Table of Content

24 January 2025, Volume 11 Issue 1

Previous Issue   

Research on the Development Trend of Cybersecurity Technology

2025, 11(1):  2. 

Asbtract ( )   PDF (563KB) ( )  

Related Articles | Metrics

The Methods to Improve the Computational Performance of  Domestic Cryptographic Algorithm SM9

2025, 11(1):  5. 

Asbtract ( )   PDF (1054KB) ( )  

References | Related Articles | Metrics

Aiming to improve the computational performance of the domestic cryptographic algorithm SM9, this paper proposes a twodimensional Comb fixedbase modular exponentiation algorithm, extends the application of precomputed scalar multiplication, and optimizes the commonly used ID. Theoretical analysis and experimental tests show that these proposed methods can effectively improve the computational performance of components such as fixedbase modular exponentiation and the three common steps of the SM9 algorithm by precomputing and increasing acceptable storage overhead. After applying the above improvement methods comprehensively, the performance of SM9 digital signature generation and verification, key exchange, key encapsulation, and encryption algorithms is improved by 14% to 116%.

A LTE NAS Protocol Fuzzing Method Based on Weighted State Selection

2025, 11(1):  12. 

Asbtract ( )   PDF (1581KB) ( )  

References | Related Articles | Metrics

NAS protocol is the main control plane protocol between mobile devices and LTE core network, and its security is of great significance to ensure the robustness and safety of the whole 4G network. Fuzz testing is a widely used vulnerability mining technique, and existing fuzz testing methods for NAS Protocol have problems such as low testing efficiency and difficulty test case formulation. In order to solve these problems, this paper e proposes a weight based test state selection algorithm, which is based on NAS protocol state machine and can dynamically adjust the weight of test states based on feedback; Additionally, this paper devises a test case generation strategy rooted in the information element and develops the fuzzing tool named NASFuzzer, which is tested on open source core networks open5GS and real terminal devices. The test result shows that the method in this paper can effectively find the vulnerabilities in the LTE NAS protocol implementation.

Research of Invisible Backdoor Attack Based on Interpretability

2025, 11(1):  21. 

Asbtract ( )   PDF (1740KB) ( )  

References | Related Articles | Metrics

Deep learning has achieved remarkable success on a variety of critical tasks. However, recent work has shown that deep neural networks are vulnerable to backdoor attacks, where attackers release inverse models that behave normally on benign samples, but misclassify samples imposed by any trigger to the target label. Unlike adversarial samples, backdoor attacks are mainly implemented in the model training phase, perturbing samples with triggers and injecting backdoors into the model. This paper proposes an invisible backdoor attack based on interpretability algorithms. Different from the existing works that arbitrarily set the trigger mask, this paper carefully designs a trigger mask determination based on interpretability, and uses the latest random pixel perturbation as the trigger style design, so that the sample pairs imposed by the trigger are more natural and undetectable to avoid the detection of the human eye, and the defense strategy against the backdoor attack. In this paper, we conduct a large number of comparative experiments on CIFAR10, CIFAR100 and ImageNet datasets to demonstrate the effectiveness and superiority of our attack. The SSIM index is also used to evaluate the difference between the backdoor samples designed in this paper and the benign samples, and an evaluation index close to 0.99 is obtained, which proves that the backdoor samples generated in this paper are not identifiable under visual inspection. Finally, this paper also proves that the proposed attack is defensible against the existing backdoor defense methods.

Malware Identification Technology Based on Bitmap Representation  and UAtt Classification Network

2025, 11(1):  28. 

Asbtract ( )   PDF (1347KB) ( )  

References | Related Articles | Metrics

In the field of computer security, malware identification has always been a challenging task. The current malware detection technology based on deep learning has many problems such as insufficient generalization ability and high performance loss. To surmount these obstacles, this paper introduces an innovative technique predicated upon bitmap representation coupled with a UAtt classification network for the discernment of malicious software. This technique augments the residual UNet architecture with an integrated attention mechanism, culminating in the UAtt classification network that exhibits adaptive focusing on salient regions of malicious samples, thereby ameliorating classification efficacy. Comprehensive validation through the utilization of various public datasets ensued, accompanied by a comparative analysis against alternative methodologies. The empirical findings substantiate the network’s superior performance within the context of malware identification tasks.

Container Anomaly Detection Based on Attention Mechanism and  Multiscale Convolutional Neural Network

2025, 11(1):  35. 

Asbtract ( )   PDF (1437KB) ( )  

References | Related Articles | Metrics

Containers are widely used in cloud computing due to their lightweight, flexibility, and ease of deployment, making them an indispensable technology. However, they also face security concerns due to their shared kernel and weaker resource isolation compared to virtual machines. Based on attention mechanism and convolutional neural network, this paper proposes a method of process anomaly detection in container based on system call sequence, which uses the data generated by container process operation to analyze and judge the abnormal behavior of process. The experimental results on public datasets and simulated attack scenarios show that this method can detect anomalies in the behavior of processes within containers, and is higher in accuracy and precision than comparison methods such as random forest and LSTM.

A Binary Modularization Approach Based on Graph Community  Detection Method

2025, 11(1):  43. 

Asbtract ( )   PDF (950KB) ( )  

References | Related Articles | Metrics

With the continuous development of information technology, the scale of software is also constantly increasing. Complex largescale software is built by combining components that perform independent functions. However, once the source code is compiled into binary files, this modular information is lost,and the goal of binary modularization tasks is to reconstruct this information. Binary modularization has many downstream applications such as detecting binary code reuse, binary similarity detection, and binary software composition analysis. We introduce a new graph community detection algorithm and designs a binary modularization method based on this algorithm. The method’s effectiveness is verified through modularization of 7839 binary files from the Linux system. Experiments show that the method’s Normalized Turbo MQ indicator is 0.557, which is a 58.6% improvement over existing stateoftheart methods, and the running time is much less than existing methods. Additionally, we also put forward a librarylevel binary modularization method. Existing binary modularization methods can only decompose binaries into several modules, whereas the proposed librarylevel binary modularization method allows for the decomposition of binaries into several libraries. We also demonstrate the application of this method in malware classification.

Interaction Perception Attention Network Between Layers for #br# Fewshot Malicious Domain Name Detection#br#

2025, 11(1):  50. 

Asbtract ( )   PDF (3031KB) ( )  

References | Related Articles | Metrics

Quickly locating and accurately detecting malicious access requests in the domain name system has significant research value for ensuring network information security and economic security. A fewshot malicious domain name detection method based on an interlayer interaction perception attention network is proposed. First, a dualbranch network support branch and query branch are established using a metalearning training strategy. In the support branch, convolutional neural networks Vgg16 and GRU (gated recurrent unit) are used to extract the encoding features of domain names in temporal and spatial dimensions, respectively. Then, to promote information interaction between features of different dimensions, crossattention with temporal features is established at each layer in the spatial dimension. Finally, by calculating the similarity metric between query encoding features and interaction features, the legitimacy of the domain name to be tested can be quickly determined. Through testing on opensource malicious domain name datasets and fewshot family malicious domain name datasets, the results show that the proposed method can achieve 0.9895 detection precision in the binary classification task of normal domain names and malicious domain names, and 0.9682 average detection precision on 20 fewshot family malicious domain name datasets, which is superior to current classical malicious domain name detection methods.

Identitybased Content Extraction Signature Scheme on Idea Lattices

2025, 11(1):  57. 

Asbtract ( )   PDF (1491KB) ( )  

References | Related Articles | Metrics

Extraction signatures allow the signature holder to remove sensitive data blocks from the signed data without interacting with the original signer, and to compute a public and verifiable signature for the sanitized data. Most existing extraction signature schemes are built on traditional numbertheoretic hard assumptions. However, Given the potential threat posed by quantum computers, constructing extraction signature schemes that are resistant to quantum computing attacks. Therefore, this paper proposes an identitybased extraction signature scheme on ideal lattices based on the RingSIS (ring short integer solution) problem, proving its unforgeability and privacy under adaptive chosen identity and message attacks. Both theoretical and efficiency analyses show that compared to similar schemes, the proposed scheme in this paper simultaneously possesses multiple functionalities such as identity authentication, privacy, and quantum resistance, with shorter public key sizes, enhanced security, and reduced algorithmic time consumption.

Encrypted Traffic Detection Technology for Multisession Coordinated #br# Attack Based on Deep Learning#br#

2025, 11(1):  66. 

Asbtract ( )   PDF (1497KB) ( )  

References | Related Articles | Metrics

Malicious encrypted traffic detection is currently an important research topic in the field of network security. Attacker used multisession encrypted traffic to achieve multistage coordinated attacks, which is becoming a trend. This paper analyzes the existing problems of current mainstream malicious encrypted traffic detection methods, and proposes an malicious encrypted traffic detection method for multisession coordinated attack scenarios. Based on the advantages of deep learning methods in the field of image recognition, this method extracts multisession features and converts them into images, converting encrypted traffic identification problems into image recognition problems, thereby indirectly realizes malicious encrypted traffic detection. The preliminary test results on the experimental data have verified the effectiveness of the method.

A Secure and Efficient Sharing Method for Electronic Medical Records #br# Based on Blockchain#br#

2025, 11(1):  74. 

Asbtract ( )   PDF (1096KB) ( )  

References | Related Articles | Metrics

In response to the challenges faced by medical institutions in sharing electronic medical records, such as privacy leakage risks and inefficient retrieval issues, this paper proposes an efficient encrypted retrieval and sharing scheme for electronic medical records based on blockchain technology. We propose a blockchainbased scheme for efficient encryption, retrieval, and sharing of EMRs. Firstly, the scheme stores encrypted EMRs on cloud servers and implements the retrieval process on a consortium blockchain, effectively achieving separation of storage and retrieval. It incorporates a confusion trapdoor set, significantly reducing the risk of keyword guessing attacks. Secondly, considering the unique nature of medical data, we introduce an optimized inverted index structure that effectively resolves efficiency concerns when handling a large volume of EMRs. Lastly, based on this index structure, we develop a ciphertext retrieval algorithm that efficiently retrieves ciphertexts by combining searchable encryption’s trapdoor technique with keyword ciphertexts in the inverted index. Experimental results demonstrate that our proposed solution successfully addresses the challenges in the healthcare industry’s EMR sharing, enhancing system operational efficiency while ensuring privacy protection. 

An Alliance Chain Traceability System for USB Key Based on #br# Proxy Reencryption and Zeroknowledge Proof#br#

2025, 11(1):  81. 

Asbtract ( )   PDF (2087KB) ( )  

References | Related Articles | Metrics

At present, blockchainbased information traceability solutions are widely applied in the Internet of things (IoT) space. However, during the storage and query processes in blockchainbased traceability solutions, there is a risk of data and user privacy leakage.  To address these issues, this paper proposes a trusted traceability solution for USB Keys based on consortium blockchain, integrating proxy reencryption and zeroknowledge proof technologies. Firstly, the Interplanetary File System (IPFS) and proxy reencryption technologies are introduced during the onchain storage process on the blockchain to establish a secure and efficient information storage mechanism for the participating parties. Additionally, during data query, a zkSNARK zeroknowledge proof mechanism is employed for user identity authentication and rights confirmation, ensuring the privacy of user identities in the traceability data query process. Finally, based on the proposed trusted traceability solution, a USB Key information traceability prototype system is implemented using the Hyperledger Fabric distributed ledger technology. Experiments demonstrate the feasibility of this system , effectively protecting user privacy under the premise of permission allocation and ensuring the confidentiality and authenticity of traceability information in the USB Key system.

EU Data Protection Certification System and China’s Mirror

2025, 11(1):  91. 

Asbtract ( )   PDF (2512KB) ( )  

References | Related Articles | Metrics

Achieving secure, orderly, and free crossborder data transfer is a significant policy issue for countries worldwide. Article 38 of the “Personal Information Protection Law of the People’s Republic of China” explicitly stipulates a certification system for crossborder transfer of personal information. However, this system is still in its nascent stage and faces fundamental and implementation challenges, such as determining the objects of certification. The European Union, as the progenitor of data protection certification systems, offers a reference for the perfection of China’s certification system through its institutional framework and distinctive features. This paper takes the EU’s data protection certification system and China’s personal information crossborder transfer certification system as its research subjects, compares with the differences in their institutional designs, and proposes five improvement suggestions, including clarifying the objects of certification, to address the systemic challenges in the construction of China’s certification system. These suggestions aim to provide valuable support for the improvement and innovation of the personal information crossborder transfer certification system.