Most Download articles

    Published in last 1 year | In last 2 years| In last 3 years| All| Most Downloaded in Recent Month | Most Downloaded in Recent Year|

    Most Downloaded in Recent Year
    Please wait a minute...
    For Selected: Toggle Thumbnails
    ChatGPT’s Applications, Status and Trends in the Field of Cyber Security
    Journal of Information Security Reserach    2023, 9 (6): 500-.  
    Abstract514)      PDF (2555KB)(461)       Save
    ChatGPT, as a large language model technology, demonstrates extremely strong language understanding and text generation capabilities. It has not only attracted tremendous attention across various industries but also brought new transformations to the field of cybersecurity. Currently, research on ChatGPT in the cybersecurity field is still in its infancy. To help researchers systematically understand the research status of ChatGPT in cybersecurity, this paper provides the first comprehensive summary of ChatGPT’s applications in the field of cybersecurity and potential accompanying security issues. The article first outlines the development of large language model technologies and briefly introduces the technology and features of ChatGPT. Then, it discusses the enabling effects of ChatGPT in the cybersecurity field from two perspectives: assisting attacks and assisting defense. This includes vulnerability discovery, exploitation and remediation, malicious software detection and identification, phishing email generation and detection, and potential use cases in security operations scenarios. Furthermore, the article delves into the accompanying risks of ChatGPT in the cybersecurity field, including content risks and prompt injection attacks, providing a detailed analysis and discussion of these risks. Finally, the paper looks into the future of ChatGPT in the cybersecurity field from the perspectives of security enablement and accompanying security, pointing out the direction for future research on ChatGPT in the cybersecurity domain.
    Reference | Related Articles | Metrics
    An Overview of Application and Technology of Artificial Intelligence in Cybersecurity
    Journal of Information Security Reserach    2022, 8 (2): 110-.  
    Abstract982)      PDF (1142KB)(742)       Save
    Compared with the developed countries, the basic research and technology application in the field of artificial intelligence in China started later, especially the application of artificial intelligence in the important field of network security. Domestic and abroad disparity is still very obvious, which seriously affects the improvement of China's cybersecurity capability. This paper elaborates the relationship between artificial intelligence, network attack and network defense, and widely investigates the application status of artificial intelligence in major information security companies at home and abroad. It points out that APT detection, 0day vulnerability mining and cloud security are three core areas that affect the level of cybersecurity capability, This paper deeply analyzes the key technologies of artificial intelligence technology applied in these three fields, and puts forward the safety risks of artificial intelligence technology, and points out that artificial intelligence technology is not a panacea for all diseases, This Paper provides a scientific reference for the further research and application of artificial intelligence technology in China's information security industry.
    Reference | Related Articles | Metrics
    Research and Thinking on the Technical Framework of Data Security  in the Field of Transportation
    Journal of Information Security Reserach    2022, 8 (11): 1092-.  
    Abstract190)      PDF (1237KB)(397)       Save
    In recent years, in the continuous advancement of the construction of “digital government”, the “data gap” and “data island” between government departments have been gradually broken. As the core resource of digital government, data is an important driving force for national development,and also the most valuable core asset. With the largescale aggregation, integration and sharing of various data resources, a series of data securityrelated problems have emerged. For example, due to the high concentration of data, data is more likely to become the target of attacks, and a large number of illegal operations by internal personnel lead to data tampering and greatly increase. In order to solve the problem of data security in the field of transportation, this paper makes an indepth analysis of the main challenges of data security in the field of transportation technology and transportation, and proposes to create an “overall technical architecture of data security management and control”, and focuses on thinking and discussing the full life cycle security of data and data security operation    in the field of transportation. Data security management is not within the scope of this paper.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2023, 9 (6): 498-.  
    Abstract253)      PDF (472KB)(294)       Save
    Related Articles | Metrics
    Overview of Data Security Governance at Home and Abroad
    Journal of Information Security Reserach    2021, 7 (10): 922-.  
    Abstract1268)      PDF (3579KB)(791)       Save
    With the rapid development of digital economy, privacy infringement, data leakage, platform monopoly, misinformation and other issues emerge one after another, increasingly becoming an important issue that threatens individual rights, industrial development and national security. This article, on the national policy and law level, sorts out four categories of data governance, that is, personal data protection, cross-border data flow regulation, data market governance, and data content management. Countries and regions like United States, European Union and China are the centers of global digital economy. This article summarizes their practices and experience in above-mentioned four categories, and on this basis, puts forward some suggestions on strengthening China's data security governance system and capacity building, that is, further improving the legal system to compete for the leadership of the digital economy, deeply participating in global data governance to enhance the international voice of rule-making, and strengthening support and oversight of new technologies and applications to seize new heights in digital economy governance.
    Reference | Related Articles | Metrics
    A Survey of Zero Trust Research
    Journal of Information Security Research    2020, 6 (7): 608-614.  
    Abstract872)      PDF (2068KB)(1255)       Save
    With the popularization of cloud computing, mobile office and other technologies, the enterprise network structure becomes complex. The traditional network security model is based on the idea of boundary protection, which can not meet the current needs. Zero trust is a new network security model, where no distinction is made between internal and external networks and all entities need authentication and authorization before accessing resources, which can be used to protect the network whose perimeter is increasingly fuzzy. This paper gives the definition of zero trust, introduces the architecture of zero trust, analyzes the core technology of zero trust, compares and analyses several representative zero trust schemes, summarizes the development status, points out the research direction needing attention in this field, which can provide reference for the research and application of zero trust.
    Reference | Related Articles | Metrics
    Security-Development Road of National E-Gov Network in the “Internet +” Era
    Zhou Min
    Journal of Information Security Research    2015, 1 (2): 98-104.  
    Abstract303)      PDF (2278KB)(1086)       Save
    Related Articles | Metrics
    Research on the Application of Commercial Cryptography in 5G Network
    Journal of Information Security Reserach    2023, 9 (4): 331-.  
    Abstract528)      PDF (1197KB)(299)       Save
    As a new generation of mobile communication network infrastructure, 5G application scenarios run through all aspects of production and life, such as industrial Internet, energy industry, transportation, medical industry and education. However, unprecedented security risks have been brought to 5G networks, including massive terminal access, largescale network deployment, and massive data aggregation. 5G security has gradually become a worldwide research trend in recent years since it is crucial to social development, economic operation, and even national security. Cryptography is the core technology and basic support to assure network and information security. After more than ten years of development, national commercial cryptographic algorithms ZUC, SM4, SM3, SM2, whose independent intellectual property rights are available, have gradually exerted more indispensable effects in maintaining the security of national cyberspace. Starting from the 5G network architecture and interfaces, this paper analyzes the underlying security risks faced by the 5G networks and proposes a corresponding solution as an example in terms of the commercial cryptography application practices of the 5G network.
    Reference | Related Articles | Metrics
    Overview on SM9 Identity Based Cryptographic Algorithm
    Journal of Information Security Research    2016, 2 (11): 1008-1027.  
    Abstract2492)      PDF (13949KB)(5750)       Save
    SM9 identitybased cryptographic algorithm is an identitybased cryptosystem with bilinear pairings. In such a system the user s private key and public key may be extracted from user s identity and key generation centers parameters. The most common cryptographic uses of SM9 are with digital signature, data encryption, key exchange protocol and key encapsulation mechanism etc. The application and management of SM9 will not require digital certificate, certificate base, and key base. The key length of the SM9 cipher algorithm is 256b. SM9 cryptographic algorithm was issued as the cryptography standard in 2015. This paper will summarize the design, algorithm, software and hardware implementation and cryptanalysis of SM9 cryptographic algorithm. We also give some concrete examples in appendix.
    Reference | Related Articles | Metrics
    A Survey of SQL Injection Attack Detection and Defense Technology
    Journal of Information Security Reserach    2023, 9 (5): 412-.  
    Abstract216)      PDF (2612KB)(203)       Save
    In the era of “Internet+”, data is the most valuable resource of the Internet. Attackers often use SQL injection attacks to destroy the database in order to obtain important data information in the database. The threat to database security is becoming more and more serious. At present, the research on SQL injection attacks mostly focuses on traditional SQL injection attacks, but lacks the cognition of new advanced SQL injection technology with stronger concealment and higher risk, and the research on related detection and defense technology. In response to this phenomenon, this paper analyzes and evaluates traditional and advanced SQL injection attack technologies and their technical characteristics based on the classification of SQL injection technologies; summarizes existing detection and defense technologies, and evaluates the advantages and disadvantages of these methods for defense effectiveness; finally The problems existing in the current research field are sorted out, and suggestions for future research directions are put forward.

    Reference | Related Articles | Metrics
    Research on Content Detection Generated by Large Language Model  and the Mechanism of Bypassing
    Journal of Information Security Reserach    2023, 9 (6): 524-.  
    Abstract279)      PDF (1924KB)(198)       Save
    In recent years, there has been a surge in the development of large language models. AI robots like ChatGPT, although they have a largescale security confrontation mechanism inside, attackers can still elaborate questionandanswer patterns to bypass the mechanism, with their help to automatically produce phishing emails and carry out network attacks. In this case, how to identify the text generated by AI robots has also become a hot issue. In order to carry out LLMgenerated content detection experiment, our team collected a certain number of questionandanswer data samples from an Internet social platform and ChatGPT platform, and proposed a series of detection strategies according to different conditions of AI text availability. It includes text similarity analysis based on online controllable AI samples, text data mining based on statistical differences under offline conditions, adversarial analysis based on the LLM generation method under the condition that AI samples are not available, and AI model analysis based on building a classifier by finetuning the target LLM model itself. We calculated and compared the detection capabilities of the analysis engine in each case. On the other hand, we give some antikill techniques against AI text detection engines based on the characteristics of detection strategies, from the perspective of network attack and defense.
    Reference | Related Articles | Metrics
    Research on Data Classification and Grading Method Based on Data Security Law
    Journal of Information Security Reserach    2021, 7 (10): 933-.  
    Abstract887)      PDF (2157KB)(780)       Save
    The Data Security Law of the People's Republic of China (hereinafter referred to as the Data Security Law) has been formally promulgated, which clearly stipulates that the state establishes data classification and grading protection system, and implements classified and graded protection for data. However, at present, the relevant standards and specifications of data classification and grading in China are relatively lacking, and the practical experiences that can be used for reference in various industries are relatively insufficient. How to effectively implement the data classification and grading protection is still a thorny problem. Based on Article 21 of the Data Security Law, this paper analyzes the factors such as the influence object, influence breadth and influence depth after the data is damaged, puts forward the principles and methods of data classification and data grading, and gives an implementation path of data classification and grading according to the application scenarios and industry characteristics of the data, which provide a certain reference for data classification and grading protection of various industries.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2023, 9 (E2): 4-.  
    Abstract39)      PDF (2945KB)(190)       Save
    Related Articles | Metrics
    Research on Network Security Governance and Response of  Largescale AI Model
    Journal of Information Security Reserach    2023, 9 (6): 551-.  
    Abstract241)      PDF (1101KB)(187)       Save
    With the continuous development of artificial intelligence technology, largescale AI model technology has become an important research direction in the field of artificial intelligence. The publication of ChatGPT4.0 and ERNIE Bot has rapidly promoted the development and application of this technology. However, the emergence of largescale AI model technology has also brought new challenges to network security. This paper will start with the definition, characteristics and application of largescale AI model technology, and analyze the network security situation under largescale AI model technology. The network security governance framework of largescale AI model is proposed, and the given steps can provide reference for network security work of largescale AI model.
    Reference | Related Articles | Metrics
    AI and Data Privacy Protection: The Way to Federated Learning
    Journal of Information Security Research    2019, 5 (11): 961-965.  
    Abstract604)      PDF (1395KB)(904)       Save
    With the tremendous advance in computing, algorithms and data volume, artificial intelligence ushered in the third development climax, and began to gain a foot hold in exploring various industries. However, as the emergence of “big data”, more “small data” or “poorquality data”, and “data silos” exist in industry applications. For example, in the information security realm, it is difficult for enterprises who provide security services such as content security auditing and intrusion detection based on artificial intelligence technology to exchange raw data due to the consideration of user privacy and trade secrets protection. The services between enterprises are independent, and the overall development of cooperation and technology is difficult to make a breakthrough in a short period of time. How to promote greater cooperation on the premise of protecting the privacy of organizations? Will there be any chance for technical means to solve the data privacy protection problems? Federated Learning is an effective way to solve this problem and achieve acrossenterprise collaborative governance.
    Reference | Related Articles | Metrics
    ChatGPT’s Security Threaten Research
    Journal of Information Security Reserach    2023, 9 (6): 533-.  
    Abstract197)      PDF (1801KB)(169)       Save
    With the rapid development of deep learning technology and natural language processing technology, the large language model represented by ChatGPT came into being. However, while showing surprising capabilities in many fields, ChatgPT also exposed many security threats, which aroused the concerns of academia and industry. This paper first introduces the development history, working mode, and training methods of ChatGPT and its series models, then summarizes and analyzes various current security problems that ChatGPT may encounter and divides it into two levels: user and model. Then, countermeasures and solutions are proposed according to the characteristics of ChatGPT at each stage. Finally, this paper looks forward to developing a safe and trusted ChatGPT and a large language model.
    Reference | Related Articles | Metrics
    Research and Thinking on Data Classification and Grading of Important Information Systems#br#
    Journal of Information Security Reserach    2023, 9 (7): 631-.  
    Abstract147)      PDF (1882KB)(168)       Save
    With the development of information technology and networking, incidents surrounding data security are also increasing. The data as a new production factor, is particularly important to ensure the security of important data. The “Data Security Law of the People’s Republic of China” clearly stipulates that the country should establish a data classification and grading protection system to implement classification and grading protection for data. This paper will study China’s data safety management regulations and policies, analyze the the degree of impact and influening objects of data damage, propose specific data classification and grading methods, and provide security protection and governance measures under data classification and grading management based on the industry characteristics and application scenarios of government data. It will achieve the openness and sharing of the data under safety protection, and provide reference for the classification and classification protection of the data in the future.
    Reference | Related Articles | Metrics
    Computing Force Network Security Architecture and Data Security Governance Technology
    Journal of Information Security Reserach    2022, 8 (4): 340-.  
    Abstract596)      PDF (2657KB)(434)       Save
    As a new information infrastructure which provides deep integration of computing force and network services, computing force network (CFN) provides important support for national cyber power, digital China and smart society. At present, the planning and construction of CFN has entered a critical period, and the work related to CFN security is gradually advancing, but the systematic security architecture has not been formed. This paper summarizes the relevant research progress of CFN, analyzes the security opportunities and challenges faced by CFN, and proposes a security reference architecture based on sorting out the key security technologies, so as to provide a reference for promoting the construction of CFN security system and deploying CFN security mechanism.Key words computing force network; new information infrastructure; security reference architecture; orchestration security; privacy computation; data security; artificial intelligence
    Related Articles | Metrics
    Journal of Information Security Reserach    2023, 9 (E1): 105-.  
    Abstract332)      PDF (1450KB)(160)       Save
    Reference | Related Articles | Metrics
    Key Technologies and Research Prospects of Privacy Computing
    Journal of Information Security Reserach    2023, 9 (8): 714-.  
    Abstract261)      PDF (1814KB)(158)       Save
    Privacy computing, as an important technical means taking into account both data circulation and privacy protection, can effectively break the “data island” barriers while ensuring data security, it enables open data sharing, and promotes the deep mining and use of data and crossdomain integration. In this paper, the background knowledge, basic concepts and architecture of privacy computing were introduced, the basic concepts of three key technologies of privacy computing, including secure multiparty computation, federated learning and trusted execution environment were elaborated, and studies on the existing privacy security was conducted, a multidimensional comparison and summarization of the differences of the three key technologies were made. On this basis, the future research direction of privacy computing is prospected from the technical integration of privacy computing with blockchain, deep learning and knowledge graph.
    Reference | Related Articles | Metrics
    Towards a Privacy-preserving Research for AI and Blockchain Integration
    Journal of Information Security Reserach    2023, 9 (6): 557-.  
    Abstract218)      PDF (1307KB)(156)       Save
    With the widespread attention and application of artificial intelligence (AI) and blockchain technologies, privacy protection techniques arising from their integration are of notable significance. In addition to protecting the privacy of individuals, these techniques also guarantee the security and dependability of data. This paper initially presents an overview of AI and blockchain, summarizing their combination along with derived privacy protection technologies. It then explores specific application scenarios in data encryption, deidentification, multitier distributed ledgers, and kanonymity methods. Moreover, the paper evaluates five critical aspects of AIblockchainintegration privacy protection systems, including authorization management, access control, data protection, network security, and scalability. Furthermore, it analyzes the deficiencies and their actual cause, offering corresponding suggestions. This research also classifies and summarizes privacy protection techniques based on AIblockchain application scenarios and technical schemes. In conclusion, this paper outlines the future directions of privacy protection technologies emerging from AI and blockchain integration, including enhancing efficiency and security to achieve more comprehensive privacy protection of AI privacy.
    Reference | Related Articles | Metrics
    Review of Multi-Party Secure Computing Research
    Journal of Information Security Reserach    2021, 7 (12): 1161-.  
    Abstract675)      PDF (1190KB)(495)       Save
    With the rapid development of the Internet, data resources have become an important competitiveness of all industries. However, as the owners and users of data cannot beunified, problems such as data security and personal privacy become increasingly serious,resultingin the phenomenon of "data islands". Secure Multi-Party Computation (MPC)promises tosolve these problems by ensuring both privacy of data input and correctness of dataComputation, and by ensuring that data input from participating parties is not compromisedthrough protocols without third parties. Based on the definition and characteristics ofmulti-party secure computing, this paper introduces the research status, component model andapplication scenarios of multi-party secure computing.
    Reference | Related Articles | Metrics
    Data Security Governance Technology and Practice in Big Data Applications
    Journal of Information Security Reserach    2022, 8 (4): 326-.  
    Abstract489)      PDF (2139KB)(585)       Save
    The wide application of big data technology makes data burst into unprecedented value and vitality. However, due to the large amount of data, multiple data sources, and complex data access relationships, data security lacks refined and standardized management, and the importance of data security governance becomes increasingly prominent. By analyzing data security problems in existing big data applications and common pitfalls in data security governance, this paper puts forward the ideas, principles and methods of data security governance, and with classification and grading as the entry point, presents the technical architecture of data security governance. Finally, taking the big data platform as an example, presents the application practice of data security governance technology.
    Reference | Related Articles | Metrics
    Research on Active Defense Method of Network Security Under APT Organization Attack Behavior
    Journal of Information Security Reserach    2023, 9 (5): 423-.  
    Abstract163)      PDF (2792KB)(152)       Save
    At present, the international situation is complex and changeable, new social conflicts and contradictions are constantly arising in the transition period of the domestic society, and hostile forces are trying in vain to destroy the Critical Information Infrastructures (CII) of our country,  resulting in adverse social impacts. The existing defense measures based on the existing network attack detection and defense are not flexible and require high comprehensiveness of the defense system. Therefore, this thesis proposes an active defense method for electric power industry network security based on attack behaviors. By analyzing the attack behavior of attackers, combines ATT&CK attack framework model to carry out intermittent attack attempts against Advanced Persistent Threat (APT) organizations through layer upon layer forwarding of a large number of springboard nodes. Until the breakthrough and springboard node are found, the attack behavior and problems that may occur before or during the attack. The springboard, organization or personal information of the attacker at all levels is discovered in advance, and the attack behavior is discovered and blocked in advance in the stage of the attacker’s reconnaissance, so as to realize the active defense against the attack behavior.
    Reference | Related Articles | Metrics
    Research on the Application of Commercial Cryptography to Cloud Computing
    Journal of Information Security Reserach    2023, 9 (4): 375-.  
    Abstract238)      PDF (3447KB)(205)       Save
    Cloud computing, as a new information processing method, enables users to access information and communication resource services through the network, and it has become an inevitable trend in the development of information technology industry. Users, data, and information resources are highly concentrated, highly dependent on the continuity of cloud platform services, and the scalability of virtualized resources bring inevitable security risks to cloud computing., and the scalability of virtualized resources bring inevitable security risks to cloud computing. Therefore, how to eliminate the security risks of cloud computing by using commercial cryptography technology has become the current research hotspot. This paper starts from the cloud computing network architecture, anlyzes the cryptography application requirements of cloud computing. The paper proposes the corresponding commercial cryptography application scheme for cloud computing scenarios on this basis. The research results provide a theoretical guidance and reference for the application practice of commercial cryptography in cloud computing scenarios, and are expected to solve the key problems of cloud computing security.
    Reference | Related Articles | Metrics
    Research on Privacy Protection Technology in Federated Learning
    Journal of Information Security Reserach    2024, 10 (3): 194-.  
    Abstract121)      PDF (1252KB)(148)       Save
    In federated learning, multiple models are trained through parameter coordination without sharing raw data. However,  the extensive parameter exchange in this process renders the model vulnerable to threats not only from external users but also from internal participants. Therefore, research on privacy protection techniques in federated learning is crucial. This paper introduces the current research status on privacy protection in federated learning. It classifies the security threats of federated learning into external attacks and internal attacks.Based on this classification,  it summarizes external attack techniques such as model inversion attacks, external reconstruction attacks, and external inference attacks, as well as internal attack techniques such as poisoning attacks, internal reconstruction attacks, and internal inference attacks. From the perspective of attack and defense correspondence, this paper summarizes data perturbation techniques such as central differential privacy, local differential privacy, and distributed differential privacy, as well as process encryption techniques such as homomorphic encryption, secret sharing, and trusted execution environment. Finally, the paper analyzes the difficulties of federated learning privacy protection technology and identifies the key directions for its improvement.
    Reference | Related Articles | Metrics
    Research on Artificial Intelligence Data Falsification Risk  Based on GPT Model
    Journal of Information Security Reserach    2023, 9 (6): 518-.  
    Abstract167)      PDF (1887KB)(143)       Save
    The rapid development and application of artificial intelligence technology have led to the emergence of AIGC (Artificial Intelligence Generated Context), which has significantly enhanced productivity. ChatGPT, a product that utilizes AIGC, has gained popularity worldwide due to its diverse application scenarios and has spurred rapid commercialization development. This paper takes the artificial intelligence data forgery risk as the research goal, takes the GPT model as the research object, and focuses on the possible causes of data forgery and the realization process by analyzing the security risks that have been exposed or appeared. Based on the offensive and defensive countermeasures of traditional cyberspace security and data security, the paper makes a practical study of data forgery based on model finetuning and speculates some data forgery utilization scenarios after the widespread commercialization of artificial intelligence. Finally, the paper puts forward some suggestions on how to deal with the risk of data forgery and provides directions for avoiding the risk of data forgery before the largescale application of artificial intelligence in the future.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2023, 9 (7): 610-.  
    Abstract142)      PDF (519KB)(142)       Save
    Related Articles | Metrics
    Design and Implementation of Dark Net Data Crawler Based on Tor
    Journal of Information Security Research    2019, 5 (9): 798-804.  
    Abstract769)      PDF (3976KB)(1221)       Save
    tWith the development of anonymous communication technology, more and more users begin to use anonymous communication to protect personal privacy. Tor, as the most popular application of anonymous communication system, can effectively prevent behavior such as traffic sniffing, eavesdropping and other behaviors. While protecting the privacy of users from being stolen, “dark net” is also used by many criminals. Thus, this has brought great challenges to the supervision of public security. How to strengthen the regulation and crackdown on illegal information of dark network websites is an urgent problem to be solved. Therefore, the data of crawling anonymous websites is an important basis for supervising those websites effectively. The most mainstream dark network anonymous communication system Tor was introduced briefly, its technical principles were analyzed, and a dark network data crawler program was designed, which mainly use Selenium to enter the Tor network, bulk crawl the dark Web pages and save the data to the local. It will help the public security department to further monitor and analyze the relevant content in the dark network, and also propose a feasible technical means for the police department to supervise the dark network.
    Reference | Related Articles | Metrics
    Challenges and Responses to Data Governance in China
    Journal of Information Security Reserach    2023, 9 (7): 612-.  
    Abstract168)      PDF (924KB)(134)       Save
    At present, data can hold a substantial value in promoting economic and social development, and possess important strategic significance. Data governance has also been a significant topic and practical direction in the development of China’s digital economy and the construction of Digital China. By analyzing the difficulties in the following aspects of data rights confirmation, data security, data compliance, and data circulation, the institutional dilemmas and practical issues faced by data governance are being clarified. And a comprehensive approach for data governance has also been proposed, including protecting data rights and interests, strengthening compliance guidance, stimulating the vitality of the data market, and promoting technological empowerment. It is expected to advance the process of data governance in China.
    Reference | Related Articles | Metrics
    Security Risks and Countermeasures to Artificial Intelligence#br#
    #br#
    Journal of Information Security Reserach    2024, 10 (2): 101-.  
    Abstract101)      PDF (469KB)(132)       Save
    Related Articles | Metrics
    The Status and Trends of Confidential Computing
    Journal of Information Security Reserach    2024, 10 (1): 2-.  
    Abstract100)      PDF (1466KB)(129)       Save
    Related Articles | Metrics
    Introduction to Software Security and Reliability Issue
    Sun Wei
    Journal of Information Security Research    2018, 4 (11): 974-976.  
    Abstract83)      PDF (781KB)(498)       Save
    Related Articles | Metrics
    Research on the Integration of Full Lifecycle Data Security Management and Artificial Intelligence Technology#br#
    Journal of Information Security Reserach    2023, 9 (6): 543-.  
    Abstract127)      PDF (1143KB)(128)       Save
    With data becoming a new production factor, China has elevated data security to a national strategic level. With the promotion of a new round of technological revolution and the deepening of digital transformation, the artificial intelligence technology has increasing development potential, and gradually empowers the field of data security management actively. Firstly, the paper introduces the concept and significance of data security lifecycle management, analyzes the security risks faced by data in various stages of the lifecycle, and further discusses the problems and challenges faced by traditional data security management technologies in the context of massive data processing and upgraded attack methods. Then, the paper introduces the potential advantages of artificial intelligence in solving these problems and challenges, and summarizes the current mature data security management technologies based on artificial energy and typical application scenarios. Finally, the paper provides an outlook on the future development trends of artificial intelligence technologies in the field of data security management. This paper aims to provide useful references for researchers and practitioners in the field of data security management, and promote the innovation and application of artificial intelligence in the field of data security management technology.
    Reference | Related Articles | Metrics
    A Novel Blockchain Privacy Preserving Scheme Based on Paillier  and FO Commitment
    Journal of Information Security Reserach    2023, 9 (4): 306-.  
    Abstract254)      PDF (934KB)(166)       Save
    The blockchain is a shared database with excellent characteristics such as high decentralization and traceability. However, data leakage is still a big problem for blockchain transactions. To order to solve the problem, this paper introduces Paillier homomorphic encryption with variable k (KPH), a privacy protection strategy that hides transaction information by the public key encryption algorithm RSA, performs zeroknowledge proof on the legitimacy of the transaction amount with FO commitment, and updates the transaction amount using the enhanced Paillier semihomomorphic encryption algorithm and verifies the transaction using the FO commitment. Unlike the typical Paillier algorithm, the KPH scheme’s Paillier algorithm includes the variable k and combines the L function and the Chinese remainder theorem to reduce the time complexity from O(|n|2+e) to O(logn), making the algorithm decryption process more efficient.

    Reference | Related Articles | Metrics
    Research on Security Risks and Protection of Container Images
    Journal of Information Security Reserach    2023, 9 (8): 792-.  
    Abstract87)      PDF (1788KB)(121)       Save
    As the digital transformation speeds up, more and more enterprises shift to adopt container technology to improve business productivity and scalability in order to deepen the process of industrial digital transformation. As the basis for container operation, container images contain packaged applications and their dependencies, as well as process information for container instantiation. However, container images also have various insecure factors. In order to solve the problem from the source and reduce the various security risks and threats faced by containers after they are instantiated, the fulllifecycle management of container images should be implemented. In this paper, the advantages that container images bring to the application development and deployment were investigatesd, the security risks faced by container images were analyzed. Key technologies for container mirroring security protection from the three stages of construction, distribution, and operation were proposed, and then a container image security scanning tool was developed, which can scan container images for applications and underlying infrastructure that use container technology. It was proved to have good practical effects, which can help enterprises achieve fulllifecycle image security protection.
    Reference | Related Articles | Metrics
    Vulnerability Mining and Threat Detection
    Journal of Information Security Reserach    2023, 9 (10): 930-.  
    Abstract107)      PDF (510KB)(121)       Save
    Related Articles | Metrics
    Research on the Disclosure and Sharing Policy of Cybersecurity  Vulnerabilities in China and the United States
    Journal of Information Security Reserach    2023, 9 (6): 602-.  
    Abstract153)      PDF (2305KB)(120)       Save
    With the increasing scale and complexity of computer software systems, vulnerability attacks on software and systems become more and more frequent, and attack methods become more and more diverse. Various countries have published vulnerability management regulations to avoid the threat of software and system vulnerabilities to national cyberspace security. Proper disclosure and sharing of security vulnerabilities can help security researchers learn security threats quickly and reduce vulnerability repair costs through sharing and communication, which has become essential to mitigating security risks. This paper introduces the public vulnerability database, focuses on the summary of China and the United States network security vulnerability disclosure and sharing related policies and regulations, and gives the possible problems and countermeasures  in vulnerability disclosure and sharing in China so that security researchers can better understand and learn the security vulnerability disclosure process and sharing related regulations, which ensures that security researchers can study security vulnerabilities in the extent permitted by regulations.
    Reference | Related Articles | Metrics
    Current Situation, Analysis and Prospect of Cross Border Data Flow
    Wang Na, Gu Mianxue, Wu Gaofei, Zhang Yuqing, Cao Chunjie
    Journal of Information Security Reserach    2021, 7 (6): 488-495.  
    Abstract880)      PDF (1439KB)(483)       Save
    With the advent of the era of big data, the process of globalization is accelerated, the economic and political exchanges between countries become more frequent, the competition for data becomes more and more fierce, and the cross-border flow of data is inevitable. Although the European Union, the United States and other major international economies give priority to the deployment of cross-border data, which provides effective reference for different countries, with the increasingly urgent demand for cross-border data flow, the related issues of national security and personal data protection are gradually highlighted. First, by combing existing research works on cross-border data flow, starting from the concept of data cross-border, we summarize their advantages and disadvantages; then, starting from the core data security technology and regulatory mechanism, we systematically analyze and compare cross-border data current situation of the flow of multiple countries ; finally, based on the collation and summary of existing works, we discuss the shortcomings and challenges of China's existing data cross-border management system, put forward targeted suggestions and solutions, and look forward to the research and development trends in this field. 
    Reference | Related Articles | Metrics
    Design and Implementation of Cryptography Intensive Platform for  Government Information System
    Journal of Information Security Reserach    2023, 9 (5): 461-.  
    Abstract143)      PDF (2467KB)(116)       Save
    Aiming at the problems of inconvenient, nonstandard, non universal and waste of resources for cipher application in the field of egovernment, this paper puts forward a systematic, intensive and standardized technical scheme. The scheme combines the SM2, SM3, SM4 and SM9 algorithms to form an intensive system framework, pool the cryptographic facilities, reduce the burden of applying cipher in the information system, provide a unified interface for cryptographic applications, and realize compliant, effective and convenient cryptographic applications. The pilot application practice of cryptographyintensive platform construction of egovernment extranet shows that this scheme can improve the utilization rate of cipher resources and save investment, and has reference value for the security protection of cipher application of scale government information system.Key wordscommercial cryptography; intensification; government informatization; identitybased cryptograph; egovernment
    Aiming at the problems of inconvenient, nonstandard, non universal and waste of resources for cipher application in the field of egovernment, this paper puts forward a systematic, intensive and standardized technical scheme. The scheme combines the SM2, SM3, SM4 and SM9 algorithms to form an intensive system framework, pool the cryptographic facilities, reduce the burden of applying cipher in the information system, provide a unified interface for cryptographic applications, and realize compliant, effective and convenient cryptographic applications. The pilot application practice of cryptographyintensive platform construction of egovernment extranet shows that this scheme can improve the utilization rate of cipher resources and save investment, and has reference value for the security protection of cipher application of scale government information system.
    Reference | Related Articles | Metrics