantum computing research, traditional CPABE are no longer secure. Latticebased CPABE can resist quantum attacks. This paper proposes a latticebased CPABE scheme with policy splitting and attribute revocation. This scheme is resistant to quantum and collusion attacks. When attribute revocation occurs, this paper uses policy splitting to reduce the affected ciphertexts (blocks) and uses the lazy mode ciphertext update method to reduce the number and scope of ciphertexts that need to be updated. Theoretical analysis demonstrates that the overall storage cost of our scheme remains within a reasonable range. Finally, it is shown that, under the standard model, the scheme is proven secure against chosenplaintext attacks (CPA), and its security can be attributed to the ring learning with errors (RLWE) difficulty problem.
    Reference | Related Articles | Metrics
    Multiparty Data Security Sharing Scheme Based on Decentralized Verification
    Journal of Information Security Reserach    2025, 11 (6): 578-.  
    Abstract130)      PDF (4817KB)(49)       Save
    With the development of the Internet of Things, collaborative work between multiple devices is becoming increasingly common. However, in the process of data sharing, user privacy may face the risk of data theft and tampering. Existing FL methods rely on mobile edge computing (MEC) servers for model aggregation, and have problems with trust, security threats, and single points of failure. To solve these problems, a new multiparty data sharing scheme based on blockchain is proposed, in which a decentralized verification mechanism and a consensus mechanism inspired by proof of stake (PoS) are introduced. The decentralized verification mechanism ensures the legitimacy of each local model update by evaluating node behavior and voting, and only legitimate updates are used for global model building. In the process of model construction, homomorphic encryption and key sharing techniques are used to encrypt the local model parameters to ensure the security integrity of model parameters in the process of transmission and aggregation. The PoS consensus mechanism rewards honest behavior devices, increasing their chances of becoming block generators. In addition, the cache mechanism of information search is introduced to reduce the number of multiparty search. The data sharing scheme has been verified to enhance data security.
    Reference | Related Articles | Metrics
Author Center
Review Center
京ICP备19004174号
Copyright © Journal of Information Security Reserach, All Rights Reserved.
Tel: 010-68558637 E-mail: ris@cei.cn
Powered by Beijing Magtech Co., Ltd.