Most Download articles

Published in last 1 year | In last 2 years| In last 3 years| All| Most Downloaded in Recent Month| Most Downloaded in Recent Year|

Most Downloaded in Recent Month

Please wait a minute...


For Selected: Download Citations EndNote Ris BibTeX Toggle Thumbnails

Select

Model of Insider Threat Behavior Detection Based on Graph Neural Network Journal of Information Security Reserach    2025, 11 (7): 586-.   Abstract （99）      PDF （1890KB）（65）       Knowledge map    Save This paper designs a new detection model based on graph neural networks to address the shortcomings of existing models for insider threat behavior detection based on user behavior sequences, which cannot handle long sequences well. The model converts user behavior sequences into a graph structure and transforms the processing of long sequences into the processing of subgraph structures. The experiment designs a graph structure to describe user behavior, which is used to store user behavior in the form of graph data. The baseline GNN model is optimized for this graph structure, which is heterogeneous and has data stored on its edges. The experimental results show that, for the binary classification task of distinguishing normal and threatening behavior, the ROC AUC value of the proposed model is improved by 7% and the MacroF1 value is improved by 7% compared to the baseline model. In the sixclass classification task of distinguishing specific threat types, the MacroF1 value of the proposed model improves by 10% compared to the baseline model. Reference | Related Articles | Metrics

Select

Design of a Large Model Data Supervision System Based on Blockchain Journal of Information Security Reserach    2025, 11 (8): 682-.   Abstract （70）      PDF （2618KB）（29）       Knowledge map    Save Large model (LM) has shown great potential in the fields of natural language processing, image and speech recognition, and has become a key force driving the technological revolution and social progress. However, the wide application of LM technology brings challenges such as data privacy risks, data compliance regulation, and data regulatory activation and intelligence.  This paper aims to explore how to utilize blockchain to design and construct an effective data regulatory system to promote its healthy development, in order to meet the challenges brought by the application of massive data to LM. This paper analyzes the trends and current status of the development of LM at home and abroad, and points out the main challenges to LM data regulation, including data privacy risks, data compliance, and the difficulty of effective supervision by regulators . A blockchainbased data regulation system design scheme is proposed to address these challenges, which realizes the fullcycle data regulation of LM data from the native metadata to the input of training until the posttraining feedback through four interconnected modules, namely, privacy protection, consensus algorithm, incentive mechanism, and smart contract. Finally, the application prospect of blockchain in LM data supervision is summarized, and the future trend of data supervision is outlooked. Reference | Related Articles | Metrics

Select

Implicit Harmful Text Detection Technology Based on Knowledgeenhanced #br# Multitask Learning#br# Journal of Information Security Reserach    2025, 11 (8): 718-.   Abstract （42）      PDF （1578KB）（21）       Knowledge map    Save A large number of harmful texts on the Internet adopt implicit and euphemistic expressions to evade detection by censorship systems. Most of the current work focuses on explicit harmful speech and cannot effectively detect implicit harmful text. This paper investigates the detection of implicit euphemistic harmful text in Chinese using a multitask learning approach, where euphemistic sentence recognition is used to assist harmful text detection. Firstly, methods for integrating euphemistic language vocabulary features are explored to enhance the model’s representation of implicit meanings. Subsequently, contrastive learning is applied to enhance latent semantic representations and extract common features from implicitly harmful discourse. Finally, a multitask learning framework is constructed by combining euphemistic sentence recognition tasks with harmful text detection tasks, aiming to improve the detection performance through shared multitask parameters and multifeature fusion loss functions. The experimental results demonstrate the effectiveness of the model in detecting implicit harmful text. Reference | Related Articles | Metrics

Select

Optimal Path Generation Method for Industrial Control System  Penetration Testing Based on Reinforcement Learning Journal of Information Security Reserach    2023, 9 (12): 1159-.   Abstract （160）      PDF （1677KB）（116）       Knowledge map    Save Aiming at the deficiencies of existing penetration testing methods, this paper proposes an optimal penetration testing path generation method that combines the characteristics of industrial control systems and reinforcement learning models. Firstly, the typical structure and security threats of the industrial control system and the basic process of the penetration test are analyzed; then the target system and the attacker are modeled based on the reinforcement learning model, and an optimal path generation method for the penetration test based on QLearning is proposed. Finally, the experimental verification is carried out with the petroleum catalytic refining system as the object. The results show that the method can comprehensively consider the differences in testers’ professional skills and target equipment, and generate the optimal path for penetration testing from multiple efficient paths, providing solutions for penetration testing of largescale industrial control systems. Related Articles | Metrics

Select

Fake News Detection Model Based on Crossmodal Attention Mechanism and#br#  Weaksupervised Contrastive Learning#br# Journal of Information Security Reserach    2025, 11 (8): 693-.   Abstract （48）      PDF （1508KB）（19）       Knowledge map    Save With the widespread popularization of the Internet and smart devices, social media has become a major platform for news dissemination. However, it also provides conditions for the widespread of fake news. In the current social media environment, fake news exists in multiple modalities such as text and images, while existing multimodal fake news detection techniques usually fail to fully explore the intrinsic connection between different modalities, which limits the overall performance of the detection model. To address this issue, this paper proposes a hybrid model of crossmodal attention mechanism and weaksupervised contrastive learning(CMAWSCL) for fake news detection. The model utilizes pretrained BERT and ViT models to extract text and image features respectively, and effectively fuses multimodal features through the crossmodal attention mechanism. At the same time, the model introduces weaksupervised contrast learning, which utilizes the prediction results of effective modalities as supervisory signals to guide the contrast learning process. This approach can effectively capture and utilize the complementary information between text and image, thus enhancing the performance and robustness of the model in multimodal environments. Simulation experiments show that the CMAWSCL performs well on the publicly available Weibo17 and Weibo21 datasets, with an average improvement of 1.17 percentage points in accuracy and 1.66 percentage points in F1 score compared to the current stateoftheart methods, which verifies its effectiveness and feasibility in coping with the task of multimodal fake news detection. Reference | Related Articles | Metrics

Select

Evidence Extraction of USB Storage Device Accessing Traces under the Windows 7 System Journal of Information Security Research    2016, 2 (4): 333-338.   Abstract （306）      PDF （5162KB）（829）       Knowledge map    Save With the rapid development and popularization of computer technology, cyber crimes come one after another，there are a lot of computer evidences existing in the USB storage device. When USB storage device has access to computers, registry keys and computer log will record the accessing traces. Therefore, computer forensic investigators can accordingly confirm which USB device has connected to the computer at what time. This paper introduces the position of accessing traces and extraction methods, providing great support and help for certain evidence factors in judicial activities. Reference | Related Articles | Metrics

Select

Encrypted Traffic Detection Method Based on Knowledge Distillation Journal of Information Security Reserach    2025, 11 (8): 702-.   Abstract （51）      PDF （2774KB）（17）       Knowledge map    Save In recent years, with the rapid growth of Internet traffic, especially the popularity of encrypted communication, malicious traffic detection is facing a huge challenge, due to the limited resources and performance of mobile devices, which makes it more difficult to identify malicious behaviors in encrypted traffic on mobile. Therefore this paper proposes a knowledge distillation based encrypted traffic detection method. First, the traffic is transformed into images through visualization techniques; second, based on the ConvNeXt network architecture, the SK_SwiGLU_ConvNeXt network is constructed as the teacher network by introducing the SKNet attention mechanism and replacing the activation function GELU with SwiGLU; finally, the lightweight MobileNetV2 is selected as the student network and the use the teacher network to guide the student network training. The experimental results of this paper’s detection method on the publicly available dataset ISCX VPNNonVPN show that even in the resourceconstrained mobile device environment, the student network can improve the detection effect of the teacher model while reducing the model complexity, which proves that this method has efficient deployment potential on mobile devices. Reference | Related Articles | Metrics

Select

Journal of Information Security Reserach    2024, 10 (E1): 236-.   Abstract （538）      PDF （796KB）（373）       Knowledge map    Save Reference | Related Articles | Metrics

Select

Research on Analysis and Detection Methods of Adversarial Crosssite #br# Scripting Attacks Based on LSTM and CNN#br# Journal of Information Security Reserach    2025, 11 (8): 761-.   Abstract （39）      PDF （1115KB）（12）       Knowledge map    Save In recent years, machine learning and deep learning techniques have achieved significant success in detecting crosssite scripting (XSS) attacks. However, they still face challenges in defending adversarial attacks. To address this issue, this paper proposes an optimized method based on soft actorcritic (SAC) reinforcement learning combined with long shortterm memory (LSTM) and convolutional neural network (CNN). Firstly, adversarial samples are generated by leveraging the SAC and LSTMCNN detection model to simulate attacker strategies. These samples are then used for incremental training of the detection model, progressively narrowing the adversarial data generation space and improving the model’s robustness and detection accuracy. Experimental results show that the generated adversarial data achieves an evasion success rate of over 90% across multiple detection tools. After incremental training, the detection model’s defense capability against adversarial XSS attacks is significantly enhanced, with the evasion rate continuously decreasing. Reference | Related Articles | Metrics

Select

An Overview of Application and Technology of Artificial Intelligence in Cybersecurity Journal of Information Security Reserach    2022, 8 (2): 110-.   Abstract （1913）      PDF （1142KB）（1376）       Knowledge map    Save Compared with the developed countries, the basic research and technology application in the field of artificial intelligence in China started later, especially the application of artificial intelligence in the important field of network security. Domestic and abroad disparity is still very obvious, which seriously affects the improvement of China's cybersecurity capability. This paper elaborates the relationship between artificial intelligence, network attack and network defense, and widely investigates the application status of artificial intelligence in major information security companies at home and abroad. It points out that APT detection, 0day vulnerability mining and cloud security are three core areas that affect the level of cybersecurity capability, This paper deeply analyzes the key technologies of artificial intelligence technology applied in these three fields, and puts forward the safety risks of artificial intelligence technology, and points out that artificial intelligence technology is not a panacea for all diseases, This Paper provides a scientific reference for the further research and application of artificial intelligence technology in China's information security industry. Reference | Related Articles | Metrics

Select

A Privacy Budget Allocation Method Based on Differential #br# Privacy kmeans++#br# Journal of Information Security Reserach    2025, 11 (8): 710-.   Abstract （43）      PDF （1126KB）（11）       Knowledge map    Save For the traditional differential privacy kmeans++ algorithm, uniform budget allocation by the equal division method cannot meet varying privacy needs. Meanwhile, binary division rapidly depletes the budget, leading to excessive noise later on, both impairing clustering performance. To solve this problem, a new privacy budget allocation method combining the arithmetic and equal allocation methods was proposed. For initial center selection, use an equal division budget allocation. For center updates, early stage uses arithmetic progression, later stage switches to equal division, both focused on minimal budget. This approach ensures substantial initial privacy budget for minimal cluster center distortion, and moderate budget depletion later to prevent excessive noise that could compromise clustering outcomes. A series of experiments based on real data show that, compared to the original kmeans++, the minimum error is only 0.09%. Compared to the equal distribution method and the binary method, the clustering accuracy is improved by up to 14.9% and 16.9% respectively. It can be seen that this method is significantly better than the equal division and the binary division, and can improve the usability and accuracy of clustering results to a certain extent. Reference | Related Articles | Metrics

Select

A Survey of Zero Trust Research Journal of Information Security Research    2020, 6 (7): 608-614.   Abstract （1261）      PDF （2068KB）（1599）       Knowledge map    Save With the popularization of cloud computing, mobile office and other technologies, the enterprise network structure becomes complex. The traditional network security model is based on the idea of boundary protection, which can not meet the current needs. Zero trust is a new network security model, where no distinction is made between internal and external networks and all entities need authentication and authorization before accessing resources, which can be used to protect the network whose perimeter is increasingly fuzzy. This paper gives the definition of zero trust, introduces the architecture of zero trust, analyzes the core technology of zero trust, compares and analyses several representative zero trust schemes, summarizes the development status, points out the research direction needing attention in this field, which can provide reference for the research and application of zero trust. Reference | Related Articles | Metrics

Select

Journal of Information Security Reserach    2024, 10 (E2): 105-.   Abstract （588）      PDF （929KB）（340）       Knowledge map    Save Reference | Related Articles | Metrics

Select

Dualbranch Malicious Code Homology Analysis Model Based on Feature Fusion Journal of Information Security Reserach    2025, 11 (7): 594-.   Abstract （62）      PDF （2563KB）（18）       Knowledge map    Save In the homology analysis of malicious code, a large number of malicious code variants are generated due to techniques such as encryption, obfuscation, and packing, which leads to the problem that the deep learning model has insufficient ability to extract the features of malicious code. To solve this problem, a multibranch convolution and transformernet (MCATNet) homology analysis model based on feature fusion was proposed. Firstly, an MCATNet dualbranch network was constructed, one branch was a multibranch convolutional MBC (Multibranch convolution) module, and the MBC module was used to construct the CNN branch, and the CBAM hybrid attention mechanism was introduced to make the network pay more attention to the core features while taking into account the local features. Another branch is the Transformer module with ViT as the backbone, which extracts global feature information of malicious code images and proposes a downsampling module to finely preserve global features while aligning the feature maps of Transformer and CNN at the spatial scale. Secondly, the cascading strategy is used to fuse the local features of the CNN branch and the global features of the Transformer branch to solve the problem that the network only focuses on a single feature. Finally, the Softmax classifier was used to analyze the homology of the malicious code family. Experimental results show that the classification accuracy of the twobranch model based on feature fusion reaches 99.24%, which is 0.11% and 0.65% higher than that of the singlebranch CNN and singlebranch Transformer models, respectively. Reference | Related Articles | Metrics

Select

A PUFbased Identity Authentication and Key Negotiation Protocol for Telemedicine Journal of Information Security Reserach    2025, 11 (7): 626-.   Abstract （62）      PDF （2116KB）（13）       Knowledge map    Save Telemedicine is rapidly developing due to its high service efficiency and good medical experience, but the secure transmission of medical data is a critical challenge that needs urgent resolution. Although a large number of authentication and key negotiation protocols suitable for telemedicine environments exist, some of the protocols suffer from security risks and inefficiencies. To address the existing problems, we propose a PUFbased authentication and key negotiation protocol. The protocol employs a trusted gateway to implement a manytomany authentication and key negotiation mechanism, uses the PUF function to generate a “device fingerprint” for unique identification, and leverages the ECC algorithm to ensure the confidentiality of the data. The semantic security of the session key is proved under the random oracle model, the confidentiality and authenticity of the protocol are verified by the ProVerif simulation tool, and the nonformal analysis proves that the protocol is resistant to common attacks such as offline password guessing and session key compromise. Comparison results with related protocols in terms of computation overhead, storage overhead, communication overhead and security show that this protocol exhibits notable feasibility and advantages. Reference | Related Articles | Metrics

Select

Security Resource Scheduling Methods in Virtualization Environment Journal of Information Security Reserach    2025, 11 (7): 652-.   Abstract （53）      PDF （1729KB）（21）       Knowledge map    Save In the era of cloud computing, The integration of security technology and cloud computing has given rise to an innovative security defense approachvirtualization of security resources. This novel architecture serves as a basis for a comprehensive security protection system that consolidates multiple security functionsincluding firewalls, intrusion detection and prevention systems, and antivirus solutionsinto a flexible resource set through virtualization and softwaredefined technologies. This article delves into the relevant concepts, advantages, typical scheduling algorithms, and future development directions of secure resource virtualization. This article provides a detailed analysis of the composition devices and functional characteristics of virtualized security resources, and points out their advantages in resource virtualization and sharing, flexible expansion, unified management, and deep integration with cloud environments. In terms of scheduling algorithms, this article studies various typical virtualization security resource and task scheduling strategies, such as coral reef task scheduling algorithm, immune genetic algorithm, improved pollen transmission algorithm, and improved algorithm based on Pareto optimal theory, and explores their advantages and applicable scenarios. The article looks forward to the future development direction of security resource virtualization, The aim is to provide reference for further optimization configuration and cost control of security resource virtualization, and promote more efficient and stable development in the field of cloud computing under the premise of ensuring security. Reference | Related Articles | Metrics

Select

Unified Security Evaluation Test Model and System Establishment for 5G Assets Journal of Information Security Reserach    2021, 7 (5): 436-442.   Abstract （284）      PDF （1277KB）（202）       Knowledge map    Save The development of new architectures, technologies and applications of 5G poses new challenges to security. On the one hand, 5G introduces many IT technologies, making the form of assets more complex and diverse. The application of network slicing, multi-access edge computing, network capacity opening and other technologies brings new security threats. On the other hand, 5G is deeply integrated with vertical industries, and 5G security requires a transformation from "general security" to "on-demand security". Global System for Mobile Communications Association has established Network Equipment Security Assurance Scheme (NESAS), which leverages security evaluation to improve 5G security. However, NESAS mainly focus on large-scale 5G base station and core network equipment testing, lacking the scheme of network operation security and data protection.  A novel security evaluation model (ARMIT model) for 5G assets is proposed. The model first describes 5G assets composition and threats landscape, and then stresses the evaluation security requirements, indexes and methods regarding to 5G assets and network operation. It provides an effective reference for equipment enterprises and operators to carry out security capability evaluation of 5G products, networks and services. Reference | Related Articles | Metrics

Select

Authenticated Key Agreement Protocol for Postquantum  Anonymous Communication Journal of Information Security Reserach    2025, 11 (7): 661-.   Abstract （58）      PDF （1449KB）（14）       Knowledge map    Save As the scale of data in the network becomes more and more enormous. These data are highly associated with the users, once the data is leaked, the identity information and personal privacy of the users will be seriously threatened. The encryption system based on traditional number theory becomes no longer secure with the rapid development of quantum technology, in response to this problem, this paper proposes a key negotiation protocol that gives anonymous authentication on the lattice, based on lattice cryptography security challenges can resist quantum attacks, its security has been analyzed by the security model and theoretical and compared with similar schemes to obtain a significant improvement. This novel protocol is based on the authentication cryptography of lattice ciphers, which is capable of accomplishing mutual authentication and establishing secure communication, and is able to optimize the deployment of certificate system components of public key infrastructure. Reference | Related Articles | Metrics

Select

Research on Privacy Protection Technology in Federated Learning Journal of Information Security Reserach    2024, 10 (3): 194-.   Abstract （550）      PDF （1252KB）（323）       Knowledge map    Save In federated learning, multiple models are trained through parameter coordination without sharing raw data. However,  the extensive parameter exchange in this process renders the model vulnerable to threats not only from external users but also from internal participants. Therefore, research on privacy protection techniques in federated learning is crucial. This paper introduces the current research status on privacy protection in federated learning. It classifies the security threats of federated learning into external attacks and internal attacks.Based on this classification,  it summarizes external attack techniques such as model inversion attacks, external reconstruction attacks, and external inference attacks, as well as internal attack techniques such as poisoning attacks, internal reconstruction attacks, and internal inference attacks. From the perspective of attack and defense correspondence, this paper summarizes data perturbation techniques such as central differential privacy, local differential privacy, and distributed differential privacy, as well as process encryption techniques such as homomorphic encryption, secret sharing, and trusted execution environment. Finally, the paper analyzes the difficulties of federated learning privacy protection technology and identifies the key directions for its improvement. Reference | Related Articles | Metrics

Select

Research on Data Reuse Model of Classified Protection of Cybersecurity Based on Data Mining Journal of Information Security Reserach    2024, 10 (4): 353-.   Abstract （87）      PDF （1459KB）（111）       Knowledge map    Save Addressing the underutilization of the evaluation data in classified cybersecurity protection, this paper presents a model for reusing the evaluation data of classified protection of cybersecurity, comprising three dimensions: data classification, data reuse process and typical application scenarios. Firstly,  the data is classified according to the application scenarios, and basic data is statistically analyzed to draw conclusions from various perspectives. Secondly, utilizing the basic evaluation data and initial analysis conclusions as input, a data reuse model based on data mining is constructed to meet the diverse needs of different stakeholders. This model provides functions such as correlation analysis, classification analysis and cluster analysis, enabling a deeper exploration of the information behind the data. This approach facilitates the safe and effective utilization of data by relevant stakeholders, leveraging data as a strong support to play a more positive role in building a network security system. Reference | Related Articles | Metrics

Select

Research for Zero Trust Security Model Journal of Information Security Reserach    2024, 10 (10): 886-.   Abstract （349）      PDF （2270KB）（296）       Knowledge map    Save Zero trust is considered a new security paradigm. From the perspective of security models, this paper reveals the deepening and integration of security models in zero trust architecture, with “identity and data” as the main focus. Zero trust establishes a panoramic control object chain with identity at its core, builds defenseindepth mechanisms around object attributes, functions, and lifecycles, and centrally redirects the flow of information between objects. It integrates information channels to achieve layered protection and finegrained, dynamic access control. Finally, from an attacker’s perspective, it sets up proactive defense mechanisms at key nodes in the information flow path. Since zero trust systems are bound to become highvalue assets, this paper also explores the essential issues of inherent security and resilient service capabilities in zerotrust systems. Through the analysis of the security models embedded in zerotrust and its inherent security, this paper aims to provide a clearer technical development path for the architectural design, technological evolution, and selfprotection of zero trust in its application. Reference | Related Articles | Metrics

Select

Lightweighted Mutual Authentication and Key Agreement in V2N IoV Journal of Information Security Reserach    2025, 11 (8): 753-.   Abstract （38）      PDF （2403KB）（7）       Knowledge map    Save Aiming at the scenario of vehicle secure access to application servers in the V2N (vehicle to network) environment, a Kerberos extension protocol is proposed based on the PUF (physical unclonable function). This protocol provides the twoway authentication and key agreement between the vehicle and the remoted application server and ensured the confidentiality and authentication of the V2N data transmission. The CRP (challenge response pair) generated by the PUF is used to replace the password in standard Kerberos to prevent the threats of key leakage caused by physical attacks such as intrusion, semiintrusion, sidechannel attacks, etc. The characteristics of Kerberos’s lightweighted twoway authentication protocol can overcome the defects of high calculation complexity and slow speed of the public key authentication algorithms, and effectively provide the secure data transmission between vehicles and application servers. Reference | Related Articles | Metrics

Select

AI and Data Privacy Protection: The Way to Federated Learning Journal of Information Security Research    2019, 5 (11): 961-965.   Abstract （1277）      PDF （1395KB）（1299）       Knowledge map    Save With the tremendous advance in computing, algorithms and data volume, artificial intelligence ushered in the third development climax, and began to gain a foot hold in exploring various industries. However, as the emergence of “big data”, more “small data” or “poorquality data”, and “data silos” exist in industry applications. For example, in the information security realm, it is difficult for enterprises who provide security services such as content security auditing and intrusion detection based on artificial intelligence technology to exchange raw data due to the consideration of user privacy and trade secrets protection. The services between enterprises are independent, and the overall development of cooperation and technology is difficult to make a breakthrough in a short period of time. How to promote greater cooperation on the premise of protecting the privacy of organizations? Will there be any chance for technical means to solve the data privacy protection problems? Federated Learning is an effective way to solve this problem and achieve acrossenterprise collaborative governance. Reference | Related Articles | Metrics

Select

Journal of Information Security Reserach    2024, 10 (E2): 114-.   Abstract （176）      PDF （592KB）（98）       Knowledge map    Save Reference | Related Articles | Metrics

Select

Design and Implementation of Resourceefficient SM4 Algorithm on FPGA Journal of Information Security Reserach    2025, 11 (6): 490-.   Abstract （156）      PDF （2238KB）（81）       Knowledge map    Save In the hardware implementation of the SM4 algorithm, the lookup table method is commonly adopted for realizing the Sbox, which consumes a significant amount of hardware resources. This paper proposes an implementation scheme for the SM4 algorithm based on polynomial basis. Two construction schemes are developed for the 8×8 Sbox used in the SM4 algorithm, one based on composite field GF((24)2) and the other on composite field GF(((22)2)2). The test results indicate that the scheme based on polynomial bases GF((24)2) is optimal. Taking into account both resource utilization and performance, this paper designs two hardware implementation structures for SM4: a state machine parallel structure and a pipelined structure. Compared with the traditional lookup table approach, the state machine parallel structure reduces resource utilization by 21.98% while increasing the operating frequency by 14.4%. The pipelined structure achieves a reduction in resource utilization by 54.23%. Reference | Related Articles | Metrics

Select

Overview of Voiceprint Recognition Technology and Applications Journal of Information Security Research    2016, 2 (1): 44-57.   Abstract （1175）      PDF （12707KB）（643）       Knowledge map    Save With the rapid development of information technology, how to identify a person to protect hisher personal privacy as well as information security has become a hot issue. Comparing with the traditional identity authentication, the biometric authentication technologies have the features of not being to get lost, to be stolen or forgotten when being used. The use of them is not only fast and convenient, but also accurate and reliable. Being one of the most popular biometric authentication technologies, the voiceprint recognition technology has its unique advantages in the field of remote authentication and other areas, and has attracted more and more attention. In this paper, the voiceprint recognition technology and its applications will be mainly introduced, including the fundamental concept, development history, technology applications and industrial standardizations. Various kinds of problems and corresponding solutions are overviewed, and the prospects are pointed out finally. Reference | Related Articles | Metrics

Select

Overview of Biometric Recognition Technology Journal of Information Security Research    2016, 2 (1): 12-26.   Abstract （462）      PDF （13255KB）（445）       Knowledge map    Save The identity authentication based on biometric identification technology is the demand of the development of information and economic globalization, and also one of the important technologies in governmental and commercial fields. In this paper, the fundamental principles, performance evaluation, key technologies, research status and application of biometric recognition are introduced. Through the overview of the research on different biometric recognition technologies of fingerprint, palmprint, iris, face, fingervein, and voiceprint, we compare them in term of error rate, stability, usability, processing speed, and antispoofing. Then their applications in various aspects for both identification and verification scenarios are illustrated; the fusion technology and security problem are discussed; and the industrial and national standardization is introduced. Finally, the prospects of biometric recognition technologies are discussed additionally. Related Articles | Metrics

Select

Overview on Public Key Crytographic Algorithm SM2 Based on Elliptic Curves Journal of Information Security Research    2016, 2 (11): 972-982.   Abstract （1573）      PDF （7813KB）（912）       Knowledge map    Save Public key cryptographic algorithm SM2 based on elliptic curves (SM2 algorithm for abbreviation) was firstly issued in December 2010, had become the Chinese commercial cryptographic standard (GMT 0003—2012) in 2012, and had become the Chinese national cryptographic standard (GBT 32918—2016) in 2016. This paper briefly describe the development background of SM2 algorithm，describe SM2 algorithm in details，introduce the researches on its security, and evaluate its implementation efficiencies. All the researches on SM2 algorithm so far indicate that the provable securities of SM2 algorithm reach the supreme levels of public key cryptographic algorithms securities, and its implementation efficiencies are equivalent to or slightly superior to those similar elliptic curve cryptographic algorithms in some international standards. Reference | Related Articles | Metrics

Select

Overview on SM9 Identity Based Cryptographic Algorithm Journal of Information Security Research    2016, 2 (11): 1008-1027.   Abstract （3511）      PDF （13949KB）（6162）       Knowledge map    Save SM9 identitybased cryptographic algorithm is an identitybased cryptosystem with bilinear pairings. In such a system the user s private key and public key may be extracted from user s identity and key generation centers parameters. The most common cryptographic uses of SM9 are with digital signature, data encryption, key exchange protocol and key encapsulation mechanism etc. The application and management of SM9 will not require digital certificate, certificate base, and key base. The key length of the SM9 cipher algorithm is 256b. SM9 cryptographic algorithm was issued as the cryptography standard in 2015. This paper will summarize the design, algorithm, software and hardware implementation and cryptanalysis of SM9 cryptographic algorithm. We also give some concrete examples in appendix. Reference | Related Articles | Metrics

Select

Journal of Information Security Reserach    2022, 8 (6): 545-.   Abstract （402）      PDF （1253KB）（184）       Knowledge map    Save With the rapid development of automotive intelligence, onboard system changes the landscape of vehicle behavior automation. Various firmware and hardware devices can interact or exchange information with the onboard intelligent system. The Internet of vehicles carries the automatic control of software, ECU and hardware via the onboard intelligent system. Instate providing users with daytoday driving functionality, the onboard system been evolved and increase its complexity. There is no clear boundary between system security and functional safety. This paper gives an overview of the onboard intelligent system of the Internet of vehicles based on experimental modeling. It also emphasizes that under the scenario of the Internet of vehicles, the vulnerability and system failure of the intelligent vehicle system will directly affect the functional safety, which means it can threaten the safety of passengers. Therefore, the onboard system security of the Internet of vehicles becomes more and more important. This paper discusses the relationship between system security and functional safety in the Internet of vehicles based on an existing issue. In order to locate the actual system security in the Internet of vehicles, the existing defense indicates that the importance to find a balance point between vehicle performance and system security within the limited resource, this paper proposed a method about prereinforcement learning defense mechanism based on pseudo defense.Key words Internet of vehicles security; endogenous security; mimicry defense; reinforcement learning; information system security Related Articles | Metrics

Select

Journal of Information Security Reserach    2022, 8 (E2): 152-.   Abstract （204）      PDF （667KB）（118）       Knowledge map    Save Reference | Related Articles | Metrics

Select

Journal of Information Security Reserach    2023, 9 (3): 206-.   Abstract （735）      PDF （513KB）（460）       Knowledge map    Save Related Articles | Metrics

Select

A Federated Learning Privacy Protection Method for Multikey Homomorphic  Encryption in the Internet of Things Journal of Information Security Reserach    2024, 10 (10): 958-.   Abstract （506）      PDF （1704KB）（213）       Knowledge map    Save With federated learning, multiple distributed IoT devices can jointly train a global model by updating the transmission model without leaking raw data. However, federated learning systems are susceptible to model inference attacks, resulting in compromised system robustness and data privacy. A federated learning privacy protection method for multikey homomorphic encryption in the Internet of Things is proposed to address the issues of existing federated learning solutions being unable to protect the confidentiality of shared gradients and resisting collusion attacks initiated by clients and servers. This method utilizes multikey homomorphic encryption to achieve gradient update confidentiality protection. Firstly, by using proxy reencryption technology, the ciphertext under different public keys is converted into encrypted data under the public key, ensuring that the cloud server can decrypt the gradient ciphertext. Then, IoT devices use their own public key and random secret factor to encrypt local gradient data, which can resist collusion attacks initiated by malicious devices and servers. Secondly, an identity authentication method based on hybrid cryptography was designed to achieve realtime verification of the identities of participants in federated modeling. In addition, in order to further reduce client computing costs, some decryption calculations are coordinated with trusted servers for computation, and users only need a small amount of computation. A comprehensive analysis was conducted on the proposed solution to evaluate its safety and efficiency. The results indicate that the proposed scheme meets the expected security requirements. Experimental simulation shows that compared to existing schemes, this scheme has lower computational overhead and can achieve faster and more accurate model training. Reference | Related Articles | Metrics

Select

Efficient Dynamic Multikey Fully Homomorphic Encryption Scheme #br# from LWE#br# Journal of Information Security Reserach    2025, 11 (8): 768-.   Abstract （31）      PDF （4153KB）（5）       Knowledge map    Save The application of full homomorphic encryption in cloud computing effectively meets the user’s demand for “available but invisible” data over the cloud server. Aiming at the problems that the efficiency of multikey fully homomorphic encryption scheme needs to be optimized and the working mode applied to cloud computing is not reasonable, an efficient dynamic multikey fully homomorphic encryption scheme is proposed. On the one hand, the ciphertext extension algorithm of multikey homomorphic encryption scheme is optimized by introducing a pair of public keys and constructing new auxiliary ciphertexts. On the other hand, using a single user and the cloud server to complete the ciphertext extension operation, a new working mode of fully homomorphic encryption applied to cloud computing is proposed. Compared with the scheme of ICPADS meeting in 2023, our scheme reduces the computation overhead from O(n44) to O(n3k22), nk and noise expansion from O(m4γ) to O(mγ), making our scheme with smaller public parameters and more efficient. At the same time, the new working mode not only reduces the user’s high dependence on the server, but also reduces the computing overhead that the user needs to bear, and is more in line with the practical application. The scheme is proved to be INDCPA security and the difficulty can be reduced to the learning with error problem. Reference | Related Articles | Metrics

Select

Overview on SM4 Algorithm Journal of Information Security Research    2016, 2 (11): 995-1007.   Abstract （1574）      PDF （8653KB）（1089）       Knowledge map    Save SM4 Algorithm, short for SM4 Block Cipher Algorithm, was published in 2006 to promote the application of WAPI. It became a cryptography industrial standard (GMT 0002—2012) in March 2012 and a national standard (GBT 32907—2016) in August 2016. This paper describes SM4s calculating process, structural features and cryptographic properties. Furthermore, we introduce some latest researches on SM4s security and compare SM4s security with several international block cipher standards such as AES, HIGHT and MISTY1. Reference | Related Articles | Metrics

Select

AI Security—Research and Application on Adversarial Example Journal of Information Security Research    2019, 5 (11): 1000-1007.   Abstract （735）      PDF （3155KB）（825）       Knowledge map    Save With the rapid development of AI (artificial intelligence), the number of AI systems and applications grows explosively. AI has been closely linked to numerous people and brings great convenience to their life. Meanwhile, AI also leads to big challenges in the cyber security area. Some malicious fraudsters take advantage of AI to attack internet systems especially in the field of captcha generation. The antiknowledge map captcha based on the adversarial example technology is proposed, which fused the natural language processing technology and adversarial example generation technology, and thus increase the robustness to attacks and safeguard the security environment of internet. Reference | Related Articles | Metrics

Select

Thoughts on Several Issues of Commercial Cryptography Application and Innovation Development Journal of Information Security Research    2020, 6 (11): 0-0.   Abstract （950）      PDF （1311KB）（859）       Knowledge map    Save Being strictly and scientifically proven, cryptography is the fundamental technology of cyberspace security. A spiral development trend among cryptography, its serving objects and the technological development is presenting. With the rapid development of cyberspace technology and the inherent drive of cryptography attack and defense, the connotation and extension of cryptography have undergone major changes. Cryptography is not only the core technology of cyberspace security, but also the cornerstone of trust in the digital economy security..Faced with the severe situation of cyberspace security and the development trend of the digital economy, cryptography technology shall closely follow the applications to promote its innovation, cryptography industry shall be optimized to strengthen the cryptography supply, and cryptography evaluation shall be standardized to protect the cryptography application security. As a special strategic resource, cryptography cannot be bought from others, and it cannot be fully trusted even bought from others. It is of great significance to rely on independent innovation of our own cryptography. And the issues that discipline level of cryptography is set too deep, and high-end compound cryptography talents are of shortage shall be resolved as soon as possible. Related Articles | Metrics

Select

Adhere To The Self-reliance And Self-improvement Of IT Innovation System Technology, Build A Powerful Network Country And Digital China Journal of Information Security Research    2021, 7 (1): 2-03.   Abstract （383）      PDF （497KB）（474）       Knowledge map    Save Related Articles | Metrics

Select

5G Cyber Security Penetration Test Framework and Method Journal of Information Security Reserach    2021, 7 (9): 795-801.   Abstract （527）      PDF （3678KB）（389）       Knowledge map    Save 5G network construction is in full swing. The high rate, massive coverage, and extremely low latency of 5G networks make the Internet of Everything possible and bring new opportunities and challenges to network information and security.5G will create new prospects for industry transformation and business models. 5G will be further applied to various vertical industries, such as smart driving, smart grid, and smart healthcare.The 5G architecture is different from the previous 2G/3G/4G architecture and deploy MEC near base stations, which greatly  increases security risks. As 5G constructs Internet of Everything scenarios, it faces more risks such as malicious attacks and information theft. This paper analyzes the weaknesses of the 5G network architecture and studies the security penetration framework in 5G networks and proposes the penetration framework of terminal side, RAN side, bearer side, MEC side and core network side. Reference | Related Articles | Metrics

Select

Research and Design of Unified Platform for Vulnerability Management Journal of Information Security Reserach    2022, 8 (2): 190-.   Abstract （684）      PDF （1069KB）（543）       Knowledge map    Save With the development of the network technology, information security has been paid more and more attention. As one of the most frequently used attacking methods, security vulnerability has also been widely concerned. At present, Most of the organizations or enterprises rely on manual methods to manage vulnerabilities, and do not have unified tracking、 disposition、 display and analysis. These methods are not only inefficient, but also error-prone. A unified platform for vulnerability management was proposed, which allowed the automatic closed loop controlling of the life cycle of vulnerabilities. The platform integrated different vulnerability management capabilities into specific functional modules. General development languages and standards-based service interfaces were developed to allow integration of this platform with other infrastructure platform systems or network security tools. Practices show that, this platform can effectively improve the performance of the vulnerability management, and make vulnerability management to be centralized, streamlined and automated. Reference | Related Articles | Metrics