Table of Content

    15 February 2019, Volume 5 Issue 2
    Study on the Development of Network Security Industry in 2018
    2019, 5(2):  98-104. 
    Asbtract ( )   PDF (2231KB) ( )  
    Related Articles | Metrics
    Malware Detection Based on Family Behavior Frequent Subgraph Mining
    2019, 5(2):  105-113. 
    Asbtract ( )   PDF (2060KB) ( )  
    References | Related Articles | Metrics
    In graph-based malware detection methods, we must build a behavior dependency graph for each known malware, therefore the number of behavior graphs is huge and the matching process is time-consuming, therefore, they are difficult to apply in practice. To solve this issue, we propose a malware detection method based on frequent subgraphs mining of malware family behavior. First, we use a dynamic taint analysis technique to mark the system call parameters with taint tags. Second, we build the system API call relational file by tracing the propagation of the taint data, and the behavior dependency graph of a single sample is then generated. we propose an algorithm to extract the behavior frequent subgraphs, which is used to represent the behavioral features of a malware family. Finally, compared with traditional malware detection methods based on API call sequence and single malware behavior dependency graphs, the detection effect of our method is not affected by code obfuscation technology, reduces the amount of behavior dependency graphs without losing the malicious behavior features and has a high detection rate and a high positive rate.
    Research on Information Security Web Hijacking and Traffic Hijacking Legal Governance
    2019, 5(2):  114-129. 
    Asbtract ( )   PDF (2629KB) ( )  
    References | Related Articles | Metrics
    Cybersecurity is related to the long-term ruling of the party. It is related to the long-term stability of the country and the economic and social development and the vital interests of the people. General Secretary Xi Jinping emphasizes that there is no national security without cybersecurity, and there is no modernization without informatization. Data security and personal privacy have been challenged as never before, and a variety of novel attack technologies are emerging. Various hijackers of operators, frequent advertisement popups, access to specific Websites were redirected to illegal Websites, common Web pages were tampered with, input method pop-up advertisements, WiFi sharing hijackings, network “crawlers”, Web “fishing”, “human flesh” search, reflection and amplification hijacking, etc., may be related to Web hijacking or traffic hijacking (Web hijacking is not the same as traffic hijacking, but this article intends to use the concept of Web hijacking instead of both). Whether it is Web hijacking or traffic hijacking, its essence is the control of data (user's own data, data that users need to access and data in transit); by controlling the flow of data, huge property benefits can be obtained. How to define the legitimacy of data control behavior, control the boundaries of behavior, what path is needed for effective governance, and who needs to take responsibility and assume responsibility; this paper intends to address the security issues involved in DNS (Internet core system) HTTP hijacking attempts to analyze the two types of behaviors, whether users or Web application service providers, from both technical and legal levels, trying to propose some solutions from a legal perspective (for civil infringement and breach of contract, criminal offences and public interest litigation). The nature of hijacking believes that it is still a data security issue. How can we better protect our data security and personal privacy? This is related to national security and requires the high attention and participation of our entire society. Inappropriate, please axe.
    Research on the Types of Cyber Terrorism
    2019, 5(2):  130-134. 
    Asbtract ( )   PDF (1276KB) ( )  
    References | Related Articles | Metrics
    The development of network technology and the global application provides the prerequisite for the formation of cyber terrorism, this paper summarizes the types of cyber terrorism, provides some references for understanding and governing cyber terrorism. Firstly, the concept and causes of cyber terrorism are briefly described, and then the types of cyber terrorism are summarized in detail. Cyber terrorism is roughly divided into two categories, one is that terrorist organizations use network as the tool of terrorist activities, including using the Internet to propagate, beautify and legalize the thought of terrorism, conducting exchanges and teaching of terrorist attack technology, recruiting personnel, raising funds, building internal contacts and planning terrorist activities terrorist attacks through internet etc. Second, it shows that terrorist organizations treat the internet as an object of attack, attacking the key infrastructure related to the internet. All these will have immeasurable consequences for the economic development and social order of all countries.
    Research on Safety Technology Protection of “Eternal Blue” Variant Mining Worm WannaMine
    2019, 5(2):  135-144. 
    Asbtract ( )   PDF (3859KB) ( )  
    References | Related Articles | Metrics
    With the continuous advancement of information construction in China, information technology has been widely used in various fields of office and production. The rapid spread of information technology has promoted the economic development and technological innovation of enterprises as well as the outstanding network security issues. The network security threat is gradually being affected by the enterprises Internet side and destroying the internal office network, scientific research production network and industrial control system. Among them, the degree of harm of viruses and Trojans has increased geometrically in recent years. This article will use the enterprise LAN to find the “Eternal Blue” variant mining worm WannaMine as an example, by expounding the spread and infection of the virus, analyzing its attack path and attack characteristics, using the technical means of operating system security reinforcement, combined with the actual work, a semiautomatic killing method for scripts is proposed. By verifying the effectiveness of the method, it provides reference for the safe operation and maintenance personnel to carry out the killing work, and puts forward some suggestions for the defense measures taken by the enterprise in response to the internal LAN security threat.
    An Improved Feedback Fuzz Testing Method Based on Dynamic Taint Analysis
    2019, 5(2):  145-151. 
    Asbtract ( )   PDF (1996KB) ( )  
    References | Related Articles | Metrics
    The traditional feedback fuzz testing method needs to mutate all the bytes of the original input data when generating test cases, and generates a large number of invalid test cases. This paper proposes an improved method for this shortcoming. Firstly, using the dynamic taint analysis technology to construct the mapping relationship between the input data and the program variable according to the program data flow information. The bytes of the input data are aggregated into fields based on taint diffuse path and fields are classified into three classes: code coverage related, dangerous operation related and harmless fields, depending on whether influence branch judgment condition or dangerous operation parameter. Then, encode code coverage related fields into gene and execute choose and mutate process of genetic algorithm, and then assign boundary values to dangerous operation related fields to generate a new test case. The experiment proves that the proposed method has improvement in new path discovery and triggering program crash compared with the traditional feedback fuzzy test method.
    Network Intrusion Detection System Model Based on LightGBM
    2019, 5(2):  152-156. 
    Asbtract ( )   PDF (1277KB) ( )  
    References | Related Articles | Metrics
    Intrusion detection system (IDS) is one class of network security device which can discovered suspected intrusion and take corresponding measures for captured traffic which is suspected of intrusion. The existing IDS is usually based on traditional machine learning or simple deep learning algorithms. However, these are too slow in training phase and has not achieved the expected detetion rate.Under these circumstances, this paper proposes a network IDS based on LightGBM. This algorithm can sample the datas and features, which are much less computationally intensive. In this experiment, the accuracy rate reached 94.7% and the training time was shortened to 422 seconds with KDD99 dataset. The experimental results show that LightGBM is at least ten times faster than the common algorithm in training phase, while the accuracy rate ishigher than the existing algorithms.
    Construction Method of View Disk for CDP System
    2019, 5(2):  157-161. 
    Asbtract ( )   PDF (1448KB) ( )  
    References | Related Articles | Metrics
    In the traditional blocklevel continuous data protection (CDP) system, once the recovery task at a certain point in time has been completed, the data state of the protected disk at the current time is completely covered. The current work can continue which means that the protected disk must be restored to the latest state again. Aiming at the problem of “oneview, tworecovery” of the traditional CDP system recovery function, a log disk partitioning technology and a metadata hierarchical multilevel indexing technology are proposed. The metadata and the changed data are respectively stored in different areas of the log disk, and the metadata block and the variable data block are organized by using the B+ tree and the improved B+ tree to form a hierarchical multilevel index of the metadata, and any point in the past will be used. The data is mounted to a virtual disk for user viewing. It has been proved by experiments that the method provides users with data at any point in time without affecting the current data state of the protected disk, which simplifies operations of users and reduces their time consumption.
    Semi-Fragile Watermarking Algorithm Based on DWT with Tamper Localization
    2019, 5(2):  162-167. 
    Asbtract ( )   PDF (2261KB) ( )  
    References | Related Articles | Metrics
    Semi-fragile watermarking has attracted much attention because of its important role in multimedia content authentication. In order to distinguish accidental attacks and malicious tampering, semi-fragile watermarks must have the robustness to process general content protection and image manipulation. After JPEG compression, most of the size relationships between the high-frequency coefficients of adjacent wavelets of an image have no changes. According to this fact, this paper proposes a new semi-fragile watermarking algorithm based on DWT transform with tamper localization. The watermark is embedded according to the size relationship between the high-frequency coefficients of the adjacent wavelets of the image. The results of simulation experiments show that the algorithm has large embedded capacity and good anti-JPEG compression performance. At the same time, the positioning for malicious tampering is also very accurate.
    Application of Network Security Situational Awareness Platform Based on Big Data in the Field of Private Network
    2019, 5(2):  168-175. 
    Asbtract ( )   PDF (1678KB) ( )  
    References | Related Articles | Metrics
    In order to improve the information security defense capability of the private network, the institutions with private network pay more and more attention to the information network security situational perception technology to realize the prediction and prevention of security events. Based on the brief introduction of situational awareness and related technologies, this paper puts forward a set of applicable network security situational awareness functional architecture targeting industryspecific network needs. This paper details the functional elements contained in each system from the functional level, which would provide reference for relevant institutions to build a network security situational awareness platforms.
    Architecture and Implementation of Electronic Record Identity System
    2019, 5(2):  176-182. 
    Asbtract ( )   PDF (3480KB) ( )  
    References | Related Articles | Metrics
    Large amount of electronic record is produced during the running of information system. In order to respond to the strategy of promoting e-record management and electronic license, and to meet the requirements of “unified management, full management, standardization, security and confidentiality”, it is necessary to promote the landing of e-record identity technology in practical projects. This paper present an architecture of e-record identity, and introduce the key technology concerning it. This paper describes the functions and core components of the system, discuss the deployment in different environments, and analyze the application of the system in different scenarios in the future. The realization of the system comprehensively adopts the domestic cipher algorithm, and it is deployed and applied in the actual project. It has achieved our expectation and proved the advanced and practicality of the e-record identity technology.
    Building a “SixinOne” Internet Security Ecosystem
    2019, 5(2):  183-184. 
    Asbtract ( )   PDF (869KB) ( )  
    Related Articles | Metrics