Table of Content

    10 February 2020, Volume 6 Issue 2
    2019 China Cyber Security Report and Trend Outlook
    2020, 6(2):  98-107. 
    Asbtract ( )   PDF (3956KB) ( )  
    Related Articles | Metrics
    A Practical Quantum Private Query Scheme
    2020, 6(2):  108-112. 
    Asbtract ( )   PDF (707KB) ( )  
    References | Related Articles | Metrics
    In quantum secure communication network, it is very important to protect the privacy of query users and database. Considering the influence of noise in the actual communication process, this paper proposes a practical quantum private query scheme in the case of noise. Firstly, the initialization phase is used to verify the identity through quantum entanglement pair, which ensures the security of communication; secondly, in the process of key distribution, the two communication parties infer the key information by combining Bell basis measurement, and a user only obtains part of the key information. Finally, the receiver uses CSS quantum error correction code to perform corresponding error correction, which can protect user privacy and prevent eavesdropping. Therefore, according to theoretical analysis of the security and communication efficiency of the scheme, it is verified that the scheme is a protocol with antinoise capability, which not only improves the efficiency of protocol communication, but also has the significance of practical application.
    Malware Detection Based on Word Embedding Features of Assembly Instruction
    2020, 6(2):  113-121. 
    Asbtract ( )   PDF (2509KB) ( )  
    References | Related Articles | Metrics
    The main idea of current malware detection methods based on machine learning is to extract features through static analysis and dynamic analysis, and then select a machine learning classifier to train the classification model. The accuracy of such methods depends on the quality of manually selected features, otherwise valuable information will be lost during the selection process, affecting the classification effect. Aiming at this problem, a malware detection model based on the word embedding feature of assembly instruction was proposed. First, the disassembly tool was used to extract assembly instructions of the malware, and rules were formulated to replace some instructions to reduce complexity. Then, the similarity of the instruction was learned through the word embedding model of Natural Language Processing to obtain a vector representation of the instruction. Finally, executable files were classified using the hybrid model of convolutional neural network (CNN) and Bidirectional long shortterm memory (BiLSTM). The above method effectively solves the problems of poor feature quality and loss of important information in manual feature selection. The results of multiple sets of comparison experiments on the data set show that the method achieves 98.8% classification accuracy and 98.7% F1 value, which is significantly better than the comparison algorithm.
    Detection of Network Storage Covert Channel over ICMP Protocol Based on SVM
    2020, 6(2):  122-130. 
    Asbtract ( )   PDF (2318KB) ( )  
    References | Related Articles | Metrics
    Covert Channel known as a means of communication affects data sent secretly in the network and attack the network ,which seriously threatens information security. Most ICMP(Internet Control Message Protocol) can elude basic security systems such as firewalls. An attacker can hide any data based on the ICMP of the payload, which can form ICMP covert channel. Traditional ICMP channel detection is based on a single feature of the payload, by analyzing ICMP protocol, we fully discuss the basic data characteristic such as the type, the size of packet and fixed data format of the normal ICMP traffic so as to get the more effective detection. To validate our idea, we install some tools that allow to construct covert channel using ICMP. Based on the 12 characteristic of ICMP,We propose an ICMP covert channel detection algorithm based on Support Vector Machine(SVM). The algorithm extracts network flow characteristic fields and train the model using SVM.Our experimental results show the possibility to discover such ICMP traffic with high performance,reaching about 99%.
    A Framework for Proactive Acquisition of Threat Intelligence Based on Darknet
    2020, 6(2):  131-138. 
    Asbtract ( )   PDF (1380KB) ( )  
    References | Related Articles | Metrics
    The information in the darknet tends to appear earlier than the surface web and can be used for threat intelligence acquisition and research. Aiming at the problem that security researchers cant quickly obtain the emerging threat information from the massive darknet data, a framework for a proactive acquisition of threat intelligence based on darknet is proposed. The framework includes three modules: dark network data acquisition, data filtering and threat intelligence acquisition. For the three types of information such as “malware”, “hacking tools” and “data leakage” in the darknet, the framework proposes and uses the information amount calculation method I@n (information at n), calculating the amount of dark network information in the surface network by using the difference in the time of information appearing in the darknet and the surface network. The updated threat information in the dark network is proactively acquired through the law between the amount of information in the surface network and the timeliness of the information. Experiments show that it is feasible to use this framework to acquire threat intelligence proactively from the darknet, helping security analysts respond to unknown cyber threats in a timely manner.
    The Research of Secure CAPTCHA Generation and Verification Scheme Based on Behavior
    2020, 6(2):  139-144. 
    Asbtract ( )   PDF (2539KB) ( )  
    References | Related Articles | Metrics
    Through analyzing problems and security status of the traditional CAPTCHA, the secure CAPTCHA generation and verification scheme based on behavior are proposed. In this scheme, determining the correctness of the verification code by detecting whether the connection trajectory between multiple elements entered by the user in the verification code picture matches the correspondence between the elements. The CAPTCHA is verified correct only when the relationships of all the elements in the CAPTCHA picture are set up correctly. This scheme can effectively solve the lower input efficiency problem of the traditional CAPTCHA and the easily mistake input problem when the user enters CAPTCHA through the keyboard, and improve the input efficiency of CAPTCHA. At the same time, the scheme which can also solve the problem that the traditional CAPTCHA can not analyze whether the CAPTCHA input action is finished by humans or robot, effectively increase the difficulty and efficiency of the automatic identification and verification of CAPTCHA, reduce the passing rate of malicious access. This scheme is applicable to all possible attacks by robot. The scheme has the characteristics of good user experience, high security, many application scenarios, wide profitable channels and so on, which has good market prospect.
    The Key Techniques Research of 10Gbps IPSec Protocol Chip
    2020, 6(2):  145-150. 
    Asbtract ( )   PDF (1292KB) ( )  
    References | Related Articles | Metrics
    With the increasing problem of network security, IPSec protocol has been widely used in many areas. Software implementation of IPSec security protocol has the characteristics of poor security, poor platform adaptability and low performance. Hardware implementation of IPSec security protocol is characterized by poor flexibility and low parallelism. Therefore, this paper based on the analyses of IPSec protocol, proposes a method of implementing of IPSec protocol in combination with ASIP and software. The design of 10Gbps IPSec protocol chip using 40nm CMOS process for hardware implantation which performance up to 10Gbps.
    Research and Practice of File Upload Vulnerability
    2020, 6(2):  151-158. 
    Asbtract ( )   PDF (4330KB) ( )  
    References | Related Articles | Metrics
    File upload vulnerability is a common vulnerability type in Web application system. An attacker uses the inadequate defect of Web application system to detect uploaded files and upload executable scripts. The attacker can use this vulnerability to upload the Website backdoor (WebShell) to the Web application server, and then gain the privileges of the Web site by accessing it. The attacker can steal data from Web application server and penetrate Web application server further. This paper studies and analyzes file upload and common means of detection and defense, summarizes and analyzes the means of attacks of upload vulnerabilities, and in view of file upload vulnerabilities in DVWA vulnerability environment, uses the inductive attack method to test in practice. Finally, summarizes the defense methods of file upload attack and makes future prospects.
    Characteristics and Investigation Strategies of Internet Drug Trafficking Under Digital Background
    2020, 6(2):  159-164. 
    Asbtract ( )   PDF (1615KB) ( )  
    References | Related Articles | Metrics
    With rapid development of the Internet, the drug-related crimes are highly taking advantage of its concelment, virtuality, convenience and difficulty in obtaining evidence. As a result, drug-related crimes become more and more rampant, which brings more difficulty for the public security organs to crack down such cases. How to effectively control Internet drug-related crime has become an important issue for the public security organs.This paper firstly expounds the characteristics of Internet drug trafficking under the digital background, then systematically analyzes the difficulties in the investigation of Internet drug trafficking cases, and puts forward the investigation strategy of Internet drug trafficking cases.Finally, based on the author's experience in computer judicial appraisal, this paper summarizes the investigation and evidence collection methods and procedures of Internet drug crime evidence, providing investigators with new technologies and new means.
    Research on System Engineering Modeling Method for Equipment Software Quality Management
    2020, 6(2):  165-170. 
    Asbtract ( )   PDF (2591KB) ( )  
    References | Related Articles | Metrics
    In view of the limitations of the existing equipment of software quality management and the challenge, starting from the characteristics and development trend of equipment software, this paper puts forward a system engineering modeling method for equipment of software quality management. Based on the idea of system engineering and the principle of Hall model, the system engineering of equipment software quality is defined, the system elements, relations, boundaries and environment are analyzed and studied. Finally, the system engineering level of equipment software quality management is quantitatively evaluated by system effectiveness and system stability.
    Discussion of Security Protection System of Public Security Video Network in Xueliang Project
    2020, 6(2):  171-180. 
    Asbtract ( )   PDF (5774KB) ( )  
    References | Related Articles | Metrics
    With the implementation of the Xueliang Project, video network plays an increasingly important role in the information technology field of the public security industry. With the development and improvement of the public security video surveillance system, the security of the network is put forward higher requirements. Based on the current situation of the construction of public security video network, this paper analyzes the actual needs of security construction of video network at this stage, and discusses the construction of deepening security protection system.
    Analysis on the Vulnerability of Internet Enterprise Web System to Being Easily Ignored
    2020, 6(2):  181-187. 
    Asbtract ( )   PDF (1892KB) ( )  
    References | Related Articles | Metrics
    With the rapid development of the digital industry, the number of Internet companies has increased year by year. Compared with other types of enterprises, a significant feature of Internet companies is that the main business is based on a large number of Web systems, so the high security of Web systems is particularly important in Internet companies. Web systems bring convenience to users through rich functions, and also introduce many security issues, especially the leakage of user privacy information that have occurred frequently in recent years, mostly due to security flaws in Web systems. More and more Internet companies have begun to build security emergency response centers to conduct security testing and evaluation of enterprise systems through the security forces of all parties, and to collect and handle security vulnerabilities. It can be seen that modern Internet companies have given increasing attention to security. Based on the security status of the Web system, the typical vulnerabilities that are easily overlooked in the three types of Internet companies are analyzed and summarized, and corresponding solutions are provided to improve the security of the Web systems of Internet companies and ensure user information security
    Laboratory Open Management System Based on Homomorphic Encryption Technology
    2020, 6(2):  188-192. 
    Asbtract ( )   PDF (918KB) ( )  
    References | Related Articles | Metrics
    Constructing a laboratory open management system based on homomorphic encryption technology to improve the privacy protection of the laboratory management system. According to the needs analysis of the laboratory open management system, the analysis of the laboratory open system function module is completed, and a laboratory open management system based on homomorphic encryption technology is proposed to ensure the security of user privacy and ensure the security of the open management system of the laboratory.