Table of Content

    07 November 2021, Volume 7 Issue 11
    Security Strategy of Active Security Network Architecture 
    2021, 7(11):  998. 
    Asbtract ( )   PDF (1337KB) ( )  
    References | Related Articles | Metrics
    This is the fourth article in a series of articles on active security network architecture. It explains the security concept of active security network architecture and the core content of network security protection strategies, and clarifies that organizations need to use network security strategies to carry out network security protection work in order to seize the key to safety protection work of the network. With the support of active security network architecture, organizations can comprehensively formulate, integrate, publish, and execute network security strategies, effectively exert various characteristics and functions of network security strategies, and rely on active security strategies to fundamentally change the organization's network Security protection methods and effects; The implementation of active security strategies within the organization will bring to the organization various security values such as unified command of security protection, coordinated release of security capabilities, and improvement of security protection effectiveness, which will significantly improve the organization's network security protection capabilities and effects.
    Association Rules Mining for Privacy Protection
    Fan Min, Yang Geng
    2021, 7(11):  1007. 
    Asbtract ( )   PDF (1559KB) ( )  
    References | Related Articles | Metrics
    Association rule mining is an important task in data mining. To solve the problem of privacy in the process of mining, especially under the given level of privacy protection, how to improve the usability of mining results, this paper proposes an association rule mining algorithm that satisfies differential privacy(TS-ARM) and designs a new transaction segmentation method to reduce the dimensionality of the data set. A dual conditional mechanism is used to transactions that exceed the length threshold, that is, the segmentation condition meets both the segmentation length threshold and the segmentation support threshold at the same time. Compared with the traditional transaction truncation method, this transaction segmentation method can effectively control the information loss caused by the addition of noise while reducing the sensitivity of the query and reducing the required noise scale. Theoretical analysis and experiments prove that the proposed algorithm not only guarantees privacy, but also improves the availability of data mining results under a given security level.
    Research on New Smart City Network Security Collaborative Protection Framework
    2021, 7(11):  1017. 
    Asbtract ( )   PDF (1561KB) ( )  
    References | Related Articles | Metrics
    The new smart city has become a strategic choice to promote global urbanization, improve the level of urban governance, solve the big city disease, improve the quality of public services, and develop the digital economy. The rapid development of the new generation of information technology brings opportunities as well as challenges for the development of the new smart city. In order to better promote the wisdom and security of modern city development, this paper first analyzes the collaborative protection risks of new smart city network security from the perspectives of management, technology, construction and operation, and then proposes to build a new smart city network security collaborative protection framework including index system, evaluation system and technical system, which can provide a theoretical and methodological reference for the new smart city network security collaborative protection.

    Research on Model Steal Attack Based on FGSM Sample Expansion
    2021, 7(11):  1023. 
    Asbtract ( )   PDF (1771KB) ( )  
    References | Related Articles | Metrics
    Aiming at the problems of narrow application range, large training data dependence and low prediction accuracy of the model stealing attack method, a model stealing attack method based on FGSM sample expansion was proposed. In this method, a small number of samples were used as the seed set, and the new samples were continuously expanded by the rapid gradient symbol method (FGSM). The boundary of the alternative model was corrected according by the decision of the model to be attacked, and the similarity between the alternative model and the model to be attacked was improved. Combined with the cross-validation of hyperparameters, the model stealing attack was realized by using the increasing training set to train the alternative model. The experimental results on Drebin dataset showed that the consistency and accuracy of the alternative model gradually improved with the increase of iteration rounds, and the detection accuracy of the alternative model trained by this method was better than that of the model stealing methods compared.

    XGBoost Based DDoS Detection in Software-Defined Networking(SDN)
    2021, 7(11):  1031. 
    Asbtract ( )   PDF (830KB) ( )  
    References | Related Articles | Metrics
    Accurate and fast detection of distributed denial of service (DDoS) attacks is an important research topic in the security field. In order to improve the detection rate of DDoS attacks in Software-Defined Networking (SDN), XGBoost is used to model the traffic in the network. According to the traffic information when the attack occurs, this method can extract features and train a model, which can effectively detect DDoS attacks. In experiments, mininet and floodlight are used to build SDN environment, and HPing3 is used to generate abnormal network traffic results show that the average accuracy of this method is 95.34% when detecting DDoS attacks in SDN, which is higher than other machine learning methods, which proves the effectiveness of this method.

    A New RSA Attack Algorithm Based on Legendre Theorem of  Continued Fraction Approximation
    2021, 7(11):  1037. 
    Asbtract ( )   PDF (449KB) ( )  
    References | Related Articles | Metrics
    RSA encryption algorithm is an asymmetric encryption algorithm. The difficulty of decomposing large integers determines the reliability of RSA algorithm. Aiming at RSA attack problem, this paper proposes an attack algorithm based on the Legendre theorem of continued fraction approximation. On the basis of Wiener attack algorithm, the algorithm is improved by using the real quadratic irrational number approximation method instead of the rational fraction approximation method of Wiener attack algorithm,The result of this algorithm is to weaken the restriction of Wiener attack algorithm on RSA small decryption index, which makes the algorithm more applicable.Theoretical analysis and simulation prove its effectiveness and performance is better than classical wiener attack algorithm.

    Network security technology based on multi source alarm information association
    2021, 7(11):  1041. 
    Asbtract ( )   PDF (1115KB) ( )  
    References | Related Articles | Metrics

    For the existing network security strategy in dealing with the alarm information, the calculation structure is single, resulting in long running time and low efficiency, this paper proposes a network security technology research based on multi-source alarm information correlation analysis. On the basis of clarifying the attack intention, the effective alarm information data is extracted, and the multi-source alarm information is aggregated and de redundant by association analysis algorithm; the alarm information management process based on association analysis rule matching is designed, and the network security technology platform is established to realize the network security technology research based on multi-source alarm information association analysis. The experimental results show that in the same running time, the number of alarm information is significantly reduced, and the network security alarm rate is improved.

    Unified Authority Management Scheme in Zero Trust Architecture 
    2021, 7(11):  1047. 
    Asbtract ( )   PDF (1922KB) ( )  
    References | Related Articles | Metrics
    Zero trust security architecture is subverting people's perception of enterprise security. Its main point is "continuous verification, never trust", which makes more requirements for the subject, object and time of authentication and authorization. This paper mainly discusses how to quickly achieve unified authority management and control under the background of zero trust from the perspective of authority management. Through the investigation and analysis of many enterprises, functional authority and data authority are the most common dimensions of authority management in enterprises. Based on this, we can design a set of universal and highly flexible unified authority platform, which is used to centrally manage the authority data of each enterprise information system, realize the efficient control of authority under the zero trust architecture, and ensure the data security and business security
    Study on the Legislation Paradigm of Data Factors Market Development
    2021, 7(11):  1052. 
    Asbtract ( )   PDF (1488KB) ( )  
    References | Related Articles | Metrics
    The legislation of data factors market should start from the study and clarification of the special characteristics and safe utilization of the data factors, with the comparative analysis to the real property, chattel, intangible assets which are relatively clearly regulated by the current laws, formulate the systematic framework and legislation paradigm which would best fit the China characteristic environment and systems. As the new type of the production factors, data is quite different from the real property, chattel, and intangible assets in the physical form, uniqueness, laws regulation, rights certification, infringement, technology support and transform mode. The data factors market need to be systematically planed and designed in the rules, incentive mechanism, safe utilization and long-run development from the economics prospective. As a complex social systematic engineering subject, the development of data factors market should apply with an comprehensive view to consider the interaction and inter-affection from not only the legal causes, but also the technology, economic and business causes and adopt basic routine of the socialist system of laws with Chinese characteristics——“focus on the current issues-guided with principle policy-explore on the local legislation- regulate by administrative law-conclude to the law”.

    Controversy and System Reflection on the Right to Data Portability
    2021, 7(11):  1063. 
    Asbtract ( )   PDF (1121KB) ( )  
    References | Related Articles | Metrics
    With the continuous development of technology and law, data subjects have increased the possibility of using conflicting methods to protect their data rights under the joint promotion of the two. The right to data portability has been revised several times as an independent right and was stipulated in the General Data Protection Regulation (GDPR) passed in 2016. The right to data portability enhances the data subject's control over personal data and at the same time gives the data controller more responsibilities, which has aroused great controversy in academia. Behind the various disputes are the very different attitudes and goals of the game's main players, network users, network platforms, and countries towards the right to data portability. Regarding the scope of data portability, the reasonable protection of the rights of third-party data subjects, and whether the original data controller can retain the personal data related to the data subject, there are loopholes. The personal data is divided into user basic data and derivative data. The "portability" of the two uses different system designs, trying to find a suitable balance between the rights of the data subject and the interests of the data controller.

    Study on Data Protection Certification Mechanisms under the General Data Protection Regulation
    2021, 7(11):  1071. 
    Asbtract ( )   PDF (1108KB) ( )  
    References | Related Articles | Metrics
    With the development of personal information protection, the need for data protection certification has become increasingly prominent. Valuable lessons can be learned from data protection certification mechanisms introduced by the General Data Protection Regulation (the GDPR) along with their practices. This article investigates and analyzes the framework of GDPR certification, including its legal basis, purpose, and the distribution of roles in data protection certification mechanisms. The article then sorts out the certification and accreditation mechanisms under 42&43 GDPR, summarizes the progress of GDPR certification, and discusses aspects of the data protection certification mechanisms which need to be further specified. Based on the above analysis, the article unifies China’s actual situation of personal information protection and puts forward suggestions for researching and establishing the personal information protection certification system.

    Identification of “Traffic To Be Obtained” in Cases of Traffic Hijacking
    2021, 7(11):  1077. 
    Asbtract ( )   PDF (1013KB) ( )  
    References | Related Articles | Metrics
    Traffic hijacking refers to the unfair behavior that using commercial technical measures to hijack the trading opportunities that should belong to the operating subject and to induce or force users to use the hijacker's network services.One of the focus issues in current traffic hijacking cases and also the difficulty in judgment is the identification of "traffic to be obtained". "Traffic to be obtained" is taken as the precondition to judge traffic hijacking, and it also lays a foundation for the judgment of "unfairness of ways ".Through the analysis of typical cases of traffic hijacking, the identification of "traffic to be obtained" should be taken into comprehensive consideration from such aspects as the use relationship between the two competitors, the cost-benefit ratio of the hijacked, the  expectation of the users and the industry practices.

    Research progress of smart city network security
    2021, 7(11):  1084. 
    Asbtract ( )   PDF (850KB) ( )  
    Related Articles | Metrics
    With the in-depth promotion of urban governance modernization and the innovative application of information technology, the network security of smart city is of great significance to enhance the coordination, information transmission and stable operation of smart city construction. In this paper, through carefully combing the security situation of smart city at home and abroad, combing the relevant content around the policy system, security system, standardization construction and other aspects, integrating the "full cycle management" consciousness in the process of smart city construction, and putting forward the strategic thinking of "insisting on overall development and safety, insisting on Collaborative safety risk and safety demand, insisting on safety investment and economic benefit evaluation, insisting on standard first and application demonstration",to provide theoretical research significance for the security of new smart city construction.

    Research on the Application of data authorization circulation based on Blockchain technology 
    2021, 7(11):  1090. 
    Asbtract ( )   PDF (2384KB) ( )  
    References | Related Articles | Metrics
    The circulation of data elements has become an important means of developing digital economy, but there are still many difficulties and challenges in achieving an orderly circulation of data. Taking the talent employment service scenario as an example, this article analyzes the pain points and needs of all parties in the business from the perspective of data circulation, and discusses how the data authorization service based on blockchain technology can protect personal information security and the data rights of all parties. Under the premise, through the effective authorization of data related parties, data can be transmitted from providers to users, so as to meet the reasonable needs of different organizations for data collected by government, improve the government's governance capabilities, optimize public services quality, and boost the benign development of the data elements market.

    Design and Analysis of Secure Email System Using Certificateless Cryptography
    2021, 7(11):  1097. 
    Asbtract ( )   PDF (1055KB) ( )  
    References | Related Articles | Metrics
    Aiming at the inherent defects of identity-based cryptography in key escrow,one improved secure email system design architecture based on identity-based cryptography is proposed, which uses SM series algorithm as the core cipher algorithm,adopts Al-P certificateless public key encryption scheme, increases the user's selection of secret value to participate in the private key generation process, achieves the purpose that the trusted third party or the key generation center can not completely obtain the user private key,and solves the security defect that the trusted third party or the key generation center may obtain legitimate authorization for malicious behavior, effectively enhances the self security of the secure e-mail system. The security analysis shows that the system can not only solve the key escrow problem effectively, but also guarantee the confidentiality, integrity and authenticity of the data exchange.

    Intelligent Security Test Platform for Power Metering System
    2021, 7(11):  1103. 
    Asbtract ( )   PDF (1903KB) ( )  
    References | Related Articles | Metrics
    With the fast development of electric energy spot online trading, the new business functions of the power metering system will be deployed constantly. In order to avoid the quality problems of sourse codes after the system version is updated and upgraded, resulting in the economic loss and social impact caused by online business interruption, an intelligent security test platform for power metering system is designed. Based on this platform, the system operation and maintenance personnel only need to move their fingers and to obtain the source codes uploaded by the software development team, then to execute the runnable instructions, the platform can automatically complete the vulnerability scanning testfor the code security and generate the visual analysis report of the code security level, so as to realize the code security vulnerability test and quality control before the version update of the metering system.