Loading...
Toggle navigation
Home
About
About Journal
Editorial Board
Author Center
Current Issue
Just Accepted
Archive
Most Read Articles
Most Download Articles
Most Cited Articles
E-mail Alert
RSS
Reader Center
Online Submission
Manuscript Tracking
Instruction
Download
Review Center
Peer Review
Office Work
Editor-in-Chief
Subscription
Contact Us
中文
Table of Content
15 February 2019, Volume 5 Issue 2
Previous Issue
Next Issue
Study on the Development of Network Security Industry in 2018
2019, 5(2): 98-104.
Asbtract
(
)
PDF
(2231KB) (
)
Related Articles
|
Metrics
Malware Detection Based on Family Behavior Frequent Subgraph Mining
2019, 5(2): 105-113.
Asbtract
(
)
PDF
(2060KB) (
)
References
|
Related Articles
|
Metrics
In graph-based malware detection methods, we must build a behavior dependency graph for each known malware, therefore the number of behavior graphs is huge and the matching process is time-consuming, therefore, they are difficult to apply in practice. To solve this issue, we propose a malware detection method based on frequent subgraphs mining of malware family behavior. First, we use a dynamic taint analysis technique to mark the system call parameters with taint tags. Second, we build the system API call relational file by tracing the propagation of the taint data, and the behavior dependency graph of a single sample is then generated. we propose an algorithm to extract the behavior frequent subgraphs, which is used to represent the behavioral features of a malware family. Finally, compared with traditional malware detection methods based on API call sequence and single malware behavior dependency graphs, the detection effect of our method is not affected by code obfuscation technology, reduces the amount of behavior dependency graphs without losing the malicious behavior features and has a high detection rate and a high positive rate.
Research on Information Security Web Hijacking and Traffic Hijacking Legal Governance
2019, 5(2): 114-129.
Asbtract
(
)
PDF
(2629KB) (
)
References
|
Related Articles
|
Metrics
Cybersecurity is related to the long-term ruling of the party. It is related to the long-term stability of the country and the economic and social development and the vital interests of the people. General Secretary Xi Jinping emphasizes that there is no national security without cybersecurity, and there is no modernization without informatization. Data security and personal privacy have been challenged as never before, and a variety of novel attack technologies are emerging. Various hijackers of operators, frequent advertisement popups, access to specific Websites were redirected to illegal Websites, common Web pages were tampered with, input method pop-up advertisements, WiFi sharing hijackings, network “crawlers”, Web “fishing”, “human flesh” search, reflection and amplification hijacking, etc., may be related to Web hijacking or traffic hijacking (Web hijacking is not the same as traffic hijacking, but this article intends to use the concept of Web hijacking instead of both). Whether it is Web hijacking or traffic hijacking, its essence is the control of data (user's own data, data that users need to access and data in transit); by controlling the flow of data, huge property benefits can be obtained. How to define the legitimacy of data control behavior, control the boundaries of behavior, what path is needed for effective governance, and who needs to take responsibility and assume responsibility; this paper intends to address the security issues involved in DNS (Internet core system) HTTP hijacking attempts to analyze the two types of behaviors, whether users or Web application service providers, from both technical and legal levels, trying to propose some solutions from a legal perspective (for civil infringement and breach of contract, criminal offences and public interest litigation). The nature of hijacking believes that it is still a data security issue. How can we better protect our data security and personal privacy? This is related to national security and requires the high attention and participation of our entire society. Inappropriate, please axe.
Research on the Types of Cyber Terrorism
2019, 5(2): 130-134.
Asbtract
(
)
PDF
(1276KB) (
)
References
|
Related Articles
|
Metrics
The development of network technology and the global application provides the prerequisite for the formation of cyber terrorism, this paper summarizes the types of cyber terrorism, provides some references for understanding and governing cyber terrorism. Firstly, the concept and causes of cyber terrorism are briefly described, and then the types of cyber terrorism are summarized in detail. Cyber terrorism is roughly divided into two categories, one is that terrorist organizations use network as the tool of terrorist activities, including using the Internet to propagate, beautify and legalize the thought of terrorism, conducting exchanges and teaching of terrorist attack technology, recruiting personnel, raising funds, building internal contacts and planning terrorist activities terrorist attacks through internet etc. Second, it shows that terrorist organizations treat the internet as an object of attack, attacking the key infrastructure related to the internet. All these will have immeasurable consequences for the economic development and social order of all countries.
Research on Safety Technology Protection of “Eternal Blue” Variant Mining Worm WannaMine
2019, 5(2): 135-144.
Asbtract
(
)
PDF
(3859KB) (
)
References
|
Related Articles
|
Metrics
With the continuous advancement of information construction in China, information technology has been widely used in various fields of office and production. The rapid spread of information technology has promoted the economic development and technological innovation of enterprises as well as the outstanding network security issues. The network security threat is gradually being affected by the enterprises Internet side and destroying the internal office network, scientific research production network and industrial control system. Among them, the degree of harm of viruses and Trojans has increased geometrically in recent years. This article will use the enterprise LAN to find the “Eternal Blue” variant mining worm WannaMine as an example, by expounding the spread and infection of the virus, analyzing its attack path and attack characteristics, using the technical means of operating system security reinforcement, combined with the actual work, a semiautomatic killing method for scripts is proposed. By verifying the effectiveness of the method, it provides reference for the safe operation and maintenance personnel to carry out the killing work, and puts forward some suggestions for the defense measures taken by the enterprise in response to the internal LAN security threat.
An Improved Feedback Fuzz Testing Method Based on Dynamic Taint Analysis
2019, 5(2): 145-151.
Asbtract
(
)
PDF
(1996KB) (
)
References
|
Related Articles
|
Metrics
The traditional feedback fuzz testing method needs to mutate all the bytes of the original input data when generating test cases, and generates a large number of invalid test cases. This paper proposes an improved method for this shortcoming. Firstly, using the dynamic taint analysis technology to construct the mapping relationship between the input data and the program variable according to the program data flow information. The bytes of the input data are aggregated into fields based on taint diffuse path and fields are classified into three classes: code coverage related, dangerous operation related and harmless fields, depending on whether influence branch judgment condition or dangerous operation parameter. Then, encode code coverage related fields into gene and execute choose and mutate process of genetic algorithm, and then assign boundary values to dangerous operation related fields to generate a new test case. The experiment proves that the proposed method has improvement in new path discovery and triggering program crash compared with the traditional feedback fuzzy test method.
Network Intrusion Detection System Model Based on LightGBM
2019, 5(2): 152-156.
Asbtract
(
)
PDF
(1277KB) (
)
References
|
Related Articles
|
Metrics
Intrusion detection system (IDS) is one class of network security device which can discovered suspected intrusion and take corresponding measures for captured traffic which is suspected of intrusion. The existing IDS is usually based on traditional machine learning or simple deep learning algorithms. However, these are too slow in training phase and has not achieved the expected detetion rate.Under these circumstances, this paper proposes a network IDS based on LightGBM. This algorithm can sample the datas and features, which are much less computationally intensive. In this experiment, the accuracy rate reached 94.7% and the training time was shortened to 422 seconds with KDD99 dataset. The experimental results show that LightGBM is at least ten times faster than the common algorithm in training phase, while the accuracy rate ishigher than the existing algorithms.
Construction Method of View Disk for CDP System
2019, 5(2): 157-161.
Asbtract
(
)
PDF
(1448KB) (
)
References
|
Related Articles
|
Metrics
In the traditional blocklevel continuous data protection (CDP) system, once the recovery task at a certain point in time has been completed, the data state of the protected disk at the current time is completely covered. The current work can continue which means that the protected disk must be restored to the latest state again. Aiming at the problem of “oneview, tworecovery” of the traditional CDP system recovery function, a log disk partitioning technology and a metadata hierarchical multilevel indexing technology are proposed. The metadata and the changed data are respectively stored in different areas of the log disk, and the metadata block and the variable data block are organized by using the B+ tree and the improved B+ tree to form a hierarchical multilevel index of the metadata, and any point in the past will be used. The data is mounted to a virtual disk for user viewing. It has been proved by experiments that the method provides users with data at any point in time without affecting the current data state of the protected disk, which simplifies operations of users and reduces their time consumption.
Semi-Fragile Watermarking Algorithm Based on DWT with Tamper Localization
2019, 5(2): 162-167.
Asbtract
(
)
PDF
(2261KB) (
)
References
|
Related Articles
|
Metrics
Semi-fragile watermarking has attracted much attention because of its important role in multimedia content authentication. In order to distinguish accidental attacks and malicious tampering, semi-fragile watermarks must have the robustness to process general content protection and image manipulation. After JPEG compression, most of the size relationships between the high-frequency coefficients of adjacent wavelets of an image have no changes. According to this fact, this paper proposes a new semi-fragile watermarking algorithm based on DWT transform with tamper localization. The watermark is embedded according to the size relationship between the high-frequency coefficients of the adjacent wavelets of the image. The results of simulation experiments show that the algorithm has large embedded capacity and good anti-JPEG compression performance. At the same time, the positioning for malicious tampering is also very accurate.
Application of Network Security Situational Awareness Platform Based on Big Data in the Field of Private Network
2019, 5(2): 168-175.
Asbtract
(
)
PDF
(1678KB) (
)
References
|
Related Articles
|
Metrics
In order to improve the information security defense capability of the private network, the institutions with private network pay more and more attention to the information network security situational perception technology to realize the prediction and prevention of security events. Based on the brief introduction of situational awareness and related technologies, this paper puts forward a set of applicable network security situational awareness functional architecture targeting industryspecific network needs. This paper details the functional elements contained in each system from the functional level, which would provide reference for relevant institutions to build a network security situational awareness platforms.
Architecture and Implementation of Electronic Record Identity System
2019, 5(2): 176-182.
Asbtract
(
)
PDF
(3480KB) (
)
References
|
Related Articles
|
Metrics
Large amount of electronic record is produced during the running of information system. In order to respond to the strategy of promoting e-record management and electronic license, and to meet the requirements of “unified management, full management, standardization, security and confidentiality”, it is necessary to promote the landing of e-record identity technology in practical projects. This paper present an architecture of e-record identity, and introduce the key technology concerning it. This paper describes the functions and core components of the system, discuss the deployment in different environments, and analyze the application of the system in different scenarios in the future. The realization of the system comprehensively adopts the domestic cipher algorithm, and it is deployed and applied in the actual project. It has achieved our expectation and proved the advanced and practicality of the e-record identity technology.
Building a “SixinOne” Internet Security Ecosystem
2019, 5(2): 183-184.
Asbtract
(
)
PDF
(869KB) (
)
Related Articles
|
Metrics
Author Center
Online Submission
Instruction
Template
Copyright Agreement
Review Center
Peer Review
Editor Work
Editor-in-Chief
Office Work