Journal of Information Security Reserach

Select

Research on Critical Information Infrastructure Security Protection

Journal of Information Security Reserach 2025, 11 (12): 1074-.

Abstract （45）

PDF （334KB）（33）

Save

Related Articles | Metrics

Select

Research on the Standard System of Security Protection for Critical Information Infrastructure#br#

#br#

Journal of Information Security Reserach 2025, 11 (11): 979-.

Abstract （26）

PDF （947KB）（19）

Save

As a pivotal cornerstone of the digital society, the security of critical information infrastructure directly affects economic development, social stability, national wellbeing, and national security. By analyzing the strategic significance of security protection standards for critical information infrastructure, and drawing on a study of the current landscape of domestic and international policies, this paper conducts an indepth analysis of the challenges and existing issues confronting the development of China’s security protection standard system for critical information infrastructure. In response to these problems, optimized strategies of China’s security protection standard system for critical information infrastructure are proposed from the perspectives of toplevel design, improvement of the standard system, and enhancement of effectiveness. The purpose of this paper is to refine the nation’s security protection standard system for critical information infrastructure, elevate the security protection capabilities thereof, safeguard social stability and national security, and realize sustainable development.

Reference | Related Articles | Metrics

Select

Research on Security Challenges and Countermeasures for Critical Information Infrastructure in the Artificial Intelligence Era

Journal of Information Security Reserach 2025, 11 (12): 1087-.

Abstract （34）

PDF （944KB）（19）

Save

With the rapid advancement of artificial intelligence (AI) technologies, critical information infrastructure is confronting unprecedented security challenges. This paper employs systematic analysis and comparative research methods to examine the security threats faced by critical information infrastructure in the AI era, specifically focusing on structural vulnerabilities, governance lag, and dual technical risks. Drawing on the strategic practices of major economies such as the United States, the European Union, and Japan, it proposes that China should enhance AI security policy standards, establish a security risk governance framework, and strengthen security technology innovation. Through these pathways, China can build a selfreliant, secure, and reliable AIenabled critical information infrastructure system, thereby enhancing national digital security capabilities and global competitiveness.

Reference | Related Articles | Metrics

Select

An Overview of Application and Technology of Artificial Intelligence in Cybersecurity

Journal of Information Security Reserach 2022, 8 (2): 110-.

Abstract （2052）

PDF （1142KB）（1420）

Save

Compared with the developed countries, the basic research and technology application in the field of artificial intelligence in China started later, especially the application of artificial intelligence in the important field of network security. Domestic and abroad disparity is still very obvious, which seriously affects the improvement of China's cybersecurity capability. This paper elaborates the relationship between artificial intelligence, network attack and network defense, and widely investigates the application status of artificial intelligence in major information security companies at home and abroad. It points out that APT detection, 0day vulnerability mining and cloud security are three core areas that affect the level of cybersecurity capability, This paper deeply analyzes the key technologies of artificial intelligence technology applied in these three fields, and puts forward the safety risks of artificial intelligence technology, and points out that artificial intelligence technology is not a panacea for all diseases, This Paper provides a scientific reference for the further research and application of artificial intelligence technology in China's information security industry.

Reference | Related Articles | Metrics

Select

A Survey of Zero Trust Research

Journal of Information Security Research 2020, 6 (7): 608-614.

Abstract （1361）

PDF （2068KB）（1633）

Save

With the popularization of cloud computing, mobile office and other technologies, the enterprise network structure becomes complex. The traditional network security model is based on the idea of boundary protection, which can not meet the current needs. Zero trust is a new network security model, where no distinction is made between internal and external networks and all entities need authentication and authorization before accessing resources, which can be used to protect the network whose perimeter is increasingly fuzzy. This paper gives the definition of zero trust, introduces the architecture of zero trust, analyzes the core technology of zero trust, compares and analyses several representative zero trust schemes, summarizes the development status, points out the research direction needing attention in this field, which can provide reference for the research and application of zero trust.

Reference | Related Articles | Metrics

Select

An Access Control Model Based on Data Classification and Grading System for Education Cloud Platform

Journal of Information Security Reserach 2022, 8 (4): 400-.

Abstract （240）

PDF （2511KB）（261）

Save

The education cloud platform is one of the key infrastructures for education digitization construction. It unifies business data from different departments and organizations to eliminate information silos and reduce the redundant construction of information systems. However, although the education cloud platform realizes data sharing, it also seriously influences the security of data resources because of its open and dynamic characteristics. Considering the data management and control of the education cloud platform, this paper proposes an access control model based on data classification and grading system. The model comprehensively considers the security factors such as data class, security grade, life cycle and sensitive level, and tags the data from multidimension views. The secure tag is integrated with the rolebased access control policy to construct a twostage authorization model of coarsegrained filtering and finegrained control for managing data. The prototype system proves that the proposed model can restrict data sharing and prevent users from overprivileged manipulation.Key wordscloud platform; data security; access control model; data classification and grading; secure tag; RBAC

Reference | Related Articles | Metrics

Select

Research on Talent Cultivation for Critical Information Infrastructure Security Protection

Journal of Information Security Reserach 2025, 11 (12): 1081-.

Abstract （25）

PDF （922KB）（13）

Save

As the digital wave sweeps across the globe, the security of critical information infrastructure has become central to national cybersecurity strategies. Cultivating a highcaliber talent pool capable of protecting these core facilities from cyber attacks has therefore become particularly crucial. By examining international practical experience in training professionals for the security protection of critical information infrastructure systems, and considering the current status and challenges of talent development in this field in China, this paper proposes recommendations to strengthen the foundation, address existing challenges, and optimize talent development. These suggestions aim to support and guide the development and training of professionals responsible for securing China’s critical information infrastructure.

Reference | Related Articles | Metrics

Select

AI and Data Privacy Protection: The Way to Federated Learning

Journal of Information Security Research 2019, 5 (11): 961-965.

Abstract （1379）

PDF （1395KB）（1327）

Save

With the tremendous advance in computing, algorithms and data volume, artificial intelligence ushered in the third development climax, and began to gain a foot hold in exploring various industries. However, as the emergence of “big data”, more “small data” or “poorquality data”, and “data silos” exist in industry applications. For example, in the information security realm, it is difficult for enterprises who provide security services such as content security auditing and intrusion detection based on artificial intelligence technology to exchange raw data due to the consideration of user privacy and trade secrets protection. The services between enterprises are independent, and the overall development of cooperation and technology is difficult to make a breakthrough in a short period of time. How to promote greater cooperation on the premise of protecting the privacy of organizations? Will there be any chance for technical means to solve the data privacy protection problems? Federated Learning is an effective way to solve this problem and achieve acrossenterprise collaborative governance.

Reference | Related Articles | Metrics

Select

A Federated Learning Privacy Protection Method for Multikey Homomorphic Encryption in the Internet of Things

Journal of Information Security Reserach 2024, 10 (10): 958-.

Abstract （605）

PDF （1704KB）（235）

Save

With federated learning, multiple distributed IoT devices can jointly train a global model by updating the transmission model without leaking raw data. However, federated learning systems are susceptible to model inference attacks, resulting in compromised system robustness and data privacy. A federated learning privacy protection method for multikey homomorphic encryption in the Internet of Things is proposed to address the issues of existing federated learning solutions being unable to protect the confidentiality of shared gradients and resisting collusion attacks initiated by clients and servers. This method utilizes multikey homomorphic encryption to achieve gradient update confidentiality protection. Firstly, by using proxy reencryption technology, the ciphertext under different public keys is converted into encrypted data under the public key, ensuring that the cloud server can decrypt the gradient ciphertext. Then, IoT devices use their own public key and random secret factor to encrypt local gradient data, which can resist collusion attacks initiated by malicious devices and servers. Secondly, an identity authentication method based on hybrid cryptography was designed to achieve realtime verification of the identities of participants in federated modeling. In addition, in order to further reduce client computing costs, some decryption calculations are coordinated with trusted servers for computation, and users only need a small amount of computation. A comprehensive analysis was conducted on the proposed solution to evaluate its safety and efficiency. The results indicate that the proposed scheme meets the expected security requirements. Experimental simulation shows that compared to existing schemes, this scheme has lower computational overhead and can achieve faster and more accurate model training.

Reference | Related Articles | Metrics

Select

Insider Threat Detection Model Based on SSIMGAN and Time Series Transformer

Journal of Information Security Reserach 2025, 11 (12): 1108-.

Abstract （25）

PDF （2431KB）（11）

Save

Insider threat detection is a critical component of information security, aiming to protect enterprise networks and data security by preventing damage caused by insider misconduct. This paper proposes a novel insider threat detection framework based on the CERT4.2 dataset. First, we construct multivariate timeseries data and design a structural similarity indexdriven auxiliary classifier generative adversarial network (SSIMACGAN) to augment threat data across different scenarios. This approach addresses the class imbalance issue in the CERT4.2 dataset by generating synthetic samples that closely match the original data distribution. Subsequently, a time series Transformer model with Focal Loss is adopted for classification tasks, enabling the model to prioritize hardtoclassify and minorityclass samples. Precision, recall, and F1score are used as evaluation metrics. Experimental results show that our method achieves a recall of 96.22% and F1score of 94.22% on the CERT4.2 dataset, outperforming baseline models. These results validate its effectiveness in mitigating data imbalance and reducing false negative rates.

Reference | Related Articles | Metrics

Select

Fileless Obfuscation Attack Recognition Based on Semantic Recovery and Large Language Model

Journal of Information Security Reserach 2025, 11 (12): 1125-.

Abstract （27）

PDF （1478KB）（11）

Save

With the continuous advancement of fileless attack techniques and strategies, research on identifying fileless malicious attack has garnered significant attention. Among these, fileless obfuscation attack, as a new type of covert, dynamic, and complex attack, can rapidly bypass existing attack engines and rulebased frameworks. To address this problem, this paper proposes an attack script restoration method guided by dynamic partial execution and semantic analysis tree guidance, enabling the restoration of obfuscated code. Furthermore, leveraging the efficiency of large models in attack understanding and semantic recognition, we integrate large models to achieve efficient identification and classification of fileless code. To further alleviate the limitations of large models in handling large code files and long passages, we also provide a semantic code compression strategy to retain critical attack semantics. Experimental results demonstrate that our proposed semantic restoration and large model identification methods can enhance effectiveness by around 10% compared to existing models and methods, while maintaining efficient attack identification efficiency.

Reference | Related Articles | Metrics

Select

Reentrancy Vulnerability Detection Method in Smart Contracts #br# Based on Hybrid Model and Attention Mechanism#br#

Journal of Information Security Reserach 2024, 10 (11): 1056-.

Abstract （127）

PDF （2021KB）（70）

Save

Addressing the challenges of low efficiency and accuracy in reentrancy vulnerability detection by traditional smart contract vulnerability detection tools and single deep learning models, this paper proposes a reentrancy vulnerability detection method based on hybrid model and attention mechanism (CNNBiLSTMATT). Firstly, data processing is performed using the Word2vec model to obtain feature vectors. Secondly, these vectors undergo processing through a combination of convolutional neural network (CNN) and bidirectional long shortterm memory (BiLSTM) networks to extract features. The attention mechanism then assigns weights to highlight key features. Finally, a fully connected layer and Softmax classifier are utilized to classify the generated results, enabling reentrancy vulnerability detection in smart contracts. The experimental results demonstrate that compared with the traditional tools and deep learning methods, the method based on CNNBiLSTMATT proposed in this paper has been greatly improved in reentrant vulnerability detection. The accuracy, precision, recall rate and F1 value reached 92.53%, 93.27%, 91.73% and 92.5% respectively, confirming the effectiveness of the proposed method.

Reference | Related Articles | Metrics

Select

Private Set Intersection Cardinality Protocol for Supporting Set Dynamic Updating

Journal of Information Security Reserach 2025, 11 (12): 1099-.

Abstract （19）

PDF （1322KB）（10）

Save

The private set intersection cardinality (PSICA) enables each participant to obtain only the intersection size while keeping other information private. For instance, when it comes to measuring the ad conversion rates, the number of ad viewers on the ad platform is much smaller than the number of service subscribers of the service provider, and the set owned by the service provider is constantly changing. However, the majority of the existing PSICA protocols do not suppport the dynamic updating of sets. To this end, this paper proposes a PSICA protocol based on switched encryption and dynamic Bloom filters for nonequilibrium scenarios and supports dynamic updating of ensembles. The security proof shows that the protocol can be proven to be secure under the random oracle model. The performance analysis and simulation experimental results indicate that the protocol is able to achieve the intersection base computation with acceptable overhead and the misclassification rate of the dynamic Bloom filter is maintained at a low level.

Reference | Related Articles | Metrics

Select

Research on Software Reliability Engineering Integrated Application Modeling Technology

Journal of Information Security Research 2018, 4 (11): 1002-1010.

Abstract （136）

PDF （2236KB）（320）

Save

tSoftware reliability engineering, as a technology to ensure and improve software reliability, plays an important role in software development. But because of software reliability engineering activities is put in bigger difference, the purpose and process in engineering practice to the software reliability engineering technology organically unifies in together, and it's easy to have a software reliability engineering process from the situation of the software development process, seriously affected the application and promotion of software reliability engineering. This article through to the software reliability engineering activities and the development process, and the reliability engineering activity data analysis of the interactive relationship between data-driven software reliability engineering process model is put forward, the model in the form of a workflow implementation information interaction between the software reliability engineering activities, realize the whole process of the software reliability engineering of software development technical support, reliability is conducive to the realization of the software reliability engineering integrated environment.

Reference | Related Articles | Metrics

Select

Flow Anomaly Detection Based on Hierarchical Clustering Method

Journal of Information Security Research 2020, 6 (6): 0-0.

Abstract （1164）

PDF （1784KB）（673）

Save

With the advent of the big data era, the attacks in network traffic are rising dramatically. Detecting malicious traffic through abnormal flow detection is vital. Nowadays, the equipment of abnormal flow detection used in industry mainly adopts statistical analysis method or simple machine learning method. However, the amount of flow data and redundant data is large. The precision rate is low and the false alarm rate is high. In order to solve these problems, this paper presents a new method to detect flow anomalies based on hierarchical clustering in data processing. This method first uses the hierarchical clustering algorithm to achieve the purpose of data reduction. Then based on seven different machine learning algorithms, an abnormal traffic model based on hierarchical clustering is constructed. The experimental results show that this method can detect the abnormal behavior on the DARPA dataset with a precision rate of 99% and a recall rate of 99%. At the same time, while maintaining the precision rate of 90%, the data reduction can be up to 47.58%, which greatly improves the detection efficiency.

Related Articles | Metrics

Select

The Research of the Organizational Management Systems in Security Protection for Critical Information Infrastructure#br#

Journal of Information Security Reserach 2025, 11 (11): 993-.

Abstract （20）

PDF （946KB）（9）

Save

In recent years, cyberattacks targeting national critical information infrastructure systems have increased rapidly, intensifying the security situation increasingly severe. Cyberattacks exploiting vulnerabilities in weak defense systems have become a major threat to the security protection of critical information infrastructure. Under the increasingly complex cyberattack environment, building a coordinated defense mechanism has become especially important. This paper analyzes the evolution and progress of organizational management in the area of critical information infrastructure security both domestically and internationally, and proposes a series of improvement measures. These efforts aim to provide reference for the future development of organizational management systems in coordinated security protection for critical information infrastructure.

Reference | Related Articles | Metrics

Select

Comparative Analysis and Countermeasures of Domestic and Foreign Laws and Regulations on Artificial Intelligence#br#

Journal of Information Security Reserach 2025, 11 (11): 1048-.

Abstract （22）

PDF （1119KB）（9）

Save

In recent years, AI (artificial intelligence) technology has developed rapidly. As one of the core driving forces, AI algorithms have gradually shown great potential and influence in many fields, such as medical care and finance. However, while algorithmic technology brings innovation and convenience, it also raises a series of complex legal and ethical issues. In response to these concerns, governments have introduced relevant laws and regulations to regulate the development and application of algorithms, and safeguard the public interest and social order. However, the current domestic and foreign laws and regulations show the characteristics of decentralization and fragmentation, lack of systematic and comprehensive analysis, which not only increases the difficulty of enterprises in algorithm compliance, but also affects the healthy and orderly development of algorithm technology. Therefore, this paper systematically and comprehensively analyzes the basic framework and characteristics of China’s AI regulations, and further compares the algorithm governance with relevant foreign regulations. The advantages and disadvantages are summarized to put forward targeted countermeasures and suggestions, which provides valuable practical reference for policy makers and enterprise managers, and jointly promotes the development and application of China’s AI technologies.

Reference | Related Articles | Metrics

Select

AI Security—Research and Application on Adversarial Example

Journal of Information Security Research 2019, 5 (11): 1000-1007.

Abstract （803）

PDF （3155KB）（841）

Save

With the rapid development of AI (artificial intelligence), the number of AI systems and applications grows explosively. AI has been closely linked to numerous people and brings great convenience to their life. Meanwhile, AI also leads to big challenges in the cyber security area. Some malicious fraudsters take advantage of AI to attack internet systems especially in the field of captcha generation. The antiknowledge map captcha based on the adversarial example technology is proposed, which fused the natural language processing technology and adversarial example generation technology, and thus increase the robustness to attacks and safeguard the security environment of internet.

Reference | Related Articles | Metrics

Select

Unified Authority Management Scheme in Zero Trust Architecture

Journal of Information Security Reserach 2021, 7 (11): 1047-.

Abstract （486）

PDF （1922KB）（406）

Save

Zero trust security architecture is subverting people's perception of enterprise security. Its main point is "continuous verification, never trust", which makes more requirements for the subject, object and time of authentication and authorization. This paper mainly discusses how to quickly achieve unified authority management and control under the background of zero trust from the perspective of authority management. Through the investigation and analysis of many enterprises, functional authority and data authority are the most common dimensions of authority management in enterprises. Based on this, we can design a set of universal and highly flexible unified authority platform, which is used to centrally manage the authority data of each enterprise information system, realize the efficient control of authority under the zero trust architecture, and ensure the data security and business security

Reference | Related Articles | Metrics

Select

The Enlightenment and Reference of Cybersecurity Protection Policies for Critical Information Infrastructure

Journal of Information Security Reserach 2025, 11 (10): 885-.

Abstract （75）

PDF （920KB）（26）

Save

The security and stability of critical information infrastructure (CII) are of crucial importance to national security, economic development, and social stability. The insights and lessons learned from the CII security safeguards policies of countries and organizations such as the European Union, Japan, the United States, and Russia merit reference. CII security safeguards policies in China has gone through the stages of early exploration, rapid development, and comprehensive advancement; it is confronted with real predicaments including insufficient policy foresight, inadequate crossdomain coordination and collaboration, poor coordination and alignment of standards, and weak discourse power in international rules. It is suggested that China should strengthen the strategic guidance and toplevel design for CII, improve the crossdomain overall planning and linkage mechanism, formulate and refine CII protection standards.

Reference | Related Articles | Metrics

Select

Research on Highquality Development of New Infrastructures Under Critical Information Infrastructure Security Protection

Journal of Information Security Reserach 2025, 11 (10): 891-.

Abstract （71）

PDF （957KB）（24）

Save

Developing new infrastructure plays a crucial role in enhancing the security protection capabilities of critical information infrastructure. The approaches adopted by relevant countries in advancing new infrastructure—such as boosting global competitiveness, prioritizing key technology R&D, attracting deep private sector participation, promoting unified standards and regulations, and strengthening supply chain resilience—offer valuable insights. Although China’s new infrastructure has seen continuous improvements in recent years regarding development scale, technological autonomy, digital and intelligent capabilities, and its capacity to support critical infrastructure, it also faces challenges such as significant intrinsic security risks, risks associated with introducing new technologies, and lagging standardization efforts. It is recommended in terms of to drive the highquality development of new infrastructure by leveraging intelligent upgrades as the driving force, functional expansion as the connecting link, and boundary governance as the focal point.

Reference | Related Articles | Metrics

Select

Highorder Program Driven by Large Language Model

Journal of Information Security Reserach 2025, 11 (11): 1008-.

Abstract （19）

PDF （2871KB）（8）

Save

Large language models (LLMs) often exhibit hallucinations in various occasions, leading to unreliable inferences. Such vulnerabilities render it critical for LLMs to be adopted cautiously in vertical domains such as financial, medical, and cybersecurity domains. In preLLM era, humans have accumulated the best practices to ensure reliabilities of complicated tasks through careful engineering. Standard operating procedures (SOP) and Check List are the exemplars of these best practices. Likewise, in LLM era, we propose highorder program (HOP)to achieve the reliability breakthroughs. By fusing both accurate execution of traditional programing languages, and superior knowledge intrinsics of LLMs, HOP sets the backbone of the control system required by vertical LLM applications. HOP achieves automations by leveraging key vertical knowledge and practices. More importantly, it delivers expected reliability through verifications. HOP itself can be autogenerated by LLMs, which further incentivizes its wide adoptions. Lately, we have applied HOP in different scenarios including fulllifecycle financial risk management in cryptographic computing settings, duplicate charges in medical diagnosis, and intrusion detection. HOP has achieved 5 to 10 folds of efficiency improvement, and an accuracy as good as 99% across aforementioned scenarios.

Reference | Related Articles | Metrics

Select

Research on the Risk Assessment System for Data Security in the Transportation Industry#br#

Journal of Information Security Reserach 2025, 11 (11): 1064-.

Abstract （22）

PDF （5683KB）（8）

Save

The transportation information system is not only a critical component of the national key information infrastructure, but also an important industry of the 2+8+N system, in which is crucial to the nation’s economy and people’s livelihood. With the continuous advancement of smart transportation construction, the volume of traffic data is growing rapidly. The position of data as a production factor highlights its importance and value, and also induces higher demands for data security. The transportation industry pays close attention to data security, and based on national policies, laws, regulations, and standards, the competent transportation authorities have issued a series of industry standards and regulations to guide the security of transportation data. However, the transportation industry covers a wide range of business areas, and its data has characteristics such as multisource, heterogeneity, partiality, spatiotemporal correlation, asynchronicity, information sparsity, and concurrency. Moreover, the data has a high degree of mobility, and the operational conditions and flow are complex, making data surveillance a large range and great difficulty, which brings a series of challenges to the protection of data security. Based on existing laws, regulations, and standards, and deeply integrating the characteristics of transportation industry data, this research on the data security risk assessment system provides a reference for the construction of transportation data security protection.

Reference | Related Articles | Metrics

Select

USB Device Access Control Policy Based on Attributebased RBAC Mixed Extension

Journal of Information Security Reserach 2025, 11 (12): 1146-.

Abstract （19）

PDF （2108KB）（8）

Save

Aiming at the hot issue of USB (universal serial bus) device security defense, this paper explores access control methodologies. It proposes a mixed extention access control model of Attributebased RBAC (rolebased access control). Then based on the model, this paper designs and implements an access control system for USB device by combining authentication and control. This experiment verifies the feasibility of the model and its access control system. The results show that this system could solve the problems of coarsegrained and static allocation in traditional USB device access control.

Reference | Related Articles | Metrics

Select

Research on Physical Layer Security of CRNOMA System Based on DC Programming

Journal of Information Security Reserach 2025, 11 (3): 275-.

Abstract （110）

PDF （1559KB）（39）

Save

A physical layer security scheme for CRNOMA systems based on DC(difference of convex) function planning is proposed to address the communication security issues caused by the openness of CRNOMA systems. In the NOMA(nonorthogonal multiple access) communication scenario, construct a multiuser eavesdropping channel model derive the security and rate expressions for the CRNOMA system; And design a DCbased carrier power allocation algorithm to solve the optimal solution for subchannel power allocation and improve the security of system subcarriers. The simulation results show that without increasing the power of the base station, its SSR is improved by 35% and 10%, respectively, compared to OFDMA and NOMA; Under the same SSR, the maximum number of users can increase by 200%. Verified that the scheme can effectively enhance the physical layer security of the system.

Reference | Related Articles | Metrics

Select

Design of a Large Model Data Supervision System Based on Blockchain

Journal of Information Security Reserach 2025, 11 (8): 682-.

Abstract （152）

PDF （2618KB）（68）

Save

Large model (LM) has shown great potential in the fields of natural language processing, image and speech recognition, and has become a key force driving the technological revolution and social progress. However, the wide application of LM technology brings challenges such as data privacy risks, data compliance regulation, and data regulatory activation and intelligence. This paper aims to explore how to utilize blockchain to design and construct an effective data regulatory system to promote its healthy development, in order to meet the challenges brought by the application of massive data to LM. This paper analyzes the trends and current status of the development of LM at home and abroad, and points out the main challenges to LM data regulation, including data privacy risks, data compliance, and the difficulty of effective supervision by regulators . A blockchainbased data regulation system design scheme is proposed to address these challenges, which realizes the fullcycle data regulation of LM data from the native metadata to the input of training until the posttraining feedback through four interconnected modules, namely, privacy protection, consensus algorithm, incentive mechanism, and smart contract. Finally, the application prospect of blockchain in LM data supervision is summarized, and the future trend of data supervision is outlooked.

Reference | Related Articles | Metrics

Select

DGA Domain Name Generation Method of BiLSTM Model Based on Bayesian HPO

Journal of Information Security Reserach 2025, 11 (10): 950-.

Abstract （71）

PDF （1488KB）（17）

Save

In recent years, domain generation algorithms (DGA) have been extensively utilized in network attacks to dynamically generate large quantities of random domain names for malicious software communications, posing a severe challenge for security defenses. As DGA structures grow increasingly complex, traditional domain classification methods that rely on manually extracted features struggle to adapt to new variants in a timely manner. Although generationbased deep models can automatically capture latent patterns from data, their large parameter sizes and intricate hyperparameter tuning often hinder stable performance across diverse DGA. To tackle these issues, this paper proposes a DGA domain generation approach based on a bidirectional long shortterm memory (BiLSTM) model enhanced by Bayesian hyperparameter optimization(Bayesian HPO). By automating the tuning of critical hyperparameter, our method significantly reduces manual intervention and training overhead, while strengthening the robustness and generalization capability of the model against various DGA. Experimental results demonstrate that the proposed approach achieves excellent generation accuracy on multiple DGA families, providing a proactive, forwardlooking defense strategy for network security.

Reference | Related Articles | Metrics

Select

SM3 Cryptographic Hash Algorithm

Journal of Information Security Research 2016, 2 (11): 983-994.

Abstract （1438）

PDF （8502KB）（899）

Save

The cryptographic hash functions play an important role in modern cryptography. They are used to compress messages of arbitrary length to fixed length hash values. The most common cryptographic applications of hash functions are with digital signature and for data integrity. SM3 cryptographic hash algorithm is issued as the industry standard in 2012. In 2016, it was published as national standard. It takes a 512bit message as input and outputs a 256bit hash value. This paper summarizes the design, properties, software and hardware implementations and cryptanalysis of SM3 cryptographic hash algorithm. Furthermore, we compare SM3 with other hash standards.

Reference | Related Articles | Metrics

Select

A Survey of Botnet

Journal of Information Security Research 2017, 3 (7): 589-600.

Abstract （696）

PDF （9509KB）（302）

Save

In recent years, the botnet has become more and more complex, the scale is also growing. Botnets have become one of the largest Internet security threat, they have been used to launch DDOS attacks, send spam, steal sensitive information, and even launch a cyber－war. According to CNCERT‘s monitoring data, in 2013, there are more than 10900000 hosts that are controlled by more than 29000 overseas servers. In order to reduce the destruction of botnets, security researchers have proposed a variety of security detection mechanisms, Microsoft also cooperated with various security agencies and the federal court to close some botnets. But botnets constantly update to evade and use a more covert command control channel. This paper briefly summarizes the botnet system structure, protocol type, escape technology, detection technology, recently shut down event, and the new development trend.

Reference | Related Articles | Metrics

Select

A Survey of SQL Injection Attack Detection and Defense Technology

Journal of Information Security Reserach 2023, 9 (5): 412-.

Abstract （766）

PDF （2612KB）（419）

Save

In the era of “Internet+”, data is the most valuable resource of the Internet. Attackers often use SQL injection attacks to destroy the database in order to obtain important data information in the database. The threat to database security is becoming more and more serious. At present, the research on SQL injection attacks mostly focuses on traditional SQL injection attacks, but lacks the cognition of new advanced SQL injection technology with stronger concealment and higher risk, and the research on related detection and defense technology. In response to this phenomenon, this paper analyzes and evaluates traditional and advanced SQL injection attack technologies and their technical characteristics based on the classification of SQL injection technologies; summarizes existing detection and defense technologies, and evaluates the advantages and disadvantages of these methods for defense effectiveness; finally The problems existing in the current research field are sorted out, and suggestions for future research directions are put forward.

Reference | Related Articles | Metrics

Select

A Review of Hardware Accelerated Research on Zeroknowledge Proofs

Journal of Information Security Reserach 2024, 10 (7): 594-.

Abstract （892）

PDF （1311KB）（297）

Save

ZeroKnowledge Proofs (ZKP) are cryptographic protocols that allow a prover to demonstrate the correctness of a statement to a verifier without revealing any additional information. This article primarily introduces research on the acceleration of zeroknowledge proofs, with a particular focus on ZKPs based on Quadratic Arithmetic Programs (QAP) and Inner Product Proofs (IPA). Studies have shown that the computational efficiency of zeroknowledge proofs can be significantly improved through hardware acceleration technologies, including the use of GPUs, ASICs, and FPGAs. Firstly, the article introduces the definition and classification of zeroknowledge proofs, as well as the difficulties encountered in its current application. Secondly, this article discusses in detail the acceleration methods of different hardware systems, their implementation principles, and their performance improvements over traditional CPUs. For example, cuZK and GZKP utilize GPUs to perform Multiscalar Multiplication (MSM) and Number Theoretic Transform (NTT), while PipeZK, PipeMSM, and BSTMSM accelerate these computational processes through ASICs and FPGAs. Additionally, the article mentions applications of zeroknowledge proofs in blockchain for concealing transaction details, such as the private transactions in ZCash. Lastly, the article proposes future research directions, including accelerating more types of ZKPs and applying hardware acceleration to practical scenarios to resolve issues of inefficiency and promote the widespread application of zeroknowledge proof technology.

Reference | Related Articles | Metrics

Select

Journal of Information Security Reserach 2024, 10 (E1): 236-.

Abstract （630）

PDF （796KB）（402）

Save

Reference | Related Articles | Metrics

Select

Journal of Information Security Reserach 2024, 10 (E1): 252-.

Abstract （151）

PDF （836KB）（70）

Save

Reference | Related Articles | Metrics

Select

A Review of Adversarial Attack on Autonomous Driving Perception System

Journal of Information Security Reserach 2024, 10 (9): 786-.

Abstract （477）

PDF （1560KB）（289）

Save

The autonomous driving perception system collects surrounding environmental information through various sensors and processes this data to detect vehicles, pedestrians and obstacles, providing realtime foundational data for subsequent control and decisionmaking functions. Since sensors are directly connected to the external environment and often lack the ability to discern the credibility of inputs, the perception systems are potential targets for various attacks. Among these, adversarial example attack is a mainstream attack method characterized by high concealment and harm. Attackers manipulate or forge input data of the perception system to deceive the perception algorithms, leading to incorrect output results by the system. Based on the research of existing relevant literature, this paper systematically summarizes the working methods of the autonomous driving perception system, analyzes the adversarial example attack schemes and defense strategies targeting the perception system. In particular, this paper subdivide the adversarial examples for the autonomous driving perception system into signalbased adversarial example attack scheme and objectbased adversarial example attack scheme. Additionally, the paper comprehensively discusses defense strategy of the adversarial example attack for the perception system, and subdivide it into anomaly detection, model defense, and physical defense. Finally, this paper prospects the future research directions of adversarial example attack targeting autonomous driving perception systems.

Reference | Related Articles | Metrics

Select

Journal of Information Security Reserach 2024, 10 (E2): 92-.

Abstract （179）

PDF （936KB）（83）

Save

Reference | Related Articles | Metrics

Select

Journal of Information Security Reserach 2024, 10 (E2): 105-.

Abstract （673）

PDF （929KB）（358）

Save

Reference | Related Articles | Metrics

Most Download articles