Most Download articles

Published in last 1 year | In last 2 years| In last 3 years| All| Most Downloaded in Recent Month | Most Downloaded in Recent Year|

Most Downloaded in Recent Year

Please wait a minute...


For Selected: Download Citations EndNote Ris BibTeX Toggle Thumbnails

Select

Security-Development Road of National E-Gov Network in the “Internet +” Era Zhou Min Journal of Information Security Research    2015, 1 (2): 98-104.   Abstract （339）      PDF （2278KB）（1595）       Knowledge map    Save Related Articles | Metrics

Select

An Overview of Application and Technology of Artificial Intelligence in Cybersecurity Journal of Information Security Reserach    2022, 8 (2): 110-.   Abstract （1602）      PDF （1142KB）（1198）       Knowledge map    Save Compared with the developed countries, the basic research and technology application in the field of artificial intelligence in China started later, especially the application of artificial intelligence in the important field of network security. Domestic and abroad disparity is still very obvious, which seriously affects the improvement of China's cybersecurity capability. This paper elaborates the relationship between artificial intelligence, network attack and network defense, and widely investigates the application status of artificial intelligence in major information security companies at home and abroad. It points out that APT detection, 0day vulnerability mining and cloud security are three core areas that affect the level of cybersecurity capability, This paper deeply analyzes the key technologies of artificial intelligence technology applied in these three fields, and puts forward the safety risks of artificial intelligence technology, and points out that artificial intelligence technology is not a panacea for all diseases, This Paper provides a scientific reference for the further research and application of artificial intelligence technology in China's information security industry. Reference | Related Articles | Metrics

Select

Research on Cyber-Attack Defense System Based on Big Data and Threat Intelligence Journal of Information Security Research    2019, 5 (5): 383-387.   Abstract （272）      PDF （1670KB）（1221）       Knowledge map    Save Cyber-attacks are the use of network vulnerabilities and security flaws to attack the hardware, software and data of a cyber system. The earlier a cyber-attack is identified, the less adverse effect it has. The traditional network intrusion detection system (IDS) has some limitations in detecting cyber-attacks, such as passive protection and limited capability of threat identification. Threat intelligence technology provides a more scientific and effective method for identifying potential or actual cyber-attacks by using big data analysis,and provides a comprehensive and relevant cyber-attack defense model. Reference | Related Articles | Metrics

Select

Building Cyber Security Defense by Trusted Computing 3.0 Journal of Information Security Research    2017, 3 (4): 290-298.   Abstract （310）      PDF （1075KB）（1636）       Knowledge map    Save Related Articles | Metrics

Select

Overview on SM9 Identity Based Cryptographic Algorithm Journal of Information Security Research    2016, 2 (11): 1008-1027.   Abstract （3125）      PDF （13949KB）（6065）       Knowledge map    Save SM9 identitybased cryptographic algorithm is an identitybased cryptosystem with bilinear pairings. In such a system the user s private key and public key may be extracted from user s identity and key generation centers parameters. The most common cryptographic uses of SM9 are with digital signature, data encryption, key exchange protocol and key encapsulation mechanism etc. The application and management of SM9 will not require digital certificate, certificate base, and key base. The key length of the SM9 cipher algorithm is 256b. SM9 cryptographic algorithm was issued as the cryptography standard in 2015. This paper will summarize the design, algorithm, software and hardware implementation and cryptanalysis of SM9 cryptographic algorithm. We also give some concrete examples in appendix. Reference | Related Articles | Metrics

Select

Research on Data Sharing Security Framework Journal of Information Security Research    2019, 5 (4): 309-317.   Abstract （370）      PDF （1890KB）（910）       Knowledge map    Save With the rapid development of big data technologies and applications, the need to promote data sharing across departments and industries has become very urgent. However, the impact of security issues is a key issue in the development of data sharing. Countries around the world are paying more and more attention to the security of data sharing. Many countries, including the United States, the European Union and China, have formulated laws and regulations related to data security to promote the legal use and security protection of data sharing. This paper summarizes and analyzes the security management and control of data sharing at home and abroad, designs the data sharing model and related party roles, and proposes a data sharing security framework based on analyzing the security risks and problems of data sharing. Finally, suggestions for strengthening the security governance of data sharing are given. Reference | Related Articles | Metrics

Select

Venustech’s Continuous Construction of the Information Security Ecological Chain — Analyze the Information and Cyber Security Strategy of Venustech Journal of Information Security Research    2017, 3 (2): 98-115.   Abstract （225）      PDF （3877KB）（854）       Knowledge map    Save Related Articles | Metrics

Select

VEDA, Establishing the AI Dynamic Defense System for Cyber Security Journal of Information Security Research    2017, 3 (12): 1058-1066.   Abstract （311）      PDF （1526KB）（734）       Knowledge map    Save Related Articles | Metrics

Select

Journal of Information Security Reserach    2023, 9 (E2): 4-.   Abstract （70）      PDF （2945KB）（460）       Knowledge map    Save Related Articles | Metrics

Select

ChatGPT’s Applications, Status and Trends in the Field of Cyber Security Journal of Information Security Reserach    2023, 9 (6): 500-.   Abstract （867）      PDF （2555KB）（691）       Knowledge map    Save ChatGPT, as a large language model technology, demonstrates extremely strong language understanding and text generation capabilities. It has not only attracted tremendous attention across various industries but also brought new transformations to the field of cybersecurity. Currently, research on ChatGPT in the cybersecurity field is still in its infancy. To help researchers systematically understand the research status of ChatGPT in cybersecurity, this paper provides the first comprehensive summary of ChatGPT’s applications in the field of cybersecurity and potential accompanying security issues. The article first outlines the development of large language model technologies and briefly introduces the technology and features of ChatGPT. Then, it discusses the enabling effects of ChatGPT in the cybersecurity field from two perspectives: assisting attacks and assisting defense. This includes vulnerability discovery, exploitation and remediation, malicious software detection and identification, phishing email generation and detection, and potential use cases in security operations scenarios. Furthermore, the article delves into the accompanying risks of ChatGPT in the cybersecurity field, including content risks and prompt injection attacks, providing a detailed analysis and discussion of these risks. Finally, the paper looks into the future of ChatGPT in the cybersecurity field from the perspectives of security enablement and accompanying security, pointing out the direction for future research on ChatGPT in the cybersecurity domain. Reference | Related Articles | Metrics

Select

Meiya Pico,Innovation to Enhance the Core Technology of Cybersecurity Journal of Information Security Research    2017, 3 (9): 770-780.   Abstract （341）      PDF （1952KB）（722）       Knowledge map    Save Related Articles | Metrics

Select

AI and Data Privacy Protection: The Way to Federated Learning Journal of Information Security Research    2019, 5 (11): 961-965.   Abstract （928）      PDF （1395KB）（1149）       Knowledge map    Save With the tremendous advance in computing, algorithms and data volume, artificial intelligence ushered in the third development climax, and began to gain a foot hold in exploring various industries. However, as the emergence of “big data”, more “small data” or “poorquality data”, and “data silos” exist in industry applications. For example, in the information security realm, it is difficult for enterprises who provide security services such as content security auditing and intrusion detection based on artificial intelligence technology to exchange raw data due to the consideration of user privacy and trade secrets protection. The services between enterprises are independent, and the overall development of cooperation and technology is difficult to make a breakthrough in a short period of time. How to promote greater cooperation on the premise of protecting the privacy of organizations? Will there be any chance for technical means to solve the data privacy protection problems? Federated Learning is an effective way to solve this problem and achieve acrossenterprise collaborative governance. Reference | Related Articles | Metrics

Select

Research and Thinking on the Technical Framework of Data Security  in the Field of Transportation Journal of Information Security Reserach    2022, 8 (11): 1092-.   Abstract （256）      PDF （1237KB）（652）       Knowledge map    Save In recent years, in the continuous advancement of the construction of “digital government”, the “data gap” and “data island” between government departments have been gradually broken. As the core resource of digital government, data is an important driving force for national development，and also the most valuable core asset. With the largescale aggregation, integration and sharing of various data resources, a series of data securityrelated problems have emerged. For example, due to the high concentration of data, data is more likely to become the target of attacks, and a large number of illegal operations by internal personnel lead to data tampering and greatly increase. In order to solve the problem of data security in the field of transportation, this paper makes an indepth analysis of the main challenges of data security in the field of transportation technology and transportation, and proposes to create an “overall technical architecture of data security management and control”, and focuses on thinking and discussing the full life cycle security of data and data security operation    in the field of transportation. Data security management is not within the scope of this paper. Reference | Related Articles | Metrics

Select

Journal of Information Security Research    2016, 2 (11): 969-971.   Abstract （376）      PDF （726KB）（1200）       Knowledge map    Save Related Articles | Metrics

Select

Trend on Cybersecurity Policy Risks of the Trump Administration and China Countermeasures Journal of Information Security Research    2018, 4 (10): 870-880.   Abstract （103）      PDF （1337KB）（721）       Knowledge map    Save Reference | Related Articles | Metrics

Select

The Review of Information Hiding Technology Based on GAN Image Generation Journal of Information Security Research    2019, 5 (9): 771-777.   Abstract （639）      PDF （630KB）（852）       Knowledge map    Save The traditional steganography is facing more and more threats, and the steganographic analysis technology is gradually mature. To solve this problem, the Generative Adversarial Networks is introduced into the steganography, which can reduce the traces of carrier modification and improve the concealment of steganography. This paper introduces the basic structure of the Generative Adversarial Networks, summarizes, compares and classifies the research results of the steganography based on GAN image generation. According to the existing technical means, the shortcomings of the current Generative Adversarial Networks in the development of steganography are proposed, and the future research directions are prospected. Reference | Related Articles | Metrics

Select

“Internet +”Power: Overview of AsiaInfo Secruity’s Cyber Security Journal of Information Security Research    2016, 2 (8): 670-684.   Abstract （336）      PDF （1873KB）（1033）       Knowledge map    Save Related Articles | Metrics

Select

Research of Threat Intelligence Sharing and Using for Cyber Attack Attribution Yang Zeming, Li Qiang, Liu Junrong, and Liu Baoxu Journal of Information Security Research    2015, 1 (1): 31-36.   Abstract （921）      PDF （5527KB）（1354）       Knowledge map    Save With the increasingly complexity of cyberspace security, the attack attribution has become an important challenge for the security protection system. The emergence of threat intelligence provided plentiful data source support for the attack attribution, which makes large-scale attack attribution became possible. To realize effective attack attribution, based on the structure expression of the threat information, a light weight framework of threat intelligence sharing and utilization was proposed. It included threat intelligence expression, exchange and utilization, which can achieve the attack attribution result. Take the case of C2 relevant information, we described the expression of threat intelligence sharing and utilization, and verified the framework. Results show that the framework is practical, and can provide new technical means for attack attribution. In addition, based on the understanding of threat intelligence, several thinking about the construction of sharing and utilization mechanisms were promoted in the end. Related Articles | Metrics

Select

Research and Design of Unified Platform for Vulnerability Management Journal of Information Security Reserach    2022, 8 (2): 190-.   Abstract （619）      PDF （1069KB）（511）       Knowledge map    Save With the development of the network technology, information security has been paid more and more attention. As one of the most frequently used attacking methods, security vulnerability has also been widely concerned. At present, Most of the organizations or enterprises rely on manual methods to manage vulnerabilities, and do not have unified tracking、 disposition、 display and analysis. These methods are not only inefficient, but also error-prone. A unified platform for vulnerability management was proposed, which allowed the automatic closed loop controlling of the life cycle of vulnerabilities. The platform integrated different vulnerability management capabilities into specific functional modules. General development languages and standards-based service interfaces were developed to allow integration of this platform with other infrastructure platform systems or network security tools. Practices show that, this platform can effectively improve the performance of the vulnerability management, and make vulnerability management to be centralized, streamlined and automated. Reference | Related Articles | Metrics

Select

A Survey of Zero Trust Research Journal of Information Security Research    2020, 6 (7): 608-614.   Abstract （1126）      PDF （2068KB）（1480）       Knowledge map    Save With the popularization of cloud computing, mobile office and other technologies, the enterprise network structure becomes complex. The traditional network security model is based on the idea of boundary protection, which can not meet the current needs. Zero trust is a new network security model, where no distinction is made between internal and external networks and all entities need authentication and authorization before accessing resources, which can be used to protect the network whose perimeter is increasingly fuzzy. This paper gives the definition of zero trust, introduces the architecture of zero trust, analyzes the core technology of zero trust, compares and analyses several representative zero trust schemes, summarizes the development status, points out the research direction needing attention in this field, which can provide reference for the research and application of zero trust. Reference | Related Articles | Metrics

Select

Research on Privacy Protection Technology in Federated Learning Journal of Information Security Reserach    2024, 10 (3): 194-.   Abstract （235）      PDF （1252KB）（261）       Knowledge map    Save In federated learning, multiple models are trained through parameter coordination without sharing raw data. However,  the extensive parameter exchange in this process renders the model vulnerable to threats not only from external users but also from internal participants. Therefore, research on privacy protection techniques in federated learning is crucial. This paper introduces the current research status on privacy protection in federated learning. It classifies the security threats of federated learning into external attacks and internal attacks.Based on this classification,  it summarizes external attack techniques such as model inversion attacks, external reconstruction attacks, and external inference attacks, as well as internal attack techniques such as poisoning attacks, internal reconstruction attacks, and internal inference attacks. From the perspective of attack and defense correspondence, this paper summarizes data perturbation techniques such as central differential privacy, local differential privacy, and distributed differential privacy, as well as process encryption techniques such as homomorphic encryption, secret sharing, and trusted execution environment. Finally, the paper analyzes the difficulties of federated learning privacy protection technology and identifies the key directions for its improvement. Reference | Related Articles | Metrics

Select

Leveraging “Internet Plus” and Big Data for the Improvement of Services Supervision Cui Chuanzhen Journal of Information Security Research    2016, 2 (2): 98-106.   Abstract （212）      PDF （1159KB）（821）       Knowledge map    Save Related Articles | Metrics

Select

To Create a Positive Cyberspace by Safeguarding Network Security with Active Immune Trusted Computing 3.0 Journal of Information Security Research    2018, 4 (4): 282-302.   Abstract （181）      PDF （2291KB）（837）       Knowledge map    Save Related Articles | Metrics

Select

Dean, the Pioneer and Guardian of Network Security for 20 Years Dean Group's Information Security and Strategy Based on a Network Powerful Nation Journal of Information Security Research    2017, 3 (10): 0-0.   Abstract （110）      PDF （2297KB）（563）       Knowledge map    Save Related Articles | Metrics

Select

Journal of Information Security Reserach    2024, 10 (E1): 236-.   Abstract （279）      PDF （796KB）（238）       Knowledge map    Save Reference | Related Articles | Metrics

Select

Research on Security Protection of High RealTime Metro Integrated Supervisory and Control System Journal of Information Security Research    2019, 5 (8): 691-695.   Abstract （67）      PDF （1098KB）（531）       Knowledge map    Save Integrated Supervisory and Control System (ISCS) is one of the necessary automatic systems for efficient and safe operation of urban rail transit automation. The integrated monitoring system is a largescale integrated system with high integration of informationization and automation. The system integrates multiple automation and information subsystems in urban rail transit stations, tunnels, depots, parking lots, control centers, etc, and performs unified monitoring, control and management of subsystems on the same software platform, realizing the information sharing of each specialty system and the linkage control function between the systems. In this paper, the ISCS security protection solution for rail transit under the requirement of high realtime performance is studied, the typical security protection design concept is given, and the equal guarantee evaluation method is put forward. Reference | Related Articles | Metrics

Select

The Army Trusted Computing Standard of Civil-Military Integration Journal of Information Security Research    2017, 3 (4): 382-384.   Abstract （125）      PDF （685KB）（711）       Knowledge map    Save Related Articles | Metrics

Select

Research for Zero Trust Security Model Journal of Information Security Reserach    2024, 10 (10): 886-.   Abstract （232）      PDF （2270KB）（223）       Knowledge map    Save Zero trust is considered a new security paradigm. From the perspective of security models, this paper reveals the deepening and integration of security models in zero trust architecture, with “identity and data” as the main focus. Zero trust establishes a panoramic control object chain with identity at its core, builds defenseindepth mechanisms around object attributes, functions, and lifecycles, and centrally redirects the flow of information between objects. It integrates information channels to achieve layered protection and finegrained, dynamic access control. Finally, from an attacker’s perspective, it sets up proactive defense mechanisms at key nodes in the information flow path. Since zero trust systems are bound to become highvalue assets, this paper also explores the essential issues of inherent security and resilient service capabilities in zerotrust systems. Through the analysis of the security models embedded in zerotrust and its inherent security, this paper aims to provide a clearer technical development path for the architectural design, technological evolution, and selfprotection of zero trust in its application. Reference | Related Articles | Metrics

Select

Security Risks and Countermeasures to Artificial Intelligence#br# #br# Journal of Information Security Reserach    2024, 10 (2): 101-.   Abstract （205）      PDF （469KB）（276）       Knowledge map    Save Related Articles | Metrics

Select

“Internet +”Power: Overview of Westone Secruity’s Cyber Secruity Journal of Information Security Research    2016, 2 (10): 862-875.   Abstract （211）      PDF （2788KB）（964）       Knowledge map    Save Related Articles | Metrics

Select

Cracking the Hard Mathematical Problems of Cryptographic Algorithm Cui Chuanzhen Journal of Information Security Research    2015, 1 (1): 92-96.   Abstract （309）      PDF （1027KB）（856）       Knowledge map    Save Related Articles | Metrics

Select

Overview on SM4 Algorithm Journal of Information Security Research    2016, 2 (11): 995-1007.   Abstract （1292）      PDF （8653KB）（1017）       Knowledge map    Save SM4 Algorithm, short for SM4 Block Cipher Algorithm, was published in 2006 to promote the application of WAPI. It became a cryptography industrial standard (GMT 0002—2012) in March 2012 and a national standard (GBT 32907—2016) in August 2016. This paper describes SM4s calculating process, structural features and cryptographic properties. Furthermore, we introduce some latest researches on SM4s security and compare SM4s security with several international block cipher standards such as AES, HIGHT and MISTY1. Reference | Related Articles | Metrics

Select

Research on Network Security Governance and Response of  Largescale AI Model Journal of Information Security Reserach    2023, 9 (6): 551-.   Abstract （416）      PDF （1101KB）（389）       Knowledge map    Save With the continuous development of artificial intelligence technology, largescale AI model technology has become an important research direction in the field of artificial intelligence. The publication of ChatGPT4.0 and ERNIE Bot has rapidly promoted the development and application of this technology. However, the emergence of largescale AI model technology has also brought new challenges to network security. This paper will start with the definition, characteristics and application of largescale AI model technology, and analyze the network security situation under largescale AI model technology. The network security governance framework of largescale AI model is proposed, and the given steps can provide reference for network security work of largescale AI model. Reference | Related Articles | Metrics

Select

Research on Data Classification and Grading Method Based on Data Security Law Journal of Information Security Reserach    2021, 7 (10): 933-.   Abstract （1171）      PDF （2157KB）（958）       Knowledge map    Save The Data Security Law of the People's Republic of China (hereinafter referred to as the Data Security Law) has been formally promulgated, which clearly stipulates that the state establishes data classification and grading protection system, and implements classified and graded protection for data. However, at present, the relevant standards and specifications of data classification and grading in China are relatively lacking, and the practical experiences that can be used for reference in various industries are relatively insufficient. How to effectively implement the data classification and grading protection is still a thorny problem. Based on Article 21 of the Data Security Law, this paper analyzes the factors such as the influence object, influence breadth and influence depth after the data is damaged, puts forward the principles and methods of data classification and data grading, and gives an implementation path of data classification and grading according to the application scenarios and industry characteristics of the data, which provide a certain reference for data classification and grading protection of various industries. Reference | Related Articles | Metrics

Select

TOPSEC, Leading Brand of Independent Innovation, Supporting Cyberspace Power Strategy Journal of Information Security Research    2018, 4 (9): 774-782.   Abstract （85）      PDF （1579KB）（541）       Knowledge map    Save Related Articles | Metrics

Select

Artifcial Intelligence Promotes the Paradigm Shift of Information Security —A Case Study of Driverless Car by Baidu Journal of Information Security Research    2016, 2 (11): 958-968.   Abstract （225）      PDF （2086KB）（966）       Knowledge map    Save Related Articles | Metrics

Select

Research on Identity Authentication Technology Based on Block Chain and PKI Journal of Information Security Reserach    2024, 10 (2): 148-.   Abstract （188）      PDF （1573KB）（238）       Knowledge map    Save Public key infrastructure (PKI) is a secure system based on asymmetric cryptographic algorithm and digital certificate to realize identity authentication and encrypted communication, operating on the principle of  trust transmission based on trust anchor. However, this technology has the following problems: The CA center is unique and there is a single point of failure; The authentication process involves a large number of operations, such as certificate resolution, signature verification, and certificate chain verification. To solve the above problems, this paper builds an identity authentication model based on Changan Chain, and proposes an identity authentication scheme based on Changan Chain digital certificate and public key infrastructure. Theoretical analysis and experimental data demonstrate  that this scheme reduces certificate parsing, signature verification and other operations, simplifies the authentication process, and improves the authentication efficiency. Reference | Related Articles | Metrics

Select

SURFILTER, Insisting on the Road of Independent Innovation of Information Security -- Review of the Information and Network Security Strategy of SURFILTER Journal of Information Security Research    2016, 2 (12): 1054-1067.   Abstract （141）      PDF （5217KB）（658）       Knowledge map    Save Related Articles | Metrics

Select

DBAPPSecurity：Support Security China, Boost Digital Economy Journal of Information Security Research    2019, 5 (4): 274-281.   Abstract （111）      PDF （3884KB）（737）       Knowledge map    Save Related Articles | Metrics

Select

Research on Source Code Vulnerability Detection Based on BERT Model Journal of Information Security Reserach    2024, 10 (4): 294-.   Abstract （147）      PDF （3199KB）（198）       Knowledge map    Save Techniques such as code metrics, machine learning, and deep learning are commonly employed in source code vulnerability detection. However, these techniques have problems, such as their inability to retain the syntactic and semantic information of the source code and the requirement of extensive expert knowledge to define vulnerability features. To cope with the problems of existing techniques, this paper proposed a source code vulnerability detection model based on BERT(bidirectional encoder representations from transformers) model. The model splits the source code to be detected into multiple small samples, converted each small sample into the form of approximate natural language, realized the automatic extraction of vulnerability features in the source code through the BERT model, and then trained a vulnerability classifier with good performance to realize the detection of multiple types of vulnerabilities in Python language. The model achieved an average detection accuracy of 99.2%, precision of 97.2%, recall of 96.2%, and an F1 score of 96.7% across various vulnerability types. This represents a performance improvement of 2% to 14% over existing vulnerability detection methods. The experimental results showed that the model was a general, lightweight and scalable vulnerability detection method. Reference | Related Articles | Metrics