Most Download articles

    Published in last 1 year | In last 2 years| In last 3 years| All| Most Downloaded in Recent Month | Most Downloaded in Recent Year|
    In last 3 years
    Please wait a minute...
    For Selected: Toggle Thumbnails
    ChatGPT’s Applications, Status and Trends in the Field of Cyber Security
    Journal of Information Security Reserach    2023, 9 (6): 500-.  
    Abstract907)      PDF (2555KB)(717)       Save
    ChatGPT, as a large language model technology, demonstrates extremely strong language understanding and text generation capabilities. It has not only attracted tremendous attention across various industries but also brought new transformations to the field of cybersecurity. Currently, research on ChatGPT in the cybersecurity field is still in its infancy. To help researchers systematically understand the research status of ChatGPT in cybersecurity, this paper provides the first comprehensive summary of ChatGPT’s applications in the field of cybersecurity and potential accompanying security issues. The article first outlines the development of large language model technologies and briefly introduces the technology and features of ChatGPT. Then, it discusses the enabling effects of ChatGPT in the cybersecurity field from two perspectives: assisting attacks and assisting defense. This includes vulnerability discovery, exploitation and remediation, malicious software detection and identification, phishing email generation and detection, and potential use cases in security operations scenarios. Furthermore, the article delves into the accompanying risks of ChatGPT in the cybersecurity field, including content risks and prompt injection attacks, providing a detailed analysis and discussion of these risks. Finally, the paper looks into the future of ChatGPT in the cybersecurity field from the perspectives of security enablement and accompanying security, pointing out the direction for future research on ChatGPT in the cybersecurity domain.
    Reference | Related Articles | Metrics
    Research and Thinking on the Technical Framework of Data Security  in the Field of Transportation
    Journal of Information Security Reserach    2022, 8 (11): 1092-.  
    Abstract267)      PDF (1237KB)(666)       Save
    In recent years, in the continuous advancement of the construction of “digital government”, the “data gap” and “data island” between government departments have been gradually broken. As the core resource of digital government, data is an important driving force for national development,and also the most valuable core asset. With the largescale aggregation, integration and sharing of various data resources, a series of data securityrelated problems have emerged. For example, due to the high concentration of data, data is more likely to become the target of attacks, and a large number of illegal operations by internal personnel lead to data tampering and greatly increase. In order to solve the problem of data security in the field of transportation, this paper makes an indepth analysis of the main challenges of data security in the field of transportation technology and transportation, and proposes to create an “overall technical architecture of data security management and control”, and focuses on thinking and discussing the full life cycle security of data and data security operation    in the field of transportation. Data security management is not within the scope of this paper.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2023, 9 (E2): 4-.  
    Abstract75)      PDF (2945KB)(594)       Save
    Related Articles | Metrics
    Research on Network Security Governance and Response of  Largescale AI Model
    Journal of Information Security Reserach    2023, 9 (6): 551-.  
    Abstract458)      PDF (1101KB)(433)       Save
    With the continuous development of artificial intelligence technology, largescale AI model technology has become an important research direction in the field of artificial intelligence. The publication of ChatGPT4.0 and ERNIE Bot has rapidly promoted the development and application of this technology. However, the emergence of largescale AI model technology has also brought new challenges to network security. This paper will start with the definition, characteristics and application of largescale AI model technology, and analyze the network security situation under largescale AI model technology. The network security governance framework of largescale AI model is proposed, and the given steps can provide reference for network security work of largescale AI model.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2023, 9 (6): 498-.  
    Abstract347)      PDF (472KB)(427)       Save
    Related Articles | Metrics
    Journal of Information Security Reserach    2023, 9 (3): 206-.  
    Abstract589)      PDF (513KB)(391)       Save
    Related Articles | Metrics
    Key Points and Practice of Compliance Assessment for Government Data Security
    Journal of Information Security Reserach    2022, 8 (11): 1050-.  
    Abstract453)      PDF (719KB)(386)       Save
    With the development of digital government, the security of government data has become a crucial task. The state attaches great importance to the security risk prevention of government data, and has issued a series of laws, regulations and policy documents, which put forward clear requirements for strengthening the security management of government data. Based on the requirements of government data security compliance, this article proposes the evaluation method and index system of compliance assessment for government data security, which will provide reference for the manager of government data to carry out government data security compliance assessment.
    Reference | Related Articles | Metrics
    Research on the Application of Commercial Cryptography in 5G Network
    Journal of Information Security Reserach    2023, 9 (4): 331-.  
    Abstract645)      PDF (1197KB)(376)       Save
    As a new generation of mobile communication network infrastructure, 5G application scenarios run through all aspects of production and life, such as industrial Internet, energy industry, transportation, medical industry and education. However, unprecedented security risks have been brought to 5G networks, including massive terminal access, largescale network deployment, and massive data aggregation. 5G security has gradually become a worldwide research trend in recent years since it is crucial to social development, economic operation, and even national security. Cryptography is the core technology and basic support to assure network and information security. After more than ten years of development, national commercial cryptographic algorithms ZUC, SM4, SM3, SM2, whose independent intellectual property rights are available, have gradually exerted more indispensable effects in maintaining the security of national cyberspace. Starting from the 5G network architecture and interfaces, this paper analyzes the underlying security risks faced by the 5G networks and proposes a corresponding solution as an example in terms of the commercial cryptography application practices of the 5G network.
    Reference | Related Articles | Metrics
    A Survey of SQL Injection Attack Detection and Defense Technology
    Journal of Information Security Reserach    2023, 9 (5): 412-.  
    Abstract501)      PDF (2612KB)(366)       Save
    In the era of “Internet+”, data is the most valuable resource of the Internet. Attackers often use SQL injection attacks to destroy the database in order to obtain important data information in the database. The threat to database security is becoming more and more serious. At present, the research on SQL injection attacks mostly focuses on traditional SQL injection attacks, but lacks the cognition of new advanced SQL injection technology with stronger concealment and higher risk, and the research on related detection and defense technology. In response to this phenomenon, this paper analyzes and evaluates traditional and advanced SQL injection attack technologies and their technical characteristics based on the classification of SQL injection technologies; summarizes existing detection and defense technologies, and evaluates the advantages and disadvantages of these methods for defense effectiveness; finally The problems existing in the current research field are sorted out, and suggestions for future research directions are put forward.

    Reference | Related Articles | Metrics
    Automated Vulnerability Mining and Attack Detection
    Journal of Information Security Reserach    2022, 8 (7): 630-.  
    Abstract459)      PDF (434KB)(363)       Save
    Related Articles | Metrics
    Data Security Governance Practices
    Journal of Information Security Reserach    2022, 8 (11): 1069-.  
    Abstract440)      PDF (5897KB)(355)       Save
    Data security governance has been written into the Data Security Law of the People’s Republic of China. At the same time, data security governance is also one of the key points in the construction of systematic network security. This paper analyzes the data security governance concepts of Gantner and Microsoft, combines enterprise architecture, stakeholder theory, data flow security assessment, maturity security assessment and other methodologies, forms a set of data security governance concepts, and designs a data security management and operation platform for dynamic supervision and data security operation of data security governance indicators. Since 2018, this methodology and platform have been put into practice in the project to solve the construction and optimization of users’ data management and defense system.
    Reference | Related Articles | Metrics
    Towards a Privacy-preserving Research for AI and Blockchain Integration
    Journal of Information Security Reserach    2023, 9 (6): 557-.  
    Abstract637)      PDF (1307KB)(339)       Save
    With the widespread attention and application of artificial intelligence (AI) and blockchain technologies, privacy protection techniques arising from their integration are of notable significance. In addition to protecting the privacy of individuals, these techniques also guarantee the security and dependability of data. This paper initially presents an overview of AI and blockchain, summarizing their combination along with derived privacy protection technologies. It then explores specific application scenarios in data encryption, deidentification, multitier distributed ledgers, and kanonymity methods. Moreover, the paper evaluates five critical aspects of AIblockchainintegration privacy protection systems, including authorization management, access control, data protection, network security, and scalability. Furthermore, it analyzes the deficiencies and their actual cause, offering corresponding suggestions. This research also classifies and summarizes privacy protection techniques based on AIblockchain application scenarios and technical schemes. In conclusion, this paper outlines the future directions of privacy protection technologies emerging from AI and blockchain integration, including enhancing efficiency and security to achieve more comprehensive privacy protection of AI privacy.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (8): 734-.  
    Abstract436)      PDF (422KB)(336)       Save
    Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (8): 751-.  
    Abstract309)      PDF (2071KB)(335)       Save
    ATT&CK framework, as an attack perspective framework of network security in recent years, has attracted extensive research in the industry. This paper introduces the existing network security evaluation and detection technologies based on ATT&CK framework, and gives its own research results on this basis. In terms of evaluation, an automatic evaluation system based on ATT&CK framework is proposed. In terms of detection, the data source standardization method, attack analysis framework and attack chain analysis framework based on knowledge graph which are required by detection based on ATT&CK framework are proposed. This paper provides specific idea and implementation scheme for the application of ATT&CK framework in network security evaluation and detection.

    Related Articles | Metrics
    Research on Content Detection Generated by Large Language Model  and the Mechanism of Bypassing
    Journal of Information Security Reserach    2023, 9 (6): 524-.  
    Abstract504)      PDF (1924KB)(333)       Save
    In recent years, there has been a surge in the development of large language models. AI robots like ChatGPT, although they have a largescale security confrontation mechanism inside, attackers can still elaborate questionandanswer patterns to bypass the mechanism, with their help to automatically produce phishing emails and carry out network attacks. In this case, how to identify the text generated by AI robots has also become a hot issue. In order to carry out LLMgenerated content detection experiment, our team collected a certain number of questionandanswer data samples from an Internet social platform and ChatGPT platform, and proposed a series of detection strategies according to different conditions of AI text availability. It includes text similarity analysis based on online controllable AI samples, text data mining based on statistical differences under offline conditions, adversarial analysis based on the LLM generation method under the condition that AI samples are not available, and AI model analysis based on building a classifier by finetuning the target LLM model itself. We calculated and compared the detection capabilities of the analysis engine in each case. On the other hand, we give some antikill techniques against AI text detection engines based on the characteristics of detection strategies, from the perspective of network attack and defense.
    Reference | Related Articles | Metrics
    Research on the Application of Commercial Cryptography to Cloud Computing
    Journal of Information Security Reserach    2023, 9 (4): 375-.  
    Abstract366)      PDF (3447KB)(325)       Save
    Cloud computing, as a new information processing method, enables users to access information and communication resource services through the network, and it has become an inevitable trend in the development of information technology industry. Users, data, and information resources are highly concentrated, highly dependent on the continuity of cloud platform services, and the scalability of virtualized resources bring inevitable security risks to cloud computing., and the scalability of virtualized resources bring inevitable security risks to cloud computing. Therefore, how to eliminate the security risks of cloud computing by using commercial cryptography technology has become the current research hotspot. This paper starts from the cloud computing network architecture, anlyzes the cryptography application requirements of cloud computing. The paper proposes the corresponding commercial cryptography application scheme for cloud computing scenarios on this basis. The research results provide a theoretical guidance and reference for the application practice of commercial cryptography in cloud computing scenarios, and are expected to solve the key problems of cloud computing security.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2023, 9 (E1): 105-.  
    Abstract597)      PDF (1450KB)(325)       Save
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2024, 10 (E1): 236-.  
    Abstract383)      PDF (796KB)(306)       Save
    Reference | Related Articles | Metrics
    Security Risks and Countermeasures to Artificial Intelligence#br#
    #br#
    Journal of Information Security Reserach    2024, 10 (2): 101-.  
    Abstract223)      PDF (469KB)(304)       Save
    Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (8): 831-.  
    Abstract325)      PDF (719KB)(297)       Save
    At present, open source has become one of the best organizing methods for human superlargescale intellectual collaboration, and has also become the "main battlefield" of technological innovation, ushering in great development worldwide. At the same time, open source software has also become a mature target for software supply chain attacks, facing security vulnerabilities, intellectual property rights, open source regulation and other risks. This paper analyzes the current security situation and risks of open source software supply chain, puts forward open source software development security solutions, and puts forward suggestions for the development of open source software supply chain.
    Related Articles | Metrics
    Survey of Coverage-guided Grey-box Fuzzing
    Journal of Information Security Reserach    2022, 8 (7): 643-.  
    Abstract402)      PDF (1745KB)(294)       Save
    In recent years, coverageguided greybox fuzzing has become one of the most popular techniques for vulnerability mining, which plays an increasingly important role in the software security industry. With the increasing variety of application scenarios and complexity of test applications, the performance requirements of coverageguided greybox fuzzing are further improved. This paper studies the existing coverageguided greybox fuzzing methods, summarizes its general framework, and analyzes its challenges and the development status. The experimental results of these methods are summarized and the problems existing in the experimental evaluation are discussed. Finally, the future development trend of coverageguided greybox fuzzing is prospected.Key words fuzzing; hole mining; coverageguided; greybox; software security

    Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (9): 856-.  
    Abstract469)      PDF (391KB)(290)       Save
    Related Articles | Metrics
    Research on Privacy Protection Technology in Federated Learning
    Journal of Information Security Reserach    2024, 10 (3): 194-.  
    Abstract271)      PDF (1252KB)(289)       Save
    In federated learning, multiple models are trained through parameter coordination without sharing raw data. However,  the extensive parameter exchange in this process renders the model vulnerable to threats not only from external users but also from internal participants. Therefore, research on privacy protection techniques in federated learning is crucial. This paper introduces the current research status on privacy protection in federated learning. It classifies the security threats of federated learning into external attacks and internal attacks.Based on this classification,  it summarizes external attack techniques such as model inversion attacks, external reconstruction attacks, and external inference attacks, as well as internal attack techniques such as poisoning attacks, internal reconstruction attacks, and internal inference attacks. From the perspective of attack and defense correspondence, this paper summarizes data perturbation techniques such as central differential privacy, local differential privacy, and distributed differential privacy, as well as process encryption techniques such as homomorphic encryption, secret sharing, and trusted execution environment. Finally, the paper analyzes the difficulties of federated learning privacy protection technology and identifies the key directions for its improvement.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (6): 613-.  
    Abstract146)      PDF (3509KB)(283)       Save
    Edge service nodes have diversified service capabilities, and play an important role in improving the capability of data acquisition, communication, information awareness, command and control. To solve the problems of lack of security information sharing means and vulnerability of edge service nodes in a complex environment, an endogenous security blockchain network architecture composed of main chain, key chain and data chain is designed based on the DAG data structure in this paper, multipolicy security control techniques such as hardware private key storage, dynamic audit on the chain, data security transmission and network dynamic adjustment are adopted to establish a complete endogenous security mechanism for edge service nodes. Experiments show that the security mechanism in this paper can ensure the security of personnel, device, data storage, data access, data transmission, and data services, and form the basis of security for the industrial Internet.Key words edge service; blockchain; key chain; data security; dynamic audit

    Related Articles | Metrics
    Survey of Network Intrusion Detection Based on Deep Learning
    Journal of Information Security Reserach    2022, 8 (12): 1163-.  
    Abstract386)      PDF (2421KB)(276)       Save
    The rapid development of the Internet not only brings great convenience to users, but also causes many security incidents. With the increasing number of network attacks such as zeroday vulnerabilities and encryption attacks, the network security situation is becoming more and more serious. Intrusion detection is an important means of network attack detection. In recent years, with the continuous development of deep learning technology, intrusion detection system based on deep learning is gradually becoming a research hotspot in the field of network security. This paper introduces recent work on network intrusion detection using deep learning technology based on extensive investigation of literature. Firstly, it briefly summarizes the current network security situation and traditional intrusion detection technologies. Then, several deep learning models commonly used in network intrusion detection system are introduced. Then it summarizes the commonly used data preprocessing techniques, data sets and evaluation indicators in deep learning. Then from the perspective of practical application, it introduces the specific application of deep learning model in network intrusion detection system. Finally, the problems in the current research process are discussed, and the future development direction is put forward.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (8): 768-.  
    Abstract298)      PDF (1781KB)(273)       Save
    Docker is widely used in network application systems. However, there are not enough corresponding protection measures for the relatively low frequency but fatal escape problem. In order to reduce the harm of the docker escape problems, CFMAC (container based on fuzzy mandatory access control) model is proposed to reinforce the security of the Docker container. The model uses mandatory access control to restrict the attacker's access after Evasion Attacks. As well as, in order to solve the problem of hard to determine the entity security level and strong subjectivity in mandatory access control, fuzzy clustering analysis and risk matrix analysis are combined to divide the subject and object into three levels: secret, general and public, to intercept access and enter security verification by LSM(Linux security model). The test results show that the model can successfully restrict suspicious processes to access files.
    Related Articles | Metrics
    Research and Thinking on Data Classification and Grading of Important Information Systems#br#
    Journal of Information Security Reserach    2023, 9 (7): 631-.  
    Abstract271)      PDF (1882KB)(268)       Save
    With the development of information technology and networking, incidents surrounding data security are also increasing. The data as a new production factor, is particularly important to ensure the security of important data. The “Data Security Law of the People’s Republic of China” clearly stipulates that the country should establish a data classification and grading protection system to implement classification and grading protection for data. This paper will study China’s data safety management regulations and policies, analyze the the degree of impact and influening objects of data damage, propose specific data classification and grading methods, and provide security protection and governance measures under data classification and grading management based on the industry characteristics and application scenarios of government data. It will achieve the openness and sharing of the data under safety protection, and provide reference for the classification and classification protection of the data in the future.
    Reference | Related Articles | Metrics
    ChatGPT’s Security Threaten Research
    Journal of Information Security Reserach    2023, 9 (6): 533-.  
    Abstract296)      PDF (1801KB)(264)       Save
    With the rapid development of deep learning technology and natural language processing technology, the large language model represented by ChatGPT came into being. However, while showing surprising capabilities in many fields, ChatgPT also exposed many security threats, which aroused the concerns of academia and industry. This paper first introduces the development history, working mode, and training methods of ChatGPT and its series models, then summarizes and analyzes various current security problems that ChatGPT may encounter and divides it into two levels: user and model. Then, countermeasures and solutions are proposed according to the characteristics of ChatGPT at each stage. Finally, this paper looks forward to developing a safe and trusted ChatGPT and a large language model.
    Reference | Related Articles | Metrics
    Research on the Integration of Full Lifecycle Data Security Management and Artificial Intelligence Technology#br#
    Journal of Information Security Reserach    2023, 9 (6): 543-.  
    Abstract297)      PDF (1143KB)(260)       Save
    With data becoming a new production factor, China has elevated data security to a national strategic level. With the promotion of a new round of technological revolution and the deepening of digital transformation, the artificial intelligence technology has increasing development potential, and gradually empowers the field of data security management actively. Firstly, the paper introduces the concept and significance of data security lifecycle management, analyzes the security risks faced by data in various stages of the lifecycle, and further discusses the problems and challenges faced by traditional data security management technologies in the context of massive data processing and upgraded attack methods. Then, the paper introduces the potential advantages of artificial intelligence in solving these problems and challenges, and summarizes the current mature data security management technologies based on artificial energy and typical application scenarios. Finally, the paper provides an outlook on the future development trends of artificial intelligence technologies in the field of data security management. This paper aims to provide useful references for researchers and practitioners in the field of data security management, and promote the innovation and application of artificial intelligence in the field of data security management technology.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (6): 528-.  
    Abstract180)      PDF (2687KB)(259)       Save
    Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (8): 812-.  
    Abstract422)      PDF (4751KB)(254)       Save
    Because deep learning can freely extract and combine features, an increasing number of academics are using it to perform sidechannel attacks without taking into consideration preprocessing processes like choosing sites of interest and alignment. The sidechannel attack model based on deep learning is built with multilayer perceptron networks, convolution neural networks, and recurrent neural networks, but it has several issues in the training stage, such as overfitting, gradient disappearance, and sluggish convergence speed. Meanwhile, the selfattention mechanism is capable of extracting characteristics in natural language processing, computer vision, and other domains. To make the selfattentiveness mechanism accessible to the area of deep learning sidechannel attacks, we present SADLSCA, a deep learning sidechannel attack model based on the selfattentiveness mechanism, based on the features of deep learningbased sidechannel attacks. SADLSCA addresses the issues of fast overfitting, gradient disappearance, and slow convergence of deep learningbased sidechannel attack models during training, and experimentally verifies that the energy traces required for a successful attack on public datasets ASCAD and CHES CTF 2018 are reduced by 23.1% and 41.7%, respectively.
    Related Articles | Metrics
    Key Technologies and Research Prospects of Privacy Computing
    Journal of Information Security Reserach    2023, 9 (8): 714-.  
    Abstract348)      PDF (1814KB)(254)       Save
    Privacy computing, as an important technical means taking into account both data circulation and privacy protection, can effectively break the “data island” barriers while ensuring data security, it enables open data sharing, and promotes the deep mining and use of data and crossdomain integration. In this paper, the background knowledge, basic concepts and architecture of privacy computing were introduced, the basic concepts of three key technologies of privacy computing, including secure multiparty computation, federated learning and trusted execution environment were elaborated, and studies on the existing privacy security was conducted, a multidimensional comparison and summarization of the differences of the three key technologies were made. On this basis, the future research direction of privacy computing is prospected from the technical integration of privacy computing with blockchain, deep learning and knowledge graph.
    Reference | Related Articles | Metrics
    Research on Identity Authentication Technology Based on Block Chain and PKI
    Journal of Information Security Reserach    2024, 10 (2): 148-.  
    Abstract208)      PDF (1573KB)(254)       Save
    Public key infrastructure (PKI) is a secure system based on asymmetric cryptographic algorithm and digital certificate to realize identity authentication and encrypted communication, operating on the principle of  trust transmission based on trust anchor. However, this technology has the following problems: The CA center is unique and there is a single point of failure; The authentication process involves a large number of operations, such as certificate resolution, signature verification, and certificate chain verification. To solve the above problems, this paper builds an identity authentication model based on Changan Chain, and proposes an identity authentication scheme based on Changan Chain digital certificate and public key infrastructure. Theoretical analysis and experimental data demonstrate  that this scheme reduces certificate parsing, signature verification and other operations, simplifies the authentication process, and improves the authentication efficiency.
    Reference | Related Articles | Metrics
    A Survey of IoT Firmware Vulnerability Security Detection
    Journal of Information Security Reserach    2022, 8 (12): 1146-.  
    Abstract269)      PDF (1780KB)(252)       Save
    With the advent of the Internet of everything, the security issues of the IoT have become more and more important, especially the economic losses caused by security risks and attacks caused by firmware vulnerabilities in the IoT. Efficient firmware vulnerability detection technology has increasingly become the key to ensuring the security of IoT devices. Therefore, studying the methods and technologies related to firmware vulnerability security detection in the IoT has essential theoretical significance and practical value. This paper analyzes the reasons for the frequent security problems of IoT firmware, summarizes the main security threats faced by IoT firmware, and targets the firmware. Based on the challenges faced by vulnerability analysis, the existing firmware vulnerability detection methods are reviewed. Through the analysis of the advantages and disadvantages of different methods, it provides guidance for further improving the intelligence, precision, automation, effectiveness, and scalability of the firmware security defect detection method. Finally, future research in IoT firmware vulnerability security detection is prospected.
    Reference | Related Articles | Metrics
    Research for Zero Trust Security Model
    Journal of Information Security Reserach    2024, 10 (10): 886-.  
    Abstract279)      PDF (2270KB)(245)       Save
    Zero trust is considered a new security paradigm. From the perspective of security models, this paper reveals the deepening and integration of security models in zero trust architecture, with “identity and data” as the main focus. Zero trust establishes a panoramic control object chain with identity at its core, builds defenseindepth mechanisms around object attributes, functions, and lifecycles, and centrally redirects the flow of information between objects. It integrates information channels to achieve layered protection and finegrained, dynamic access control. Finally, from an attacker’s perspective, it sets up proactive defense mechanisms at key nodes in the information flow path. Since zero trust systems are bound to become highvalue assets, this paper also explores the essential issues of inherent security and resilient service capabilities in zerotrust systems. Through the analysis of the security models embedded in zerotrust and its inherent security, this paper aims to provide a clearer technical development path for the architectural design, technological evolution, and selfprotection of zero trust in its application.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2024, 10 (E2): 105-.  
    Abstract363)      PDF (929KB)(241)       Save
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (7): 715-.  
    Abstract243)      PDF (581KB)(241)       Save
    Building a digital government is an inevitable requirement to improve the efficiency of government governance under the background of the indepth development of informatization. Economic governance is an important part of government functions, which is directly related to the highquality development of economy and society. The construction of digital government is a systematic project, which is not a simple “government management+informatization”, nor “informatization+government management”. Coordinating the construction of digital government and the government's performance of economic governance function is an important prerequisite for consolidating the benign interaction between the two. To better serve economic governance, it is the key for digital government is to summarize successful experiences and cases, identify application scenarios and actively and steadily promote them, optimize functions and promote indepth integration in the process of meeting scenario needs.Key words digital government; government governance; macroeconomic governance; digitization; fuse
    Related Articles | Metrics
    A Survey of Data Security Sharing Technology Development and  Its Application in Power Domain
    Journal of Information Security Reserach    2023, 9 (3): 208-.  
    Abstract340)      PDF (2019KB)(240)       Save
    The circulation, sharing and collaborative application of data elements are the core elements of data element market cultivation in the digital era, and data security sharing technology can effectively realize the secure sharing of data and avoid the phenomenon of “data silos” and privacy leakage. This paper presents a comprehensive review of the latest research achievements and progress of data security sharing technologies in this field. First of all, we outline the development and evolution of data security sharing technologies, and then compare and analyze existing data security sharing solutions in terms of technical features, problem solving, advantages and disadvantages, and summarize the key technologies they rely on and the risks and challenges they face. Secondly, we discuss the application of data security sharing technologies in typical scenarios in the energy and power fields, such as power energy trading, power internet of things, and electric vehicles, providing new ideas and insights for data compliance and governance in the energy and power fields. Finally, the future research directions and development prospects of data security sharing technology applications in the energy and power domain are foreseen.
    Reference | Related Articles | Metrics
    Organizational Capacity Building of Government Data Security
    Journal of Information Security Reserach    2022, 8 (11): 1061-.  
    Abstract276)      PDF (1321KB)(239)       Save
    As the country pays more and more attention to data security, government data, as the core assets of the digital government in the new era, will involve not only personal information data of citizens, but also important data such as government agencies. Therefore, the security protection and protection capabilities of government data cannot be ignored. At present, domestic protection mechanisms and research on government data security are relatively lacking. This paper analyzes the risks brought by laws, regulations and policies, complex business scenarios and new technologies to government data. Combining the three security levels of security management, security technology and security operation of government data. This paper proposes a government data security organization capability framework that meets the security requirements of government data, providing ideas for the subsequent research on government data security assurance system.
    Reference | Related Articles | Metrics
    Malicious Client Detection and Defense Method for Federated Learning
    Journal of Information Security Reserach    2024, 10 (2): 163-.  
    Abstract408)      PDF (806KB)(239)       Save
    Federated learning allows participating clients to collaborate in training machine learning models without sharing their private data. Since the central server cannot control the behavior of clients, malicious clients may corrupt the global model by sending manipulated local gradient updates, and there may also be unreliable clients with low data quality but some value. To address the above problems, this paper proposes FedMDD,a defense approach for malicious client detection and defense for federated learning, to process detected malicious and unreliable clients in different ways based on local gradient updates, while defending against symbol flipping, additive noise, single label flipping, multilabel flipping, and backdoor attacks. Four baseline algorithms are compared for two datasets, and the experimental results show that FedMDD can successfully defend against various types of attacks in a training environment containing 50% malicious clients and 10% unreliable clients, with better results in both improving model testing accuracy and reducing backdoor accuracy.
    Related Articles | Metrics
Author Center
Review Center
京ICP备19004174号
Copyright © Journal of Information Security Reserach, All Rights Reserved.
Tel: 010-68558637 E-mail: ris@cei.cn
Powered by Beijing Magtech Co., Ltd.