Content of Network·Security in our journal

Published in last 1 year |  In last 2 years |  In last 3 years |  All Please wait a minute... For Selected: Download Citations EndNote Ris BibTeX Toggle Thumbnails Select Source Localization of Network Information Propagation via Invertible Graph Diffusion ZHAI Wenshuo, ZHAO Xiang, CHEN Dong Journal of Frontiers of Computer Science and Technology    2024, 18 (5): 1348-1356.   DOI: 10.3778/j.issn.1673-9418.2308074 With the development of society, security issues in various types of networks have become increasingly prominent, especially network propagation issues. Accurately locating the diffusion source points of network propagation is an important means to control network propagation. The research on the source location of network propagation also faces problems such as diverse network structure and complex dissemination mechanism. Therefore, this paper studies the problem of source location of network propagation based on graph neural networks, and an invertible graph diffusion model based on graph convolutional networks (GCNIGD) is proposed. In the stage of node susceptibility estimation, the graph convolutional neural network is combined to make full use of the structural information of the network considering the connection relationship between network nodes. In the stage of node feature construction, the graph diffusion theory is combined to spatially localize the information propagation in the network, so that the graph-based model can be enhanced by learning from multi-hop information. In the stage of source localization, the graph traceability problem is transformed into the inverse problem of graph diffusion, a reversible graph network is constructed to accurately estimate the source node, and the ill-posed problems in network traceability are solved. Finally, extensive experiments are conducted on six real-world datasets, and the results show that the proposed method outperforms the state-of-the-art methods. This study has important guiding significance for network security issues such as false information traceability, network attack traceability, etc. Reference | Related Articles | Metrics Abstract （94） PDF （126） Select Blockchain Transactions Using Attached Blocks and Discrete Token Negotiation for Delay-Tolerant Networks ZI Lingling, CONG Xin Journal of Frontiers of Computer Science and Technology    2024, 18 (5): 1357-1367.   DOI: 10.3778/j.issn.1673-9418.2307039 The essence of blockchain is the competition for node mining rights, and the real-time connectivity of the network is prerequisite and guarantee. However, there exist delay-tolerant networks with data transmission latency, which puts nodes at a disadvantage in blockchain activities. To address this problem, a transaction architecture is constructed to provide service support for nodes in discontinuous connectivity networks to participate in blockchain activities. Firstly, an auxiliary block named as an attached block is constructed as a basis for distinguishing new blocks generated when the network is connected or disconnected. Secondly, with the miner’s identity and several random numbers as parameters, unique and verifiable discrete tokens are generated to obtain mining qualifications. On this basis, the mining qualification attribution algorithm and branch processing algorithm are designed. The former avoids the problem of the richest man doing evil in PoS (proof of stake) and DPoS (delegated proof of stake), and the latter ensures the attached chains are added to the main chain with an equal probability. Finally, a quadratic consensus scheme is designed to solve the problem of false and duplicate transactions that may exist in generated blocks when the network is disconnected. Theoretical proof and experimental analysis show that the architecture has advantages in indices such as reliability, acceptability, transaction throughput, confirmation time and branching rate. Reference | Related Articles | Metrics Abstract （17） PDF （29） Select Image-Text Retrieval Backdoor Attack with Diffusion-Based Image-Editing YANG Shun, LU Hengyang Journal of Frontiers of Computer Science and Technology    2024, 18 (4): 1068-1082.   DOI: 10.3778/j.issn.1673-9418.2305032 Deep neural networks are susceptible to backdoor attacks during the training stage. When training an image-text retrieval model, if an attacker maliciously injects image-text pairs with a backdoor trigger into the training dataset, the backdoor will be embedded into the model. During the model inference stage, the infected model performs well on benign samples, whereas the secret trigger can activate the hidden backdoor and maliciously change the inference result to the result set by the attacker. The existing researches on backdoor attacks in image-text retrieval are based on the method of directly overlaying the trigger patterns on images, which has the disadvantages of low success rate, obvious abnormal features in poisoned image samples, and low visual concealment. This paper proposes a new backdoor attack method (Diffusion-MUBA) for image-text retrieval models based on diffusion models, designing trigger prompts for the diffusion model. Based on the correspondence between text keywords and regions of interest (ROI) in image-text pair samples, the ROI region in the image samples is edited to generate covert, smooth and natural poisoned training samples, to fine-tune through the pretrained model, establishing incorrect fine-grained word to region alignment in the image-text retrieval model, and embed hidden backdoors into the retrieval model. This paper designs the attack strategy of diffusion model image editing, proposes the backdoor attack model of bidirectional image-text retrieval, and achieves good results in the backdoor attack experiments of image-text retrieval and text-image retrieval. Compared with other backdoor attack methods, it improves the attack success rate, and avoids the impact of introducing specific characteristics of trigger patterns, watermarks, perturbations, local distortions and deformation in the poisoned samples. On this basis, this paper proposes a backdoor attack defense method based on object detection and text matching. It is hoped that the study on the feasibility, concealment, and implementation of backdoor attacks in image and text retrieval may contribute to the development of multimodal backdoor attack defense. Reference | Related Articles | Metrics Abstract （218） PDF （169） Select Cryptomining Malware Early Detection Method Based on AECD Embedding CAO Chuanbo, GUO Chun, LI Xianchao, SHEN Guowei Journal of Frontiers of Computer Science and Technology    2024, 18 (4): 1083-1093.   DOI: 10.3778/j.issn.1673-9418.2307023 Cryptomining malware can compromise system security, reduce hardware lifetime, and cause significant power consumption. Therefore, implementing cryptomining malware early detection to stop its damage in time is critical to system security. The existing dynamic analysis-based cryptomining malware early detection methods are hard to balance the timeliness and accuracy of detection. To detect cryptomining malware accurately and timely, this paper integrates a certain length of API (application programming interface) names, API operation categories and DLLs (dynamic link libraries) called by cryptomining malware in the early stage of operation to more fully describe its behavioral information in this stage, and proposes the AECD (API embedding based on category and DLL) embedding and further proposes a cryptomining malware early detection method based on AECD embedding (CEDMA). CEDMA uses the API sequence called by software in the early stage of operation as the object of detection and uses AECD embedding and TextCNN (text convolutional neural network) to build a detection model to implement cryptomining malware early detection. Experimental results show that when CEDMA takes the 3000 API sequence called for the first time after the software runs as input, it can detect the known and unknown cryptomining malware samples in the experiment with 98.21% and 96.76% accuracy values, respectively. Reference | Related Articles | Metrics Abstract （46） PDF （44） Select Lightweight Routing Protocol for Named Data Networking ZOU Bowen, SONG Tian, LI Tianlong, YANG Yating Journal of Frontiers of Computer Science and Technology    2024, 18 (3): 795-804.   DOI: 10.3778/j.issn.1673-9418.2304001 Named data networking (NDN) is a novel network architecture that revolves around information-centric principles. In order to acquire global routing information within the network, typical NDN routing protocols rely on data synchronization mechanisms to achieve global routing updates. However, such synchronization protocols operate at the application layer, which introduces challenges in dynamic network environments, such as high costs associated with network information updates and limited ability to perceive network dynamics. To address these issues, this paper designs and implements a lightweight named-binding routing protocol (NBRP). This approach binds routing node names with their published content names, enabling routing nodes to make targeted requests for routing update information without requiring additional synchronization protocols, thus achieving lightweight routing information exchange. To further reduce the transmission costs of routing updates, this paper introduces a reusable routing information packet naming format and a routing information incremental transmission mechanism. Additionally, to validate the effectiveness of the proposed solution, corresponding functional modules are implemented and tested within the Linux kernel. Experimental results demonstrate that, in dynamic network environments, compared with traditional NDN link-state routing protocols, the proposed method can reduce routing update synchronization costs by 72% and increase link-state awareness and response speed by nearly twofold. Reference | Related Articles | Metrics Abstract （74） PDF （89） Select Application Layer Protocol Recognition Incorporating SENet and Transformer CHEN Qian, HONG Zheng, SI Jianpeng Journal of Frontiers of Computer Science and Technology    2024, 18 (3): 805-817.   DOI: 10.3778/j.issn.1673-9418.2304045 Protocol recognition technology assumes a crucial position and exerts significant influence in the domains of network communication and information security. Existing protocol recognition methods based on spatio-temporal features cannot adequately and comprehensively extract protocol features. An application layer protocol recognition method incorporating SENet channel attention and Transformer is proposed. The model focuses on spatio- temporal feature extraction of protocol data, and the model consists of a spatial feature extraction module and a time extraction module. SE blocks are added to the residual network to capture the associations between multiple channels and adaptively assign weights, so as to extract the key space features in different channels. The temporal feature extraction module is constructed by stacking the transformer encoders based on multi-head attention mechanism. This module is used to comprehensively capture temporal features of the protocol data by directly leveraging the positional information of the input data. After extracting and learning more detailed spatial features and more comprehensive temporal features, better protocol feature representation is obtained to improve protocol recognition performance. Experiments are conducted on the ISCX2012 and CSE_CIC_IDS2018 hybrid datasets, and the results show that the overall recognition accuracy of the proposed model reaches 99.20%, and the [F1] score reaches 98.99%, which are higher than those of the comparison models. Reference | Related Articles | Metrics Abstract （127） PDF （129） Select Research on Hybrid Trust Management Scheme for VANETs XIANG Dan, CHEN Zemao Journal of Frontiers of Computer Science and Technology    2024, 18 (2): 516-525.   DOI: 10.3778/j.issn.1673-9418.2211032 With the rapid development of intelligent transportation, vehicular ad hoc networks (VANETs) has broad development prospects, but also faces a variety of security threats. A distributed hybrid trust management scheme called HTMS-V is proposed for insider attackers and false message detection in VANETs. Specifically, considering the characteristics of VANETs, node trust is evaluated based on the improved subjective logic model. The evaluation combines direct trust and indirect trust, and the trust relationship between nodes is established based on interaction records. Message trust is evaluated based on node trust and the distance between nodes. And the scheme identifies false messages and malicious nodes based on the trust evaluation results. This paper tests the performance of the   HTMS-V scheme under four attack scenarios. The simulation results show that the HTMS-V scheme effectively resists various attacks in VANETs and is able to identify most false messages and malicious nodes even if the malicious node ratio reaches 40%, and the performance of the HTMS-V scheme is obviously better than that of the baseline scheme which is composed of subjective logical model and distance based weighted voting. Reference | Related Articles | Metrics Abstract （100） PDF （99） Select Adversarial Examples with Unlimited Amount of Additions JIANG Zhoujie, CHEN Yi, XIONG Ziman, GUO Chun, SHEN Guowei Journal of Frontiers of Computer Science and Technology    2024, 18 (2): 526-537.   DOI: 10.3778/j.issn.1673-9418.2302070 Malware detection methods based on gray images and deep learning have the characteristics of high detection accuracy and no need of feature engineering. Unfortunately, adversarial examples (AEs) can deceive such detection methods. However, it is difficult to reduce the detection accuracy of this kind of detection method greatly without destroying the functional integrity of the original file. By analyzing the structure and loading mechanism of portable executable (PE) files, this paper proposes an unrestricted add-amount bytecode attack (BAUAA). BAUAA generates adversarial samples by adding bytecode to a “section additional space” in the PE file that is scattered after each section and is not loaded into memory, and because of the unlimited amount of this space that can be added, the generated adversarial samples can be transformed into grayscale images that vary in size and texture, which can affect the discrimination accuracy of gray images and deep learning-based malware detection methods. The experimental results show that the detection accuracy of the malware detection method based on gray images and deep learning for the AEs generated by BAUAA is significantly lower than that for the non-AEs. To avoid the abuse of BAUAA in reality, it proposes a targeted AE detection method. Reference | Related Articles | Metrics Abstract （65） PDF （61） Select Protecting Face Privacy via Beautification WANG Tao, ZHANG Yushu, ZHAO Ruoyu, WEN Wenying, ZHU Youwen Journal of Frontiers of Computer Science and Technology    2024, 18 (1): 244-251.   DOI: 10.3778/j.issn.1673-9418.2210098 Face images distributed widely on social networks are vulnerable to inferring sensitive information by unauthorized automatic identification systems, which poses a threat to user privacy. To protect face privacy, several methods have been proposed to generate highly transferable adversarial faces to remove identity information. However, the results generated by existing methods still suffer from obvious perturbations that make visual perception poor, which is not friendly for sharing on social networks. This paper proposes an adversarial face generation scheme via beautification, i.e., Adv-beauty. Adv-beauty utilizes a face matcher and a beautification discriminator to collaboratively supervise the training process of the generator, prompting the generator to produce a beauty-like perturbation on the original face to confront the face matcher. In other words, the pixel changes produced by the beauty mask the undesirable visual effects produced by the perturbations. In addition, this paper sets an adversarial threshold for identity loss to prevent face distortion due to excessive deviation of identity features. Sufficient experiments show that Adv-beauty maintains good visual results and is effectively against unknown face recognition classifiers and commercial APIs. Reference | Related Articles | Metrics Abstract （190） PDF （176） Select DAGGraph: Blockchain Suitable for Mobile Ad Hoc Networks ZHANG Wentao, HUANG Jianhua, GU Bin, NING Yuhao, GONG Zaiwei Journal of Frontiers of Computer Science and Technology    2024, 18 (1): 252-264.   DOI: 10.3778/j.issn.1673-9418.2211070 Aiming at the challenges faced by the combination of blockchain and mobile ad hoc networks, a system model DAGGraph based on DAG (directed acyclic graph) is proposed, which adopts the DAG structure to adapt to the network split caused by mobility. Firstly, the clustering algorithm is optimized, and an algorithm for limiting the density of nodes in the cluster is proposed, which effectively solves the problem of throughput reduction and energy consumption increase caused by the uncontrolled increase of the number of nodes in the cluster. Secondly, for network splitting and merging caused by the rapid movement of the nodes, a block recovery algorithm based on data synchronization between cluster heads is proposed. The legal blocks generated by all nodes are preserved through DAG. When the network is merged, the original cluster heads exchange their generated block branches, realizing the recovery of the block branches. Finally, a simplified block appending algorithm is proposed, which simplifies the block appending process on the premise that the internal nodes are trusted, reduces the error caused by block propagation in the mobile environment, shortens the block confirmation time, and improves the system throughput. Security analysis shows that DAGGraph can resist common attacks against blockchain, and resist denial-of-service attacks against mobile ad hoc networks. Simulation results show that the latency and throughput of DAGGraph are better than existing IoT blockchain solutions in most cases. Reference | Related Articles | Metrics Abstract （49） PDF （61） Select 16-bit S-box Design Method Based on L-M-NFSR Structure WU Xiaonian, SHU Rui, DOU Daorao, ZHANG Runlian, WEI Yongzhuang Journal of Frontiers of Computer Science and Technology    2023, 17 (10): 2511-2518.   DOI: 10.3778/j.issn.1673-9418.2207012 S-box is an important component for non-linear transformation in symmetric cryptographic algorithm, and the security of S-box determines the security of the cryptographic algorithm. In order to construct 16-bit S-box with strong security, a new L-M-NFSR structure is designed based on the Lai-Massey structure and nonlinear feedback shift register (NFSR) component. In the new structure, 8-bit S-boxes with advanced encryption standard (AES) algorithm S-box affine equivalence are selected as the round function to reduce the complexity of designing and increase the variability of the structure. Two designed NFSR components that can conform to strict avalanche properties with a small number of iterations are placed into two branches of the structure to improve the diffusion effect of the structure. Then, 16-bit S-boxes are constructed by 3-round iteration and traversal search. Furthermore, based on this structure, a large number of new 16-bit S-boxes can be generated by replacing 8-bit S-boxes in the round function with 8-bit S-boxes which are affine equivalent to the AES algorithm S-box. To improve the effici-ency of the evaluation of the properties of the constructed 16-bit S-boxes, parallel computation is performed using graphics processing unit (GPU). The test results show that the newly constructed 16-bit S-boxes have good crypto-graphic properties, which satisfy bijectivity with optimal algebraic number 15, the highest nonlinearity 31992, the lowest differential uniformity 18, and minimum signal-to-noise ratio 146.712, with excellent security against mathematical attacks and differential power analysis. Reference | Related Articles | Metrics Abstract （172） PDF （138） Select SM9 Identity-Based Encryption Algorithm with Deniable Authentication ZHAO Chenyang, KE Pinhui, LIN Changlu Journal of Frontiers of Computer Science and Technology    2023, 17 (10): 2519-2528.   DOI: 10.3778/j.issn.1673-9418.2207013 SM9 identity-based encryption algorithm is a commercial identity-based encryption algorithm independently designed by our country, which has become the standard of the domestic identity-based encryption algorithm industry, and is widely used in e-mail, electronic voting and online negotiation, etc. However, SM9 identity-based encryption algorithm can??t effectively protect the identity privacy of the sender. Based on SM9 identity-based encryption algorithm, combined with the deniable authentication protocol, this paper proposes SM9 identity-based encryption algorithm with deniable authentication. This algorithm allows the sender to deny its participation after the protocol runs, and only the intended receiver can identify the true source of the given message. At the same time, the receiver can??t convince any other third party that the message is sent by a specific sender. Under the assumption of DBDH??s difficult problem, the formal definition and security model of SM9 identity-based encryption algorithm with deniable authentication are given, and the security analysis of the algorithm is given under the random oracle model, which proves that the algorithm can satisfy denial, confidentiality and deniable authentication at the same time. Theoretical analysis and simulation experiments show that the proposed algorithm not only maintains the efficiency advantage of SM9 identity-based encryption algorithm, but also has a lower computational overhead than other identity-based encryption algorithms with deniable authentication. Reference | Related Articles | Metrics Abstract （171） PDF （127） Select Risk Management Policies and Analysis of Cross-Chain Digital Assets TIAN Haibo, YE Wan Journal of Frontiers of Computer Science and Technology    2023, 17 (9): 2219-2228.   DOI: 10.3778/j.issn.1673-9418.2204052 Due to the complexity of smart contracts and the different security levels of blockchains on which various digital assets are issued, a series of security incidents about cross-chain digital assets emerge, highlighting the serious security threats faced by cross-chain digital assets. For the high risk of cross-chain digital assets, this paper analyzes two typical cross-chain digital asset security incidents of bEarn Fi and Poly Network, obtaining a conclusion that the digital assets of cross-chain service nodes need to be protected. Then considering the characteristics of blockchain, focusing on cross-chain asset exchange, this paper proposes seven strategies of cross-chain digital asset risk management. With the traditional anomaly detection techniques, algorithms are provided to detect the abnor-mality of cross-chain asset exchange requests of users from the aspects of single transaction, multiple transactions, K-means and external data sources, so as to identify and terminate the abnormal requests, reducing the security risks of service-node cross-chain digital assets. Finally, by the simulation method, this paper presents a simple cross-chain system based on the hashed time-lock technique, which shows a serial of test events, to confirm the effectiveness of the risk management policies and anomaly detection methods. The test results show that the strategies of risk management and the corresponding anomaly detection algorithms can lower the loss of service-node cross-chain digital assets and reduce the risks of digital assets belonging to cross-chain service nodes. Reference | Related Articles | Metrics Abstract （177） PDF （183） Select Fault-Tolerant Bidirectional Choice Attack Combining EDCA and CPA ZHANG Meiling, SHANG Lirong, ZHENG Dong Journal of Frontiers of Computer Science and Technology    2023, 17 (9): 2229-2240.   DOI: 10.3778/j.issn.1673-9418.2206108 When the designed attack scheme is fault-tolerant, it is often necessary to pick out the correct key in a very large candidate space. How to effectively achieve this goal is a very important and challenging problem in side-channel attacks. Aiming at this problem, a fault-tolerant bidirectional choice attack combining EDCA (Euclidean distance enhanced collision attack) and CPA (correlation power analysis) is studied with AES-128 as the target. Firstly, in order to improve the success rate of collision detection, the EDCA is proposed. Compared with correlation enhanced collision attack (CCA), EDCA utilizes the Euclidean distance to distinguish the similarity between two sets of energy traces. Its collision detection has a higher success rate, making the optimization more practical and meaningful. In addition, combined with EDCA and CPA, the keys and the corresponding collision pairs are grouped, and then bidirectional screening is performed to obtain the optimal collision chain, which greatly reduces the candidate space and reduces the complexity of key enumeration, effectively recovering the key. Experimental results show that, under the conditions of low signal-to-noise ratio[SNR=-3 dB]and [SNR=-6 dB], setting the threshold of collision pair being 5, the success rate of the proposed scheme reaches 98.78% and 80.25% when there are 3000 energy traces, both of which are better than the existing schemes. Reference | Related Articles | Metrics Abstract （90） PDF （61） Select Linear Complexity of Hidden Weighted Bit Functions CHEN Zhiru, FENG Ligang, ZHU Youwen Journal of Frontiers of Computer Science and Technology    2023, 17 (8): 1974-1980.   DOI: 10.3778/j.issn.1673-9418.2203038 Boolean functions are crucial primitive in block cipher and are also used to design pseudorandom sequences. They play a crucial role in the design of symmetric cryptography and its analysis, and the study on the cryptographic properties of Boolean functions is a hotspot in cryptography. The hidden weighted bit functions (HWBF) are paid attention since they have many “good” cryptographic measures. However, there are no results on their linear complexity in the literature. Therefore, this paper discusses a family of binary sequences of period [2n]built by using [n-]variable HWBF (hidden weighted bit functions). It is proven that such sequences are balanced with maximal linear complexity using mathematical method. The 2-error linear complexity of the sequences is also determined in terms of the Hasse derivative and Lucas congruence. When [n(mod4)∈{0,1,3}], the values of the 2-error linear complexity are maximal. Results indicate that such sequences are of “good” cryptographic measures. Reference | Related Articles | Metrics Abstract （141） PDF （74） Select Cascaded Two-Stream Attention Networks for Traceability Analysis of Copy-Move Images JI Yanqing, ZHANG Yujin Journal of Frontiers of Computer Science and Technology    2023, 17 (8): 1981-1994.   DOI: 10.3778/j.issn.1673-9418.2203118 Copy-move is a common way of the image forgery. Traditional methods are committed to locating tam-pering regions of copy-move tampering images, but the accurate distinction between the source and target of the copy-move image has become a bottleneck in the field of image forensics. At present, algorithms which can locate the tampering source and target regions from the original copy-move forged images still have some disadvantages. Therefore, this paper proposes a cascaded two-stream attention network for traceability analysis of copy-move images. It is divided into two stages. The first stage of the network includes a coding network, a module to analyze features and a decoding network. In the coding part, lightweight MobileNetV2 is used as the backbone to extract low and deep features as the double outputs of the network. In the module of analyzing features, tampering regions in deep features are multi-dimensionally captured by the attention mechanism of similar features and atrous spatial pyramid pooling module. At the same time, the low feature is used to improve the model’s performance of segmenting edges and details of tampered regions. In the decoding part, the feature map is predicted pixel by pixel and sampled. In the second stage of the network, the tampering regions detected in the first stage network are distinguished between the source and target. It is also a two-stream network. The inputs of two-branch are the original image blocks including the source or target and image blocks after extracting noise. The multiscale features are used to predict category, and the final mask is output by the region mapping. Experimental results show that the proposed network can not only locate the tampering regions, but also distinguish the source and target. The performance compared with the latest algorithm of the first stage of the network in the test dataset and two public datasets is increased by 9.4, 2.6, and 2.5 percentage points respectively, and the end-to-end performance in the test dataset is improved by 12.03%. At the same time, it has better robustness to conventional image post-processing. Reference | Related Articles | Metrics Abstract （115） PDF （78） Select Research and Implementation of Multi-source Account Authentication for High-Performance Computing Environment HE Rong, XIAO Haili, WANG Xiaoning, CHI Xuebin Journal of Frontiers of Computer Science and Technology    2023, 17 (7): 1700-1707.   DOI: 10.3778/j.issn.1673-9418.2202037 High-performance computing (HPC) environment provides researchers with high level high-performance computing application services with unified access entrance, unified use method and user technical support through shielding the heterogeneity of job management system, access mode, management system and so on. With the development of the environment, more and more supercomputing centers, application communities, and service platforms are connected. Accounts of the supercomputing centers, communities, and service platforms are required to log in to the HPC environment using their original ways. The existing high-performance computing environment supports only grid accounts authenticated by LDAP (lightweight directory access protocol). Application communities and service platforms have their own users and different authentication modes. In order to provide a unified authentication center for the environment, this paper studies the multi-source account authentication technology and develops the multi-source user authentication system. At present, the HPC environment has supported multiple super computing centers. The major communities and platforms in the “high-performance computing” special project also have realized the connection with the national HPC environment through the multi-source account authentication technology. After the connection, accounts of the communities and platforms can log in with the environment grid accounts, at the same time use relevant resources. Reference | Related Articles | Metrics Abstract （116） PDF （139） Select Research on Deep Reinforcement Learning Method for Throughput Optimization of Internet of Vehicles Blockchain ZHANG Li, DUAN Mingda, WAN Jianxiong, LI Leixiao, LIU Chuyi Journal of Frontiers of Computer Science and Technology    2023, 17 (7): 1708-1718.   DOI: 10.3778/j.issn.1673-9418.2205019 The rapid development of Internet of vehicles (IoV) depends on the safe and reliable infrastructure for storing and sharing large amounts of data. Blockchain, a kind of distributed data storage technology that cannot be forged and tampered with, can solve the security and privacy issues of IoV. However, the low throughput of blockchain hinders its wide application in IoV. The current research on blockchain throughput optimization has poor scalability because of its action space explosion. Aiming at the above problems, a blockchain throughput optimi-zation method in IoV based on deep reinforcement learning (DRL) is proposed to maximize the transaction throughput, and optimize the throughput of the blockchain by choosing block producers and consensus algorithms, adjusting block size and block interval while ensuring the decentralization, low delay and high security of the underlying blockchain system. This method introduces the branching dueling Q-network (BDQ) framework in DRL, carries out fine-grained division for action space, and solves the problem of action space explosion of traditional deep reinforcement learning methods. Simulation results show that the proposed method can improve the throughput of blockchain in IoV effectively. Reference | Related Articles | Metrics Abstract （191） PDF （159） Select Research on Malicious Attack Model of Blockchain Multi-mining Pools LIU Qiang, SONG Baoyan, JI Wanting, WANG Junlu Journal of Frontiers of Computer Science and Technology    2023, 17 (7): 1719-1728.   DOI: 10.3778/j.issn.1673-9418.2111107 The double-spending attack against transactions in the blockchain is the focus of blockchain security research. As a large collection of computing power, mining pools are potential for malicious behavior, and the combination of multiple mining pools can double-spend transactions through different attack forms, which brings huge security risks to the blockchain. Based on the combination of malicious attacks in multiple mining pools, this paper proposes two malicious attack models in multiple mining pools. Firstly, in the multi-mining pool centralized attack model, the computing power of multiple mining pools is aggregated into a malicious computing power set, which focuses on double-spending attacks on the blockchain. Secondly, in the multi-mining pool decentralized attack model, each mining pool is independent malicious computing power set, and the malicious computing power is distributed and synchronized among the blockchain computing power attacks. In addition, combining the number of mining pools, the percentage of computing power and other parameters, the internal operating mechanism of two multi-mining pool models is simulated and derived. Based on this mechanism, the security constraints of the two attack models are constructed. The experiment verifies the effectiveness of the two mining pool attack models, and digitization shows the attack laws in two multi-mining pool attack models, as well as the similarities and differences between the two models. Finally, combining with theoretical models and experimental results, this paper puts forward the prevention and control strategies. Reference | Related Articles | Metrics Abstract （223） PDF （171） Select Research on Editable Blockchain Model Based on Temporal Index PANG Jun, LIU Chen, HAO Kun, YU Minghe, XIN Junchang, JIANG Chengyang Journal of Frontiers of Computer Science and Technology    2023, 17 (5): 1180-1188.   DOI: 10.3778/j.issn.1673-9418.2109108 Blockchain has the characteristics of decentralization and immutability, and has received widespread attention in recent years. Data can not be tampered, which will cause a series of problems such that malicious transactions can not be eradicated and wrong transactions can not be modified. The existing related researches can modify specific block data, or add new transactions to achieve logical editing. The former will cause the editing record can not be verified, the latter can keep the wrong data storage, but lack of secure access mechanism. In addition, the existing relevant studies have not fully considered the characteristics of the data to be edited, resulting in subsequent transactions affected and ineffective. Therefore, an editable blockchain model is proposed. Firstly, taking deposit data as an example, the underlying data structure of blockchain is redesigned, time-series attributes are added, and the index is built. Then it proposes new submission, editing and query algorithms, and realizes the logical editing of blockchain data through subsequent additional transactions, to provide users with a secure access interface on the basis of saving the wrong transaction certificate. Finally, based on the above work, the data structure and algorithms of transaction data are improved to solve the problem of subsequent transaction failure, to ensure that subsequent transactions are not affected by data editing. Experimental results show that this model can realize the editable blockchain on the basis of ensuring performance of the system. Reference | Related Articles | Metrics Abstract （196） PDF （142） Select Publicly Verifiable Multi-stage Secret Sharing on General Access Structures SONG Yun, WANG Ningning, XIAO Menglin, SHAO Zhiyi Journal of Frontiers of Computer Science and Technology    2023, 17 (5): 1189-1200.   DOI: 10.3778/j.issn.1673-9418.2109006 A publicly verifiable secret sharing allows anyone to detect the cheating of dealer or participants only from the public information. In order to expand the application scope of multi-secret sharing, firstly, a publicly verifiable multi-stage secret sharing (PVMSSS) scheme is proposed, and then based on the monotone span program (MSP) and secure multi-party computation, a renewable multi-stage secret sharing scheme that can be publicly verified and used in general access structures is proposed. In the secret distribution stage, the secret share of the participants in the scheme is calculated by each participant, and the dealer does not need to transmit any secret information to the participants. Moreover, each participant only needs to maintain one secret share to realize the reconstruction of multiple secrets. Using bilinear pairing properties, anyone can verify the correctness of the secret shares before and after the update and the validity of the public information, thereby effectively preventing fraud by dealer and participants. In the secret reconstruction phase, the pseudo-share is constructed by using secure multi-party computation to ensure that the real share of each participant will never be exposed, and the versatility of the scheme is realized. In each update of the secret, the dealer only needs to announce the related public information of updated temporary shares to update the participants' secret share. Finally, the correctness and security of the scheme are analyzed. Analysis shows that under the computational Diffie-Hellman and decisional bilinear Diffie-Hellman problems and assumptions, the proposed scheme is provably secure. Reference | Related Articles | Metrics Abstract （156） PDF （116） Select PLDP: Personalized LDP for Collecting and Analyzing Multidimensional Data GU Xiang, LI Yanhui, YUAN Ye, LI Xinling, WANG Guoren Journal of Frontiers of Computer Science and Technology    2023, 17 (4): 964-972.   DOI: 10.3778/j.issn.1673-9418.2107035 The popularity of crowdsourcing applications accelerates the development of enterprises, and the privacy leakage has become the focus of public attention. The existing local differential privacy (LDP) mechanism mainly focuses on the utility optimization of a single privacy level, which will cause some users to refuse to share data due to insufficient privacy protection level, while some users get too much privacy protection. In order to meet different privacy protection needs of users, this paper proposes a personalized local differential privacy (PLDP) mechanism for collecting and analyzing multi-dimensional mixed data, which provides multiple privacy protection levels for users. Specifically, this paper proposes a personalized user data perturbation framework, which implements perso-nalized mean estimation algorithm and frequency estimation algorithm for numerical data and classified data respectively, and proves the confidentiality and effectiveness of the algorithm through theoretical analysis. In addition, a personalized sampling scheme is proposed, which preprocesses the attribute tags according to preferences of the server, and biases the data dimensions according to their collection preferences. Experiments on two real datasets show that, compared with traditional LDP mechanism, the proposed mechanism not only guarantees the privacy of user data, but also reduces the statistical error of collecting numerical data and classified data, so it pro-vides a better balance between privacy protection and data availability. Reference | Related Articles | Metrics Abstract （287） PDF （241） Select Hesitant Fuzzy Method of Rewarding Good and Penalizing Bad in Cloud Service User Behavior-Based Safety Evaluation PENG Dinghong, SONG Bo, ZHANG Wenhua Journal of Frontiers of Computer Science and Technology    2023, 17 (4): 973-984.   DOI: 10.3778/j.issn.1673-9418.2107053 Security issue is one of key contents of the related cloud computing research, and unsafe behavior of cloud computing service users (CSU) is the main cause of cloud computing security threats. The behavior-based safety (BBS) evaluation of CSU is the basis for correcting unsafe behaviors, maintaining safe behaviors, and effectively improving cloud computing security. In order to effectively evaluate behavior-based safety (BBS) of CSU and reflect the purpose of rewarding good and penalizing bad in evaluation process, a hesitant fuzzy CSU-BBS evaluation method based on the idea of TOPSIS (technique for order preference by similarity to an ideal solution) virtual worst solution is proposed. Firstly, differential CSU behavior data obtained by multi-point monitoring are expressed in hesitating fuzzy element (HFE) and directly used for subsequent evaluation to ensure that the CSU behavior data used for evaluation are true and comprehensive. Secondly, in view of the characteristics of “reward and penalization distinct” of security issues and the need of “positive and negative reinforcement” of BBS, a hesitant fuzzy de-dimensional method that reflects the function of “rewarding good and penalizing bad” is proposed. Next, in order to obtain a reasonable ordering of multiple schemes, under the virtual worst solution (TOPSIS variant) framework, a hesitant fuzzy procedure for evaluating CSU-BBS is developed. Finally, the BBS of five CSU is evaluated based on the user behavior data of three cloud computing platforms of a small and medium-sized Internet company. Evaluation results show that the proposed method can effectively evaluate CSU-BBS and has the function of rewarding good and penalizing bad. Reference | Related Articles | Metrics Abstract （138） PDF （73） Select Secure and Trusted Authentication Model Under Edge Computing and Multi-blockchain HUANG Minmin, YUAN Lingyun, PAN Xue, ZHANG Jie Journal of Frontiers of Computer Science and Technology    2023, 17 (3): 733-747.   DOI: 10.3778/j.issn.1673-9418.2206011 Issues such as data security and privacy protection caused by the edge computing model are fundamental problems that restrict the development of edge computing, while blockchain is limited in solving security problems in edge computing due to its own scalability bottleneck. In order to solve the trust management at the edge side and the scalability of blockchain, and promote the synergistic development of edge computing and blockchain, this paper proposes a distributed secure and trusted authentication model based on edge computing with master-slave multiple chains. Firstly, a master-slave multi-chain structure is designed based on traditional single chain and a three-tier architecture is deployed by integrating edge computing. A signature authentication scheme for edge computing security based on elliptic curve cryptography (ECC) integrated with blockchain cryptography is also proposed. Secondly, an inter domain-role-based access control (ID-RBAC) is constructed based on role-based access control(RBAC) combined with smart contracts for fine-grained division of user privileges, and a detailed access authen-tication process within and between domains is given. Experimental results show that the model is secure and trust-worthy, and the storage overhead of this scheme is reduced by about 50% on average and the latency is signi-ficantly reduced, compared with the single-chain architecture of traditional deployment methods. Compared with existing methods, the proposed scheme in this paper has greater superiority in throughput, with the ratio of sending rate to throughput reaching 1:1, which can meet the demand of large-scale IoT practical applications with high scalability and high security. Reference | Related Articles | Metrics Abstract （354） PDF （309） Select Construction and Analysis of Taylor Neural Network for Intrusion Detection WANG Zhendong, ZHANG Lin, YANG Shuxin, WANG Junling, LI Dahai Journal of Frontiers of Computer Science and Technology    2023, 17 (3): 748-760.   DOI: 10.3778/j.issn.1673-9418.2106116 Deep learning methods have become an important means of network intrusion detection, but the existing deep learning models cannot dig out the hidden function mapping relationships among the characteristic values of network intrusion data. In this regard, this paper designs a Taylor neural network model (TNN). The Taylor formula is used to mine and utilize the relationship between the polynomial function approximation ability and the neural network optimization ability. Firstly, this paper introduces the basic structure of Taylor neural network. In order to introduce the Taylor neural network into the field of intrusion detection, the Taylor neural network layer (TNL) is designed and combined with the traditional deep neural network to build the Taylor neural network model. In order to optimize the number of expansion terms of Taylor formula, artificial bee colony algorithm is introduced, but the traditional artificial bee colony algorithm has problems such as poor mining ability and easy to fall into “premature”. An artificial bee colony algorithm based on Gaussian process is designed. Experimental results show that the accuracy of intrusion detection algorithm based on Taylor neural network has obvious advantages on NSL-KDD and UNSW-NB15 datasets. Reference | Related Articles | Metrics Abstract （179） PDF （181）