Table of Content

    15 September 2019, Volume 5 Issue 9
    SecurityUnion IT: Committed to Internet of Everything Security
    2019, 5(9):  762-770. 
    Asbtract ( )   PDF (2670KB) ( )  
    Related Articles | Metrics
    The Review of Information Hiding Technology Based on GAN Image Generation
    2019, 5(9):  771-777. 
    Asbtract ( )   PDF (630KB) ( )  
    References | Related Articles | Metrics
    The traditional steganography is facing more and more threats, and the steganographic analysis technology is gradually mature. To solve this problem, the Generative Adversarial Networks is introduced into the steganography, which can reduce the traces of carrier modification and improve the concealment of steganography. This paper introduces the basic structure of the Generative Adversarial Networks, summarizes, compares and classifies the research results of the steganography based on GAN image generation. According to the existing technical means, the shortcomings of the current Generative Adversarial Networks in the development of steganography are proposed, and the future research directions are prospected.
    Quantitative Research on Privacy Risk of LargeScale Mobile Users
    2019, 5(9):  778-788. 
    Asbtract ( )   PDF (3810KB) ( )  
    References | Related Articles | Metrics
    The increasing number of mobile applications have given mobile Internet service providers the opportunity to collect large amounts of user data. However, the unreasonable and abnormal collection and use of data have made mobile users face extremely serious privacy risk. How to analyze the status of user privacy risk and protect user privacy have become an urgent issue. Based on the permission analysis of mobile applications, this paper proposes a novel user privacy risk quantification model. This model first identifies the personal privacyrelated data collection of mobile applications through 39 privacy permissions which are considered as leakage data source, then consider the possibility of data leakage and the privacy hazard degree of data. This model is further constructed with the assist of application usage data of 30 million mobile devices. Finally, the distribution of privacy risks of individual users is analyzed. Then through analyzing the average user privacy risk value of each user group, the China privacy risk index is formulated to reflect the differences in privacy risks among various user groups, including the regional privacy risk index, the population privacy risk index, and the behavioral privacy risk index.
    Research on Data Monopoly and Its Governance Modes
    2019, 5(9):  789-797. 
    Asbtract ( )   PDF (2045KB) ( )  
    References | Related Articles | Metrics
    The acceleration of digitization process in various fields has led to an explosive growth in data volume. Meanwhile, the huge derivative value of massive data makes it a strategic basic resource in digital economy era. The resulting “data war” has made data monopoly inevitable. Data oligarchies control massive amounts of data. This paper takes the mobile internet as an example to study the status of data monopoly and experimental results indicate the top 10% of data collectors have held 99% of the data. The aggregation characteristics of data itself, the business model of large companies covering various digital fields and their huge number of users are all potential causes of data monopoly. Data monopoly may lead to many problems, such as free competition market barriers, consumer welfare damage, information security and personal privacy risk. In order to solve these problems, there are mainly three types of governance schemes: partial mode, intermediary mode and global mode. The three schemes respectively act on different stages of the data life cycle, and govern data centralization phenomenon by weakening data control of collectors to different extents.
    Design and Implementation of Dark Net Data Crawler Based on Tor
    2019, 5(9):  798-804. 
    Asbtract ( )   PDF (3976KB) ( )  
    References | Related Articles | Metrics
    tWith the development of anonymous communication technology, more and more users begin to use anonymous communication to protect personal privacy. Tor, as the most popular application of anonymous communication system, can effectively prevent behavior such as traffic sniffing, eavesdropping and other behaviors. While protecting the privacy of users from being stolen, “dark net” is also used by many criminals. Thus, this has brought great challenges to the supervision of public security. How to strengthen the regulation and crackdown on illegal information of dark network websites is an urgent problem to be solved. Therefore, the data of crawling anonymous websites is an important basis for supervising those websites effectively. The most mainstream dark network anonymous communication system Tor was introduced briefly, its technical principles were analyzed, and a dark network data crawler program was designed, which mainly use Selenium to enter the Tor network, bulk crawl the dark Web pages and save the data to the local. It will help the public security department to further monitor and analyze the relevant content in the dark network, and also propose a feasible technical means for the police department to supervise the dark network.
    A Cryptography Resources Scheduling Algorithm for SpaceBased Access Points Based on Service Mapping and Blocks Scheduling
    2019, 5(9):  805-811. 
    Asbtract ( )   PDF (1935KB) ( )  
    References | Related Articles | Metrics
    Access authentication and secure transmission are key methods to guarantee security of space-ground integrated network. To settle the problems of limited cryptography resources and low resource utilization rate while massive end-users request cryptography services simultaneously, a two-level cryptography resources scheduling algorithm based on service mapping and blocks scheduling is proposed. This algorithm utilizes the feature that reconfigurable cryptography service could implement as blocks, and maps all blocks of cryptography services to correspondent resources’ waiting queue by a modified cuckoo search scheduling algorithm. Then, it schedules and locally optimizes the blocks in waiting queue by introducing a rule named “blocks with least influence first”. Experiment results suggest that our algorithm efficiently improves the crypto-graphy resources utilization rate and execution efficiency of concurrent cryptography services.
    Buffer Overflow Vulnerability Analysis and Guard Strategy
    2019, 5(9):  812-819. 
    Asbtract ( )   PDF (3380KB) ( )  
    References | Related Articles | Metrics
    In view of the extensiveness and seriousness of the buffer overflow vulnerability, on the basis of studying the principle of buffer overflow vulnerability, attacking methods of buffer overflow vulnerability were analyzed according to local buffer overflow attack and remote buffer overflow attack, and guard strategies for two kinds of buffer overflow vulnerabilities are proposed. Experiments show that the local and remote buffer guard strategies can effectively solve the harm caused by buffer overflow vulnerabilities.
    The FPGABased Implementation Scheme for Image Shuffling Algorithm —Taking the Arnold Algorithm as an Example
    2019, 5(9):  820-827. 
    Asbtract ( )   PDF (3410KB) ( )  
    References | Related Articles | Metrics
    In the era of 5G and IoT, the development of domestically produced encryption chips is a key issue in the field of information security research. A considerable number of devices generate image data for users to view and use. Common RSA algorithm, DCT domain image watermarking algorithm, Rossler chaotic transform algorithm, and Arnold transform algorithm can realize software level image encryption. However, there are few hardwareencrypted image encryption chip schemes. In order to ensure user data security, this paper takes the shuffling algorithm commonly used in image encryption as an example to realize arbitrary square size on FPGA. The Arnold encryption algorithm of the image provides a reference for the hardwareization of the image scrambling algorithm. Even if some algorithms in the software are very simple , in the hardware to implement, they all need a large number of digital circuit components to complete. This article focuses on the use of algorithms that have been proven to be effectively encrypted in software, trying to apply them to hardware in the hope of achieving lowcost hardware encryption. The experimental results of this paper show that when the FPGA transform is realized, the execution speed is many times faster than the speed of using the computer to realize Arnold transform.
    Research of Cyber Situation Awareness System in the Implementation of Classified Protection 2.0
    2019, 5(9):  828-833. 
    Asbtract ( )   PDF (1470KB) ( )  
    References | Related Articles | Metrics
    Cyber security classified protection regulations (classified protection 2.0) are proposed in order to ensure the implementation of cyber security law. Overall, at the legal level, the guaranty 2.0 will correspond to the cyber security level protection system in the “Cyber Security Law”, which is a concrete measure for implementing the cyber security law. Secondly, at the technical level, cyber security technology is developed from passive defense (classified protection 1.0) to active immune defense (classified protection 2.0). Finally, at the implementation level, there has been a shift from traditional information system protection to the construction of active defense system of cyber space. The new characteristics are analyzed in detail in this paper. Combining with the development of situation awareness system products, the challenge and feasible solution are also studied in face of classified protection 2.0, finally a feasible solution is also presented.
    Definition of Content Review Scope of Network Platform
    2019, 5(9):  834-842. 
    Asbtract ( )   PDF (583KB) ( )  
    References | Related Articles | Metrics
    At present, Chinas legislation on the scope of network platform content review is not clear and unreasonable. The network platform has great discretion in judging the illegality of users' published content, and their law enforcement behaviors of blocking or deleting users' published content are arbitrary, that poses a great threat to users basic rights such as freedom of speech. In order to achieve a good balance between the maintenance of public interests such as network security and the protection of basic rights such as freedom of speech, Chinas legislation should make a clear and reasonable definition of the scope of content censorship. At present, there are three defining standards in foreign countries. On the basis of comparative analysis of the above standards and combining with the legislative background of China, this paper proposes to define the content review scope of China's network platform as the illegal content that infringes the protection benefits of the public law.
    The Author Attribution of the Short Text Based on the Likelihood Ratio
    2019, 5(9):  843-846. 
    Asbtract ( )   PDF (913KB) ( )  
    References | Related Articles | Metrics
    With the popularization of information technology in daily life, there are more and more cases of short Internet texts as electronic evidence data. International research on such issues has been comparatively rich and accumulated some mature experience. However, due to the characteristics and complexity of Chinese language, the research results of western countries, which mainly take English as the application scene, are not very applicable to Chinese scene. Therefore, it is of practical significance to focus on the author attribution algorithm of short text messages which are suitable for Chinese application scenarios. Based on the Ngram model and the likelihood ratio method, this paper determines the author attribution of short text through the distribution feature of word frequency. The experimental results show that this method has achieved a better attribution effect.
    Research on Cybersecurity Certification System of Critical Information Infrastructure
    2019, 5(9):  847-850. 
    Asbtract ( )   PDF (683KB) ( )  
    References | Related Articles | Metrics
    Critical information infrastructure is related to national security, peoples livelihood, and public interests. It is an overall and strategic task to speed up the construction of critical information infrastructure security assurance system. The research and application of cyber security certification system in the field of critical information infrastructure can play a basic supporting role in the construction of cyber security system and promote the implementation of national information security certification system in the field of critical information infrastructure.
    Design of Network Security Protection for Municipal Heating Control System
    2019, 5(9):  851-856. 
    Asbtract ( )   PDF (3049KB) ( )  
    References | Related Articles | Metrics
    By analyzing the typical structure of the municipal heating control system, the network security risks faced by the municipal heating control system are studied. According to the level protection requirements, a targeted security protection solution is proposed for the network security problem of the existing control system. The network security deep defense system of municipal heating control system is constructed based on area isolation, access authentication and network communication protection, software system security and centralized supervision. This solution of network security protection can be referenced in the municipal heating industry.