Most Download articles

    Published in last 1 year | In last 2 years| In last 3 years| All| Most Downloaded in Recent Month| Most Downloaded in Recent Year|

    Most Downloaded in Recent Month
    Please wait a minute...
    For Selected: Toggle Thumbnails
    Research on Privacy Protection Technology in Federated Learning
    Journal of Information Security Reserach    2024, 10 (3): 194-.  
    Abstract121)      PDF (1252KB)(148)       Save
    In federated learning, multiple models are trained through parameter coordination without sharing raw data. However,  the extensive parameter exchange in this process renders the model vulnerable to threats not only from external users but also from internal participants. Therefore, research on privacy protection techniques in federated learning is crucial. This paper introduces the current research status on privacy protection in federated learning. It classifies the security threats of federated learning into external attacks and internal attacks.Based on this classification,  it summarizes external attack techniques such as model inversion attacks, external reconstruction attacks, and external inference attacks, as well as internal attack techniques such as poisoning attacks, internal reconstruction attacks, and internal inference attacks. From the perspective of attack and defense correspondence, this paper summarizes data perturbation techniques such as central differential privacy, local differential privacy, and distributed differential privacy, as well as process encryption techniques such as homomorphic encryption, secret sharing, and trusted execution environment. Finally, the paper analyzes the difficulties of federated learning privacy protection technology and identifies the key directions for its improvement.
    Reference | Related Articles | Metrics
    A Network Intrusion Detection Model Integrating CNN-BiGRU and  Attention Mechanism
    Journal of Information Security Reserach    2024, 10 (3): 202-.  
    Abstract68)      PDF (2042KB)(95)       Save
    To enhance the feature extraction capabilities and classification accuracy of the network intrusion detection model, a network intrusion detection model integrating CNNBiGRU (Convolutional Neural NetworkBidirectional Gated Recurrent Unit) and attention mechanism is proposed. CNN is employed to effectively extract nonlinear features from traffic datasets,while BiGRU extracts timeseries features. The attention mechanism is then integrated to differentiate the importance of different types of traffic data through weighted means, thereby improvingthe overall performance of the model in feature extraction and classification. The experimental results indicate that the overall accuracy rate is 2.25% higher than that of the BiLSTM (Bidirectional Long ShortTerm Memory) model. Kfold crossvalidation results demonstrate that the proposed model's good generalization performance, avoiding the occurrence of overfitting phenomenon, and affirming its effectiveness and rationality.
    Reference | Related Articles | Metrics
    Malicious TLS Traffic Detection Based on Graph Representation#br#
    #br#
    Journal of Information Security Reserach    2024, 10 (3): 209-.  
    Abstract81)      PDF (1728KB)(70)       Save
    Owing to the need for privacy protection, encryption services online are becoming increasingly popular. However, this also provides an avenue for malicious traffic to hide itself. As a result, the identification of encrypted malicious traffic has become an important task for network management. Currently, some mainstream techniques based on machine learning and deep learning have achieved good results. However, most of these methods ignore the structure of traffic and do not provide indepth analysis of encryption protocols. To address this problem, this paper proposes a graph representation method for SSLTLS traffic, summarizes the key features of TLS traffic and considers traffic correlation from the perspective of multiple attributes such as source IP, destination port and packet count of the flow. Furthermore, this paper establishes a malicious traffic identification framework GCNRF based on graph convolutional neural network and random forest algorithm. This method transforms traffic into graph structure, integrates the structural information and node features of traffic for identification and classification. Experimental results on real public datasets show that the classification accuracy of this method is higher than that of current mainstream models.
    Reference | Related Articles | Metrics
    Research on Location Attack Detection of VANET Based on Incremental Learning
    Journal of Information Security Reserach    2024, 10 (3): 277-.  
    Abstract51)      PDF (1866KB)(63)       Save
    In recent years, deep learning has been widely employed in the detection of malicious position attacks on vehicles. However, deep learning models necessitate extensive training time and possess a large number of parameters. Detection methods based on deep learning lack scalability and cannot accommodate the needs of continuously generated new data in vehicular networks. To address these issues, this paper innovatively introduces incremental learning algorithms into the detection of malicious position attacks on vehicles to solve the above problems.This approach first extracts key features from the collected vehicle information data. Subsequently, a malicious position attack detection system is constructed, utilizing ridge regression to quickly approximate the vehicular network’s malicious position attack detection model. Finally, the incremental learning algorithm is applied to update and optimize the malicious position attack detection model to adapt to newly generated data in the vehicular network.Experimental results demonstrate that this method surpasses other methods such as SVM, KNN, and ANN in terms of performance. It can swiftly and progressively update and optimize the old model, thereby enhancing the system’s detection accuracy for malicious position attack behaviors.
    Reference | Related Articles | Metrics
    ChatGPT’s Applications, Status and Trends in the Field of Cyber Security
    Journal of Information Security Reserach    2023, 9 (6): 500-.  
    Abstract514)      PDF (2555KB)(461)       Save
    ChatGPT, as a large language model technology, demonstrates extremely strong language understanding and text generation capabilities. It has not only attracted tremendous attention across various industries but also brought new transformations to the field of cybersecurity. Currently, research on ChatGPT in the cybersecurity field is still in its infancy. To help researchers systematically understand the research status of ChatGPT in cybersecurity, this paper provides the first comprehensive summary of ChatGPT’s applications in the field of cybersecurity and potential accompanying security issues. The article first outlines the development of large language model technologies and briefly introduces the technology and features of ChatGPT. Then, it discusses the enabling effects of ChatGPT in the cybersecurity field from two perspectives: assisting attacks and assisting defense. This includes vulnerability discovery, exploitation and remediation, malicious software detection and identification, phishing email generation and detection, and potential use cases in security operations scenarios. Furthermore, the article delves into the accompanying risks of ChatGPT in the cybersecurity field, including content risks and prompt injection attacks, providing a detailed analysis and discussion of these risks. Finally, the paper looks into the future of ChatGPT in the cybersecurity field from the perspectives of security enablement and accompanying security, pointing out the direction for future research on ChatGPT in the cybersecurity domain.
    Reference | Related Articles | Metrics
    Survey of Research on Key Technologies of Internet Content Security
    Journal of Information Security Reserach    2024, 10 (3): 248-.  
    Abstract50)      PDF (1234KB)(61)       Save
    The rapid development of the Internet and easy content creation and sharing have made Internet content security a top priority for Internet construction and supervision. The dramatic increase of information content with text, image, audio, and video as carriers has brought great challenges to Internet content security. Internet content security is rich in connotation, and we focused on four key applications including multimedia content filtering, fake information detection, public opinion perception, and data protection. Then, we summarized key technologies and main research work adopted in those applications. Finally, we discussed and prospected key issues of Internet content security in future research.
    Reference | Related Articles | Metrics
    Malware Detection and Classification Based on GHM Visualization  and Deep Learning
    Journal of Information Security Reserach    2024, 10 (3): 216-.  
    Abstract34)      PDF (2289KB)(46)       Save
    Malware detection is becoming more and more challenging due to the increasing complexity and variability of malicious code. Most mutated or unknown malicious programs are formed by improving or obfuscating the logic of existing malicious codes, so it is becoming more and more important to discover malicious code families and determine their malicious behaviors. In this paper, we proposed a novel malware visualization method based on GHM (Gray, HOG, Markov) for data preprocessing. Unlike the traditional visualization methods, this method extracts more effective data features through HOG and Markov in the visualization process, and constructs a threechannel color image. In addition, a VLMal classification model based on CNN and LSTM is constructed to realize the malware detection and classification of visual images. Experimental results show that this method can effectively detect and classify malicious code with good accuracy and stability.
    Reference | Related Articles | Metrics
    Research on Zero Trust Access Control Model Based on Role and Attribute#br#
    #br#
    Journal of Information Security Reserach    2024, 10 (3): 241-.  
    Abstract33)      PDF (1562KB)(43)       Save
    In the face of many security threats in the network, the traditional access control model is increasingly exposed to the problems of poor dynamics of permission allocation, low sensitivity to new threats, and high complexity of resource allocation. This paper proposed a zero trust access control model based on role and attribute to address the above problems. The model used a logistic regression approach to trust assessment of access subjects to achieve access control with high sensitivity to access subject attribute, and adopted a new resource decision tree, which reduced the time complexity of resource permission assignment while achieving finergrained security for access control. Finally, verifying the model in this paper under typical application scenarios showed that the model was significantly better than the traditional access control model in terms of dynamic assignment of permissions.
    Reference | Related Articles | Metrics
    AI and Data Privacy Protection: The Way to Federated Learning
    Journal of Information Security Research    2019, 5 (11): 961-965.  
    Abstract604)      PDF (1395KB)(904)       Save
    With the tremendous advance in computing, algorithms and data volume, artificial intelligence ushered in the third development climax, and began to gain a foot hold in exploring various industries. However, as the emergence of “big data”, more “small data” or “poorquality data”, and “data silos” exist in industry applications. For example, in the information security realm, it is difficult for enterprises who provide security services such as content security auditing and intrusion detection based on artificial intelligence technology to exchange raw data due to the consideration of user privacy and trade secrets protection. The services between enterprises are independent, and the overall development of cooperation and technology is difficult to make a breakthrough in a short period of time. How to promote greater cooperation on the premise of protecting the privacy of organizations? Will there be any chance for technical means to solve the data privacy protection problems? Federated Learning is an effective way to solve this problem and achieve acrossenterprise collaborative governance.
    Reference | Related Articles | Metrics
    Research on Identity Authentication Technology Based on Block Chain and PKI
    Journal of Information Security Reserach    2024, 10 (2): 148-.  
    Abstract72)      PDF (1573KB)(106)       Save
    Public key infrastructure (PKI) is a secure system based on asymmetric cryptographic algorithm and digital certificate to realize identity authentication and encrypted communication, operating on the principle of  trust transmission based on trust anchor. However, this technology has the following problems: The CA center is unique and there is a single point of failure; The authentication process involves a large number of operations, such as certificate resolution, signature verification, and certificate chain verification. To solve the above problems, this paper builds an identity authentication model based on Changan Chain, and proposes an identity authentication scheme based on Changan Chain digital certificate and public key infrastructure. Theoretical analysis and experimental data demonstrate  that this scheme reduces certificate parsing, signature verification and other operations, simplifies the authentication process, and improves the authentication efficiency.
    Reference | Related Articles | Metrics
    A Survey of Zero Trust Research
    Journal of Information Security Research    2020, 6 (7): 608-614.  
    Abstract872)      PDF (2068KB)(1255)       Save
    With the popularization of cloud computing, mobile office and other technologies, the enterprise network structure becomes complex. The traditional network security model is based on the idea of boundary protection, which can not meet the current needs. Zero trust is a new network security model, where no distinction is made between internal and external networks and all entities need authentication and authorization before accessing resources, which can be used to protect the network whose perimeter is increasingly fuzzy. This paper gives the definition of zero trust, introduces the architecture of zero trust, analyzes the core technology of zero trust, compares and analyses several representative zero trust schemes, summarizes the development status, points out the research direction needing attention in this field, which can provide reference for the research and application of zero trust.
    Reference | Related Articles | Metrics
    Security Risks and Countermeasures to Artificial Intelligence#br#
    #br#
    Journal of Information Security Reserach    2024, 10 (2): 101-.  
    Abstract101)      PDF (469KB)(132)       Save
    Related Articles | Metrics
    Legislative Thinking of Artificial Intelligence Law in the Era of  Generative Artificial Intelligence
    Journal of Information Security Reserach    2024, 10 (2): 103-.  
    Abstract65)      PDF (874KB)(80)       Save
    With the technological advancements and widespread adoption of Generative Artificial Intelligence (GAI), the structure of human society has undergone fundamental changes.The development of artificial intelligence technology has brought new risks and challenges. The “Interim Measures for the Management of Generative Artificial Intelligence Services” represents China’s latest exploration achievement in the field of GAI. It emphasizes the dual importance of development and security, advocates for innovation and governance in accordance with the law, and serves as a reference and inspiration for the ongoing legislative process of the Artificial Intelligence Law. Specifically, the Artificial Intelligence Law should consider the adoption of promoting legislative model, reduce the use of normative references in the legislative content, clarify the legislative approach of classification and grading, enhance  international exchanges and cooperation in artificial intelligence, and promote the positive use of science and technology by establishing a more scientific and reasonable toplevel design scheme.
    Reference | Related Articles | Metrics
    The Path and Choice of Improving Legislation of Personal Information Right
    Journal of Information Security Reserach    2024, 10 (3): 263-.  
    Abstract31)      PDF (740KB)(31)       Save
    At present, information leakage has become a global problem, prompting many countries to enact legislation on safeguarding the right of personal information. Although the introduction of the Personal Information Protection Law of the People’s Republic of China has optimized the legislative protection of personal information right, the relevant normative documents are not effectively connected while the rank of some normative documents is unclear. Besides, the legislative protection of personal information right in special fields is not systematic, and some local legislatures lack legislative initiative, with loopholes in the supervision of public power. In contrast, the United States has accumulated much experience and lessons in the problems of personal information right protection. By conducting a comparative analysis, this paper identifies both the legislative advantages and disadvantages of the protection of the right to personal information in the United States. Subsequently, proposing some suggestions on the legislation of the personal information protection, aiming to improve the legislative protection of the right to personal information in China.

    Reference | Related Articles | Metrics
    Malicious Client Detection and Defense Method for Federated Learning
    Journal of Information Security Reserach    2024, 10 (2): 163-.  
    Abstract77)      PDF (806KB)(66)       Save
    Federated learning allows participating clients to collaborate in training machine learning models without sharing their private data. Since the central server cannot control the behavior of clients, malicious clients may corrupt the global model by sending manipulated local gradient updates, and there may also be unreliable clients with low data quality but some value. To address the above problems, this paper proposes FedMDD,a defense approach for malicious client detection and defense for federated learning, to process detected malicious and unreliable clients in different ways based on local gradient updates, while defending against symbol flipping, additive noise, single label flipping, multilabel flipping, and backdoor attacks. Four baseline algorithms are compared for two datasets, and the experimental results show that FedMDD can successfully defend against various types of attacks in a training environment containing 50% malicious clients and 10% unreliable clients, with better results in both improving model testing accuracy and reducing backdoor accuracy.
    Related Articles | Metrics
    Research on Data Classification and Grading Method Based on Data Security Law
    Journal of Information Security Reserach    2021, 7 (10): 933-.  
    Abstract887)      PDF (2157KB)(780)       Save
    The Data Security Law of the People's Republic of China (hereinafter referred to as the Data Security Law) has been formally promulgated, which clearly stipulates that the state establishes data classification and grading protection system, and implements classified and graded protection for data. However, at present, the relevant standards and specifications of data classification and grading in China are relatively lacking, and the practical experiences that can be used for reference in various industries are relatively insufficient. How to effectively implement the data classification and grading protection is still a thorny problem. Based on Article 21 of the Data Security Law, this paper analyzes the factors such as the influence object, influence breadth and influence depth after the data is damaged, puts forward the principles and methods of data classification and data grading, and gives an implementation path of data classification and grading according to the application scenarios and industry characteristics of the data, which provide a certain reference for data classification and grading protection of various industries.
    Reference | Related Articles | Metrics
    Insight on the Overall Planning of Digital Certificate Authentication System for the Internet of Vehicles
    Journal of Information Security Reserach    2024, 10 (2): 170-.  
    Abstract39)      PDF (1345KB)(52)       Save
    The Internet of Vehicles (IoV) represents an emerging industrial form by the deep integration of the newgeneration network communication technology and the fields of automobile, electronics, road transportation, etc. Through intelligent information exchange and sharing between vehicles, roads, people, and the cloud, it enables vehicles to possess advanced environmental perception capabilities, facilitating safe and efficient travel. At the same time, with the continuous improvement of vehicular networking and intelligence, the issue of information security within IoV becomes increasingly critical, which directly threatens the safety of individual life and property security, and even threatens public security. The construction of information security system is the basic guarantee for the development of the IoV, and the planning of the digital certificate authentication system for the IoV is the cornerstone to solve the problem of information security. This paper analyzes the status of development and existing problems of the digital certificate authentication system for the IoV, and proposes a root CA planning compatible with the Certificate Trusted List, which provides a reference for the security development of the IoV.
    Reference | Related Articles | Metrics
    Survey of Hash Functions
    Wang Xiaoyun1,2 and Yu Hongbo3
    Journal of Information Security Research    2015, 1 (1): 19-30.  
    Abstract1283)      PDF (11279KB)(3684)       Save
    One of the fundamental primitives in modern cryptography is the cryptographic hash functions, often informally called hash functions. They are used to compress messages of arbitrary length to fixed length hash values which are also called hash codes, message digests or digital fingerprints. A primary motivation for cryptographic hash functions is that they serve as compact representative images of input messages, which they can uniquely identify. Changing a single letter will change most of the digits in the hash code. The most common cryptographic uses of hash functions are with digital signature and for data integrity. Hash functions are frequently used in digital signature schemes to compress large messages for processing by public-key cryptosystems such as RSA. They are also used to design message authentication codes (MACs) and many secure cryptographic protocols. Hash functions occur as components in various cryptographic applications (e.g. protection of pass-phrases, protocols for payment, broadcast authentication etc.), where usually their property as a computational one-way function is used. So the study of the hash functions is of great significance in the cryptanalysis field.
    Related Articles | Metrics
    Research on the Security Architecture of Artificial Intelligence  Computing Infrastructure
    Journal of Information Security Reserach    2024, 10 (2): 109-.  
    Abstract60)      PDF (1146KB)(82)       Save
    The artificial intelligence computing infrastructure is a crucial foundation for the development of artificial intelligence. However, due to its diverse attributes, complex nodes, large number of users, and vulnerability of artificial intelligence itself, the construction and operation of artificial intelligence computing infrastructure face severe security challenges. This article analyzes the connotation and security development background of artificial intelligence computing infrastructure, proposes a security architecture for artificial intelligence computing infrastructure from three aspects: strengthening its own security, ensuring operational security, and facilitating security compliance. It puts forward development suggestions aiming to provide methodological ideas for the security construction of artificial intelligence computing infrastructure, offer a basis for selection and use of safe artificial intelligence computing infrastructure, and provide decisionmaking reference for the healthy and sustainable development of the artificial intelligence industry.
    Reference | Related Articles | Metrics
    Overview on SM9 Identity Based Cryptographic Algorithm
    Journal of Information Security Research    2016, 2 (11): 1008-1027.  
    Abstract2492)      PDF (13949KB)(5750)       Save
    SM9 identitybased cryptographic algorithm is an identitybased cryptosystem with bilinear pairings. In such a system the user s private key and public key may be extracted from user s identity and key generation centers parameters. The most common cryptographic uses of SM9 are with digital signature, data encryption, key exchange protocol and key encapsulation mechanism etc. The application and management of SM9 will not require digital certificate, certificate base, and key base. The key length of the SM9 cipher algorithm is 256b. SM9 cryptographic algorithm was issued as the cryptography standard in 2015. This paper will summarize the design, algorithm, software and hardware implementation and cryptanalysis of SM9 cryptographic algorithm. We also give some concrete examples in appendix.
    Reference | Related Articles | Metrics
    An Overview of Application and Technology of Artificial Intelligence in Cybersecurity
    Journal of Information Security Reserach    2022, 8 (2): 110-.  
    Abstract982)      PDF (1142KB)(742)       Save
    Compared with the developed countries, the basic research and technology application in the field of artificial intelligence in China started later, especially the application of artificial intelligence in the important field of network security. Domestic and abroad disparity is still very obvious, which seriously affects the improvement of China's cybersecurity capability. This paper elaborates the relationship between artificial intelligence, network attack and network defense, and widely investigates the application status of artificial intelligence in major information security companies at home and abroad. It points out that APT detection, 0day vulnerability mining and cloud security are three core areas that affect the level of cybersecurity capability, This paper deeply analyzes the key technologies of artificial intelligence technology applied in these three fields, and puts forward the safety risks of artificial intelligence technology, and points out that artificial intelligence technology is not a panacea for all diseases, This Paper provides a scientific reference for the further research and application of artificial intelligence technology in China's information security industry.
    Reference | Related Articles | Metrics
    Research on Data Circulation Legislative Process and the Evolution of Measures in European Union
    Journal of Information Security Reserach    2024, 10 (3): 256-.  
    Abstract21)      PDF (948KB)(23)       Save
    As data emerges as a critical element in the digital economy, the European Union(EU) has issued a series of acts to promote the circulation and transaction of data factor, taking a leading position in the world at the legislative level.Through a comprehensive examination of the EU’s legislative processes and initiatives concerning data factors,this study seeks to extract insights applicable to our country. The research reveals that the EU, while rigorously safeguarding data security, promotes the circulation and transaction of data factors within its jurisdiction by advancing the flow of nonpersonal data, encouraging the reuse of public data, dismantling barriers between public and private sectors,and establishing a public data space. Through the comparison of the three major directions of public data open utilization, data security protection, and data circulation transactions with the EU legislation, we posit  that China can  adopt the relevant measures of the EU to continue to maintain data security, promote the opening and utilization of public data, and improve property rights and benefits distribution mechanism, thereby promoting the circulation and transaction of data factors in China.

    Reference | Related Articles | Metrics
    A Comparative Research on Hash Function in Blockchain in Post Quantum Era#br#
    #br#
    Journal of Information Security Reserach    2024, 10 (3): 223-.  
    Abstract21)      PDF (1514KB)(23)       Save
    Hash functions play an important role as the cornerstone of security in blockchain systems, playing an irreplaceable role in building consensus mechanisms and protecting data integrity. However, with the accelerated development of quantum technology, the emergence of quantum computers will pose a serious security threat to classical hash functions. Based on the parallel characteristics of quantum computing, Grover’s algorithm can provide squared acceleration compared with the classical counterpart in searching for hash conflicts. Quantum algorithms represented by the Grover’s algorithm can effectively implement quantum computing attacks against classical hash functions, such as mining attacks and forgery attacks. This paper explains the original image collision resistance, weak collision resistance and strong collision resistance of hash functions, and analyzes the main forms of quantum computing attacks against classical hash functions: preimage collision attacks and second image collision attacks. This paper conducts a comparative study on hash functions in blockchain from the perspective of antiquantum security, and five typical hash functions are analyzed and compared from the aspects of construction, input, output, advantages and disadvantages, and proposes the advice for designing hash functions in blockchain. Overall, this paper provides useful references for the design of hash functions in blockchain in the postquantum era.
    Reference | Related Articles | Metrics
    Research and Thinking on the Technical Framework of Data Security  in the Field of Transportation
    Journal of Information Security Reserach    2022, 8 (11): 1092-.  
    Abstract190)      PDF (1237KB)(397)       Save
    In recent years, in the continuous advancement of the construction of “digital government”, the “data gap” and “data island” between government departments have been gradually broken. As the core resource of digital government, data is an important driving force for national development,and also the most valuable core asset. With the largescale aggregation, integration and sharing of various data resources, a series of data securityrelated problems have emerged. For example, due to the high concentration of data, data is more likely to become the target of attacks, and a large number of illegal operations by internal personnel lead to data tampering and greatly increase. In order to solve the problem of data security in the field of transportation, this paper makes an indepth analysis of the main challenges of data security in the field of transportation technology and transportation, and proposes to create an “overall technical architecture of data security management and control”, and focuses on thinking and discussing the full life cycle security of data and data security operation    in the field of transportation. Data security management is not within the scope of this paper.
    Reference | Related Articles | Metrics
    The Review of Information Hiding Technology Based on GAN Image Generation
    Journal of Information Security Research    2019, 5 (9): 771-777.  
    Abstract447)      PDF (630KB)(597)       Save
    The traditional steganography is facing more and more threats, and the steganographic analysis technology is gradually mature. To solve this problem, the Generative Adversarial Networks is introduced into the steganography, which can reduce the traces of carrier modification and improve the concealment of steganography. This paper introduces the basic structure of the Generative Adversarial Networks, summarizes, compares and classifies the research results of the steganography based on GAN image generation. According to the existing technical means, the shortcomings of the current Generative Adversarial Networks in the development of steganography are proposed, and the future research directions are prospected.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2023, 9 (E2): 4-.  
    Abstract39)      PDF (2945KB)(190)       Save
    Related Articles | Metrics
    Key Technologies and Research Prospects of Privacy Computing
    Journal of Information Security Reserach    2023, 9 (8): 714-.  
    Abstract261)      PDF (1814KB)(158)       Save
    Privacy computing, as an important technical means taking into account both data circulation and privacy protection, can effectively break the “data island” barriers while ensuring data security, it enables open data sharing, and promotes the deep mining and use of data and crossdomain integration. In this paper, the background knowledge, basic concepts and architecture of privacy computing were introduced, the basic concepts of three key technologies of privacy computing, including secure multiparty computation, federated learning and trusted execution environment were elaborated, and studies on the existing privacy security was conducted, a multidimensional comparison and summarization of the differences of the three key technologies were made. On this basis, the future research direction of privacy computing is prospected from the technical integration of privacy computing with blockchain, deep learning and knowledge graph.
    Reference | Related Articles | Metrics
    Journal of Information Security Research    2020, 6 (6): 566-572.  
    Abstract164)      PDF (1057KB)(228)       Save
    Reference | Related Articles | Metrics
    Security-Development Road of National E-Gov Network in the “Internet +” Era
    Zhou Min
    Journal of Information Security Research    2015, 1 (2): 98-104.  
    Abstract303)      PDF (2278KB)(1086)       Save
    Related Articles | Metrics
    Survey of Intelligent Vulnerability Mining and Cyberspace Threat Detection
    Journal of Information Security Reserach    2023, 9 (10): 932-.  
    Abstract91)      PDF (1093KB)(94)       Save
    At present, the threat of cyberspace is becoming more and more serious. A large number of studies have focused on cyberspace security defense techniques and systems. Vulnerability mining technique can be applied to detect and repair vulnerabilities in time before the occurrence of network attacks, reducing the risk of intrusion; while threat detection technique can be applied to threat detection during and after network attacks occur, which can detect threats in a timely manner and respond to them, reducing the harm and loss caused by intrusion. This paper analyzed and summarized the research on vulnerability mining and cyberspace threat detection based on intelligent methods. In the aspect of intelligent vulnerability mining, the current research progress is summarized from several application classifications combined with artificial intelligence technique, namely vulnerability patch identification, vulnerability prediction, code comparison and fuzz testing. In the aspect of cyberspace threat detection, the current research progress is summarized from the classification of information carriers involved in threat detection based on network traffic, host data, malicious files, and network threat intelligence.
    Reference | Related Articles | Metrics
    Generative Fake Speech Security Issue and Solution#br#
    #br#
    Journal of Information Security Reserach    2024, 10 (2): 122-.  
    Abstract63)      PDF (1170KB)(54)       Save
    The development of generative artificial intelligence algorithms has made the generation of fake speech increasingly natural and fluid, making it challening for human listeners  to distinguish the genuine and fake speech. This paper firstly analyzes a series of threats to society posed by the improper abuse of generative fake speech, including an increase in telecommunication fraud, a decline in the security of voiceoperated applications, judicial fairness of forensic identification, and deception to the public through the combination of falsified information across various domains. Subsequently, the paper summarizes and classifies the algorithms of fake speech generation and fake speech detection technology from the perspective of technology development. We explains the procedural aspects of the technologies and their key points, along with an analysis of the challenges encountered in the process of application. Finally, this paper outlines strategies to prevent and address these security issues from four aspects: technical application, institutional regulation, public education and international cooperation.
    Reference | Related Articles | Metrics
    Research on Malicious Location Attack Detection of VANET Based on  Federated Learning
    Journal of Information Security Reserach    2023, 9 (8): 754-.  
    Abstract101)      PDF (2613KB)(78)       Save
    Malicious behavior detection is an important part of the security needs of the Internet of vehicles. In the Internet of vehicles, malicious vehicles can achieve malicious location attack by forging false basic security information (BSM) information. At present, the traditional solution to the malicious location attack on the Internet of vehicles is to detect the malicious behavior of vehicles through machine learning or deep learning. These methods require data collecting, causing privacy problems. In order to solve this problems, this paper proposed a detection scheme of malicious location attacks on the Internet of vehicles based on Federated learning. The scheme does not need to collect user data, and the detection model uses local data and simulated data for local training, which ensures the privacy of vehicle users, reduces data transmission and saves bandwidth. The malicious location attack detection model based on Federated learning was trained and tested using the public VeReMi data set, and the performance of the data centric malicious location attack detection scheme was compared. Through comparison, the performance of malicious location attack detection based on Federated learning is similar to that of traditional data centric malicious location attack detection scheme, but the malicious location attack detection scheme based on Federated learning is better in data transmission and privacy protection.
    Reference | Related Articles | Metrics
    Promoting China’s Data Storage Eco System & Safeguarding  the Advancement of Digital China
    Journal of Information Security Reserach    2024, 10 (2): 98-.  
    Abstract63)      PDF (590KB)(78)       Save
    Related Articles | Metrics
    Research on Data Sharing Security Framework
    Journal of Information Security Research    2019, 5 (4): 309-317.  
    Abstract246)      PDF (1890KB)(588)       Save
    With the rapid development of big data technologies and applications, the need to promote data sharing across departments and industries has become very urgent. However, the impact of security issues is a key issue in the development of data sharing. Countries around the world are paying more and more attention to the security of data sharing. Many countries, including the United States, the European Union and China, have formulated laws and regulations related to data security to promote the legal use and security protection of data sharing. This paper summarizes and analyzes the security management and control of data sharing at home and abroad, designs the data sharing model and related party roles, and proposes a data sharing security framework based on analyzing the security risks and problems of data sharing. Finally, suggestions for strengthening the security governance of data sharing are given.
    Reference | Related Articles | Metrics
    Journal of Information Security Research    2016, 2 (11): 969-971.  
    Abstract335)      PDF (726KB)(952)       Save
    Related Articles | Metrics
    Journal of Information Security Reserach    2023, 9 (6): 498-.  
    Abstract253)      PDF (472KB)(294)       Save
    Related Articles | Metrics
    Research on Distributed Digital Identity Construction at Home and Abroad
    Journal of Information Security Reserach    2023, 9 (10): 993-.  
    Abstract47)      PDF (1461KB)(43)       Save
    Digital identity is the mapping of real identity of natural person in cyberspace. Traditional digital identities are centrally managed and controlled. With the improvement of people’s privacy protection awareness, these digital identities no longer meet the requirements. This paper first expounds the development status and trends of digital identity at home and abroad, analyzes the application requirements of digital identity, and illustrates the possibility of the development of our national digital identity construction to a decentralized model. Secondly, the technical and security aspects of decentralized identity are thoroughly examined based on the investigation and research of digital identity application scenarios in some nations. Among them, technical aspect focuses on the infrastructure and technical models for realizing decentralized digital identity, including Decentralized Identifiers (DIDs), Verifiable Credential (VC), and digital identity wallets, etc. and security aspect focuses on the verification, authentication, and federation process of digital identities in each case. Finally, this paper concludes by outlining the challenges facing the current digital identity construction in China, and offering suggestions for building a decentralized digital identity according with Chinese situation.
    Reference | Related Articles | Metrics
    A Review of Algorithmic Risk and Its Governance in China#br#
    #br#
    Journal of Information Security Reserach    2024, 10 (2): 114-.  
    Abstract57)      PDF (1781KB)(52)       Save
    In the era of digital intelligence, algorithms pervade every corner of human society. While algorithms drive the transformation towards digitization and intelligence, they also give rise to a series of issues, necessitating effective governance of increasing algorithmic risks. Firstly, algorithmic risks are categorized into four fields: law and justice, politics and governance, information dissemination and business and economy. Then the formation mechanisms of algorithmic risk are analyzed, encompassing algorithm black box, algorithm discrimination and power alienation. Finally, a governance strategy framework is proposed, consisting of three paths: technology regulation, power and responsibility normative, and ecological optimization. The research systematically presents the progress and development trend of algorithmic risk and its governance in China, providing reference for advancing the theoretical research and system construction inalgorithmic risk governance.
    Reference | Related Articles | Metrics
    Design and Practice of Open Government Data Platform Based on  Privacypreserving Computation
    Journal of Information Security Reserach    2023, 9 (12): 1203-.  
    Abstract56)      PDF (3388KB)(81)       Save
    As a new type of production factor, the value of data elements can be fully released only in full sharing and circulation. The scale and volume of government data in China are huge, with rich sources of types and huge development potential. Strengthening the aggregation, integration, sharing, and opening of government data is of great significance for promoting the development of the digital economy and accelerating the construction of digital China. At present, governments at all levels attach great importance to the open of government data, and the process of opening is gradually accelerating, but at the same time the problem of data security still exists. This paper attempts to analyze the current situation and problems in the process of opening government data, explores the solution of building an open government data platform based on Privacy Preserving Computation technology, and introduces relevant practical cases.
    Reference | Related Articles | Metrics
    To Create a Positive Cyberspace by Safeguarding Network Security with Active Immune Trusted Computing 3.0
    Journal of Information Security Research    2018, 4 (4): 282-302.  
    Abstract145)      PDF (2291KB)(612)       Save
    Related Articles | Metrics