Most Read articles

Published in last 1 year |  In last 2 years |  In last 3 years |  All

In last 2 years

Please wait a minute...


For Selected: Download Citations EndNote Ris BibTeX Toggle Thumbnails

Select

ChatGPT’s Applications, Status and Trends in the Field of Cyber Security Journal of Information Security Reserach    2023, 9 (6): 500-.   Abstract （618）      PDF （2555KB）（563）       Knowledge map    Save ChatGPT, as a large language model technology, demonstrates extremely strong language understanding and text generation capabilities. It has not only attracted tremendous attention across various industries but also brought new transformations to the field of cybersecurity. Currently, research on ChatGPT in the cybersecurity field is still in its infancy. To help researchers systematically understand the research status of ChatGPT in cybersecurity, this paper provides the first comprehensive summary of ChatGPT’s applications in the field of cybersecurity and potential accompanying security issues. The article first outlines the development of large language model technologies and briefly introduces the technology and features of ChatGPT. Then, it discusses the enabling effects of ChatGPT in the cybersecurity field from two perspectives: assisting attacks and assisting defense. This includes vulnerability discovery, exploitation and remediation, malicious software detection and identification, phishing email generation and detection, and potential use cases in security operations scenarios. Furthermore, the article delves into the accompanying risks of ChatGPT in the cybersecurity field, including content risks and prompt injection attacks, providing a detailed analysis and discussion of these risks. Finally, the paper looks into the future of ChatGPT in the cybersecurity field from the perspectives of security enablement and accompanying security, pointing out the direction for future research on ChatGPT in the cybersecurity domain. Reference | Related Articles | Metrics

Select

On the Exploration and Prospect of the Development Path of  Cyberspace Trusted Identity in China Journal of Information Security Reserach    2022, 8 (12): 1236-.   Abstract （573）      PDF （1941KB）（106）       Knowledge map    Save Reference | Related Articles | Metrics

Select

Research on the Application of Commercial Cryptography in 5G Network Journal of Information Security Reserach    2023, 9 (4): 331-.   Abstract （544）      PDF （1197KB）（311）       Knowledge map    Save As a new generation of mobile communication network infrastructure, 5G application scenarios run through all aspects of production and life, such as industrial Internet, energy industry, transportation, medical industry and education. However, unprecedented security risks have been brought to 5G networks, including massive terminal access, largescale network deployment, and massive data aggregation. 5G security has gradually become a worldwide research trend in recent years since it is crucial to social development, economic operation, and even national security. Cryptography is the core technology and basic support to assure network and information security. After more than ten years of development, national commercial cryptographic algorithms ZUC, SM4, SM3, SM2, whose independent intellectual property rights are available, have gradually exerted more indispensable effects in maintaining the security of national cyberspace. Starting from the 5G network architecture and interfaces, this paper analyzes the underlying security risks faced by the 5G networks and proposes a corresponding solution as an example in terms of the commercial cryptography application practices of the 5G network. Reference | Related Articles | Metrics

Select

Application of Penetration Testing for Industrial Control System Terminals Journal of Information Security Reserach    2023, 9 (4): 313-.   Abstract （485）      PDF （3070KB）（166）       Knowledge map    Save The security of industrial control system terminals is getting crucial with the development of the industrial Internet. How to conduct effective safety tests for industrial control system terminals has become a key problem to be studied and solved urgently. In this paper, the general process of penetration testing is firstly introduced, then the application of penetration testing for industrial control system terminals is examined using improper input validation vulnerability as an example. The method starts from information collection and penetration tools to deeply understand the system input verification. Then, during the stage of the vulnerability discovery, the modeling of the vulnerability to sensitive input is proposed, as well as the seed mutation pattern for the industrial control programs is designed. The experiment demonstrates the effectiveness of the proposed method and the vulnerability widely existed in the industrial control systems. This method also discovers the security threats such as data tampering, denial of service, permission access and malicious script injection caused by the input validation vulnerability. At last, this work provides security suggestions for industrial control network security protection and equipment protection. Reference | Related Articles | Metrics

Select

Journal of Information Security Reserach    2022, 8 (9): 856-.   Abstract （422）      PDF （391KB）（266）       Knowledge map    Save Related Articles | Metrics

Select

Key Points and Practice of Compliance Assessment for Government Data Security Journal of Information Security Reserach    2022, 8 (11): 1050-.   Abstract （405）      PDF （719KB）（340）       Knowledge map    Save With the development of digital government, the security of government data has become a crucial task. The state attaches great importance to the security risk prevention of government data, and has issued a series of laws, regulations and policy documents, which put forward clear requirements for strengthening the security management of government data. Based on the requirements of government data security compliance, this article proposes the evaluation method and index system of compliance assessment for government data security, which will provide reference for the manager of government data to carry out government data security compliance assessment. Reference | Related Articles | Metrics

Select

Journal of Information Security Reserach    2023, 9 (E1): 105-.   Abstract （394）      PDF （1450KB）（200）       Knowledge map    Save Reference | Related Articles | Metrics

Select

Journal of Information Security Reserach    2023, 9 (3): 206-.   Abstract （370）      PDF （513KB）（271）       Knowledge map    Save Related Articles | Metrics

Select

Research on Content Detection Generated by Large Language Model  and the Mechanism of Bypassing Journal of Information Security Reserach    2023, 9 (6): 524-.   Abstract （324）      PDF （1924KB）（240）       Knowledge map    Save In recent years, there has been a surge in the development of large language models. AI robots like ChatGPT, although they have a largescale security confrontation mechanism inside, attackers can still elaborate questionandanswer patterns to bypass the mechanism, with their help to automatically produce phishing emails and carry out network attacks. In this case, how to identify the text generated by AI robots has also become a hot issue. In order to carry out LLMgenerated content detection experiment, our team collected a certain number of questionandanswer data samples from an Internet social platform and ChatGPT platform, and proposed a series of detection strategies according to different conditions of AI text availability. It includes text similarity analysis based on online controllable AI samples, text data mining based on statistical differences under offline conditions, adversarial analysis based on the LLM generation method under the condition that AI samples are not available, and AI model analysis based on building a classifier by finetuning the target LLM model itself. We calculated and compared the detection capabilities of the analysis engine in each case. On the other hand, we give some antikill techniques against AI text detection engines based on the characteristics of detection strategies, from the perspective of network attack and defense. Reference | Related Articles | Metrics

Select

Key Technologies and Research Prospects of Privacy Computing Journal of Information Security Reserach    2023, 9 (8): 714-.   Abstract （287）      PDF （1814KB）（197）       Knowledge map    Save Privacy computing, as an important technical means taking into account both data circulation and privacy protection, can effectively break the “data island” barriers while ensuring data security, it enables open data sharing, and promotes the deep mining and use of data and crossdomain integration. In this paper, the background knowledge, basic concepts and architecture of privacy computing were introduced, the basic concepts of three key technologies of privacy computing, including secure multiparty computation, federated learning and trusted execution environment were elaborated, and studies on the existing privacy security was conducted, a multidimensional comparison and summarization of the differences of the three key technologies were made. On this basis, the future research direction of privacy computing is prospected from the technical integration of privacy computing with blockchain, deep learning and knowledge graph. Reference | Related Articles | Metrics

Select

Research on Network Security Governance and Response of  Largescale AI Model Journal of Information Security Reserach    2023, 9 (6): 551-.   Abstract （281）      PDF （1101KB）（223）       Knowledge map    Save With the continuous development of artificial intelligence technology, largescale AI model technology has become an important research direction in the field of artificial intelligence. The publication of ChatGPT4.0 and ERNIE Bot has rapidly promoted the development and application of this technology. However, the emergence of largescale AI model technology has also brought new challenges to network security. This paper will start with the definition, characteristics and application of largescale AI model technology, and analyze the network security situation under largescale AI model technology. The network security governance framework of largescale AI model is proposed, and the given steps can provide reference for network security work of largescale AI model. Reference | Related Articles | Metrics

Select

Journal of Information Security Reserach    2023, 9 (6): 498-.   Abstract （277）      PDF （472KB）（331）       Knowledge map    Save Related Articles | Metrics

Select

Data Security Governance Practices Journal of Information Security Reserach    2022, 8 (11): 1069-.   Abstract （276）      PDF （5897KB）（245）       Knowledge map    Save Data security governance has been written into the Data Security Law of the People’s Republic of China. At the same time, data security governance is also one of the key points in the construction of systematic network security. This paper analyzes the data security governance concepts of Gantner and Microsoft, combines enterprise architecture, stakeholder theory, data flow security assessment, maturity security assessment and other methodologies, forms a set of data security governance concepts, and designs a data security management and operation platform for dynamic supervision and data security operation of data security governance indicators. Since 2018, this methodology and platform have been put into practice in the project to solve the construction and optimization of users’ data management and defense system. Reference | Related Articles | Metrics

Select

Research on Several Issues in the Construction of Network Trusted  Identity System Journal of Information Security Reserach    2022, 8 (9): 871-.   Abstract （272）      PDF （2082KB）（127）       Knowledge map    Save This paper works through a series of concepts related to “network identity”, extends the experience and ideas of network identity management from the ways and methods of real social identity management, analyzes the four basic stages involved in network identity life cycle management and the key problems to be solved, and puts forward the reference architecture of network trusted identity system and its system functional structure, It also puts forward relevant suggestions to promote the construction and application of network trusted identity system in China. Reference | Related Articles | Metrics

Select

Towards a Privacy-preserving Research for AI and Blockchain Integration Journal of Information Security Reserach    2023, 9 (6): 557-.   Abstract （262）      PDF （1307KB）（175）       Knowledge map    Save With the widespread attention and application of artificial intelligence (AI) and blockchain technologies, privacy protection techniques arising from their integration are of notable significance. In addition to protecting the privacy of individuals, these techniques also guarantee the security and dependability of data. This paper initially presents an overview of AI and blockchain, summarizing their combination along with derived privacy protection technologies. It then explores specific application scenarios in data encryption, deidentification, multitier distributed ledgers, and kanonymity methods. Moreover, the paper evaluates five critical aspects of AIblockchainintegration privacy protection systems, including authorization management, access control, data protection, network security, and scalability. Furthermore, it analyzes the deficiencies and their actual cause, offering corresponding suggestions. This research also classifies and summarizes privacy protection techniques based on AIblockchain application scenarios and technical schemes. In conclusion, this paper outlines the future directions of privacy protection technologies emerging from AI and blockchain integration, including enhancing efficiency and security to achieve more comprehensive privacy protection of AI privacy. Reference | Related Articles | Metrics

Select

A Novel Blockchain Privacy Preserving Scheme Based on Paillier  and FO Commitment Journal of Information Security Reserach    2023, 9 (4): 306-.   Abstract （262）      PDF （934KB）（179）       Knowledge map    Save The blockchain is a shared database with excellent characteristics such as high decentralization and traceability. However, data leakage is still a big problem for blockchain transactions. To order to solve the problem, this paper introduces Paillier homomorphic encryption with variable k (KPH), a privacy protection strategy that hides transaction information by the public key encryption algorithm RSA, performs zeroknowledge proof on the legitimacy of the transaction amount with FO commitment, and updates the transaction amount using the enhanced Paillier semihomomorphic encryption algorithm and verifies the transaction using the FO commitment. Unlike the typical Paillier algorithm, the KPH scheme’s Paillier algorithm includes the variable k and combines the L function and the Chinese remainder theorem to reduce the time complexity from O(|n|2+e) to O(logn), making the algorithm decryption process more efficient. Reference | Related Articles | Metrics

Select

Research on the Application of Commercial Cryptography to Cloud Computing Journal of Information Security Reserach    2023, 9 (4): 375-.   Abstract （259）      PDF （3447KB）（224）       Knowledge map    Save Cloud computing, as a new information processing method, enables users to access information and communication resource services through the network, and it has become an inevitable trend in the development of information technology industry. Users, data, and information resources are highly concentrated, highly dependent on the continuity of cloud platform services, and the scalability of virtualized resources bring inevitable security risks to cloud computing., and the scalability of virtualized resources bring inevitable security risks to cloud computing. Therefore, how to eliminate the security risks of cloud computing by using commercial cryptography technology has become the current research hotspot. This paper starts from the cloud computing network architecture, anlyzes the cryptography application requirements of cloud computing. The paper proposes the corresponding commercial cryptography application scheme for cloud computing scenarios on this basis. The research results provide a theoretical guidance and reference for the application practice of commercial cryptography in cloud computing scenarios, and are expected to solve the key problems of cloud computing security. Reference | Related Articles | Metrics

Select

Research on Loop Security Problem in Binary Programs Journal of Information Security Reserach    2023, 9 (4): 364-.   Abstract （256）      PDF （2829KB）（81）       Knowledge map    Save Loop is a common structure in programs and improperly using loop is one of the most important reasons resulting in security problems, making detecting loop security problem is important and valuable. As the path state explosion and loop modeling problems in binary code, statically analyzing of loop security is extremely challenging, and traditional methods are unable to solve these problem. In this paper, we proposed a detecting method for loop security problems based on binary static analyzing，having the ability of detecting out of bound memory access in loop and infinite loop problem. Firstly, we present an accurate extracting and recovering method of loop factors in binary based on analyzing of loop structure and then multiple path explore strategies are utilized to solving the path state explosion and sorting problem. Moreover, we propose a function summary method based on static concrete execution to solving constraints growing problem caused by induction function invoking in loops. Finally, we proposed an inductive analysis method based on loop predicates to detect insecure loop in binary. We have applied our methods on ten real world programs and compared with Angr. The experimental results turn out that our method is capable of detecting more loop problems than Angr. Related Articles | Metrics

Select

Design and Research of Attack and Defense Platform  Based on Real Network Journal of Information Security Reserach    2022, 8 (9): 895-.   Abstract （244）      PDF （2394KB）（103）       Knowledge map    Save Through the research and analysis of the current situation that National Cyber Range is based on simulation technology, this paper puts forward the research goal of building a set of attack and defense platform based on real network environment, and designs a set of technical architecture of real network attack and defense platform with five modules: attack and defense capability confrontation space, attack and defense confrontation security control, security situation analysis and display, command and dispatching wall chart operation and secure big data platform. This paper also expounds the application practice of the architecture, and finally improves the network security comprehensive defense ability of security personnel. Reference | Related Articles | Metrics

Select

Analysis on the Division of Data Security Management Responsibilities  and Accountability Mechanism Journal of Information Security Reserach    2023, 9 (1): 73-.   Abstract （241）      PDF （1038KB）（144）       Knowledge map    Save Strengthening the awareness of security and responsibility is the primary condition for data security management. People are the most important factor in the construction of data security. All data security management specifications and technical measures are based on people. From the perspective of data security compliance, this article fully analyzes the corporate data security protection obligations in accordance with the Data Security Law, and innovatively designs the corporate data security responsibility matrix and data security incident accountability matrix to provide enterprises with the construction of data security compliance management. The design ideas for the key functions required by each stakeholder in the system process, and a practical accountability plan based on the key functions, can implement the Data Security Law for various industries and units, and build a data security organization. And the incident accountability mechanism to provide sufficient reference. Reference | Related Articles | Metrics

Select

Research on the Progress of Crossborder Data Flow Governance Journal of Information Security Reserach    2023, 9 (7): 624-.   Abstract （236）      PDF （1036KB）（107）       Knowledge map    Save While promoting the sharing of global data resources, the crossborder data flow will inevitably threaten data sovereignty and national security. The competition for the right to speak in international data with crossborder data flow governance as the game will become the focus of competition in the international community in the future. This paper introduces the background knowledge and constraints of crossborder data flow, investigates and compares the crossborder data flow governance models of the United States, the European Union, Russia, Japan, and Australia, and analyzes the current policy status and challenges of crossborder data flow governance in our country, on this basis, countermeasures and suggestions are proposed for the governance of crossborder data flow in our country from the perspective of data sovereignty, including promoting the classification supervision of crossborder data flow, innovating and developing crossborder data flow governance models, improving countermeasures against extraterritorial “longarm jurisdiction”, and actively participating in and leading the formulation of international governance rules. Reference | Related Articles | Metrics

Select

A Survey of SQL Injection Attack Detection and Defense Technology Journal of Information Security Reserach    2023, 9 (5): 412-.   Abstract （233）      PDF （2612KB）（222）       Knowledge map    Save In the era of “Internet+”, data is the most valuable resource of the Internet. Attackers often use SQL injection attacks to destroy the database in order to obtain important data information in the database. The threat to database security is becoming more and more serious. At present, the research on SQL injection attacks mostly focuses on traditional SQL injection attacks, but lacks the cognition of new advanced SQL injection technology with stronger concealment and higher risk, and the research on related detection and defense technology. In response to this phenomenon, this paper analyzes and evaluates traditional and advanced SQL injection attack technologies and their technical characteristics based on the classification of SQL injection technologies; summarizes existing detection and defense technologies, and evaluates the advantages and disadvantages of these methods for defense effectiveness; finally The problems existing in the current research field are sorted out, and suggestions for future research directions are put forward. Reference | Related Articles | Metrics

Select

Research on Personal Privacy Data Sharing Technology Based on  Blockchain Traceability Journal of Information Security Reserach    2023, 9 (2): 109-.   Abstract （226）      PDF （1327KB）（138）       Knowledge map    Save Personal privacy data on the Internet, as an one of the important information resources, involves a series of security issues. Centralized or distributed servers are usually used to centrally manage personal privacy data. The data storage is not transparent, and it is prone to problems such as single point of failure and information theft. This paper combines blockchain technology with the improved CPABE algorithm, uses IPFS to store private data, and designs a flexible finegrained personal privacy data sharing scheme PPSSBC based on improved CPABE algorithm. The proposed scheme supports the accountability of malicious users who leak their private keys and realizes dynamic access control. The paper proves the security of the scheme. Experimental analysis shows that the scheme is effective. Reference | Related Articles | Metrics

Select

ChatGPT’s Security Threaten Research Journal of Information Security Reserach    2023, 9 (6): 533-.   Abstract （225）      PDF （1801KB）（200）       Knowledge map    Save With the rapid development of deep learning technology and natural language processing technology, the large language model represented by ChatGPT came into being. However, while showing surprising capabilities in many fields, ChatgPT also exposed many security threats, which aroused the concerns of academia and industry. This paper first introduces the development history, working mode, and training methods of ChatGPT and its series models, then summarizes and analyzes various current security problems that ChatGPT may encounter and divides it into two levels: user and model. Then, countermeasures and solutions are proposed according to the characteristics of ChatGPT at each stage. Finally, this paper looks forward to developing a safe and trusted ChatGPT and a large language model. Reference | Related Articles | Metrics

Select

Survey of Network Intrusion Detection Based on Deep Learning Journal of Information Security Reserach    2022, 8 (12): 1163-.   Abstract （213）      PDF （2421KB）（192）       Knowledge map    Save The rapid development of the Internet not only brings great convenience to users, but also causes many security incidents. With the increasing number of network attacks such as zeroday vulnerabilities and encryption attacks, the network security situation is becoming more and more serious. Intrusion detection is an important means of network attack detection. In recent years, with the continuous development of deep learning technology, intrusion detection system based on deep learning is gradually becoming a research hotspot in the field of network security. This paper introduces recent work on network intrusion detection using deep learning technology based on extensive investigation of literature. Firstly, it briefly summarizes the current network security situation and traditional intrusion detection technologies. Then, several deep learning models commonly used in network intrusion detection system are introduced. Then it summarizes the commonly used data preprocessing techniques, data sets and evaluation indicators in deep learning. Then from the perspective of practical application, it introduces the specific application of deep learning model in network intrusion detection system. Finally, the problems in the current research process are discussed, and the future development direction is put forward. Reference | Related Articles | Metrics

Select

Organizational Capacity Building of Government Data Security Journal of Information Security Reserach    2022, 8 (11): 1061-.   Abstract （202）      PDF （1321KB）（197）       Knowledge map    Save As the country pays more and more attention to data security, government data, as the core assets of the digital government in the new era, will involve not only personal information data of citizens, but also important data such as government agencies. Therefore, the security protection and protection capabilities of government data cannot be ignored. At present, domestic protection mechanisms and research on government data security are relatively lacking. This paper analyzes the risks brought by laws, regulations and policies, complex business scenarios and new technologies to government data. Combining the three security levels of security management, security technology and security operation of government data. This paper proposes a government data security organization capability framework that meets the security requirements of government data, providing ideas for the subsequent research on government data security assurance system. Reference | Related Articles | Metrics

Select

A Survey of IoT Firmware Vulnerability Security Detection Journal of Information Security Reserach    2022, 8 (12): 1146-.   Abstract （202）      PDF （1780KB）（193）       Knowledge map    Save With the advent of the Internet of everything, the security issues of the IoT have become more and more important, especially the economic losses caused by security risks and attacks caused by firmware vulnerabilities in the IoT. Efficient firmware vulnerability detection technology has increasingly become the key to ensuring the security of IoT devices. Therefore, studying the methods and technologies related to firmware vulnerability security detection in the IoT has essential theoretical significance and practical value. This paper analyzes the reasons for the frequent security problems of IoT firmware, summarizes the main security threats faced by IoT firmware, and targets the firmware. Based on the challenges faced by vulnerability analysis, the existing firmware vulnerability detection methods are reviewed. Through the analysis of the advantages and disadvantages of different methods, it provides guidance for further improving the intelligence, precision, automation, effectiveness, and scalability of the firmware security defect detection method. Finally, future research in IoT firmware vulnerability security detection is prospected. Reference | Related Articles | Metrics

Select

On the Right to Erasure of Personal Information: Characteristics,  Dilemmas and Improvement Paths —From the Perspective of COVID19 Prevention and Control Journal of Information Security Reserach    2023, 9 (4): 356-.   Abstract （202）      PDF （1078KB）（94）       Knowledge map    Save The right to erasure of personal information is an important right enjoyed by individuals in the process of processing personal information under the Personal Information Protection Law. The right to erasure of personal information is both public and private law attributes. From the nature of the public health emergency of the COVID19 and the relevant normative documents issued by China during the epidemic prevention and control period, it can be seen that the current social state can be equivalent to a state of emergency in essence. In this social context, identifying the right to erasure of personal information as a right in public law can effectively play the role of defense and objective law, and then protect the rights and interests of personal information through the protection obligation of public power. Under such logical path, through the establishment of the model of “requested by individualnoticed by power”, the use of the government information disclosure system to disclose personal information processing standards to improve the system design of the right to erasure of personal information, to solve the problems of high cost of exercising rights by COVID19 infected persons and difficulty in performing the obligations of personal information processors in practice. Reference | Related Articles | Metrics

Select

Research and Thinking on the Technical Framework of Data Security  in the Field of Transportation Journal of Information Security Reserach    2022, 8 (11): 1092-.   Abstract （201）      PDF （1237KB）（554）       Knowledge map    Save In recent years, in the continuous advancement of the construction of “digital government”, the “data gap” and “data island” between government departments have been gradually broken. As the core resource of digital government, data is an important driving force for national development，and also the most valuable core asset. With the largescale aggregation, integration and sharing of various data resources, a series of data securityrelated problems have emerged. For example, due to the high concentration of data, data is more likely to become the target of attacks, and a large number of illegal operations by internal personnel lead to data tampering and greatly increase. In order to solve the problem of data security in the field of transportation, this paper makes an indepth analysis of the main challenges of data security in the field of transportation technology and transportation, and proposes to create an “overall technical architecture of data security management and control”, and focuses on thinking and discussing the full life cycle security of data and data security operation    in the field of transportation. Data security management is not within the scope of this paper. Reference | Related Articles | Metrics

Select

Journal of Information Security Reserach    2022, 8 (9): 863-.   Abstract （198）      PDF （1580KB）（137）       Knowledge map    Save Firstly, this paper proposes a generalized concept of privacy preserving computing from the perspective of technology essence with an open concept, that is, privacy preserving computing can be understood as a computing paradigm that correctly realizes the computing goal under the premise of effectively protecting sensitive information. Then, based on five party architecture model of cyberidentity authentication, aiming at the protection level of sensitive information in the two links of identity issuance and identity authentication, a hierarchical method of privacy preserving computing in cyberidentity authentication is proposed. Finally, the privacy preserving computing level analysis of three kinds of mainstream cyberidentity authentication mechanisms of smart key, static password and biometrics is performanced, and targeted improvement schemes are proposed for nonprivacy preserving computing identity authentication mechanisms that do not meet the requirements of privacy preserving computing level. Related Articles | Metrics

Select

A Survey of Data Security Sharing Technology Development and  Its Application in Power Domain Journal of Information Security Reserach    2023, 9 (3): 208-.   Abstract （194）      PDF （2019KB）（168）       Knowledge map    Save The circulation, sharing and collaborative application of data elements are the core elements of data element market cultivation in the digital era, and data security sharing technology can effectively realize the secure sharing of data and avoid the phenomenon of “data silos” and privacy leakage. This paper presents a comprehensive review of the latest research achievements and progress of data security sharing technologies in this field. First of all, we outline the development and evolution of data security sharing technologies, and then compare and analyze existing data security sharing solutions in terms of technical features, problem solving, advantages and disadvantages, and summarize the key technologies they rely on and the risks and challenges they face. Secondly, we discuss the application of data security sharing technologies in typical scenarios in the energy and power fields, such as power energy trading, power internet of things, and electric vehicles, providing new ideas and insights for data compliance and governance in the energy and power fields. Finally, the future research directions and development prospects of data security sharing technology applications in the energy and power domain are foreseen. Reference | Related Articles | Metrics

Select

Research on Data Transfer Security Model of Digital Twin City  Big Data Platform Journal of Information Security Reserach    2023, 9 (1): 48-.   Abstract （192）      PDF （3862KB）（142）       Knowledge map    Save The digital twin city big data platform can promote the aggregation of smart city data resources, comprehensively promote the cross domain integration application of government data and social data, open up data circulation channels, avoid isolated islands, and innovate the open system of data management, sharing and data transaction service system. This paper proposes a big data flow security framework based on city big data platform, aiming at the security difficulties in the process of digital twin city data flow, such as various data formats involved in city big data platform data sources, diverse application data exchange requirements, complex system permission system, uncontrollable cross domain extension and so on, According to the time and space dimensions of data security flow cycle and data governance security domain, the data security flow system is constructed to solve the security problems of multisource heterogeneous, cross network and cross platform exchange and sharing of digital twin city data. Reference | Related Articles | Metrics

Select

Digital Identity Construction in Various Countries and Development  Path of TDI in China Journal of Information Security Reserach    2022, 8 (9): 858-.   Abstract （190）      PDF （771KB）（145）       Knowledge map    Save Related Articles | Metrics

Select

Construction of a Trusted Authentication Platform Journal of Information Security Reserach    2022, 8 (9): 888-.   Abstract （189）      PDF （2810KB）（138）       Knowledge map    Save Along with the development of the digital society, cyberspace and real society have been integrated to a high degree. The frequent occurrence of personal identity information leakage and cybercrime indicates that traditional identity authentication methods can no longer meet the needs of cyberspace security and identity management. Based on the identity management characteristics of China, this paper proposes a trusted identity authentication service platform with statutory identity documents as the root of trust. This platform can realize the integration of identity management online and offline, help build trusted identity management and service system in China's cyberspace, and ensure the sustained and healthy development of the digital economy. Reference | Related Articles | Metrics

Select

Application of Blockchain Technology in Government Affairs Journal of Information Security Reserach    2022, 8 (12): 1223-.   Abstract （186）      PDF （3627KB）（177）       Knowledge map    Save As one of the new generation information technologies, blockchain has great technical advantages in promoting data sharing and utilization, optimizing business process links, improving multiparty collaboration efficiency, reducing overall operating costs, establishing a trusted ecosystem, etc., which provides a new paradigm of capabilities for realizing trusted circulation and sharing of egovernment business data, security asset information protection, and cross departmental collaborative supervision. This paper has designed a new blockchain technology architecture system. By building a blockchain service center, a government application chain service platform and a government security chain service platform, multiple pilot applications have been enabled in the province to achieve the inventory, connection, and standardized management of business and multi chain data resources, forming a basic “data asset” management system. Reference | Related Articles | Metrics

Select

Research and Practice on Data Security Compliance Check  Technology for Operators Journal of Information Security Reserach    2023, 9 (7): 643-.   Abstract （184）      PDF （889KB）（130）       Knowledge map    Save In the context of the development of the global digital economy, data has become an important asset for enterprises. China positions data as one of the national basic strategic resources and innovative elements of social production. In recent years, the proliferation of ransomware attacks from hackers has posed a significant risk of data leakage to enterprise data security management. Secondly, unconscious data-sharing operations by employees during the production process are also an important way for enterprise data asset leakage. With the promulgation of the Data Security Law, regulatory agencies have made data security reviews a part of the industry security inspections for operators. Therefore, based on regulatory compliance, research and practice related inspection technologies to help operators enhance their security inspection capabilities, ensure data security, and meet the needs of compliance regulation and business development. Reference | Related Articles | Metrics

Select

Research on Artificial Intelligence Data Falsification Risk  Based on GPT Model Journal of Information Security Reserach    2023, 9 (6): 518-.   Abstract （181）      PDF （1887KB）（164）       Knowledge map    Save The rapid development and application of artificial intelligence technology have led to the emergence of AIGC (Artificial Intelligence Generated Context), which has significantly enhanced productivity. ChatGPT, a product that utilizes AIGC, has gained popularity worldwide due to its diverse application scenarios and has spurred rapid commercialization development. This paper takes the artificial intelligence data forgery risk as the research goal, takes the GPT model as the research object, and focuses on the possible causes of data forgery and the realization process by analyzing the security risks that have been exposed or appeared. Based on the offensive and defensive countermeasures of traditional cyberspace security and data security, the paper makes a practical study of data forgery based on model finetuning and speculates some data forgery utilization scenarios after the widespread commercialization of artificial intelligence. Finally, the paper puts forward some suggestions on how to deal with the risk of data forgery and provides directions for avoiding the risk of data forgery before the largescale application of artificial intelligence in the future. Reference | Related Articles | Metrics

Select

Challenges and Responses to Data Governance in China Journal of Information Security Reserach    2023, 9 (7): 612-.   Abstract （179）      PDF （924KB）（154）       Knowledge map    Save At present, data can hold a substantial value in promoting economic and social development, and possess important strategic significance. Data governance has also been a significant topic and practical direction in the development of China’s digital economy and the construction of Digital China. By analyzing the difficulties in the following aspects of data rights confirmation, data security, data compliance, and data circulation, the institutional dilemmas and practical issues faced by data governance are being clarified. And a comprehensive approach for data governance has also been proposed, including protecting data rights and interests, strengthening compliance guidance, stimulating the vitality of the data market, and promoting technological empowerment. It is expected to advance the process of data governance in China. Reference | Related Articles | Metrics

Select

A Comparative Study of the Ways of Personal Information Protection Journal of Information Security Reserach    2023, 9 (2): 146-.   Abstract （178）      PDF （1172KB）（111）       Knowledge map    Save From the perspective of cultural comparison, different countries or regions have different ways of protecting citizens’ personal information. However, in the age of information, influenced by the sociality and sharing characteristics of information, the goals and tendencies of personal information protection mode show similarities. In China newly published “Personal Information Protection Law of the People’s Republic of China”(PIPL), the national security oriented thinking is still in an important position. In the process of review, it is faced with the discretion and choice of the protection or utilization of personal information. Referring to the beneficial experience of other countries and combining with China’s local conditions, when reviewing and interpreting the PIPL, China should take public interest as the standard to protect personal information rights and interests or promote utilization of information, recognize the nature of information, build the mechanism of data sharing and circulation, incorporate the principle of trust into the personal information protection law, and propose China’s scheme on personal information protection approach. Reference | Related Articles | Metrics

Select

Research on Privacy Protection Technology in Federated Learning Journal of Information Security Reserach    2024, 10 (3): 194-.   Abstract （178）      PDF （1252KB）（205）       Knowledge map    Save In federated learning, multiple models are trained through parameter coordination without sharing raw data. However,  the extensive parameter exchange in this process renders the model vulnerable to threats not only from external users but also from internal participants. Therefore, research on privacy protection techniques in federated learning is crucial. This paper introduces the current research status on privacy protection in federated learning. It classifies the security threats of federated learning into external attacks and internal attacks.Based on this classification,  it summarizes external attack techniques such as model inversion attacks, external reconstruction attacks, and external inference attacks, as well as internal attack techniques such as poisoning attacks, internal reconstruction attacks, and internal inference attacks. From the perspective of attack and defense correspondence, this paper summarizes data perturbation techniques such as central differential privacy, local differential privacy, and distributed differential privacy, as well as process encryption techniques such as homomorphic encryption, secret sharing, and trusted execution environment. Finally, the paper analyzes the difficulties of federated learning privacy protection technology and identifies the key directions for its improvement. Reference | Related Articles | Metrics