Most Download articles

    Published in last 1 year | In last 2 years| In last 3 years| All| Most Downloaded in Recent Month | Most Downloaded in Recent Year|

    In last 3 years
    Please wait a minute...
    For Selected: Toggle Thumbnails
    An Overview of Application and Technology of Artificial Intelligence in Cybersecurity
    Journal of Information Security Reserach    2022, 8 (2): 110-.  
    Abstract1386)      PDF (1142KB)(1093)       Save
    Compared with the developed countries, the basic research and technology application in the field of artificial intelligence in China started later, especially the application of artificial intelligence in the important field of network security. Domestic and abroad disparity is still very obvious, which seriously affects the improvement of China's cybersecurity capability. This paper elaborates the relationship between artificial intelligence, network attack and network defense, and widely investigates the application status of artificial intelligence in major information security companies at home and abroad. It points out that APT detection, 0day vulnerability mining and cloud security are three core areas that affect the level of cybersecurity capability, This paper deeply analyzes the key technologies of artificial intelligence technology applied in these three fields, and puts forward the safety risks of artificial intelligence technology, and points out that artificial intelligence technology is not a panacea for all diseases, This Paper provides a scientific reference for the further research and application of artificial intelligence technology in China's information security industry.
    Reference | Related Articles | Metrics
    ChatGPT’s Applications, Status and Trends in the Field of Cyber Security
    Journal of Information Security Reserach    2023, 9 (6): 500-.  
    Abstract790)      PDF (2555KB)(650)       Save
    ChatGPT, as a large language model technology, demonstrates extremely strong language understanding and text generation capabilities. It has not only attracted tremendous attention across various industries but also brought new transformations to the field of cybersecurity. Currently, research on ChatGPT in the cybersecurity field is still in its infancy. To help researchers systematically understand the research status of ChatGPT in cybersecurity, this paper provides the first comprehensive summary of ChatGPT’s applications in the field of cybersecurity and potential accompanying security issues. The article first outlines the development of large language model technologies and briefly introduces the technology and features of ChatGPT. Then, it discusses the enabling effects of ChatGPT in the cybersecurity field from two perspectives: assisting attacks and assisting defense. This includes vulnerability discovery, exploitation and remediation, malicious software detection and identification, phishing email generation and detection, and potential use cases in security operations scenarios. Furthermore, the article delves into the accompanying risks of ChatGPT in the cybersecurity field, including content risks and prompt injection attacks, providing a detailed analysis and discussion of these risks. Finally, the paper looks into the future of ChatGPT in the cybersecurity field from the perspectives of security enablement and accompanying security, pointing out the direction for future research on ChatGPT in the cybersecurity domain.
    Reference | Related Articles | Metrics
    Research on a New Generation Network Security Framework for Network Security Assurance of Major Event
    Journal of Information Security Reserach    2022, 8 (5): 492-.  
    Abstract401)      PDF (5642KB)(643)       Save
    Due to the open network environment,complex information system and widespread social concern, major event faces increasing network security risks. The traditional plugin network security protection is more and more difficult to adapt to the increasingly complex network security situation of major event. Based on the network security assurance work of 2022 Beijing Winter Olympic Games and 2022 Beijing Winter Paralympic Games, this paper systematically sorts out the main characteristics of network security assurance for major event, puts forward a new generation network security framework, and analyzes the structure, characteristics and models of the framework in detail. The “zero accident” in the network security assurance work of Beijing Winter Olympic Games and Beijing Winter Paralympic Games shows that the framework can effectively guide the network security assurance work for major event, and provides a successful model for network security assurance work for major event.
    Related Articles | Metrics
    Data Security Governance Technology and Practice in Big Data Applications
    Journal of Information Security Reserach    2022, 8 (4): 326-.  
    Abstract550)      PDF (2139KB)(640)       Save
    The wide application of big data technology makes data burst into unprecedented value and vitality. However, due to the large amount of data, multiple data sources, and complex data access relationships, data security lacks refined and standardized management, and the importance of data security governance becomes increasingly prominent. By analyzing data security problems in existing big data applications and common pitfalls in data security governance, this paper puts forward the ideas, principles and methods of data security governance, and with classification and grading as the entry point, presents the technical architecture of data security governance. Finally, taking the big data platform as an example, presents the application practice of data security governance technology.
    Reference | Related Articles | Metrics
    Research and Thinking on the Technical Framework of Data Security  in the Field of Transportation
    Journal of Information Security Reserach    2022, 8 (11): 1092-.  
    Abstract235)      PDF (1237KB)(613)       Save
    In recent years, in the continuous advancement of the construction of “digital government”, the “data gap” and “data island” between government departments have been gradually broken. As the core resource of digital government, data is an important driving force for national development,and also the most valuable core asset. With the largescale aggregation, integration and sharing of various data resources, a series of data securityrelated problems have emerged. For example, due to the high concentration of data, data is more likely to become the target of attacks, and a large number of illegal operations by internal personnel lead to data tampering and greatly increase. In order to solve the problem of data security in the field of transportation, this paper makes an indepth analysis of the main challenges of data security in the field of transportation technology and transportation, and proposes to create an “overall technical architecture of data security management and control”, and focuses on thinking and discussing the full life cycle security of data and data security operation    in the field of transportation. Data security management is not within the scope of this paper.
    Reference | Related Articles | Metrics
    Computing Force Network Security Architecture and Data Security Governance Technology
    Journal of Information Security Reserach    2022, 8 (4): 340-.  
    Abstract707)      PDF (2657KB)(522)       Save
    As a new information infrastructure which provides deep integration of computing force and network services, computing force network (CFN) provides important support for national cyber power, digital China and smart society. At present, the planning and construction of CFN has entered a critical period, and the work related to CFN security is gradually advancing, but the systematic security architecture has not been formed. This paper summarizes the relevant research progress of CFN, analyzes the security opportunities and challenges faced by CFN, and proposes a security reference architecture based on sorting out the key security technologies, so as to provide a reference for promoting the construction of CFN security system and deploying CFN security mechanism.Key words computing force network; new information infrastructure; security reference architecture; orchestration security; privacy computation; data security; artificial intelligence
    Related Articles | Metrics
    Research and Design of Unified Platform for Vulnerability Management
    Journal of Information Security Reserach    2022, 8 (2): 190-.  
    Abstract548)      PDF (1069KB)(491)       Save
    With the development of the network technology, information security has been paid more and more attention. As one of the most frequently used attacking methods, security vulnerability has also been widely concerned. At present, Most of the organizations or enterprises rely on manual methods to manage vulnerabilities, and do not have unified tracking、 disposition、 display and analysis. These methods are not only inefficient, but also error-prone. A unified platform for vulnerability management was proposed, which allowed the automatic closed loop controlling of the life cycle of vulnerabilities. The platform integrated different vulnerability management capabilities into specific functional modules. General development languages and standards-based service interfaces were developed to allow integration of this platform with other infrastructure platform systems or network security tools. Practices show that, this platform can effectively improve the performance of the vulnerability management, and make vulnerability management to be centralized, streamlined and automated.
    Reference | Related Articles | Metrics
    A Survey of Deep Face Forgery Detection
    Journal of Information Security Reserach    2022, 8 (3): 241-.  
    Abstract567)      PDF (2995KB)(441)       Save
    Video media has developed rapidly with the popularity of the mobile Internet in recent years. At the same time, face forgery technology has also made great progress with the development of computer vision. Face forgery technology can be adopted to make interesting short video applications, but due to characteristics such as high fidelity, easy and quick generation, its malicious use poses a great threat to social stability and information security. Therefore, how to detect fake videos of faces in the Internet has become an urgent problem to be solved. With the efforts of scholars in the world, forgery detection has also made great breakthroughs in recent years. Therefore, this review aims to summarize the existing forgery detection methods in detail. In particular, we first introduce the forgery detection data set, and then summarizes the existing methods from the aspects of forgery video trace, neural network architecture, temporal information of videos, face identity information, and generalization of detection algorithms. Then we compare and analyze their corresponding detection results. Finally, we summarize the research directions and existing problems of deep forgery detection and discusses the challenges and development trends, providing reference for relevant research. 
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2023, 9 (6): 498-.  
    Abstract304)      PDF (472KB)(382)       Save
    Related Articles | Metrics
    Secure Sharing Scheme of Sensitive Data Based on Blockchain
    Journal of Information Security Reserach    2022, 8 (4): 364-.  
    Abstract428)      PDF (2009KB)(378)       Save
    At present, blockchain technology mainly realized the protection and verification of data subjects in data sharing applications, and for sensitive data, it should also focus on the storage and supervision of user behavior and authorized information. In this regard, this paper proposes a blockchainbased secure sharing scheme for sensitive data: a basic environment for secure sharing and data verification is built through technologies such as consortium blockchain and interplanetary file system. Then the secure sharing of sensitive data, reliable storage of user’s behavior and reasonable supervision of authorized information can be realized by sensitive data storage and sharing algorithms. The system implementation and analysis show that the scheme can share all kinds of sensitive data securely, ensure the security of storage, access and authorization of sensitive data, and meet the needs of sensitive data sharing.
    Related Articles | Metrics
    Data Security and Governance in the Context of Digital Economy
    Journal of Information Security Reserach    2022, 8 (4): 316-.  
    Abstract278)      PDF (452KB)(374)       Save
    Related Articles | Metrics
    Challenges and Countermeasures of Artificial Intelligence Security Governance
    Journal of Information Security Reserach    2022, 8 (4): 318-.  
    Abstract373)      PDF (2934KB)(366)       Save
    AbstractThe development of artificial intelligence has gone through several ups and downs. In recent years, it has once again attracted the great attention of academia and industry. Its technology is being rapidly applied in various fields and has become a new round of strategic technology for countries to realize industrial transformation and upgrading. However, the indepth application of artificial intelligence with machine learning as the core technology has brought about increasingly prominent technical and social risks. This paper summarizes and analyzes the security risks faced by artificial intelligence and its governance status from three aspects: potential security vulnerabilities, excessive abuse, and social ethics. To further deal with the issue of AI security governance, this paper puts forward solutions and suggestions from the perspectives of technology, standards, and laws, aiming to provide an idea for the establishment of AI security governance systems and industrial applications. Meanwhile, this paper also gives a direction for the exploration of AI security technology research.Key wordsartificial intelligence; security governance; machine learning; social ethics; lasws and regulations
    Reference | Related Articles | Metrics
    Key Points and Practice of Compliance Assessment for Government Data Security
    Journal of Information Security Reserach    2022, 8 (11): 1050-.  
    Abstract428)      PDF (719KB)(358)       Save
    With the development of digital government, the security of government data has become a crucial task. The state attaches great importance to the security risk prevention of government data, and has issued a series of laws, regulations and policy documents, which put forward clear requirements for strengthening the security management of government data. Based on the requirements of government data security compliance, this article proposes the evaluation method and index system of compliance assessment for government data security, which will provide reference for the manager of government data to carry out government data security compliance assessment.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2023, 9 (E2): 4-.  
    Abstract60)      PDF (2945KB)(341)       Save
    Related Articles | Metrics
    Research on Network Security Governance and Response of  Largescale AI Model
    Journal of Information Security Reserach    2023, 9 (6): 551-.  
    Abstract353)      PDF (1101KB)(340)       Save
    With the continuous development of artificial intelligence technology, largescale AI model technology has become an important research direction in the field of artificial intelligence. The publication of ChatGPT4.0 and ERNIE Bot has rapidly promoted the development and application of this technology. However, the emergence of largescale AI model technology has also brought new challenges to network security. This paper will start with the definition, characteristics and application of largescale AI model technology, and analyze the network security situation under largescale AI model technology. The network security governance framework of largescale AI model is proposed, and the given steps can provide reference for network security work of largescale AI model.
    Reference | Related Articles | Metrics
    Automated Vulnerability Mining and Attack Detection
    Journal of Information Security Reserach    2022, 8 (7): 630-.  
    Abstract419)      PDF (434KB)(334)       Save
    Related Articles | Metrics
    Research on the Application of Commercial Cryptography in 5G Network
    Journal of Information Security Reserach    2023, 9 (4): 331-.  
    Abstract594)      PDF (1197KB)(333)       Save
    As a new generation of mobile communication network infrastructure, 5G application scenarios run through all aspects of production and life, such as industrial Internet, energy industry, transportation, medical industry and education. However, unprecedented security risks have been brought to 5G networks, including massive terminal access, largescale network deployment, and massive data aggregation. 5G security has gradually become a worldwide research trend in recent years since it is crucial to social development, economic operation, and even national security. Cryptography is the core technology and basic support to assure network and information security. After more than ten years of development, national commercial cryptographic algorithms ZUC, SM4, SM3, SM2, whose independent intellectual property rights are available, have gradually exerted more indispensable effects in maintaining the security of national cyberspace. Starting from the 5G network architecture and interfaces, this paper analyzes the underlying security risks faced by the 5G networks and proposes a corresponding solution as an example in terms of the commercial cryptography application practices of the 5G network.
    Reference | Related Articles | Metrics
    Data Security Governance Practices
    Journal of Information Security Reserach    2022, 8 (11): 1069-.  
    Abstract385)      PDF (5897KB)(321)       Save
    Data security governance has been written into the Data Security Law of the People’s Republic of China. At the same time, data security governance is also one of the key points in the construction of systematic network security. This paper analyzes the data security governance concepts of Gantner and Microsoft, combines enterprise architecture, stakeholder theory, data flow security assessment, maturity security assessment and other methodologies, forms a set of data security governance concepts, and designs a data security management and operation platform for dynamic supervision and data security operation of data security governance indicators. Since 2018, this methodology and platform have been put into practice in the project to solve the construction and optimization of users’ data management and defense system.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2023, 9 (3): 206-.  
    Abstract479)      PDF (513KB)(318)       Save
    Related Articles | Metrics
    Research and Prospect of Adversarial Attack in the Field of Natural Laguage Processing
    Journal of Information Security Reserach    2022, 8 (3): 202-.  
    Abstract273)      PDF (1351KB)(315)       Save
    With the continuous development of artificial intelligence, deep learning has been applied to vari-ous fields. However, in recent years, relevant studies have shown that deep learning is suscepti-ble to adversarial attacks, which can deceive deep learning models into making wrong judgments about sample categories. At present, the research of computer vision adversarial attack has grad-ually become mature, but because of the special structure of text data, the research of natural lan-guage processing adversarial attack is still in the development stage. Therefore, by introducing the concept of adversarial attack and its application in the field of computer vision, this paper introduces the current research status of adversarial attack in the field of natural language pro-cessing, and investigates popular adversarial attack schemes according to specific downstream tasks of natural language processing. Finally, prospects for the development of adversarial attack in the field of natural language processing are proposed. This paper has reference value for re-searchers in the field of natural language processing adversarial attack.
    Reference | Related Articles | Metrics
    Model of Data Security Governance Based on Business Scenarios
    Journal of Information Security Reserach    2022, 8 (4): 392-.  
    Abstract305)      PDF (1743KB)(310)       Save
    With the rapid development of the digital economy, all countries around the world regard data assets as important resources that may affect national security, and have taken actions to issue laws and regulations related to data security in order to comprehensively improve data security capabilities. In this context, organizations involved in data processing activities on the one hand need to face constraints related to data security policy requirements; on the other hand, they want to protect the data that may affect the vital interests of the organization. Therefore, in addition to data security compliance work, it is also necessary to implement data securityrelated requirements effectively. Based on the organization’s own business, the realization of business goals as the driving force is the key element of sustainable improvement of data security capability. This paper reviews the typical data security framework and proposes a data security governance model based on business scenarios, which can provide some references for organizations to carry out data security governance work.Key words business scenarios; data security governance model; data flow transformation; data classification and grading; data security operation; data security risks
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (8): 734-.  
    Abstract390)      PDF (422KB)(307)       Save
    Related Articles | Metrics
    Data sharing model based on privacy computing
    Journal of Information Security Reserach    2022, 8 (2): 122-.  
    Abstract262)      PDF (2404KB)(296)       Save
    At present, there are still many problems to be solved in government data sharing, such as the mismatch between data demand and supply, the weakness of data security and personal privacy protection, and the difficulty of business collaboration.By analyzing the current operation mechanism of government data sharing, combined with the theory of privacy computing technology, this paper proposes a data sharing model.This model adopts the method of "computable but invisible" to carry out data sharing,  gives the data sharing and system security architecture based on privacy computing.This model includes two main application processes: data statistical analysis and anonymous query.This model has theoretical and application value for better supporting data sharing with high security management requirements.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (8): 751-.  
    Abstract264)      PDF (2071KB)(294)       Save
    ATT&CK framework, as an attack perspective framework of network security in recent years, has attracted extensive research in the industry. This paper introduces the existing network security evaluation and detection technologies based on ATT&CK framework, and gives its own research results on this basis. In terms of evaluation, an automatic evaluation system based on ATT&CK framework is proposed. In terms of detection, the data source standardization method, attack analysis framework and attack chain analysis framework based on knowledge graph which are required by detection based on ATT&CK framework are proposed. This paper provides specific idea and implementation scheme for the application of ATT&CK framework in network security evaluation and detection.

    Related Articles | Metrics
    A Survey of SQL Injection Attack Detection and Defense Technology
    Journal of Information Security Reserach    2023, 9 (5): 412-.  
    Abstract354)      PDF (2612KB)(293)       Save
    In the era of “Internet+”, data is the most valuable resource of the Internet. Attackers often use SQL injection attacks to destroy the database in order to obtain important data information in the database. The threat to database security is becoming more and more serious. At present, the research on SQL injection attacks mostly focuses on traditional SQL injection attacks, but lacks the cognition of new advanced SQL injection technology with stronger concealment and higher risk, and the research on related detection and defense technology. In response to this phenomenon, this paper analyzes and evaluates traditional and advanced SQL injection attack technologies and their technical characteristics based on the classification of SQL injection technologies; summarizes existing detection and defense technologies, and evaluates the advantages and disadvantages of these methods for defense effectiveness; finally The problems existing in the current research field are sorted out, and suggestions for future research directions are put forward.

    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2021, 7 (E2): 90-.  
    Abstract286)      PDF (2497KB)(292)       Save
    Related Articles | Metrics
    The Review of Generation and Detection Technology for Deepfakes
    Journal of Information Security Reserach    2022, 8 (3): 258-.  
    Abstract366)      PDF (1583KB)(283)       Save
    In recent years, deepfakes technology can tamper with or generate highly realistic and difficult to distinguish audio and video content, and has been widely used in benign and malicious applications. For the generation and detection of deepfakes, experts and scholars at home and abroad have conducted in-depth research, and put forward the corresponding generation and detection scheme. This paper gives a comprehensive overview and detailed analysis of the existing audio and video deepfakes generation and detection technology based on deep learning , data set and future research direction, which will help relevant personnel to understand deepfakes and research on malicious deepfakes prevention and detection.
    Reference | Related Articles | Metrics
    Research on Content Detection Generated by Large Language Model  and the Mechanism of Bypassing
    Journal of Information Security Reserach    2023, 9 (6): 524-.  
    Abstract393)      PDF (1924KB)(278)       Save
    In recent years, there has been a surge in the development of large language models. AI robots like ChatGPT, although they have a largescale security confrontation mechanism inside, attackers can still elaborate questionandanswer patterns to bypass the mechanism, with their help to automatically produce phishing emails and carry out network attacks. In this case, how to identify the text generated by AI robots has also become a hot issue. In order to carry out LLMgenerated content detection experiment, our team collected a certain number of questionandanswer data samples from an Internet social platform and ChatGPT platform, and proposed a series of detection strategies according to different conditions of AI text availability. It includes text similarity analysis based on online controllable AI samples, text data mining based on statistical differences under offline conditions, adversarial analysis based on the LLM generation method under the condition that AI samples are not available, and AI model analysis based on building a classifier by finetuning the target LLM model itself. We calculated and compared the detection capabilities of the analysis engine in each case. On the other hand, we give some antikill techniques against AI text detection engines based on the characteristics of detection strategies, from the perspective of network attack and defense.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (9): 856-.  
    Abstract447)      PDF (391KB)(269)       Save
    Related Articles | Metrics
    Exploration and Practice of Classified Protection 2.0 System Construction Under the New Situation
    Journal of Information Security Reserach    2022, 8 (2): 196-.  
    Abstract250)      PDF (695KB)(268)       Save
    Network classified protection system is a basic system for the country to improve the ability and level of information security, maintain national security, social stability and public interests, and ensure and promote the healthy development of information construction in the process of national economy and social informatization. With the emergence of new technologies such as cloud computing and big data, great changes have taken place in the construction of information system. In the construction of network security level protection, the original standard system can no longer meet the needs of level protection under the new situation. This paper focuses on the systematic construction of hierarchical protection 2.0, analyzes the ideas and practice of the construction of network security hierarchical protection 2.0 system, explores the shortcomings and improvements, and makes a systematic analysis, summary and generalization through the methods of comparison, qualitative research, case analysis and expert interview, Extract systematic suggestions for the construction of network security level protection 2.0 system. Finally, it can promote China's information development, accelerate information construction, and improve the practical, comprehensive and systematic emergency response ability of network security, in order to provide theoretical reference for relevant workers.
    Reference | Related Articles | Metrics
    A Survey on Threats to Federated Learning
    Journal of Information Security Reserach    2022, 8 (3): 223-.  
    Abstract388)      PDF (1579KB)(266)       Save
    At present, federated learning has been considered as an effective solution to solve data island and privacy protection. Its own security and privacy protection issues have attracted widespread attentions from industry and academia. The existing federated learning systems have been proven to have vulnerabilities. These vulnerabilities can be exploited by adversaries, whether within or without the system, to destroy data security.  Firstly, this paper introduces the concept, classification and threat models of federated learning in specific scenarios. Secondly, it introduces the confidentiality, integrity, and availability (CIA) model of federated learning. Then, it carries out a classification study on the attack methods that destroy the federated learning CIA model. Finally, it explores the current challenges and future research directions of federated learning CIA model.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (6): 613-.  
    Abstract137)      PDF (3509KB)(260)       Save
    Edge service nodes have diversified service capabilities, and play an important role in improving the capability of data acquisition, communication, information awareness, command and control. To solve the problems of lack of security information sharing means and vulnerability of edge service nodes in a complex environment, an endogenous security blockchain network architecture composed of main chain, key chain and data chain is designed based on the DAG data structure in this paper, multipolicy security control techniques such as hardware private key storage, dynamic audit on the chain, data security transmission and network dynamic adjustment are adopted to establish a complete endogenous security mechanism for edge service nodes. Experiments show that the security mechanism in this paper can ensure the security of personnel, device, data storage, data access, data transmission, and data services, and form the basis of security for the industrial Internet.Key words edge service; blockchain; key chain; data security; dynamic audit

    Related Articles | Metrics
    Great Attention to Artificial Intelligence Security Issues
    Journal of Information Security Reserach    2022, 8 (3): 311-.  
    Abstract146)      PDF (1250KB)(259)       Save
    Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (5): 418-.  
    Abstract322)      PDF (2768KB)(259)       Save
    Most consortium blockchains now run in closed and deterministic environments, and their smart contracts cannot have IO operations with the outside world. Some application scenarios (such as crediting blockchain, carbon trading blockchain, supply chain, express tracking, etc.) require a mechanism responsible for data interaction with the outside of consortium blockchains, generally called an oracle machine. The existing oracle techniques in the consortium chain have the following shortcomings: 1) The limited data interaction mode cannot meet the needs of distributed applications; 2) With the increase in the number of distributed oracle nodes, the consensus delay will also increase. 3) The participants of the consortium blockchain usually maintain the oracle nodes in the distributed oracle system, and the behavior in the data consensus process is invisible to the blockchain, which is not conducive to data governance. To address the problems, this paper proposes the following methods: 1) Based on the eventdriven mechanism, four oracle design patterns or interaction patterns are proposed, which support Pull and Push, Inbound and Outbound, four combinations of the oracle data interactions; 2) The threshold signature algorithm is used to reach a consensus on the data, which improves the scalability of the oracle system while ensuring the credibility of the data; 3) A reputation mechanism is introduced for data governance to maintain a local and global reputation for each oracle node, and dynamic update is carried out in the data consensus process. Finally, by designing multichain scenairos in crediting blockchain and carbon trading blockchain, the applications of the four oracle design patterns, scalability, and reliability of the oracle nodes are evaluated and analyzed.
    Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (8): 831-.  
    Abstract272)      PDF (719KB)(258)       Save
    At present, open source has become one of the best organizing methods for human superlargescale intellectual collaboration, and has also become the "main battlefield" of technological innovation, ushering in great development worldwide. At the same time, open source software has also become a mature target for software supply chain attacks, facing security vulnerabilities, intellectual property rights, open source regulation and other risks. This paper analyzes the current security situation and risks of open source software supply chain, puts forward open source software development security solutions, and puts forward suggestions for the development of open source software supply chain.
    Related Articles | Metrics
    Survey of Coverage-guided Grey-box Fuzzing
    Journal of Information Security Reserach    2022, 8 (7): 643-.  
    Abstract329)      PDF (1745KB)(256)       Save
    In recent years, coverageguided greybox fuzzing has become one of the most popular techniques for vulnerability mining, which plays an increasingly important role in the software security industry. With the increasing variety of application scenarios and complexity of test applications, the performance requirements of coverageguided greybox fuzzing are further improved. This paper studies the existing coverageguided greybox fuzzing methods, summarizes its general framework, and analyzes its challenges and the development status. The experimental results of these methods are summarized and the problems existing in the experimental evaluation are discussed. Finally, the future development trend of coverageguided greybox fuzzing is prospected.Key words fuzzing; hole mining; coverageguided; greybox; software security

    Related Articles | Metrics
    Towards a Privacy-preserving Research for AI and Blockchain Integration
    Journal of Information Security Reserach    2023, 9 (6): 557-.  
    Abstract428)      PDF (1307KB)(254)       Save
    With the widespread attention and application of artificial intelligence (AI) and blockchain technologies, privacy protection techniques arising from their integration are of notable significance. In addition to protecting the privacy of individuals, these techniques also guarantee the security and dependability of data. This paper initially presents an overview of AI and blockchain, summarizing their combination along with derived privacy protection technologies. It then explores specific application scenarios in data encryption, deidentification, multitier distributed ledgers, and kanonymity methods. Moreover, the paper evaluates five critical aspects of AIblockchainintegration privacy protection systems, including authorization management, access control, data protection, network security, and scalability. Furthermore, it analyzes the deficiencies and their actual cause, offering corresponding suggestions. This research also classifies and summarizes privacy protection techniques based on AIblockchain application scenarios and technical schemes. In conclusion, this paper outlines the future directions of privacy protection technologies emerging from AI and blockchain integration, including enhancing efficiency and security to achieve more comprehensive privacy protection of AI privacy.
    Reference | Related Articles | Metrics
    Research on Industry Practice of Data Security Governance
    Journal of Information Security Reserach    2022, 8 (4): 333-.  
    Abstract200)      PDF (1170KB)(253)       Save
    AbstractData security governance is an important aspect of data governance, which is an important means to ensure data integrity, confidentiality, availability, and prevent data processing activities from bringing security risks to individuals, society, countries, etc., and cooperate with business growth. There is no unified understanding of the data security governance framework at home and abroad. This paper puts forward the index system of data security governance based on the policy and regulation system and national standard system of data security governance. And from the civil aviation industry, enterprise industry, financial industry, energy industry, and retail industry practice analysis, put forward the policy recommendations of data security governance to give assistance to the construction of  data security governance system in China.Key wordsdata security; data security governance; policies and regulations; index system; industry practice
    Reference | Related Articles | Metrics
    Security Risks and Countermeasures to Artificial Intelligence#br#
    #br#
    Journal of Information Security Reserach    2024, 10 (2): 101-.  
    Abstract182)      PDF (469KB)(251)       Save
    Related Articles | Metrics
    Research on the Application of Commercial Cryptography to Cloud Computing
    Journal of Information Security Reserach    2023, 9 (4): 375-.  
    Abstract294)      PDF (3447KB)(248)       Save
    Cloud computing, as a new information processing method, enables users to access information and communication resource services through the network, and it has become an inevitable trend in the development of information technology industry. Users, data, and information resources are highly concentrated, highly dependent on the continuity of cloud platform services, and the scalability of virtualized resources bring inevitable security risks to cloud computing., and the scalability of virtualized resources bring inevitable security risks to cloud computing. Therefore, how to eliminate the security risks of cloud computing by using commercial cryptography technology has become the current research hotspot. This paper starts from the cloud computing network architecture, anlyzes the cryptography application requirements of cloud computing. The paper proposes the corresponding commercial cryptography application scheme for cloud computing scenarios on this basis. The research results provide a theoretical guidance and reference for the application practice of commercial cryptography in cloud computing scenarios, and are expected to solve the key problems of cloud computing security.
    Reference | Related Articles | Metrics