Most Download articles

    Published in last 1 year | In last 2 years| In last 3 years| All| Most Downloaded in Recent Month | Most Downloaded in Recent Year|

    Most Downloaded in Recent Year
    Please wait a minute...
    For Selected: Toggle Thumbnails
    Research and Thinking on the Technical Framework of Data Security  in the Field of Transportation
    Journal of Information Security Reserach    2022, 8 (11): 1092-.  
    Abstract218)      PDF (1237KB)(584)       Save
    In recent years, in the continuous advancement of the construction of “digital government”, the “data gap” and “data island” between government departments have been gradually broken. As the core resource of digital government, data is an important driving force for national development,and also the most valuable core asset. With the largescale aggregation, integration and sharing of various data resources, a series of data securityrelated problems have emerged. For example, due to the high concentration of data, data is more likely to become the target of attacks, and a large number of illegal operations by internal personnel lead to data tampering and greatly increase. In order to solve the problem of data security in the field of transportation, this paper makes an indepth analysis of the main challenges of data security in the field of transportation technology and transportation, and proposes to create an “overall technical architecture of data security management and control”, and focuses on thinking and discussing the full life cycle security of data and data security operation    in the field of transportation. Data security management is not within the scope of this paper.
    Reference | Related Articles | Metrics
    An Overview of Application and Technology of Artificial Intelligence in Cybersecurity
    Journal of Information Security Reserach    2022, 8 (2): 110-.  
    Abstract1179)      PDF (1142KB)(924)       Save
    Compared with the developed countries, the basic research and technology application in the field of artificial intelligence in China started later, especially the application of artificial intelligence in the important field of network security. Domestic and abroad disparity is still very obvious, which seriously affects the improvement of China's cybersecurity capability. This paper elaborates the relationship between artificial intelligence, network attack and network defense, and widely investigates the application status of artificial intelligence in major information security companies at home and abroad. It points out that APT detection, 0day vulnerability mining and cloud security are three core areas that affect the level of cybersecurity capability, This paper deeply analyzes the key technologies of artificial intelligence technology applied in these three fields, and puts forward the safety risks of artificial intelligence technology, and points out that artificial intelligence technology is not a panacea for all diseases, This Paper provides a scientific reference for the further research and application of artificial intelligence technology in China's information security industry.
    Reference | Related Articles | Metrics
    Security-Development Road of National E-Gov Network in the “Internet +” Era
    Zhou Min
    Journal of Information Security Research    2015, 1 (2): 98-104.  
    Abstract329)      PDF (2278KB)(1258)       Save
    Related Articles | Metrics
    ChatGPT’s Applications, Status and Trends in the Field of Cyber Security
    Journal of Information Security Reserach    2023, 9 (6): 500-.  
    Abstract699)      PDF (2555KB)(605)       Save
    ChatGPT, as a large language model technology, demonstrates extremely strong language understanding and text generation capabilities. It has not only attracted tremendous attention across various industries but also brought new transformations to the field of cybersecurity. Currently, research on ChatGPT in the cybersecurity field is still in its infancy. To help researchers systematically understand the research status of ChatGPT in cybersecurity, this paper provides the first comprehensive summary of ChatGPT’s applications in the field of cybersecurity and potential accompanying security issues. The article first outlines the development of large language model technologies and briefly introduces the technology and features of ChatGPT. Then, it discusses the enabling effects of ChatGPT in the cybersecurity field from two perspectives: assisting attacks and assisting defense. This includes vulnerability discovery, exploitation and remediation, malicious software detection and identification, phishing email generation and detection, and potential use cases in security operations scenarios. Furthermore, the article delves into the accompanying risks of ChatGPT in the cybersecurity field, including content risks and prompt injection attacks, providing a detailed analysis and discussion of these risks. Finally, the paper looks into the future of ChatGPT in the cybersecurity field from the perspectives of security enablement and accompanying security, pointing out the direction for future research on ChatGPT in the cybersecurity domain.
    Reference | Related Articles | Metrics
    Overview on SM9 Identity Based Cryptographic Algorithm
    Journal of Information Security Research    2016, 2 (11): 1008-1027.  
    Abstract2812)      PDF (13949KB)(5909)       Save
    SM9 identitybased cryptographic algorithm is an identitybased cryptosystem with bilinear pairings. In such a system the user s private key and public key may be extracted from user s identity and key generation centers parameters. The most common cryptographic uses of SM9 are with digital signature, data encryption, key exchange protocol and key encapsulation mechanism etc. The application and management of SM9 will not require digital certificate, certificate base, and key base. The key length of the SM9 cipher algorithm is 256b. SM9 cryptographic algorithm was issued as the cryptography standard in 2015. This paper will summarize the design, algorithm, software and hardware implementation and cryptanalysis of SM9 cryptographic algorithm. We also give some concrete examples in appendix.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2023, 9 (E2): 4-.  
    Abstract51)      PDF (2945KB)(278)       Save
    Related Articles | Metrics
    A Survey of Zero Trust Research
    Journal of Information Security Research    2020, 6 (7): 608-614.  
    Abstract974)      PDF (2068KB)(1364)       Save
    With the popularization of cloud computing, mobile office and other technologies, the enterprise network structure becomes complex. The traditional network security model is based on the idea of boundary protection, which can not meet the current needs. Zero trust is a new network security model, where no distinction is made between internal and external networks and all entities need authentication and authorization before accessing resources, which can be used to protect the network whose perimeter is increasingly fuzzy. This paper gives the definition of zero trust, introduces the architecture of zero trust, analyzes the core technology of zero trust, compares and analyses several representative zero trust schemes, summarizes the development status, points out the research direction needing attention in this field, which can provide reference for the research and application of zero trust.
    Reference | Related Articles | Metrics
    Research and Design of Unified Platform for Vulnerability Management
    Journal of Information Security Reserach    2022, 8 (2): 190-.  
    Abstract498)      PDF (1069KB)(474)       Save
    With the development of the network technology, information security has been paid more and more attention. As one of the most frequently used attacking methods, security vulnerability has also been widely concerned. At present, Most of the organizations or enterprises rely on manual methods to manage vulnerabilities, and do not have unified tracking、 disposition、 display and analysis. These methods are not only inefficient, but also error-prone. A unified platform for vulnerability management was proposed, which allowed the automatic closed loop controlling of the life cycle of vulnerabilities. The platform integrated different vulnerability management capabilities into specific functional modules. General development languages and standards-based service interfaces were developed to allow integration of this platform with other infrastructure platform systems or network security tools. Practices show that, this platform can effectively improve the performance of the vulnerability management, and make vulnerability management to be centralized, streamlined and automated.
    Reference | Related Articles | Metrics
    Security Risks and Countermeasures to Artificial Intelligence#br#
    #br#
    Journal of Information Security Reserach    2024, 10 (2): 101-.  
    Abstract166)      PDF (469KB)(238)       Save
    Related Articles | Metrics
    Research on Privacy Protection Technology in Federated Learning
    Journal of Information Security Reserach    2024, 10 (3): 194-.  
    Abstract196)      PDF (1252KB)(222)       Save
    In federated learning, multiple models are trained through parameter coordination without sharing raw data. However,  the extensive parameter exchange in this process renders the model vulnerable to threats not only from external users but also from internal participants. Therefore, research on privacy protection techniques in federated learning is crucial. This paper introduces the current research status on privacy protection in federated learning. It classifies the security threats of federated learning into external attacks and internal attacks.Based on this classification,  it summarizes external attack techniques such as model inversion attacks, external reconstruction attacks, and external inference attacks, as well as internal attack techniques such as poisoning attacks, internal reconstruction attacks, and internal inference attacks. From the perspective of attack and defense correspondence, this paper summarizes data perturbation techniques such as central differential privacy, local differential privacy, and distributed differential privacy, as well as process encryption techniques such as homomorphic encryption, secret sharing, and trusted execution environment. Finally, the paper analyzes the difficulties of federated learning privacy protection technology and identifies the key directions for its improvement.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2023, 9 (E1): 105-.  
    Abstract428)      PDF (1450KB)(221)       Save
    Reference | Related Articles | Metrics
    Research on Data Classification and Grading Method Based on Data Security Law
    Journal of Information Security Reserach    2021, 7 (10): 933-.  
    Abstract1036)      PDF (2157KB)(892)       Save
    The Data Security Law of the People's Republic of China (hereinafter referred to as the Data Security Law) has been formally promulgated, which clearly stipulates that the state establishes data classification and grading protection system, and implements classified and graded protection for data. However, at present, the relevant standards and specifications of data classification and grading in China are relatively lacking, and the practical experiences that can be used for reference in various industries are relatively insufficient. How to effectively implement the data classification and grading protection is still a thorny problem. Based on Article 21 of the Data Security Law, this paper analyzes the factors such as the influence object, influence breadth and influence depth after the data is damaged, puts forward the principles and methods of data classification and data grading, and gives an implementation path of data classification and grading according to the application scenarios and industry characteristics of the data, which provide a certain reference for data classification and grading protection of various industries.
    Reference | Related Articles | Metrics
    Building Cyber Security Defense by Trusted Computing 3.0
    Journal of Information Security Research    2017, 3 (4): 290-298.  
    Abstract300)      PDF (1075KB)(1441)       Save
    Related Articles | Metrics
    AI and Data Privacy Protection: The Way to Federated Learning
    Journal of Information Security Research    2019, 5 (11): 961-965.  
    Abstract711)      PDF (1395KB)(998)       Save
    With the tremendous advance in computing, algorithms and data volume, artificial intelligence ushered in the third development climax, and began to gain a foot hold in exploring various industries. However, as the emergence of “big data”, more “small data” or “poorquality data”, and “data silos” exist in industry applications. For example, in the information security realm, it is difficult for enterprises who provide security services such as content security auditing and intrusion detection based on artificial intelligence technology to exchange raw data due to the consideration of user privacy and trade secrets protection. The services between enterprises are independent, and the overall development of cooperation and technology is difficult to make a breakthrough in a short period of time. How to promote greater cooperation on the premise of protecting the privacy of organizations? Will there be any chance for technical means to solve the data privacy protection problems? Federated Learning is an effective way to solve this problem and achieve acrossenterprise collaborative governance.
    Reference | Related Articles | Metrics
    Research on Identity Authentication Technology Based on Block Chain and PKI
    Journal of Information Security Reserach    2024, 10 (2): 148-.  
    Abstract120)      PDF (1573KB)(188)       Save
    Public key infrastructure (PKI) is a secure system based on asymmetric cryptographic algorithm and digital certificate to realize identity authentication and encrypted communication, operating on the principle of  trust transmission based on trust anchor. However, this technology has the following problems: The CA center is unique and there is a single point of failure; The authentication process involves a large number of operations, such as certificate resolution, signature verification, and certificate chain verification. To solve the above problems, this paper builds an identity authentication model based on Changan Chain, and proposes an identity authentication scheme based on Changan Chain digital certificate and public key infrastructure. Theoretical analysis and experimental data demonstrate  that this scheme reduces certificate parsing, signature verification and other operations, simplifies the authentication process, and improves the authentication efficiency.
    Reference | Related Articles | Metrics
    Overview of Data Security Governance at Home and Abroad
    Journal of Information Security Reserach    2021, 7 (10): 922-.  
    Abstract1390)      PDF (3579KB)(868)       Save
    With the rapid development of digital economy, privacy infringement, data leakage, platform monopoly, misinformation and other issues emerge one after another, increasingly becoming an important issue that threatens individual rights, industrial development and national security. This article, on the national policy and law level, sorts out four categories of data governance, that is, personal data protection, cross-border data flow regulation, data market governance, and data content management. Countries and regions like United States, European Union and China are the centers of global digital economy. This article summarizes their practices and experience in above-mentioned four categories, and on this basis, puts forward some suggestions on strengthening China's data security governance system and capacity building, that is, further improving the legal system to compete for the leadership of the digital economy, deeply participating in global data governance to enhance the international voice of rule-making, and strengthening support and oversight of new technologies and applications to seize new heights in digital economy governance.
    Reference | Related Articles | Metrics
    The Status and Trends of Confidential Computing
    Journal of Information Security Reserach    2024, 10 (1): 2-.  
    Abstract134)      PDF (1466KB)(171)       Save
    Related Articles | Metrics
    Android Malware Multiclassification Model Based on Transformer
    Journal of Information Security Reserach    2023, 9 (12): 1138-.  
    Abstract148)      PDF (2073KB)(163)       Save
    Due to the open source and openness, the Android system has become a popular target for malware attacks, and there are currently a large number of research on Android malware detection, among which machine learning algorithms are widely used. In this paper, the Transformer algorithm is used to classify and detect the grayscale images converted by Android software classes.dex files, and the accuracy rate reaches 86%, which is higher than that of CNN, MLP and other models.
    Reference | Related Articles | Metrics
    Intelligent Fuzzy Testing Method Based on Sequence Generative Adversarial Networks
    Journal of Information Security Reserach    2024, 10 (6): 490-.  
    Abstract115)      PDF (2426KB)(158)       Save
    The increase in the number of vulnerabilities and the emergence of a large number of highly dangerous vulnerabilities, such as supercritical and highrisk ones, pose great challenges to the state of network security. As a mainstream security testing method, fuzz testing is widely used. Test case generation, as a core step, directly determines the quality of fuzz testing. However, traditional test case generation methods based on pregeneration, random generation, and mutation strategies face bottlenecks such as low coverage, high labor costs, and low quality. Generating highquality, highly available, and comprehensive test cases is a difficult problem in intelligent fuzz testing. To address this issue, this paper proposes an intelligent fuzz testing method based on the sequence generation adversarial network (SeqGAN) model. By combining the idea of reinforcement learning, the test case generation is abstracted as a learning and approximate generation problem for universally applicable variablelength discrete sequence data. Innovatively, a configurable embedding layer is added to the generator part to standardize the generation, and a reward function is designed from the dimensions of authenticity and diversity through dynamic weight adjustment. This ultimately achieves the goal of automatically and intelligently constructing a comprehensive, complete, and usable test case set for flexible and efficient intelligent fuzz testing. This paper verifies the proposed scheme from two aspects of effectiveness and universality. The average test case pass rate of over 95% and the average target defect detection rate of 10% under four different testing targets fully demonstrate the universality of the scheme. The 98% test case pass rate, 9% target defect detection rate, and the ability to generate 20000 usable test cases per unit time under four different schemes fully demonstrate the effectiveness of the scheme.
    Reference | Related Articles | Metrics
    A Network Intrusion Detection Model Integrating CNN-BiGRU and  Attention Mechanism
    Journal of Information Security Reserach    2024, 10 (3): 202-.  
    Abstract130)      PDF (2042KB)(151)       Save
    To enhance the feature extraction capabilities and classification accuracy of the network intrusion detection model, a network intrusion detection model integrating CNNBiGRU (Convolutional Neural NetworkBidirectional Gated Recurrent Unit) and attention mechanism is proposed. CNN is employed to effectively extract nonlinear features from traffic datasets,while BiGRU extracts timeseries features. The attention mechanism is then integrated to differentiate the importance of different types of traffic data through weighted means, thereby improvingthe overall performance of the model in feature extraction and classification. The experimental results indicate that the overall accuracy rate is 2.25% higher than that of the BiLSTM (Bidirectional Long ShortTerm Memory) model. Kfold crossvalidation results demonstrate that the proposed model's good generalization performance, avoiding the occurrence of overfitting phenomenon, and affirming its effectiveness and rationality.
    Reference | Related Articles | Metrics
    Governance of Data Security in Artificial Intelligence and Overview of Technology Development
    Journal of Information Security Research    2021, 7 (2): 110-119.  
    Abstract228)      PDF (1282KB)(374)       Save
    At present, with the substantial increase in computing power and the surge in the scale of data, artificial intelligence has developed rapidly and has become a leading technology with a "head goose" effect that is highly valued and developed by countries around the world. At the same time, as an important resource for the development of artificial intelligence, data has further highlighted its important value, but this has also triggered a series of concerns about data security and privacy protection. Data security has become an important bottleneck restricting the overall development of artificial intelligence and key challenges that urgently need to be overcome. At present, countries around the world attach great importance to the issue of data security in artificial intelligence, which is reflected in multiple aspects such as national strategies, laws and regulations, standards and guides, and technological development. This article comprehensively sorts out and compares the current situation of data security governance in artificial intelligence in various countries around the world, and summarizes the breakthrough progress in the current technical field to solve this issue, in order to provide a reference for data security governance in artificial intelligence in our country.
    Reference | Related Articles | Metrics
    Research on Content Detection Generated by Large Language Model  and the Mechanism of Bypassing
    Journal of Information Security Reserach    2023, 9 (6): 524-.  
    Abstract352)      PDF (1924KB)(265)       Save
    In recent years, there has been a surge in the development of large language models. AI robots like ChatGPT, although they have a largescale security confrontation mechanism inside, attackers can still elaborate questionandanswer patterns to bypass the mechanism, with their help to automatically produce phishing emails and carry out network attacks. In this case, how to identify the text generated by AI robots has also become a hot issue. In order to carry out LLMgenerated content detection experiment, our team collected a certain number of questionandanswer data samples from an Internet social platform and ChatGPT platform, and proposed a series of detection strategies according to different conditions of AI text availability. It includes text similarity analysis based on online controllable AI samples, text data mining based on statistical differences under offline conditions, adversarial analysis based on the LLM generation method under the condition that AI samples are not available, and AI model analysis based on building a classifier by finetuning the target LLM model itself. We calculated and compared the detection capabilities of the analysis engine in each case. On the other hand, we give some antikill techniques against AI text detection engines based on the characteristics of detection strategies, from the perspective of network attack and defense.
    Reference | Related Articles | Metrics
    Research on the Security Architecture of Artificial Intelligence  Computing Infrastructure
    Journal of Information Security Reserach    2024, 10 (2): 109-.  
    Abstract101)      PDF (1146KB)(143)       Save
    The artificial intelligence computing infrastructure is a crucial foundation for the development of artificial intelligence. However, due to its diverse attributes, complex nodes, large number of users, and vulnerability of artificial intelligence itself, the construction and operation of artificial intelligence computing infrastructure face severe security challenges. This article analyzes the connotation and security development background of artificial intelligence computing infrastructure, proposes a security architecture for artificial intelligence computing infrastructure from three aspects: strengthening its own security, ensuring operational security, and facilitating security compliance. It puts forward development suggestions aiming to provide methodological ideas for the security construction of artificial intelligence computing infrastructure, offer a basis for selection and use of safe artificial intelligence computing infrastructure, and provide decisionmaking reference for the healthy and sustainable development of the artificial intelligence industry.
    Reference | Related Articles | Metrics
    Journal of Information Security Research    2016, 2 (11): 969-971.  
    Abstract355)      PDF (726KB)(1025)       Save
    Related Articles | Metrics
    Journal of Information Security Reserach    2023, 9 (E2): 13-.  
    Abstract102)      PDF (1022KB)(142)       Save
    Reference | Related Articles | Metrics
    Key Technologies and Research Prospects of Privacy Computing
    Journal of Information Security Reserach    2023, 9 (8): 714-.  
    Abstract298)      PDF (1814KB)(213)       Save
    Privacy computing, as an important technical means taking into account both data circulation and privacy protection, can effectively break the “data island” barriers while ensuring data security, it enables open data sharing, and promotes the deep mining and use of data and crossdomain integration. In this paper, the background knowledge, basic concepts and architecture of privacy computing were introduced, the basic concepts of three key technologies of privacy computing, including secure multiparty computation, federated learning and trusted execution environment were elaborated, and studies on the existing privacy security was conducted, a multidimensional comparison and summarization of the differences of the three key technologies were made. On this basis, the future research direction of privacy computing is prospected from the technical integration of privacy computing with blockchain, deep learning and knowledge graph.
    Reference | Related Articles | Metrics
    Vulnerability Mining and Threat Detection
    Journal of Information Security Reserach    2023, 9 (10): 930-.  
    Abstract122)      PDF (510KB)(140)       Save
    Related Articles | Metrics
    To Create a Positive Cyberspace by Safeguarding Network Security with Active Immune Trusted Computing 3.0
    Journal of Information Security Research    2018, 4 (4): 282-302.  
    Abstract156)      PDF (2291KB)(690)       Save
    Related Articles | Metrics
    Towards a Privacy-preserving Research for AI and Blockchain Integration
    Journal of Information Security Reserach    2023, 9 (6): 557-.  
    Abstract325)      PDF (1307KB)(211)       Save
    With the widespread attention and application of artificial intelligence (AI) and blockchain technologies, privacy protection techniques arising from their integration are of notable significance. In addition to protecting the privacy of individuals, these techniques also guarantee the security and dependability of data. This paper initially presents an overview of AI and blockchain, summarizing their combination along with derived privacy protection technologies. It then explores specific application scenarios in data encryption, deidentification, multitier distributed ledgers, and kanonymity methods. Moreover, the paper evaluates five critical aspects of AIblockchainintegration privacy protection systems, including authorization management, access control, data protection, network security, and scalability. Furthermore, it analyzes the deficiencies and their actual cause, offering corresponding suggestions. This research also classifies and summarizes privacy protection techniques based on AIblockchain application scenarios and technical schemes. In conclusion, this paper outlines the future directions of privacy protection technologies emerging from AI and blockchain integration, including enhancing efficiency and security to achieve more comprehensive privacy protection of AI privacy.
    Reference | Related Articles | Metrics
    A Survey of Research on Network Attack Model
    Journal of Information Security Research    2020, 6 (12): 1058-1067.  
    Abstract920)      PDF (1774KB)(986)       Save
    With the rapid development of information technology, network attacks have gradually presented multi-stage, distributed and intelligent characteristics. Single firewalls, intrusion detection systems and other traditional network defense measures cannot well protect the network system security in an open environment. As a kind of attack scene representation from the attacker's perspective, the network attack model can comprehensively describe the network attack behavior in a complex and changeable environment, and is one of the commonly used network attack analysis and response tools. This paper first introduces the current main network attack models, including traditional trees, graphs, nets structure models and modern attack chains, ATT&CK, diamond models, etc. Then the analysis and application of network attack model will be explained. The analysis process for the purpose of solving the attack index mainly includes the probability framework, the assignment method and the solution method, and the application of the attack model based on the life cycle includes the application of the attackers and the defenders' perspective; Finally, the current challenges and future directions of the network attack model and its analysis and application are summarized.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2023, 9 (6): 498-.  
    Abstract288)      PDF (472KB)(351)       Save
    Related Articles | Metrics
    Legislative Thinking of Artificial Intelligence Law in the Era of  Generative Artificial Intelligence
    Journal of Information Security Reserach    2024, 10 (2): 103-.  
    Abstract130)      PDF (874KB)(132)       Save
    With the technological advancements and widespread adoption of Generative Artificial Intelligence (GAI), the structure of human society has undergone fundamental changes.The development of artificial intelligence technology has brought new risks and challenges. The “Interim Measures for the Management of Generative Artificial Intelligence Services” represents China’s latest exploration achievement in the field of GAI. It emphasizes the dual importance of development and security, advocates for innovation and governance in accordance with the law, and serves as a reference and inspiration for the ongoing legislative process of the Artificial Intelligence Law. Specifically, the Artificial Intelligence Law should consider the adoption of promoting legislative model, reduce the use of normative references in the legislative content, clarify the legislative approach of classification and grading, enhance  international exchanges and cooperation in artificial intelligence, and promote the positive use of science and technology by establishing a more scientific and reasonable toplevel design scheme.
    Reference | Related Articles | Metrics
    Data Security Governance Technology and Practice in Big Data Applications
    Journal of Information Security Reserach    2022, 8 (4): 326-.  
    Abstract524)      PDF (2139KB)(618)       Save
    The wide application of big data technology makes data burst into unprecedented value and vitality. However, due to the large amount of data, multiple data sources, and complex data access relationships, data security lacks refined and standardized management, and the importance of data security governance becomes increasingly prominent. By analyzing data security problems in existing big data applications and common pitfalls in data security governance, this paper puts forward the ideas, principles and methods of data security governance, and with classification and grading as the entry point, presents the technical architecture of data security governance. Finally, taking the big data platform as an example, presents the application practice of data security governance technology.
    Reference | Related Articles | Metrics
    VEDA, Establishing the AI Dynamic Defense System for Cyber Security
    Journal of Information Security Research    2017, 3 (12): 1058-1066.  
    Abstract283)      PDF (1526KB)(512)       Save
    Related Articles | Metrics
    Introduction to Software Security and Reliability Issue
    Sun Wei
    Journal of Information Security Research    2018, 4 (11): 974-976.  
    Abstract88)      PDF (781KB)(549)       Save
    Related Articles | Metrics
    Survey of Intelligent Vulnerability Mining and Cyberspace Threat Detection
    Journal of Information Security Reserach    2023, 9 (10): 932-.  
    Abstract117)      PDF (1093KB)(127)       Save
    At present, the threat of cyberspace is becoming more and more serious. A large number of studies have focused on cyberspace security defense techniques and systems. Vulnerability mining technique can be applied to detect and repair vulnerabilities in time before the occurrence of network attacks, reducing the risk of intrusion; while threat detection technique can be applied to threat detection during and after network attacks occur, which can detect threats in a timely manner and respond to them, reducing the harm and loss caused by intrusion. This paper analyzed and summarized the research on vulnerability mining and cyberspace threat detection based on intelligent methods. In the aspect of intelligent vulnerability mining, the current research progress is summarized from several application classifications combined with artificial intelligence technique, namely vulnerability patch identification, vulnerability prediction, code comparison and fuzz testing. In the aspect of cyberspace threat detection, the current research progress is summarized from the classification of information carriers involved in threat detection based on network traffic, host data, malicious files, and network threat intelligence.
    Reference | Related Articles | Metrics
    Research on Source Code Vulnerability Detection Based on BERT Model
    Journal of Information Security Reserach    2024, 10 (4): 294-.  
    Abstract94)      PDF (3199KB)(127)       Save
    Techniques such as code metrics, machine learning, and deep learning are commonly employed in source code vulnerability detection. However, these techniques have problems, such as their inability to retain the syntactic and semantic information of the source code and the requirement of extensive expert knowledge to define vulnerability features. To cope with the problems of existing techniques, this paper proposed a source code vulnerability detection model based on BERT(bidirectional encoder representations from transformers) model. The model splits the source code to be detected into multiple small samples, converted each small sample into the form of approximate natural language, realized the automatic extraction of vulnerability features in the source code through the BERT model, and then trained a vulnerability classifier with good performance to realize the detection of multiple types of vulnerabilities in Python language. The model achieved an average detection accuracy of 99.2%, precision of 97.2%, recall of 96.2%, and an F1 score of 96.7% across various vulnerability types. This represents a performance improvement of 2% to 14% over existing vulnerability detection methods. The experimental results showed that the model was a general, lightweight and scalable vulnerability detection method.
    Reference | Related Articles | Metrics
    Cracking the Hard Mathematical Problems of Cryptographic Algorithm
    Cui Chuanzhen
    Journal of Information Security Research    2015, 1 (1): 92-96.  
    Abstract283)      PDF (1027KB)(748)       Save
    Related Articles | Metrics
    “Internet +”Power: Overview of AsiaInfo Secruity’s Cyber Security
    Journal of Information Security Research    2016, 2 (8): 670-684.  
    Abstract327)      PDF (1873KB)(855)       Save
    Related Articles | Metrics
    “Internet +”Power: Overview of Westone Secruity’s Cyber Secruity
    Journal of Information Security Research    2016, 2 (10): 862-875.  
    Abstract208)      PDF (2788KB)(846)       Save
    Related Articles | Metrics