Most Read articles

    Published in last 1 year |  In last 2 years |  In last 3 years |  All

    In last 3 years
    Please wait a minute...
    For Selected: Toggle Thumbnails
    Overview of Data Security Governance at Home and Abroad
    Journal of Information Security Reserach    2021, 7 (10): 922-.  
    Abstract1268)      PDF (3579KB)(791)       Save
    With the rapid development of digital economy, privacy infringement, data leakage, platform monopoly, misinformation and other issues emerge one after another, increasingly becoming an important issue that threatens individual rights, industrial development and national security. This article, on the national policy and law level, sorts out four categories of data governance, that is, personal data protection, cross-border data flow regulation, data market governance, and data content management. Countries and regions like United States, European Union and China are the centers of global digital economy. This article summarizes their practices and experience in above-mentioned four categories, and on this basis, puts forward some suggestions on strengthening China's data security governance system and capacity building, that is, further improving the legal system to compete for the leadership of the digital economy, deeply participating in global data governance to enhance the international voice of rule-making, and strengthening support and oversight of new technologies and applications to seize new heights in digital economy governance.
    Reference | Related Articles | Metrics
    An Overview of Application and Technology of Artificial Intelligence in Cybersecurity
    Journal of Information Security Reserach    2022, 8 (2): 110-.  
    Abstract982)      PDF (1142KB)(742)       Save
    Compared with the developed countries, the basic research and technology application in the field of artificial intelligence in China started later, especially the application of artificial intelligence in the important field of network security. Domestic and abroad disparity is still very obvious, which seriously affects the improvement of China's cybersecurity capability. This paper elaborates the relationship between artificial intelligence, network attack and network defense, and widely investigates the application status of artificial intelligence in major information security companies at home and abroad. It points out that APT detection, 0day vulnerability mining and cloud security are three core areas that affect the level of cybersecurity capability, This paper deeply analyzes the key technologies of artificial intelligence technology applied in these three fields, and puts forward the safety risks of artificial intelligence technology, and points out that artificial intelligence technology is not a panacea for all diseases, This Paper provides a scientific reference for the further research and application of artificial intelligence technology in China's information security industry.
    Reference | Related Articles | Metrics
    Research on Data Classification and Grading Method Based on Data Security Law
    Journal of Information Security Reserach    2021, 7 (10): 933-.  
    Abstract887)      PDF (2157KB)(780)       Save
    The Data Security Law of the People's Republic of China (hereinafter referred to as the Data Security Law) has been formally promulgated, which clearly stipulates that the state establishes data classification and grading protection system, and implements classified and graded protection for data. However, at present, the relevant standards and specifications of data classification and grading in China are relatively lacking, and the practical experiences that can be used for reference in various industries are relatively insufficient. How to effectively implement the data classification and grading protection is still a thorny problem. Based on Article 21 of the Data Security Law, this paper analyzes the factors such as the influence object, influence breadth and influence depth after the data is damaged, puts forward the principles and methods of data classification and data grading, and gives an implementation path of data classification and grading according to the application scenarios and industry characteristics of the data, which provide a certain reference for data classification and grading protection of various industries.
    Reference | Related Articles | Metrics
    Current Situation, Analysis and Prospect of Cross Border Data Flow
    Wang Na, Gu Mianxue, Wu Gaofei, Zhang Yuqing, Cao Chunjie
    Journal of Information Security Reserach    2021, 7 (6): 488-495.  
    Abstract880)      PDF (1439KB)(483)       Save
    With the advent of the era of big data, the process of globalization is accelerated, the economic and political exchanges between countries become more frequent, the competition for data becomes more and more fierce, and the cross-border flow of data is inevitable. Although the European Union, the United States and other major international economies give priority to the deployment of cross-border data, which provides effective reference for different countries, with the increasingly urgent demand for cross-border data flow, the related issues of national security and personal data protection are gradually highlighted. First, by combing existing research works on cross-border data flow, starting from the concept of data cross-border, we summarize their advantages and disadvantages; then, starting from the core data security technology and regulatory mechanism, we systematically analyze and compare cross-border data current situation of the flow of multiple countries ; finally, based on the collation and summary of existing works, we discuss the shortcomings and challenges of China's existing data cross-border management system, put forward targeted suggestions and solutions, and look forward to the research and development trends in this field. 
    Reference | Related Articles | Metrics
    Review of Multi-Party Secure Computing Research
    Journal of Information Security Reserach    2021, 7 (12): 1161-.  
    Abstract675)      PDF (1190KB)(495)       Save
    With the rapid development of the Internet, data resources have become an important competitiveness of all industries. However, as the owners and users of data cannot beunified, problems such as data security and personal privacy become increasingly serious,resultingin the phenomenon of "data islands". Secure Multi-Party Computation (MPC)promises tosolve these problems by ensuring both privacy of data input and correctness of dataComputation, and by ensuring that data input from participating parties is not compromisedthrough protocols without third parties. Based on the definition and characteristics ofmulti-party secure computing, this paper introduces the research status, component model andapplication scenarios of multi-party secure computing.
    Reference | Related Articles | Metrics
    Digital Currency Money Laundering Model and Tracking Analysis
    Journal of Information Security Reserach    2021, 7 (10): 977-.  
    Abstract602)      PDF (2085KB)(167)       Save
    Money laundering activities have evolved from a traditional model of Underground Bank to the new model such as "Fourth-Party Payment", along with the rising of the emerging digital currency, which has brought huge challenges to crime investigations, and also caused damage to the social financial system. In view of lack of supervision on the application installation of the digital currency system, lack of supervision on the digital currency transactions, as well as the anonymity of digital currency transactions, we put forward the key channels to solve the problems. This article describes the realization of obtaining real-name of digital wallet addresses, identifying digital exchange addresses, and how to establish evidence of digital currency transactions. In order to figure out the data visualization and address tagging display in the process of digital currency trading, provide clear flow tracking graphics of digital currency trading process for staff in case handling, identify the digital currency exchange, determine if it is able to retrieve evidence from that digital currency exchange, which will significantly improve work efficiency on money laundering crime investigation.
    Reference | Related Articles | Metrics
    Computing Force Network Security Architecture and Data Security Governance Technology
    Journal of Information Security Reserach    2022, 8 (4): 340-.  
    Abstract596)      PDF (2657KB)(434)       Save
    As a new information infrastructure which provides deep integration of computing force and network services, computing force network (CFN) provides important support for national cyber power, digital China and smart society. At present, the planning and construction of CFN has entered a critical period, and the work related to CFN security is gradually advancing, but the systematic security architecture has not been formed. This paper summarizes the relevant research progress of CFN, analyzes the security opportunities and challenges faced by CFN, and proposes a security reference architecture based on sorting out the key security technologies, so as to provide a reference for promoting the construction of CFN security system and deploying CFN security mechanism.Key words computing force network; new information infrastructure; security reference architecture; orchestration security; privacy computation; data security; artificial intelligence
    Related Articles | Metrics
    On the Exploration and Prospect of the Development Path of  Cyberspace Trusted Identity in China
    Journal of Information Security Reserach    2022, 8 (12): 1236-.  
    Abstract560)      PDF (1941KB)(99)       Save
    Reference | Related Articles | Metrics
    Research on the Application of Commercial Cryptography in 5G Network
    Journal of Information Security Reserach    2023, 9 (4): 331-.  
    Abstract528)      PDF (1197KB)(299)       Save
    As a new generation of mobile communication network infrastructure, 5G application scenarios run through all aspects of production and life, such as industrial Internet, energy industry, transportation, medical industry and education. However, unprecedented security risks have been brought to 5G networks, including massive terminal access, largescale network deployment, and massive data aggregation. 5G security has gradually become a worldwide research trend in recent years since it is crucial to social development, economic operation, and even national security. Cryptography is the core technology and basic support to assure network and information security. After more than ten years of development, national commercial cryptographic algorithms ZUC, SM4, SM3, SM2, whose independent intellectual property rights are available, have gradually exerted more indispensable effects in maintaining the security of national cyberspace. Starting from the 5G network architecture and interfaces, this paper analyzes the underlying security risks faced by the 5G networks and proposes a corresponding solution as an example in terms of the commercial cryptography application practices of the 5G network.
    Reference | Related Articles | Metrics
    ChatGPT’s Applications, Status and Trends in the Field of Cyber Security
    Journal of Information Security Reserach    2023, 9 (6): 500-.  
    Abstract514)      PDF (2555KB)(461)       Save
    ChatGPT, as a large language model technology, demonstrates extremely strong language understanding and text generation capabilities. It has not only attracted tremendous attention across various industries but also brought new transformations to the field of cybersecurity. Currently, research on ChatGPT in the cybersecurity field is still in its infancy. To help researchers systematically understand the research status of ChatGPT in cybersecurity, this paper provides the first comprehensive summary of ChatGPT’s applications in the field of cybersecurity and potential accompanying security issues. The article first outlines the development of large language model technologies and briefly introduces the technology and features of ChatGPT. Then, it discusses the enabling effects of ChatGPT in the cybersecurity field from two perspectives: assisting attacks and assisting defense. This includes vulnerability discovery, exploitation and remediation, malicious software detection and identification, phishing email generation and detection, and potential use cases in security operations scenarios. Furthermore, the article delves into the accompanying risks of ChatGPT in the cybersecurity field, including content risks and prompt injection attacks, providing a detailed analysis and discussion of these risks. Finally, the paper looks into the future of ChatGPT in the cybersecurity field from the perspectives of security enablement and accompanying security, pointing out the direction for future research on ChatGPT in the cybersecurity domain.
    Reference | Related Articles | Metrics
    Research on Security Technologies in Data Security Governance
    Journal of Information Security Reserach    2021, 7 (10): 907-.  
    Abstract512)      PDF (1444KB)(356)       Save
     In recent years, the data-centric digital economy has been developed rapidly and its proportion in GDP continuously increase. However, behind the development, data security incidents occur frequently, and data security issues have attracted much attention. Under the background that data is regarded as a factor of production, data security governance with the goals of standardizing data processing activities, improving data security capabilities, and building a healthy data ecology is the key to make the data industry continue to develop. Though the "Data Security Law of the People’s Republic of China" provides direction for data security governance, the implementation of data security governance also requires corresponding technologies. In this paper, we introduce the basic concepts of data security, propose the data life cycle for data security governance, and study the applicable technologies at each stage of the data life cycle. After that, under the guidance of privacy protection and data ownership, we respectively introduce two technical routes of data security governance. Finally, we propose the ideas of data security governance.
    Reference | Related Articles | Metrics
    Open Source Software Vulnerability DataBase Overview
    Journal of Information Security Reserach    2021, 7 (6): 566-574.  
    Abstract500)      PDF (2349KB)(410)       Save
     In recent years, with the continuous shortening of the software development cycle, a large number of open source code is used in modern software projects, and software developers tend to focus only on the security of the part of the project code they are responsible for, and rarely pay attention to the security of the open source code used in the project, and it is difficult for users to correspond the vulnerability entries in the traditional vulnerability repository to the current software version. and existing vulnerabilities There are some differences between existing version control schemes and those of open source code, so a vulnerability repository that can accurately collect open source code vulnerability intelligence and precisely match vulnerabilities is essential. This paper first introduces the potential security challenges brought by the widespread use of open source code, then analyzes in detail the existing open source vulnerability repository platforms and conducts a comparative study of existing open source vulnerability databases from several dimensions, then gives the problems and challenges faced by the construction of current open source vulnerability databases, and finally gives some suggestions for building open source vulnerability databases.
    Reference | Related Articles | Metrics
    Data Security Governance Technology and Practice in Big Data Applications
    Journal of Information Security Reserach    2022, 8 (4): 326-.  
    Abstract489)      PDF (2139KB)(585)       Save
    The wide application of big data technology makes data burst into unprecedented value and vitality. However, due to the large amount of data, multiple data sources, and complex data access relationships, data security lacks refined and standardized management, and the importance of data security governance becomes increasingly prominent. By analyzing data security problems in existing big data applications and common pitfalls in data security governance, this paper puts forward the ideas, principles and methods of data security governance, and with classification and grading as the entry point, presents the technical architecture of data security governance. Finally, taking the big data platform as an example, presents the application practice of data security governance technology.
    Reference | Related Articles | Metrics
    Application of Penetration Testing for Industrial Control System Terminals
    Journal of Information Security Reserach    2023, 9 (4): 313-.  
    Abstract472)      PDF (3070KB)(154)       Save
    The security of industrial control system terminals is getting crucial with the development of the industrial Internet. How to conduct effective safety tests for industrial control system terminals has become a key problem to be studied and solved urgently. In this paper, the general process of penetration testing is firstly introduced, then the application of penetration testing for industrial control system terminals is examined using improper input validation vulnerability as an example. The method starts from information collection and penetration tools to deeply understand the system input verification. Then, during the stage of the vulnerability discovery, the modeling of the vulnerability to sensitive input is proposed, as well as the seed mutation pattern for the industrial control programs is designed. The experiment demonstrates the effectiveness of the proposed method and the vulnerability widely existed in the industrial control systems. This method also discovers the security threats such as data tampering, denial of service, permission access and malicious script injection caused by the input validation vulnerability. At last, this work provides security suggestions for industrial control network security protection and equipment protection.
    Reference | Related Articles | Metrics
    A Survey of Deep Face Forgery Detection
    Journal of Information Security Reserach    2022, 8 (3): 241-.  
    Abstract470)      PDF (2995KB)(362)       Save
    Video media has developed rapidly with the popularity of the mobile Internet in recent years. At the same time, face forgery technology has also made great progress with the development of computer vision. Face forgery technology can be adopted to make interesting short video applications, but due to characteristics such as high fidelity, easy and quick generation, its malicious use poses a great threat to social stability and information security. Therefore, how to detect fake videos of faces in the Internet has become an urgent problem to be solved. With the efforts of scholars in the world, forgery detection has also made great breakthroughs in recent years. Therefore, this review aims to summarize the existing forgery detection methods in detail. In particular, we first introduce the forgery detection data set, and then summarizes the existing methods from the aspects of forgery video trace, neural network architecture, temporal information of videos, face identity information, and generalization of detection algorithms. Then we compare and analyze their corresponding detection results. Finally, we summarize the research directions and existing problems of deep forgery detection and discusses the challenges and development trends, providing reference for relevant research. 
    Reference | Related Articles | Metrics
    Intelligent and Connected Vehicle Safety Review
    Journal of Information Security Reserach    2021, 7 (6): 558-565.  
    Abstract451)      PDF (1924KB)(302)       Save
    The organic combination of Internet of Vehicles and intelligent vehicles has produced Intelligent connected vehicle. Intelligent connected vehicle realizes the information exchange of people, vehicles and roads through on-board sensing system and information terminal, which is based on emerging technologies such as artificial intelligence and 5G communication technology. However, while the manufacturers integrate the emerging intelligent network technology into the car to bring convenience, rapidity, intelligence and comfort to customers, there are also many information security problems. This paper first introduces the booming trend of intelligent connected vehicles and the increasing security issues. While giving the definition and architecture of intelligent connected vehicles, the relationship between “intelligence” and “connected” and the differences in technical routes at home and abroad are compared. The current security threats faced by intelligent connected vehicles are summarized and analyzed. Combined with the technical architecture differences between intelligent connected vehicles and traditional vehicles, the attacks are divided into two categories: traditional attacks and new attacks, and the corresponding security defense countermeasures for each attack are given.Finally, the current research status of intelligent connected vehicles safety is summarized, and suggestions for the research direction of the current environment are put forward.

    Reference | Related Articles | Metrics
    The Research on Artificial Intelligence Law of European Union in 2021
    Journal of Information Security Reserach    2022, 8 (2): 117-.  
    Abstract417)      PDF (860KB)(157)       Save
    At present, the global digital economy is gradually moving towards a new stage of intelligent economy with artificial intelligence (AI) as the core driving force. With the wide application of AI technology in various industries, it not only injects new momentum into economic and social development, but also brings a series of rules and regulatory problems. In April 2021, the European Union issued the proposal of Artificial Intelligence Law, which proposed the unified AI regulatory rules, aiming to limit the potential risks and adverse effects brought by the development of AI technology from the national legal level, so as to further strengthen the technological application innovation of AI technology on the basis of conforming to European values and basic rights and make Europe become a trusted global AI center. The proposal is the first AI control law of the world. The study of its content and innovations has important reference significance for the formulation of AI and other digital technology governance programs of China.
    Reference | Related Articles | Metrics
    Analysis of the National College Student Information Security Project Competition from the Perspective of Award-winning Data
    Journal of Information Security Reserach    2021, 7 (6): 575-588.  
    Abstract407)      PDF (5052KB)(238)       Save
    As an effective carrier of practical teaching, competitions focus on examining students' creative ability and practical ability, and are an important means to improve talent training ability. The National College Student Information Security Competition is currently the only competition in the field of cyberspace security that has been shortlisted for college discipline competitions. It has been held for 13 sessions since 2008. This article will take the work competition as an example, through the collection, processing and statistics of recent competition information and award-winning data, for the first time to analyze the information security competition. By digging the hidden information and laws behind the winning data of the competition, exploring the internal connection between the topic selection direction of the winning works and the development and demand of security technology, we hope to provide theoretical and data references for colleges and students participating in such information security competitions in the future.
    Reference | Related Articles | Metrics
    Cyberspace governance in the new era
    Zhang Yuqing, Liu Qixu, Fu Anmin, Zhang Guanghua, Chen Benhui, Zhu Zhenchao, Feng Jingyu , Liu Yanxiao
    Journal of Information Security Reserach    2021, 7 (6): 486-487.  
    Abstract401)      PDF (479KB)(306)       Save
    Related Articles | Metrics
    5G Cyber Security Penetration Test Framework and Method
    Journal of Information Security Reserach    2021, 7 (9): 795-801.  
    Abstract394)      PDF (3678KB)(285)       Save
    5G network construction is in full swing. The high rate, massive coverage, and extremely low latency of 5G networks make the Internet of Everything possible and bring new opportunities and challenges to network information and security.5G will create new prospects for industry transformation and business models. 5G will be further applied to various vertical industries, such as smart driving, smart grid, and smart healthcare.The 5G architecture is different from the previous 2G/3G/4G architecture and deploy MEC near base stations, which greatly 
    increases security risks. As 5G constructs Internet of Everything scenarios, it faces more risks such as malicious attacks and information theft. This paper analyzes the weaknesses of the 5G network architecture and studies the security penetration framework in 5G networks and proposes the penetration framework of terminal side, RAN side, bearer side, MEC side and core network side.

    Reference | Related Articles | Metrics
    Key Points and Practice of Compliance Assessment for Government Data Security
    Journal of Information Security Reserach    2022, 8 (11): 1050-.  
    Abstract390)      PDF (719KB)(325)       Save
    With the development of digital government, the security of government data has become a crucial task. The state attaches great importance to the security risk prevention of government data, and has issued a series of laws, regulations and policy documents, which put forward clear requirements for strengthening the security management of government data. Based on the requirements of government data security compliance, this article proposes the evaluation method and index system of compliance assessment for government data security, which will provide reference for the manager of government data to carry out government data security compliance assessment.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (9): 856-.  
    Abstract387)      PDF (391KB)(260)       Save
    Related Articles | Metrics
    Real-time automatic detection and recognition of Internet of Things equipment based on flow fingerprint
    Journal of Information Security Reserach    2021, 7 (6): 543-549.  
    Abstract386)      PDF (1598KB)(296)       Save
    In recent years, with the rapid development of Internet of Things (IoT) technology, a large number of Internet of Things devices have emerged in the cyberspace, such as network printers, network cameras and routers. However, the network security situation is getting worse.  Large-scale network attacks initiated by terminal devices connected to the Internet frequently occur, causing a series of adverse effects, such as information leakage and personnel property damage.  Establishing a fingerprint generation system for IoT devices to accurately identify device types is of great significance to the unified security control of the IoT. We propose a real-time automatic detection and recognition solution for IoT devices based on traffic fingerprints. This solution contains two main modules, including automatic detection and fingerprint recognition.  First, passive listening is used to collect messages sent by different IoT devices. Based on the differences in the header fields of different devices, a series of multi-classification algorithms are used to identify the device type. Simulation experiments show that the scheme can achieve an average prediction accuracy of 93.75%.
    Reference | Related Articles | Metrics
    Secure Sharing Scheme of Sensitive Data Based on Blockchain
    Journal of Information Security Reserach    2022, 8 (4): 364-.  
    Abstract383)      PDF (2009KB)(345)       Save
    At present, blockchain technology mainly realized the protection and verification of data subjects in data sharing applications, and for sensitive data, it should also focus on the storage and supervision of user behavior and authorized information. In this regard, this paper proposes a blockchainbased secure sharing scheme for sensitive data: a basic environment for secure sharing and data verification is built through technologies such as consortium blockchain and interplanetary file system. Then the secure sharing of sensitive data, reliable storage of user’s behavior and reasonable supervision of authorized information can be realized by sensitive data storage and sharing algorithms. The system implementation and analysis show that the scheme can share all kinds of sensitive data securely, ensure the security of storage, access and authorization of sensitive data, and meet the needs of sensitive data sharing.
    Related Articles | Metrics
    The Analysis of National Security Risk in Open Source Software Supply Chain
    Journal of Information Security Reserach    2021, 7 (9): 790-794.  
    Abstract380)      PDF (742KB)(319)       Save
    Currently, open source software is widely used in network products, and open source has become an important part of the software supply chain, and its security and controllability issues have become increasingly prominent. Western countries' dominant advantages in open source organizations and open source project policies have a great impact on the security of china's corresponding network product supply chains. Starting from the cybersecurity review, this article combines the analysis results of the open source software code components to study and analyze the national security risks in the open source software supply chain,proposes suggestions for improving the safety management of open source software supply chain.
    Reference | Related Articles | Metrics
    Research and Design of Unified Platform for Vulnerability Management
    Journal of Information Security Reserach    2022, 8 (2): 190-.  
    Abstract380)      PDF (1069KB)(259)       Save
    With the development of the network technology, information security has been paid more and more attention. As one of the most frequently used attacking methods, security vulnerability has also been widely concerned. At present, Most of the organizations or enterprises rely on manual methods to manage vulnerabilities, and do not have unified tracking、 disposition、 display and analysis. These methods are not only inefficient, but also error-prone. A unified platform for vulnerability management was proposed, which allowed the automatic closed loop controlling of the life cycle of vulnerabilities. The platform integrated different vulnerability management capabilities into specific functional modules. General development languages and standards-based service interfaces were developed to allow integration of this platform with other infrastructure platform systems or network security tools. Practices show that, this platform can effectively improve the performance of the vulnerability management, and make vulnerability management to be centralized, streamlined and automated.
    Reference | Related Articles | Metrics
    Research on a New Generation Network Security Framework for Network Security Assurance of Major Event
    Journal of Information Security Reserach    2022, 8 (5): 492-.  
    Abstract370)      PDF (5642KB)(609)       Save
    Due to the open network environment,complex information system and widespread social concern, major event faces increasing network security risks. The traditional plugin network security protection is more and more difficult to adapt to the increasingly complex network security situation of major event. Based on the network security assurance work of 2022 Beijing Winter Olympic Games and 2022 Beijing Winter Paralympic Games, this paper systematically sorts out the main characteristics of network security assurance for major event, puts forward a new generation network security framework, and analyzes the structure, characteristics and models of the framework in detail. The “zero accident” in the network security assurance work of Beijing Winter Olympic Games and Beijing Winter Paralympic Games shows that the framework can effectively guide the network security assurance work for major event, and provides a successful model for network security assurance work for major event.
    Related Articles | Metrics
    Unified Authority Management Scheme in Zero Trust Architecture 
    Journal of Information Security Reserach    2021, 7 (11): 1047-.  
    Abstract368)      PDF (1922KB)(292)       Save
    Zero trust security architecture is subverting people's perception of enterprise security. Its main point is "continuous verification, never trust", which makes more requirements for the subject, object and time of authentication and authorization. This paper mainly discusses how to quickly achieve unified authority management and control under the background of zero trust from the perspective of authority management. Through the investigation and analysis of many enterprises, functional authority and data authority are the most common dimensions of authority management in enterprises. Based on this, we can design a set of universal and highly flexible unified authority platform, which is used to centrally manage the authority data of each enterprise information system, realize the efficient control of authority under the zero trust architecture, and ensure the data security and business security
    Reference | Related Articles | Metrics
    On the Evolution of Five Eyes Intelligence Alliance and Research on Its Countermeasures
    Journal of Information Security Reserach    2021, 7 (7): 646-651.  
    Abstract361)      PDF (934KB)(155)       Save
    "Five Eyes Intelligence Alliance" is the most exclusive intelligence sharing club in the world. The intelligence-sharing entity has established a huge monitoring and surveillance network all over the world, and collected various valuable intelligence, playing a huge role in responding to global threats, combating terrorism, and maintaining the hegemony of Western countries such as the United States. Through the declassified intelligence files of the United States in recent years and related research results at home and abroad, we try to clarify its historical context, evolution trends, and operating mechanisms, and analyze the internal and external influence factors of the alliance, so as to further deepen and enrich the intelligence network of our country The research provided by my country has provided reference and suggestions for our country to do a good job in countermeasures.
    Reference | Related Articles | Metrics
    Automated Vulnerability Mining and Attack Detection
    Journal of Information Security Reserach    2022, 8 (7): 630-.  
    Abstract361)      PDF (434KB)(302)       Save
    Related Articles | Metrics
    Research on Memorycorruption Vulnerability Defense Methods  Based on Memory Protection Technology
    Journal of Information Security Reserach    2022, 8 (7): 694-.  
    Abstract361)      PDF (1030KB)(176)       Save
    Since its outbreak of COVID19 in the world, the process of digital transformation has been further accelerated in all sectors around the world. With the increasing value of information assets, information security problems follow. Vulnerability attacks are the root cause of frequent security incidents in recent years. Vulnerability defense ability directly affects the security of the system. How to prevent vulnerability exploitation without patches has become an urgent need. Vulnerability exploitation defense has also become an important research content in the field of attack and defense confrontation of information security. This paper studies the binary memorycorruption vulnerability defense methods and puts forward a new method to deal with the increasing vulnerability attacks.Key words memory protection technology; memorycorruption vulnerability; network security; behavior monitoring; vulnerability defense; endpoint security
    Related Articles | Metrics
    Risk Challenge and Regulatory Research of Face Recognition Facing “Easy to Crack”
    Journal of Information Security Reserach    2021, 7 (10): 984-.  
    Abstract356)      PDF (868KB)(166)       Save
    The RealAI research team of Tsinghua University successfully cracked the face recognition of nineteen mobile in just fifteen minutes by using anti sample interference technology in the February of this year.These cracked mobile phones all use 2D face recognition. However apple mobile phone using 3D face recognition failed to crack. Now many domestic face recognition still use 2D face recognition because of the cost.So they face the risk of easy to be cracked.This paper mainly describes the basic principle and application of face recognition and it also analyzes the technical challenge and security risk of face recognition easy to be cracked. In response to the situation of face recognition easy to be cracked and create a benign ecological development environment of this industry, this paper also raises targeted regulatory research.
    Reference | Related Articles | Metrics
    Active Security Network Architecture——Network Safety Technology Based on Social Control Principles
    Journal of Information Security Reserach    2021, 7 (7): 590-597.  
    Abstract336)      PDF (1333KB)(311)       Save
    This article is the beginning of a series of articles on active safety network architecture. Since network security problems have root causes in terms of history, culture, technology, etc., it is necessary to start with the root causes in order to find a fundamental solution to solve network security problems well. Through the analysis of the development history and key elements of social control, and the analogy of social security with network security, it is found that network security problems can also be effectively solved by the method of social control principles. In the past, various network security protection theories such as OSI, PDR, P2DR, IATF, and plug-in security protection methods have a certain degree of complement in solving network security problems, and they have not solved network security problems fundamentally; instead, using the new network security protection concepts and methods of social control principles can establish A secure network architecture, make the network generate security capabilities endogenously, solve the fundamental problems of network security well, bring new security values such as main network security protection, unified management and control, and active defense, and significantly improve network security protection capabilities.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2023, 9 (E1): 105-.  
    Abstract332)      PDF (1450KB)(160)       Save
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (8): 734-.  
    Abstract325)      PDF (422KB)(275)       Save
    Related Articles | Metrics
    Study on security key issues and standards of 5G MEC
    Journal of Information Security Reserach    2021, 7 (5): 390-395.  
    Abstract324)      PDF (1792KB)(249)       Save
    This paper first introduces the logic architecture of 5G Multi-access Edge computing (MEC) system, puts forward the overall goal of MEC security, gives the 5G MEC security architecture, analyzes the key security issues of MEC infrastructure security, core network security, networking security, communication security, data security, terminal security, MEC platform security, MEC app security, management security in detail, and analyzes the security risks of key security issues, puts forward the corresponding solution. In addition, this paper also combs the 5G MEC security related international and domestic standards, Finally, the future work of MEC security is prospected. 
    Reference | Related Articles | Metrics
    A Survey on Threats to Federated Learning
    Journal of Information Security Reserach    2022, 8 (3): 223-.  
    Abstract317)      PDF (1579KB)(227)       Save
    At present, federated learning has been considered as an effective solution to solve data island and privacy protection. Its own security and privacy protection issues have attracted widespread attentions from industry and academia. The existing federated learning systems have been proven to have vulnerabilities. These vulnerabilities can be exploited by adversaries, whether within or without the system, to destroy data security.  Firstly, this paper introduces the concept, classification and threat models of federated learning in specific scenarios. Secondly, it introduces the confidentiality, integrity, and availability (CIA) model of federated learning. Then, it carries out a classification study on the attack methods that destroy the federated learning CIA model. Finally, it explores the current challenges and future research directions of federated learning CIA model.
    Reference | Related Articles | Metrics
    5G network risk assessment methods and practices
    Journal of Information Security Reserach    2021, 7 (5): 466-475.  
    Abstract313)      PDF (1935KB)(202)       Save
    Based on the discrete characteristics of the high-level risks of 5G networks, this article provides a 5G network risk assessment model based on the general risk management framework of ISO 27005. Through the analysis of the characteristics of 5G ecology, four ecological plane are proposed as the external context for risk analysis. Through the analysis of the characteristics of 5G technology, a structured risk analysis idea based on ICO integration is proposed, and the main high-level risks of 5G networks are analyzed based on this. The 5G security matrix is proposed as a countermeasure model for 5G network risks, and practical suggestions are given from the perspectives of trust system, assessment system, de-trust system, 5G security map, and continuous risk measurement and management. Finally, recommendations for security rating of key 5G components are made.
    Reference | Related Articles | Metrics
    Data Grading
    Journal of Information Security Reserach    2021, 7 (10): 969-.  
    Abstract312)      PDF (498KB)(443)       Save
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2023, 9 (3): 206-.  
    Abstract312)      PDF (513KB)(232)       Save
    Related Articles | Metrics