Loading...

Table of Content

    10 September 2020, Volume 6 Issue 9
    Previous Issue    Next Issue
    The Research of Discerning XSS Attack Based on FP-growth Optimized SVM Classifier
    2020, 6(9):  0-0. 
    Asbtract ( )   PDF (2293KB) ( )  
    Related Articles | Metrics
    Cross-site scripting (XSS) is a web-based security attack that is one of the most serious threats to Internet security today. Based on the principle of XSS attack detection based on Support Vector Machine (SVM) classifier, paper proposes An association detection algorithm (FP-growth) optimizes the XSS attacker detection method,It is verified by experiments that this method can effectively improve the accuracy of XSS detection compared with the common SVM detection method.
    Research on Application Scheme of National Secret Algorithm in SecOC Security Mechanism
    2020, 6(9):  0-0. 
    Asbtract ( )   PDF (1335KB) ( )  
    Related Articles | Metrics
    Intelligent connected vehicles have functions such as high-speed network connection, complex environment perception, intelligent decision-making, and collaborative control.With the rapid development of the Internet of Vehicles, intelligent connected vehicles can obtain more intelligent services in the Internet of Vehicles, but they also face more security threats.At present, the communication between ECUs based on the CAN bus in the vehicle lacks a secure communication mechanism, once an attack from the external network of the vehicle enters the internal network of the vehicle, the vehicle will be controlled by hackers.,therefore, the research on the secure communication mechanism of the vehicle internal network is very important.This paper introduces the principle of the SecOC secure communication mechanism in the AUTOSAR specification in detail,studies the symmetric encryption algorithm for generating MAC,considering the healthy development of China's automobile industry in the future, it is recommended to use the national secret SM4 algorithm to implement the SecOC security framework,the paper explains the implementation principle of the SM4 encryption algorithm,taking into account the high real-time requirements of the in-vehicle network communication, the paper focuses on the application of the SM4 algorithm, testing and analyzing the performance of the SM4 software, and discussing the hardware implementation mechanism supporting the national secret SM4, and prospects the future application of the program.
    A Method of User Behavior Analysis Based on Network Flow and Log in Private Network
    2020, 6(9):  0-0. 
    Asbtract ( )   PDF (2026KB) ( )  
    Related Articles | Metrics
    The supervision of user behavior in private network is an important means to ensure the information security. In view of the one-side problems existing in the private network solely relying on the network flow and the terminal security software log, we propose a method based on the traffic and log analysis, combining with the technology of network flow analysis, network security situation analysis, user portrait and user behavior analysis. Through the system architecture, we implement a system from the basic platform layer, data analysis layer and display layer. Combined with the core requirements of private network supervision, by improving the monitoring method of user terminal security software in private network, we realize a monitoring system of users' key behaviors in private network. The core function of the system is to monitor the abnormal flow of core assets, operation and maintenance flow, and build the data portrait of users' key behaviors. The application in the real private network shows that this method can effectively monitor the key user behavior of the private network, and provide reference for the user behavior supervision other private networks.
    Application Practice of "Personal Health Information Code" Based on Cyber Trusted Identity
    2020, 6(9):  0-0. 
    Asbtract ( )   PDF (3224KB) ( )  
    Related Articles | Metrics
    In order to solve the problems of inconsistent health code standards, data sharing, and lack of mutual recognition mechanism in various regions, the First Research Institute of the Ministry of Public Security of RPC relies on the real-name authentication capabilities of the "Internet +" cyber trusted identity authentication platform (referred to as CTID platform), a "health code" solution has been designed and applied in the national government service platform by taking advantage of the mature technology accumulation in cyber trusted identity QR code, which achieved good practice results in the mutual trust and mutual recognition of the national "health code". In order to effectively prevent and control the risks of the epidemic situation, it provides a strong support for enterprises to resume work in an orderly manner and to ensure the orderly movement of the people.
    Research on Legislative Protection of Personal Biological Information in the Big Data Era
    2020, 6(9):  0-0. 
    Asbtract ( )   PDF (1172KB) ( )  
    Related Articles | Metrics
    The application of big data and biotechnology has brought huge challenges to the security of individual biometric information-the abuse of biometric information has seriously affected the lives and security of citizens. How to protect the personal biometric information of citizens, which biological information is protected, and how to choose between the personal freedom of the information subject and the public interest represented by information circulation, have become legal issues that should be considered in the era of big data. By studying the personal biometric information from the perspective of Internet content providers, the risks and challenges of personal biometric information in the era of big data are summarized, the concepts and characteristics of personal biometric information are explored, the value and basis of biological information protection are analyzed, and individuals are balanced The private benefit represented by the freedom of the personality of the information subject and the public interest represented by the public interest, put forward the principles that personal biometric information protection should follow, and put forward based on the analysis of the status of personal biometric information protection in China, the United States, Germany and the European Union Suggestions for perfecting protection of personal information through legislation.
    A Study on the Academic Influence of the Cyber Security Research in Mainland China
    2020, 6(9):  0-0. 
    Asbtract ( )   PDF (3366KB) ( )  
    Related Articles | Metrics
    Since the 18th CPC National Congress, the CPC Central Committee and the State Council have attached great importance to cryptography and information security, which has greatly promoted the research work on cryptography and information security. In order to compare the gap of the academic level on information security between China and the world, and to sum up the achievements China has made in the field of basic research on information network security in recent years, this article analyzed the high-quality articles published in the top international academic conferences on information security, and showed the contributions of China's Information Network Security research. This article illustrated the contributions of China's information network security academic research through statistically analyzing the articles published in the top academic conferences with the Chinese institutions set as the first author's main affiliation. We analyzed the top-three academic conferences on cryptography, i.e., CRYPTO, EUROCRYPT, ASIACRYPT, and the top-four academic conferences on information network security, i.e., USENIX SECURITY, CCS, S&P and NDSS. The statistical results showed that , China has made significant progress and won bigger voice in the academic research on information network security since the 18th CPC National Congress. Tsinghua University and Shanghai Jiaotong University, etc. are still the pioneers in China's information network security research. According to the statistic results, the distribution of China's research areas around information network security is balanced, but the gap with the international level is still obvious.
    Research on Development of Deepfake Detection Technology and Its Enlightenment to China
    2020, 6(9):  0-0. 
    Asbtract ( )   PDF (720KB) ( )  
    Related Articles | Metrics
    Deepfake(deep forgery) technology can generate false images and videos that cannot be distinguished by human eyes. The combination of deep forgery and social networks will bring great information security risks to individuals and society. Therefore, it is essential to automatically detect and evaluate the integrity of digital visual media. This paper reviews the development of deepfake detection technology from three directions: deep learning detection algorithms, digital source forensics, and life log records, and analyzes the risks and challenges faced by different countermeasures. Research shows that there is currently no perfect solution to effectively deal with the real threat of deepfake technology. Finally, based on China's basic national conditions, the development of China’s deepfake detection technology is proposed.
    The Intelligent Tendency of Copyright Infringement Crime and the Response of Criminal Law in the Era of Artificial Intelligence
    2020, 6(9):  0-0. 
    Asbtract ( )   PDF (1066KB) ( )  
    Related Articles | Metrics
    With the development of science and technology, copyright infringement crime has produced intelligent tendency in the era of artificial intelligence. First of all, work created by artificial intelligence have emerged, it challenges the scope of the identification of the object of crime; secondly, two new types of criminal instruments have emerged, they are artificial intelligence writing software and "manuscript washing" robot, and they magnify the dispute over whether plagiarism belongs to "copy" in article 217 of Criminal Law; thirdly, strong artificial intelligence produces independent consciousness, it offers a possibility for the subject of crime in the future. The traditional theory and norm of criminal law can`t fully adapt to the new situation after the change, so it needs to be adjusted and improved. Firstly, admit that work created by artificial intelligence has the attribute of the work, and bring it into the scope of criminal law protection; secondly, expand the interpretation of the "copy" in article 217 on the position of the doctrine of criminal law, to make it contain conducts that meet the criteria of substantial similarity, such as plagiarism; lastly, give the subject status of criminal responsibility to strong artificial intelligence at the necessary time in the future, and construct penalty system for artificial intelligence.
    Criminal Risk of Misuse of Web Crawler Technology and Criminal Law Response
    2020, 6(9):  0-0. 
    Asbtract ( )   PDF (1298KB) ( )  
    Related Articles | Metrics
    The current web crawler technology has been alienated, and there have been a large number of illegal crimes such as illegal collection of personal information, theft of trade secrets, and theft of data. From the actual cases, the use of web crawler technology has multiple social risks, such as personal information is leaked, computer information system data is illegally collected, public interests are damaged, and national security is endangered. The current criminal law on the misuse of web crawler technology which reflected in the form of crime responsibility is mainly intentional crime, negligence crime can only be indirectly reflected by other crimes, and the effectiveness is very limited. The legislature should pay close attention to the problem of negligent crimes of misuse of computer technology, and should legislate to confirm negligent crimes that have serious consequences. In the face of the emergence of cyberspace sovereignty, the criminal law should make appropriate adjustments to the crimes for national security and public safety. At the same time, in the era of artificial intelligence, the positive response of the criminal law should be reflected. In order to comply with the development of modern science and technology, it is necessary to appropriately expand the scope of protection of personal information.
    Knowledge Graph of Hotspots in the Research of University Students’ Network Morality in China
    2020, 6(9):  0-0. 
    Asbtract ( )   PDF (828KB) ( )  
    Related Articles | Metrics
    According to the hotspots knowledge graph of university students' network morality in China, the result shows that the research hotspots in university students' network morality in China mainly focus on four aspects: current situation, existing problems and solutions of university students' network morality, the new path of moral construction in the network era, the path of network honesty construction under the background of self-media, and ways and approaches adopted by universities in the process of network moral construction. Researchers of university students' network morality need to strengthen the relationship between university and university students' network morality in the future, and put forward feasible strategies to improve network morality.
    A Government Affairs Cloud Cryptography Application based on Cryptography Cloud
    2020, 6(9):  0-0. 
    Asbtract ( )   PDF (1048KB) ( )  
    Related Articles | Metrics
    Cryptography is the core technology of network and information security. It is necessary to build a security protection system centering on cryptography in the process of protecting the security of government affairs cloud and applications in the cloud. The paper researches the cryptography application requirements of government affairs cloud taking Beijing government affairs cloud service mode as an example and puts forward a scheme of centralized deployment of independent cryptography cloud platform to meet the cryptography application requirements of government affairs cloud and the tenants of the cloud, with dividing management responsibilities, virtualization of cryptography computing resources, centralizing management of key and providing secure communication between government affairs cloud and cryptography cloud.
    Basic Design for Intelligent Lock Cryptographic Application Standard
    2020, 6(9):  0-0. 
    Asbtract ( )   PDF (882KB) ( )  
    Related Articles | Metrics
    To support the popularization and standardization of autonomous and controllable cryptographic technology in the field of intelligent lock cryptographic application, Several challenges of the standardization are figured out.(For example, the intelligent lock standard shall match both the current lock standards and the current lock system standards and shall be compatible with the “keyless” or “non-key” intelligent locks ). To match the characteristics of intelligent locks and meet the challenges. a new term “intelligent lock (system)” is defined, The definition gives a uniformed description of locks, lock(s) in a lock system and lock system, which is helpful to describe intelligent locks. Starting with the definition, a model describing intelligent locks is designed, which successfully prevent from using the term ”key” and may help to describe the “keyless” or “non-key” intelligent locks. It is helpful to meet the challenges during the standardization of intelligent lock cryptographic application using the definition and the model. To show the feasibility of the definition and the model, a basic design of the intelligent lock cryptographic application standard is given also with some principle policies about how to keep the intelligent lock cryptographic application standard compatible with current standards(including lock standards, cryptographic standards and information security standards).
    The design and thinking of the security protection system of classified and sub domain of the trade secret network of the central management enterprises
    2020, 6(9):  0-0. 
    Asbtract ( )   PDF (2783KB) ( )  
    Related Articles | Metrics
    Trade secret information is directly related to the market competitive advantages and econom-ic interests of enterprises. For central management enterprises, it has become a development trend to build trade secret network to strengthen the protection of trade secret information. Combining with different business scenarios of enterprises, the paper puts forward the classi-fied and sub regional security protection system of trade secret network, focusing on the re-search and discussion of the security area division, border risk identification and security of the network All protection technical measures provide reference and reference for the construction of security protection system of trade secret network.
Author Center
Review Center
京ICP备19004174号
Copyright © Journal of Information Security Reserach, All Rights Reserved.
Tel: 010-68558637 E-mail: ris@cei.cn
Powered by Beijing Magtech Co., Ltd.