Table of Content

20 May 2024, Volume 10 Issue 5

Previous Issue   

Using Artificial Intelligence to Drive Quality and Upgrading of Opensource Big Data Analysis Work

2024, 10(5):  390. 

Asbtract ( )   PDF (1504KB) ( )  

References | Related Articles | Metrics

Key Technologies and Research Prospects in Multi-step Attack Detection

2024, 10(5):  396. 

Asbtract ( )   PDF (1019KB) ( )  

References | Related Articles | Metrics

Multistep attack detection technology leveragesalert log data analysis to uncover attack scenarios, aiding in the early detection of highthreat attack paths. This ultimately reduces security  risks and enhances the safety of networks and information systems. This paper introduces three key technologies of multistep attack detection: alert similaritybased, alert causalitybased, and modelbased approaches. Through comparative analysis, the differences between these techniques are examined. Furthermore, this paper explores the future  directions for multistep attack detection technology, including integration with privacy computation, provenance graph, and causality inference techniques. These integrations promise to offer novel approaches and methodologies for network security in the face of increasingly complex threats.

Adversarial Attack Algorithm Based on Multimodel Scheduling Optimization#br#

#br#

2024, 10(5):  403. 

Asbtract ( )   PDF (2173KB) ( )  

Related Articles | Metrics

Adversarial samples can be generated in two approaches: Single model and model ensemble. Adversarial samples generated through model ensemble often exhibit higher attack success rates. However, there are few related studies on model ensemble, and most of the existing model ensemble methods are based on all models being used simultaneously in the iteration without reasonable consideration of the differences between different models, resulting in a lower attack success rates of adversarial attack. To further enhance the success rate of model ensemble, this paper proposes an adversarial attack algorithm based on multimodel scheduling optimization. Firstly, the model scheduling is performed by calculating the difference of the loss gradient of each model. Then, the optimal model combination is selected in each iteration round to conduct a model ensemble attack, thereby obtaining the optimal gradient. Subsequently, the momentum item of the previous stage is utilized to update the current data point. The optimized gradient is calculated by using the model combination of the current stage on the updated data point. Finally, the optimized gradient combined with the transformed gradient is used to adjust the final gradient direction. Experimental results on the ImageNet dataset demonstrate that the proposed integrated algorithm achieves a higher blackbox attack success rate with less perturbation. Compared with mainstream fullmodel ensemble attack, the average success rates of blackbox attacks on normal training models have increased by 3.4% and 12%, respectively.Additionally, the generated adversarial samples exhibit better visual quality.

Vehicle CAN Intrusion Detection Method Based on MobileViT Lightweight Network

2024, 10(5):  411. 

Asbtract ( )   PDF (2076KB) ( )  

Related Articles | Metrics

The controller area network (CAN) bus in the vehicle is vulnerable to attacks due to the lack of security measures. Therefore, intrusion detection systems (IDS) play an important role in protecting the CAN bus in the vehicle from network attacks. The existing vehicle CAN bus intrusion detection methods based on deep learning have the problems of high resource consumption and high latency. To reduce detection latency and improve detection rate, an improved lightweight MobileViT model is proposed for intrusion detection on the vehicle CAN bus. First, visualize the attack traffic as a color map, and then use GELU to replace the regular ReLU6 in the MV2 module in MobileViT, which serves as the activation function of the MV2 module, effectively solving the problem of neuron death and improving the convergence speed of the MobileViT mode. Use exponential decay to automatically update the learning rate and accelerate the training process through transfer learning to implement color image classification so as to achieve intrusion detection. Experiments based on the CARHAKING DATASET show that the improved MobileViT has a detection accuracy of 100% for intrusion behavior with less computational power consumption, model parameters of only 2.12MB, and an average response time of only 1.6ms, saving training resources and ensuring detection accuracy.

Research on Network Traffic Intrusion Detection Method Based on  Denoising Diffusion Probability Model

2024, 10(5):  421. 

Asbtract ( )   PDF (3375KB) ( )  

References | Related Articles | Metrics

The rapid development of the Internet and Internet of things (IoT) technologies has made it an urgent task to guarantee the security of network systems. However, traditional intrusion detection models have limitations when facing with rare classes of attack traffic in complex network environments. The imbalance in data across different types of network traffic adversely affects the overall classification performance of these models. To address the above issues, this paper proposes an intrusion detection method, DDPM_1DCNN_BiLSTM, based on a denoising diffusion probability model. The proposed method utilizes diffusion probabilistic model to generate rare classes of attack traffic data for sample augmentation. Subsequently, 1DCNN_BiLSTM model integrated withselfattention mechanism are used to extract features and detect traffic. The experiments use the unbalanced intrusion detection dataset NSLKDD to train 1DCNN_BiLSTM with existing common classification models including randomforest, decisiontree, etc. on the original training set and the balanced dataset respectively, and uses the trained model to classify the same test set. The experimental results indicate that various existing classification models trained on the balanced dataset perform better in the test set compared to the models trained on the original unbalanced dataset. Furthermore, the proposed method has higher accuracy and F1 score compared to common intrusion detection methods, proving the effectiveness of the proposed method to improve the detection rate of the rare class of attack traffic and the comprehensive capability of intrusion detection.

Enhanced Malware Sample Generation Scheme Based on Convolution  Attention Mechanism

2024, 10(5):  431. 

Asbtract ( )   PDF (2521KB) ( )  

Related Articles | Metrics

In the context of artificial intelligence, an increasing number of machine learning algorithms are being applied in the field of malicious software detection. However, a significant challenge in practical scenarios is the imbalance in data, where the quantity of malicious software is notably lower than benign software. Addressing this issue, we propose a novel generative adversarial network(GAN) detection escape model, incorporating a convolutional attention mechanism. This model is capable of generating adversarial samples of malicious software that can evade detection by the classifier. Experimental comparisons were conducted to evaluate the performance of this escape model, along with escape models based on deep neural networks and convolutional neural networks, across seven different malicious software classifiers. The results demonstrate that this escape model can achieve higher evasion rates without explicit knowledge of the internal structure of the detection model, offering a new perspective for generating highquality adversarial samples.

Source Code Vulnerability Detection Based on Fewshot Learning#br#

#br#

2024, 10(5):  440. 

Asbtract ( )   PDF (1661KB) ( )  

References | Related Articles | Metrics

Source code vulnerability detection is an important means to discover and localize threats to critical systems. At present, the application of deep learning techniques to source generation vulnerability detection has become a research hotspot. However, due to the lack of source code vulnerability samples, limited data condition resources lead to the poor effect of existing source code vulnerability detection methods in small sample scenarios. In this paper, we propose a source code vulnerability detection method based on fewshot learning, which aims to provide a solution for source code vulnerability detection scenarios with limited sample size. The method in this paper consists of four key components: source code slicing and encoding, metalearning based dataset processing, vulnerability class vector generation based on dynamic routing algorithms, and vulnerability class vector matching based on neural tensor networks. This paper’s method is compared with convolutional neural network, prototype network, and relational network, and the experimental results show that this paper’s method outperforms the others in terms of accuracy, and can effectively cope with the problem of sparse vulnerability samples in source code. In the case of 2way 5shot and 2way 10shot, this paper’s method achieves 93.92% and 95.08% accuracy, respectively.

An Automatic Vulnerability Classification Framework Based on BiGRU TextCNN

2024, 10(5):  446. 

Asbtract ( )   PDF (1187KB) ( )  

References | Related Articles | Metrics

Common Vulnerabilities and Exposures (CVE) serve as a repository for recording known vulnerabilities with standardized descriptions. Utilizing Common Weakness Enumeration (CWE) to classify vulnerabilities, it provides richer background knowledge and more detailed mitigation measures. However, due to the negligence on manual classification and the evolution of vulnerabilities. Additionally, the everincreasing number of vulnerabilities presents a substantial challenge to the efficiency and accuracy of  manual classification. To address these issues, we propose a vulnerability classification framework based on BiGRU TextCNN model, which processes, trains, predicts to automatically classify vulnerabilities into weaknesses based on the description of vulnerability. To validate the performance and feasibility of the proposed framework, we conduct comparison experiments on different text classification models and demonstrate the correctness of the proposed method by predicting vulnerabilities’ classifications utilizing the propsosed framework.

Intrusion Detection Model Incorporating Contrastive Learning and Feature Selection

2024, 10(5):  453. 

Asbtract ( )   PDF (1706KB) ( )  

References | Related Articles | Metrics

Intrusion detection systems play a vital role in actively identifying malicious traffic as a crucial tool for safeguarding network security. To address the issue of redundant features in network traffic and the shortcomings of existing intrusion detection algorithms during the feature selection process, we propose an intrusion detection model CLFS(contrastive learning and feature selection) The model utilizes the Pearson correlation coefficient (PCCs) for analyzing the correlation of preprocessed network traffic and filtering out similar features. Autoencoder (AE) is used for deep feature extraction and in the extraction stage, comparative learning is integrated to reduce the similarity between classes. The extracted new features and filtered features are fused to obtain a feature set with stronger representation ability. To increase classification accuracy, the wrapper feature selection is conducted  using the enhanced pigeon swarm algorithm, and the best feature subset is chosen based on how well the Bayesian classifier performs. The experimental results on NSLKDD and UNSWNB15 datasets demonstrate that the CLFS model effectively improves the classification accuracy and reduces the processing time. The accuracy of binary classification experiments on both datasets is 90.45% and 88.52%, respectively, with the classification processing time approximately halved.Key wordscontrastive learning; Pearson correlation coefficient; pigeon inspired optimizer; feature extraction; feature selection

Analysis of Special Protection Mechanisms in the USEU Crossborder Data Transfer Agreement#br#

2024, 10(5):  462. 

Asbtract ( )   PDF (932KB) ( )  

References | Related Articles | Metrics

In the context of the digital era, crossborder cooperation in data exchange between nations has facilitated the global digital economy. However, along with the benefits of crossborder data cooperation, there arise challenges in balancing data transfer and data security, particularly in relation to illicit access for intelligence purposes. The United States and the European Union, being pioneers in crossborder data cooperation, have implemented special data protection mechanisms in their agreements, which restrict intelligence agencies’ access to data. This paper aims to delve into the design of these special data protection mechanisms under the “Safe Harbor Agreement,” “Privacy Shield Agreement,” and “EUUS Data Privacy Framework,” focusing on the rules related to behavioral restrictions, departmental supervision, and rights remedies, thereby uncovering the fundamental framework of these mechanisms. Given China’s efforts to establish convenient crossborder data transmission mechanisms, this study proposes specific approaches to address such issues.

Indirect Expropriation of Data in International Investment and Improvements of China’s Data Rules

2024, 10(5):  468. 

Asbtract ( )   PDF (853KB) ( )  

References | Related Articles | Metrics

As the world transitions into the era of the digital economy, data has emerged as a crucial factor of production, attaining increasing significance as a pivotal new asset due to its substantial economic value.For multinational enterprises, the utilization and crossborder transportation of data are integral aspects that must be involved in maximizing the value generated by data. In this context, the target of indirect expropriation by the host country is not limited to traditional rights such as physical property and intellectual property rights, but its indirect expropriation behaviour has gradually expanded to the new type of property such as data. The relevant restrictive measures of the host country should avoid constituting indirect expropriation, thereby fostering create a stable investment environment for foreign investors.





Information Security Risk Assessment Based on TOPSIS and GRA

2024, 10(5):  474. 

Asbtract ( )   PDF (938KB) ( )  

References | Related Articles | Metrics

Information security risk assessment is very important in information security assurance. On the basis of information security standards, a risk assessment index can be made by analyzing assetthreatvulnerability factors. A feasible method is to refer to Baseline for Classified Protection of Cybersecurity version 2.0. A risk assessment method is proposed based on TOPSIS and GRA, using entropy weight. By case analysis, the entropy weight method reduces the subjective factor to some degree by setting the weights of the indicators according to the information entropy. The method based on TOPSIS and GRA takes into account both overall and internal factors and integrates multiple risk indicators into a single score, which facilitates the ranking and selection of information security risks.





Unified Management Architecture and Practice of Power Monitoring Network Security Equipment

2024, 10(5):  481. 

Asbtract ( )   PDF (2080KB) ( )  

References | Related Articles | Metrics

With the continuous improvement of  power monitoring system, the deployment  of networks, security devices, and business applications within them has been increasing.  Consequently, the associated network boundary security strategies have become increasingly complex, often spanning multiple suppliers, equipment manufacturers, and physical locations.This complexity leads to challenges for operation and maintenance, and reliance on manual security management methods results in low accuracy, significantly increasing risk of network attacks on the company’s important business and core data assets. Therefore, there is an urgent need to enhance the construction of a network boundary security strategy management system. This article proposes a unified management system for security boundary strategies based on network security device asset analysis, power monitoring system routing topology analysis, and information security device strategy analysis, taking into account the characteristics of network security devices in power monitoring systems. Corresponding software platforms have been developed to calculate network security strategies based on asset detection, routing strategy collection, and protection strategy collection, which have implemented unified policy management of security boundaries. The research and practical deployment have shown that the system effectively improves operational efficiency and system security, demonstrating good relevance, practicality and advancement for the power monitoring system.