The pursuit of provable secure steganography has a long history, but there is the lack of accurate sampling carrier, which results in the stagnation of provable secure steganography many years. The rapid development of generative models and the widespread dissemination of generated data bring new technical means and camouflage environments to the provably secure steganography. Firstly, the definition of the provably secure steganography is derived from the difference between empirical security and provable security of steganography. Secondly, the theory and classic construction of the provably secure steganography are introduced, and the realistic construction of the provably secure steganography under the environment of generative artificial intelligence is given, after summarizing the sample-indexes-based provably secure steganography method, a novel steganographic constructions based on distributed replica indexes are introduced. Finally, the development trend of provably secure steganography is prospected, including to the public key steganography and protocols, applications in generating data watermarks without loss of performance.

In the face of the increasingly severe international cyberspace situation, to address dependency issues, this article first systematically elaborates on building a cyberspace security protection system based on the scientific view of cybersecurity from the perspectives of three-tier security and trustworthy protection system framework, four elements of trustworthy dynamic access control, the "5 links" and "6-cant’s". It then introduces the proactive and active immune protection system architecture for cyberspace based on Trusted Computing 3.0. Following that, it proposes the requirements for the comprehensive construction and full-process protection of the network security graded protection system. Finally, it provides a detailed introduction to the trusted security architecture for new types of critical infrastructure systems such as cloud computing, industrial control systems, and the Internet of Things, building a strong and trustworthy foundation for network security centered on the high-intensity protection of key information infrastructure based on the level protection system.

Artificial intelligence (AI) is changing the world, and artificial intelligence generated content (AI Generated Content, AIGC) is currently one of the most cutting-edge technology. The evolution of AIGC, introduce the technological changes from AI to AIGC, and discuss the related problems and challenges caused by AIGC as well as coping strategies. At the same time, this study will also focus on the laws and regulations and international trends on a global scale, analyze the initiatives taken by different countries and organizations in AI regulation, especially China's contribution in global AI governance. The Digital Watermarking (DW) technology of the AIGC model is introduced. Digital Watermarking has been developed for many years and has played an important role in multimedia rights confirmation, anti-counterfeiting, authentication, etc. With the rise of AIGC, Digital Watermarking has begun to play a new role in model protection, content traceability and sample protection. The introduction on the research progress of digital watermarking technology for AIGC model will provide a new perspective dimension for understanding the development of AIGC security field, and provide a reference for researching the application practice in the field of AIGC.

To solve the problems of data island and privacy leakage, federated learning (FL) deploys training tasks to multiple clients for local training individually. However, distributed training environment is prone to Byzantine attacks, where adversaries can control multiple clients simultaneously and affect global model by a poisoning method. The comprehensive analysis and summary of Byzantine attacks and defense in FL are achieved. Firstly, the FL is classified into ordinary and privacy protection types with or without the gradient protection. Secondly,The threats and challenges of Byzantine attacks in FL are introduced, the capabilities and attack strategies of Byzantine adversaries in the security model are sorted out. Finally, according to the technical routes, existing defense strategies are classified and compared to be extended to the technical routes in the safety and privacy protection FL, which prospects several practical Byzantine defensive strategies.

Due to the powerful modeling capabilities of deep learning models, deep learning-based vulnerability detection methods have achieved significant development in recent years. Aimed at existing research work on deep learning-based vulnerability detection, from the perspective of implementing vulnerability detection methods based on deep learning and the types of technologies,the existing related work is summarized from three aspects of the existing vulnerability datasets, vulnerability detection framework oriented to the text-processing model, and vulnerability detection framework based on graph neural network. On this basis, the problems of current research are analyzed,and the development of research line is summarized.

Large language models, as artificial intelligence models with excellent natural language processing capabilities, are widely used in health care, finance, law and other fields. With the continuous development of large language models, it raises a growing concern regarding security and privacy issues, which has garnered increasing attention from researchers. First of all, the relevant background of large language models was introduced and the adversary model was described from three aspects of adversary goals, adversary knowledge and adversary capabilities. Secondly, common security threats to large language models, such as poisoning attacks, backdoor attacks, and adversarial attacks, along with corresponding defense methods like early stopping and identifying poisoned examples through perplexity analysis were summarized. Moving on, common privacy threats to large language models, which encompass direct data leakage during training, model inversion attacks, and membership inference attacks were summarized. Present privacy-preserving techniques, such as differential privacy and secure multi-party computation, that could mitigate these threats were given. In conclusion, the persisting challenges and outline future development directions in this domain were proposed.

With the rapid development of intelligent connected vehicle technologies with electrification, intelligence, and networking, intelligent connected vehicles have exposed more new types of attack surfaces. All types of security challenges are threatening the security of intelligent connected vehicles as one of the key infrastructures in the digital society. This survey aimed to comprehensively review the current research status and development trends in the field of intelligent vehicle security. Firstly, the basic architecture and security standards of the intelligent vehicle networks were introduced, and the security threats faced by intelligent connected vehicles were analyzed in terms of autonomous driving, network communications, software and hardware systems as well as their supply chains, etc. Secondly, the existing network and information security defense strategies as well as testing and verification schemes for intelligent connected vehicles were comprehensively evaluated. Finally, the future research directions in the fields of intelligent vehicle network and information security were forecasted. Through the comprehensive analysis and summary of the issues of intelligent vehicle network and information security and their corresponding solutions as well as the prospect of future research directions, valuable technical references for the construction of security management system and security standard system for intelligent connected vehicles were provided.

Faced with the new network security threats, establishing an effective network security defense model has become an urgent need. Traditional network security defense models include PDR (Protection-Detection-Response), PDRR (Protection-Detection-Response-Recovery), and APPDRR (Assessment-Policy Protection-Detection-Reaction-Restoration) models, among which the more classic APPDRR model improves network security through six elements: analysis, policy, protection, detection, response and recovery. With the continuous development of network attack and defense methods, the APPDRR model can no longer satisfy the practical needs of network security defense. With the emergence and development of emerging network security defense technologies such as situation awareness, active defense, mimetic defense and shield cube, there is an urgent need to reconstruct and expand the original cyberspace security defense model. In response to this issue, the APPDRR model was restructured and a SARPPR network security defense model of“guard mode + self-defense mode + iterative mode” was proposed to cover and guide the latest technological development of network security defense and respond to complex network security threats. From the perspective of ensuring the safety of important activities, this model extended the “guard mode” and “iterative mode” on the basis of the traditional “self-defense mode”, and achieved a full lifecycle defense of prevention, response and review analysis. This model was the first cyberspace security assurance model that coverd the entire lifecycle defense, capable of addressing unknown network security threats such as highly covert APT (Advanced Persistent Threat), as well as the challenges of building endogenous security capabilities in existing information system. This model has been applied to the network security guarantee of major events such as the Beijing Winter Olympics Games, 2022 Hangzhou Asian Games, Chengdu Universiade, Cultural Expo and Canton Fair, achieving zero accidents and verifying the effectiveness of this model.

With the increasement of the fitting ability in deep learning, researchers introduce deep learning into reinforcement learning, the key for multi-agent reinforcement learning (MARL) is how to enable a group of intelligent agents to learn and implement effective strategies in collaboration. The intelligent agents have the ability of more universal strategies and different tasks by the interactions between intelligent agents, nowadays, it is widely applied in a series of complex strategies such as unmanned aerial vehicle (UAV) swarms. Howerver, the MARL is used to obtain the models of UAV swarms, and then facing the problems of the dynamics changes in the environment during deployment, input uncertainty, malicious attacks and non-robustness models. On the basis of the AirSim simulation platform, a UAV swarm combat scenario is designed, the multi-agent reinforcement learning algorithm MAPPO is adapted to the UAV swarms by the rule-based method, which achieves the intelligent models of UAV swarms, and deeply discusses its behaviors in the individual and group levels. Based on the above results, an adversarial framework of UAV swarms is proposed, including five novel testing algorithms for UAV swarm robustness, it involves three attack algorithms of the policy, observation, and reward-based function, alongside two unique strategies with the minority attack and majority attack, thereby comprehensively enveloping the threats faced by UAV swarms. A UAV swarm platform is built by integrating the environment of UAV swarms, training algorithms, and attack algorithms, the experiments are conducted on this platform. The visualization results of the test are combined to analyze the abnormal responses of UAV swarm models with five attack algorithms, it is verified the fragility inherent in UAV swarm operations, and provides a basis for improving the robustness of UAV models.

The secure storage and retrieval of data are essential for the secure utilization of open big data. However, existing big data storage and retrieval systems struggle to update storage keys and cannot handle both secure storage and efficient retrieval of multi-modal data. To address the issue of storage key update, a storage key update mechanism based on nested encryption was proposed, which supports efficient non-decrypted key update to meet the requirement for regular key rotation in untrusted environments. To solve the problem of index volume expansion, a compressed encrypted multi-set query filter was proposed to support high-density ciphertext indexing of massive data. Aiming at multi-modal data retrieval on encrypted data, a cross-type ciphertext composite association retrieval algorithm was designed to support single-type and cross-type retrieval of multi-modal encrypted data such as text, spatial, and images. Based on the above technologies, a multi-modal encrypted database system was designed, which supported the separation of storage and computing and was compatible with the technical architecture of existing big data services. The existing big data platform can be upgraded through incremental deployment of microservices to ensure system scalability and efficiency. Experimental results show that the key update performance of the proposed storage key update mechanism improve by over 80% compared to the traditional re-encryption mechanism. Compared to the existing plaintext database system, the overall performance loss of the proposed multi-modal encrypted database system in terms of text, space, image, and cross-modal retrieval does not exceed 25%.

With the increasingly complex and variable new threats in cyberspace, the attack methods have developed from simplification to collaboration and concealment, and the traditional passive network security defense system has been greatly challenged. One of the foremost challenges is the asymmetry of information acquisition ability, which impedes the timely identification and detection of collaborative cyber-attacks. Cyber threat intelligence (CTI) not only records the behavioral characteristics of attackers but also enables effective detection and diagnosis of complex cyber attacks through correlation analysis of these clues, serving as a crucial component of proactive collaborative network security defense systems. However, enhancing security and performance of intelligence sharing while addressing data heterogeneity and conceptual differences across various sources remain challenges in utilizing CTI. This issue has garnered attention from both academics and industry professionals. Research on relevant achievements in recent years was conducted deeply, existing work was summarized from the perspectives of intelligence sharing and fusion, and future research directions in this field were outlined finally. By reviewing and analyzing the current research on threat intelligence sharing and fusion, it is helpful to advance the application of threat intelligence in China, further enhancing the capabilities of proactive and collaborative defense in cyberspace.

Satellite Internet serves as the core of next-generation communication networks, and exhibits several distinctive features, such as blurred internal and external boundaries, globally open networks, and overlapping hostile and friendly spaces. These features inevitably make security issues a focal point in the design and construction of such networks. Firstly, the primary security threats faced by Satellite Internet were analyzed, particularly in terms of network transmission involving nodes, links, and routing, with a special emphasis on novel satellite spoofing attacks. Subsequently, the current states of security technology development were reviewed in the areas of node access authentication, link secure transmission, and network security routing. Finally, the development trends of Satellite Internet security technology were predicted, highlighting the importance of endogenous, systematic, and intelligent Satellite Internet techniques. Furthermore, several key future research directions in Satellite Internet security were suggested, including integrated security protection systems for Satellite Internet, satellite radio frequency fingerprint authentication, cross-layer secure transmission between satellite and ground, location protection for satellite-ground wireless communication, and deterministic mission security execution based on intrinsic security.

The security of target network system is evaluated by penetration testing, which can effectively prevent network attacks and protect target system. Traditional penetration testing relies on the expertise of testers with huge manpower and time cost. Automated penetration testing is a hot research topic at present. It not only reduces the degree of manual participation, but also can comprehensively discover and verify potential threats in networks and improve the success rate of penetration testing. In this paper, the application of automatied penetration testing is conducted an in-depth research. Firstly, the concept and process of traditional penetration testing and automated penetration testing are introduced, comparing the characteristics of the two methods. Secondly, the current research on automated penetration testing technology is summarized from three perspectives of the automated attack chain based on vulnerability combination, attack path analysis based on attack graph, and automated penetration based on artificial intelligence. It innovatively summarizes the combination method of the automated attack chain and divides the attack path analysis research based on the graph theory. Finally, the development and future challenges of penetration testing are summarized and prospected.

Unmanned aerial vehicle (UAV) networks are founded upon the low-altitude airspace and are led by the aviation industry. Driven by the fast development of the low-altitude digital economy, new demands and challenges of enhanced security, high collaboration, and regulatability have been raised in UAV networks. Based on the comprehensive review of current research progress on UAV networks, key security threats and challenges faced by UAV networks were explored from four perspectives: behavioral security, communication security, decision security, and data sharing security. A thorough review of the existing and potential solutions was also provided across various aspects, including dynamic anomalous behavior warning, trusted communication link construction, intelligent defense against network attacks, and cross-domain secure data sharing. Finally, several future directions and trends of the UAV networks were outlined about the integration of the UAV networks with the emerging technologies such as semantic communication, large models, and digital twin.

Text data refers to language information recorded in written form with certain grammatical and semantic relationships. It is not ignorant that the importance of text data in today’s information society, with the popularization of the Internet and progress of large language model technology, the data generated in daily life shows explosive growth, including massive text data. However, it often involves a large amount of personal privacy information in the collection, processing, and application of text data, which causes a significant attention from academia and industry. Based on this, the privacy perception and protection in text data are comprehensively analyzed and summarized. Firstly, considering its types and application scenarios, the characteristics and attributes of text data are discussed. Then, a framework for text privacy perception and protection is proposed to classify and compare the existing privacy perception and protection strategies according to the technical routes, and analyze their advantages, disadvantages and applicability. Finally, it presents the challenges and future development trends of the text privacy perception and protection. Through the comprehensive introduction and in-depth research on text data privacy perception and protection, it is promoted the development of text data production and application, as well as the improvement of policy formulation and laws and regulations, which achieves a better balance between the needs of personal privacy protection and data use.

In the context of escalating cybersecurity confrontations, the effective extraction and utilization of threat intelligence were imperative for the enhancement of network security defense strategies. Due to the limitations of traditional information extraction methods in training data construction and model generalization, a framework for extracting threat intelligence entities and relationships based on Large Language Models (LLMs) was proposed. Leveraging LLMs profound semantic comprehension, the framework employed prompt engineering to precisely identify threat entities and their connections, complemented by LangChain for broader extraction coverage. Moreover, integrating search engines enhanced the timeliness and accuracy of intelligence mining. Experimental results demonstrated the framework’ s exceptional performance in few-sample or zero-sample scenarios, significantly reducing misinformation and enabling efficient, real-time intelligence extraction. In general, a flexible and efficient intelligent mining method for threat intelligence is introduced, the knowledge fusion process of threat intelligence is optimized, the proactivity and sophistication of network defense are enhanced.

In the era of digital transformation, data has become a critical resource for reshaping the individual lifestyles, driving the corporate decision-making, and enhancing the public services, with its commercial and societal value steadily increasing. However, the risks of data leakage, misuse, and privacy invasion have also intensified. As big data integrates more deeply in various fields, how to extract the data value under the premise of protecting user’s privacy has become a central focus for both academia and industry. In response to these challenges, the data security and privacy protection technologies have advanced rapidly, as a key technology of which, privacy computing can offer effective solutions to the tension between secure data collaboration and privacy protection. In this context, the development stages of big data security were reviewed, and the major threats to data security and the future direction of building data security capacity were discussed. The basic concepts, technical routes and research efforts of the privacy computing were presented and the challenges faced in its application were also discussed. The overview of the development history and latest technologies of data security and privacy computing was to provide reference for the future research and to promote the further development and application of the big data security and privacy protection technologies.

The rapid development of computer technology drives the continuous promotion and application of outsourced data services. As a new carrier of outsourcing data services, edge computing is regarded as an extension of cloud computing technology. Edge computing technology has attracted a great attention in many fields, and its application is also expanding year by year. However, due to the distribution features of edge computing, edge entities are more vulnerable to various security threats and attacks. It is particularly important for the data security protection of edge computing. Firstly, an edge computing structure is introduced, and common security threat models are given. On this basis, the existing data security protection methods of edge computing are classified from three aspects of the secure collection, secure storage and secure sharing. Secondly, the disadvantages and challenges of existing edge computing secure data protection methods are summarized in the above three aspects of research. Finally, the future work of data security protection for edge computing is prospected.

With the continuous development of cloud computing, edge computing, and other technologies, Internet architecture has gradually evolved from traditional end-to-end dual architectures to end-edge-cloud (EEC) three-level architectures. The traffic scale and number of nodes continue to increase. Nodes at different levels in high-speed EEC networks are highly heterogeneous regarding functions, performance, and data coverage. Existing encrypted traffic identification methods focus on single-point traffic classification, and lacks the ability for intelligence and multi-point collaborative classification. Meanwhile, the situational awareness method mainly relies on the log data analysis for the device,which has a limited vision and poor effect. Aimed at above problems, a network security architecture that combines encrypted traffic identification with situational awareness in a high-speed EEC network environment is proposed,including to a multi-agent cooperation method for the high-speed EEC networks, encrypted traffic application classification method for the EEC cooperation, protocol intelligent analysis method for new networks, and behavior situational awareness method for the encrypted network. Experimental results show that the proposed architecture can synthesize the multi-source network data to realize the large-scale network security situational awareness.

The construction and use of confidential computing environment are an important technical means to ensure the security of information data. However, its trust anchor is formed from hardware processors in existing confidential computing environments, and the construction of the confidential computing environment depends on the lack of provably secure software implementations. In recent years, the hardware security vulnerabilities of CPU manufacturers appear frequently, and many attacks of existing confidential environment vulnerabilities occur frequently, which brings a serious threat to the various security applications and data that rely on the confidential computing environment. Trusted computing takes the root of trust as a trust anchor,the reliability measures is used as a means,the chain of trust is used to construct the security method and technology of trusted execution environment, Therefore, the trusted computing technology is used to construct the confidential computing environment and effectively solve the above safety problem. In this research, an autonomous controllable confidential computer environment and its security ability are proposed from the perspective of trusted computing. The function of trust anchor is the premise to ensure the security of confidential computing environment. a confidential computing environment with memory isolation features can be built on trust anchor,which can effectively solve the security threats in the existing confidential computing environments and improve the capability of independently controlling the key foundation designs.

Cyber threat intelligence is the knowledge that can guide organizations to deal with current cyber threats through the timely collection of internal and external threat information related to the organizational cyber security and comprehensive analysis, which can greatly improve the efficiency of the organizational cyber security defense. One type of threat intelligence is produced by collecting the multiple threat information on the Internet and then analyzing it comprehensively, i.e., open source threat intelligence, which can identify and analyze potential cyber threats, malicious activities, and attack trends, etc., and it has extremely high application value. However, in the production process of open source threat intelligence, it is necessary to overcome the difficulties of unstructured expression of intelligence, heterogeneity of expression among multiple sources of intelligence, and conflict of intelligence content, which attracts the attention of academia and industry. In view of this, recent cyber threat intelligence industry reports, white papers and academic results are first deeply studied, summarizing the open source threat intelligence production and application framework. Wherein, In the open source threat intelligence production process, the reliability of the intelligence is first assessed, which is also responsible for extracting intelligence from unstructured threat information, expression structure and content conflicts that exist between multiple sources of intelligence, and the intelligence application covers the entire defense life cycle of threat hunting, emergency response, and threat attribution. Hence, existing research results are organized and summarized from the aspects of threat intelligence extraction, intelligence conflict processing and intelligence application. Specifically, the existing research results first evaluate the quality of intelligence from both qualitative and quantitative perspectives,and multiple types of intelligence from multiple information sources through various techniques are extracted, but the extraction types and intelligence sources are mostly customized and one-sided. There are fewer research results on heterogeneous intelligence redundancy, while the intelligence inconsistency has received more and more attention, but most of them focus on the inconsistency detection of non-semantic intelligence, such as vulnerability affected product and intelligence disclosure time. Researchers have also focused on the related application of produced threat intelligence, but have not considered the integrity of the produced threat intelligence. Finally, the future research trends of open source threat intelligence production and application are given in this paper, including to the automated threat information comprehensive extraction, semantic threat information alignment and inconsistency research, intelligence integrity enhancement research based on existing knowledge, and research on intelligence application automation technology. By sorting out and analyzing the existing research overview of open source threat intelligence production and application, the development of China’s open source threat intelligence production and application is promoted,and the improvement of the overall defense capability of network security is realized.

As computer hardware and algorithm technology improve by leaps and bounds in recent years, the artificial intelligence technology represented by large-scale model has shown greater advantages than human beings in many fields. However, AI-based systems are often vulnerable to a variety of security threats during initial data collection and preparation, training and reasoning, and deployment. In AI-based systems, the data acquisition and preprocessing stage is vulnerable to sensor spoofing attacks, and the model training and inference stage is vulnerable to poisoning attacks and adversarial attacks. In order to address these security threats against AI systems, the challenges and solution strategies faced by AI large-scale model security were summarized, so that AI technology based on large-scale model could be utilized in industrial applications. Specifically, the AI large-scale model and its characteristics are introduced, and then the technical risks and security vulnerabilities of the AI large-scale model were summarized and analyzed. Finally, the research areas and challenges of AI large-scale model security detection and protection were discussed.

Private set intersection (PSI) is an important privacy-preserving computation protocol, which safely computes the intersection of two or multiple sets without leaking set data. With the rapid development of the Internet and big data, the attention of users to data privacy protection is increasing. Therefore, the research on PSI is not only of significance in theory, but also of very high value in practice. PSI technology is developing rapidly, and its type is complex and diverse. Based on different cryptographic primitives, it constructs PSI protocols and their applicable scenarios, it is of great practical importance to select appropriate PSI schemes according to specific requirements. This paper aims to provide a comprehensive overview in the research progress and application area of PSI and its variants. The application of PSI techniques is researched in practical products. Additionally, the performance and applicability of major open-source PSI libraries are tested and evaluated. Finally, the challenge and future development direction are discussed in the field of PSI technology. Through comprehensively introducing and deeply researching on PSI, the importance and application value of this technology can be better understood, which provides a more effective solution for privacy protection and promotes the widespread application and development of PSI technology in practical scenarios.

The Internet of Things (IoT) is a new type of interconnected network composed of a large number of connected objects or devices. The physical objects or sensing devices in the Internet of Things can collect sensitive data generated by the surrounding environment and then exchange and share data information through insecure public channels. Therefore, it is necessary to create secure mediums to protect the confidentiality and integrity of data and prevent attacks from adversaries. In this regard, authenticated key agreement (AKA) protocols can achieve mutual authentication between network communication entities and generate a shared symmetric session key for encrypting future transmitted data. The review of several AKA protocols proposed for Internet of Things application scenarios was presented first. These protocols utilized elliptic curve cryptography or Chebyshev chaotic mapping cryptographic mechanisms as key components of their design. Next, the vulnerabilities and security shortcomings to which these reviewed AKA protocols are susceptible were outlined. Finally, several useful suggestions for designing a secure and efficient AKA protocol were proposed. These recommendations aim to help AKA protocol designers achieve their desired security and functionality features.

With the continuous development popularization of Internet of Things (IoT) technology, smart homes are becoming progressively ubiquitous. more and more smart door locks, surveillance cameras, and intelligent doorbells are installed in users to secure personal property and privacy. In order to evaluate the security of PIN code authentication mechanisms on smart door locks, a video-based side-channel attack scheme in common smart home scenarios is proposed in this paper. In this scheme, the reasonable capabilities are established for the attacker, and the comprehensive analysis is conducted on the factors of the PIN length and distance between the doors. A simulation experiment was built to validate the proposed scheme, and 10 subjects were invited to participate the test. Experimental results show that, while enabling the automated identification and analysis, the proposed scheme can implement the video-based side-channel attacks on users’ PIN unlocking behavior at regular social distances with an inference accuracy rate of 86.6% for 5 tries, and at medium distances with an inference accuracy rate above 50% for 5 tries.

The rapid development of Internet of Things (IoT) technology has brought enormous market potential, but it has also brought about security and privacy issues. Traditional security methods are no longer sufficient to address emerging network threats. Proactive defense strategies, such as threat intelligence and security situational awareness, have emerged as effective alternatives. Knowledge graph technology offers innovative approaches for extracting, integrating, and analyzing threat intelligence. Firstly, the construction of IoT security ontology, including the general security ontology and domain-specific security ontology was reviewed. Next, the key technologies for extracting threat intelligence information were summarized, including methods based on rule matching, statistical learning, and deep learning. Then the construction framework of the IoT threat intelligence knowledge graph was explared, which included data sources, information extraction, ontology construction, and other aspects. Finally, the application scenarios of the IoT threat intelligence knowledge graph were discussed, the current research challenges were highlighted , and the future research directions were anticipated.

With the popularization of online medical technology, people can enjoy more convenient medical services. However, while enjoying this convenience, it also raises concerns about the security of medical data and leakage of patient privacy. Traditional data privacy protection solutions still face security challenges in terms of data confidentiality and authenticity. With medical social networks attached by hackers or users to be corrupted, serious medical incidents can occur. To achieve safer and more efficient online medical consultation, and based on matchmaking encryption technology, a data privacy protection scheme that supports user revocation is designed. This scheme ensures that patients and medical staff can accurately control data access, and the security of legal data in the system is ensured through the user revocation mechanism. The scheme first outlines that traditional techniques are used to realize the direct method for revocation, and there are some performance limitations of the direct method with large users. In order to further improve efficiency, the binary tree technology is used to achieve the undo. Finally, based on the bilinear diffie-hellman (BDH) assumption, a security proof on the random oracle model is performed to verify the security of the proposed scheme.

Boomerang attack is taken as an important method in the study of symmetric cryptanalysis, it has yielded impactful cryptanalytic results for the international important algorithms of advanced encryption standard (AES) and SKINNY. In recent research on boomerang attacks, researchers always divide the target block cipher into three parts(E=E₁°E_m°E₀). the dependency on concatenating two short-round differentials can be effectively considered in the middle part E_m of the formula. However, existing methods ignore the asymmetric relationship between upper and lower differentials in E_m, assuming that two head input differences of E_m are equal, as well as end output differences, which results in an underestimation in the probability calculation of the final boomerang distinguisher. Additionally, there is no effective method to comprehensively compute the probability of multi-round E_m in asymmetric states. The experiments are conducted to verify the effectiveness of the method,the experimental results show the probability of the original boomerang distinguisher is improved. Under the same amount of experimental data, the test probability velocity of the new method is approximately 500 times faster than that of the original method,which makes it possible to calculate all symmetric and asymmetric states of E_m. By using this new experimental method, the probability of the boomerang distinguisher of the CRAFT algorithm is increased by 1.2 times. Meanwhile, the improved distinguisher is used to realize the optimal rectangle attack of the CRAFT algorithm.

Webpage fingerprinting attacks can get information from hypertext transfer protocol secure (HTTPS) network traffic, and then leaks the privacy of users. Studying webpage recognition helps to find out security vulnerabilities in current encryption protocols, it is significant to improve the privacy protection policy of users, and increase the network management level in network service provider (ISP) management. Current webpage recognition does not fully consider its application layer characteristics, ignoring actual webpage browsing scenarios such as browser caching mechanisms. With the help of the characteristics of the HTTPS protocol stack and webpage loading procedures, a two-phase webpage identification method Penetrator is proposed through utilizing the application data unit (ADU). The ADU feature reconstruction enhances the exploitation of application layer information in the HTTPS traffic, taking the ADU length sequence as the feature for webpage identification. Through the theoretical analysis and experimental verification, the results show that the application layer characteristics can effectively identify the encrypted webpages. The experiments indicate that the Penetrator effectively reduces the errors of the HTTPS protocol stack, extracting the ADU length sequences with a protocol error rate of below 0.98%. Compared to existing methods, the Penetrator has a superiority in webpage identification.

The diffusion model has achieved significant success in image generation, but it is difficult to distinguish the authenticity of the generated images. Therefore, abusing the diffusion model will lead to social issues such as privacy and security, legal ethics, and so on. Adding watermarks to the output of the generated model can track the copyright of the generated content and prevent potential harm caused by artificial intelligence-generated content. For the diffusion model, the endogenous watermarking method of adding watermarks to the initial noise vector can directly generate watermarked images. During copyright verification, the initial vector is reconstructed through reverse diffusion to extract the watermark. However, the sampling process in the diffusion model is not strictly reversible, and there is a significant error between the reconstructed noise vector and the original noise, making it difficult to ensure accurate watermark extraction. By introducing Exact Diffusion Inversion via Coupled Transformations (EDICT), the initial noise vector can be reconstructed more accurately, improving the accuracy of watermark extraction. The performance improvement of generative image endogenous watermarking by introducing EDICT has been verified through experiments. The experimental results show that endogenous watermarking can embed invisible watermarks in generated images, and the embedded watermarks can be accurately extracted through precise backdiffusion and have a certain degree of robustness.

Text password has the advantages of simple implementation and strong deployability, it is one of the most important identity authentication technologies currently, and password security is of great significance. A reasonable password generation strategy helps to improve password security. For the existing frequency-based password policy generator, only frequency is used as the password classification criterion, which only reflects the popularity of passwords, a password policy generator framework based on frequency and entropy (FEPG) is designed, innovatively introducing entropy as the measurement standard of the password complexity, and a password four-classification method based on frequency and entropy is constructed through the Zipf distribution and normal distribution, and the password strength evaluation tool (zxcvbn) is used to verify the effectiveness of the four classifications. The FEPG provides the modification strategies by comparing the difference between weak passwords, low-frequency and high-entropy passwords, and after simulating the usersmodifying their passwords, the probabilistic context-free grammar (PCFG) algorithm is adopted for testing, The test results show that, the proportion of successfully guessed passwords after the FEPG enhancement decreased by 69.30% compared to those after the HTPG enhancement, validating the effectiveness of the FEPG.

Large language models have shown outstanding performance on natural language processing tasks due to their exceptional text understanding and generation capabilities. Training large language models demands high-quality annotated data and expensive computational resources, making them significant digital assets with considerable commercial value while susceptible to intellectual property theft. Therefore, Developing watermarking technologies is key to ensuring copyright protection for large language models. Existing large language models watermarking methods based on box-free watermarks that provide strong copyright safeguards. However, these methods frequently suffer from inadequate concealment, reduced text quality, and difficulties in implementation within open-source environments. To address the above issues, a large language models watermarking method based on knowledge injection was proposed. During the watermark embedding phase, the watermark was embedded into custom knowledge and the model learns the watermarked knowledge through supervised fine-tuning. In the watermark extraction phase, the model owner only needed to design questions related to the watermark knowledge and query the model to be tested, extracting the watermark information based on the model's responses. The experiments conduct validate the effectiveness, fidelity and robustness of the proposed method.

As network communication technology was continuously updated and services were constantly expanded and strengthened, along with the increasing number of internet devices, applications and services, network management became more complex and challenging. At the same time, the occurrence of network security incidents also became more frequent. The feature distribution under normal network conditions usually differed significantly from that under abnormal conditions, thus constructing a security traffic baseline could detect network anomalies. The baseline models at that time mostly relied on manually designed rules, which had high rates of false negatives and false positives. This paper introduced Deep learning technology was introduced, a dynamic baseline construction method based on LSTM was proposed, which also integrated traffic features from three dimensions. Moreover, because abnormal access and attacks were usually encrypted for transmission by adversaries, to ensure the safe operation of the system, it was necessary to classify encrypted traffic with fine granularity and filter out normal access application service traffic. Therefore, a deep learning-based encrypted traffic classification technology was proposed that could achieve fine-grained classification of encrypted traffic by mining deep representations of traffic features.

The protocols of Camenisch et al. (ASIACRYPT 2008) and Bünz et al. (SP 2018) can efficiently lower communication overhead and computation cost, but which are realized based on Public Key Infrastructure (PKI) cryptosystem requiring a certificate authority (CA) to manage users’ public key certificates (e.g. issuing and revoking certificates). This will cause a high certificate management overhead, especially when the number of users is linearly increasing. We propose a SM9 digital signature-based set membership protocol and extend it for value-range proof protocols. Our proposals not only avoid the huge cost of PKI-based certificate management, but also keep the same security level, communication overhead and computational cost as Camenisch et al.’s (ASIACRYPT 2008) proposals.

Encryption traffic classification is the process of identifying the service, applications, and protocols running behind network encryption traffic in order to improve the quality of network service or provide the security assurance of networks. Mainstream encryption traffic classification schemes are conducted to train and achieve reliable performance by large datasets. However, with the development of Internet technology, network traffic, calculation nodes, and network services, the demand for diverse encryption traffic management has increased. Consequently, collecting and accurately labeling sufficient volumes of encrypted traffic data is becoming impractical. Therefore, it is crucial to study a technique that can accurately classify encrypted traffic with fewer encryption traffic samples and quickly generalize the model. In this paper, a novel method for encrypted traffic classification based on few-shot learning is proposed. This method simulates and optimizes the traffic classification task based on the principles of meta-learning. Moreover, we utilize a pre-trained Convolutional Neural Network (CNN) model to extract features. Building upon the CNN's unique computational architecture, we introduce a novel parameter decomposition method designed to swiftly adjust to the diverse data distributions encountered across multiple tasks. Finally, through the comparative experiments with N-way and K-shot setting, the experimental results show that the accuracy of the proposed method achieves by 98% with the K coefficient of 10, the accuracy of the few-shot learning method is higher than that of the reference model.

White-box cryptography aims to provide security in white-box security model or scenario, to replace the hardware-based cryptographic solutions with software implementations, and to reduce the deployment cost and leverage usage flexibility. The white-box security model or security scenario assumes that the attacker can fully control the running environment of a cryptographic implementation and obtain any running information. At present, there are two main research directions on white-box cryptography: one is the design and analysis of white-box implementations of existing cryptographic algorithms, which can be further classified into the design and analysis of white-box implementations with or without external encodings; the other is the design and analysis of white-box cryptography with ideal security. The research progress of the design and analysis of white-box cryptography and implementation was summarized, the widely used white-box cryptanalytic methods were briefed, and the research status on white-box cryptography was summarized.

orbit prediction is crucial for assessing the likelihood of collisions between space objects and for better managing the near-earth space environment. Traditional orbit prediction methods rely on physical dynamic models, which necessitate the modeling of complex space environments and space objects. In reality, the limited understanding of many non-gravitational perturbations restricts the accuracy of orbit predictions. Considering the limitations of traditional orbit prediction methods, we proposed a technique to predict orbits based on the long short-term memory (LSTM) network. This approach leveraged a series of convolutions to extract features from the satellite orbit data over time, uncovering the underlying operational patterns. Experimental results indicated that this method improved the accuracy of satellite orbit predictions and provided a theoretical foundation for improving space situational awareness capabilities.

White-box attacks assume that the execution device of the encryption algorithm is completely controlled by an attacker, and all the internal data can be observed and tampered with, making the traditional cryptographic algorithms ineffective against such threats. To address the challenges posed by white-box attacks on the block cipher security, white-box cryptography implementations have become a research hotspot. However, the existing white-box cryptography implementations not only struggle to withstand white-box attacks but also are vulnerable to side-channel attacks with more limited capabilities, such as computation analysis and fault analysis. A series of protective strategies have been proposed to counter these threats, but also leading to the development of stronger countermeasures. Currently, side-channel techniques have become the primary challenge during the white-box cryptographic design. The existing attack methods were categorized based on algorithm frameworks and attack types, and the protective strategies along with their corresponding counterattacks were summarized. The threats and challenges currently faced were discussed, and future side-channel attack techniques and defensive solutions were explored.

With the rapid development of cyberspace, cybersecurity threats are becoming increasingly complex and diverse. Knowledge graphs offer new methods for extracting, integrating, and analyzing multi-source heterogeneous cybersecurity data. In recent years, knowledge graphs have gradually been applied in various cybersecurity subfields, such as threat intelligence, vulnerability management, and attack path analysis, demonstrating vast potential for application. Furthermore, as the application of knowledge graphs deepens, the numerous security issues that knowledge graphs face also deserve significant attention. We to provide a comprehensive overview of the construction and application of Cybersecurity Knowledge Graphs (CKG), as well as the security risks currently faced by knowledge graphs. First, we introduced the construction of CKGs, including related work on cybersecurity ontologies and cybersecurity information extraction. Then we reviewed relevant work on CKGs based on threat intelligence, CKG completion, and specific applications of CKGs. Following this, we explored the current security risks faced by knowledge graphs, covering attacks and defenses against knowledge graphs, as well as privacy protection within knowledge graphs. Finally, we discussed the challenges and future research directions in the field of knowledge graph research for cybersecurity. Through a comprehensive introduction and in-depth analysis of the construction and application of CKGs, as well as the risks and protections associated with knowledge graphs, we can promote application of knowledge graphs in the field of cybersecurity.

The accurate analysis and identification of encrypted mobile application traffic can provide an important technical support for network management, information supervision, and security detection, etc. It is of great significance to cyberspace security and governance. A classification method based on multi-dimensional feature learning was proposed to effectively identify encrypted mobile application traffic. Firstly, this method extracted the transport layer payload and session features from the mobile application traffic, then built the multi-dimensional feature deep learning model. The convolutional neural network was used to learn the spatial features of payloads, the long short-term memory network was used to learn the time series features of encrypted flows, and the graph convolutional neural network was used to learn the session features of the mobile application, and further concatenate and fuse the multi-dimensional features, achieving the classification and identification of encrypted mobile application traffic. Based on the encrypted mobile application dataset, the experimental results show compared to other classification models, the proposed method has an optimized performance in encrypted traffic classification for mobile applications.