Journal of Information Security Reserach

Research on Blockchain Anomaly Transaction Detection Technology Based on Stacking Ensemble Learning

2023, 9(2): 98.

Asbtract ( )

PDF (4463KB) ( )

References | Related Articles | Metrics

In order to efficiently detect abnormal transactions on the blockchain, this paper proposes a method based on Stacking integration learning. Firstly, XGBoost, LightGBM, CatBoost and LCE are used as the base classifier, and MLP is used as the metaclassifier, and the MLP_Stacking integrated learning algorithm is designed. Secondly,SUNDO is used for data augmentation to solve the problem of serious imbalance in data sets; Finally, a multimodel joint feature sorting algorithm is designed to generate an optimal subset of features, and the resulting optimal subset of features is used as the input data set of the MLP_Stacking for classification training to achieve model optimization. This paper experiments at the open source dataset provided by Kaggle platform , and the experimental results show that the SUNDO data generation method can effectively improve the performance of each classifier, and the training effect of the integrated model designed in this paper is obviously better than that of the individual model.

Research on Personal Privacy Data Sharing Technology Based on Blockchain Traceability

2023, 9(2): 109.

Asbtract ( )

PDF (1327KB) ( )

References | Related Articles | Metrics

Personal privacy data on the Internet, as an one of the important information resources, involves a series of security issues. Centralized or distributed servers are usually used to centrally manage personal privacy data. The data storage is not transparent, and it is prone to problems such as single point of failure and information theft. This paper combines blockchain technology with the improved CPABE algorithm, uses IPFS to store private data, and designs a flexible finegrained personal privacy data sharing scheme PPSSBC based on improved CPABE algorithm. The proposed scheme supports the accountability of malicious users who leak their private keys and realizes dynamic access control. The paper proves the security of the scheme. Experimental analysis shows that the scheme is effective.

Research on the Trusted Identity Scheme of Internet of Vehicles Based on Blockchain Oracle

2023, 9(2): 120.

Asbtract ( )

PDF (1499KB) ( )

References | Related Articles | Metrics

In order to improve the security and reliability of user identity in the Internet of vehicles, this paper proposes a registration scheme of trusted identity in the Internet of vehicles based on blockchain oracle from the perspective of user registration stage. First, smart contract is used to mobilize blockchain predictor to credibly obtain the data set of impact factors affecting user credibility from thirdparty data sources. In order to ensure the credibility of obtained data, this paper uses distributed predictor nodes to conduct consensus vote on the credibility of thirdparty data sources.Then the machine learning algorithm is used to train and verify the model to predict whether the user is trustworthy or not, finally, the trained model is used to predict the trustworthiness of registered users, the identity of the trusted user will be allowed to join blockchain, Ensure the traceability and credibility of user identity in the Internet of vehicles. The simulation results show that the accuracy of using the prediction model to predict the reliability of registered users is high, which can ensure the reliability of Internet of vehicles users in the registration stage.

Research and Implementation of Electronic License Sharing Scheme Based on Blockchain

2023, 9(2): 127.

Asbtract ( )

PDF (2479KB) ( )

References | Related Articles | Metrics

In recent years, all provinces have built electronic license systems and shared license data, simplifying the business process. However, some risks are also emerging. Electronic certificates are stored in the centralized servers. When attacked, electronic certificates can be tampered with. If the operation is not standardized, it will lead to difficulties in tracing the certificate and auditing supervision. In the verification scenario, the privacy of the certificate holder is overexposed. This paper combines blockchain technology with electronic license. With the help of decentralized synchronous accounting technology of blockchain, certification services can be provided by any functional department. Based on the traceable, tamperproof, transparent and open characteristics of blockchain, it can solve the problems of safe storage of license and operation, credible sharing, and certificate traceability. Based on smart contract and zeroknowledge proof, the privacy of individual and enterprise electronic certificates can be effectively protected.

Blockchainbased Data Element Resources Sharing and Access Control Scheme

2023, 9(2): 137.

Asbtract ( )

PDF (1298KB) ( )

References | Related Articles | Metrics

The secure access control of data resources is the foundation of the industry chain. Attributebased encryption is widely used in finegrained access control to achieve secure data sharing, but there are many challenges, such as single authority, high trustbuilding cost, difficulty to revoke access, and single point of failure. In this paper, we propose a blockchainbased data resources access control scheme in the industry chain, which improves the security and flexibility of access control by designing a revocable multiauthority attributebased encryption algorithm. In addition, the blockchain with immutability, unforgeability, traceability and auditability is introduced to maintain the rights of data owners and reduce the cost of attribute management among attribute authorities. This scheme supports distributed attribute management and attributes updating without trusted authority to resist collusive attacks. The analysis results show that the proposed scheme can achieve secure and trustworthy data sharing in the industry chain.

A Comparative Study of the Ways of Personal Information Protection

2023, 9(2): 146.

Asbtract ( )

PDF (1172KB) ( )

References | Related Articles | Metrics

From the perspective of cultural comparison, different countries or regions have different ways of protecting citizens’ personal information. However, in the age of information, influenced by the sociality and sharing characteristics of information, the goals and tendencies of personal information protection mode show similarities. In China newly published “Personal Information Protection Law of the People’s Republic of China”(PIPL), the national security oriented thinking is still in an important position. In the process of review, it is faced with the discretion and choice of the protection or utilization of personal information. Referring to the beneficial experience of other countries and combining with China’s local conditions, when reviewing and interpreting the PIPL, China should take public interest as the standard to protect personal information rights and interests or promote utilization of information, recognize the nature of information, build the mechanism of data sharing and circulation, incorporate the principle of trust into the personal information protection law, and propose China’s scheme on personal information protection approach.

The Path Selection of Effective Implementation of Informed Consent in Personal Information Protection

2023, 9(2): 154.

Asbtract ( )

PDF (1143KB) ( )

References | Related Articles | Metrics

With the advent of the information age, personal information is gradually presented in digital forms, and personal information protection is also facing new risks and challenges. The Personal Information Protection Law came into force in November 2021, which stipulates informed consent for the protection of personal information. However, due to the difficulties of fully guaranteeing the right to know, the limitations of the exercise of the right to consent, and the high costs of operation of the rules, informed consent has not yet been effectively implemented in practice. The method of extraterritorial comparative analysis is mainly adopted to find the path of effective implementation of informed consent, so that the informed consent in personal information protection can be truly implemented and more comprehensively protect the rights and interests of citizens’ personal information.

Compliance Analysis Framework of Personal Information Protection in Federated Learning

2023, 9(2): 162.

Asbtract ( )

PDF (2531KB) ( )

References | Related Articles | Metrics

The compliance analysis of federated learning in the sense of personal information protection needs to be further improved, especially the closer combination of technology and law. Therefore, a 6 stepscompliance analysis framework is established, which includes identifying applicable regulations, data flow, processing behavior, subject identity, responsibilities and obligations, and compliance risk analysis. For the classical horizontal and vertical federated learning framework, the framework is sufficient to give concrete compliance conclusions which have close logical relationship with applicable regulations. It can be extended to other architectures or privacy computing technology compliance analysis, and be integrated into the compliance requirements of other countries or regions. The framework helps to meet the requirements of the personal information protection law for impact assessment of personal information processing. Finally, based on the framework and conclusions, some suggestions on the formulation of personal information protection standards for federated learning are put forward.

Research on the Application of Quantum Technology in Egovernment Extranet

2023, 9(2): 171.

Asbtract ( )

PDF (3966KB) ( )

References | Related Articles | Metrics

With the continuous breakthrough of quantum technology, especially the continuous development of quantum technology in the developed countries, the original classical password security measures of Chinese egovernment extranet have been seriously threatened, which must be prevented before the actual threat occurs; Using quantum secret communication to solve the security problem of key distribution in classical cryptography has become an important security measure for cryptographic applications in government affairs, finance and other fields. Based on quantum technology, this paper explores the application of special line encryption, application encryption, data encryption, identifying network attacks based on quantum computing, verifying the robustness of password security and other scenarios in the egovernment extranet, which improves the confidentiality, integrity and availability of the system business data transmission carried on the egovernment extranet to a certain extent.

Data Analysis of Top International Conferences on Cyberspace Security in Mainland China Based on Knowledge Graph

2023, 9(2): 180.

Asbtract ( )

PDF (1158KB) ( )

References | Related Articles | Metrics

In the four top academic conferences in the field of security (ACM CCS, NDSS, USENIX Security, IEEE S&P) and the three top academic conferences in cryptography (CRYPTO, EUROCRYPT, ASIACRYPT), not only contains a lot of academic knowledge, but also hides Large amounts of structured academic data with academic associations. Based on technologies such as Web crawler and natural language processing, this paper obtains the conference paper data of the four top conferences in the security field and the three major cryptographic conferences from the Internet, and performs entity relationship extraction, data completion and data fusion to obtain a structured Paper data; further based on the neo4j graph database, designed and constructed the data ontology and relationship, imported the paper data, and established the knowledge map based on the above seven conferences for the first time. And based on the knowledge map, the statistics of the domestic publication data are analyzed, and the development and trend of the domestic security field and cryptography research are analyzed. The construction of the toplevel conference knowledge map is helpful to sort out the development of top academic achievements in the domestic security field and cryptography, and better promote the research and development of my country’s security field and cryptography field.

Analysis of the National Cryptography Technology Competition Based on the Awardwinning Data

2023, 9(2): 187.

Asbtract ( )

PDF (4208KB) ( )

References | Related Articles | Metrics

In response to the needs of the times and social development, the National Cryptography Technology Competition was first held in 2015 and has six sessions since then. As the highestlevel and most influential technology competition in the field of cryptography in China, it is still in the blank about its data analysis . This paper is the first systematic research on the National Cryptography Technology Competition. Through the collection, processing and statistics of the entries and awardwinning data in recent years, various techniques such as entropy weight method and TOPSIS comprehensive evaluation method are used for analysis. From the three dimensions of the competition as a whole, the participating units, and the entries, try to dig out the hidden information and laws behind the competition’s winning data, and explore the factors that may affect the winning of the works. From three aspects: the classification of official works, the topic selection of A, B types, and the research field of works, the intrinsic relationship between the topic selection direction of the awardwinning works and the development and demand of cryptography technology is sought, and the selection and distribution of the types of works and topics in future competitions are predicted. In this way, it provides theoretical reference and data reference for the teams participating in the competition in the future. At the same time, suggestions and prospects are given in combination with the development trend in the field of cryptography.

Selfhealing Group Key Distribution Scheme Based on Sliding Window

2023, 9(2): 197.

Asbtract ( )

PDF (1022KB) ( )

Table of Content