Most Download articles

    Published in last 1 year | In last 2 years| In last 3 years| All| Most Downloaded in Recent Month| Most Downloaded in Recent Year|
    Most Downloaded in Recent Month
    Please wait a minute...
    For Selected: Toggle Thumbnails
    Research on Privacy Protection Technology in Federated Learning
    Journal of Information Security Reserach    2024, 10 (3): 194-.  
    Abstract144)      PDF (1252KB)(169)       Save
    In federated learning, multiple models are trained through parameter coordination without sharing raw data. However,  the extensive parameter exchange in this process renders the model vulnerable to threats not only from external users but also from internal participants. Therefore, research on privacy protection techniques in federated learning is crucial. This paper introduces the current research status on privacy protection in federated learning. It classifies the security threats of federated learning into external attacks and internal attacks.Based on this classification,  it summarizes external attack techniques such as model inversion attacks, external reconstruction attacks, and external inference attacks, as well as internal attack techniques such as poisoning attacks, internal reconstruction attacks, and internal inference attacks. From the perspective of attack and defense correspondence, this paper summarizes data perturbation techniques such as central differential privacy, local differential privacy, and distributed differential privacy, as well as process encryption techniques such as homomorphic encryption, secret sharing, and trusted execution environment. Finally, the paper analyzes the difficulties of federated learning privacy protection technology and identifies the key directions for its improvement.
    Reference | Related Articles | Metrics
    A Network Intrusion Detection Model Integrating CNN-BiGRU and  Attention Mechanism
    Journal of Information Security Reserach    2024, 10 (3): 202-.  
    Abstract76)      PDF (2042KB)(103)       Save
    To enhance the feature extraction capabilities and classification accuracy of the network intrusion detection model, a network intrusion detection model integrating CNNBiGRU (Convolutional Neural NetworkBidirectional Gated Recurrent Unit) and attention mechanism is proposed. CNN is employed to effectively extract nonlinear features from traffic datasets,while BiGRU extracts timeseries features. The attention mechanism is then integrated to differentiate the importance of different types of traffic data through weighted means, thereby improvingthe overall performance of the model in feature extraction and classification. The experimental results indicate that the overall accuracy rate is 2.25% higher than that of the BiLSTM (Bidirectional Long ShortTerm Memory) model. Kfold crossvalidation results demonstrate that the proposed model's good generalization performance, avoiding the occurrence of overfitting phenomenon, and affirming its effectiveness and rationality.
    Reference | Related Articles | Metrics
    Survey of Research on Key Technologies of Internet Content Security
    Journal of Information Security Reserach    2024, 10 (3): 248-.  
    Abstract54)      PDF (1234KB)(70)       Save
    The rapid development of the Internet and easy content creation and sharing have made Internet content security a top priority for Internet construction and supervision. The dramatic increase of information content with text, image, audio, and video as carriers has brought great challenges to Internet content security. Internet content security is rich in connotation, and we focused on four key applications including multimedia content filtering, fake information detection, public opinion perception, and data protection. Then, we summarized key technologies and main research work adopted in those applications. Finally, we discussed and prospected key issues of Internet content security in future research.
    Reference | Related Articles | Metrics
    Malicious TLS Traffic Detection Based on Graph Representation#br#
    #br#
    Journal of Information Security Reserach    2024, 10 (3): 209-.  
    Abstract84)      PDF (1728KB)(82)       Save
    Owing to the need for privacy protection, encryption services online are becoming increasingly popular. However, this also provides an avenue for malicious traffic to hide itself. As a result, the identification of encrypted malicious traffic has become an important task for network management. Currently, some mainstream techniques based on machine learning and deep learning have achieved good results. However, most of these methods ignore the structure of traffic and do not provide indepth analysis of encryption protocols. To address this problem, this paper proposes a graph representation method for SSLTLS traffic, summarizes the key features of TLS traffic and considers traffic correlation from the perspective of multiple attributes such as source IP, destination port and packet count of the flow. Furthermore, this paper establishes a malicious traffic identification framework GCNRF based on graph convolutional neural network and random forest algorithm. This method transforms traffic into graph structure, integrates the structural information and node features of traffic for identification and classification. Experimental results on real public datasets show that the classification accuracy of this method is higher than that of current mainstream models.
    Reference | Related Articles | Metrics
    ChatGPT’s Applications, Status and Trends in the Field of Cyber Security
    Journal of Information Security Reserach    2023, 9 (6): 500-.  
    Abstract528)      PDF (2555KB)(467)       Save
    ChatGPT, as a large language model technology, demonstrates extremely strong language understanding and text generation capabilities. It has not only attracted tremendous attention across various industries but also brought new transformations to the field of cybersecurity. Currently, research on ChatGPT in the cybersecurity field is still in its infancy. To help researchers systematically understand the research status of ChatGPT in cybersecurity, this paper provides the first comprehensive summary of ChatGPT’s applications in the field of cybersecurity and potential accompanying security issues. The article first outlines the development of large language model technologies and briefly introduces the technology and features of ChatGPT. Then, it discusses the enabling effects of ChatGPT in the cybersecurity field from two perspectives: assisting attacks and assisting defense. This includes vulnerability discovery, exploitation and remediation, malicious software detection and identification, phishing email generation and detection, and potential use cases in security operations scenarios. Furthermore, the article delves into the accompanying risks of ChatGPT in the cybersecurity field, including content risks and prompt injection attacks, providing a detailed analysis and discussion of these risks. Finally, the paper looks into the future of ChatGPT in the cybersecurity field from the perspectives of security enablement and accompanying security, pointing out the direction for future research on ChatGPT in the cybersecurity domain.
    Reference | Related Articles | Metrics
    A Survey of Zero Trust Research
    Journal of Information Security Research    2020, 6 (7): 608-614.  
    Abstract878)      PDF (2068KB)(1265)       Save
    With the popularization of cloud computing, mobile office and other technologies, the enterprise network structure becomes complex. The traditional network security model is based on the idea of boundary protection, which can not meet the current needs. Zero trust is a new network security model, where no distinction is made between internal and external networks and all entities need authentication and authorization before accessing resources, which can be used to protect the network whose perimeter is increasingly fuzzy. This paper gives the definition of zero trust, introduces the architecture of zero trust, analyzes the core technology of zero trust, compares and analyses several representative zero trust schemes, summarizes the development status, points out the research direction needing attention in this field, which can provide reference for the research and application of zero trust.
    Reference | Related Articles | Metrics
    Research on Zero Trust Access Control Model Based on Role and Attribute#br#
    #br#
    Journal of Information Security Reserach    2024, 10 (3): 241-.  
    Abstract35)      PDF (1562KB)(44)       Save
    In the face of many security threats in the network, the traditional access control model is increasingly exposed to the problems of poor dynamics of permission allocation, low sensitivity to new threats, and high complexity of resource allocation. This paper proposed a zero trust access control model based on role and attribute to address the above problems. The model used a logistic regression approach to trust assessment of access subjects to achieve access control with high sensitivity to access subject attribute, and adopted a new resource decision tree, which reduced the time complexity of resource permission assignment while achieving finergrained security for access control. Finally, verifying the model in this paper under typical application scenarios showed that the model was significantly better than the traditional access control model in terms of dynamic assignment of permissions.
    Reference | Related Articles | Metrics
    Research on Location Attack Detection of VANET Based on Incremental Learning
    Journal of Information Security Reserach    2024, 10 (3): 277-.  
    Abstract57)      PDF (1866KB)(68)       Save
    In recent years, deep learning has been widely employed in the detection of malicious position attacks on vehicles. However, deep learning models necessitate extensive training time and possess a large number of parameters. Detection methods based on deep learning lack scalability and cannot accommodate the needs of continuously generated new data in vehicular networks. To address these issues, this paper innovatively introduces incremental learning algorithms into the detection of malicious position attacks on vehicles to solve the above problems.This approach first extracts key features from the collected vehicle information data. Subsequently, a malicious position attack detection system is constructed, utilizing ridge regression to quickly approximate the vehicular network’s malicious position attack detection model. Finally, the incremental learning algorithm is applied to update and optimize the malicious position attack detection model to adapt to newly generated data in the vehicular network.Experimental results demonstrate that this method surpasses other methods such as SVM, KNN, and ANN in terms of performance. It can swiftly and progressively update and optimize the old model, thereby enhancing the system’s detection accuracy for malicious position attack behaviors.
    Reference | Related Articles | Metrics
    Malware Detection and Classification Based on GHM Visualization  and Deep Learning
    Journal of Information Security Reserach    2024, 10 (3): 216-.  
    Abstract37)      PDF (2289KB)(47)       Save
    Malware detection is becoming more and more challenging due to the increasing complexity and variability of malicious code. Most mutated or unknown malicious programs are formed by improving or obfuscating the logic of existing malicious codes, so it is becoming more and more important to discover malicious code families and determine their malicious behaviors. In this paper, we proposed a novel malware visualization method based on GHM (Gray, HOG, Markov) for data preprocessing. Unlike the traditional visualization methods, this method extracts more effective data features through HOG and Markov in the visualization process, and constructs a threechannel color image. In addition, a VLMal classification model based on CNN and LSTM is constructed to realize the malware detection and classification of visual images. Experimental results show that this method can effectively detect and classify malicious code with good accuracy and stability.
    Reference | Related Articles | Metrics
    Research on Identity Authentication Technology Based on Block Chain and PKI
    Journal of Information Security Reserach    2024, 10 (2): 148-.  
    Abstract75)      PDF (1573KB)(118)       Save
    Public key infrastructure (PKI) is a secure system based on asymmetric cryptographic algorithm and digital certificate to realize identity authentication and encrypted communication, operating on the principle of  trust transmission based on trust anchor. However, this technology has the following problems: The CA center is unique and there is a single point of failure; The authentication process involves a large number of operations, such as certificate resolution, signature verification, and certificate chain verification. To solve the above problems, this paper builds an identity authentication model based on Changan Chain, and proposes an identity authentication scheme based on Changan Chain digital certificate and public key infrastructure. Theoretical analysis and experimental data demonstrate  that this scheme reduces certificate parsing, signature verification and other operations, simplifies the authentication process, and improves the authentication efficiency.
    Reference | Related Articles | Metrics
    Research on Data Classification and Grading Method Based on Data Security Law
    Journal of Information Security Reserach    2021, 7 (10): 933-.  
    Abstract894)      PDF (2157KB)(783)       Save
    The Data Security Law of the People's Republic of China (hereinafter referred to as the Data Security Law) has been formally promulgated, which clearly stipulates that the state establishes data classification and grading protection system, and implements classified and graded protection for data. However, at present, the relevant standards and specifications of data classification and grading in China are relatively lacking, and the practical experiences that can be used for reference in various industries are relatively insufficient. How to effectively implement the data classification and grading protection is still a thorny problem. Based on Article 21 of the Data Security Law, this paper analyzes the factors such as the influence object, influence breadth and influence depth after the data is damaged, puts forward the principles and methods of data classification and data grading, and gives an implementation path of data classification and grading according to the application scenarios and industry characteristics of the data, which provide a certain reference for data classification and grading protection of various industries.
    Reference | Related Articles | Metrics
    The Path and Choice of Improving Legislation of Personal Information Right
    Journal of Information Security Reserach    2024, 10 (3): 263-.  
    Abstract35)      PDF (740KB)(35)       Save
    At present, information leakage has become a global problem, prompting many countries to enact legislation on safeguarding the right of personal information. Although the introduction of the Personal Information Protection Law of the People’s Republic of China has optimized the legislative protection of personal information right, the relevant normative documents are not effectively connected while the rank of some normative documents is unclear. Besides, the legislative protection of personal information right in special fields is not systematic, and some local legislatures lack legislative initiative, with loopholes in the supervision of public power. In contrast, the United States has accumulated much experience and lessons in the problems of personal information right protection. By conducting a comparative analysis, this paper identifies both the legislative advantages and disadvantages of the protection of the right to personal information in the United States. Subsequently, proposing some suggestions on the legislation of the personal information protection, aiming to improve the legislative protection of the right to personal information in China.

    Reference | Related Articles | Metrics
    Legislative Thinking of Artificial Intelligence Law in the Era of  Generative Artificial Intelligence
    Journal of Information Security Reserach    2024, 10 (2): 103-.  
    Abstract70)      PDF (874KB)(88)       Save
    With the technological advancements and widespread adoption of Generative Artificial Intelligence (GAI), the structure of human society has undergone fundamental changes.The development of artificial intelligence technology has brought new risks and challenges. The “Interim Measures for the Management of Generative Artificial Intelligence Services” represents China’s latest exploration achievement in the field of GAI. It emphasizes the dual importance of development and security, advocates for innovation and governance in accordance with the law, and serves as a reference and inspiration for the ongoing legislative process of the Artificial Intelligence Law. Specifically, the Artificial Intelligence Law should consider the adoption of promoting legislative model, reduce the use of normative references in the legislative content, clarify the legislative approach of classification and grading, enhance  international exchanges and cooperation in artificial intelligence, and promote the positive use of science and technology by establishing a more scientific and reasonable toplevel design scheme.
    Reference | Related Articles | Metrics
    Journal of Information Security Research    2016, 2 (11): 969-971.  
    Abstract335)      PDF (726KB)(965)       Save
    Related Articles | Metrics
    A Comparative Research on Hash Function in Blockchain in Post Quantum Era#br#
    #br#
    Journal of Information Security Reserach    2024, 10 (3): 223-.  
    Abstract25)      PDF (1514KB)(30)       Save
    Hash functions play an important role as the cornerstone of security in blockchain systems, playing an irreplaceable role in building consensus mechanisms and protecting data integrity. However, with the accelerated development of quantum technology, the emergence of quantum computers will pose a serious security threat to classical hash functions. Based on the parallel characteristics of quantum computing, Grover’s algorithm can provide squared acceleration compared with the classical counterpart in searching for hash conflicts. Quantum algorithms represented by the Grover’s algorithm can effectively implement quantum computing attacks against classical hash functions, such as mining attacks and forgery attacks. This paper explains the original image collision resistance, weak collision resistance and strong collision resistance of hash functions, and analyzes the main forms of quantum computing attacks against classical hash functions: preimage collision attacks and second image collision attacks. This paper conducts a comparative study on hash functions in blockchain from the perspective of antiquantum security, and five typical hash functions are analyzed and compared from the aspects of construction, input, output, advantages and disadvantages, and proposes the advice for designing hash functions in blockchain. Overall, this paper provides useful references for the design of hash functions in blockchain in the postquantum era.
    Reference | Related Articles | Metrics
    Security Risks and Countermeasures to Artificial Intelligence#br#
    #br#
    Journal of Information Security Reserach    2024, 10 (2): 101-.  
    Abstract104)      PDF (469KB)(139)       Save
    Related Articles | Metrics
    Overview on SM9 Identity Based Cryptographic Algorithm
    Journal of Information Security Research    2016, 2 (11): 1008-1027.  
    Abstract2499)      PDF (13949KB)(5757)       Save
    SM9 identitybased cryptographic algorithm is an identitybased cryptosystem with bilinear pairings. In such a system the user s private key and public key may be extracted from user s identity and key generation centers parameters. The most common cryptographic uses of SM9 are with digital signature, data encryption, key exchange protocol and key encapsulation mechanism etc. The application and management of SM9 will not require digital certificate, certificate base, and key base. The key length of the SM9 cipher algorithm is 256b. SM9 cryptographic algorithm was issued as the cryptography standard in 2015. This paper will summarize the design, algorithm, software and hardware implementation and cryptanalysis of SM9 cryptographic algorithm. We also give some concrete examples in appendix.
    Reference | Related Articles | Metrics
    AI and Data Privacy Protection: The Way to Federated Learning
    Journal of Information Security Research    2019, 5 (11): 961-965.  
    Abstract605)      PDF (1395KB)(904)       Save
    With the tremendous advance in computing, algorithms and data volume, artificial intelligence ushered in the third development climax, and began to gain a foot hold in exploring various industries. However, as the emergence of “big data”, more “small data” or “poorquality data”, and “data silos” exist in industry applications. For example, in the information security realm, it is difficult for enterprises who provide security services such as content security auditing and intrusion detection based on artificial intelligence technology to exchange raw data due to the consideration of user privacy and trade secrets protection. The services between enterprises are independent, and the overall development of cooperation and technology is difficult to make a breakthrough in a short period of time. How to promote greater cooperation on the premise of protecting the privacy of organizations? Will there be any chance for technical means to solve the data privacy protection problems? Federated Learning is an effective way to solve this problem and achieve acrossenterprise collaborative governance.
    Reference | Related Articles | Metrics
    Research and Thinking on the Technical Framework of Data Security  in the Field of Transportation
    Journal of Information Security Reserach    2022, 8 (11): 1092-.  
    Abstract192)      PDF (1237KB)(398)       Save
    In recent years, in the continuous advancement of the construction of “digital government”, the “data gap” and “data island” between government departments have been gradually broken. As the core resource of digital government, data is an important driving force for national development,and also the most valuable core asset. With the largescale aggregation, integration and sharing of various data resources, a series of data securityrelated problems have emerged. For example, due to the high concentration of data, data is more likely to become the target of attacks, and a large number of illegal operations by internal personnel lead to data tampering and greatly increase. In order to solve the problem of data security in the field of transportation, this paper makes an indepth analysis of the main challenges of data security in the field of transportation technology and transportation, and proposes to create an “overall technical architecture of data security management and control”, and focuses on thinking and discussing the full life cycle security of data and data security operation    in the field of transportation. Data security management is not within the scope of this paper.
    Reference | Related Articles | Metrics
    Building Cyber Security Defense by Trusted Computing 3.0
    Journal of Information Security Research    2017, 3 (4): 290-298.  
    Abstract278)      PDF (1075KB)(1304)       Save
    Related Articles | Metrics
    Journal of Information Security Reserach    2023, 9 (E2): 4-.  
    Abstract39)      PDF (2945KB)(192)       Save
    Related Articles | Metrics
    An Overview of Application and Technology of Artificial Intelligence in Cybersecurity
    Journal of Information Security Reserach    2022, 8 (2): 110-.  
    Abstract983)      PDF (1142KB)(744)       Save
    Compared with the developed countries, the basic research and technology application in the field of artificial intelligence in China started later, especially the application of artificial intelligence in the important field of network security. Domestic and abroad disparity is still very obvious, which seriously affects the improvement of China's cybersecurity capability. This paper elaborates the relationship between artificial intelligence, network attack and network defense, and widely investigates the application status of artificial intelligence in major information security companies at home and abroad. It points out that APT detection, 0day vulnerability mining and cloud security are three core areas that affect the level of cybersecurity capability, This paper deeply analyzes the key technologies of artificial intelligence technology applied in these three fields, and puts forward the safety risks of artificial intelligence technology, and points out that artificial intelligence technology is not a panacea for all diseases, This Paper provides a scientific reference for the further research and application of artificial intelligence technology in China's information security industry.
    Reference | Related Articles | Metrics
    Research on Data Circulation Legislative Process and the Evolution of Measures in European Union
    Journal of Information Security Reserach    2024, 10 (3): 256-.  
    Abstract25)      PDF (948KB)(24)       Save
    As data emerges as a critical element in the digital economy, the European Union(EU) has issued a series of acts to promote the circulation and transaction of data factor, taking a leading position in the world at the legislative level.Through a comprehensive examination of the EU’s legislative processes and initiatives concerning data factors,this study seeks to extract insights applicable to our country. The research reveals that the EU, while rigorously safeguarding data security, promotes the circulation and transaction of data factors within its jurisdiction by advancing the flow of nonpersonal data, encouraging the reuse of public data, dismantling barriers between public and private sectors,and establishing a public data space. Through the comparison of the three major directions of public data open utilization, data security protection, and data circulation transactions with the EU legislation, we posit  that China can  adopt the relevant measures of the EU to continue to maintain data security, promote the opening and utilization of public data, and improve property rights and benefits distribution mechanism, thereby promoting the circulation and transaction of data factors in China.

    Reference | Related Articles | Metrics
    Malicious Client Detection and Defense Method for Federated Learning
    Journal of Information Security Reserach    2024, 10 (2): 163-.  
    Abstract77)      PDF (806KB)(67)       Save
    Federated learning allows participating clients to collaborate in training machine learning models without sharing their private data. Since the central server cannot control the behavior of clients, malicious clients may corrupt the global model by sending manipulated local gradient updates, and there may also be unreliable clients with low data quality but some value. To address the above problems, this paper proposes FedMDD,a defense approach for malicious client detection and defense for federated learning, to process detected malicious and unreliable clients in different ways based on local gradient updates, while defending against symbol flipping, additive noise, single label flipping, multilabel flipping, and backdoor attacks. Four baseline algorithms are compared for two datasets, and the experimental results show that FedMDD can successfully defend against various types of attacks in a training environment containing 50% malicious clients and 10% unreliable clients, with better results in both improving model testing accuracy and reducing backdoor accuracy.
    Related Articles | Metrics
    Security-Development Road of National E-Gov Network in the “Internet +” Era
    Zhou Min
    Journal of Information Security Research    2015, 1 (2): 98-104.  
    Abstract303)      PDF (2278KB)(1090)       Save
    Related Articles | Metrics
    Research on Data Sharing Security Framework
    Journal of Information Security Research    2019, 5 (4): 309-317.  
    Abstract247)      PDF (1890KB)(590)       Save
    With the rapid development of big data technologies and applications, the need to promote data sharing across departments and industries has become very urgent. However, the impact of security issues is a key issue in the development of data sharing. Countries around the world are paying more and more attention to the security of data sharing. Many countries, including the United States, the European Union and China, have formulated laws and regulations related to data security to promote the legal use and security protection of data sharing. This paper summarizes and analyzes the security management and control of data sharing at home and abroad, designs the data sharing model and related party roles, and proposes a data sharing security framework based on analyzing the security risks and problems of data sharing. Finally, suggestions for strengthening the security governance of data sharing are given.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2023, 9 (E1): 105-.  
    Abstract336)      PDF (1450KB)(166)       Save
    Reference | Related Articles | Metrics
    Generative Fake Speech Security Issue and Solution#br#
    #br#
    Journal of Information Security Reserach    2024, 10 (2): 122-.  
    Abstract63)      PDF (1170KB)(55)       Save
    The development of generative artificial intelligence algorithms has made the generation of fake speech increasingly natural and fluid, making it challening for human listeners  to distinguish the genuine and fake speech. This paper firstly analyzes a series of threats to society posed by the improper abuse of generative fake speech, including an increase in telecommunication fraud, a decline in the security of voiceoperated applications, judicial fairness of forensic identification, and deception to the public through the combination of falsified information across various domains. Subsequently, the paper summarizes and classifies the algorithms of fake speech generation and fake speech detection technology from the perspective of technology development. We explains the procedural aspects of the technologies and their key points, along with an analysis of the challenges encountered in the process of application. Finally, this paper outlines strategies to prevent and address these security issues from four aspects: technical application, institutional regulation, public education and international cooperation.
    Reference | Related Articles | Metrics
    Meiya Pico,Innovation to Enhance the Core Technology of Cybersecurity
    Journal of Information Security Research    2017, 3 (9): 770-780.  
    Abstract325)      PDF (1952KB)(450)       Save
    Related Articles | Metrics
    Beijing Gas Group Industrial Internet Security Operation Platform Construction and Practice
    Journal of Information Security Research    2019, 5 (8): 734-739.  
    Abstract151)      PDF (2386KB)(377)       Save
    With the promotion and implementation of “Made in China 2025”, the deep integration of the two modernizations, cloud computing, big data, mobile computing, Internet of Things, artificial intelligence and other advanced technologies have been widely used, IT and OT are also integrated, production data and business data are gradually interconnected, and Industrial Internet scenario is gradual extended, “Smart Pipeline Network” and “Smart Gas” have been gradually realized, effectively improving the operational efficiency of Beijing Gas. But at the same time, Beijing Gas Group is also facing the deterioration of the cybersecurity environment, the increasing pressure of cybersecurity supervision, the increasing workload of security operation, and the difficulty of matching security resources. Therefore, Beijing Gas Group combs the construction ideas of Industrial Internet security operation center in an all-round way . On the premise of security governance, risk control and safety compliance, through the planning and construction of Industrial Internet security operation center, and based on large data analysis technology, various security protection, monitoring and response tools are integrated to form an Industrial Internet security operation platform. This platform covering the whole value chain of Beijing Gas Group from production operation to operation and management. It effectively supports the Cyber security management of Beijing Gas Group.
    Reference | Related Articles | Metrics
    Brand-New AI Firewall Empowered by Intelligent Technologe
    Journal of Information Security Reserach    2021, 7 (E1): 122-.  
    Abstract110)      PDF (1428KB)(96)       Save
    Huawei HiSecEngine USG6000E series AI firewalls remove the defense bottlenecks of traditional firewalls by employing intelligent technologies. Powered by an intelligent threat detection engine, the AI firewalls can detect unknown threats effectively with an accuracy above 99%. Also, with the use of intelligent technologies, the firewalls support 12000+ IPS vulnerability signatures. Additionally, the builtin intelligent scanner can help detect unknown malicious files, delivering a detection rate of up to 97%.Key wordsAI firewall (AIFW); intelligent defense; unknown threats; encrypted; contentbased detection engine
    Related Articles | Metrics
    Research on Situational Awareness of 5G Joint Construction and Shared Network Visualization Security
    Journal of Information Security Reserach    2024, 10 (3): 277-.  
    Abstract0)      PDF (1645KB)(18)       Save
    In the 5G coconstruction and sharing networks, the massive security logs and alarm audits have resulted in a lack of analysis of security data, and the disposal of security incidents is inefficient. In the face of many pain points such as lacking of threat perception ability and difficulty in security management, we propose a visualizing security situation awareness model and visualization solutions in 5G coconstruction and sharing networks. The comprehensive security situation awareness of the attack detection in the five fields of air port, operation and maintenance, system, transmission and configuration verification was tested and verified. Conduct correlation analysis of security incidents, identify crossdomain attack chain, discover the core intentions of attackers, to assist customers with achieving  active, dynamic, measurable ,visual 5G coconstruction and sharing network security, stable operation and the rapid development of the security industry.

    Reference | Related Articles | Metrics
    Research on the Application Authority of Face Recognition Technology Based on the Scene Congruence Theory
    Journal of Information Security Reserach    2024, 10 (3): 284-.  
    Abstract23)      PDF (2275KB)(19)       Save
    As a biological identification technology, face recognition provides efficiency for various fields of society. However, in the existing legal regulation, there are still ambiguities in the legal regulation for the user authority of face recognition technology. On the basis of determining the nature of the right of face information, combining with the scene consistency theory, this paper determined the scope of use and right restrictions of face recognition technology in scenes such as public authority scene and profitmaking scene, constructed a personal protection system for the realistic use of artificial intelligence that integrates prevention beforehand and examination and punishment afterwards.
    Reference | Related Articles | Metrics
    To Create a Positive Cyberspace by Safeguarding Network Security with Active Immune Trusted Computing 3.0
    Journal of Information Security Research    2018, 4 (4): 282-302.  
    Abstract145)      PDF (2291KB)(613)       Save
    Related Articles | Metrics
    Journal of Information Security Reserach    2023, 9 (6): 498-.  
    Abstract253)      PDF (472KB)(294)       Save
    Related Articles | Metrics
    The Status and Trends of Confidential Computing
    Journal of Information Security Reserach    2024, 10 (1): 2-.  
    Abstract101)      PDF (1466KB)(133)       Save
    Related Articles | Metrics
    Practical Dilemmas and Response Paths for Personal Information Protection Policy of APPs
    Journal of Information Security Reserach    2024, 10 (2): 177-.  
    Abstract37)      PDF (983KB)(33)       Save
    In the digital age, mobile information technology is advancing rapidly and mobile applications have become an indispensable aspect of people’s professional and personal lives. In order to safeguard users’ personal information, the government mandates that mobile application companies should establish privacy policies. Nevertheless, due to various reasons, these policies have not fulfilled their intended functionality. This paper explores  the essence and characteristic of APP privacy policies, analyzing the challenges associated with acquiring user approval, processing the thirdparty SDK information collection, and anonymization technology. Additionally, by examining the practice of protecting personal information in Europe and America, we can pinpoint a course for combining public and private legal protection of personal information. To address the challenges present  in APP privacy policies, China ought to focus on cultivating corporate selfregulation, augmenting private remedies, and enhancing public law enforcement.
    Reference | Related Articles | Metrics
    A Review of Algorithmic Risk and Its Governance in China#br#
    #br#
    Journal of Information Security Reserach    2024, 10 (2): 114-.  
    Abstract58)      PDF (1781KB)(54)       Save
    In the era of digital intelligence, algorithms pervade every corner of human society. While algorithms drive the transformation towards digitization and intelligence, they also give rise to a series of issues, necessitating effective governance of increasing algorithmic risks. Firstly, algorithmic risks are categorized into four fields: law and justice, politics and governance, information dissemination and business and economy. Then the formation mechanisms of algorithmic risk are analyzed, encompassing algorithm black box, algorithm discrimination and power alienation. Finally, a governance strategy framework is proposed, consisting of three paths: technology regulation, power and responsibility normative, and ecological optimization. The research systematically presents the progress and development trend of algorithmic risk and its governance in China, providing reference for advancing the theoretical research and system construction inalgorithmic risk governance.
    Reference | Related Articles | Metrics
    A Survey of Deep Face Forgery Detection
    Journal of Information Security Reserach    2022, 8 (3): 241-.  
    Abstract473)      PDF (2995KB)(367)       Save
    Video media has developed rapidly with the popularity of the mobile Internet in recent years. At the same time, face forgery technology has also made great progress with the development of computer vision. Face forgery technology can be adopted to make interesting short video applications, but due to characteristics such as high fidelity, easy and quick generation, its malicious use poses a great threat to social stability and information security. Therefore, how to detect fake videos of faces in the Internet has become an urgent problem to be solved. With the efforts of scholars in the world, forgery detection has also made great breakthroughs in recent years. Therefore, this review aims to summarize the existing forgery detection methods in detail. In particular, we first introduce the forgery detection data set, and then summarizes the existing methods from the aspects of forgery video trace, neural network architecture, temporal information of videos, face identity information, and generalization of detection algorithms. Then we compare and analyze their corresponding detection results. Finally, we summarize the research directions and existing problems of deep forgery detection and discusses the challenges and development trends, providing reference for relevant research. 
    Reference | Related Articles | Metrics
    Research on the Security Architecture of Artificial Intelligence  Computing Infrastructure
    Journal of Information Security Reserach    2024, 10 (2): 109-.  
    Abstract61)      PDF (1146KB)(85)       Save
    The artificial intelligence computing infrastructure is a crucial foundation for the development of artificial intelligence. However, due to its diverse attributes, complex nodes, large number of users, and vulnerability of artificial intelligence itself, the construction and operation of artificial intelligence computing infrastructure face severe security challenges. This article analyzes the connotation and security development background of artificial intelligence computing infrastructure, proposes a security architecture for artificial intelligence computing infrastructure from three aspects: strengthening its own security, ensuring operational security, and facilitating security compliance. It puts forward development suggestions aiming to provide methodological ideas for the security construction of artificial intelligence computing infrastructure, offer a basis for selection and use of safe artificial intelligence computing infrastructure, and provide decisionmaking reference for the healthy and sustainable development of the artificial intelligence industry.
    Reference | Related Articles | Metrics
Author Center
Review Center
京ICP备19004174号
Copyright © Journal of Information Security Reserach, All Rights Reserved.
Tel: 010-68558637 E-mail: ris@cei.cn
Powered by Beijing Magtech Co., Ltd.