Loading...
Toggle navigation
Home
About
About Journal
Editorial Board
Author Center
Current Issue
Just Accepted
Archive
Most Read Articles
Most Download Articles
Most Cited Articles
E-mail Alert
RSS
Reader Center
Online Submission
Manuscript Tracking
Instruction
Download
Review Center
Peer Review
Office Work
Editor-in-Chief
Subscription
Contact Us
中文
Table of Content
12 March 2026, Volume 12 Issue 3
Previous Issue
A Stateaware Fuzzing Method for Trusted Execution Environment Kernel
2026, 12(3): 198.
Asbtract
(
)
PDF
(2080KB) (
)
References
|
Related Articles
|
Metrics
Trusted execution environment (TEE) is widely used, and its kernel security has become a significant area of focus. Fuzzing, a powerful technique for detecting vulnerabilities in operating system, has increasingly been applied to the security analysis of TEE. However, conventional fuzzing tools cannot be directly used for TEE kernels due to their isolation. Coverageguided fuzzers often discard test cases that trigger new states but cover the same code, which limits their effectiveness in discovering vulnerabilities. To address these challenges, a stateaware fuzzing method tailored for TEE kernels is proposed. Initially, a modeling and tracing approach is developed to represent the program state through statevariable values and retaining the test cases that trigger new states, overcoming the limitations of coverageguided fuzzers. Subsequently, we introduce an innovative communication scheme to tackle issues arising from TEE isolation. New seed retention and selection algorithms are proposed to better guide the fuzzer in exploring vulnerabilities. Finally, the NGram model is employed to enhance test case generation and optimize the framework’s performance. A prototype, named TrustyStatefuzz, has been implemented and evaluated on fuchsia, the selfdeveloped microkernel operating system Nebula, and OPTEE. The evaluation results show that TrustyStatefuzz is effective at detecting both new code and vulnerabilities. TrustyStatefuzz discovers 9 unknown vulnerabilities and 23 known vulnerabilities. Additionally, it achieves 13% higher code coverage and 27% higher state coverage than the stateoftheart fuzzer Syzkaller.
Federated Learning Backdoor Attack Based on Constrained Perturbation and Loss Regulation
2026, 12(3): 210.
Asbtract
(
)
PDF
(3353KB) (
)
References
|
Related Articles
|
Metrics
Federated learning, as a distributed machine learning framework, enables multiparty collaborative training with data isolation and privacy protection, However, its decentralized architecture makes it vulnerable to backdoor attacks. This paper proposes a federated learning backdoor attack method based on the constrained perturbation and loss regulation (CPR). The method realizes backdoor implantation and proliferation through three modules: input perturbation, dynamic weight regulation, and secondary perturbation reinforcement. Input perturbation introduces constraintbased noise to poison the training samples. Dynamic weight regulation dynamically adjusts the task weights by introducing cosine annealing, which realizes the balance between backdoor feature learning and main task performance. Secondary perturbation reinforcement utilizes dynamic loss values to further perturb the poisoned samples and reinforce its backdoor features. The CPR backdoor attack is evaluated on MNIST, FashionMNIST and CIFAR10 datasets, and the experimental results show that the CPR backdoor attack is able to significantly improve the success rate of the attack while maintaining the accuracy of the model’s primary task and exhibits higher stealth and persistence under a variety of data distribution conditions, as compared to pixel, labelflipping and hybrid attacks.
Differentially Private Text Synthesis Based on Gradient Direction Filtering
2026, 12(3): 220.
Asbtract
(
)
PDF
(1264KB) (
)
References
|
Related Articles
|
Metrics
Deep learning models enhance performance by memorizing training data, but this also poses a risk of training data leakage. Differential privacy, as a mainstream privacy protection method, effectively mitigates this risk. However, existing differentially private data synthesis approaches suffer from slow model convergence and low data usability. To address these issues, we propose the TVDPSGDLM_D framework. This approach introduces TVDPSGD, a thresholdvalidated differentially private optimization algorithm that incorporates a validation mechanism to filter gradient directions during differentially private model training. By discarding ineffective updates, this approach accelerates model convergence. TVDPSGDLM embeds TVDPSGD into a language generation model to synthesize labeled text datasets that maintain statistical similarity to the original data. Additionally, a pretrained classifier is used to filter the generated text, removing samples where the classification results do not match the assigned labels, thereby improving the quality of the synthetic dataset. Experimental results on public datasets demonstrate that the proposed method preserves data privacy while achieving a classification accuracy of 89.4% on the processed synthetic dataset.
Research on Neural Networkbased Protocol Identification for Secure Multiparty Computation
2026, 12(3): 228.
Asbtract
(
)
PDF
(1921KB) (
)
References
|
Related Articles
|
Metrics
Secure multiparty computation (SMPC) enables joint computation while keeping private data undisclosed, positioning it as a core technology in privacypreserving computing. However, its high computational complexity and substantial overhead render practical deployment reliant on cloud providers for computational resources. To meet the requirement of realtime protocol monitoring in privacypreserving computing scenarios on cloud platforms, this paper proposes a neural networkbased protocol identification scheme for SMPC. By collecting performance data from computation nodes, including CPU usage and network bandwidth usage, a 3D convolutional neural network (CNN) model integrating spatiotemporal feature extraction capabilities is constructed. This model, along with a dynamic threshold mechanism, enables highaccuracy classification of known protocols and anomaly detection of unknown protocols. Experimental results show that the model attains an accuracy of 98% on the validation dataset and a detection rate exceeding 98% for unknown protocols, thereby significantly improving the operational security and reliability of SMPC systems.
Anomaly Encrypted Traffic Detection Method Based on Graph Attention Network
2026, 12(3): 237.
Asbtract
(
)
PDF
(3111KB) (
)
References
|
Related Articles
|
Metrics
In response to the limitations of poor feature extraction, insufficient consideration of topological features, class imbalance, and lack of interpretability in existing anomaly encrypted traffic detection methods, this paper proposes an encrypted traffic detection model EGARNet that integrates a graph attention network (GAT) with edge feature embedding and residual networks. First, traffic data is preprocessed, and the network’s fivetuple information is used to construct graph nodes, with the remaining flow features treated as edge features, transforming encrypted traffic data into graph data. To adapt to the GAT algorithm, a new network traffic graph is constructed where new nodes correspond to edges in the original graph, and shared vertices in the original graph correspond to edges between two nodes, transforming the traffic detection problem into a node classification problem. Next, the attention coefficient for each node is calculated through the GAT algorithm to aggregate and update features. Finally, residual connections of the original nodes are added to the algorithm to improve the performance for minority classes. Experimental results on the CICDarkNet dataset demonstrate that the method effectively addresses the class imbalance issue in anomaly detection of encrypted traffic, with significant improvements in detection metrics for both binary and multiclass scenarios.
Log Anomaly Detection Based on Graph Attention Networks and Collaborative Learning
2026, 12(3): 246.
Asbtract
(
)
PDF
(2138KB) (
)
References
|
Related Articles
|
Metrics
Log anomaly detection plays a crucial role in the field of cybersecurity, yet existing methods still face significant challenges. Supervised learning approaches depend on large amounts of labeled data, making the annotation process timeconsuming and costly. Although unsupervised learning methods do not require labeled data, they struggle to effectively extract key features in complex log environments, which negatively impacts detection performance. To address these issues, this paper proposes a novel knowledge distillation approachcollaborative learningand introduces a log anomaly detection model based on this approach, CoLogGNN. The model first converts log data into a directed graph to comprehensively preserve the structural relationships between logs. During the early stages of training, CoLogGNN performs unsupervised learning on normal samples to explore the intrinsic structure of logs. In the mixedsample training phase, the graph attention network and the graph convolution module collaborate with each other and guide one another. When the graph attention network excels at processing certain samples, it transfers key knowledge to the graph convolutional network through collaborative learning, and vice versa. Through this dynamic mutual learning process, both modules improve their accuracy. Compared to existing models, CoLogGNN achieves effective training using only normal samples, significantly reducing the cost of data annotation. Experimental results on five public datasets demonstrate that the proposed model exhibits superior detection performance, improving the F1score by approximately 5% over previous methods.
A Rapid Method for WebShell Attack Success Determination Based on Web Page Structural Similarity
2026, 12(3): 255.
Asbtract
(
)
PDF
(1396KB) (
)
References
|
Related Articles
|
Metrics
WebShell attack, a type of network attack, can control the website completely for a long time after a successful attack, which is extremely harmful. Most of the previous studies have concentrated on detecting and alerting WebShell attack traffic without distinguishing whether the attack is ultimately successful. As a result, in actual network security protection and monitoring work, security personnel are overwhelmed by a large number of WebShell attack alerts and are prone to alert fatigue, making it difficult to filter out successful WebShell attacks which are truly threatening. To address the problem, this paper proposes an anomaly detection method based on Web page structural similarity to quickly determine whether WebShell attacks are successful. Based on the structural information of the response pages of failed WebShell attack traffic, this method uses the HuntSzymanski algorithm to calculate structural similarity and then generate Web page templates. During the detection phase, this method uses the generated Web page templates for pattern matching and similarity assessment to determine whether the WebShell attacks are successful. It can well distinguish between successful and failed WebShell attack traffic, achieving an accuracy rate of 99.02% and a recall rate of 99.37%. This method has been applied to Wukong network security defense system and realizes rapid identification of successful WebShell attacks.
Research on Twostage Network Intrusion Detection Method for Outofdistribution Traffic Data
2026, 12(3): 265.
Asbtract
(
)
PDF
(1616KB) (
)
References
|
Related Articles
|
Metrics
Existing network intrusion detection systems are typically trained under a closedset setting, and are prone to misclassification in practical applications for new attacks that do not appear in the training data. In order to improve the accuracy of unknown attack detection and known attack classification, a twostage intrusion detection method based on the combination of convolutional neural network and bidirectional long and shortterm memory network is proposed on the basis of existing network intrusion detection systems—twostage confidence intrusion detection (TSCID) method. In the first stage, the outofdistribution data detector categorizes input data into indistribution and outofdistribution samples by evaluating their confidence scores; in the second stage, the m+1 classifier performs open intrusion detection on the indistribution data as well as part of the outofdistribution data obtained in the first stage, which can realize the fine classification of the known attacks and the further identification of the unknown attacks. The method is experimentally evaluated on the KDDCUP’99 dataset and the CICIDS2017 dataset. The experimental results show that the AUROC and AUPR of the model on the data have increased and the false positive rate has decreased when compared with other methods for open intrusion detection. The study shows that the twostage network intrusion detection method that introduces an outofdistribution data detector ensures the fine classification of known attacks and effectively improves the identification capability of the intrusion detection system for unknown threats, providing a new idea for building a comprehensive network security defense system.
Research on Highperformance Cryptographic Algorithms in Privacy Computation
2026, 12(3): 274.
Asbtract
(
)
PDF
(1463KB) (
)
References
|
Related Articles
|
Metrics
With the rapid development of the digital economy, efficiently utilizing data while preserving privacy has become a critical challenge in modern technological advancement. Privacy computing, as a critical technical framework to address the contradiction between data availability and invisibility, is gradually transitioning from theory to practical application. Among its core technologies, homomorphic encryption, zeroknowledge proofs, and secure multiparty computation have made significant progress in both theoretical development and engineering implementation, demonstrating broad applicability in highperformance computing environments. This paper presents a comprehensive review of these three categories of highperformance encryption algorithms, focusing on their research progress and analyzing them across three dimensions: computational efficiency, communication overhead, and adaptability to highperformance computing environments. The analysis results indicate that homomorphic encryption is wellsuited for noninteractive data processing tasks with strong autonomy, although it incurs high computational and communication costs; zeroknowledge proofs exhibit high verification efficiency, making them suitable for highconcurrency scenarios, but still face performance bottlenecks in proof generation; secure multiparty computation excels in multiparty collaborative computing and has recently become feasible for deployment through protocol optimization and hardware support. This paper compares the performance and applicability of these algorithms, and explores future research directions, including the dynamic balance between generality and specialization of algorithms, as well as the multidimensional tradeoffs among performance, security, and interpretability, providing guidance for the future design and deployment of highperformance encryption algorithms.
Singapore’s Data Security Governance Model and Its Implications
2026, 12(3): 284.
Asbtract
(
)
PDF
(1712KB) (
)
References
|
Related Articles
|
Metrics
As one of the countries with a relatively high level of digitalization in Asia, studying the successful experience of Singapore’s data security governance model is of great significance for improving China’s data security governance system. By using the methods of literature review and comparative research, this paper sorts out Singapore’s data security governance model from the aspects of institutional system, development process and collaborative mechanism, and finds the following characteristics: Singapore leads data security governance with the national innovation strategy, promotes data security governance with personal data rights, and builds an open crossborder data transmission rule system, forming a “rightspromoting” data security governance model. In light of China’s current circumstances, this paper proposes the optimization path of the data security governance model, including coordinating data security governance with an overall strategy, continuously deepening the personal data rights protection system, strengthening the multiparty collaborative governance system, and building a safe and effective crossborder data flow system.
Author Center
Online Submission
Instruction
Template
Copyright Agreement
Review Center
Peer Review
Editor Work
Editor-in-Chief
Office Work
