Most Download articles

    Published in last 1 year | In last 2 years| In last 3 years| All| Most Downloaded in Recent Month| Most Downloaded in Recent Year|

    Most Downloaded in Recent Month
    Please wait a minute...
    For Selected: Toggle Thumbnails
    A Deep Learning Differential Privacy Protection Scheme Based on  Adaptive Clipping
    Journal of Information Security Reserach    2026, 12 (6): 490-.  
    Abstract104)      PDF (1728KB)(70)       Save
    To address the issues of utility degradation in deep learning models under differential privacy protection and the gap between theoretical and actual privacy protection effectiveness, this paper proposes a deep learning differential privacy protection scheme based on adaptive clipping. The scheme optimizes the process through a fourstep mechanism: firstly, gradient adaptive clipping controls the gradient magnitude during training by dynamically adjusting the gradient clipping threshold, thereby enabling the control of the magnitude of noise added subsequently; secondly, group label selection identifies the group with the smallest gradient as the privacypreserving object, and more accurate privacy loss can be obtained by training this group; thirdly, optimized privacy loss calculation combines the gaussian mechanism based on subsampling to reduce the computational overhead of model privacy loss calculation; finally, optimized gradient adaptive descent realizes the adaptive descent of gradients by adjusting the conditional smoothing parameter, thus improving the usability of the model. Experiments were conducted on the VGG architecture using the MNIST, CIFAR10, and MedicalMNIST datasets. The results show that the model accuracy rates after training with this scheme are 81.08%, 72.30%, and 67.91% respectively, representing improvements of 15.60%, 10.60%, and 9.71% compared to the traditional DPSGD, and 0.63%, 2.50%, and 4.40% over the widely used Nadam algorithm in recent years. The model training efficiency has been improved by 35.5% and 39.4%, respectively.
    Reference | Related Articles | Metrics
    Research on AIempowered Cybersecurity Detection and  Assessment Technologies
    Journal of Information Security Reserach    2026, 12 (6): 559-.  
    Abstract65)      PDF (1820KB)(45)       Save
    In response to the challenges faced by traditional cybersecurity detection and assessment technologies—such as large system scales, dynamic supply chain risks, and insufficient evaluation depth—this paper explores the application of AI technologie to advance this field. Methodologically, an endtoend implementation framework for largescale models is proposed, consisting of “data preparationdistillation and annotationcluster trainingquantitative deployment.” A localized compliance assessment model based on retrievalaugmented generation (RAG) technology is developed, and a multimodal model supporting joint textimage analysis is deployed. The large model significantly shortens the assessment cycle in scenarios such as provincial government clouds, improves the efficiency of compliance knowledge matching while reducing computational load by 70%, and markedly enhances the detection rate of inherent defects. The conclusion indicates that AI technology can effectively overcome the limitations of traditional assessment methods, promoting cybersecurity detection and assessment toward greater intelligence, adaptability, and comprehensiveness, thereby providing support for building resilient cybersecurity protection systems and fostering related ecosystem development.
    Reference | Related Articles | Metrics
    Research on Smart Contract Vulnerability Detection Method Based on  Multimodal Feature Fusion
    Journal of Information Security Reserach    2026, 12 (6): 503-.  
    Abstract58)      PDF (1602KB)(40)       Save
    Most of the smart contract vulnerability detection methods rely on single mode feature extraction, which leads to the problem of low detection accuracy due to insufficient key feature extraction. This paper proposes a smart contract vulnerability detection method based on multimodal feature fusion. Firstly, the construction of the control flow graph (CFG) is constructed by leveraging the abstract syntax tree (AST) trimmed at the source code layer and the data flow relationship based on the opcode layer, which is imported into the graph attention network (GAT) to extract two types of static features. Secondly, the fuzzing test report generated by echidna, a dynamic detection tool, is used to extract path coverage, state changes and other information to build a graph model, and the dynamic features are extracted by graph neural network (GNN). Finally, the extracted static and dynamic features are fused and input into CNN bilstm att model for vulnerability detection, and relevant experiments are carried out on 47398 smart contracts. Experimental results show that compared with eight mainstream detection methods, such as SmartCheck, Mythril, Oyente, BiGGNN, ASTNN, DRGCN, SVCB and CBGRU, the accuracy, recall and F1 value of this method in reentry vulnerability, timestamp vulnerability, integer overflow vulnerability and Tx.origin vulnerability are increased by 50.26%, 59.54% and 58.40%.
    Reference | Related Articles | Metrics
    A Network Traffic Anomaly Detection Model Based on Semisupervised  Twochannel Multiscale Gating Fusion
    Journal of Information Security Reserach    2026, 12 (6): 566-.  
    Abstract52)      PDF (1947KB)(34)       Save
    With the increasing number of network attacks, network traffic anomaly detection is becoming more and more important for maintaining network security and stability. However, existing methods are often difficult to effectively capture both static statistical features and dynamic temporal features of network traffic during feature extraction, resulting in limited detection performance in complex and evolving network environments. To address these issues, this paper proposes a twochannel multiscale gated fusion anomaly detection model (MSAD) based on semisupervised learning. The model first extracts  static statistical features of the traffic, including the number of packets, total bytes, etc., through a multiscale convolutional neural network. Secondly, the temporal features of network traffic data are captured through a bidirectional GRU network and combined with a multihead attention mechanism. Finally, adaptive fusion of different modal features is performed through gated fusion mechanism. Meanwhile, for the problem of insufficient credibility of pseudolabel generation in semisupervised learning, a twostage adversarial pseudolabel generation strategy is proposed, which effectively improves the robustness of pseudolabels. The experimental results show that under the condition of limited labeled data, the model proposed in this paper achieves 99.63%, 99.54%, 99.9% and 99.72% of accuracy, precision, recall and F1 value on the CICIDS 2017 dataset, which is significantly better than traditional machine learning and deep learning methods.
    Reference | Related Articles | Metrics
    Research Review on Collaborative Intrusion Detection Based on Federated Learning
    Journal of Information Security Reserach    2026, 12 (6): 526-.  
    Abstract65)      PDF (1168KB)(33)       Save
    The increasing complexity of cyber attacks challenges traditional centralized intrusion detection systems. Federated learningbased collaborative intrusion detection enables collaborative modeling and knowledge sharing among multiple nodes without sharing raw data, thereby effectively improving the detection capability for crossdomain and unknown attacks. This paper systematically reviews the research progress of federated learningbased collaborative intrusion detection. Existing methods are classified and analyzed from multiple perspectives, including architectureaware, model adaptation and evolutiondriven, as well as privacy and security enhanced approaches. Commonly used datasets and evaluation metrics are summarized. Finally, the major challenges and future research directions are discussed, providing references for subsequent research in this field.
    Reference | Related Articles | Metrics
    Research on Maintenance and Security of Industrial Control Networks in Electric Power Industry
    Journal of Information Security Research    2019, 5 (8): 679-684.  
    Abstract248)      PDF (2038KB)(663)       Save
    As an important part of national key infrastructure, the importance of operation and maintenance security of electric power industry control network is selfevident. Especially with the increasing security incidents of industrial control networks in the world in recent years, effective measures must be taken to protect the safe operation of industrial control networks, which also puts forward higher requirements for the operation, maintenance and safety protection of industrial control networks and industrial systems. Through indepth analysis of the characteristics of industrial control network in electric power industry, especially the key characteristics of the data type and network topology structure of the electric power network, effective operation and maintenance methods and security risk prevention methods are put forward. In operation and maintenance, the backup of system data and the state monitoring of the system itself are strengthened. Security measures, such as physical isolation, industrial control flow monitoring, fault recovery management and so on should be taken, and effective policies and behavioral norms should be provided. Finally, form safety protection measures suitable for electric power industry control network, to achieve the purpose of safe operation of the electric power industry control network.
    Reference | Related Articles | Metrics
    TOPSEC, Leading Brand of Independent Innovation, Supporting Cyberspace Power Strategy
    Journal of Information Security Research    2018, 4 (9): 774-782.  
    Abstract208)      PDF (1579KB)(990)       Save
    Related Articles | Metrics
    Analysis of the National College Student Information Security Project Competition from the Perspective of Award-winning Data
    Journal of Information Security Reserach    2021, 7 (6): 575-588.  
    Abstract646)      PDF (5052KB)(324)       Save
    As an effective carrier of practical teaching, competitions focus on examining students' creative ability and practical ability, and are an important means to improve talent training ability. The National College Student Information Security Competition is currently the only competition in the field of cyberspace security that has been shortlisted for college discipline competitions. It has been held for 13 sessions since 2008. This article will take the work competition as an example, through the collection, processing and statistics of recent competition information and award-winning data, for the first time to analyze the information security competition. By digging the hidden information and laws behind the winning data of the competition, exploring the internal connection between the topic selection direction of the winning works and the development and demand of security technology, we hope to provide theoretical and data references for colleges and students participating in such information security competitions in the future.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2025, 11 (E2): 94-.  
    Abstract58)      PDF (826KB)(32)       Save
    Reference | Related Articles | Metrics
    Dynamic Invisible Backdoor Attack via Frequency Domain Injection
    Journal of Information Security Reserach    2026, 12 (6): 510-.  
    Abstract47)      PDF (1536KB)(17)       Save
    Deep neural networks are highly vulnerable to the threat of backdoor attacks due to their noninterpretability and high dependence on data during training. Although the current mainstream backdoor attack methods generally use fixed trigger design to simplify implementation, these triggers are often significantly different from the training data distribution, resulting in easy detection and identification. To this end, this paper proposes a dynamic invisible backdoor attack method via frequency domain injection: firstly, a generative network is used to generate a specific trigger pattern based on the input samples, and then the highfrequency information of the pattern is injected into the wavelet domain of the samples, ensuring the triggers remain stealthy. Additionally, this paper designs a fair screening strategy to select samples that are more influential to the backdoor model through cosine similarity and Kmeans clustering algorithm. Experimental results show that this method outperforms existing methods (e.g., BadNets, Blend, WaNet, and WABA) in terms of attack success rate and stealthiness, and effectively circumvents a variety of stateoftheart defence mechanisms (e.g., FP, NC, SentiNet, and SCALEUP), providing significant robustness and extensive practical potential.
    Reference | Related Articles | Metrics
    Chinese Dark Web Product Detection and Classification Based on  Multimodal Data Augmentation#br#
    Journal of Information Security Reserach    2026, 12 (6): 575-.  
    Abstract45)      PDF (4502KB)(19)       Save
    In order to address the issues of coarse granularity in existing dark Web intelligence classification research and the predominance of Englishlanguage datasets, this paper proposes a finegrained analysis study focused on Chinese dark Web content. To overcome the scarcity of Chinese dark Web data and the misalignment of multimodal data, this study employs a large language model prompt rewriting strategy and a differentiated image enhancement strategy to achieve text and image data augmentation. By integrating product data from a certain platform on the Surface Web, a dataset comprising 14,052 product records was constructed. A feature selection optimization module was designed to establish an intertask coupling mechanism, and a Chinese dark Web product detection and classification model based on multimodal data augmentation was proposed. Experimental results demonstrate that the proposed model achieves macroF1 scores of 0.992 and 0.941 in dark Web product detection and classification tasks, respectively, representing an approximately 2% improvement over the best baseline model in  classification task and significantly outperforming existing singlemodal and multimodal methods. This approach effectively enhances the performance of finegrained classification tasks for Chinese dark Web intelligence, offering new insights and methodologies for dark Web intelligence analysis.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2025, 11 (E2): 89-.  
    Abstract101)      PDF (1508KB)(56)       Save
    Reference | Related Articles | Metrics
    “Internet +”Power: Overview of Westone Secruity’s Cyber Secruity
    Journal of Information Security Research    2016, 2 (10): 862-875.  
    Abstract379)      PDF (2788KB)(1138)       Save
    Related Articles | Metrics
    VEDA, Establishing the AI Dynamic Defense System for Cyber Security
    Journal of Information Security Research    2017, 3 (12): 1058-1066.  
    Abstract435)      PDF (1526KB)(962)       Save
    Related Articles | Metrics
    Research on Source Code Vulnerability Detection Based on BERT Model
    Journal of Information Security Reserach    2024, 10 (4): 294-.  
    Abstract478)      PDF (3199KB)(296)       Save
    Techniques such as code metrics, machine learning, and deep learning are commonly employed in source code vulnerability detection. However, these techniques have problems, such as their inability to retain the syntactic and semantic information of the source code and the requirement of extensive expert knowledge to define vulnerability features. To cope with the problems of existing techniques, this paper proposed a source code vulnerability detection model based on BERT(bidirectional encoder representations from transformers) model. The model splits the source code to be detected into multiple small samples, converted each small sample into the form of approximate natural language, realized the automatic extraction of vulnerability features in the source code through the BERT model, and then trained a vulnerability classifier with good performance to realize the detection of multiple types of vulnerabilities in Python language. The model achieved an average detection accuracy of 99.2%, precision of 97.2%, recall of 96.2%, and an F1 score of 96.7% across various vulnerability types. This represents a performance improvement of 2% to 14% over existing vulnerability detection methods. The experimental results showed that the model was a general, lightweight and scalable vulnerability detection method.
    Reference | Related Articles | Metrics
    Study on the Energy Trusted Data Network Mechanism Based on  Digital Object Architecture
    Journal of Information Security Reserach    2026, 12 (6): 550-.  
    Abstract49)      PDF (1624KB)(21)       Save
    The energy trusted data network primarily addresses challenges in achieving trusted interconnection, intercommunication, interdiscovery and interoperation of data, supported by digital object architecture (DOA) technology, and enables unified crossentity data access registration, directory interconnection services, and controllable analytical applications, flexibly meeting the development requirements of the energy industry, which demands high data security, organizational hierarchy, and multidomain entity segmentation. With reference to the traditional PESTEL (political, economic, social, technological, environmental, legal) environmental analysis model and the legaltechnologicaleconomiccommercial system model for data factor market development, this study proposes a systematic research framework for the energy trusted data network mechanism. Centered on data characteristics, the framework integrates dimensions of policy systems, industry layout, innovative technologies, and security compliance. Guided by the foundational principles of “costeffectiveness, equivalence of rights and responsibilities, collaborative integration, and longterm development”, it establishes a distributed overarching architecture. The mechanism is further constructed through the following aspects: collaboration mechanisms, technological mechanisms, incentive mechanisms, operational mechanisms, security mechanisms, and iterative mechanisms, to support energy industry advancement, flexible technological upgrades, and optimized evolution. By building this trusted network, more entities are encouraged to securely unify data access and leverage trusted service applications, transforming fragmented enterprise data advantages into industrywide collaborative strengths. This fosters deeper industry data utilization and advances artificial intelligence large language model development, providing critical support for the digital transformation and highquality development of the energy sector.
    Reference | Related Articles | Metrics
    Three-Dimensional Way of Acorn Network in Industrial Control Cybersecurity
    Journal of Information Security Research    2017, 3 (8): 0-0.  
    Abstract492)      PDF (3703KB)(816)       Save
    Related Articles | Metrics
    Deepin Anything Fast Retrieval Research
    Journal of Information Security Research    2018, 4 (1): 15-23.  
    Abstract294)      PDF (6426KB)(520)       Save
    In order to be able to provide users with a high-speed file search function based on file name search, we introduced "anything fast retrieval" technology. This paper introduces the design of “anything fast retrieval” technology in indexing technology in detail, and makes a theoretical analysis of the technical solutions, and gives a detailed analysis and explanation of the verification methods and verification conclusions of the technical solutions. “Anything Fast Retrieval” technology provides nearly 500 times more efficiency in file-name-based fast retrieval compared to the traditional used search techniques in today's Linux desktops OS.
    Reference | Related Articles | Metrics
    Research on Reference Architecture for Government Big Data Security
    Journal of Information Security Research    2019, 5 (5): 370-376.  
    Abstract363)      PDF (2263KB)(1193)       Save
    Government informatization has gradually moved from electronic and computerized information, to networked government information, and government big data (GBD) is a new stage in government informatization development. This stage features openness, sharing, dynamic, real-time and intelligence. In view of these features and the current situation of government big data development, this paper analyzes the technical and managemental challenges and basic security principles of the GBD platform development. Based on analysis, this paper proposes a new kind of reference architecture for GBD security based on an appropriate management organization structure. The paper also reviews related security regulatory mechanisms and security measures of this architecture. Compared to the US government's national institute of standards and technology (NIST) big data reference architecture, the proposed architecture is simpler, has a higher security level, clearer functional requirements, and is easier to implement. The proposed architecture can meet the actual current needs of big data security management, and has practical value in guiding the future government cloud platform, and security design and regulation of the GBD system.
    Reference | Related Articles | Metrics
    Research of Emergency Resources Big Data Cloud Security Management
    Han Xiaolu1 and Lü Xin2
    Journal of Information Security Research   
    Research on Cyber-Attack Defense System Based on Big Data and Threat Intelligence
    Journal of Information Security Research    2019, 5 (5): 383-387.  
    Abstract446)      PDF (1670KB)(1393)       Save
    Cyber-attacks are the use of network vulnerabilities and security flaws to attack the hardware, software and data of a cyber system. The earlier a cyber-attack is identified, the less adverse effect it has. The traditional network intrusion detection system (IDS) has some limitations in detecting cyber-attacks, such as passive protection and limited capability of threat identification. Threat intelligence technology provides a more scientific and effective method for identifying potential or actual cyber-attacks by using big data analysis,and provides a comprehensive and relevant cyber-attack defense model.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2025, 11 (E1): 9-.  
    Abstract180)      PDF (1462KB)(18)       Save
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2025, 11 (E1): 97-.  
    Abstract80)      PDF (1209KB)(17)       Save
    Related Articles | Metrics
    Image Encryption Method Based on Novel Combined Chaotic System and  Fractional Number Theory Transformation
    Journal of Information Security Reserach    2026, 12 (6): 517-.  
    Abstract36)      PDF (3694KB)(14)       Save
    Aiming at addressing existing issues in current image encryption technologies regarding encryption speed, security, and sensitivity, this paper proposes a novel image encryption method based on a combined chaotic system and fractional numbertheoretic transform. First, a new chaotic structure is proposed by combining two traditional onedimensional mappings to create a fully chaotic mapping. Metrics such as bifurcation diagrams, Lyapunov exponents, and information entropy demonstrate that the proposed chaotic structure exhibits excellent chaotic performance, large parameter space, strong sensitivity, and high randomness. Subsequently, a new image encryption method is developed based on this chaotic mapping and multiparameter fractional number theoretic transform. The hash value of the plaintext image is linked with the parameters of the chaotic system to generate initial chaotic keys and scrambling parameters. A multiparameter fractional number theoretic transform is defined by constructing a number theoretic transform feature vector. The plaintext image undergoes one round of number theoretic transform to obtain an intermediate image, followed by Arnold scrambling to disrupt the image. Finally, another round of numbertheoretic transformation is applied to generate the ciphertext image. Experimental results indicate that the algorithm achieves excellent encryption performance: the pixel change rate (NPCR) and unified average changing intensity (UACI) closely approach their ideal values; the average correlation coefficient of ciphertext images is 0.0018, approaching zero; the normalized entropy of ciphertext images reaches 0.9994, nearing the maximum value of 1. With an average encryption time of 0.273s and decryption time of 0.324s, the method outperforms other comparative schemes in efficiency. It demonstrates robust resistance against common attacks including chosenplaintext attacks, differential attacks, and exhaustive attacks, exhibiting high security and promising application prospects in multimedia security fields.
    Reference | Related Articles | Metrics
    Study on Security of Card System in Smart Campus
    Journal of Information Security Research    2016, 2 (5): 454-461.  
    Abstract371)      PDF (6098KB)(731)       Save
    It is increasingly important of the security for card system in smart campus. Firstly, it designs the system architecture of card system, and describes the function of each layer. Then, according to the system architecture, it analyzes the existing security risks about user card, foreterminal, data access and logical interface, respectively from physical layer, data layer and logic layer. It proposes the methods of security protection, implementation technology and the matters needing attention. By analyzing the disadvantages of data storage and operation of plaintext data in traditional memory card, for the first time, it introduces homomorphic encryption and data pointer in foreterminal. The scheme has been applied in the construction of card system in smart campus, and it effectively improves data security and processing efficiency of foreterminal.
    Reference | Related Articles | Metrics
    The ZUC Stream Cipher Algorithm
    Journal of Information Security Research    2016, 2 (11): 1028-1041.  
    Abstract1618)      PDF (7769KB)(801)       Save
    祖冲之算法,简称ZUC,是一个面向字设计的序列密码算法,其在128b种子密钥和128b初始向量控制下输出32b的密钥字流.祖冲之算法于2011年9月被3GPP LTE采纳为国际加密标准(标准号为TS 35.221),即第4代移动通信加密标准,2012年3月被发布为国家密码行业标准(标准号为GMT 0001—2012),2016年10月被发布为国家标准(标准号为GBT 33133—2016).简单介绍了祖冲之算法,并总结了其设计思想和国内外对该算法安全性分析的主要进展.
    Reference | Related Articles | Metrics
    The Latest Developments of Fiber Quantum Teleportation
    Journal of Information Security Research    2017, 3 (1): 36-43.  
    Abstract339)      PDF (8026KB)(258)       Save
    Since first proposed in 1993, quantum teleportation has been enjoying an enormous development both theoretically and experimentally. Quantum teleportation not only can help with investigating the foundation of quantum mechanics, but also is the footstone of quantum technologies, and it can be applied in quantum repeaters and distributed quantum computing, which are essential for a quantum network. However, before quantum teleportation can be practically applied in quantum networks, there are some technique problems that must be solved in advance experimentally, including the quantum interference between independent sources. In practical applications, quantum sources are normally separated far apart, and linked by optical fiber. To enable the interference between photons from different sources means making them indistinguishable from each other in all degrees of freedom even after they have passed through at least several kilometers of optical fiber, the properties of which can be greatly influenced by the surrounding environment. Recently, two groups (one from Hefei, one from Calgary) overcome this challenge and respectively accomplished the field test of quantum teleportation with independent sources, which marks a critical step towards the realization of a global quantum Internet.
    Related Articles | Metrics
    Semantics Based Webshell Detection Method Research
    Journal of Information Security Research    2017, 3 (2): 145-150.  
    Abstract504)      PDF (4585KB)(644)       Save
    A semanticsbased Webshell detection method was proposed. This method obtained the code behavior and related dependencies by syntax analysis of the file, and achieved semantic understanding to complete the Webshell detection by the risk model. A critical abstract syntax subtree extraction method which can reject irrelevant factor and get the malicious behavior occurrence point was proposed. The description of behavior in risk model database was defined with BackusNaur Form, finally a smooth risk value curve could be obtained by graph matching algorithm, which can finish the criticality assessment of the file and can get a better result by adjusting the threshold A webshell detection system based on that detection method was designed and finished, the experimental results have demonstrated that the SemanticsBased method was effective in Webshell detection.
    Reference | Related Articles | Metrics
    Building Cyber Security Defense by Trusted Computing 3.0
    Journal of Information Security Research    2017, 3 (4): 290-298.  
    Abstract433)      PDF (1075KB)(2025)       Save
    Related Articles | Metrics
    Secboot’s AI Technology Pushes Identif cation Security to the Cusp of a New Era
    Journal of Information Security Research    2018, 4 (7): 582-587.  
    Abstract283)      PDF (1248KB)(613)       Save
    Related Articles | Metrics
    Information Security Policy and Standard System of Industrial Control System in China
    Journal of Information Security Research    2018, 4 (10): 959-964.  
    Abstract267)      PDF (2263KB)(676)       Save
    The implementation of China Manufacturing 2025 and the “Internet Plus” strategy has made the information security problems of industrial control system becoming increasingly prominent. Investigating its root causes, industrial security related standards are not systematic, and the lack of guidance for practical work is one of the main factors. On the basis of investigating the status quo of China's information security national standard system construction and sorting out domestic industrial security related policies and standards, this paper proposes the security related policies of China's industrial control system by studying the international industrial security related standards system and combining the actual situation of domestic industrial security requirements and standard systems. The system can provide reference and guidance for the industrial control system application enterprise to plan and construct its industrial control system security protection system, formulate the industrial control system security management norms, and regularly carry out the industrial control security self-inspection activities, and effectively improve the information security guarantee capability of the enterprise industrial control system.
    Reference | Related Articles | Metrics
    Federated Foundation Model Finetuning Based on Differential Privacy#br#
    #br#
    Journal of Information Security Reserach    2024, 10 (7): 616-.  
    Abstract558)      PDF (1752KB)(272)       Save
    As the availability of private data decreases, large model finetuning based on federated learning has become a research area of great concern. Although federated learning itself has a certain degree of privacy protection, privacy security issues such as gradient leakage attacks and embedding inversion attacks on large models still threaten the sensitive information of participants. In the current context of increasing awareness of privacy protection, these potential privacy risks have significantly hindered the promotion of large model finetuning based on federated learning in practical applications. Therefore, this paper proposes a federated large model embedding differential privacy control algorithm, which adds controllable random noise to the embedded model of the large model during efficient parameter finetuning process through a global and local dual privacy control mechanism to enhance the privacy protection ability of federated learning based large model parameter finetuning. In addition, this paper demonstrates the privacy protection effect of this algorithm in large model finetuning through experimental comparisons of different federation settings, and verifies the feasibility of the algorithm through performance comparison experiments between centralization and federation.
    Reference | Related Articles | Metrics
    Research on the Implementation Path of Zero Trust Strategy
    Journal of Information Security Reserach    2026, 12 (5): 483-.  
    Abstract40)      PDF (3588KB)(36)       Save
    Amid the wave of digital transformation, the traditional boundarybased network security model is increasingly ineffective in dynamic and border less environments. The United States has taken the lead in restructuring its cybersquatting system through a systematic zerotrust strategy, and its trinity practice path of “policytechnologyecology” is of reference significance for China to build a digital security barrier. This paper uses case analysis and policy comparison methods to deeply analyze the toplevel design logic, core technological breakthrough points, and ecological coordination mechanisms of the U.S. zerotrust strategy, revealing its essence of transitioning from “passive protection” to “active immunity”. Based on a deep diagnosis of the complexity of China’s ultralargescale network ecosystem, the shortcomings in the autonomy of core technologies, and the challenges of data sovereignty governance, this paper proposes a Chinesestyle “fourdimensional integrated” implementation path: breaking the fragmented dilemma with systematic toplevel design; breaking through technological bottlenecks with the integration of national cryptography and AIdriven technologies; building a security ecosystem with costsharing and standard leadership through governmententerprise collaboration; and addressing implementation limitations with scenario classification and privacy enhancement. The study emphasizes that China needs to innovate on the basis of reference, take zero trust as an important engine for building a digital security barrier, and balance the needs of security protection with the development of the digital economy.
    Reference | Related Articles | Metrics
    Overview on SM4 Algorithm
    Journal of Information Security Research    2016, 2 (11): 995-1007.  
    Abstract1792)      PDF (8653KB)(1168)       Save
    SM4 Algorithm, short for SM4 Block Cipher Algorithm, was published in 2006 to promote the application of WAPI. It became a cryptography industrial standard (GMT 0002—2012) in March 2012 and a national standard (GBT 32907—2016) in August 2016. This paper describes SM4s calculating process, structural features and cryptographic properties. Furthermore, we introduce some latest researches on SM4s security and compare SM4s security with several international block cipher standards such as AES, HIGHT and MISTY1.
    Reference | Related Articles | Metrics
    Artifcial Intelligence Promotes the Paradigm Shift of Information Security —A Case Study of Driverless Car by Baidu
    Journal of Information Security Research    2016, 2 (11): 958-968.  
    Abstract360)      PDF (2086KB)(1444)       Save
    Related Articles | Metrics
    Blockchain Technology and Its Prospect of Industrial Application
    Journal of Information Security Research    2017, 3 (3): 200-210.  
    Abstract588)      PDF (9369KB)(388)       Save
    The Blockchain industry is current developing rapidly globally, with a clearer picture of the whole industry chain. The underlying infrastructure and platform, Blockchain applications in different industry segments, and venture capital investment all have sound foundations. The paper introduces the basic concept and work principle of Blockchain, describes the design philosophy, technological application and security issues of the three mainstream Blockchain platforms nowadays (Bitcoin, Ethernet and Hyperledger), and then puts forward a number of potential Blockchain application scenarios in the world. With great attention on Blockchain in terms of industry application, its helpful for Blockchain practices with Design Thinking and IBM Garage. Both in China and around the world, the paper summarizes the status quo of the Blockchain industry development, and outlines its future in general.
    Reference | Related Articles | Metrics
    Research of Identity-Based Cryptography Application in Internet of Things
    Journal of Information Security Research    2017, 3 (11): 1040-1044.  
    Abstract282)      PDF (4015KB)(412)       Save
    With the widespread use of public key cryptography(PKI), there are some defects in the management also exposed, such as certificate of search, cancellation, storage, issuance and verify that all need to take up a lot of valuable network resources, and can lead to a larger storage overhead and computation overhead. Identity-based cryptography( IBC) is developed based on PKI, besides has the PKI technology advantages, mainly solved in the specific application of PKI security needs a large number of exchange of digital certificates, make security applications more easy to deploy and use. The IBC password technology USES asymmetric cryptography to encrypt and decrypt two sets of keys. Compared with the public key cryptosystem based on digital certificate, identity-based cryptosystem has don't need certificate center, has a higher safety performance, shorter key lengths and convenient key management, can be combined with Internet of things(iot) device identifier, solve identification in iot, key security issues such as link encryption, data protection.
    Reference | Related Articles | Metrics
    Design and Implementation of Dark Net Data Crawler Based on Tor
    Journal of Information Security Research    2019, 5 (9): 798-804.  
    Abstract1402)      PDF (3976KB)(1509)       Save
    tWith the development of anonymous communication technology, more and more users begin to use anonymous communication to protect personal privacy. Tor, as the most popular application of anonymous communication system, can effectively prevent behavior such as traffic sniffing, eavesdropping and other behaviors. While protecting the privacy of users from being stolen, “dark net” is also used by many criminals. Thus, this has brought great challenges to the supervision of public security. How to strengthen the regulation and crackdown on illegal information of dark network websites is an urgent problem to be solved. Therefore, the data of crawling anonymous websites is an important basis for supervising those websites effectively. The most mainstream dark network anonymous communication system Tor was introduced briefly, its technical principles were analyzed, and a dark network data crawler program was designed, which mainly use Selenium to enter the Tor network, bulk crawl the dark Web pages and save the data to the local. It will help the public security department to further monitor and analyze the relevant content in the dark network, and also propose a feasible technical means for the police department to supervise the dark network.
    Reference | Related Articles | Metrics
    Research on Data Classification and Grading Method Based on Data Security Law
    Journal of Information Security Reserach    2021, 7 (10): 933-.  
    Abstract1682)      PDF (2157KB)(1108)       Save
    The Data Security Law of the People's Republic of China (hereinafter referred to as the Data Security Law) has been formally promulgated, which clearly stipulates that the state establishes data classification and grading protection system, and implements classified and graded protection for data. However, at present, the relevant standards and specifications of data classification and grading in China are relatively lacking, and the practical experiences that can be used for reference in various industries are relatively insufficient. How to effectively implement the data classification and grading protection is still a thorny problem. Based on Article 21 of the Data Security Law, this paper analyzes the factors such as the influence object, influence breadth and influence depth after the data is damaged, puts forward the principles and methods of data classification and data grading, and gives an implementation path of data classification and grading according to the application scenarios and industry characteristics of the data, which provide a certain reference for data classification and grading protection of various industries.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2024, 10 (E2): 105-.  
    Abstract746)      PDF (929KB)(393)       Save
    Reference | Related Articles | Metrics