Table of Content

    08 December 2020, Volume 6 Issue 12
    A Survey of Research on Network Attack Model
    2020, 6(12):  1058-1067. 
    Asbtract ( )   PDF (1774KB) ( )  
    References | Related Articles | Metrics
    With the rapid development of information technology, network attacks have gradually presented multi-stage, distributed and intelligent characteristics. Single firewalls, intrusion detection systems and other traditional network defense measures cannot well protect the network system security in an open environment. As a kind of attack scene representation from the attacker's perspective, the network attack model can comprehensively describe the network attack behavior in a complex and changeable environment, and is one of the commonly used network attack analysis and response tools. This paper first introduces the current main network attack models, including traditional trees, graphs, nets structure models and modern attack chains, ATT&CK, diamond models, etc. Then the analysis and application of network attack model will be explained. The analysis process for the purpose of solving the attack index mainly includes the probability framework, the assignment method and the solution method, and the application of the attack model based on the life cycle includes the application of the attackers and the defenders' perspective; Finally, the current challenges and future directions of the network attack model and its analysis and application are summarized.
    Research of Information Security in Beidou Navigation System
    2020, 6(12):  1068-1073. 
    Asbtract ( )   PDF (1450KB) ( )  
    References | Related Articles | Metrics
    At present, the third generation of Beidou has been deployed. Beidou system will provide navigation positioning and communication data transmission services for global users. Beidou has been widely used in transportation, land and resources, disaster prevention and mitigation, agriculture, forestry and water conservancy, surveying and mapping exploration, emergency rescue and other fields in China. However, the information security related technical standard system of Beidou system is not perfect, and the cipher application is few. This paper first analyzes the composition of Beidou system and the published technical standards. The security risks in each link of Beidou system are concluded in the paper. Then, the information security system of Beidou system is introduced according to the requirements of Classification Protection. Aiming at the unique short message application of Beidou system, an encryption solution based on three-layer key mechanism and symmetric encryption algorithm is proposed. Considering the security and the processing performance of Beidou terminal, the solution can be applied to the short message encryption field of Beidou in civil application.
    Research on Blockchain of China Based on Bibliometric
    2020, 6(12):  1074-1081. 
    Asbtract ( )   PDF (2981KB) ( )  
    References | Related Articles | Metrics
    The blockchain technology plays an important role in new technological innovation and industrial transformation. Analysing its research status, research hotspots and development trends to provide references for the innovation and development of related industries. By obtaining relevant literature from core journals as samples, using bibliometrics and scientific knowledge graph visualization methods, the six aspects of its publication trend, source journals, core authors, interdisciplinary situation, institutions, and keywords are measured separately. The results show that blockchain research is in a period of rapid growth, and it overlaps in computer, economics and management, and social science; research resources are concentrated in famous colleges and universities, and it is not easy for ordinary universities to obtain national resources and the latest technical information; the number of cross-regional cooperation agencies is small and the frequency of cooperation is relatively small, the cooperation is relatively closed; at the technical level, research is mainly concentrated on the network layer, consensus layer, and contract layer; the application level is mainly in the financial industry and digital currency, and the application of food safety needs to be explored ; at the security level, it is necessary to strengthen the guarantee of data security and pay attention to the protection of user privacy; at the government level, a punishment mechanism should be established to deal with issues, such as threats to information security.
    Research on Evidence Attribute of Blockchain Information
    2020, 6(12):  1082-1087. 
    Asbtract ( )   PDF (946KB) ( )  
    References | Related Articles | Metrics
    The technical advantages and application at home and abroad of blockchain have made it inseparable from the current social life and legal relations, and then after the dispute arising, it is bound to bear the evidence function of finding out the facts, safeguarding the rights and proving the responsibility. Blockchain electronic evidence is not only divided into various types under their own features, but also has common technical characteristics. They are the decisive factors of its basic attributes of evidence - evidence ability and probative force. At the same time, the two basic attributes of evidence are the relationship of one integrity with both sides in judicial application, which can not be separately examined. Although the positive law affirms the judicial application of blockchain electronic evidence, it still faces a variety of challenges that may lead to its loss of evidential ability or reduction of probative force. In practice, many cases also have indirectly responded to the above challenges, and their common principles are worth learning.
    Analysis of China's Personal Information Rrights Protection System in the Era of Big Data Based on the Background of Government Data Fusion
    2020, 6(12):  1088-1100. 
    Asbtract ( )   PDF (1984KB) ( )  
    References | Related Articles | Metrics
    Personal information security is facing new challenges in the era of big data. The novel coronavirus pneumonia has led to a new stage of government administration in the government data fusion, and it has also brought new threats to personal information security. It has become a world trend to protect personal information by right, which is also the due meaning of the information age. Although the concept of personal information right is not clearly defined in China's legislation, there is also no lack of discussion on whether to protect personal information as a right in theoretical circles. In order to protect the personal information security through the confirmation of rights, on the basis of clearly combing the legislative system of personal information protection in China and the views of the theoretical circles on personal information as a right, this paper selects the United Kingdom, the United States, Canada and Germany as the research objects of comparative law, and finally puts forward specific countermeasures for the protection of personal information rights from the perspective of the combination of public law and private law to confront with personal information rights protection issues under the background of government data fusion.
    Sovereign Digital Currency Security Risks and Legal Regulations in China
    2020, 6(12):  1101-1108. 
    Asbtract ( )   PDF (1172KB) ( )  
    References | Related Articles | Metrics
    Sovereign digital currencies are currently one of the focal points of global attention. China's sovereign digital currency began trial operations in the first half of this year, but its security risks, especially those related to information security and asset security, affect people's trust in and acceptance and use of it. Therefore, it is necessary to explore how to incorporate the security risks of sovereign digital currencies into the scope of regulation from a legal perspective. Sovereign digital currencies are both an integration of technical systems and a form of existence of assets. Its operational security risks can be divided into two categories i.e. technical security risks and social security risks. Technical security risks should not only be addressed by technical means, but also considered to be regulated by legal means. Constructively, the objectives, subjects and objects, contents and legal categories of legislative regulation are proposed; the requirements of law enforcement and judicial regulation are also proposed, which will hopefully have a positive impact on the promotion of China's sovereign digital currency.
    Absence of Constraints and Regulation Paths of "Face Changing Technology" under Copyright Law
    2020, 6(12):  1109-1117. 
    Asbtract ( )   PDF (1385KB) ( )  
    References | Related Articles | Metrics
    "Face-changing technology" is an intelligent video processing technology that uses the deep learning capabilities of the Internet to form a confrontational generation network model. Compared with traditional technology, this technology has the characteristics of high degree of authenticity, universal adaptability and rapid evolution. In the field of copyright law, due to the autonomous learning nature of this technology, the attributes of the “face-changing video” produced by itself have yet to be determined. The abuse of this technology not only infringes on the personal rights of the original work copyright owner and performer, but also harms the public interest. Article 22 of the current Copyright Law cannot fully explain the fair use of this technology. In the next stage, on the basis of existing technology and legal regulations, we must clarify the copyright law attributes of the technology product, build a "producer-platform-audience" pre-regulation system, clarify producers’ declaration obligations, strengthen platform review obligations, and strengthen The ability of people to identify information.
    On Application Risk and Legal Regulation Path of Facial Recognition Technology
    2020, 6(12):  1118-1126. 
    Asbtract ( )   PDF (1397KB) ( )  
    References | Related Articles | Metrics
    Facial recognition technology is a biometric identification technology for identifying based on human facial information. Facial recognition technology has the characteristics of direct recognition, remote recognition, and uniqueness of recognition, which may lead to the application risk during the recognition process, such as the lack of stability of accurate recognition, the structural bias of data and algorithm in the process of identifying as well as the privacy concern in the 1: N identify situation. Throughout the world, there has been a special legislative path and comprehensive legislative path of facial recognition. This paper primarily focuses on the analysis of the special legislative path, and summarizes that there has been a civil legal regulation path for private sector, which is strengthening the external duty and responsibility of the processor, as well as balancing the personal data right and legitimate interests of the private sector; an administrative legal regulation path for government agencies, which dominated by the prohibitive acts with the administrative prohibition rules first; a criminal legal regulation path for illegal group, which fight against recognition for criminal identification and re-identification.
    Design of Protocol Monitoring System Based on Cloud Computing and Deep Learning
    2020, 6(12):  1127-1132. 
    Asbtract ( )   PDF (1830KB) ( )  
    References | Related Articles | Metrics
    The development of various types of web applications has enabled the application range of the HTTP protocol to continue to expand. Due to the flexibility and diversity of Web technologies, new attack methods for Web applications are constantly evolving and evolving. Malicious behaviors such as XSS cross-site scripting attacks and database injection attacks are increasingly reflected in HTTP requests. The traditional security defense system responds to new challenges all the time.In order to cope with the new changes of Web security, this paper proposes a method to establish the HTTP protocol security monitoring model, the classification algorithm training for the model, and the detection of HTTP access data categories. Combining the characteristics of malicious behavior in HTTP request, the change of malicious feature path, and the difficulty of monitoring, explore the use of cloud computer technology to analyze HTTP request format and malicious features, automatically generate sensitive word database, and adopt feature entropy-based feature selection algorithm. In combination with deep learning technology, the classification algorithm is trained to train the security detection model, and then a monitoring system for improving the security of the HTTP protocol is proposed.
    Research and implementation of IoT card security risk monitoring system based on machine learning algorithm
    2020, 6(12):  1133-1138. 
    Asbtract ( )   PDF (1828KB) ( )  
    References | Related Articles | Metrics
    At present, China's IoT network card users are developing rapidly, but operators lack of security supervision of IoT network card, which makes IoT network card abuse and embezzlement. This paper introduces the Internet of things card monitoring technology based on machine learning, which can use fuzzy c-means algorithm to audit online business, and use naive Bayesian algorithm to classify online content and SMS. Based on the above technology, this paper implements the Internet of things security risk monitoring system, and implements it in China Mobile Liaoning company. Under the premise of ensuring efficiency and accuracy, the system can find a large number of illegal IoT cards and effectively guarantee the security of IoT.
    Research on Life Cycle Security Management from the Perspective of Information System Builders
    2020, 6(12):  1139-1144. 
    Asbtract ( )   PDF (2168KB) ( )  
    References | Related Articles | Metrics
    This paper analyzes the security management activities of the information system life cycle, and from the perspective of the information system builders, combined with the PDCA model and system security engineering ideas, and proposes a continuous optimization closed-loop control model for information system security management, and explain the safety management activities of the builders at each stage of the life cycle of the information system, and realize the safety management at all stages of the life cycle of the information system by planning safety goals, designing safety systems, implementing safety development, verifying safety goals, and continuing to maintain safety. The management objects, management activities and management objectives of each stage will ultimately provide information system builders with ideas for information system safety management throughout the life cycle.