Table of Content

    17 October 2023, Volume 9 Issue 10
    Vulnerability Mining and Threat Detection
    2023, 9(10):  930. 
    Asbtract ( )   PDF (510KB) ( )  
    Related Articles | Metrics
    Survey of Intelligent Vulnerability Mining and Cyberspace Threat Detection
    2023, 9(10):  932. 
    Asbtract ( )   PDF (1093KB) ( )  
    References | Related Articles | Metrics
    At present, the threat of cyberspace is becoming more and more serious. A large number of studies have focused on cyberspace security defense techniques and systems. Vulnerability mining technique can be applied to detect and repair vulnerabilities in time before the occurrence of network attacks, reducing the risk of intrusion; while threat detection technique can be applied to threat detection during and after network attacks occur, which can detect threats in a timely manner and respond to them, reducing the harm and loss caused by intrusion. This paper analyzed and summarized the research on vulnerability mining and cyberspace threat detection based on intelligent methods. In the aspect of intelligent vulnerability mining, the current research progress is summarized from several application classifications combined with artificial intelligence technique, namely vulnerability patch identification, vulnerability prediction, code comparison and fuzz testing. In the aspect of cyberspace threat detection, the current research progress is summarized from the classification of information carriers involved in threat detection based on network traffic, host data, malicious files, and network threat intelligence.
    Machine Learning based Code Injection Attack Vulnerability Detection for Android Hybrid Applications
    2023, 9(10):  940. 
    Asbtract ( )   PDF (1281KB) ( )  
    References | Related Articles | Metrics
    The Android hybrid application has good cross platform portability, but the HTML and JavaScript code in the WebView component it uses can call data through internal or external channels to access related resources, resulting in a code injection attack vulnerability. To solve this problem, a machinelearningbased code injection attack vulnerability detection method for Android hybrid applications was proposed. Firstly, decompiled the Android hybrid application and fragmented its code; Then, extracted sensitive permissions and APIs that can trigger malicious code in the data for mixed application applications with Android, and combined them to generate feature vectors; Finally, various machine learning models are constructed for training and classification prediction. From the experimental results, the Random forest model has the highest recognition accuracy, and can improve the accuracy of vulnerability detection for Android hybrid application code injection attacks.
    Research on Memory Webshell Detection in Docker Container Based on RASP Technology
    2023, 9(10):  947. 
    Asbtract ( )   PDF (2213KB) ( )  
    References | Related Articles | Metrics
    Containers have become a vital infrastructure supporting cloud computing application execution, making container security increasingly crucial. The frequent occurrence of container security incidents has propelled the urgent need for research in container security protection. Unlike traditional host security measures that emphasize boundary defense, container security places greater emphasis on runtime and overall security protection. From an offensive and defensive standpoint, this paper proposes a detection study targeting the highrisk attack method of memory Webshell attacks in container environments.
    A Vulnerability Detecting Approach Based on Sanitizer Identification for Embedded Devices
    2023, 9(10):  954. 
    Asbtract ( )   PDF (998KB) ( )  
    References | Related Articles | Metrics
    The security issues of embedded devices are increasingly prominent, stemming from the negligence of device manufacturers towards security. To effectively identify vulnerabilities in embedded devices, taint analysis is a commonly used and effective technique. Taint sanitizer plays a crucial role in taint analysis by eliminating the security risks associated with tainted data. The accuracy of sanitizer identification directly determines the effectiveness of vulnerability detection. In the context of detecting vulnerabilities in embedded firmware, existing approaches reliant on simplistic pattern matching have led to the issue of false negatives in identifying taint sanitizer. To address this issue, this paper proposed a vulnerability detection method for embedded devices based on sanitizer identification, ASI, which improved the accuracy of sanitizer identification while ensuring lightweight and reducing the false positive rate of vulnerability detection results. The method established the “contentlength” association relationship between variables, finding potential variables that represent content length, thereby identifying sanitizers based on tainted length variables for path condition constraints. Additionally, it identified sanitizer functions that performed special character filtering based on heuristic methods. Experimental results on 10 device firmwares from 5 popular vendors showed that compared to existing ITS techniques, the false positive rate of ASI has been reduced by 9.58%, while the detection time cost has only increased by 7.43%.
    A CNN-LSTM Method Based on Attention Mechanism for In vehicle CAN Bus Intrusion Detection
    2023, 9(10):  961. 
    Asbtract ( )   PDF (1619KB) ( )  
    References | Related Articles | Metrics
    With the continuous expansion of intelligent car functions and the growth of user groups, the network security issues of intelligent cars have gradually arisen people’s attention. The numerous external interfaces of intelligent vehicles provide attackers with many opportunities to invade the invehicle networks (IVN). However, due to the absence of any mechanism to defend external attacks to the IVN, attackers can easily access the vehicle network and control the vehicle through external interfaces, leading to serious traffic accidents. At present, intrusion detection systems (IDS) targeting at IVN are considered as an effective method to defend network intrusions. This paper will propose a CNNLSTM method based on attention mechanism to detect CAN bus intrusions. The method first transforms CAN communication data into images, then uses convolutional neural network (CNN) to extract the features, and sends them into long short term memory(LSTM) network with attention mechanism to determine if the communication is anomalous. The experimental results show that the proposed method performs well under all metrics and can detect the CAN intrusions effectively.
    Anonymous Identitybased Broadcast Encryption Scheme Based on SM9
    2023, 9(10):  968. 
    Asbtract ( )   PDF (1106KB) ( )  
    References | Related Articles | Metrics
    Identitybased broadcast encryption combines broadcast encryption with identitybased encryption, which has the characteristics of broadcast encryption and avoids the certificate management work that consumes a lot of resources. In order to meet the strategic needs of autonomous and controllable cryptography technology in China, Lai Jianchang et al. designed an efficient identity broadcast encryption scheme based on China’s SM9 identitybased encryption algorithm for the first time, and gave INDsIDCPA security analysis. However, so far, there is still a lack of research on the anonymous identitybased broadcast encryption scheme based on SM9, which can effectively avoid data recipients having the ability to judge whether other recipients are legitimate. Therefore, drawing on the construction idea of generic anonymous identitybased broadcast encryption scheme proposed by He et al. and using the bilinear pair technique, the first anonymous identitybased broadcast encryption scheme with INDnIDCCA2 security and ANOIDCCA2 security under the random oracle model based on SM9 is designed, which is more easily integrated with current systems based on SM9 identity encryption algorithm. For the security of the designed scheme, the analysis process is given. Finally, the performance analysis shows that the scheme has good security and some desirable characteristics, that is, the length and computational cost of the main public key, the main private key and the receiver private key are constant, and the decryption computational cost is constant.
    Optimization and Application of Text Semantic Similarity Analysis Model Under Small Dataset
    2023, 9(10):  980. 
    Asbtract ( )   PDF (1445KB) ( )  
    Related Articles | Metrics
    Data usage compliance is a key link in data security governance, and its focus is on text traceability and intellectual property protection through text semantic similarity analysis. Aiming at the problem of limited public data resources, a contrastive learning framework is introduced. There are positive and negative sample coupling operators in the existing objective functions commonly used in contrastive learning, resulting in serious gradient attenuation of backpropagation, and there are few batches available for training with small datasets, so it is difficult for the model to converge to the local optimum. This paper proposes contrastive learning text semantic similarity analysis method under small dataset. By calculating the partial derivatives corresponding to the positive and negative samples in the backpropagation of the comparative learning objective function, and eliminating the common factor operator, the gradient decay of the backpropagation is suppressed, and the convergence speed of the model is improved. The experimental results on public datasets show that this method can improve the training efficiency of the model and the effect of text semantic similarity analysis in small datasets.
    Intelligent Generation Method of Noise Reduction Baseline for Cybersecurity Alert
    2023, 9(10):  986. 
    Asbtract ( )   PDF (2014KB) ( )  
    References | Related Articles | Metrics
    The operators often filter alerts through some preset baseline rule groups in cybersecurity operation. It is difficult to deeply adapt to the specific network and business environment of the enterprise. With the continuous expansion of enterprise information services, the complex cyberattack is usually hidden in tons of alerts. It causes the alert fatigue, which reduces the efficiency of security operation center. We propose a cybersecurity alert baseline method based on intelligence algorithm to generate interpretable alert noise reduction baselines, which can filter alerts without understanding the company’s environment and business. It can improve the efficiency of cybersecurity operation. This method can effectively filter alerts in the actual production environment of a large company.
    Research on Distributed Digital Identity Construction at Home and Abroad
    2023, 9(10):  993. 
    Asbtract ( )   PDF (1461KB) ( )  
    References | Related Articles | Metrics
    Digital identity is the mapping of real identity of natural person in cyberspace. Traditional digital identities are centrally managed and controlled. With the improvement of people’s privacy protection awareness, these digital identities no longer meet the requirements. This paper first expounds the development status and trends of digital identity at home and abroad, analyzes the application requirements of digital identity, and illustrates the possibility of the development of our national digital identity construction to a decentralized model. Secondly, the technical and security aspects of decentralized identity are thoroughly examined based on the investigation and research of digital identity application scenarios in some nations. Among them, technical aspect focuses on the infrastructure and technical models for realizing decentralized digital identity, including Decentralized Identifiers (DIDs), Verifiable Credential (VC), and digital identity wallets, etc. and security aspect focuses on the verification, authentication, and federation process of digital identities in each case. Finally, this paper concludes by outlining the challenges facing the current digital identity construction in China, and offering suggestions for building a decentralized digital identity according with Chinese situation.
    Performance Optimization Method of Python Toolkit for Domestic  Cryptographic Algorithm
    2023, 9(10):  1001. 
    Asbtract ( )   PDF (2342KB) ( )  
    References | Related Articles | Metrics
    The known Python libraries of domestic cryptographic algorithms are not working efficiently. By comprehensively using performance optimization methods such as precompilation, calling mature cryptographic algorithm library, precomputation, parallel execution, constructing doublebyte Sbox, reducing function calls, avoiding intermediate type conversion and optimizing code details, a highefficiency Python toolkit containing four domestic cryptographic algorithms SM2, SM3, SM4 and ZUC is developed. All algorithms in this toolkit contain the accelerated versions suitable for efficient machine operation and the nonaccelerated versions suitable for teaching. And the gap of open source Python code of SM2 key exchange protocol is filled. The comparative test shows that, comparing with the best performance in the existing open source domestic cryptographic algorithm Python libraries, the performance of SM2 in this toolkit is about 10 times, the performances of SM3, SM4 and ZUC can reach more than 100 times, which are equivalent to the performances of the mature international cryptographic algorithm Python library.
    Research on Ontologybased Information Security Test Case Library Model
    2023, 9(10):  1008. 
    Asbtract ( )   PDF (1771KB) ( )  
    References | Related Articles | Metrics
    In information security testing activities, information security test cases play a crucial role in the objectivity and validity of test results. The construction of the information security test case library is one of the key and difficult points in information security testing and test automation. At present, there is no applicable information security test case library that can effectively support the development of information security testing activities. The information security test case library model based on ontology classifies the domain knowledge of information security test cases on the basis of the formal description of information security test cases, and constructs a shared, reusable and extensible information security test case ontology model. According to the built ontology model, the knowledge of SQL injection test cases in Web application security testing is obtained, which verifies the correctness and effectiveness of the model.
    SIFA Attack Against SM4 with DFA Protection
    2023, 9(10):  1015. 
    Asbtract ( )   PDF (2949KB) ( )  
    References | Related Articles | Metrics
    As a national standard block cipher algorithm issued by State Cryptography Administration (SCA), SM4 is widely used in domestic security products, such as financial IC card, blockchain, encryption card, router, electronic wallet, electronic ID card and other applications. Its security has always been concerned by various industries, with the continuous innovation of attack methods, carious SM4 implementation schemes with countermeasure have also been proposed. We proposed a statistical ineffectual fault analysis (SIFA) attack on SM4 with differential fault analysis (DFA) countermeasure firstly inspired by the idea of SIFA proposed by Christoph et al. in 2018, and this attack can recover the key of SM4 with the computational complexity of 234. Then, we had successfully recovered the key on the STM32F103C8T6 microcontroller with voltage glitch fault injection. Finally, we further improved this attack by chosen plaintext, and reduced the computational complexity to 212.
    A Noisy Label Detection Method for Encrypting Malicious Traffic
    2023, 9(10):  1023. 
    Asbtract ( )   PDF (999KB) ( )  
    References | Related Articles | Metrics
    Processing noisy datasets remains a challenge for training and evaluating data driven encrypted malicious traffic detection models. A noise label detection method based on KRPDDT was proposed, which used differential training to train two identical models simultaneously, extracted the training losses of samples in the two models, and detected noise samples based on the differences in training behavior between clean samples and noise samples. At the same time, in order to amplify the difference in loss between samples, a relative noise weight estimation method based on KLIEPRPD was proposed to estimate the relative probability density of each sample and used it as the weight of the sample loss behavior. This method effectively recovered the performance of the malicious DoH traffic detection model after cleaning the CICDoHBrw2020 dataset. Experiments verified that this method had good stability and outperformed other noise detection methods.
    On the “Protection of Personal Information During Generation”
    2023, 9(10):  1028. 
    Asbtract ( )   PDF (1035KB) ( )  
    References | Related Articles | Metrics
    The release of “Data 20” indicates that China is about to usher in a wide range of data circulation and utilization practices, and personal data, as the most valuable data, will become the object pursued by various subjects under the drive of interests, resulting in the issue of personal information protection. The existing Personal Information Protection Law of the People’s Republic of China does not cover the “generation phase” of personal information, which can be filled by means of legal fiction, so as to realize the information subject's control over the generation of personal information, avoid various risks caused by excessive generation of personal information, achieve the goal of complete protection, and help the development of digital economy.