Most Download articles

Published in last 1 year | In last 2 years| In last 3 years| All| Most Downloaded in Recent Month| Most Downloaded in Recent Year|

Most Downloaded in Recent Month

Please wait a minute...


For Selected: Download Citations EndNote Ris BibTeX Toggle Thumbnails

Select

Artifcial Intelligence Promotes the Paradigm Shift of Information Security —A Case Study of Driverless Car by Baidu Journal of Information Security Research    2016, 2 (11): 958-968.   Abstract （241）      PDF （2086KB）（1408）       Knowledge map    Save Related Articles | Metrics

Select

“Internet Plus” Mobile Power: Analysis the Network Security of ZTE Journal of Information Security Research    2016, 2 (4): 288-298.   Abstract （871）      PDF （1637KB）（1323）       Knowledge map    Save Related Articles | Metrics

Select

“Internet +”Power: Overview of AsiaInfo Secruity’s Cyber Security Journal of Information Security Research    2016, 2 (8): 670-684.   Abstract （348）      PDF （1873KB）（1601）       Knowledge map    Save Related Articles | Metrics

Select

Trend on Cybersecurity Policy Risks of the Trump Administration and China Countermeasures Journal of Information Security Research    2018, 4 (10): 870-880.   Abstract （128）      PDF （1337KB）（961）       Knowledge map    Save Reference | Related Articles | Metrics

Select

Security-Development Road of National E-Gov Network in the “Internet +” Era Zhou Min Journal of Information Security Research    2015, 1 (2): 98-104.   Abstract （355）      PDF （2278KB）（2067）       Knowledge map    Save Related Articles | Metrics

Select

Journal of Information Security Reserach    2023, 9 (E2): 4-.   Abstract （89）      PDF （2945KB）（872）       Knowledge map    Save Related Articles | Metrics

Select

The Construction and Application of the Cloud Authentication Service Mode on Chinese Center for Disease Control and Prevention Information System Journal of Information Security Research    2017, 3 (6): 554-559.   Abstract （208）      PDF （2121KB）（548）       Knowledge map    Save This paper provides twofactor login authentication method based on digital certificate for Chinese center for disease control and prevention information system registered users, based on digital certificate, establishes a highsecurity and highly reliable identity authentication management mechanism through the establishment of cloud electronic authentication service platform. Thus it can prevent the hidden dangers of account information leakage. At the same time, it also describes how to build multi CA mutual trust mechanism. In order to solve the problem of mutual recognition of digital certificates in different CA institutions to achieve cross regional data transmission and sharing issues, support the analysis of different CA certificates, certificate file storage, certificate query verification of the unity. Reference | Related Articles | Metrics

Select

Meiya Pico,Innovation to Enhance the Core Technology of Cybersecurity Journal of Information Security Research    2017, 3 (9): 770-780.   Abstract （350）      PDF （1952KB）（1053）       Knowledge map    Save Related Articles | Metrics

Select

Research on Security Protection of Typical Government Affairs Application Platform Journal of Information Security Research    2018, 4 (7): 662-667.   Abstract （124）      PDF （1634KB）（427）       Knowledge map    Save China, as the largest developing country in the world, is also the country with the largest number of Internet users in the world. Facing the increasingly complicated network security situation in the international community, it is urgent to maintain our cyberspace security. Among them, how to properly prevent malicious network attacks faced by a large number of government websites and effectively and ensure the safe operation of various government application platforms is even more important. We have legally authorized Infiltration of a provinciallevel GovernmentNetwork data exchange platform in both directions of entry and exit. Through the prevention issues found in the infiltration process, combined with our many years of network security work experience, we have proposed a closedloop security management and protection network technology in place. In order to be different from the general model of general cyber security type technical articles, we try to restore the actual penetration scenarios in the text, and from the point of view of the attacker, express important protection ideas in the most concise language and conclude 6 types of typical network protection work. I hope to be able to help network security attack and defense technology enthusiasts and government website administrators. Reference | Related Articles | Metrics

Select

Research and Design of E-Government Authentication Service System Interconnection Platform Journal of Information Security Research    2017, 3 (6): 548-553.   Abstract （144）      PDF （2089KB）（514）       Knowledge map    Save At present, Chinas egovernment network has the problems of poor connectivity and low sharing, in order to strengthen the interconnection and intercommunication in the egovernment field, this paper puts forward the idea of construction and improvement of accelerated electronic certification mutual recognition platform. It can be regarded as one of the effective paths to improve the credible network space in China. On the basis of explaining the present situation of our countrys electronic certification service industry, and combining the basic situation of our country, the construction form and method of electronic certification mutual recognition platform are studied and analyzed, to improve the quality of electronic authentication services system interconnection platform.egovernment; electronic authentication; interconnection; mutual recognition platform; CA Reference | Related Articles | Metrics

Select

TOPSEC, Leading Brand of Independent Innovation, Supporting Cyberspace Power Strategy Journal of Information Security Research    2018, 4 (9): 774-782.   Abstract （93）      PDF （1579KB）（819）       Knowledge map    Save Related Articles | Metrics

Select

Leveraging “Internet Plus” and Big Data for the Improvement of Services Supervision Cui Chuanzhen Journal of Information Security Research    2016, 2 (2): 98-106.   Abstract （218）      PDF （1159KB）（1038）       Knowledge map    Save Related Articles | Metrics

Select

SURFILTER, Insisting on the Road of Independent Innovation of Information Security -- Review of the Information and Network Security Strategy of SURFILTER Journal of Information Security Research    2016, 2 (12): 1054-1067.   Abstract （144）      PDF （5217KB）（1114）       Knowledge map    Save Related Articles | Metrics

Select

PeopleNet, Independently Developing Core Technology of Cyber Information Security Journal of Information Security Research    2017, 3 (7): 578-588.   Abstract （231）      PDF （1448KB）（837）       Knowledge map    Save Related Articles | Metrics

Select

Blockchain and Quantum Computing Journal of Information Security Research    2018, 4 (6): 496-504.   Abstract （184）      PDF （1390KB）（662）       Knowledge map    Save In recent years, the emerging of digital encryption currency such as bitcoin, blockchain as its key technology has caused the government, technology companies, financial institutions and capital market great attention and wide public concern. Blockchain is a new kind of distributed, decentralized or centralized mechanism, has high distributed redundant storage, go to the center of the credit, automatic intelligent contract execution, timeseries data, not tampered with, the advantages of security and privacy. However, with the development of quantum computer, some advantages of blockchain will be challenged. By analyzing the core technology of the blockchain and combining the advantages of quantum computing, we could analyze the problems that the blockchain system will face in the future. We could work to provide effective guidance and reference to relevant researches of blockchain in the future. Reference | Related Articles | Metrics

Select

“Internet +”Power: The Information Security and Strategic Layout of Huawei on the Basis of “Internet +” Background Journal of Information Security Research    2016, 2 (6): 478-489.   Abstract （400）      PDF （930KB）（996）       Knowledge map    Save Related Articles | Metrics

Select

A Blackbox Antiforensics Method of GANgenerated Faces Based on #br# Invertible Neural Network#br# Journal of Information Security Reserach    2025, 11 (5): 394-.   Abstract （78）      PDF （1920KB）（59）       Knowledge map    Save Generative adversarial network GANgenerated faces forensics models are used to distinguish real faces and GANgenerated faces. But due to the fact that forensics models are susceptible to adversarial attacks, the antiforensics techniques for GANgenerated faces have emerged. However, existing antiforensic methods rely on whitebox surrogate models, which have limited transferability. Therefore, a blackbox method based on invertible neural network (INN) is proposed for GANgenerated faces antiforensics in this paper. This method embeds the features of real faces into GANgenerated faces through the INN, which enables the generated antiforensics faces to disturb forensics models. Meanwhile, the proposed method introduces a feature loss during training to maximize the cosine similarity between the features of the antiforensics faces and the real faces, further improving the attack performance of antiforensics faces. Experimental results demonstrate that, under the scenarios where no whitebox models are involved, the proposed method has good attack performance against eight GANgenerated faces forensics models with better performance than seven comparative methods, and can generate highquality antiforensics faces. Reference | Related Articles | Metrics

Select

Three-Dimensional Way of Acorn Network in Industrial Control Cybersecurity Journal of Information Security Research    2017, 3 (8): 0-0.   Abstract （379）      PDF （3703KB）（779）       Knowledge map    Save Related Articles | Metrics

Select

Research on Security Protection of High RealTime Metro Integrated Supervisory and Control System Journal of Information Security Research    2019, 5 (8): 691-695.   Abstract （82）      PDF （1098KB）（702）       Knowledge map    Save Integrated Supervisory and Control System (ISCS) is one of the necessary automatic systems for efficient and safe operation of urban rail transit automation. The integrated monitoring system is a largescale integrated system with high integration of informationization and automation. The system integrates multiple automation and information subsystems in urban rail transit stations, tunnels, depots, parking lots, control centers, etc, and performs unified monitoring, control and management of subsystems on the same software platform, realizing the information sharing of each specialty system and the linkage control function between the systems. In this paper, the ISCS security protection solution for rail transit under the requirement of high realtime performance is studied, the typical security protection design concept is given, and the equal guarantee evaluation method is put forward. Reference | Related Articles | Metrics

Select

Secboot’s AI Technology Pushes Identif cation Security to the Cusp of a New Era Journal of Information Security Research    2018, 4 (7): 582-587.   Abstract （127）      PDF （1248KB）（577）       Knowledge map    Save Related Articles | Metrics

Select

Construction and Practice of Emergency Plans for Cyber Security Events in E-Government Institutes Journal of Information Security Research    2019, 5 (5): 377-382.   Abstract （151）      PDF （2124KB）（533）       Knowledge map    Save With the frequent occurrence of various types of security risks in recent years, cyber security is becoming more and more serious. Once the critical information systems such as core business systems and goverment portals been attacked, will be having a wide range of impacts, endangering nation security, national economy and people's life and public interests.. In order to reduce the losses caused by cyber security incidents, it is very necessary for E-Government institutes to establish standardized and efficient emergency plan. Due to the limitations of consciousness, technology and resources, E-Government institutes have common problems in the construction and practice of common emergency plans. In view of this, it's necessary to put forward some suggestions for the optimization of emergency plans, which can help the information security staff of E-Government institutes to standardize the response process of cyber security incidents. Reference | Related Articles | Metrics

Select

The Study of Security Audit Framework and Key Technologies in Big Data Era Journal of Information Security Research    2019, 5 (5): 400-405.   Abstract （226）      PDF （1234KB）（556）       Knowledge map    Save The aggregation and sharing of data resources contributes to the concentration of security risks, and security audit technology in big data environment is facing many challenges. Firstly, the reference framework for big data security auditing is proposed based on big data reference framework and cloud security audit framework,which conducts security auditing from user dimension and data life-cycle dimension. Secondly,the security audit technology monitors the behaviors of data provider, system orchestrator, big data application provider, big data framework provider and data consumer. And which tracks the entire data life-cycle process which consists of data collection, transmission, storge, curation, exchange and destruction. Finally, this paper discusses the data provenance and privacy protection problems during security auditing, in order to serve as useful references for the development of big data security audit technology. Reference | Related Articles | Metrics

Select

An Overview of Application and Technology of Artificial Intelligence in Cybersecurity Journal of Information Security Reserach    2022, 8 (2): 110-.   Abstract （1820）      PDF （1142KB）（1351）       Knowledge map    Save Compared with the developed countries, the basic research and technology application in the field of artificial intelligence in China started later, especially the application of artificial intelligence in the important field of network security. Domestic and abroad disparity is still very obvious, which seriously affects the improvement of China's cybersecurity capability. This paper elaborates the relationship between artificial intelligence, network attack and network defense, and widely investigates the application status of artificial intelligence in major information security companies at home and abroad. It points out that APT detection, 0day vulnerability mining and cloud security are three core areas that affect the level of cybersecurity capability, This paper deeply analyzes the key technologies of artificial intelligence technology applied in these three fields, and puts forward the safety risks of artificial intelligence technology, and points out that artificial intelligence technology is not a panacea for all diseases, This Paper provides a scientific reference for the further research and application of artificial intelligence technology in China's information security industry. Reference | Related Articles | Metrics

Select

Building Cyber Security Defense by Trusted Computing 3.0 Journal of Information Security Research    2017, 3 (4): 290-298.   Abstract （325）      PDF （1075KB）（1777）       Knowledge map    Save Related Articles | Metrics

Select

Research of the Index of National Cybersecurity Lv Xin Journal of Information Security Research    2016, 2 (9): 766-773.   Abstract （251）      PDF （1086KB）（840）       Knowledge map    Save Related Articles | Metrics

Select

Cloud Computing Security Requirements and Measurement Practices in the Classified Protection 2.0 Era Journal of Information Security Research    2018, 4 (11): 987-992.   Abstract （143）      PDF （1216KB）（488）       Knowledge map    Save Since the Ministry of Public Security of the People's Republic of China issued the “Information security technology— Baseline for classified protection of information system security” (GB/T 22239-2008) in 2008, the standard has been widely used in various industries and fields. However, with the development of new technologies and new applications, the timeliness, ease of use, and operability of the standard need to be further improved. Therefore, the National Safety Standards Committee revised the standards. New standards have proposed special security requirements for the technologies such as cloud computing, big data, the mobile interconnection, Internet of Things and industrial control system. This article analyzes the technical security requirements in the security special requirements for cloud computing, and analyzes the security protection objects, security responsibility entities, and security protection requirements in the cloud computing system from the perspective of classified protection. In this article, the author takes an e-government cloud platform as an example, to share the testing and evaluation experience of cloud computing security, point out the problems in the testing and evaluation of the cloud computing systems, and make suggestions for the next stage of work. Reference | Related Articles | Metrics

Select

Analysis of Legal Nature of Obtaining Data from Others by Using Web Crawler Technology Journal of Information Security Research    2019, 5 (6): 548-552.   Abstract （162）      PDF （809KB）（615）       Knowledge map    Save In the Internet era, whoever has mastered the data will have mastered the core competitiveness. “No competition, no market.” Legal and orderly competition can promote the healthy and rapid development of market economy, and vice versa become a stumbling block for the development of market economy. Reptilian technology is originally designed to help people capture specific data and improve data analysis ability, but if used improperly, such as stealing other people's data, it may be suspected of civil infringement, administrative violations, or even criminal offence. Reference | Related Articles | Metrics

Select

Security Situation and Threats Analysis of Industrial Internet in China and Abroad Journal of Information Security Research    2019, 5 (8): 728-733.   Abstract （423）      PDF （1162KB）（718）       Knowledge map    Save With the advancement of the new round of industrial revolution, IT and OT integration, the industrial Internet has become the trend of the ages, and it is also the core supporting intelligent manufacturing. The industrial Internet connects the industrial control system network and information system through the connection between the industrial system network and the Internet. Network convergence also breaks the relatively closed and credible production environment of traditional industries, bringing network security and industrial security risks into interweaving. Failure to respond effectively to these risks will pose serious risks to the smooth development of various industries, stable economic operations and the overall security situation of the country. Through the introduction of the domestic and international industrial Internet security status and the main threats faced by the industrial Internet, the industrial Internet security risks are analyzed. At the same time, the laws, regulations and standards related to industrial Internet security formulated by China are studied. Finally, the applications of the main industrial security technology are introduced from the four aspects of border control, access management, security monitoring audit and situation awareness. Reference | Related Articles | Metrics

Select

The Reasearch of Internet Identity System Based on eID and Personal Information Protection Legal System Journal of Information Security Research    2019, 5 (5): 440-447.   Abstract （178）      PDF （1072KB）（663）       Knowledge map    Save The identity of users in cyberspace is virtual and difficult to determine, which makes it difficult to effectively manage the disordered state of cyberspace virtual society. The Internet real-name system is an Internet management method based on the real name of the user. It is an important means and system for restraining, guiding and protecting Internet users. However, with the arrival of big data era, more and more information exist in the cyberspace, and personal information leakage incidents are common. The Internet identity management system based on the Internet electronic identity (eID) can ensure that the Internet service agencies can effectively identify users' real identity without disclosing their personal information, which provides a good solution to the conflict between the Internet real-name system and personal information protection. At present, China's Internet electronic identity management is still in the preliminary development and pilot application stage, and relevant legal system is still not perfect, which must be explored. Reference | Related Articles | Metrics

Select

Analysis of Information Security Risk Assessment Service Qualification Certification Found Journal of Information Security Research    2018, 4 (10): 946-953.   Abstract （84）      PDF （1903KB）（368）       Knowledge map    Save For organizations that provide information security risk assessment services to the outside world, certification of information security risk assessment service qualification is an important way to embody their technical and management capabilities. During the process of qualification certification for risk assessment services, our center found that most units often lack the basis, objectivity and persuasiveness in the implementation of risk assessment. When the risk assessment results are exported, they tend to focus on various charts and calculation models. This paper will explain the problems found, and based on the practice of risk assessment, give the idea of problem solving and handling, promote the practice and standards of information security risk assessment technology to improve constantly, and improve the level of information security risk assessment service capacity building. Reference | Related Articles | Metrics

Select

Research on Data Monopoly and Its Governance Modes Journal of Information Security Research    2019, 5 (9): 789-797.   Abstract （395）      PDF （2045KB）（649）       Knowledge map    Save The acceleration of digitization process in various fields has led to an explosive growth in data volume. Meanwhile, the huge derivative value of massive data makes it a strategic basic resource in digital economy era. The resulting “data war” has made data monopoly inevitable. Data oligarchies control massive amounts of data. This paper takes the mobile internet as an example to study the status of data monopoly and experimental results indicate the top 10% of data collectors have held 99% of the data. The aggregation characteristics of data itself, the business model of large companies covering various digital fields and their huge number of users are all potential causes of data monopoly. Data monopoly may lead to many problems, such as free competition market barriers, consumer welfare damage, information security and personal privacy risk. In order to solve these problems, there are mainly three types of governance schemes: partial mode, intermediary mode and global mode. The three schemes respectively act on different stages of the data life cycle, and govern data centralization phenomenon by weakening data control of collectors to different extents. Reference | Related Articles | Metrics

Select

Journal of Information Security Reserach    2024, 10 (E2): 105-.   Abstract （473）      PDF （929KB）（310）       Knowledge map    Save Reference | Related Articles | Metrics

Select

To Create a Positive Cyberspace by Safeguarding Network Security with Active Immune Trusted Computing 3.0 Journal of Information Security Research    2018, 4 (4): 282-302.   Abstract （196）      PDF （2291KB）（963）       Knowledge map    Save Related Articles | Metrics

Select

Cultivation of Cyber Security Talents Should Be Developed in Practical Training Journal of Information Security Research    2018, 4 (12): 1062-1065.   Abstract （76）      PDF （1423KB）（537）       Knowledge map    Save Related Articles | Metrics

Select

Application of Network Security Situational Awareness Platform Based on Big Data in the Field of Private Network Journal of Information Security Research    2019, 5 (2): 168-175.   Abstract （174）      PDF （1678KB）（522）       Knowledge map    Save In order to improve the information security defense capability of the private network, the institutions with private network pay more and more attention to the information network security situational perception technology to realize the prediction and prevention of security events. Based on the brief introduction of situational awareness and related technologies, this paper puts forward a set of applicable network security situational awareness functional architecture targeting industryspecific network needs. This paper details the functional elements contained in each system from the functional level, which would provide reference for relevant institutions to build a network security situational awareness platforms. Reference | Related Articles | Metrics

Select

“Internet +”Power: Overview of Westone Secruity’s Cyber Secruity Journal of Information Security Research    2016, 2 (10): 862-875.   Abstract （222）      PDF （2788KB）（1085）       Knowledge map    Save Related Articles | Metrics

Select

Journal of Information Security Research    2016, 2 (11): 969-971.   Abstract （406）      PDF （726KB）（1362）       Knowledge map    Save Related Articles | Metrics

Select

Research on WordPress 5.0.0 Remote Code Execution Vulnerability Journal of Information Security Research    2019, 5 (4): 352-360.   Abstract （255）      PDF （5078KB）（500）       Knowledge map    Save With the high-speed development of the Internet, the security problems of Web applications have become increasingly prominent. In the context of the widespread used open source software, it has become more and more concerned by security practitioners. There is no doubt that open source software occupies an irreplaceable position in current network applications, its security issues are always related to a large number of our daily use applications. These security issues can cause immeasurable damage, both to individuals and businesses. Especially when these security issues or vulnerabilities are exploited by some attackers, the consequences are unimaginable. From the perspective of Internet companies, it is particularly necessary and vital to solve security problems. Research on open vulnerabilities can help security practitioners understand the causes of vulnerabilities and the main techniques of exploits better, help companies and their users reduce the risk of potential losses. As you can see, WordPress, an important part of open source software contributes to lots of Web applications, the representative of blog and content manage system, is all the time focused on by the attackers around the world. Some experienced attackers may use different exploit ways to bypass the existed protection policy which is based on the well-known tricks that published. At the same time, these attackers are now more circumspect about using these exploit ways to avoid these new ways being exposed. For the most enterprises, they consequently have no ability to keep knowing it in real time and they will be caught off guard when the attackers come. In a sense, to discuss about the different exploit ways is indispensable. Therefore, this paper combines the published analysis paper about WordPress 5.0.0 remote code execution vulnerability, proposes a different exploit way on last step which directly causes arbitrary code execution that can be maliciously exploited by some attackers. Purpose of the research is to provide detailed info for the security practitioners', help them understand the causes of the vulnerability, complete the vulnerability recurrence with a different approach, as well as to enhance their vulnerability detection capabilities and promote the enterprise to effectively discover and fix the vulnerabilities. Reference | Related Articles | Metrics

Select

The Security Research of Blockchain Smart Contract Journal of Information Security Research    2019, 5 (3): 192-206.   Abstract （214）      PDF （4011KB）（702）       Knowledge map    Save The blockchain is a distributed ledger maintained through decentralization and detrusting. Its development can be divided into three phases, blockchains 1.0, 2.0 and 3.0. Blockchain 1.0 is represented by Bitcoin and provides a nonturing complete scripting language. Blockchain 2.0 is represented by Ethereum and introduces the concept of smart contract on the basis of Bitcoin. It provides Turing complete programming language Solidity, it extends the application of blockchain from a purely monetary domain to other areas; blockchain 3.0 will be a programmable world, and all walks of life will operate in an autonomous manner. Smart contract, as the most significant feature of blockchain 2.0, plays an important role in building decentralized applications. However, in recent years, smart contract security incidents have occurred frequently, causing huge losses to project parties and investors. The security issue of smart contract have gradually attracted much attention. The article first introduces the basic concept of the blockchain, then expounds the knowledge of Ethereum, and then gives a comprehensive introduction to the smart contract, including the operating environment, composition, deployment process and working principle. The paper mainly classifies and summarizes existing known smart contract vulnerabilities, and provides solutions for each type of vulnerabilities. Reference | Related Articles | Metrics

Select

Research on Content Detection Generated by Large Language Model  and the Mechanism of Bypassing Journal of Information Security Reserach    2023, 9 (6): 524-.   Abstract （573）      PDF （1924KB）（388）       Knowledge map    Save In recent years, there has been a surge in the development of large language models. AI robots like ChatGPT, although they have a largescale security confrontation mechanism inside, attackers can still elaborate questionandanswer patterns to bypass the mechanism, with their help to automatically produce phishing emails and carry out network attacks. In this case, how to identify the text generated by AI robots has also become a hot issue. In order to carry out LLMgenerated content detection experiment, our team collected a certain number of questionandanswer data samples from an Internet social platform and ChatGPT platform, and proposed a series of detection strategies according to different conditions of AI text availability. It includes text similarity analysis based on online controllable AI samples, text data mining based on statistical differences under offline conditions, adversarial analysis based on the LLM generation method under the condition that AI samples are not available, and AI model analysis based on building a classifier by finetuning the target LLM model itself. We calculated and compared the detection capabilities of the analysis engine in each case. On the other hand, we give some antikill techniques against AI text detection engines based on the characteristics of detection strategies, from the perspective of network attack and defense. Reference | Related Articles | Metrics