Most Download articles

    Published in last 1 year | In last 2 years| In last 3 years| All| Most Downloaded in Recent Month| Most Downloaded in Recent Year|
    Most Downloaded in Recent Month
    Please wait a minute...
    For Selected: Toggle Thumbnails
    Research on Critical Information Infrastructure Security Protection
    Journal of Information Security Reserach    2025, 11 (10): 878-.  
    Abstract104)      PDF (324KB)(65)       Save
    Related Articles | Metrics
    Journal of Information Security Reserach    2024, 10 (E2): 40-.  
    Abstract281)      PDF (839KB)(153)       Save
    Reference | Related Articles | Metrics
    A Symbioticbased Framework for AI Safety Governance
    Journal of Information Security Reserach    2025, 11 (10): 897-.  
    Abstract78)      PDF (2070KB)(39)       Save
    Artificial intelligence technology is currently developing at an unprecedented pace, with safety concerns becoming a global focal point. Traditional AI safety research has predominantly relied on a “control paradigm”, emphasizing limitations, regulations, and value alignment to control AI behavior and prevent potential risks. However, as AI capabilities continue to strengthen, unidirectional control strategies are revealing increasingly significant limitations, with issues such as transparency illusions, adversarial evolution, and innovation suppression gradually emerging. Industry leaders like Sam Altman and Dario Amodei predict that AI may comprehensively surpass human capabilities in multiple fields within the next 23 years, making the reconstruction of AI governance paradigms particularly urgent. This paper proposes a new perspective—the “symbiotic paradigm”—emphasizing humanmachine collaboration as the core and understanding and trust as the foundation. Through establishing four pillars: transparent communication, bidirectional understanding, creative resonance, and dynamic boundaries, it promotes AI safety’s transition from control to cocreation, serving as one of the foundational paths for digital governance transformation. This paper systematically demonstrates the feasibility and necessity of the symbiotic paradigm through four dimensions: theoretical analysis, technological paths, practical cases, and governance recommendations, aiming to provide a sustainable alternative for future AI safety research and digital governance practices.
    Reference | Related Articles | Metrics
    Research on Security Assurance of Egovernment
    Journal of Information Security Reserach    2025, 11 (10): 879-.  
    Abstract75)      PDF (865KB)(34)       Save 
    government encompasses critical domains including government operations, public services, and data management, and its security directly affects national interests, public wellbeing, and social stability. In recent years, cyberattacks targeting Egovernment systems have become more frequent and continue to rise, security risks of government administrative networks continued to mount up and challenge security protection. This paper analyzes the development paths of Egovernment security protection at home and abroad and proposes relevant policy recommendations, with the aim of providing strong support for building a more perfect and optimized Egovernment security protection system.
    Reference | Related Articles | Metrics
    Research on Traffic Anomaly Detection Method and System for API Gateway
    Journal of Information Security Reserach    2025, 11 (10): 917-.  
    Abstract69)      PDF (1061KB)(26)       Save
    With the rise of cloud services and the widespread use of API technology, many network capabilities of operators are usually outputted and empowered through APIs. API gateways have become an important way for northsouth and eastwest system interconnection and data sharing. This paper proposes a method for API gateway traffic anomaly detection based deep learning. Firstly, a heterogeneous graph is constructed to comprehensively represent the gateway traffic network. Then, based on graph attention neural network, node representations in the heterogeneous graph are learned by considering both structural and temporal dimensions. We introduce graph structure refinement to compensate for sparse connections between entities in the heterogeneous graph and obtain more robust node representation learning; Finally, the meta learning algorithm is used to optimize the model and improve its generalization ability in small sample scenarios. The model can be deployed on gateway devices. The algorithm model was experimentally evaluated on the CICIDS2017 dataset, and the results showed that compared with the baseline algorithm, the detection method proposed in this paper has good performance in small sample and multi classification problems.
    Reference | Related Articles | Metrics
    Overview on SM9 Identity Based Cryptographic Algorithm
    Journal of Information Security Research    2016, 2 (11): 1008-1027.  
    Abstract3595)      PDF (13949KB)(6184)       Save
    SM9 identitybased cryptographic algorithm is an identitybased cryptosystem with bilinear pairings. In such a system the user s private key and public key may be extracted from user s identity and key generation centers parameters. The most common cryptographic uses of SM9 are with digital signature, data encryption, key exchange protocol and key encapsulation mechanism etc. The application and management of SM9 will not require digital certificate, certificate base, and key base. The key length of the SM9 cipher algorithm is 256b. SM9 cryptographic algorithm was issued as the cryptography standard in 2015. This paper will summarize the design, algorithm, software and hardware implementation and cryptanalysis of SM9 cryptographic algorithm. We also give some concrete examples in appendix.
    Reference | Related Articles | Metrics
    An Overview of Application and Technology of Artificial Intelligence in Cybersecurity
    Journal of Information Security Reserach    2022, 8 (2): 110-.  
    Abstract2003)      PDF (1142KB)(1400)       Save
    Compared with the developed countries, the basic research and technology application in the field of artificial intelligence in China started later, especially the application of artificial intelligence in the important field of network security. Domestic and abroad disparity is still very obvious, which seriously affects the improvement of China's cybersecurity capability. This paper elaborates the relationship between artificial intelligence, network attack and network defense, and widely investigates the application status of artificial intelligence in major information security companies at home and abroad. It points out that APT detection, 0day vulnerability mining and cloud security are three core areas that affect the level of cybersecurity capability, This paper deeply analyzes the key technologies of artificial intelligence technology applied in these three fields, and puts forward the safety risks of artificial intelligence technology, and points out that artificial intelligence technology is not a panacea for all diseases, This Paper provides a scientific reference for the further research and application of artificial intelligence technology in China's information security industry.
    Reference | Related Articles | Metrics
    Research on Zero Trust Access Control Model Based on Role and Attribute#br#
    #br#
    Journal of Information Security Reserach    2024, 10 (3): 241-.  
    Abstract184)      PDF (1562KB)(171)       Save
    In the face of many security threats in the network, the traditional access control model is increasingly exposed to the problems of poor dynamics of permission allocation, low sensitivity to new threats, and high complexity of resource allocation. This paper proposed a zero trust access control model based on role and attribute to address the above problems. The model used a logistic regression approach to trust assessment of access subjects to achieve access control with high sensitivity to access subject attribute, and adopted a new resource decision tree, which reduced the time complexity of resource permission assignment while achieving finergrained security for access control. Finally, verifying the model in this paper under typical application scenarios showed that the model was significantly better than the traditional access control model in terms of dynamic assignment of permissions.
    Reference | Related Articles | Metrics
    The Enlightenment and Reference of Cybersecurity Protection Policies for  Critical Information Infrastructure
    Journal of Information Security Reserach    2025, 11 (10): 885-.  
    Abstract55)      PDF (920KB)(17)       Save
    The security and stability of critical information infrastructure (CII) are of crucial importance to national security, economic development, and social stability. The insights and lessons learned from the CII security safeguards policies of countries and organizations such as the European Union, Japan, the United States, and Russia merit reference. CII security safeguards policies in China has gone through the stages of early exploration, rapid development, and comprehensive advancement; it is confronted with real predicaments including insufficient policy foresight, inadequate crossdomain coordination and collaboration, poor coordination and alignment of standards, and weak discourse power in international rules. It is suggested that China should strengthen the strategic guidance and toplevel design for CII, improve the crossdomain overall planning and linkage mechanism, formulate and refine CII protection standards.
    Reference | Related Articles | Metrics
    TCNGANbased Temporal Traffic Anomaly Detection
    Journal of Information Security Reserach    2025, 11 (10): 907-.  
    Abstract56)      PDF (2708KB)(19)       Save
    In recent years, generative adversarial networks have been widely used in the field of temporal anomaly detection. However, temporal data often has complex timedependence, and problems such as gradient vanishing and training instability are common in existing anomaly detection models. To this end, this paper proposes an unsupervised temporal traffic anomaly detection model based on the combination of temporal convolutional network (TCN) and GAN. The model uses TCN as the infrastructure of generator and discriminator, which can effectively capture the temporal features of the temporal traffic data. During the anomaly detection process, the model constructs an anomaly scoring function based on the reconstruction loss and discriminator loss, and performs anomaly judgment by setting a threshold, thus improving the accuracy of anomaly detection. To verify the performance of the proposed model, experiments are conducted on five different types of datasets. The results show that the average F1 score of the proposed model is 11.02% higher than that of the TAnoGAN model.
    Reference | Related Articles | Metrics
    Robust Malicious Encrypted Traffic Detection Method Based on  Dual Confidence Sample Selection
    Journal of Information Security Reserach    2025, 11 (10): 924-.  
    Abstract56)      PDF (1679KB)(16)       Save
    In the task of detecting malicious encrypted traffic, the existence of noise tags seriously affects the generalization ability and detection accuracy of the model. To solve the above problems, a noise label learning method based on DCASS (dualconfidence adaptive sample selection) is proposed to realize robust malicious encryption traffic detection. Firstly, the low dimensional features of samples are extracted by self encoder, and the feature confidence of samples is constructed.Then, the label confidence of samples is evaluated according to their performance in classification training. Finally, an adaptive selection threshold is proposed to select samples based on the dual confidence of feature space and label space, and filter noise samples dynamically to improve the robustness of the model. Experiments on CIRACICDoHBrw2020 dataset show that the proposed method has good performance and stability in dealing with noise labels. The F1 scores of the method reach 86.686%, 86.749%, 83.199% respectively when the noise rate is 20%, 30%, 40%. Compared with the existing three methods, the method proposed in this paper shows the best performance under different noise rates, with the average performance improvement of 18.89%, 37.34%, 6.32% respectively.
    Reference | Related Articles | Metrics
    A Survey of Fingerprint Recognition Technology
    Journal of Information Security Research    2016, 2 (4): 343-355.  
    Abstract833)      PDF (10838KB)(736)       Save
    Human society shows great interest in fingerprint at early times, but modern fingerprint recognition technology originated at the time of Galtons research, and used in criminal investigation at first. Since 1990s, fingerprint recognition begun to find its application in other commercial areas. In recent years, fingerprint recognition appears on mobile phone, and acts as an important method for screen unlocking and online payment. In the future, biometrics method, including fingerprint recognition, may replace current password system. For fingerprint recognition algorithm, classification is studied at first to improve the speed for fingerprint archives searching. Most algorithms today focus on matching the minutiae, including ridge ending and bifurcation. As the popularization of fingerprint recognition on mobile devices, the area of fingerprint sensor becomes smaller and smaller, matching technology based on third level features such as sweat pore and ridge shape gains more attentions. For fingerprint sensing, the first appeared method is pressing by ink. Fingerprint cards with inkpressed fingerprint is then digitized by scanner for computer storage and processing. From 1970s, the appearance and popularization of optical fingerprint sensing boost the quick and onsite image capturing and verification. Applications on mobile devices s the rapid progress of small size fingerprint sensor.
    Reference | Related Articles | Metrics
    AI and Data Privacy Protection: The Way to Federated Learning
    Journal of Information Security Research    2019, 5 (11): 961-965.  
    Abstract1347)      PDF (1395KB)(1315)       Save
    With the tremendous advance in computing, algorithms and data volume, artificial intelligence ushered in the third development climax, and began to gain a foot hold in exploring various industries. However, as the emergence of “big data”, more “small data” or “poorquality data”, and “data silos” exist in industry applications. For example, in the information security realm, it is difficult for enterprises who provide security services such as content security auditing and intrusion detection based on artificial intelligence technology to exchange raw data due to the consideration of user privacy and trade secrets protection. The services between enterprises are independent, and the overall development of cooperation and technology is difficult to make a breakthrough in a short period of time. How to promote greater cooperation on the premise of protecting the privacy of organizations? Will there be any chance for technical means to solve the data privacy protection problems? Federated Learning is an effective way to solve this problem and achieve acrossenterprise collaborative governance.
    Reference | Related Articles | Metrics
    Overview on SM4 Algorithm
    Journal of Information Security Research    2016, 2 (11): 995-1007.  
    Abstract1668)      PDF (8653KB)(1114)       Save
    SM4 Algorithm, short for SM4 Block Cipher Algorithm, was published in 2006 to promote the application of WAPI. It became a cryptography industrial standard (GMT 0002—2012) in March 2012 and a national standard (GBT 32907—2016) in August 2016. This paper describes SM4s calculating process, structural features and cryptographic properties. Furthermore, we introduce some latest researches on SM4s security and compare SM4s security with several international block cipher standards such as AES, HIGHT and MISTY1.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2024, 10 (E1): 246-.  
    Abstract513)      PDF (1562KB)(302)       Save
    Reference | Related Articles | Metrics
    Research on Highquality Development of New Infrastructures Under  Critical Information Infrastructure Security Protection
    Journal of Information Security Reserach    2025, 11 (10): 891-.  
    Abstract60)      PDF (957KB)(15)       Save
    Developing new infrastructure plays a crucial role in enhancing the security protection capabilities of critical information infrastructure. The approaches adopted by relevant countries in advancing new infrastructure—such as boosting global competitiveness, prioritizing key technology R&D, attracting deep private sector participation, promoting unified standards and regulations, and strengthening supply chain resilience—offer valuable insights. Although China’s new infrastructure has seen continuous improvements in recent years regarding development scale, technological autonomy, digital and intelligent capabilities, and its capacity to support critical infrastructure, it also faces challenges such as significant intrinsic security risks, risks associated with introducing new technologies, and lagging standardization efforts. It is recommended in terms of to drive the highquality development of new infrastructure by leveraging intelligent upgrades as the driving force, functional expansion as the connecting link, and boundary governance as the focal point.
    Reference | Related Articles | Metrics
    The Review of Information Hiding Technology Based on GAN Image Generation
    Journal of Information Security Research    2019, 5 (9): 771-777.  
    Abstract886)      PDF (630KB)(1048)       Save
    The traditional steganography is facing more and more threats, and the steganographic analysis technology is gradually mature. To solve this problem, the Generative Adversarial Networks is introduced into the steganography, which can reduce the traces of carrier modification and improve the concealment of steganography. This paper introduces the basic structure of the Generative Adversarial Networks, summarizes, compares and classifies the research results of the steganography based on GAN image generation. According to the existing technical means, the shortcomings of the current Generative Adversarial Networks in the development of steganography are proposed, and the future research directions are prospected.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2024, 10 (E1): 236-.  
    Abstract600)      PDF (796KB)(396)       Save
    Reference | Related Articles | Metrics
    A Survey of Zero Trust Research
    Journal of Information Security Research    2020, 6 (7): 608-614.  
    Abstract1330)      PDF (2068KB)(1617)       Save
    With the popularization of cloud computing, mobile office and other technologies, the enterprise network structure becomes complex. The traditional network security model is based on the idea of boundary protection, which can not meet the current needs. Zero trust is a new network security model, where no distinction is made between internal and external networks and all entities need authentication and authorization before accessing resources, which can be used to protect the network whose perimeter is increasingly fuzzy. This paper gives the definition of zero trust, introduces the architecture of zero trust, analyzes the core technology of zero trust, compares and analyses several representative zero trust schemes, summarizes the development status, points out the research direction needing attention in this field, which can provide reference for the research and application of zero trust.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2023, 9 (E1): 105-.  
    Abstract751)      PDF (1450KB)(404)       Save
    Reference | Related Articles | Metrics
    A Survey on Backdoor Attacks and Defenses in Federated Learning
    Journal of Information Security Reserach    2025, 11 (9): 778-.  
    Abstract89)      PDF (2638KB)(30)       Save
    Federated learning is a machine learning framework that enables participants in different fields to participate in largescale centralized model training together under the condition of protecting local data privacy. In the context of addressing the pressing issue of data silos, federated learning has rapidly emerged as a research hotspot. However, the heterogeneity of training data among different participants in federated learning also makes it more vulnerable to model robustness attacks from malicious participants, such as backdoor attacks. Backdoor attacks inject backdoors into the global model by submitting malicious model updates. These backdoors can only be triggered by carefully designed inputs and behave normally when input clean data samples, which poses a great threat to the robustness of the model. This paper presents a comprehensive review of the current backdoor attack methods and backdoor defense strategies in federated learning. Firstly, the concept of federated learning, the main types of backdoor attacks and backdoor defenses and their evaluation metrics were introduced. Then, the main backdoor attacks and defenses were analyzed and compared, and their advantages and disadvantages were pointed out. On this basis, we further discusses the challenges of backdoor attacks and backdoor defenses in federated learning, and prospects their research directions in the future.
    Reference | Related Articles | Metrics
    Research on Multimodal Cyberspace Identification Technology  Based on Object Identifier
    Journal of Information Security Reserach    2025, 11 (10): 960-.  
    Abstract44)      PDF (1253KB)(10)       Save
    Multimodal cyberspace identification is a basic work for the construction of multimodal cyberspace. This paper summarizes the current state of identification system research both domestically and internationally, and provides a comparative analysis of various identification technologies. In view of the large number of communication devices in multimodal cyberspace and the high requirements of endogenous security, a multimodal cyberspace identification technology based on object identifiers is proposed, and the coding rules of tree structure are used to identify and manage largescale communication devices in multimodal cyberspace to improve management efficiency.
    Reference | Related Articles | Metrics
    A Review of Hardware Accelerated Research on Zeroknowledge Proofs
    Journal of Information Security Reserach    2024, 10 (7): 594-.  
    Abstract858)      PDF (1311KB)(291)       Save
    ZeroKnowledge Proofs (ZKP) are cryptographic protocols that allow a prover to demonstrate the correctness of a statement to a verifier without revealing any additional information. This article primarily introduces research on the acceleration of zeroknowledge proofs, with a particular focus on ZKPs based on Quadratic Arithmetic Programs (QAP) and Inner Product Proofs (IPA). Studies have shown that the computational efficiency of zeroknowledge proofs can be significantly improved through hardware acceleration technologies, including the use of GPUs, ASICs, and FPGAs. Firstly, the article introduces the definition and classification of zeroknowledge proofs, as well as the difficulties encountered in its current application. Secondly, this article  discusses in detail the acceleration methods of different hardware systems, their implementation principles, and their performance improvements over traditional CPUs. For example, cuZK and GZKP utilize GPUs to perform Multiscalar Multiplication (MSM) and Number Theoretic Transform (NTT), while PipeZK, PipeMSM, and BSTMSM accelerate these computational processes through ASICs and FPGAs. Additionally, the article mentions applications of zeroknowledge proofs in blockchain for concealing transaction details, such as the private transactions in ZCash. Lastly, the article proposes future research directions, including accelerating more types of ZKPs and applying hardware acceleration to practical scenarios to resolve issues of inefficiency and promote the widespread application of zeroknowledge proof technology.
    Reference | Related Articles | Metrics
    DGA Domain Name Generation Method of BiLSTM Model  Based on Bayesian HPO
    Journal of Information Security Reserach    2025, 11 (10): 950-.  
    Abstract43)      PDF (1488KB)(9)       Save
    In recent years, domain generation algorithms (DGA) have been extensively utilized in network attacks to dynamically generate large quantities of random domain names for malicious software communications, posing a severe challenge for security defenses. As DGA structures grow increasingly complex, traditional domain classification methods that rely on manually extracted features struggle to adapt to new variants in a timely manner. Although generationbased deep models can automatically capture latent patterns from data, their large parameter sizes and intricate hyperparameter tuning often hinder stable performance across diverse DGA. To tackle these issues, this paper proposes a DGA domain generation approach based on a bidirectional long shortterm memory (BiLSTM) model enhanced by Bayesian hyperparameter optimization(Bayesian HPO). By automating the tuning of critical hyperparameter, our method significantly reduces manual intervention and training overhead, while strengthening the robustness and generalization capability of the model against various DGA. Experimental results demonstrate that the proposed approach achieves excellent generation accuracy on multiple DGA families, providing a proactive, forwardlooking defense strategy for network security.
    Reference | Related Articles | Metrics
    Overview of Voiceprint Recognition Technology and Applications
    Journal of Information Security Research    2016, 2 (1): 44-57.  
    Abstract1239)      PDF (12707KB)(654)       Save
    With the rapid development of information technology, how to identify a person to protect hisher personal privacy as well as information security has become a hot issue. Comparing with the traditional identity authentication, the biometric authentication technologies have the features of not being to get lost, to be stolen or forgotten when being used. The use of them is not only fast and convenient, but also accurate and reliable. Being one of the most popular biometric authentication technologies, the voiceprint recognition technology has its unique advantages in the field of remote authentication and other areas, and has attracted more and more attention. In this paper, the voiceprint recognition technology and its applications will be mainly introduced, including the fundamental concept, development history, technology applications and industrial standardizations. Various kinds of problems and corresponding solutions are overviewed, and the prospects are pointed out finally.
    Reference | Related Articles | Metrics
    Dualbranch Malicious Code Homology Analysis Model Based on Feature Fusion
    Journal of Information Security Reserach    2025, 11 (7): 594-.  
    Abstract85)      PDF (2563KB)(31)       Save
    In the homology analysis of malicious code, a large number of malicious code variants are generated due to techniques such as encryption, obfuscation, and packing, which leads to the problem that the deep learning model has insufficient ability to extract the features of malicious code. To solve this problem, a multibranch convolution and transformernet (MCATNet) homology analysis model based on feature fusion was proposed. Firstly, an MCATNet dualbranch network was constructed, one branch was a multibranch convolutional MBC (Multibranch convolution) module, and the MBC module was used to construct the CNN branch, and the CBAM hybrid attention mechanism was introduced to make the network pay more attention to the core features while taking into account the local features. Another branch is the Transformer module with ViT as the backbone, which extracts global feature information of malicious code images and proposes a downsampling module to finely preserve global features while aligning the feature maps of Transformer and CNN at the spatial scale. Secondly, the cascading strategy is used to fuse the local features of the CNN branch and the global features of the Transformer branch to solve the problem that the network only focuses on a single feature. Finally, the Softmax classifier was used to analyze the homology of the malicious code family. Experimental results show that the classification accuracy of the twobranch model based on feature fusion reaches 99.24%, which is 0.11% and 0.65% higher than that of the singlebranch CNN and singlebranch Transformer models, respectively.
    Reference | Related Articles | Metrics
    SM3 Cryptographic Hash Algorithm
    Journal of Information Security Research    2016, 2 (11): 983-994.  
    Abstract1406)      PDF (8502KB)(893)       Save
    The cryptographic hash functions play an important role in modern cryptography. They are used to compress messages of arbitrary length to fixed length hash values. The most common cryptographic applications of hash functions are with digital signature and for data integrity. SM3 cryptographic hash algorithm is issued as the industry standard in 2012. In 2016, it was published as national standard. It takes a 512bit message as input and outputs a 256bit hash value. This paper summarizes the design, properties, software and hardware implementations and cryptanalysis of SM3 cryptographic hash algorithm. Furthermore, we compare SM3 with other hash standards.
    Reference | Related Articles | Metrics
    Overview on Public Key Crytographic Algorithm SM2 Based on Elliptic Curves
    Journal of Information Security Research    2016, 2 (11): 972-982.  
    Abstract1643)      PDF (7813KB)(923)       Save
    Public key cryptographic algorithm SM2 based on elliptic curves (SM2 algorithm for abbreviation) was firstly issued in December 2010, had become the Chinese commercial cryptographic standard (GMT 0003—2012) in 2012, and had become the Chinese national cryptographic standard (GBT 32918—2016) in 2016. This paper briefly describe the development background of SM2 algorithm,describe SM2 algorithm in details,introduce the researches on its security, and evaluate its implementation efficiencies. All the researches on SM2 algorithm so far indicate that the provable securities of SM2 algorithm reach the supreme levels of public key cryptographic algorithms securities, and its implementation efficiencies are equivalent to or slightly superior to those similar elliptic curve cryptographic algorithms in some international standards.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2024, 10 (E2): 105-.  
    Abstract649)      PDF (929KB)(352)       Save
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2024, 10 (E2): 230-.  
    Abstract216)      PDF (3359KB)(130)       Save
    Reference | Related Articles | Metrics
    Research on Sidechannel Attack Methods of IKE Protocol
    Journal of Information Security Reserach    2025, 11 (10): 933-.  
    Abstract43)      PDF (1880KB)(10)       Save
    Analyze the implementation of the IKE protocol, construct an IKE protocol message generation model, and verify three sidechannel attack methods against the IKE protocol under security assumptions and DolevYao threat models. Attackers can obtain users’ privacy information, and increase the number of target user tags they possess, based on which targeted attack methods and tools can be selected. For the three potential security risks that may cause privacy breaches, the information entropy algorithm is introduced for quantitative evaluation. By calculating the changes in information entropy, the impact of different privacy information breaches on user security is quantitatively analyzed, which is beneficial for users to take targeted security protection measures. The experimental results verified the effectiveness of three sidechannel attack methods, and also proved that the information entropy quantification evaluation method can clearly characterize the degree of harm caused by privacy leakage, providing a basis for users to formulate security protection measures and helping to reduce potential privacy leakage risks.
    Reference | Related Articles | Metrics
    Security Architecture and Key Technologies of Blockchain
    Yan Zhu
    Journal of Information Security Research    2016, 2 (12): 1090-1097.  
    Abstract1144)      PDF (6838KB)(805)       Save
    Blockchain, both the cryptocurrency and the underlying Bitcoin technology, have attracted significant attention around the world. The reason is that blockchain is a decentralization technology with Consensus Trust Mechanism (CTM), which is obviously different from the traditional centralization system with Outer Trust Mechanism (OTM). This has made a great influence on the trust mechanism of people and promoted the usage of security technology in the blockchain. In this paper, we present the security architecture and key technologies of the blockchain, and explain how the blockchain ensure the integrity, non repudiation, privacy, consistency for the stored data through P2P network, distributed ledger, asymmetric encryption, consensus mechanism and smart contracts. Moreover, we analyze some new security threats and measures, for example, the preventing technology of Denial of Service (DoS) attack against the Transaction Storm (TS), the cryptographic access control (CAC) technology to enhance the data privacy, the key management technology against losing and stealing of digital asset, and so on. We also discuss the future security problems and technologies that might be discovered after the blockchain syncretizes new technologies, including, AI, Big Data, IOT, cloud computing, mobile Internet technologies.
    Reference | Related Articles | Metrics
    Distributed database fine-grained access control based on zero trust in the power Internet of Things
    Journal of Information Security Reserach    2021, 7 (6): 535-542.  
    Abstract428)      PDF (1442KB)(313)       Save
    With the development of the power Internet of Things architecture, the higher requirements for the data security storage in the data layer have been put forward. In order to realize the fine-grained access control of the data resources of the distributed database in the power Internet of Things, a scheme of using zero-trust architecture was proposed to protect database resources. In this paper, the dynamic trust management was discussed to make real-time and context-based decision and authorization for access request, and the method of fine-grained access control of resources is used to realize the minimum authorization of access subjects. Finally, the methods of optimizing access control performance by multi-granularity strategy matching and permission expansion were introduced.
    Reference | Related Articles | Metrics
    Real-time automatic detection and recognition of Internet of Things equipment based on flow fingerprint
    Journal of Information Security Reserach    2021, 7 (6): 543-549.  
    Abstract579)      PDF (1598KB)(412)       Save
    In recent years, with the rapid development of Internet of Things (IoT) technology, a large number of Internet of Things devices have emerged in the cyberspace, such as network printers, network cameras and routers. However, the network security situation is getting worse.  Large-scale network attacks initiated by terminal devices connected to the Internet frequently occur, causing a series of adverse effects, such as information leakage and personnel property damage.  Establishing a fingerprint generation system for IoT devices to accurately identify device types is of great significance to the unified security control of the IoT. We propose a real-time automatic detection and recognition solution for IoT devices based on traffic fingerprints. This solution contains two main modules, including automatic detection and fingerprint recognition.  First, passive listening is used to collect messages sent by different IoT devices. Based on the differences in the header fields of different devices, a series of multi-classification algorithms are used to identify the device type. Simulation experiments show that the scheme can achieve an average prediction accuracy of 93.75%.
    Reference | Related Articles | Metrics
    Research on a Collaborative Filtering Recommendation Algorithm  Based on Twostage Joint Prediction
    Journal of Information Security Reserach    2023, 9 (3): 291-.  
    Abstract130)      PDF (1051KB)(118)       Save
    Traditional collaborative filtering recommendation algorithm has some problems, such as the sparsity of rating data, the lack of user rating preference, and the limitation of traditional similarity measurement. In this paper, a twostage recommendation model combining item prediction score and user preference score is proposed. In the first stage, the itembased prediction score is used to complete the score matrix, and the time weight factor is used to improve the item similarity; In the second stage, the complete scoring matrix is transformed into a user scoring preference matrix for scoring categories by using the scoring preference model, then the preference score is calculated by using the userbased collaborative filtering algorithm through the matrix, and the user common rating score weight is used to improve the user similarity. Finally, the itembased prediction score and the userbased preference score are used as the comprehensive prediction score of the target user. Experimental results show that the proposed algorithm outperforms the traditional collaborative filtering algorithm in terms of accuracy and recall rate under different number of neighbor users and different lengths of recommendation list. Moreover, for different sparsity data sets, the MAE increment value of the proposed algorithm is reduced by 8%-24.6%, with higher recommendation precision and accuracy.

    Reference | Related Articles | Metrics
    Towards a Privacy-preserving Research for AI and Blockchain Integration
    Journal of Information Security Reserach    2023, 9 (6): 557-.  
    Abstract1053)      PDF (1307KB)(401)       Save
    With the widespread attention and application of artificial intelligence (AI) and blockchain technologies, privacy protection techniques arising from their integration are of notable significance. In addition to protecting the privacy of individuals, these techniques also guarantee the security and dependability of data. This paper initially presents an overview of AI and blockchain, summarizing their combination along with derived privacy protection technologies. It then explores specific application scenarios in data encryption, deidentification, multitier distributed ledgers, and kanonymity methods. Moreover, the paper evaluates five critical aspects of AIblockchainintegration privacy protection systems, including authorization management, access control, data protection, network security, and scalability. Furthermore, it analyzes the deficiencies and their actual cause, offering corresponding suggestions. This research also classifies and summarizes privacy protection techniques based on AIblockchain application scenarios and technical schemes. In conclusion, this paper outlines the future directions of privacy protection technologies emerging from AI and blockchain integration, including enhancing efficiency and security to achieve more comprehensive privacy protection of AI privacy.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2024, 10 (E1): 155-.  
    Abstract117)      PDF (1693KB)(110)       Save
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2024, 10 (E2): 32-.  
    Abstract288)      PDF (3674KB)(191)       Save
    Reference | Related Articles | Metrics
    Research on Network Unknown Attack Detection Based on Machine Learning#br#
    #br#
    Journal of Information Security Reserach    2025, 11 (9): 807-.  
    Abstract75)      PDF (1297KB)(20)       Save
    In the complex context of the continuous evolution of cybersecurity threats, the threats posed by unknown network attacks to digital infrastructure are increasing daily. Consequently, The technology for detecting unknown network attacks based on machine learning has emerged as a focal point in research. This paper first discusses the classification of intrusion detection systems and the commonly used technologies for detecting unknown network attacks. Subsequently, it conducts an indepth exploration of the methods for detecting unknown attacks based on machine learning from three dimensions: anomaly detection, openset recognition, and zeroshot learning. Furthermore, it summarizes the commonly used datasets and key evaluation indicators. Finally, it summarizes and looks ahead to the development trends and challenges of unknown attack detection. This article can provide references for further exploring new methods and technologies in the field of cyberspace security.
    Reference | Related Articles | Metrics
    Overview of Electronic Data Forensics Technology
    Journal of Information Security Research    2016, 2 (4): 299-306.  
    Abstract793)      PDF (5966KB)(959)       Save
    Electronic data forensics is a comprehensive subject, involving the related knowledge of computer science, law, criminal investigation, and other fields. Based on the practice of electronic data forensics, the paper briefly describes the general process of electronic data forensics, and proposes the technical system model. Emphatically, this paper sorts out the common techniques and technical standards of electronic data forensics, then describes the development tendency of electronic data forensics.
    Reference | Related Articles | Metrics
Author Center
Review Center
京ICP备19004174号
Copyright © Journal of Information Security Reserach, All Rights Reserved.
Tel: 010-68558637 E-mail: ris@cei.cn
Powered by Beijing Magtech Co., Ltd.