Table of Content

    20 August 2023 Volume 50 Issue 4
    Special Issue on Cyberspace Security
    Adaptive secure stream encryption supporting pattern matching
    LI Yiming,LIU Shengli
    Journal of Xidian University. 2023, 50(4):  1-10.  doi:10.19665/j.issn1001-2400.2023.04.001
    Abstract ( 172 )   HTML ( 30 )   PDF (1249KB) ( 144 )   Save
    Figures and Tables | References | Related Articles | Metrics

    The stream encryption supporting pattern matching(SEPM) is a primitive proposed to provide privacy protection while doing pattern matching.On the one hand,one can use the SEPM to perform pattern matching on some ciphertext to find out whether and where a keyword exists in its corresponding plaintext.On the other hand,the security of the SEPM guarantees that no information about the plaintext will be revealed except for the results of pattern matching.Up to now,there have been several constructions of the SEPM,but none of them achieves the adaptive security from non-interactive assumptions(especially post-quantum assumptions),and supports pattern matching with the wildcard simultaneously.In this paper,we propose a new generic construction of the SEPM from a functional encryption(FE),achieving the adaptive security and supporting pattern matching with the wildcard.Further,we instantiate the generic construction of the SEPM by existing learning with error(LWE)-based instantiations of the FE.Finally,an SEPM scheme is obtained which could achieve the adaptive security from a non-interactive and post-quantum assumption (the LWE assumption) and could support pattern matching with the wildcard simultaneously.

    Adaptive score-level fusion for multi-modal biometric authentication
    JIANG Qi,ZHAO Xiaomin,ZHAO Guichuan,WANG Jinhua,LI Xinghua
    Journal of Xidian University. 2023, 50(4):  11-21.  doi:10.19665/j.issn1001-2400.2023.04.002
    Abstract ( 133 )   HTML ( 13 )   PDF (1111KB) ( 68 )   Save
    Figures and Tables | References | Related Articles | Metrics

    In recent years,biometric-based authentication has played a vital role in our daily life.The multi-modal authentication method by fusing multiple biometrics to authenticate users can provide a higher security and authentication accuracy than single-modal authentication.However,most of the existing multi-modal authentication schemes adopt fusion strategies with fixed rules and parameters to achieve authentication,which cannot adapt to different authentication scenarios,thus resulting in a sub-optimal authentication performance.To solve the above problems,this paper proposes an Adaptive Particle Swarm Optimization based multi-modal authentication scheme that adaptively fuses multiple biometrics at the score level.First,the proposed scheme determines the security level required for the current authentication scenario according to the context information,and then adaptively selects rules and parameters of the fusion strategy to provide secure authentication and to ensure the best authentication performance of the system.Second,the collected multi-modal biometric data after preprocessing and feature extraction is fused using the selected optimal fusion strategy to achieve authentication.Finally,experimental analyses on the public dataset demonstrate that the proposed scheme is of feasibility and effectiveness by actual data,and can achieve a smaller global error rate than existing schemes under the same authentication security requirements.

    Industrial control protocol reverse analysis based on active interactive learning
    FU Anmin,MAO An,HUANG Tao,HU Chao,LIU Ying,ZHANG Xiaoming,WANG Zhanfeng
    Journal of Xidian University. 2023, 50(4):  22-33.  doi:10.19665/j.issn1001-2400.2023.04.003
    Abstract ( 138 )   HTML ( 15 )   PDF (1680KB) ( 72 )   Save
    Figures and Tables | References | Related Articles | Metrics

    As an important basis for information exchange in industrial control systems,the standardization and completeness of the design and implementation of industrial control protocols involve the security of the entire industrial control system.For the reverse of unknown industrial control protocols,although the protocol reverse method based on traffic samples has attracted more and more attention because it does not need to analyze the system firmware and other advantages,this type of method also has the disadvantage of relying too much on sample diversity.Especially,insufficient sample diversity can easily lead to problems such as field division errors,state identification errors,and only a subset of protocol specifications can be obtained from analysis.For this reason,this paper proposes an industrial control protocol reverse analysis method based on active interactive learning.On the basis of the reverse results of traffic samples,a data packet set is constructed according to the initial reverse results,and interactive learning is carried out with real devices to detect unknown protocol fields and state machines.Simulation experimental results of interactive learning with industrial control simulation software show that this method can effectively verify field semantics,expand field values,expand abnormal sample types,and solve the problem of pseudo-long static fields caused by insufficient sample diversity and that it can detect new states and state transitions,greatly improving the accuracy of unknown protocol reverse.

    Detecting compromised email accounts via spatiotemporal login behavior analysis
    ZHAO Jianjun,WANG Xutong,CUI Xiang,LIU Qixu
    Journal of Xidian University. 2023, 50(4):  34-44.  doi:10.19665/j.issn1001-2400.2023.04.004
    Abstract ( 91 )   HTML ( 10 )   PDF (1178KB) ( 43 )   Save
    Figures and Tables | References | Related Articles | Metrics

    Compromised email accounts detection faces various challenges in the system administration and attack forensics,such as the lack of threat intelligence,a large amount of data to be analyzed,and the difficulty with direct confirmation with the email owners.To address the above problems,this paper proposes a compromised email accounts detection method using only login logs without relying on any labeled samples.First,this paper summarizes the attack features and proposes an email accounts compromise model.Second,based on the email accounts compromise model,this paper characterizes the spatial similarity and temporal synchronization when invading the email accounts.When using the spatial similarity to detect the compromised email accounts,this paper uses graphs to construct the spatial distances between accounts;and then,the accounts with a similar spatial distance are grouped into the same community,and the possibility of accounts compromising is evaluated according to the community size.When using the temporal synchronization to detect the compromised email accounts,this paper proposes a metric to describe the abnormal login behaviors and evaluates the possibility of compromise by checking if other accounts have similar abnormal behaviors in the same period.Finally,a sorted list of email accounts is outputted to provide priority reference for analysts according to the possibility of compromise.Experimental results show that the method proposed in this paper can detect about 98% of the compromised email accounts with 70% workload reduced,and the detection effect is better than that of the similar studies.Additionally,the detection method can discover the unknown attackers and the undisclosed malicious IP addresses.

    Privacy-preserving internet of things data filtering scheme
    ZHOU Rang,ZHANG Xiaosong,WANG Xiaofen,LI Dongfen,CHEN Tao,ZHANG Xiaojun
    Journal of Xidian University. 2023, 50(4):  45-53.  doi:10.19665/j.issn1001-2400.2023.04.005
    Abstract ( 74 )   HTML ( 4 )   PDF (1123KB) ( 49 )   Save
    Figures and Tables | References | Related Articles | Metrics

    With the development of industry 5.0,the operational data need to be collected and uploaded in real time in the practical Internet of Things (IoT).To describe and analyze the working state of the IoT more precisely,high accurate and real-time data are required.Then,in practical applications,many different types of IoT data are stored together without classifying,which could reduce the efficiency of data analysis.In order to improve the efficiency of data analysis in the hybrid data storage environment,it is necessary to use the method of data shunting in the process of data upload to realize the classified storage of data.However,the traditional data shunting method shunts the plaintext data according to its source identity,during which the source information on the plaintext data will leak the identity and privacy of the IoT devices.Therefore,how to realize the classified storage of these IoT data through the data shunting without revealing the privacy has become an urgent problem to be solved in the security management of the IoT data.In this paper,a new privacy-preserving IoT data filtering scheme is proposed.On the basis of maintaining the context and device identity privacy,each data filtering rule is set by a filtering trapdoor,which is computed from the identity of the data source device.Then,the data can be classified and routed by the relay nodes following the given rules in the data uploading phase,from which the heterologous data can be classified and the homologous data are stored together,which can help further data access control and data analysis.Experiment results show that our scheme is efficient and practical.

    Efficient deep learning scheme with adaptive differential privacy
    WANG Yuhua,GAO Sheng,ZHU Jianming,HUANG Chen
    Journal of Xidian University. 2023, 50(4):  54-64.  doi:10.19665/j.issn1001-2400.2023.04.006
    Abstract ( 174 )   HTML ( 11 )   PDF (1184KB) ( 82 )   Save
    Figures and Tables | References | Related Articles | Metrics

    While deep learning has achieved a great success in many fields,it has also gradually exposed a series of serious privacy security issues.As a lightweight privacy protection technology,differential privacy makes the output insensitive to any data in the dataset by adding noise to the model,which is more suitable for the privacy protection of individual users in reality.Aiming at the problems of the dependence of iterations on the privacy budget,low data availability and slow model convergence in most existing differential private deep learning schemes,an efficient deep learning scheme based on adaptive differential privacy is proposed.First,an adaptive differential privacy mechanism is designed based on the Shapley additive explanation model.By adding noise to the sample features,the number of iterations is independent of the privacy budget,and then the loss function is perturbed by the function mechanism,thus achieving the dual protection of original samples and labels while enhancing the utility of data.Second,the adaptive moment estimation algorithm is used to adjust the learning rate to accelerate the model convergence.Additionally,zero-centralized difference privacy is introduced as a statistical mechanism of privacy loss,which reduces the risk of privacy leakage caused by the privacy loss exceeding the privacy budget.Finally,a theoretical analysis of privacy is made,with the effectiveness of the proposed scheme verified by comparative experiments on the MNIST and Fashion-MNIST datasets.

    Research on threat intelligence extraction and knowledge graph construction technology
    SHI Huiyang,WEI Jingxuan,CAI Xingye,WANG He,GAO Suixiang,ZHANG Yuqing
    Journal of Xidian University. 2023, 50(4):  65-75.  doi:10.19665/j.issn1001-2400.2023.04.007
    Abstract ( 238 )   HTML ( 12 )   PDF (1879KB) ( 81 )   Save
    Figures and Tables | References | Related Articles | Metrics

    At present,the infrastructure used by attackers can adapt to more target environments.After successfully invading the target,the attackers use legitimate user credentials to gain trust,and continuously learn to exploit new vulnerabilities to achieve the purpose of attacks.In order to combat attacks and to improve the quality and utilization efficiency of the threat intelligence,this paper constructs a knowledge mapping framework of threat intelligence through the following four processes:intelligence collection,information extraction,ontology construction,and knowledge reasoning.The proposed framework can realize the search for and correlation of essential indicators in the intelligence.Then,an indicator of compromise (IOC) recognition extraction method based on the Bert+BISLTM+CRF is proposed and a regular matching mechanism is applied to limit the output for identifying and extracting IOC information from the text information,followed by performing the structured threat information expression (STIX) standard format conversion.The accuracy and recall rate of this extraction model for the text information extraction are higher through horizontal and vertical comparison.Finally,by taking the APT1 as an example,this paper constructs the entity-relationship diagram of threat intelligence.The attack behavior is transformed into a structured format combined with the adversarial tactics,techniques,and common knowledge (ATT & CK) framework.A knowledge map of ontology and atomic ontology is established which is used to analyze the potential associations between data through the knowledge map associations and to discover potential associated information and attack agents in threat intelligence with similarity and correlation.The correlation analysis of threat intelligence is carried out,which provides the basis for the formulation of defense strategy.

    Active zero trust model against APT theft in the industrial internet
    FENG Jingyu,LI Jialun,ZHANG Baojun,HAN Gang,ZHANG Wenbo
    Journal of Xidian University. 2023, 50(4):  76-88.  doi:10.19665/j.issn1001-2400.2023.04.008
    Abstract ( 70 )   HTML ( 6 )   PDF (2683KB) ( 46 )   Save
    Figures and Tables | References | Related Articles | Metrics

    The comprehensive and deep integration of the new generation of information technology and industrial systems that induces the advanced persistent threat (APT) theft has become a killer-level insider threat that leaks sensitive data in the industrial internet environment.The critical infrastructure in the industrial internet environment generates and maintains a large number of sensitive data with "ownership" characteristics,which will bring immeasurable economic losses to enterprises once they are leaked.Aiming at the lag of sensitive data protection in the current industrial internet,an active zero trust model against APT theft is proposed.Our model introduces the long short-term memory neural network to construct a feature extractor based on its advantages in processing temporal data,to train abstract sequence features from behavioral data,and to extract regular trust factors.The block creation is carried out for industrial internet terminals respectively.The forward sequential redundant block elimination algorithm is designed to evolve a scalable blockchain called the ZTE_chain so as to achieve tamper-proof and low-load trust factor security storage.To respond to the behavior changes of compromised terminals in time,the convolutional neural network is introduced to predict the mutation factor,which is used to dynamically adjust the trust value,on the basis of which an authentication algorithm is given to quickly identify the compromised terminals and to actively block their APT theft threat.Experimental results show that the model proposed in this paper has a good effect of identifying compromised terminals,which is helpful in combating the APT theft threat generated by compromised terminals in the industrial internet environment.

    Privacy-preserving federated learning with non-transfer learning
    XU Mengfan,LI Xinghua
    Journal of Xidian University. 2023, 50(4):  89-99.  doi:10.19665/j.issn1001-2400.2023.04.009
    Abstract ( 102 )   HTML ( 8 )   PDF (1612KB) ( 57 )   Save
    Figures and Tables | References | Related Articles | Metrics

    The model stealing and gradient leakage attacks have increasingly become the bottlenecks that limit the broad application of federated learning.The existing authorization-based intellectual property protection schemes and privacy-preserving federated learning schemes have conducted a lot of research to solve the above challenges.However,there are still issues of authorization invalidation and high computational overhead.To solve the above problems,this paper proposes a model intellectual property and privacy-preserving method in federated learning.This method can protect the privacy of local gradients while ensuring that the aggregated model authorization is not invalidated.Specifically,a lightweight gradient aggregation method based on the blind factor is designed to significantly reduce the computational overhead of the encryption and decryption process by aggregating blinding factors.On this basis,an interactive co-training method based on anti-transfer learning is further proposed to ensure that the model can only be used by authorized users in authorized domains while protecting the privacy of local gradients,where the Shannon mutual information between the representation vector of the auxiliary domain data and the obstacle is increased.The security and correctness of the scheme are theoretically proved,and the system’s superiority is verified on the public data set.It is shown that the performance of the proposed method in the unauthorized domain is at least 47% lower than that of the existing schemes,and the computational complexity is reduced at the level of gradient dimension.

    Anonymous communication model with dynamic negotiation of identifiers
    YANG Xiaohui,ZHUANG Haijing
    Journal of Xidian University. 2023, 50(4):  100-110.  doi:10.19665/j.issn1001-2400.2023.04.010
    Abstract ( 60 )   HTML ( 6 )   PDF (1147KB) ( 44 )   Save
    Figures and Tables | References | Related Articles | Metrics

    The past decade has been a big data era of rapid development in communication technology and computing paradigms.With the increasing application of big data,digital information transmission has become an important form of human communication.However,there are many hidden security risks in the process of digital information transmission.Data leakage often occurs in the process of information transmission.As one of the key means of privacy protection in the communication process,anonymous communication has been widely concerned.However,the existing anonymous communication models cannot effectively cope with attacks such as replay attack,man-in-the-middle attack,and statistical attack while ensuring the communication efficiency.This paper proposes an anonymous communication model based on identifier dynamic negotiation.In the preprocessing stage,an improved identifier negotiation method based on ECDH key exchange is adopted,which allows every two members in the network to negotiate the communication identifier and the symmetric key for encrypting messages,and improves the negotiation efficiency in the preprocessing stage.In the anonymous communication stage,identifiers can be dynamically changed with each communication,which effectively resists replay attacks and statistical attacks.The scheme also sets up a special investigation agency for giving the right to remove anonymity to the investigation agency,preventing malicious users from refusing to remove anonymity.Security analysis proves the robustness of the scheme.Performance experiments show that the scheme has a higher communication efficiency while ensuring security.

    Differentially private federated learning framework with adaptive clipping
    WANG Fangwei,XIE Meiyun,LI Qingru,WANG Changguang
    Journal of Xidian University. 2023, 50(4):  111-120.  doi:10.19665/j.issn1001-2400.2023.04.011
    Abstract ( 234 )   HTML ( 15 )   PDF (1094KB) ( 84 )   Save
    Figures and Tables | References | Related Articles | Metrics

    Federation learning allows the parties involved in training to achieve collaborative modeling without sharing their own data.Its data isolation strategy safeguards the privacy and security of user data to a certain extent and effectively alleviates the problem of data silos.However,the training process of federation learning involves a large number of parameter interactions among the participants and the server,and there is still a risk of privacy disclosure.So a differentially private federated learning framework ADP_FL based on adaptive cropping is proposed to address the privacy protection problem during data transmission.In this framework,each participant uses its own data to train the model by performing multiple iterations locally.The gradient is trimmed by adaptively selecting the trimming threshold in each iteration in order to limit the gradient to a reasonable range.Only dynamic Gaussian noise is added to the uploaded model parameters to mask the contribution of each participant.The server aggregates the received noise parameters to update the global model.The adaptive gradient clipping strategy can not only achieve a reasonable calibration of the gradient,but also control the noise scale by dynamically changing the sensitivity while considering the clipping threshold as a parameter in the sensitivity.The results of theoretical analysis and experiments show that the proposed framework can still achieve a great model accuracy under strong privacy constraints.

    Privacy preserving byzantine robust federated learning algorithm
    LI Haiyang,GUO Jingjing,LIU Jiuzun,LIU Zhiquan
    Journal of Xidian University. 2023, 50(4):  121-131.  doi:10.19665/j.issn1001-2400.2023.04.012
    Abstract ( 128 )   HTML ( 7 )   PDF (1782KB) ( 72 )   Save
    Figures and Tables | References | Related Articles | Metrics

    Federated learning is a distributed machine learning paradigm,in which the original training sets of the nodes do not have to leave the local area and they collaborate to train machine learning models by sharing model updates.Most of the current privacy-preserving and Byzantine attack detection researches in the field of federated learning are carried out independently,and the existing Byzantine attack detection methods cannot be directly applied to the privacy-preserving environment,which does not meet the practical application requirements of federated learning.To address these problems,this paper proposes a federated learning algorithm for Byzantine robustness in a privacy-preserving environment with data non-independent and identically distributed.First,privacy protection is provided for model updates (local model gradient information) by differential privacy techniques; then the credibility is evaluated for the current state of nodes based on historical model updates uploaded by nodes; and finally,global model aggregation is performed based on the evaluation results.Simulation results show that in a federated learning environment with data non-independent and identically distributed,and with the privacy protection and Byzantine node ratio of 20%~80%,the proposed algorithm performs Byzantine node detection with both the miss detection rate and the false detection rate at 0%.Meanwhile,the time overhead of Byzantine node detection tends to linearly increase with the increase in the number of the nodes.Compared with the existing Byzantine node detection algorithms,the proposed algorithm can obtain a global model with a higher accuracy in the case of data being non-independent and identically distributed and model privacy protection.

    Artificial fish feature selection network intrusion detection system
    LIU Jingmei,YAN Yibo
    Journal of Xidian University. 2023, 50(4):  132-138.  doi:10.19665/j.issn1001-2400.2023.04.013
    Abstract ( 70 )   HTML ( 10 )   PDF (705KB) ( 55 )   Save
    Figures and Tables | References | Related Articles | Metrics

    In the field of intrusion detection,redundancy and extraneous features not only slow down the classification process,but also prevent the classifier from making accurate decisions,resulting in intrusion detection system performance degradation.A network intrusion detection system based on artificial fish feature selection is proposed to address the problem of low system accuracy induced by high-dimensional data sets in intrusion detection.First,the original data set is preprocessed,with the data cleaned and standardized.Then,an improved multi-objective artificial fish swarm algorithm(AFSA) is presented by merging the adaptive parameter modifications and the multi-objective optimization algorithm.By dynamically optimizing the search space,the search ability is improved,and the optimal feature subset is selected.Finally,an intrusion detection model is established based on a genetic algorithm and CatBoost improved multi-objective artificial fish swarm optimization approach.The generated multi-feature subsets are classified by CatBoost for feature evaluation,and the effectiveness of feature selection is tested.The proposed feature selection approach employs 17-dimensional features to achieve an accuracy of 93.97% on the NSL-KDD dataset,while it uses 24-dimensional features to achieve an accuracy of 95.06% on the UNSW-NB15 dataset.Simulation results show that the proposed algorithm can achieve a high accuracy while having a low dimension,which has certain advantages compared with existing feature selection methods.

    Multi-view encryption malicious traffic detection method combined with co-training
    HUO Yuehua,WU Wenhao,ZHAO Faqi,WANG Qiang
    Journal of Xidian University. 2023, 50(4):  139-147.  doi:10.19665/j.issn1001-2400.2023.04.014
    Abstract ( 74 )   HTML ( 6 )   PDF (930KB) ( 52 )   Save
    Figures and Tables | References | Related Articles | Metrics

    Aiming at the problem of high dependence on labeled samples in machine learning-based malicious traffic detection methods for transport layer security protocol encryption,a semi-supervised learning-based malicious traffic detection method for transport layer security protocol encryption is proposed.With only a small number of labeled samples,the co-training strategy is utilized for the first time to joint two views of the encrypted traffic,and the training is performed by introducing unlabeled samples to expand the sample set and thereby to reduce the dependence on labeled samples.First,the flow metadata features with strong independence and certificate features in encrypted traffic features are extracted to construct each view for collaborative training,respectively.Second,the XGBoost classifier and random forest classifier are constructed for each view respectively.Finally,the two classifiers are collaboratively trained to form a multi-view co-training classifier detection model through the co-training strategy,with the model trained using a small number of labeled samples and a large number of unlabeled samples.The model achieves an accuracy rate of 99.17%,a recall rate of 98.54%,and a false positive rate of less than 0.18% on the public dataset.Experimental results show that the proposed method can effectively reduce the dependence on labeled samples under the condition of a small number of labeled samples.

    Blockchain-assisted solution for emergency message trust evaluation in the VANET
    ZHOU Hao,MA Jianfeng,LIU Zhiquan,WANG Libo,WU Yongdong,FAN Wenjie
    Journal of Xidian University. 2023, 50(4):  148-156.  doi:10.19665/j.issn1001-2400.2023.04.015
    Abstract ( 66 )   HTML ( 5 )   PDF (1293KB) ( 47 )   Save
    Figures and Tables | References | Related Articles | Metrics

    Vehicular ad-hoc networks (VANET) have attracted a lot of attention because of their great potential to improve road safety and traffic efficiency.However,in the VANET,the trust assessment of emergency messages by vehicles needs to meet both low latency and high accuracy.In order to solve the problem of high latency and low accuracy of the existing trust management scheme in the VANET in the process of emergency message trust assessment,the author proposes a scheme for blockchain-assisted emergency message trust evaluation in the VANET.In this scheme,first,the blockchain technology is used to store the vehicle trust value in a distributed manner to realize trusted storage of the vehicle trust value; next,the pre-caching strategy and post-query caching strategy are designed,which are combined with the smart contract to design the trust value query algorithm respectively to query the vehicle trust value with low latency; and then,based on the proposed query algorithm,vehicle trust values are introduced,and vehicle location and message freshness are combined as reference factors for emergency message trust evaluation.Finally,low latency and high accuracy in emergency message trust evaluation is achieved.Compared with the existing solutions,the proposed solution improves the trust value query efficiency by about 79.9%~98.9% and the trust evaluation accuracy by about 4.71%.In addition,the author compares the two proposed caching strategies,with the pre-caching strategy improving the query efficiency by about 56.9% but increasing the storage space overhead by about 23.7%~86.2% as compared with the post-query caching strategy.

    JPEG image steganalysis based on deep extraction of stego noise
    FAN Wentong,LI Zhenyu,ZHANG Tao,LUO Xiangyang
    Journal of Xidian University. 2023, 50(4):  157-169.  doi:10.19665/j.issn1001-2400.2023.04.016
    Abstract ( 72 )   HTML ( 13 )   PDF (3560KB) ( 58 )   Save
    Figures and Tables | References | Related Articles | Metrics

    The performance of steganalysis is limited by the quality of the stego noise obtained by current deep learning-based methods.In order to obtain more accurate stego noise and improve the accuracy of steganalysis,a new method is proposed based on deep extraction of stego noise for JPEG image steganalysis.First,a stego noise deep extraction network is formulated to precisely extract the stego noise from stego images with the supervised trained network.Then,a model evaluation index is proposed to select the most effective network for stego noise extraction.Finally,according to the characteristics of stego noise,a classification network is designed to detect the stego images,which is then combined with the stego noise extraction network to obtain the final detection network.In the steganalysis experiment,two large-scale publicly available datasets(BOSSBase and BOWS2)are used to construct the stego images by two adaptive JPEG image steganography methods (J-UNIWARD and UED-JC) under several embedding rates and quality factors.Experimental results show that the detection accuracy of the method proposed in this article has been improved by up to 2.22% and 0.85%,respectively compared to the second-best performing method.By extracting more accurate stego noise and reducing the impact of image content on steganalysis,the proposed method achieves a better detection performance compared to typical deep learning-based JPEG steganalysis methods.

    The design and cryptanalysis of a large state lightweight cryptographic S-box
    FAN Ting,FENG Wei,WEI Yongzhuang
    Journal of Xidian University. 2023, 50(4):  170-179.  doi:10.19665/j.issn1001-2400.2023.04.017
    Abstract ( 99 )   HTML ( 5 )   PDF (945KB) ( 54 )   Save
    Figures and Tables | References | Related Articles | Metrics

    Alzette is a 64 bit lightweight S-box based on the ARX structure proposed at the CRYPTO 2020.It has many advantages such as excellent hardware and software performance,strong diffusion and high security,so that it receives wide attention domestically and internationally.However,64-bit lightweight S-boxes with execllent performance and security are rare.Whether it is possible to design the large state lightweight S-box with better performance than Alzette is difficult in current research.In this paper,a large state lightweight cryptographic S-box based on the ARX structure with an excellent performance and security is designed.A “hierarchy filtering method” is proposed to determine the optimal rotation parameters by setting the best differential/linear characteristic bounds in advance,and the security evaluation for the new S-box is given.It is shown that the software and hardware implementation performance of the new S-box is equivalent to that of the Alzette.For the new S-box,the probability of 5-round best differential characteristic (linear approximation) up to 2-17(2-8),and the probability of 7-round best linear approximation reaches 2-17.But for the Alzette,the 5-round best differential characteristic (linear approximation) with probability of 2-10>2-17(2-5>2-8),and the 7-round best linear approximation with probability of 2-13>2-17.The new S-box shows a stronger resistance against differential cryptanalysis and linear cryptanalysis.

    Model for protection of k-degree anonymity privacy under neighbor subgraph disturbance
    DING Hongfa,TANG Mingli,LIU Hai,JIANG Heling,FU Peiwang,YU Yingying
    Journal of Xidian University. 2023, 50(4):  180-193.  doi:10.19665/j.issn1001-2400.2023.04.018
    Abstract ( 49 )   HTML ( 6 )   PDF (1430KB) ( 45 )   Save
    Figures and Tables | References | Related Articles | Metrics

    With the increasing use of mass graph data in commerce and academia,it has become critical to ensure privacy when sharing and publishing graph data.However,existing anonymous privacy-preserving models struggle to balance the conflict between privacy and utility of graph data.To address this issue,a k-degree anonymity privacy preserving model based on neighbor subgraph perturbation has been proposed,which enhances both the levels of privacy preservation and data utility.To achieve k-degree anonymity privacy preservation,this model first perturbs the 1-neighbor subgraph of each node in graph data by using neighbor subgraph perturbation.This perturbation is optimized,resulting in improved perturbing efficiency and reduced data utility loss.Next,the partition of anonymous node group is optimized by using a divide-and-conquer strategy based on the degree sequence of nodes,leading to improved utility of the anonymized graph.Finally,the anonymized graph is reconstructed by editing both edges and subgraph borders to achieve k-degree anonymity privacy preservation.Comparisons and experiments have shown that the proposed model greatly improves both the overhead and security when compared to existing models and that it is able to resist both degree-based attacks and neighborhood attacks.Furthermore,the data utility is greatly improved,as evidenced by metrics such as change proportion of edges,information loss,change in the average degree of nodes,and clustering coefficient.

    Trusted execution environment enabled dynamic group access control for data in cloud
    LI Yue,SONG Qipeng,JIA Hao,DENG Xin,MA Jianfeng
    Journal of Xidian University. 2023, 50(4):  194-205.  doi:10.19665/j.issn1001-2400.2023.04.019
    Abstract ( 52 )   HTML ( 7 )   PDF (1667KB) ( 45 )   Save
    Figures and Tables | References | Related Articles | Metrics

    The prevalence of cloud storage service has attracted many users to outsource their data to cloud platforms.In order to protect personal privacy,data are encrypted before being outsourced to the cloud,which brings great inconvenience for data sharing through the cloud platforms.The key challenge lies in how to design a cryptography-based group access control scheme to support users to share ciphertext data safely and conveniently with reasonable computing/storage overhead.To this end,by considering the existing research efforts,and based on an existing scheme that combines identity-based broadcast encryption,attribute encryption and proxy re-encryption,a low-overhead,fine-grained cloud storage data dynamic group access control mechanism based on trusted computing environment is proposed.By introducing a trusted execution environment,such as Intel® software guard extensions (SGX),the cryptographic operation within the original scheme is significantly simplified.At the same time,by introducing the idea of subgroup partition,the management overhead of dynamic group access control is further optimized.Simulation results show that,compared with the original scheme,this scheme not only effectively protects data privacy,but also provides dynamic access control capabilities for fine-grained ciphertext data,which greatly reduces computational complexity.

    Dark web author alignment based on attention augmented convolutional networks
    YANG Yanyan,DU Yanhui,LIU Hongmeng,ZHAO Jiapeng,SHI Jinqiao,WANG Xuebin
    Journal of Xidian University. 2023, 50(4):  206-214.  doi:10.19665/j.issn1001-2400.2023.04.020
    Abstract ( 69 )   HTML ( 6 )   PDF (2158KB) ( 44 )   Save
    Figures and Tables | References | Related Articles | Metrics

    Dark network users engage in a large number of illegal and criminal activities in the underground market.The anonymity of the dark network brings great convenience to the communication between users of the dark network,but great difficulties to the police.In recent years,the deep neural network has been widely successful in various fields,and more and more researchers have begun to use the neural network to identify anonymous network text authors.In order to better align users in the dark web and find more different users with the same identity,we use the neural network method to identify and align users in the dark web.However,the existing methods focus mainly on the short text and are not good at dealing with the global and long sequence information.In this paper,we propose a self-attention mechanism to enhance the convolution operator and use long sequence information to strengthen the user representation,named DACN.DACN starts from the text content,and multiple account associations are carried out for anonymous dark web users to aggregate information from multiple anonymous accounts,proving mores clues for obtaining the users’true identity.Our recent analysis involves conducting a thorough assessment of two distinct dark web market forums,whereby we evaluate our methodology in comparison to the current state-of-the-art techniques.Experimental results show that our approach is remarkably effective,with a demonstrated average mean retrieval ranking (MRR) enhancement of 2.9% and 3.6%,as well as an improved Recall@10 of 2.3% and 3.0%.This evaluation offers robust evidence of the efficacy of our approach in dark web market forums.

    Research on the Wi-Fi privacy leakage risk of intelligent connected vehicles
    YANG Bo,ZHONG Yongchao,YANG Haonan,XU Zifeng,LI Xiaoqi,ZHANG Yuqing
    Journal of Xidian University. 2023, 50(4):  215-228.  doi:10.19665/j.issn1001-2400.2023.04.021
    Abstract ( 61 )   HTML ( 5 )   PDF (2242KB) ( 37 )   Save
    Figures and Tables | References | Related Articles | Metrics

    Aiming at the problems of being incomplete,subjective and difficult to quantify loss in privacy disclosure risk assessment of intelligent connected vehicles,a privacy risk assessment model combining qualitative and quantitative methods is proposed.First,based on the qualitative risk assessment model,a new privacy classification is proposed,which extends the privacy impact rating of the existing standard.Second,a privacy leakage detection scheme based on Wi-Fi is designed to solve the problem of data collection in quantitative evaluation.Finally,the comprehensive value measurement of the leaked privacy data is carried out from the information entropy,influence level,personal identifiable information type and other factors.The privacy data pricing model is introduced to quantify the attack benefits,and the product of attack benefits and probability is taken as the estimated loss value.The feasibility of the privacy leakage detection scheme is proved through the real car experiment on three intelligent connected cars.The qualitative and quantitative risk assessment of privacy data shows that the extended impact rating,privacy measurement and pricing model are superior to those of the existing scheme,and that the scheme effectively quantifies the privacy disclosure risk of intelligent connected vehicles.The risk value of quantitative conversion is in good agreement with that of the risk value of qualitative assessment.

    Distortion scheme based on the local curvature for spatial image steganography
    HAN Ye,GUAN Qingxiao,LIU Niansheng,CHEN Hefeng,ZHANG Weiming,GAO Yan
    Journal of Xidian University. 2023, 50(4):  229-236.  doi:10.19665/j.issn1001-2400.2023.04.022
    Abstract ( 58 )   HTML ( 5 )   PDF (816KB) ( 17 )   Save
    Figures and Tables | References | Related Articles | Metrics

    Steganography is an information hiding method.As people increasingly favor social media for information exchange,information hiding technology with images is a hot topic of current research.In the framework of minimizing embedding distortion,it is crucial to define a good cost function in order to improve the security of steganography.In this paper we propose a distortion scheme for spatial steganography,in which the Hessian matrix is constructed via the second order difference and is used for calculating the residual.First,we use the horizontal difference and vertical difference,and directional differences in 4 directions,to calculate Hessian matrices in 4 directions.For these Hessian matrices,we calculate absolute values of their eigenvalues as a residual.Along with cost values calculated from residuals,we merge them in two phases.In the experiment,we use two kinds of steganalysis feature sets,SRM and MaxSRMd2,respectively,to evaluate the performance of each distortion scheme.Moreover,an ensemble FLD classifier is adopted to map the steganalysis feature to the prediction results for each testing sample.The experimental result is compared to those of eight methods and each method is repeated ten times.Experimental data show that using the distortion cost scheme proposed in this paper exhibits a higher sample detection error rate at the same embedding rate.Experimental results show that the proposed method achieves a security performance comparable to that by the Hill.In addition,when our proposed method is fused with the Hill by the Controversial Pixel Prior (CPP) rule,its performance can be enhanced.

    Research on cloud native API attack trapping technology
    ZHANG Yue,CHEN Qingwang,LIU Baoxu,YU Cunwei,TAN Ru,ZHANG Fangjiao
    Journal of Xidian University. 2023, 50(4):  237-248.  doi:10.19665/j.issn1001-2400.2023.04.023
    Abstract ( 60 )   HTML ( 9 )   PDF (2525KB) ( 13 )   Save
    Figures and Tables | References | Related Articles | Metrics

    As the core channel for connecting services and transmitting data,the application programming interface (API) hides security risks that cannot be ignored behind its huge value.As the most important information infrastructure on the Internet,it has become the main target for attackers.In order to make up for the shortcomings of existing API security schemes that cannot adequately protect API attack surfaces,we focus on the API security of the cloud native architecture.Based on the idea of active trapping,a cloud-oriented API attack trapping framework is proposed,which constructs corresponding API decoys and high-interactive trapping environments according to the characteristics of different cloud service levels.Especially,in the container orchestration layer (platform layer),three API decoys are designed around the vulnerabilities of cloud components Kubernetes and Docker.In the application layer,fifteen API decoys are designed by selecting API vulnerabilities with more harm and higher utilization frequency.At the same time,in view of the high demand for physical resources of high-interaction API decoys in the application layer,a dynamic scheduling algorithm based on the current network traffic is proposed to maximize the capture effect by making full use of physical resources.On the basis of the trapping framework,a prototype system is implemented and deployed in the real environment.The trapping system finally captures 1270 independent Internet Protocol (IP) addresses and 4146 requests.The captured data are statistically analyzed,and the captured attack behaviors are analyzed in detail.Experimental results show that the proposed API attack trapping technology can effectively discover API attack behaviors in the cloud native environment.