Table of Content

    15 April 2018, Volume 4 Issue 4
    To Create a Positive Cyberspace by Safeguarding Network Security with Active Immune Trusted Computing 3.0
    2018, 4(4):  282-302. 
    Asbtract ( )   PDF (2291KB) ( )  
    Related Articles | Metrics
    C3 Security Summit Focuses on the New Trends of Cyber Security in 2018
    2018, 4(4):  303-306. 
    Asbtract ( )   PDF (840KB) ( )  
    Related Articles | Metrics
    A Trusted QoS Evaluation Model Based on Service Perception
    2018, 4(4):  307-314. 
    Asbtract ( )   PDF (2106KB) ( )  
    References | Related Articles | Metrics
    Because of the advantages of efficient , data sharing easily , low requirements for terminal and extremely powerful , cloud computing has occupied an important position in the Internet resources . However , there exists potential safety hazards of the cloud computing restrict the cloud computing development. Nowadays , trust management is one of the hot and difficult spots in the academic research field of the cloud computing security . To solve the dynamism , security and uncertainty of the service resource in the cloud computing environment , the thesis studys and designs a feedback of QoS(Quality-of-Service) trust model based on the service aware theory. In this model , using the time factor of expression to decipt the decay characteristic of trust. To evaluate the trust relationship between users and service providers completely , the model thinks about the direct trust , the recommended trust and the QoS trust. What’s more , since the new joint node in the cloud computing environment , participates the service interaction with a specified probability , hense whitewashing is effectively confine to some extent. By introducing the information entropy and correlation in the evaluation of direct trust and recommended trust , the influence by the malicious review is significantly reduced. At last , simulation results show the trust model is scientific and accuracy.
    A Method Based on Wave Filtering to Evaluate the Intensity of Privacy Preserving on Social Network
    2018, 4(4):  315-321. 
    Asbtract ( )   PDF (1727KB) ( )  
    References | Related Articles | Metrics
    With the widespread popularity of social network platforms, privacy disclosure has become a focus when users share personal information. There is a lack of unified evaluation on the privacy preserving methods for noisy social network. From the perspective of privacy mining, we choose the wiener filtering of signal processing which can automatically suppress and eliminate noise on the neighbor graph, and without considering background knowledge. Then we propose a social network privacy preserving intensity evaluation model, and design a privacy protection intensity evaluation algorithm. To verify the feasibility of the algorithm, this paper uses statistical properties of the undirected graph to measure privacy preserving intensity. The experiments conducted also show that the evaluation method can filter out some noise in the neighbor graph, achieve the purpose of the privacy preserving intensity evaluation, and provide guidance for theoretical research on privacy preserving of social network.
    A Static Tagging Method of Malicious Code Family Based on Multi-Feature
    2018, 4(4):  322-328. 
    Asbtract ( )   PDF (1878KB) ( )  
    References | Related Articles | Metrics
    This paper describes a method of static tagging of malicious code family based on multiple features, it uses malicious code visualization technology to draw malicious code image, extracts feature from image source and text source, byte code layer and Operation code layer, it extract features from multiple sources and multi-level which aims at overcoming defects that only extract features from one source. In order to make better use of the features extracted from multiple levels, this paper designs a 3-layer multi-classifier joint framework for feature learning, and the 3-layer multi-classifier joint framework is divided into three parts, which are feature combination layer, classification layer and union layer. Finally, we can use the learning model to tag the malicious code automatically. In order to verify the validity of the method, we made the malicious code family tagging test experiment with 9 kinds of malicious code in Microsoft’s data set, and the experimental results show that our method has higher accuracy, precision, recall and F1-score which are more than 90% in other sample families except SIMDA malicious code family. The validity and reliability of the method are proved by experiments.
    Multi-Level Key Management Scheme for Multi-Level Removable Storage Devices
    2018, 4(4):  329-335. 
    Asbtract ( )   PDF (1403KB) ( )  
    References | Related Articles | Metrics
    Aiming at the key management problem of multi-level removable storage devices, a multi-level key management scheme is proposed based on the idea of the hierarchical key, which is able to satisfy the requirements of multi-level information secure interaction. The scheme constructs key relationship parameters among devices with different security levels based on the one-way hash function and the access control matrix. Besides, it designs a multi-level key derivation algorithm and a dynamic key update strategy. The analysis shows that this plan is simple and safe, and it enables the host to authorized access to the multi-level partition of the removable storage devices. In addition, the key management problem for multi-level removable storage devices can be effectively solved, which is of great significance for enhancing the security of multilevel information interaction.
    Chaotic Sequence Image Encryption Scheme Based on LFSR State Sequences
    2018, 4(4):  336-341. 
    Asbtract ( )   PDF (1518KB) ( )  
    References | Related Articles | Metrics
    An chaotic sequence image encryption scheme based on LFSR state sequences is proposed in this paper. Chaotic map initial value is produced by LFSR state sequences, chaotic sequences for image encryption are in a period. Continuous 128 b state sequences are produced by LFSR, The each 128 b state sequence is divided into four parts and changed into chaotic map initial values, the first initial value produce permutation chaotic sequence, the other initial values produce three image encryption chaotic sequences. Simulation indication: 128 b initial value makes algorithm key space enough big. Encryption key sequences are in a period which not only makes sure sequence random but also algorithm one-time pad. This scheme can encrypt batch images. All experimental results and security analysis show the efficiency of the proposed method.
    An Image and Video Protection Scheme Based on Android Kernel Extension
    2018, 4(4):  342-351. 
    Asbtract ( )   PDF (3060KB) ( )  
    References | Related Articles | Metrics
    As mobile security, especially data security, is gaining more and more attention; most mobile phone users protect their data with encryption. At present, Android system mainly protects the data through coarse-grained authority management mechanism and inefficient full-disk encryption technology, which can’t meet user's data security requirements. This paper analyzes the photos and video data in Android mobile phones and proposes a data protection scheme based on Android kernel extension. The difference with other existing research techniques is that our proposed solution solves the problem of abuse of device rights in Android system and data security in the process of storage, display and transmission of private data. This article tests data protection techniques based on Android kernel extensions on real cell phones. Experiments show that it is feasible to implement data protection by customizing the Android kernel on Android phones. Data protection based on the kernel increases the CPU work, but the burden is small. At the same time, the data protection technology proposed in this paper can also be extended to protect other devices and data such as Bluetooth, WIFI, text and voice recording, which is of great significance.
    Asymmetric Text-dependent Speaker Recognition using Wavelet and Supervector
    2018, 4(4):  352-358. 
    Asbtract ( )   PDF (1265KB) ( )  
    References | Related Articles | Metrics
    In the text-dependent speaker recognition, the content of training and testing speech samples are same. Because of those speeches are same, the traditional model cannot resist the attacking of synthetic voice. This paper proposed an asymmetric text-dependent speaker recognition model. In the model, the training speeches are open access, but the testing speeches are secret for public and only the user know them. In this way, testing speeches cannot be synthesized by attackers. For improving the recognition performance, this model combines the wavelet and supervector. The wavelet can effectively analyze the non-stationary signal such as speech signal, and the supervector can improve the discrimination between different feature vectors. The experimental result shown that the proposed model can improve the recognition accuracy compared with the traditional models and can resist the attacking from the synthetic voice.
    The Study of Defect Patterns Matching Based on Static Analysis
    2018, 4(4):  359-363. 
    Asbtract ( )   PDF (1162KB) ( )  
    References | Related Articles | Metrics
    The software defect mode is the model extracted according to the rules, and the summary of the defects that causes errors or improper running results due to some of the same reasons. Checking the defects by using defect patterns matching technology to the code is more efficient and accurate. We optimize the matching method based on the existing defect modes and methods. We can detect the overflow caused by misusing of increment and decrement through code replacement, and the inconformity of data type through the new regular expression matching statement. We make a check test with Cppcheck, and the experimental results verify the feasibility of the method.
    Based on DWT multi-model combined prediction of page views on the social networking site
    2018, 4(4):  364-368. 
    Asbtract ( )   PDF (1682KB) ( )  
    References | Related Articles | Metrics
    Because of the uncertainty of the change of the page views on the social networking site in local area network, in order to solve the problem of low prediction accuracy of it, we propose a prediction model combined multiple models based on discrete wavelet transformation(DWT).The model uses DWT to decompose the time series of social networking sites in local area network into two parts, one is the periodic components reflecting the general variation laws of the series and the other is the residual components reflecting the detail variation laws of the series, then use the gaussian process regression (GPR) and weighted nearest neighbors (WNN) separately to targeted predict. Through the collection of the data of the page views on the major social networking sites in local area network of the North University of China to experimental simulation. The result shows,compared to other models, the prediction accuracy of our model is further improved.
    Review and Research for Consensus Mechanism of Block Chain
    2018, 4(4):  369-379. 
    Asbtract ( )   PDF (2321KB) ( )  
    References | Related Articles | Metrics
    Blockchain is the core supporting technology of the digital cryptocurrency system represented by Bitcoin, which can bring profound changes to finance, economy, science and technology and even politics. It integrates distributed systems, cryptography, game theory and other disciplines have established a new type of trust model. As the core of the blockchain technology, the consensus mechanism plays an important role in maintaining the stable operation of the blockchain system and mutual trust between nodes. In recent years, with the hot of block chain technology, consensus algorithm has made considerable progress. This article first analyzes the application of the consensus mechanism and the problems to be solved by analyzing the core technology of the blockchain.Then we introduce consensus mechanism current representative and thoroughly analyzed it. We hope to provide ideas and lessons for the study of consensus mechanisms.
    Method on the Detection of Second-Order Vulnerability for PHP Applications
    2018, 4(4):  380-386. 
    Asbtract ( )   PDF (1233KB) ( )  
    References | Related Articles | Metrics
    Traditional vulnerability detection tools are used for detecting Web second-order vulnerability. However, the false positive rate is generally high. To solve this problem, the generation principle of second-order vulnerability was studied. A method of second-order vulnerability detection based on static analysis was proposed and the corresponding automation tool CodeAn was implemented. First, all the statements of creating table were extracted to rebuild the database structure using syntax analysis. Then, the control flow graph constructed by abstract syntax tree was used to analyze the data flow of the database read-write operation. With the analysis of sinks and sanitizers, the second-order Web vulnerability detection method of PHP applications was achieved.
    A Ransomware Testing Method Based on File Damage Degree
    2018, 4(4):  387-392. 
    Asbtract ( )   PDF (1005KB) ( )  
    References | Related Articles | Metrics
    In the dynamic detection engine, the current methods for detecting ransomware are mainly to set trap files and detect fingerprints or monitor system API operations. Neither of these methods can accurately distinguish between ransomware and other types of malicious code. In order to improve its detection accuracy, this paper proposes the concept of file damage degree. On the basis of dynamic analysis, the paper makes a multi-dimensional inspection on the changes of files through fuzzy hashing and similarity algorithm to calculate the current file's damage degree quantitatively, which reflects the degree of threat to the current system through the file damage degree to determine whether the sample is ransomware.