Loading...
Toggle navigation
Home
About
About Journal
Editorial Board
Author Center
Current Issue
Just Accepted
Archive
Most Read Articles
Most Download Articles
Most Cited Articles
E-mail Alert
RSS
Reader Center
Online Submission
Manuscript Tracking
Instruction
Download
Review Center
Peer Review
Office Work
Editor-in-Chief
Subscription
Contact Us
中文
Table of Content
15 February 2017, Volume 3 Issue 2
Previous Issue
Next Issue
Venustech’s Continuous Construction of the Information Security Ecological Chain — Analyze the Information and Cyber Security Strategy of Venustech
2017, 3(2): 98-115.
Asbtract
(
)
PDF
(3877KB) (
)
Related Articles
|
Metrics
Analysis of Information Security Vulnerabilities and Penetration Attack Based on Social Engineering
2017, 3(2): 116-122.
Asbtract
(
)
PDF
(5294KB) (
)
References
|
Related Articles
|
Metrics
In recent years, the hackers took disadvantages of people (that is the social engineering methods) to implement network attack, which shows the tendency of rising flood even. According to these security problems, for example, wechat is analyzed by using social engineering method, which can simulate the infiltration attack, explain in detail the fraud process, and realize some core technology including the silent installation and SMS remote control. Experiments simulate and prove the whole process of stealing or cheating the users property by the principle of social engineering. It provides the basis for the research on the prevention and installation of silence. At the same time, it reminds the users to guard against the occurrence of privacy leaks and prevent penetration attacks.
Research of Identifying Web Vulnerability Scanner Based on Finite State Machine
2017, 3(2): 123-128.
Asbtract
(
)
PDF
(4048KB) (
)
References
|
Related Articles
|
Metrics
The traditional keywordbased method to identify Web vulnerability scanner is easy to be cheated by attackers. Aiming at this problem, a new recognition method based on Finitestate machine is proposed. The scanning data of the attacker is processed and the recognition model could be constructed using the scan behavior of scanners as transition conditions. The model state transition process is abstracted as multidimensional vector, and then the cosine similarity formula is used to calculate the similarity. Combined with the set threshold, the type of scanner can be determined.The experimental results show that the identification method based on finite state machine can identify the scanner more effectively when the attackers intentionally masquerade.
A Survey of USB HID Attack and Defense Technology
2017, 3(2): 129-138.
Asbtract
(
)
PDF
(8524KB) (
)
References
|
Related Articles
|
Metrics
A novel USB attack technology called USB HID attack is emerging, which is an attack using USB HID protocol vulnerabilities. This technology will hide malicious code in the chip firmware, so that it cannot be detected by existing antivirus software and intrusion detection systems. It has been a serious threat to the security of users privacy due to rapid spread and extreme destruction. This paper analyzes the principle of this attack technology from USB protocol level, and summarizes the development of this technology since its emergence. Moreover, this paper compares the advantages and disadvantages of the existing protection technology. Finally, this paper discusses how the future security system deals with malicious hardware.
Research on Android Application Permission Monitor
2017, 3(2): 139-144.
Asbtract
(
)
PDF
(4793KB) (
)
References
|
Related Articles
|
Metrics
With the rapid rise of mobile Internet in recent years, smart phones, especially based on Android system, also developed rapidly. The issues of Android system become increasingly prominent. Though Android system provides a relatively complete security mechanism, its “AllOrNone” application authorization mode, as well as the permission management mode in which users cannot change their permissions after the application is installed, exists security risks. Therefore, this paper proposed a method based on the static permission analysis and code injection method, to achieve the target for realtime monitoring of sensitive permission. Experiments show that this method can effectively monitor the use of permissions.
Semantics Based Webshell Detection Method Research
2017, 3(2): 145-150.
Asbtract
(
)
PDF
(4585KB) (
)
References
|
Related Articles
|
Metrics
A semanticsbased Webshell detection method was proposed. This method obtained the code behavior and related dependencies by syntax analysis of the file, and achieved semantic understanding to complete the Webshell detection by the risk model. A critical abstract syntax subtree extraction method which can reject irrelevant factor and get the malicious behavior occurrence point was proposed. The description of behavior in risk model database was defined with BackusNaur Form, finally a smooth risk value curve could be obtained by graph matching algorithm, which can finish the criticality assessment of the file and can get a better result by adjusting the threshold A webshell detection system based on that detection method was designed and finished, the experimental results have demonstrated that the SemanticsBased method was effective in Webshell detection.
A Review on Security Ontology: Document Analysis from 2010 to 2016
2017, 3(2): 151-159.
Asbtract
(
)
PDF
(6880KB) (
)
References
|
Related Articles
|
Metrics
The advantages of structured information security ontology, like formal description, semantic network modeling, behavior pattern recognition and matching, made it as a new research method of information security and gained a lot of attention from researchers. To clarify its research status and development trend, we made a bibliometric analysis of 158 articles about information security ontology published in journals and conferences between 2010 and 2016 both in domestic and abroad from the perspectives of publication year, distribution of journals and conferences, research directions, and research levels. Research hotspots, depth, and blanks of information security ontology are analyzed. The results show that the research on security ontology has a rising trend recently, security ontology involves many disciplines, especially computer and information science, and the traditional fields of information security ontology developed rapidly. Meanwhile, there are still some research gaps in the emerging research areas, particularly in the field of application and practice.
Improvement of AntColony Text Clustering Algorithm Based on “Intelligent Information Center”
2017, 3(2): 160-165.
Asbtract
(
)
PDF
(4272KB) (
)
References
|
Related Articles
|
Metrics
Text clustering analysis is one of the commonly used methods in network information collection. As a selforganization, parallel clustering algorithm, antcolony clustering algorithm is widely used in clustering analysis. Aiming at avoiding the shortcomings of traditional antcolony clustering algorithm, such as lack of purpose, randomness and so on, a new improvement scheme is proposed. The “intelligent information center” mechanism is established, which owns some characters of dynamic global control of antcolony clustering process, enhancing the purpose of ants action, reducing the randomness. As a result, the proposed method can be utilized to improve the efficiency of the algorithm. Further, the purpose of optimizing the clustering algorithm is achieved by optimizing the parameters of the algorithm.
Research on the Sentiment Analysis Model of Product Reviews Based on Machine Learning
2017, 3(2): 166-170.
Asbtract
(
)
PDF
(3979KB) (
)
References
|
Related Articles
|
Metrics
Online product reviews have become the primary means to enable people to explain their own views on a particular commodity. And, the research on the sentiment analysis model owns values in both business and academic areas. Discussing on several machine learning models for sentiments analysis, using enlarged emotional dictionaries, and describing full machine learning procedures, this paper proposes a set of sentiment analysis model for the sentiment analysis on the catering industry. Then, this paper discusses some classify algorithms, such as Naive Bayes and C45, and gives detailed discussions about effects of different models based on various evaluation methods. The experimental results show that the proposed model gives full play to emotion dictionary efficiency, and is more suited to judge customer emotional tendencies.
A Network Security Protection Research for Industrial Control System
2017, 3(2): 171-176.
Asbtract
(
)
PDF
(5018KB) (
)
References
|
Related Articles
|
Metrics
Industrial control System (ICS) is the core of all kinds of infrastructure, industrial control systems are composed of automation control components and realtime data acquisition and monitoring process control components together, which can ensure that the Industrial infrastructure to run automatically, process control and monitoring of business process. Applications or system in industrial network failure will result in casualties and serious economic losses, destroying infrastructure, endangering public life and national security, environmental disasters and other serious consequences. Information security protection concept has experienced a series of the development process, meanwhile a new generation of APT attacks represented named Havex make protective measure from the simple isolation by means of terminal security protection and defense in depth of the border security, to the intrinsic safety in industrial control system as the main characteristics of the sustainability of the defense system stage, not only requires covering different defense levels, together using a variety of technology, but also holds the ability to find hidden trouble, manage threats, predict threat, and take the initiative to repair. Focus on the difficulties of the industrial control system security protection, adopt a kind of security model of 4+1, and puts forward a control system for industrial technology related to an entire network system protection.
Research and Practice on Network Security Assurance of Important Activities
2017, 3(2): 177-181.
Asbtract
(
)
PDF
(3790KB) (
)
References
|
Related Articles
|
Metrics
Network and information system has become the necessary infrastructure and guarantee of important activities, network security directly affects whether the important activities can be held successfully, which is payed high attention by the organizers and related network security departments. The research on the objectives, characteristics and framework of the important activity network security assurance, and proved by practice and improvement in the actual work, has formed the network security assurance method combining products and services, engineering implementation and security maintenance. It provides a reference for the network security protection of the important activities and critical information infrastructures.
Research on the Legislation of Data Localization
2017, 3(2): 182-187.
Asbtract
(
)
PDF
(5587KB) (
)
References
|
Related Articles
|
Metrics
Under the current international situation, the research on whether the data should be localized legislation and the application of the specific provisions of the legislation has become a hot topic of discussion nowadays. In November 2016, the Cyber Security Law was adopted and it has established a principle to the legislation of data localization which is “the data should be stored locally under normal circumstances, but except the safety assessment if the data must be transmitted across borders”. However, there are many complex challenges to apply the principle. On the basis of fully demonstrating the legitimacy of data localization legislation, this thesis also put forward some ideas on the reasonable definition of the “privacy information”. Simultaneously, when it comes to the safety assessment, the assessment standards should put forward according to changing circumstances and local conditions, and to the data which was easily affected by time, it should be evaluated by the guidelines of “leniency assessment” and “priority assessment” for realizing the trade and the data value timely. At last this thesis put forward some thoughts and references for the implementation of the Cyber Security Law.
Research on the Structural Security of Private Cloud in Government and Enterprise
2017, 3(2): 188-192.
Asbtract
(
)
PDF
(1236KB) (
)
Related Articles
|
Metrics
Author Center
Online Submission
Instruction
Template
Copyright Agreement
Review Center
Peer Review
Editor Work
Editor-in-Chief
Office Work
