Table of Content

25 December 2024, Volume 10 Issue 12

Previous Issue   

Multifamily Malicious Domain Intrusion Detection Based on #br# Collaborative Attention#br#

2024, 10(12):  115. 

Asbtract ( )   PDF (1317KB) ( )  

References | Related Articles | Metrics

The timely and accurate detection of illegal domain names can effectively prevent the information loss caused by server crashes or unauthorized intrusions. A multifamily malicious domain name intrusion detection method based on collaborative attention is proposed. Firstly, the deep autoencoder network is used to encode and compress layer by layer, extracting the domain name encoding features at the intermediate layer. Secondly, the longdistance and shortdistance encoding features of the domain name string are extracted from the temporal and spatial dimensions, and the selfattention mechanism is constructed on the temporal and spatial encoding feature maps to enhance the expressiveness of the encoding features in local space. Thirdly, the crossattention mechanism is used to establish information interaction between the temporal and spatial encoding features, enhancing the expressiveness of different dimension encoding features in the global space. Finally, the softmax function is used to predict the probability of the domain name to be tested, and quickly determine the legitimacy of the domain name according to the probability value. The results of testing on multiple families of malicious domain name datasets show that the proposed method can achieve a detection accuracy of 0.9876 in the binary classification task of normal and malicious domain names, and an average recognition accuracy of 0.9568 on 16 family datasets. Compared with other classic methods of the same kind, the proposed method achieves the best detection results on multiple evaluation metrics.

Traffic Anomaly Detection Method by Secondorder Feature 

2024, 10(12):  1082. 

Asbtract ( )   PDF (2415KB) ( )  

References | Related Articles | Metrics

A method is proposed to address the challenge of low detection rates for minority class attack traffic in deep learning models when dealing with imbalanced massive highdimensional network traffic data. Firstly, the isolation forest (iForest) is employed to remove outliers from normal class samples, used for training an enhanced Convolutional Denoising Autoencoder (CDAE) to mitigate the impact of noise and outliers on model training, resulting in a lowdimensional enhanced representation of the original features. Secondly, leveraging ADASYN on the outlierfree dataset to synthetically generate minority class attack samples, thereby resolving the data imbalance issue. Subsequently, using iForest to clean the newly generated samples from outliers, a new dataset is obtained. Employing the pretrained CDAE on this dataset achieves a firstround feature extraction, and the extracted features serve as input for a selfdistilled ResNet model to perform secondorder feature extraction. Finally, precise identification of anomalous traffic is accomplished by combining the trained CDAE and ResNet models. The method achieves the highest fiveclass accuracy and F1 score of 91.52% and 92.05%, respectively, on the NSLKDD dataset. Experimental results demonstrate that, compared to existing methods, this approach effectively enhances the detection rates for minority class attack traffic.

An Adaptive Network Attack Analysis Method Based on Federated Learning

2024, 10(12):  1091. 

Asbtract ( )   PDF (3389KB) ( )  

References | Related Articles | Metrics

To analyze network attack behavior issues efficiently and securely, an adaptive network attack analysis method based on federated learning (NAAFL) is proposed. This approach can fully leverage data for network attack analysis while ensuring privacy protection.. Firstly, a costeffective defense mechanism based on DQN (dynamic participant selection mechanism) is proposed to act in the process of federated learning model parameter sharing and model aggregation. It dynamically selects the best participants for each round of model updates, reducing the impact of poorly performing local models on the global model during training. It also reduces communication overhead time and improving the efficiency of federated learning. Secondly, an adaptive feature learning network intrusion detection model is designed, which is able to intelligently learn and analyze according to changing attack features to cope with complex network environments. It effectively reduces the time and space overhead of feature selection. Finally, comparative experiment is performed on a public data set (NSL KDD). The NAAFL method detects attacks with an accuracy of 98.9%. Dynamically selecting participants increases server accuracy by 4.48%. The experimental results show that the method has excellent robustness and efficiency.

An Effective Website Fingerprinting Defense Utilizing Padding #br# Based on the Number of Incoming Cells#br#

2024, 10(12):  1100. 

Asbtract ( )   PDF (986KB) ( )  

References | Related Articles | Metrics

Tor is an anonymity system that protects users’ online privacy. However, website fingerprinting (WF) attacks can deanonymize users’ privacy and thus destroy their anonymity protected by Tor. In response, the Tor community has deployed a WF defense framework, called Circuit Padding Framework (CPF) in the Tor network. However, the defense techniques of the CPF framework cannot effectively prevent the most advanced website fingerprinting attack algorithm, TikTok. In this paper, we propose a novel WF defense called BreakPad. Based on BreakPad, we implemented two padding machines called August and October. August is a oneway padding machine, and October is a twoway padding machine. Our results show that, compared to the best padding machine RBB, August, with 18% less bandwidth overhead, further reduces TikTok’s TPR by 2.4%, and October, with 11% less bandwidth overhead, further reduces TikTok’s TPR by 11.3%. The results show that BreakPad is effective against TikTok and outperforms CPF.

Traffic Anomaly Detection Based on Improved Pigeon Inspired Optimizer and #br# Pyramid Convolution#br#

2024, 10(12):  1107. 

Asbtract ( )   PDF (1717KB) ( )  

References | Related Articles | Metrics

The Improved Pigeon Inspired Optimizer (IPIO) and Pyramid Convolution Neural Network (PyConv) are the foundation of a traffic anomaly detection approach that aims to address the issues of a high number of redundant features in network traffic and the low detection accuracy of machine learning methods. Firstly, a feature selection method based on IPIO is designed to reduce feature redundancy. The pigeon group is initialized to increase population quality and quicken convergence by estimating the feature set’s information gain rate. The present ideal solution is modified at random using a twostage mutation process, which also looks for solutions close to it to prevent local optimum formation. Second, deep feature extraction is implemented using PyConv. PyConv is made to use multiscale convolution kernels to extract features of various sizes and fuse them to create new features. Finally, the classification is realized by Softmax classifier to improve the accuracy of traffic anomaly detection. Experimental results on the UNSWNB15 dataset show that the proposed method significantly reduces redundant features while improving accuracy.

Research and Analysis of Named Entity Recognition Technology in #br# Threat Intelligence#br# #br#

2024, 10(12):  1122. 

Asbtract ( )   PDF (990KB) ( )  

References | Related Articles | Metrics

In the face of increasingly complex network security attacks, it is very important to quickly obtain the latest network threat intelligence for realtime identification, blocking and tracking of network attacks. The key to solve this problem is how to obtain network threat intelligence data effectively, and named entity recognition technology is one of the hot technologies to solving this problem. This paper systematically analyzes several named entity recognition methods based on deep learning, and then designs a named entity recognition model suitable for threat intelligence field, and carries out experimental verification and analysis. Finally, the challenges faced by named entity recognition methods and their development prospects in the field of network security are analyzed and prospected.

A Securityenhanced Circular Text CAPTCHA

2024, 10(12):  1128. 

Asbtract ( )   PDF (2428KB) ( )  

References | Related Articles | Metrics

To counteract malicious activities and automated programs attempting to infiltrate and attack websites or systems, a secure circular textbased CAPTCHA is designed based on a multisecret visual cryptography. In this approach, multiple circular secret images are randomly generated by the serverside and encrypted into two circular share images, one of the share images is saved while the other is distributed to the user. When the server receives a login request from the user, the shared image submitted by the user and the circular share image saved on the server are rotated and overlapped to recover the secret image. Random characters are then dynamically selected from each secret image to generate a circular CAPTCHA, enhancing the authentication function for legitimate users and providing more effective resistance to phishing attacks. Following CAPTCHA image quality assessment and recognition situation consideration, the circular textbased CAPTCHA ensures usability while significantly enhancing security, offering strong support for website and system protection.

Traffic Feature Obfuscation Method Based on Adversarial Samples

2024, 10(12):  1137. 

Asbtract ( )   PDF (2316KB) ( )  

References | Related Articles | Metrics

The continuous development of deep learning poses new challenges for smart home traffic privacy protection. Traditional traffic privacy protection techniques cannot effectively defend against deep learningbased traffic analysis attacks in blackbox scenarios. To address this, this paper investigates a traffic feature obfuscation method based on adversarial samples. It transforms traffic data into image data, leverages transfer learning to build a device recognition model as the target adversarial model, and uses a generator network to construct adversarial samples based on traffic features. Simultaneously, the network is trained to learn the mapping relationship between regular traffic and adversarial samples while restricting the position and size of perturbations in the adversarial samples. This approach utilizes the model’s transferability to achieve device traffic privacy protection in blackbox scenarios. Experimental results demonstrate that the traffic feature obfuscation method based on adversarial samples can effectively resist attacks from unknown recognition models, thereby safeguarding user privacy.

Voice Interface Permission Control Based on Command Compliance Analysis

2024, 10(12):  1144. 

Asbtract ( )   PDF (2313KB) ( )  

References | Related Articles | Metrics

Voice interfaces have been widely deployed in IoT scenarios such as smart homes and smart manufacturing due to their characteristics of allowing remote interaction. However, instruction spoofing attacks pose a huge threat to voice interfaces, and with the development of artificial intelligence technology, their attack performance has gradually improved. This paper reviews the attack methods against voice interfaces and points out that existing access control methods mainly focus on user authentication, lacking consideration for the analysis of voice command content. This paper proposes VoDet, a security mechanism combining identity authentication and content compliance analysis. VoDet enhances liveness detection and identity recognition with microphone arraybased voice signal collection. It also conducts semantic analysis of audio signals and implements permission control based on time and location. Testing on a dataset of over 6409 voice commands shows VoDet significantly improves permission control accuracy from 35.73% to 93.52%, offering better compliance detection.

A Trust Framework for Large Language Model Application

2024, 10(12):  1153. 

Asbtract ( )   PDF (1420KB) ( )  

References | Related Articles | Metrics

The emergence of large language model has greatly propelled the rapid application of artificial intelligence across various domains. In practice, however, there are a series of security and trust challenges in the applications of large language models caused by “model hallucinations”. These challenges make it difficult for practical applications to trust and adopt the results returned by the large language models, especially in securityrelated application domains. In many professional fields, we find that there lacks a unified technical framework to ensure the trustworthiness of results returned by large language models, which seriously hinders the application of largescale model technology in professional fields. To address this issue, a largescale model trusted application framework DKCF, integrating sufficient data (D), expertise knowledge (K), intellectual collaboration (C), and efficient feedback (F), is proposed. This framework is developed based on our practical applications in professional fields such as finance, healthcare, and security. We believe that DKCF can shed light on secure and reliable applications of large language models, and facilitate the intellectual revolution across various professional domains.

Consortium Blockchain Identity Privacy Protection Scheme Based on  Hierarchical Group Signature#br#

2024, 10(12):  1160. 

Asbtract ( )   PDF (1010KB) ( )  

References | Related Articles | Metrics

Addressing the issues of identity privacy leakage and malicious node threats in consortium blockchains, this paper proposes an identity privacy protection scheme that integrates hierarchical group signatures with secret sharing algorithms. This scheme, based on elliptic curve cryptography and distributed secret sharing technology, achieves multiparty participation in key pair generation and multilayered signature processes, aiming to enhance the confidentiality of member identities. Specifically, the scheme strengthens the security of the master group private key through distributed secret sharing technology, ensuring that its recovery depends on the collaboration of multiple subgroup members, effectively reducing the risk of privacy leakage caused by single points of failure or malicious node activities. Theoretical analysis and experimental validation demonstrate that the proposed scheme offers significant advantages in terms of anonymity and efficiency, effectively preventing signature forgery and privacy leakage.

Twoway Authentication Scheme for Railway Time Synchronization Protocol

2024, 10(12):  1165. 

Asbtract ( )   PDF (1140KB) ( )  

References | Related Articles | Metrics

Aiming at the problems of missing authentication of the client of railroad time synchronization protocol and plaintext transmission of key messages, a more secure bidirectional authentication scheme is proposed for authentication and key establishment between time nodes. The scheme adopts asymmetric encryption mechanism and ECDH (elliptic curve DiffieHellman) algorithm to securely negotiate the shared key, applying the host’s current time as the sequence number to resist replay attacks, and completing the bidirectional authentication by the identity checking code generated from the shared key and the sequence number. The shared key and the identity check code generated from the sequence number complete the bidirectional authentication. Subsequently, the shared key is used to encrypt and protect the key messages, which solves the problem of plaintext transmission of key messages. This scheme not only solves the problem of missing client authentication, but also provides forward and backward security. Finally, BAN logic is used for formal verification, and the results show that the method in this paper is better than other methods in terms of security and authentication overhead, and can meet the requirements of security and realtime of twoway authentication of railroad time synchronization protocol.

Stream Cipher Cryptosystem Recognition Scheme Based on Hamming Weight

2024, 10(12):  1172. 

Asbtract ( )   PDF (1655KB) ( )  

References | Related Articles | Metrics

Based on the known ciphertext, cryptosystem identification is a process of identifying cryptographic algorithms by analyzing the potential feature information in ciphertext data. This paper presents a recognition scheme of sequential cryptosystem based on Hamming weight. This scheme generates labeled ciphertext feature vectors by calculating the Hamming weight of ciphertext blocks of different lengths. LDA dimensionality reduction technique is used to reduce the dimensionality of feature vectors, so as to optimize the extraction and utilization efficiency of data information. Finally, fully connected neural network is used to identify the feature vector after dimensionality reduction. The experimental results show that the proposed scheme can effectively perform two classification recognition experiments and eight classification recognition experiments on 8 stream cipher algorithms such as ZUC, Salsa20 and Decimv2, and achieve good recognition results. The average recognition rate of twoclass and eightclass recognition experiments is 99.29% and 79.12% respectively. Compared with the existing research, the accuracy of this scheme is improved by 16.29% compared with the existing literature with a small amount of ciphertext data.