Journal of Information Security Reserach

DBAPPSecurity：Support Security China, Boost Digital Economy

2019, 5(4): 274-281.

Asbtract ( )

PDF (3884KB) ( )

Related Articles | Metrics

Cloud Computing Security Model and Architecture Research

2019, 5(4): 287-292.

Asbtract ( )

PDF (2874KB) ( )

References | Related Articles | Metrics

Cloud computing is considered to be the fourth IT revolution after large computers, personal computers, and the Internet. Cloud computing technology provides flexible and scalable computing capabilities for many new technologies and applications such as big data, Internet of Things, industrial Internet of things, and AI artificial intelligence. Compared with traditional information systems, cloud computing has its own characteristics and particularities, and it will bring some new security risks and problems. How to ensure cloud computing security has become a difficult problem for security personnel. This paper analyzes the security risks faced by cloud computing at this stage, analyzes the current mature cloud security models at home and abroad, and finally designs a technical architecture to ensure cloud computing security for cloud security related personnel.

Research on Performance Evaluation Method of Anonymization Privacy Preservation Technologies

2019, 5(4): 293-297.

Asbtract ( )

PDF (1363KB) ( )

References | Related Articles | Metrics

Information security and privacy disclosure become more and more serious in the applications of Internet of things (IoT), which need perfect information security architecture and privacy protection mechanism. There are so many types of anonymization technologies for privacy preserving, but how to evaluate their performance from a quantitative perspective is an important and meaningful research direction. In this paper, based on the analysis and comparison of distance and similarity, several metrics are surveyed. In the following, we use the divergence function to measure the difference between two probability distributions. In the end, we evaluate our method on the Adult dataset from UCI machine learning repository and the result shows the comparison figure of privacy gain and data utility among three commonlyused anonymization privacy preservation technologies.

Research on Webshell Detection Method Based on Logistic Regression Algorithm

2019, 5(4): 298-302.

Asbtract ( )

PDF (1096KB) ( )

References | Related Articles | Metrics

Webshell is a commonly used tool for hackers to carry out network intrusion. It has the characteristics of high concealment and great power. The existing Webshell detection method has high detection accuracy when detecting known Webshell, but the detection accuracy is very low in the face of complex and flexible unknown and variant Webshell. In response to this problem, this paper discusses the characteristics and working principle of Webshell, analyzes the difference between Webshell and the traditional Webshell using obfuscated encryption coding technology, and proposes a Webshell machine learning detection model based on logistic regression algorithm. The model can effectively detect the confusingly coded Webshell, reduce the false positive rate and improve the detection accuracy.

Research on Anti-Scanning Technology Based on Machine Learning

2019, 5(4): 303-308.

Asbtract ( )

PDF (1359KB) ( )

References | Related Articles | Metrics

With the development of Internet technology, web application systems have been widely used in government portals, ecommerce, Internet and other industries, which are convenient for life and work, but also bring network security risks. Hackers can not only find server vulnerabilities by scanning technology, but also generate a large amount of network bandwidth due to scanning, which causes normal network communication to fail. To solve this problem, it is proposed to analyze the client access log, extract the response code of the past 2s IP access in the log, the proportion of the number of IP accesses in the past 2s to the total number of IP accesses, and the response code of the IP access in the past 2s. The proportion of 404 accounts for the current IP access, the port variance of the IP access in the past 2s, the number of IP addresses in the past 100 logs, and the number of 404 responses in the past 100 logs. In the past 100 logs, the port variance of this IP access has 7 characteristics, and the scanning behavior is identified by the naive Bayesian classification algorithm in machine learning. And use the spark MLlib Bayesian algorithm to train the scan log of the hdfs platform, update the algorithm template regularly, and realize the ability to resist malicious scanning. Finally, the network layer is blocked by iptables. The method improves recognition accuracy, reduces false positive rate, effectively reduces malicious traffic, and protects customer websites.

Research on Data Sharing Security Framework

2019, 5(4): 309-317.

Asbtract ( )

PDF (1890KB) ( )

References | Related Articles | Metrics

With the rapid development of big data technologies and applications, the need to promote data sharing across departments and industries has become very urgent. However, the impact of security issues is a key issue in the development of data sharing. Countries around the world are paying more and more attention to the security of data sharing. Many countries, including the United States, the European Union and China, have formulated laws and regulations related to data security to promote the legal use and security protection of data sharing. This paper summarizes and analyzes the security management and control of data sharing at home and abroad, designs the data sharing model and related party roles, and proposes a data sharing security framework based on analyzing the security risks and problems of data sharing. Finally, suggestions for strengthening the security governance of data sharing are given.

Research on Risk Predictive of Behavior Analysis of E-mail System Based on Bayesian Network

2019, 5(4): 318-326.

Asbtract ( )

PDF (4294KB) ( )

References | Related Articles | Metrics

Today's world, network information technology is changing with each passing day, which deeply promotes the economic development and technological innovation of enterprises, and also brings prominent network security problems to enterprises. In the past, the common method used by enterprises to face network security threats was to passively deploy security products and configure protection policies. It was impossible to detect and eliminate risks and threats in a timely and effective manner. In the "Cybersecurity Law" officially implemented by the state in 2017, it has been clear that enterprises need to establish an active defense mechanism. In order to make the defense of enterprise network security change from passive to active, it can accurately predict security risks. Taking e-mail system as an example, this paper proposes a risk forecasting method based on behavior analysis and establishes a behavior analysis model to provide a basis for the subsequent dynamic security protection strategy adjustment in recent years.

Research on Distribution Monitoring of Infected Hosts Based on DNS

2019, 5(4): 327-332.

Asbtract ( )

PDF (1557KB) ( )

References | Related Articles | Metrics

Based on the principle of DNS technology, this paper deploys a DNS node monitoring system to monitor and analyze the DNS response data of each node to analyze the target domain name of the control terminal, tries to detect and model the data several times, and finally obtains the distribution of the infected hosts and the types of Trojan virus. And through the optimized node management scheduling scheme, without the help of thirdparty means to grasp the outbreak of a virus, which can play an important role in the prevention and traceability of virus attack, and further form a worldwide monitoring situation of the virus infection risk.

An Analysis of SDN Attack and Defense Technology

2019, 5(4): 333-339.

Asbtract ( )

PDF (2242KB) ( )

References | Related Articles | Metrics

The congenital difficulty of innovation and evolution on traditional network makes SDN (software-defined network) more and more popular. However, with the development of SDN technology and the successive deployment use of SDN, the security of SDN has become increasingly serious. From the architecture and security model of SDN, this paper analyses and summarizes the security problems and possible methods about network attackson application plane, control plane, data plane and north/south interface of SDN, and puts forward the corresponding strategies and methods of security: periodically detecting vulnerabilities and malicious codes in SDN applications, strictly authenticating and authorizing, ensuring security of every controller, resisting DoS/DDoS attacks, avoiding illegality and inconsistency of flow rules, ensuring security of data, implementing SDN security best practices, and evaluating SDN security using DELTA framework.

Multimodal Public Sentiment Analysis Model Based on Local Semantic Information

2019, 5(4): 340-345.

Asbtract ( )

PDF (1145KB) ( )

References | Related Articles | Metrics

Public sentiment analysis is widely used in information security fields,such as event monitoring, information forecasting, and public opinion monitoring. With development of social media, social networks such as Twitter, Facebook and Sina Weibo become one of the most important channels for information generation and dissemination, containing a large number of images and texts with emotional colors. Since data in social networks is important of understanding publics views and positions,which is widely used as a source of data for public opinion analysis. Many existing methods extract features directly from images as additional information for multimodal analysis, which tends to neglect highdimensional semantic information, such as expressions, actions, etc., that exist locally in the image. To solve these problems, this paper proposes a feature extraction framework that combines local semantic information and a multimodal sentiment analysis method that combines visual and textual features. We use image description method to extract image features, extract text features by multilayer convolution, and finally train the classifier to combine these two features for decision making. The experimental results on the public data set MAVA in the field of sentiment analysis show that the model can effectively capture the graphic features and have better performance in the sentiment analysis task.

Identification, Disposal and Defense of Extortion Virus

2019, 5(4): 346-351.

Asbtract ( )

PDF (3416KB) ( )

References | Related Articles | Metrics

Extortion virus mainly spreads in the form of mail, program Trojan horse, web page hanging horse, etc. It encrypts files by using various asymmetric encryption algorithms, and the infected person can not decrypt them generally. Only by getting the decrypted private key, can it be possible to decrypt them. Extortion virus is extremely harsh and extremely harmful. Once infected, it will bring immeasurable loss to users. Therefore, the identification, disposal and defense of extortion virus is particularly important. In the recognition of extortion virus, we usually use the combination of conventional anti-virus software and behavioral identification methods; in the disposal of extortion virus, we can thoroughly clean it up by manual and automatic methods; in terms of defensive measures, traffic level analysis, early warning and terminal level protection and encryption are important links.

Research on WordPress 5.0.0 Remote Code Execution Vulnerability

2019, 5(4): 352-360.

Asbtract ( )

PDF (5078KB) ( )

References | Related Articles | Metrics

With the high-speed development of the Internet, the security problems of Web applications have become increasingly prominent. In the context of the widespread used open source software, it has become more and more concerned by security practitioners. There is no doubt that open source software occupies an irreplaceable position in current network applications, its security issues are always related to a large number of our daily use applications. These security issues can cause immeasurable damage, both to individuals and businesses. Especially when these security issues or vulnerabilities are exploited by some attackers, the consequences are unimaginable. From the perspective of Internet companies, it is particularly necessary and vital to solve security problems. Research on open vulnerabilities can help security practitioners understand the causes of vulnerabilities and the main techniques of exploits better, help companies and their users reduce the risk of potential losses. As you can see, WordPress, an important part of open source software contributes to lots of Web applications, the representative of blog and content manage system, is all the time focused on by the attackers around the world. Some experienced attackers may use different exploit ways to bypass the existed protection policy which is based on the well-known tricks that published. At the same time, these attackers are now more circumspect about using these exploit ways to avoid these new ways being exposed. For the most enterprises, they consequently have no ability to keep knowing it in real time and they will be caught off guard when the attackers come. In a sense, to discuss about the different exploit ways is indispensable. Therefore, this paper combines the published analysis paper about WordPress 5.0.0 remote code execution vulnerability, proposes a different exploit way on last step which directly causes arbitrary code execution that can be maliciously exploited by some attackers. Purpose of the research is to provide detailed info for the security practitioners', help them understand the causes of the vulnerability, complete the vulnerability recurrence with a different approach, as well as to enhance their vulnerability detection capabilities and promote the enterprise to effectively discover and fix the vulnerabilities.

Table of Content