Most Download articles

    Published in last 1 year | In last 2 years| In last 3 years| All| Most Downloaded in Recent Month| Most Downloaded in Recent Year|
    Most Downloaded in Recent Month
    Please wait a minute...
    For Selected: Toggle Thumbnails
    Journal of Information Security Reserach    2024, 10 (E2): 40-.  
    Abstract293)      PDF (839KB)(174)       Save
    Reference | Related Articles | Metrics
    An Overview of Application and Technology of Artificial Intelligence in Cybersecurity
    Journal of Information Security Reserach    2022, 8 (2): 110-.  
    Abstract2040)      PDF (1142KB)(1417)       Save
    Compared with the developed countries, the basic research and technology application in the field of artificial intelligence in China started later, especially the application of artificial intelligence in the important field of network security. Domestic and abroad disparity is still very obvious, which seriously affects the improvement of China's cybersecurity capability. This paper elaborates the relationship between artificial intelligence, network attack and network defense, and widely investigates the application status of artificial intelligence in major information security companies at home and abroad. It points out that APT detection, 0day vulnerability mining and cloud security are three core areas that affect the level of cybersecurity capability, This paper deeply analyzes the key technologies of artificial intelligence technology applied in these three fields, and puts forward the safety risks of artificial intelligence technology, and points out that artificial intelligence technology is not a panacea for all diseases, This Paper provides a scientific reference for the further research and application of artificial intelligence technology in China's information security industry.
    Reference | Related Articles | Metrics
    Research on Critical Information Infrastructure Security Protection
    Journal of Information Security Reserach    2025, 11 (11): 978-.  
    Abstract23)      PDF (325KB)(21)       Save
    Related Articles | Metrics
    Research on Critical Information Infrastructure Security Protection
    Journal of Information Security Reserach    2025, 11 (10): 878-.  
    Abstract117)      PDF (324KB)(70)       Save
    Related Articles | Metrics
    A Symbioticbased Framework for AI Safety Governance
    Journal of Information Security Reserach    2025, 11 (10): 897-.  
    Abstract98)      PDF (2070KB)(44)       Save
    Artificial intelligence technology is currently developing at an unprecedented pace, with safety concerns becoming a global focal point. Traditional AI safety research has predominantly relied on a “control paradigm”, emphasizing limitations, regulations, and value alignment to control AI behavior and prevent potential risks. However, as AI capabilities continue to strengthen, unidirectional control strategies are revealing increasingly significant limitations, with issues such as transparency illusions, adversarial evolution, and innovation suppression gradually emerging. Industry leaders like Sam Altman and Dario Amodei predict that AI may comprehensively surpass human capabilities in multiple fields within the next 23 years, making the reconstruction of AI governance paradigms particularly urgent. This paper proposes a new perspective—the “symbiotic paradigm”—emphasizing humanmachine collaboration as the core and understanding and trust as the foundation. Through establishing four pillars: transparent communication, bidirectional understanding, creative resonance, and dynamic boundaries, it promotes AI safety’s transition from control to cocreation, serving as one of the foundational paths for digital governance transformation. This paper systematically demonstrates the feasibility and necessity of the symbiotic paradigm through four dimensions: theoretical analysis, technological paths, practical cases, and governance recommendations, aiming to provide a sustainable alternative for future AI safety research and digital governance practices.
    Reference | Related Articles | Metrics
    Research on the Standard System of Security Protection for Critical Information Infrastructure#br#
    #br#
    Journal of Information Security Reserach    2025, 11 (11): 979-.  
    Abstract21)      PDF (947KB)(18)       Save
    As a pivotal cornerstone of the digital society, the security of critical information infrastructure directly affects economic development, social stability, national wellbeing, and national security. By analyzing the strategic significance of security protection standards for critical information infrastructure, and drawing on a study of the current landscape of domestic and international policies, this paper conducts an indepth analysis of the challenges and existing issues confronting the development of China’s security protection standard system for critical information infrastructure. In response to these problems, optimized strategies of China’s security protection standard system for critical information infrastructure are proposed from the perspectives of toplevel design, improvement of the standard system, and enhancement of effectiveness. The purpose of this paper is to refine the nation’s security protection standard system for critical information infrastructure, elevate the security protection capabilities thereof, safeguard social stability and national security, and realize sustainable development.
    Reference | Related Articles | Metrics
    Research on Security Assurance of Egovernment
    Journal of Information Security Reserach    2025, 11 (10): 879-.  
    Abstract87)      PDF (865KB)(40)       Save 
    government encompasses critical domains including government operations, public services, and data management, and its security directly affects national interests, public wellbeing, and social stability. In recent years, cyberattacks targeting Egovernment systems have become more frequent and continue to rise, security risks of government administrative networks continued to mount up and challenge security protection. This paper analyzes the development paths of Egovernment security protection at home and abroad and proposes relevant policy recommendations, with the aim of providing strong support for building a more perfect and optimized Egovernment security protection system.
    Reference | Related Articles | Metrics
    Research on Traffic Anomaly Detection Method and System for API Gateway
    Journal of Information Security Reserach    2025, 11 (10): 917-.  
    Abstract80)      PDF (1061KB)(31)       Save
    With the rise of cloud services and the widespread use of API technology, many network capabilities of operators are usually outputted and empowered through APIs. API gateways have become an important way for northsouth and eastwest system interconnection and data sharing. This paper proposes a method for API gateway traffic anomaly detection based deep learning. Firstly, a heterogeneous graph is constructed to comprehensively represent the gateway traffic network. Then, based on graph attention neural network, node representations in the heterogeneous graph are learned by considering both structural and temporal dimensions. We introduce graph structure refinement to compensate for sparse connections between entities in the heterogeneous graph and obtain more robust node representation learning; Finally, the meta learning algorithm is used to optimize the model and improve its generalization ability in small sample scenarios. The model can be deployed on gateway devices. The algorithm model was experimentally evaluated on the CICIDS2017 dataset, and the results showed that compared with the baseline algorithm, the detection method proposed in this paper has good performance in small sample and multi classification problems.
    Reference | Related Articles | Metrics
    Research on Critical Information Infrastructure Security Protection
    Journal of Information Security Reserach    2025, 11 (12): 1074-.  
    Abstract16)      PDF (334KB)(13)       Save
    Related Articles | Metrics
    A Survey of Zero Trust Research
    Journal of Information Security Research    2020, 6 (7): 608-614.  
    Abstract1342)      PDF (2068KB)(1625)       Save
    With the popularization of cloud computing, mobile office and other technologies, the enterprise network structure becomes complex. The traditional network security model is based on the idea of boundary protection, which can not meet the current needs. Zero trust is a new network security model, where no distinction is made between internal and external networks and all entities need authentication and authorization before accessing resources, which can be used to protect the network whose perimeter is increasingly fuzzy. This paper gives the definition of zero trust, introduces the architecture of zero trust, analyzes the core technology of zero trust, compares and analyses several representative zero trust schemes, summarizes the development status, points out the research direction needing attention in this field, which can provide reference for the research and application of zero trust.
    Reference | Related Articles | Metrics
    A Survey on Backdoor Attacks and Defenses in Federated Learning
    Journal of Information Security Reserach    2025, 11 (9): 778-.  
    Abstract101)      PDF (2638KB)(34)       Save
    Federated learning is a machine learning framework that enables participants in different fields to participate in largescale centralized model training together under the condition of protecting local data privacy. In the context of addressing the pressing issue of data silos, federated learning has rapidly emerged as a research hotspot. However, the heterogeneity of training data among different participants in federated learning also makes it more vulnerable to model robustness attacks from malicious participants, such as backdoor attacks. Backdoor attacks inject backdoors into the global model by submitting malicious model updates. These backdoors can only be triggered by carefully designed inputs and behave normally when input clean data samples, which poses a great threat to the robustness of the model. This paper presents a comprehensive review of the current backdoor attack methods and backdoor defense strategies in federated learning. Firstly, the concept of federated learning, the main types of backdoor attacks and backdoor defenses and their evaluation metrics were introduced. Then, the main backdoor attacks and defenses were analyzed and compared, and their advantages and disadvantages were pointed out. On this basis, we further discusses the challenges of backdoor attacks and backdoor defenses in federated learning, and prospects their research directions in the future.
    Reference | Related Articles | Metrics
    Research on Frontier Technologies for Critical Information  Infrastructure Security Protection
    Journal of Information Security Reserach    2025, 11 (12): 1075-.  
    Abstract17)      PDF (994KB)(11)       Save
    Currently, China’s critical information infrastructure (CII) faces significant threats, including statesponsored cyber attacks and supply chain disruptions. This research aims to systematically analyze the key technological frameworks and development trends in CII security protection, assess China’s current technological capabilities and core bottlenecks in this domain, and propose development strategies and implementation pathways aligned with national conditions. Focusing on key technology clusters such as dynamic active defense, intelligent analysis and response, and resilience architectures, the study explores their synergistic application mechanisms and integration points with existing policies. The study seeks to provide critical technical support and policy recommendations for enhancing the security resilience and compliance of CII.
    Reference | Related Articles | Metrics
    Overview on SM4 Algorithm
    Journal of Information Security Research    2016, 2 (11): 995-1007.  
    Abstract1682)      PDF (8653KB)(1117)       Save
    SM4 Algorithm, short for SM4 Block Cipher Algorithm, was published in 2006 to promote the application of WAPI. It became a cryptography industrial standard (GMT 0002—2012) in March 2012 and a national standard (GBT 32907—2016) in August 2016. This paper describes SM4s calculating process, structural features and cryptographic properties. Furthermore, we introduce some latest researches on SM4s security and compare SM4s security with several international block cipher standards such as AES, HIGHT and MISTY1.
    Reference | Related Articles | Metrics
    The Enlightenment and Reference of Cybersecurity Protection Policies for  Critical Information Infrastructure
    Journal of Information Security Reserach    2025, 11 (10): 885-.  
    Abstract69)      PDF (920KB)(24)       Save
    The security and stability of critical information infrastructure (CII) are of crucial importance to national security, economic development, and social stability. The insights and lessons learned from the CII security safeguards policies of countries and organizations such as the European Union, Japan, the United States, and Russia merit reference. CII security safeguards policies in China has gone through the stages of early exploration, rapid development, and comprehensive advancement; it is confronted with real predicaments including insufficient policy foresight, inadequate crossdomain coordination and collaboration, poor coordination and alignment of standards, and weak discourse power in international rules. It is suggested that China should strengthen the strategic guidance and toplevel design for CII, improve the crossdomain overall planning and linkage mechanism, formulate and refine CII protection standards.
    Reference | Related Articles | Metrics
    Research on Highquality Development of New Infrastructures Under  Critical Information Infrastructure Security Protection
    Journal of Information Security Reserach    2025, 11 (10): 891-.  
    Abstract69)      PDF (957KB)(22)       Save
    Developing new infrastructure plays a crucial role in enhancing the security protection capabilities of critical information infrastructure. The approaches adopted by relevant countries in advancing new infrastructure—such as boosting global competitiveness, prioritizing key technology R&D, attracting deep private sector participation, promoting unified standards and regulations, and strengthening supply chain resilience—offer valuable insights. Although China’s new infrastructure has seen continuous improvements in recent years regarding development scale, technological autonomy, digital and intelligent capabilities, and its capacity to support critical infrastructure, it also faces challenges such as significant intrinsic security risks, risks associated with introducing new technologies, and lagging standardization efforts. It is recommended in terms of to drive the highquality development of new infrastructure by leveraging intelligent upgrades as the driving force, functional expansion as the connecting link, and boundary governance as the focal point.
    Reference | Related Articles | Metrics
    Research on Data Space Security Under Critical Information  Infrastructure Security
    Journal of Information Security Reserach    2025, 11 (12): 1093-.  
    Abstract11)      PDF (968KB)(10)       Save
    Against the backdrop of the deepening development of the digital economy, researching the security of trustworthy data spaces is of great significance for enhancing the data protection level of critical information infrastructure and promoting the highquality development of the datafactor market. This study systematically analyzes the development status of data spaces in the United States, the European Union and Japan. Building on international experience, it focuses on industrial sectors, examining the development landscape and existing challenges of data space security in each field. The study proposes policy recommendations, including strengthening the legal and regulatory framework for data spaces, advancing breakthroughs in core technologies, fostering diverse application scenarios and market ecosystems, optimizing the supply structure, and enhancing international cooperation. These proposals aim to ensure the secure circulation of data as a production factor and to promote the highquality development of the data factor market.
    Reference | Related Articles | Metrics
    Research on Multimodal Cyberspace Identification Technology  Based on Object Identifier
    Journal of Information Security Reserach    2025, 11 (10): 960-.  
    Abstract60)      PDF (1253KB)(16)       Save
    Multimodal cyberspace identification is a basic work for the construction of multimodal cyberspace. This paper summarizes the current state of identification system research both domestically and internationally, and provides a comparative analysis of various identification technologies. In view of the large number of communication devices in multimodal cyberspace and the high requirements of endogenous security, a multimodal cyberspace identification technology based on object identifiers is proposed, and the coding rules of tree structure are used to identify and manage largescale communication devices in multimodal cyberspace to improve management efficiency.
    Reference | Related Articles | Metrics
    A Review of Hardware Accelerated Research on Zeroknowledge Proofs
    Journal of Information Security Reserach    2024, 10 (7): 594-.  
    Abstract876)      PDF (1311KB)(292)       Save
    ZeroKnowledge Proofs (ZKP) are cryptographic protocols that allow a prover to demonstrate the correctness of a statement to a verifier without revealing any additional information. This article primarily introduces research on the acceleration of zeroknowledge proofs, with a particular focus on ZKPs based on Quadratic Arithmetic Programs (QAP) and Inner Product Proofs (IPA). Studies have shown that the computational efficiency of zeroknowledge proofs can be significantly improved through hardware acceleration technologies, including the use of GPUs, ASICs, and FPGAs. Firstly, the article introduces the definition and classification of zeroknowledge proofs, as well as the difficulties encountered in its current application. Secondly, this article  discusses in detail the acceleration methods of different hardware systems, their implementation principles, and their performance improvements over traditional CPUs. For example, cuZK and GZKP utilize GPUs to perform Multiscalar Multiplication (MSM) and Number Theoretic Transform (NTT), while PipeZK, PipeMSM, and BSTMSM accelerate these computational processes through ASICs and FPGAs. Additionally, the article mentions applications of zeroknowledge proofs in blockchain for concealing transaction details, such as the private transactions in ZCash. Lastly, the article proposes future research directions, including accelerating more types of ZKPs and applying hardware acceleration to practical scenarios to resolve issues of inefficiency and promote the widespread application of zeroknowledge proof technology.
    Reference | Related Articles | Metrics
    Internet of Things Intrusion Detection Model Based on Federated Learning
    Journal of Information Security Reserach    2025, 11 (9): 788-.  
    Abstract84)      PDF (1432KB)(31)       Save
    The Internet of things (IoT) has shown a wide range of application prospects and huge development potential in many fields. However, as the scale of the IoT continues to expand, independent IoT devices lack highquality attack instances, making it difficult to effectively respond to increasingly complex and diverse attack behaviors. Consequently, addressing IoT security issues has become a critical challenge that requires urgent attention. To address this problem, the paper proposes an IoT intrusion detection model based on federated learning and attention mechanisms, which allows multiple devices to train the global model collaboratively while protecting their data privacy. Firstly, this paper constructs an intrusion detection model combining convolutional neural network and mixed attention mechanism to extract key features of network traffic data, so as to improve detection accuracy. Secondly, the paper introduces the model contrast loss to correct the training direction of the local model to alleviate the global model convergence difficulties caused by the nonindependent and same distribution of data between devices. The experimental results show that the proposed model is significantly superior to the existing methods in terms of accuracy, accuracy and recall, demonstrating stronger intrusion detection capabilities, and can effectively deal with complex data distribution problems in the IoT environment.
    Reference | Related Articles | Metrics
    The Research of the Organizational Management Systems in Security Protection for Critical Information Infrastructure#br#
    Journal of Information Security Reserach    2025, 11 (11): 993-.  
    Abstract14)      PDF (946KB)(8)       Save
    In recent years, cyberattacks targeting national critical information infrastructure systems have increased rapidly, intensifying the security situation increasingly severe. Cyberattacks exploiting vulnerabilities in weak defense systems have become a major threat to the security protection of critical information infrastructure. Under the increasingly complex cyberattack environment, building a coordinated defense mechanism has become especially important. This paper analyzes the evolution and progress of organizational management in the area of critical information infrastructure security both domestically and internationally, and proposes a series of improvement measures. These efforts aim to provide reference for the future development of organizational management systems in coordinated security protection for critical information infrastructure.
    Reference | Related Articles | Metrics
    Comparative Analysis and Countermeasures of Domestic and Foreign Laws and Regulations on Artificial Intelligence#br#
    Journal of Information Security Reserach    2025, 11 (11): 1048-.  
    Abstract17)      PDF (1119KB)(8)       Save
    In recent years, AI (artificial intelligence) technology has developed rapidly. As one of the core driving forces, AI algorithms have gradually shown great potential and influence in many fields, such as medical care and finance. However, while algorithmic technology brings innovation and convenience, it also raises a series of complex legal and ethical issues. In response to these  concerns, governments have introduced relevant laws and regulations to regulate the development and application of algorithms, and safeguard the public interest and social order. However, the current domestic and foreign laws and regulations show the characteristics of decentralization and fragmentation, lack of systematic and comprehensive analysis, which not only increases the difficulty of enterprises in algorithm compliance, but also affects the healthy and orderly development of algorithm technology. Therefore, this paper systematically and comprehensively analyzes the basic framework and characteristics of China’s AI regulations, and further compares the algorithm governance with relevant foreign regulations. The advantages and disadvantages are summarized to put forward targeted countermeasures and suggestions, which provides valuable practical reference for policy makers and enterprise managers, and jointly promotes the development and application of China’s AI technologies.
    Reference | Related Articles | Metrics
    Research on the Risk Assessment System for Data Security in the Transportation Industry#br#
    Journal of Information Security Reserach    2025, 11 (11): 1064-.  
    Abstract16)      PDF (5683KB)(8)       Save
    The transportation information system is not only a critical component of the national key information infrastructure, but also an important industry of the 2+8+N system, in which is crucial to the nation’s economy and people’s livelihood. With the continuous advancement of smart transportation construction, the volume of traffic data is growing rapidly. The position of data as a production factor highlights its importance and value, and also induces higher demands for data security. The transportation industry pays close attention to data security, and based on national policies, laws, regulations, and standards, the competent transportation authorities have issued a series of industry standards and regulations to guide the security of transportation data. However, the transportation industry covers a wide range of business areas, and its data has characteristics such as multisource, heterogeneity, partiality, spatiotemporal correlation, asynchronicity, information sparsity, and concurrency. Moreover, the data has a high degree of mobility, and the operational conditions and flow are complex, making data surveillance a large range and great difficulty, which brings a series of challenges to the protection of data security. Based on existing laws, regulations, and standards, and deeply integrating the characteristics of transportation industry data, this research on the data security risk assessment system provides a reference for the construction of transportation data security protection.
    Reference | Related Articles | Metrics
    Research on Security Challenges and Countermeasures for Critical  Information Infrastructure in the Artificial Intelligence Era
    Journal of Information Security Reserach    2025, 11 (12): 1087-.  
    Abstract13)      PDF (944KB)(8)       Save
    With the rapid advancement of artificial intelligence (AI) technologies, critical information infrastructure is confronting unprecedented security challenges. This paper employs systematic analysis and comparative research methods to examine the security threats faced by critical information infrastructure in the AI era, specifically focusing on structural vulnerabilities, governance lag, and dual technical risks. Drawing on the strategic practices of major economies such as the United States, the European Union, and Japan, it proposes that China should enhance AI security policy standards, establish a security risk governance framework, and strengthen security technology innovation. Through these pathways, China can build a selfreliant, secure, and reliable AIenabled critical information infrastructure system, thereby enhancing national digital security capabilities and global competitiveness.
    Reference | Related Articles | Metrics
    Private Set Intersection Cardinality Protocol for Supporting Set  Dynamic Updating
    Journal of Information Security Reserach    2025, 11 (12): 1099-.  
    Abstract9)      PDF (1322KB)(8)       Save
    The private set intersection cardinality (PSICA) enables each participant to obtain only the intersection size while keeping other information private. For instance, when it comes to measuring the ad conversion rates, the number of ad viewers on the ad platform is much smaller than the number of service subscribers of the service provider, and the set owned by the service provider is constantly changing. However, the majority of the existing PSICA protocols do not suppport the dynamic updating of sets. To this end, this paper proposes a PSICA protocol based on switched encryption and dynamic Bloom filters for nonequilibrium scenarios and supports dynamic updating of ensembles. The security proof shows that the protocol can be proven to be secure under the random oracle model. The performance analysis and simulation experimental results indicate that the protocol is able to achieve the intersection base computation with acceptable overhead and the misclassification rate of the dynamic Bloom filter is maintained at a low level. 
    Reference | Related Articles | Metrics
    Fileless Obfuscation Attack Recognition Based on Semantic Recovery and  Large Language Model
    Journal of Information Security Reserach    2025, 11 (12): 1125-.  
    Abstract11)      PDF (1478KB)(8)       Save
    With the continuous advancement of fileless attack techniques and strategies, research on identifying fileless malicious attack has garnered significant attention. Among these, fileless obfuscation attack, as a new type of covert, dynamic, and complex attack, can rapidly bypass existing attack engines and rulebased frameworks. To address this problem, this paper proposes an attack script restoration method guided by dynamic partial execution and semantic analysis tree guidance, enabling the restoration of obfuscated code. Furthermore, leveraging the efficiency of large models in attack understanding and semantic recognition, we integrate large models to achieve efficient identification and classification of fileless code. To further alleviate the limitations of large models in handling large code files and long passages, we also provide a semantic code compression strategy to retain critical attack semantics. Experimental results demonstrate that our proposed semantic restoration and large model identification methods can enhance effectiveness by around 10% compared to existing models and methods, while maintaining efficient attack identification efficiency.
    Reference | Related Articles | Metrics
    Design, Implementation and Testing of Random Number Generators
    Journal of Information Security Research    2019, 5 (1): 39-49.  
    Abstract481)      PDF (1862KB)(720)       Save
    Random number generator (RNG) is indispensable for modern cryptography. The unpredictability of the generated random number provides basic security for cryptographic applications, such as cryptographic algorithms and security protocols. Once the quality of the random number cannot satisfy the security requirements as expected, it may lead to the existing of serious security risks in these applications. In this paper, it gives a systematic investigation and summary for the studies of RNGs from the view of design, and testing. On the design and implementation aspect, we introduce the researches on the hardware TRNGs and software TRNGs. On the testing aspect, it includes the research progress of RNG (blackbox) statistical tests, entropy estimation and online tests.
    Reference | Related Articles | Metrics
    A Survey of Fingerprint Recognition Technology
    Journal of Information Security Research    2016, 2 (4): 343-355.  
    Abstract851)      PDF (10838KB)(736)       Save
    Human society shows great interest in fingerprint at early times, but modern fingerprint recognition technology originated at the time of Galtons research, and used in criminal investigation at first. Since 1990s, fingerprint recognition begun to find its application in other commercial areas. In recent years, fingerprint recognition appears on mobile phone, and acts as an important method for screen unlocking and online payment. In the future, biometrics method, including fingerprint recognition, may replace current password system. For fingerprint recognition algorithm, classification is studied at first to improve the speed for fingerprint archives searching. Most algorithms today focus on matching the minutiae, including ridge ending and bifurcation. As the popularization of fingerprint recognition on mobile devices, the area of fingerprint sensor becomes smaller and smaller, matching technology based on third level features such as sweat pore and ridge shape gains more attentions. For fingerprint sensing, the first appeared method is pressing by ink. Fingerprint cards with inkpressed fingerprint is then digitized by scanner for computer storage and processing. From 1970s, the appearance and popularization of optical fingerprint sensing boost the quick and onsite image capturing and verification. Applications on mobile devices s the rapid progress of small size fingerprint sensor.
    Reference | Related Articles | Metrics
    SM3 Cryptographic Hash Algorithm
    Journal of Information Security Research    2016, 2 (11): 983-994.  
    Abstract1429)      PDF (8502KB)(896)       Save
    The cryptographic hash functions play an important role in modern cryptography. They are used to compress messages of arbitrary length to fixed length hash values. The most common cryptographic applications of hash functions are with digital signature and for data integrity. SM3 cryptographic hash algorithm is issued as the industry standard in 2012. In 2016, it was published as national standard. It takes a 512bit message as input and outputs a 256bit hash value. This paper summarizes the design, properties, software and hardware implementations and cryptanalysis of SM3 cryptographic hash algorithm. Furthermore, we compare SM3 with other hash standards.
    Reference | Related Articles | Metrics
    AI Security—Research and Application on Adversarial Example
    Journal of Information Security Research    2019, 5 (11): 1000-1007.  
    Abstract789)      PDF (3155KB)(838)       Save
    With the rapid development of AI (artificial intelligence), the number of AI systems and applications grows explosively. AI has been closely linked to numerous people and brings great convenience to their life. Meanwhile, AI also leads to big challenges in the cyber security area. Some malicious fraudsters take advantage of AI to attack internet systems especially in the field of captcha generation. The antiknowledge map captcha based on the adversarial example technology is proposed, which fused the natural language processing technology and adversarial example generation technology, and thus increase the robustness to attacks and safeguard the security environment of internet.
    Reference | Related Articles | Metrics
    Unified Authority Management Scheme in Zero Trust Architecture 
    Journal of Information Security Reserach    2021, 7 (11): 1047-.  
    Abstract481)      PDF (1922KB)(405)       Save
    Zero trust security architecture is subverting people's perception of enterprise security. Its main point is "continuous verification, never trust", which makes more requirements for the subject, object and time of authentication and authorization. This paper mainly discusses how to quickly achieve unified authority management and control under the background of zero trust from the perspective of authority management. Through the investigation and analysis of many enterprises, functional authority and data authority are the most common dimensions of authority management in enterprises. Based on this, we can design a set of universal and highly flexible unified authority platform, which is used to centrally manage the authority data of each enterprise information system, realize the efficient control of authority under the zero trust architecture, and ensure the data security and business security
    Reference | Related Articles | Metrics
    A Survey of SQL Injection Attack Detection and Defense Technology
    Journal of Information Security Reserach    2023, 9 (5): 412-.  
    Abstract725)      PDF (2612KB)(418)       Save
    In the era of “Internet+”, data is the most valuable resource of the Internet. Attackers often use SQL injection attacks to destroy the database in order to obtain important data information in the database. The threat to database security is becoming more and more serious. At present, the research on SQL injection attacks mostly focuses on traditional SQL injection attacks, but lacks the cognition of new advanced SQL injection technology with stronger concealment and higher risk, and the research on related detection and defense technology. In response to this phenomenon, this paper analyzes and evaluates traditional and advanced SQL injection attack technologies and their technical characteristics based on the classification of SQL injection technologies; summarizes existing detection and defense technologies, and evaluates the advantages and disadvantages of these methods for defense effectiveness; finally The problems existing in the current research field are sorted out, and suggestions for future research directions are put forward.

    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2024, 10 (E1): 236-.  
    Abstract618)      PDF (796KB)(401)       Save
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2024, 10 (E1): 246-.  
    Abstract535)      PDF (1562KB)(303)       Save
    Reference | Related Articles | Metrics
    Research on the Development Trend of Cybersecurity Technology
    Journal of Information Security Reserach    2025, 11 (1): 2-.  
    Abstract231)      PDF (563KB)(148)       Save
    Related Articles | Metrics
    Multiparty Data Security Sharing Scheme Based on Decentralized Verification
    Journal of Information Security Reserach    2025, 11 (6): 578-.  
    Abstract144)      PDF (4817KB)(55)       Save
    With the development of the Internet of Things, collaborative work between multiple devices is becoming increasingly common. However, in the process of data sharing, user privacy may face the risk of data theft and tampering. Existing FL methods rely on mobile edge computing (MEC) servers for model aggregation, and have problems with trust, security threats, and single points of failure. To solve these problems, a new multiparty data sharing scheme based on blockchain is proposed, in which a decentralized verification mechanism and a consensus mechanism inspired by proof of stake (PoS) are introduced. The decentralized verification mechanism ensures the legitimacy of each local model update by evaluating node behavior and voting, and only legitimate updates are used for global model building. In the process of model construction, homomorphic encryption and key sharing techniques are used to encrypt the local model parameters to ensure the security integrity of model parameters in the process of transmission and aggregation. The PoS consensus mechanism rewards honest behavior devices, increasing their chances of becoming block generators. In addition, the cache mechanism of information search is introduced to reduce the number of multiparty search. The data sharing scheme has been verified to enhance data security.
    Reference | Related Articles | Metrics
    SM9based Decentration Crosschain Medical Data Sharing Scheme
    Yu Huifang and Li Shunkai
    Journal of Information Security Reserach    2025, 11 (9): 832-.  
    Abstract63)      PDF (2204KB)(20)       Save
    To solve the problems of data leakage and data silos between medical institutions in medical system, a SM9based decentration crosschain medical data sharing scheme (DCCMDSS) is proposed in this article. Relay chain and hash time lock contract (HTLC) realize the crosschain data sharing between medical institutions, the interplanetary file system (IPFS) reduces the storage pressure of blockchain and ensures the integrity of medical data. SM9based algorithm encrypts medical data and group signature allows the group members to sign the data on behalf of the whole group without revealing their personal identities. Consequently, DCCMDSS effectively avoids the privacy leakage and ensures the traceability of signature. DCCMDSS reduces the crosschain transaction overhead and improves the security of medical data.
    Reference | Related Articles | Metrics
    Design of Intrusion Detection System for Oil and Gas Production IoT #br# Based on Edgecloud Collaboration#br#
    Journal of Information Security Reserach    2025, 11 (9): 868-.  
    Abstract49)      PDF (2738KB)(9)       Save
    Aiming at the multifaceted intrusion threats in the oil and gas production IoT, this paper proposes an intrusion detection system based on edgecloud collaboration. The system is designed to meet the high requirements for realtime performance and accuracy, while overcoming challenges such as limited edge computing resources and data heterogeneity between edge and cloud environments. The system adopts a cloudedge collaborative architecture, with different intrusion detection subsystems deployed at the edgecloud, working in coordination to ensure comprehensive protection. The edge uses a model based on independent classification and joint analysis to accurately detect anomalies in multiple physical data, achieving detection speeds within 100 milliseconds. The cloud uses a model based on feature extraction + XGBoost, and adopts pretraining and finetuning to obtain a detection model with both anomaly traffic detection capability and low false alarm rate. The simulation results show that the system achieves high accuracy and realtime performance, adapts to the differences in available computing resources of the edge and cloud devices, and satisfies the performance requirements of intrusion detection across different levels.
    Reference | Related Articles | Metrics
    TCNGANbased Temporal Traffic Anomaly Detection
    Journal of Information Security Reserach    2025, 11 (10): 907-.  
    Abstract69)      PDF (2708KB)(22)       Save
    In recent years, generative adversarial networks have been widely used in the field of temporal anomaly detection. However, temporal data often has complex timedependence, and problems such as gradient vanishing and training instability are common in existing anomaly detection models. To this end, this paper proposes an unsupervised temporal traffic anomaly detection model based on the combination of temporal convolutional network (TCN) and GAN. The model uses TCN as the infrastructure of generator and discriminator, which can effectively capture the temporal features of the temporal traffic data. During the anomaly detection process, the model constructs an anomaly scoring function based on the reconstruction loss and discriminator loss, and performs anomaly judgment by setting a threshold, thus improving the accuracy of anomaly detection. To verify the performance of the proposed model, experiments are conducted on five different types of datasets. The results show that the average F1 score of the proposed model is 11.02% higher than that of the TAnoGAN model.
    Reference | Related Articles | Metrics
    Research on Talent Cultivation for Critical Information Infrastructure  Security Protection
    Journal of Information Security Reserach    2025, 11 (12): 1081-.  
    Abstract9)      PDF (922KB)(7)       Save
    As the digital wave sweeps across the globe, the security of critical information infrastructure has become central to national cybersecurity strategies. Cultivating a highcaliber talent pool capable of protecting these core facilities from cyber attacks has therefore become particularly crucial. By examining international practical experience in training professionals for the security protection of critical information infrastructure systems, and considering the current status and challenges of talent development in this field in China, this paper proposes recommendations to strengthen the foundation, address existing challenges, and optimize talent development. These suggestions aim to support and guide the development and training of professionals responsible for securing China’s critical information infrastructure.
    Reference | Related Articles | Metrics
    AI and Data Privacy Protection: The Way to Federated Learning
    Journal of Information Security Research    2019, 5 (11): 961-965.  
    Abstract1363)      PDF (1395KB)(1318)       Save
    With the tremendous advance in computing, algorithms and data volume, artificial intelligence ushered in the third development climax, and began to gain a foot hold in exploring various industries. However, as the emergence of “big data”, more “small data” or “poorquality data”, and “data silos” exist in industry applications. For example, in the information security realm, it is difficult for enterprises who provide security services such as content security auditing and intrusion detection based on artificial intelligence technology to exchange raw data due to the consideration of user privacy and trade secrets protection. The services between enterprises are independent, and the overall development of cooperation and technology is difficult to make a breakthrough in a short period of time. How to promote greater cooperation on the premise of protecting the privacy of organizations? Will there be any chance for technical means to solve the data privacy protection problems? Federated Learning is an effective way to solve this problem and achieve acrossenterprise collaborative governance.
    Reference | Related Articles | Metrics
Author Center
Review Center
京ICP备19004174号
Copyright © Journal of Information Security Reserach, All Rights Reserved.
Tel: 010-68558637 E-mail: ris@cei.cn
Powered by Beijing Magtech Co., Ltd.