Backup for personal use, for reference only~
Chapter 1 Overview of Cyberspace Security
3. What is cyberspace? Why are there serious information security problems in cyberspace?
Definition of cyberspace:
- In 1982, Canadian writer William Gibson first proposed that "Cyberspace" refers to the virtual information space created by computers in the short science fiction novel "The Burning Grid".
- In 2008, U.S. Presidential Decree No. 54 defined it as “an overall domain in the information environment, consisting of independent and interdependent information infrastructure and networks, including the Internet, telecommunications networks, computer systems, embedded processors, and controller systems ".
- Our own definition: The information environment that people rely on to survive in the information age is the collection of all information systems.
There are serious information security problems in cyberspace: - Unprecedented prosperity of information, technology and industry: my country has become a major country in information technology and industry, and quantum information technology is developing rapidly;
- Incidents that endanger information security continue to occur: destruction by hostile forces, hacker attacks, virus intrusions, the use of computers to commit economic crimes, the proliferation of harmful content on the Internet, serious privacy protection issues, information warfare and cyber warfare have begun, and scientific and technological progress has impacted information security. challenges;
- The gap in my country's core technology in the information field has exacerbated the severity of my country's information security.
9. How many categories of information security laws and regulations are there? Please give an example.
| category | Publishing department | name |
|---|---|---|
| National laws and regulations | National People's Congress | Constitution of the People's Republic of China, Criminal Law of the People's Republic of China |
| National People's Congress Standing Committee | National Security Law of the People's Republic of China, Law of the People's Republic of China on the Prevention of Juvenile Delinquency, | |
| Decision of the Standing Committee of the National People's Congress on Maintaining Internet Security, Electronic Signature Law of the People's Republic of China, | ||
| Public Security Administration Punishment Law of the People's Republic of China, Tort Liability Law of the People's Republic of China, | ||
| Law of the People's Republic of China on Keeping State Secrets, Cybersecurity Law of the People's Republic of China, | ||
| Decision of the Standing Committee of the National People's Congress on Strengthening the Protection of Network Information, Cryptozoology Law of the People's Republic of China | ||
| Administrative regulations | State Council | Regulations of the People's Republic of China on Computer System Security Protection, Regulations of the People's Republic of China on Telecommunications, |
| Interim Provisions of the People's Republic of China on the Management of International Networking of Computer Information Networks, Regulations on the Management of Commercial Passwords, | ||
| Internet Information Services Management Measures, Computer Software Protection Regulations, | ||
| Regulations on the Management of Business Places for Internet Access Services and Regulations on the Protection of Information Network Transmission | ||
| Department specifications | Relevant departments of the State Council | Measures for the Security Protection and Management of International Networking of Computer Information Networks, Interim Provisions for the Confidentiality Management of Computer Information Systems, |
| Information Security Product Evaluation and Certification Management Measures, Computer Virus Prevention and Control Management Measures, | ||
| Provisions on the Management of Interconnection between Public Telecommunications Networks and Measures for the Management of Electronic Authentication Services | ||
| Provisions on the Production and Management of Commercial Cryptocurrency Products, Measures on the Management of Internet E-mail Services, | ||
| Measures for the Administration of Internet Email Services, Provisions on Technical Measures for Internet Security Protection, | ||
| Information Security Level Protection Management Measures, Communications Network Security Protection Management Measures |
10. In which year did the Cybersecurity Law of the People's Republic of China come into effect? What are the implications of its implementation?
The "Cybersecurity Law of the People's Republic of China" was adopted at the 24th meeting of the Standing Committee of the 12th National People's Congress in 2016 and will be implemented on June 1, 2017.
The passage of the "Cybersecurity Law" solved the problem of the "Basic Law" of my country's network security. my country's network security work has since then had a basic legal framework. Specifically, it also has the following meanings:
- The principle of my country’s cyberspace sovereignty is clarified. Cyber sovereignty is the embodiment and extension of national sovereignty in cyberspace;
- Specifies the legal obligations of network product and service providers and network operators to ensure network security;
- The regulatory responsibilities of government functional departments have been clarified and the regulatory system has been improved;
- It has strengthened network operation security, clarified that the key protection objects are critical information infrastructure, and demonstrated the principle of personal information protection;
- Guidelines that clearly specify mandatory requirements for network products and services, network critical equipment and network security products;
- The penalties for those responsible for endangering network security have been strengthened.
15. What are the international organizations specializing in the standardization of common methods and technologies for information security?
SC27 is a sub-technical committee of JTC1 (Joint Technical Committee 1) established by ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission) that specializes in the standardization of general methods and technologies for information security.
The main job responsibilities of SC27 are:
- Determine general requirements for information technology system security services (including methodology for requirements);
- Research and develop relevant safety technologies and mechanisms (including registration procedures and the interrelationship between safety components);
- Research designated security guidelines (e.g. explanatory documentation, risk analysis, etc.);
- Research and formulate management supporting documents and standards (such as vocabulary, safety assessment criteria, etc.);
- Research and designate cryptographic algorithm standards for services such as integrity, authentication and non-repudiation. At the same time, research and develop cryptographic algorithm standards for confidentiality services in accordance with internationally recognized strategies.
19. Briefly describe information security hierarchical protection and information security level protection.
The hierarchical protection of confidential information systems refers to the hierarchical protection of confidential information systems by units that build and use confidential information systems in accordance with the hierarchical protection management methods and relevant standards; the hierarchical protection of confidential information systems is the national information security level The important part of the protection of confidential information systems is classified into secret level, confidential level and top secret level according to the degree of confidentiality. All information systems (networks) used to process, transmit and store state secrets should be constructed, used and managed in accordance with the requirements for hierarchical protection. The State Administration of Secrecy is the department in charge of hierarchical protection of confidential information systems.
Information security level protection refers to the hierarchical security protection of state secret information, proprietary information of citizens, legal persons and other organizations, as well as public information and information systems that store, transmit and process this information; Implement hierarchical management of information security products used in information systems, and respond to and handle information security incidents that occur in information systems at hierarchical levels. The core of information security level protection is classification and protection. The content of information system security level protection can be divided into five aspects: system rating system filing, construction and rectification, level evaluation, and supervision and inspection. The classification of information systems is mainly determined based on the degree and scope of damage to the country, society, legal persons and organizations. If the damage is small and the scope is small, the level is low, and the protection requirements are also low; if the damage is large and the scope is large, the level is high, and the protection requirements increase accordingly.
Chapter 2 Basics of Cryptography
2. Please compare the similarities and differences between the Caesar cipher, the Vigenère cipher, and the Playfair cipher.
Similarity: all three are substitution ciphers in classical ciphers.
| Substitution password | Encryption and decryption methods | advantage | shortcoming |
|---|---|---|---|
| Caesar cipher | In a broad sense, it refers to movement k k k encryption and decryption system | Encryption and decryption are simple and easy to understand | Easy to identify, there are only 25 types of keys, which can be cracked exhaustively |
| virginia cipher | Using phrases as keys to implement multi-table substitution | There is a relatively complex key, and the same plaintext is encrypted into different ciphertext | When the ciphertext is long, there will be repeated ciphertext sequences. The key length can be obtained by finding the greatest common factor of the same letter interval. |
| Playfair code | Group letters and implement multi-letter substitution through a matrix formed by a key | Grouping makes the ciphertext space larger, the same plaintext is encrypted into different ciphertexts, and the frequency of letters is evened out. | Can be cracked using multi-frequency method |
3. Please compare the difference between the substitution cipher of classical cipher and the shift substitution cipher.
The substitution cipher rearranges the plaintext according to certain rules to break the structural characteristics of the plaintext; it keeps all the characters of the plaintext unchanged, but uses substitution to disrupt the positions and characters of the plaintext characters. The substitution cipher changes the plaintext structure without changing the plaintext content; the shift substitution cipher performs a shift substitution on each letter, changing the plaintext content without changing the plaintext structure.
5. Why is one-time pad theoretically safe? What problems does one-time pad have in practical applications?
One-time pad uses a random key that has no statistical relationship with the plaintext and is the same length as the plaintext. At the same time, the key for each encryption is different. The same plaintext will always be encrypted into different ciphertext. Theoretical security is unconditional security, requiring that ciphertext and plaintext are completely independent. Let’s assume that the plain text is m m m,Mitsubun c c c ゆみ钥 k k k Addition c = E k ( m ) c=E_k(m) c=ANDk(m),Aggressor Neto Mitsubun c c c 類浵的明文为 m ∗ m^* m∗,有 P ( m ∗ = m ∣ c = E k ( m ) ) = P ( m ∗ = m ) P(m^*=m|c=E_k(m))=P(m^*=m) P(m∗=m∣c=ANDk(m))=P(m∗=m).
However, since one-time pad requires the establishment of a huge random alphabet set, the workload is huge, and the key and plaintext are the same length, so there are difficulties in the management and distribution of the key.
7. What is the essential difference between information hiding and information confidentiality?
Information encryption uses a single-key or double-key cryptographic algorithm to convert plaintext into ciphertext and send it to the recipient through an open channel. What information encryption protects is the content of the information.
Information hiding is to embed secret information into seemingly harmless host information, so that the attacker cannot intuitively determine whether the monitored information contains secret information. Information hiding is the form of hiding information.
11. What are the two categories of cryptographic systems in principle? What are the differences in the use of keys between these two types of cryptosystems?
Cryptosystems can be divided into symmetric encryption (single-key cryptography) and asymmetric encryption (public-key cryptography) in principle.
Symmetric encryption uses the same key for encryption and decryption.
Asymmetric encryption uses public key encryption and private key decryption.
Chapter 3 Network Security Basics
Fill in the blanks
(1) Security attacks can be divided into: passive attacks and active attacks.
(2) The five types of security services defined by X.800 are: authentication, access control, data confidentiality, data integrity, and non-repudiation.
(3) The eight specific security mechanisms defined by X.800 are: encryption, digital signature, access control, routing control, notarization, traffic filling, data integrity, and authentication exchange.
(4) The five types of universal security mechanisms defined by X.800 are: trusted functionality, security flags, time detection, security audit tracking, and security recovery.
(5) Firewalls can be divided into the following 7 types: static packet filtering, dynamic packet filtering, circuit-level gateway, application layer gateway, stateful inspection packet filtering, switching proxy, and air gap.
(6) Static packet filtering works on OSI: the third layer is the network layer. The specific fields checked and determined include the following five types: data source address, destination address, application or protocol, source port number, and destination port number.
(7) According to different data sources, IDS can be divided into three categories: network-based IDS (NIDS), host-based IDS (HIDS), and distributed IDS (DIDS).
(8) A general IDS model consists of the following four parts: event extraction, intrusion analysis, intrusion response, and remote management.
(9) Depending on the access method, VPN is divided into 2 categories: gateway-to-gateway VPN and remote access VPN.
(10) The key technologies of VPN mainly include 5 categories: tunnel technology, encryption and decryption technology, key management technology, identity authentication technology, and access control technology.
(11) The four major components of the mobile Internet: mobile Internet terminal equipment, mobile Internet communication network, mobile Internet applications, and mobile Internet related technologies.
(12) Mobile Internet security mainly includes the following three parts: mobile Internet terminal security, mobile Internet network security, and mobile Internet application security.
(13) According to the principles of information generation, transmission, processing, and application, the Internet of Things can be divided into the following four layers: perception and identification layer, network construction layer, management service layer, and comprehensive application layer.
(14) The security framework of the Internet of Things network construction layer mainly includes four aspects: node authentication, data confidentiality, integrity, and data flow confidentiality.
(1) What are the basic security threats?
There are mainly four basic security threats:
①Information leakage: information is leaked or leaked to an unauthorized person or entity, such as eavesdropping, wire-tapping, Other more sophisticated information detection attacks.
②Integrity destruction: The consistency of data is damaged through unauthorized additions, deletions, modifications, and destruction.
③ Denial of service: Access to information or resources is unconditionally blocked. The system may be subject to illegal and unsuccessful access attempts that cause excessive load on the system, so that system resources are inaccessible to legitimate users. It may appear to be unavailable, or it may be inaccessible because the system is physically or logically compromised.
④Illegal use: a resource is used by an unauthorized person or in some unauthorized way.
(4) Please briefly describe the relationship between security services and security mechanisms.
X.800 defines 5 types of security services: authentication, access control, data confidentiality, data integrity, and non-repudiation.
Among them, certification can be divided into: equivalent entity certification and data source point certification.
Data confidentiality can be divided into: connection confidentiality, connectionless confidentiality, selected domain confidentiality, and traffic confidentiality.
Data integrity can be divided into: connection integrity with recovery function, connection integrity without recovery function, selected domain connection integrity, and no connection integrity.
Non-repudiation can be divided into: non-repudiation of the source and non-repudiation of the destination.
In addition, 8 types of security mechanisms are defined: encryption, digital signature, access control, routing control, notarization, traffic filling, data integrity, and authentication exchange.
| security services | encryption | digital signature | Access control | data integrity | Authentication exchange | traffic filling | routing control | notarization |
|---|---|---|---|---|---|---|---|---|
| Peer entity authentication | √ | √ | √ | |||||
| Data source certification | √ | √ | ||||||
| Access control | √ | |||||||
| Confidentiality | √ | √ | ||||||
| Traffic confidentiality | √ | √ | √ | |||||
| data integrity | √ | √ | √ | |||||
| non-repudiation | √ | √ | √ | |||||
| Availability | √ | √ |
(8) What categories can intrusion detection systems be divided into according to their functions? What are the main functions?
- IDS is divided into 3 categories based on intrusion detection strategies:
Abuse detection: Compare the collected information with a database of known network intrusions and system misuse patterns to discover violations Security policy issues.
Anomaly detection: First, create a statistical description for system objects (such as users, files, directories, and devices, etc.), and count some measurement attributes during normal use (such as the number of accesses, the number of failed operations, and delays). time etc.). The average value of the measured attributes will be used to compare with the behavior of the network and system. If the observed value is outside the normal range, an intrusion is considered to have occurred.
Integrity analysis: It mainly focuses on whether a file or object has been changed. This usually includes the contents and attributes of files and directories. It is particularly effective in discovering changes or Trojan horse applications. - IDS has the following 8 types of functions:
①Network traffic tracking and analysis functions. Track all activities of users in and out of the network, detect and analyze user activities in the system in real time, count network traffic in real time, and detect abnormal behaviors such as denial of service attacks.
②Identification function of known attack characteristics. Identify specific types of attacks and alert the console to provide a basis for defense. Filter repeated alert events based on customized conditions to reduce transmission and response pressure.
③Analysis, statistics and response functions for abnormal behavior. Analyze abnormal behavior patterns of the system, count abnormal behaviors, and
respond to abnormal behaviors.
④Online and offline upgrade functions of the signature library. Provide online and offline upgrades of intrusion detection rules, update the intrusion signature database in real time, and continuously improve the intrusion detection capabilities of IDS.
⑤Integrity check function of data files. Check the integrity of critical data files and identify and report changes to data files.
⑥Customized response function. Customize real-time response strategies; according to user definitions and through system filtering, respond to alarm events in a timely manner.
⑦ Early warning function for system vulnerabilities. Provide early warning for undiscovered system vulnerability characteristics.
⑧IDS detector centralized management function. Collect detector status and alarm information through the console and control the behavior of each detector.
(9) Please briefly describe the differences between the three types of IDS: NIDS, HIDS and DIDS.
| IDS | Data Sources | Detection method | advantage | shortcoming |
|---|---|---|---|---|
| NESTS | Data flow on the network | Extract packet characteristics from the network and compare them with known attack signatures in the knowledge base | Fast detection, good concealment, not vulnerable to attacks, and consumes less host resources | Some attacks are sent from the server's keyboard and do not go through the network, so the false alarm rate is high. |
| HIDS | Typically host system logs and audit records | Continuously monitor and analyze system logs and audit records to detect misuse after attacks. | Capture application layer intrusions for different operating systems with fewer false positives | Depends on the host and its subsystems, poor real-time performance |
| DIDS | Simultaneously analyze host system audit logs and network data flows | Distributed structure, NIDS and HIDS are placed as detectors at key nodes of the network and report the situation to the central console | Overcomes the shortcomings of a single NIDS or HIDS | – |
(11) Please compare the similarities and differences between TLS VPN and IPSes VPN.
| Options | TLS VPN | IPSecVPN |
|---|---|---|
| interview method | remote access | gateway to gateway |
| Authentication | One-way authentication, two-way authentication, digital certificate | Two-way authentication, digital certificates |
| encryption | Strong encryption, web browser based | Strong encryption, relying on execution |
| Full security | End-to-end security, full encryption from client to resource | Network edge to client, only the channel from client to gateway is encrypted |
| accessibility | Suitable for access anytime and anywhere | Restrictions apply to access by defined controlled users |
| cost | Low cost and no need for any additional client software | High, management client software is required |
| User ease of use | User friendly, no training required | Requires corresponding technology and training |
| Supported apps | Web-based applications, file sharing, email | All IP-based services |
| user | Customers, partner users, remote users, vendors | Mainly internal to the company |
| Scalability | Easy to configure and expand | It is easy to achieve free scaling on the server side, but it is more difficult on the client side. |
| Cross firewall | Can | Can't |
(13) Article 21 of the "Cybersecurity Law" stipulates that the state implements a network security level protection system. What are the security levels of network security in my country? What is the basis for classifying each security level?
Based on the importance of the network in national security, economic construction, and social life, and the impact on national security, social order, and public health once it is destroyed, loses its functions, or the data is tampered with, leaked, lost, or damaged. The network is divided into five security protection levels based on factors such as the degree of harm to interests and the legitimate rights and interests of relevant citizens, legal persons and other organizations.
①Level 1: A general network that once damaged will cause damage to the legitimate rights and interests of relevant citizens, legal persons and other organizations, but will not endanger national security, social order and public interests.
②Level 2: Once damaged, it will cause serious damage to the legitimate rights and interests of relevant citizens, legal persons and other organizations, or cause harm to social order and public interests, but will not endanger national security. network.
③Level 3: Once damaged, it will cause particularly serious damage to the legitimate rights and interests of relevant citizens, legal persons and other organizations, or it will cause serious harm to social order and social public interests, or it will cause serious harm to the national Security jeopardizes critical networks.
④ Level 4: Once disrupted, it will cause particularly serious harm to social order and public interests, or a particularly important network that will cause serious harm to national security.
⑤Level 5: Extremely important networks that, once damaged, will cause particularly serious harm to national security.
Chapter 4 System Security Basics
3. Operating systems are usually composed of subsystems such as process management, memory management, peripheral management, file management, and processor management. Is the security mechanism of these subsystems implemented and the security goals of the operating system achieved? Why?
The security of the system in cyberspace is a macro attribute of the system, which is an emergent situation, that is, the interaction of the system components produces new characteristics that the group parts do not have. It is an irreducible and non-decomposable characteristic, and it is impossible It is established simply by relying on the microscopic components of the system. Its formation depends largely on the interaction of the microscopic components, and this interaction is often difficult to grasp.
Even if the process management, memory management, peripheral management, file management, processor management and other subsystems of the operating system can guarantee that confidential information will not be leaked, the operating system still cannot guarantee that confidential information will not be leaked; Covert channel leakage of confidential information is a situation that is caused by the interaction of multiple subsystems; in other words, the confidentiality of the operating system cannot be restored to its subsystems, and its formation also depends on the interaction of subsystems.
6. Please take the operating system and confidentiality as an example to analyze and explain why the security of the system cannot be expected to be established by relying on reductionist methods.
The security of the system in cyberspace is a macro attribute of the system, which is an emergent situation, that is, the interaction of the system components produces new characteristics that the group parts do not have. It is an irreducible and non-decomposable characteristic, and it is impossible It is established simply by relying on the microscopic components of the system. Its formation depends largely on the interaction of the microscopic components, and this interaction is often difficult to grasp.
Even if the process management, memory management, peripheral management, file management, processor management and other subsystems of the operating system can guarantee that confidential information will not be leaked, the operating system still cannot guarantee that confidential information will not be leaked; Covert channel leakage of confidential information is a situation that is caused by the interaction of multiple subsystems; in other words, the confidentiality of the operating system cannot be restored to its subsystems, and its formation also depends on the interaction of subsystems.
11. Please use the Adept-50 secure operating system as an analysis example to analyze and explain the relationship between threats, risks, attacks, and security.
Safety represents the avoidance of harm, risk represents the possibility of harm, threat represents the intention to harm, and attack represents the commission of harm.
For Adept-50, the threat was the leakage of confidential information: at that time, a mainframe system would process and store information with different confidentiality levels, and the job identities of users using the system corresponded to certain levels of confidentiality. The specific performance is that users with low confidentiality levels may access information with high confidentiality levels. The attack is that users with low confidentiality levels actually try to access information with high confidentiality levels. The risk is the possibility of leakage of confidential information. Security is the development and enforcement of rules that control access to information based on confidentiality levels.
15. Please analyze and explain the advantages and disadvantages of feature-based intrusion detection and anomaly-based intrusion detection, and explain which type of detection machine learning technology is more suitable for.
Feature-based intrusion detection: Look for patterns of known intrusions from the detected objects. If they can be found, it is considered that the attack has been detected. The detected object can be a sequence of bytes in network traffic, or a sequence of malicious instructions used by malware. The advantage is that known attacks can be detected relatively easily, but the disadvantage is that it is difficult to detect new attacks because there is a lack of patterns corresponding to new attacks.
Anomaly-based intrusion detection: Compare the behavior to be detected with known trusted behavior models. If the difference is large, it is considered an attack behavior. The advantage is that it can detect
unknown attacks, but an obvious disadvantage is the problem of false positives.
Machine learning technology can train a behavioral model based on behavioral data. If there is a certain number of credible behavioral data samples, it can build a model for credible behavior. In practical applications, it is possible to collect trustworthy behavior data. Therefore, trustworthy behavior models can be trained through machine learning technology.
21. Please analyze and explain the similarities and differences between the autonomous access control for files and the access control for memory provided by the operating system.
共同点:访问控制的基本访问权限均可分为读(r)、写(w)、执行(x)3种。、
不同点:文件的自主访问控制可以由文件拥有者自主确定任何用户对文件的访问权限,是用户看得到的,也是用户可以直接操作的,同时以文件为访问客体,以用户为行为主体。对内存区域的访问控制,用户一般看不到,通常也感受不到,同时以内存区域为访问客体,以进程为行为主体。
24. 请分析说明跨站脚本(XSS)攻击威胁会给Web应用系统带来什么样的安全风险。
XSS攻击中,攻击者想办法把恶意脚本隐藏在Web应用的输入和输出中,实现攻击的目的。XSS攻击的目的主要为窃取用户的敏感信息,或以网站的名义发布不良信息。主要的安全风险是威胁数据的机密性和数据的完整性。
26. 请说出自然生态系统和互联网生态系统的组成部分分别有哪些,并说说如何通过观察前者的相互作用分析后者的互相作用。
自然界的生态系统指的是在一定区域中共同栖居着的所有生物(即生物群落)与其环境之间由于不断进行物质循环和能量流动过程而形成的统一整体。生态系统的组成部分包括无机物、有机物、环境、胜场这、吞噬生物、腐生生物。生态系统是现货的控制论系统,反馈控制作用使生态系统得以保持动态平衡。生态系统组成部分之间的物质循环和能量流动本质上也是物理和化学信息的传递,这样的信息传递把各组成部分关联起来,形成网状关系,构成信息网络。
国际互联网协会给出了互联网生态系统的模型,包含6类组成部分:域名和地址分配、开放标准开发、全球共享服务和运营、用户、教育与能力建设、地方地区国家全球政策制定。
生态系统谕示着考虑系统安全问题要主义相互作用和反馈控制。一方面要把系统的概念从传统意义上扩展到生态系统的范围,重新认识安全威胁,构建相应的安全模型。另一方面,要有新的支撑技术,在自动化、互操作性、身份认证等重要关键技术方面有新的突破。
第5章 内容安全基础
7. 网络信息内容的获取技术有哪些?简要说明每种网络信息安全内容获取技术的基本原理、主要流程。
网络信息内容获取技术主要有传统网络媒体信息获取和基于浏览器模拟实现网络媒体信息获取。
统的网络媒体信息获取环节从预先设定的、包含一定数量URL的初始网络地址集合出发,首先获取初始集合中每个网络地址对应的发布内容。网络媒体信息获取环节一方面将初始网络地址发布信息主体内容按照系列内容判重机制,有选择地存入互联网信息库,另一方面,还进一步提取已获取信息内嵌的超链接网络地址,并将所有超链接网络地址置人待获取地址队列,以“先人先出”方式逐一提取队列中的每个网络地址发布信息。网络媒体信息获取环节循环开展待获取队列中的网络地址发布信息获取、已获取信息主体内容提取、判重与信息存储,以及已获取信息内嵌网络地址提取并存入待获取地址队列操作,直至遍历所需的互联网络范围。理想的网络媒体信息获取流程主要由初始URL集合一一信息“种子”集合,等待获取的URL队列,信息获取模块,信息解析模块,信息判重模块与网络媒体信息库共同组成。
基于浏览器模拟实现网络媒体发布信息获取的技术实现过程是,利用典型的JSSh客户端向内嵌JSSh服务器的网络浏览器发送JavaScript指令,指示网络浏览器开展网页表单自动填写,网页按钮/链接点击,网络身份认证交互,网页发布信息浏览,以及视/音频信息点播等系列操作。在此基础上,JSSh客户端进一步要求网络浏览器导出网页文本内容,存储网页图像信息,或在用于信息获取的计算机上对于正在播放的视/音频信息进行屏幕录像,最终面向各种类型的网络内容、各种形态的网络媒体实现发布信息获取。
8. 典型的信息安全内容获取工具有哪些?并简要说明其原理。
网络爬虫是在互联网上实施信息内容获取的主要工具。网络爬虫是一种按照一定的规则,自动抓取互联网信息的程序或者脚本。互联网上的信息发布是分散的和独立的,但信息间又是相互连接的。爬虫就在超链接所建立的网上穿梭,这是爬虫又被称为蜘蛛的原因。
互联网信息资源非常庞大,在有限的网络资源的条件下,网络爬虫必须有选择性。针对不同的服务对象和行为,网络爬虫大体分为两类。一类是服务于搜索引擎等搜索类应用的网络爬虫,它的信息抓取规则是尽可能地覆盖更多的互联网网站,单一网站内的搜索深度要求不高。另一类是服务于针对性进行信息收集的应用的网络爬虫,例如,舆情分析系统要求它的网络爬虫具备高搜索深度和一定的主题选择能力。具有高搜索深度的爬虫被称为路径追溯爬虫,该类爬虫深人地尽可能抓取给定网站的全部资源;具有主题选择能力的爬虫被称为主题爬虫,该类爬虫会判断抓取的资源是否属于用户指定的主题,并持续对有关给定主题的网页进行搜索和抓取。
9. 试说明如何基于网络交互重构机制,实现需要身份认证的动态网页发布信息获取。
利用典型的JSSh客户端向内嵌JSSh服务器的网络浏览器发送JavaScript指令,指示网络浏览器开展网页表单自动填写,网页按钮/链接点击,网络身份认证交互,网页发布信息浏览,以及视/音频信息点播等系列操作。在此基础上,JSSh客户端进一步要求网络浏览器导出网页文本内容,存储网页图像信息,或在用于信息获取的计算机上对于正在播放的视/音频信息进行屏幕录像,最终面向各种类型的网络内容、各种形态的网络媒体实现发布信息获取。
10. 描述基于浏览器模拟技术进行网络媒体信息获取过程,分析通过网络交互重构实现网络媒体信息获取的局限性,以及浏览模拟技术在网络媒体信息获取领域的优势。
基于浏览器模拟实现网络媒体发布信息获取的技术实现过程是,利用典型的JSSh客户端向内嵌JSSh服务器的网络浏览器发送JavaScript指令,指示网络浏览器开展网页表单自动填写,网页按钮/链接点击,网络身份认证交互,网页发布信息浏览,以及视/音频信息点播等系列操作。在此基础上,JSSh客户端进一步要求网络浏览器导出网页文本内容,存储网页图像信息,或在用于信息获取的计算机上对于正在播放的视/音频信息进行屏幕录像,最终面向各种类型的网络内容、各种形态的网络媒体实现发布信息获取。
随着网络应用的逐步深人,网络媒体发布形态不断推络信息交互重构,信息获取技术实现的工作量异常庞大。同时,新型网络通信协议正在不陈出新,不同网络媒体信息交互过程存在极大区别。需要对于不同网络媒体逐一进行网断得到应用,部分网络通信协议,尤其是视/音频信息的网络交互过程并未对外公开发布,无法直接通过网络交互重构实现对应协议发布信息获取。
在Web网站自动化功能/性能测试的启发下,浏览器模拟技术在网络媒体信息获取环节正在得到越来越广泛的应用。
22. 网络舆情检测与预警系统的核心功能主要包括哪几个方面?
网络舆情检测与预警系统的核心功能主要包括以下3个方面:
高仿真网络信息(论坛、聊天室)深度提取技术重点研究智能化、高效率的远程网络互动式动态信息的全面提取,并形成功能齐全、性能稳定的动态信息提取系统。该系统独立地对指定网络动态媒体进行信息的深入提取,将成为网络奥情监测预警系统中重要的信息获取功能模块。
基于语义的海量文本特征快速提取与分类技术重点研究针对网络文本媒体,特别是中文媒体的基于语义的特征快速提取,并在此基础上形成适合网络舆情预警监测系统需要的基于语义的海量文本特征快速提取与分类系统。该系统将独立地对各个信息源采集人库的信息进行语义分析,特别将对信息中的语义特征进行统计和分类,完成对于原始数据库的预处理,为进一步的信息聚合分析与表达提供相对标准化和正则化的信息库。该系统将成为网络舆情监测与预警系统中重要的信息分析功能模块。
非结构信息自组织聚合表达重点研究的是针对海量非结构化信息库一一互联网舆情信息作业信息库,实现无主题的聚合分析。根据国家网络舆情监测部门的奥情监测与预警业务需求·网络舆情预警系统最重要的功能是实现自动的,无人工干预的,独立的舆情报告。而实现该报告的核心步骤,就是通过非结构信息自组织聚合表达系统,对前述之互联网海量非结构数据的结构化数据库进行有效的知识发现和数量化的趋势分析。
23. 为什么一般的大搜索技术无法完全满足网络舆情监测与预警系统的需求?
信息源的广泛性:舆情监测需要涵盖各种不同的信息源,包括社交媒体、新闻、论坛、博客等。这些信息源的结构和内容差异很大,需要更加灵活和智能的搜索技术来有效地提取信息。
多语言和文化的处理:舆情监测系统可能需要监测多种语言和文化的信息,这就需要搜索技术能够处理不同语言的文本,并理解文化差异对信息的影响。
实时性要求:舆情监测通常需要实时地获取并分析信息,以便及时发现和应对突发事件。一般的搜索技术可能无法提供足够的实时性。
情感分析和主题建模:舆情监测不仅需要搜索相关的关键词,还需要进行情感分析和主题建模,以理解信息的情感倾向和背后的主题。这要求搜索技术在信息提取的同时能够进行更深层次的语义分析。
定制化需求:舆情监测系统通常需要根据特定行业、公司或组织的需求进行定制。一般的搜索技术可能无法灵活适应不同用户的定制化需求。
信息过滤和去噪:舆情监测系统需要有效地过滤和去除大量的噪音信息,以便提供准确和有用的舆情信息。这要求搜索技术能够应对信息过滤和去噪的挑战。
27. 与经典的 TCP/IP 网络架构相比,内容中心网络架构有哪些不同?又有哪些优势?
经典的TCP/IP网络架构是一种通信协议体系结构,它由多个层次组成,每个层次负责特定的功能。TCP/IP网络架构主要分为四个层次,自下而上包括链路层、网络层、传输层和应用层。CCN由五个部分组成:内容信息对象、命名、路由、缓存、应用程序编程接口。
内容信息对象:指内容本身,它是CCN的关注焦点。内容信息对象可以是网页、文档、电影、照片、歌曲,以及流媒体和互动媒体,换句话说,存储在计算机中并通过计算机访问的所有类型的对象都可以看作内容信息对象。内容信息对象与其位置、存储方法、应用程序和传输方式无关。这意味着无论内容信息对象如何被复制、存储和传输,其名称及身份不变,也意味着内容信息对象的任意两个副本对任意操作都是等价的。例如,任何持有副本的节点都可以将其提供给请求者。
命名:内容的命名是信息对象的标识,具有全局性和唯一性,其地位与TCP/IP架构的IP地址类似。CCN中的命名方案主要有分层命名和扁平命名。分层命名拥有与当前URL类似的结构,其名称由多个分层组件组成。层次结构命名以发布者的前缀为根,可实现路由信息的聚合,从而提高路由系统的可扩展性。在某些情况下,名称是人类可读的,这使得用户可以手动输人名称,并在某种程度上可以评估名称与用户感兴趣的内容之间的关系。
路由:在CCN中,内容信息分发依赖于内容发布(Publication)与订阅(Subscription)的异步机制。一方面,发送方不直接向接收方发送内容消息,而是在网络中发布内容消息的摘要,以告知网络它所要共享的内容;另一方面,接收方在网络中订阅其感兴趣的内容,而不需要知道内容的所有者。当发送方的发布消息与接收方的订阅兴趣相匹配时,CCN网络会建立从发送方到接收方的传送路径。
缓存:缓存是CCN服务不可或缺的一部分,CCN中的网内缓存实现了以下原则:统一的,即应用于任何协议提供的所有内容;民主的,即由任何内容提供者发布的;普遍存在的,即可用于所有网络节点。
应用程序编程接口:CCN应用程序编程接口是根据请求和交付内容信息对象定义的。源/生产者将内容信息对象发布到网络,以使内容对象可供网络中的其他用户使用。客户/消费者发送其感兴趣的内容的订阅消息,以获取相关内容对象。发布和获取两个操作都使用内容信息对象的名称作为主要参数。此外,一些方法支持补充参数。
与TCP/IP相比,CCN具有不同的架构和一些新颖的设计理念。CCN旨在更好地适应当前互联网中以内容为中心的使用模式,提供更高效、安全和灵活的数据传递方式。
28. 针对内容中心网络架构的常见攻击有哪些?简要说明每种攻击方式,并说明这些攻击方式中哪些是专门针对内容中心网络的。
命名相关攻击:由于内容请求对网络可见,因此CCN架构在隐私方面面临更大的威胁。许多攻击者试图审查/监控互联网使用情况。在与命名相关的攻击中,攻击者试图通过阻止内容的传递和/或通过检测谁请求此内容来阻止特定内容的分发。命名攻击可以分为监视列表和探攻击。监控列表攻击中,攻击者具有预定义的想要过滤或删除的内容名称列表,攻击者监视网络链接以执行实时过滤。在与预定义列表匹配的情况下,攻击者可以删除请求或记录请求者的信息。此外,攻击者可能会尝试删除匹配的内容本身。与监控列表攻击中的预定义列表不同,嗅探攻击中的攻击者监视网络以检查数据是否应该被标记以便过滤或消除它。如果数据包含指定的关键字,则嗅探攻击者标记数据。攻击场景与监控列表攻击相同,主要区别在于攻击者没有预定义列表,但需要对请求或内容进行一些分析。命名相关攻击允许攻击者审查和过滤内容,获取有关内容流行性和用户兴趣的私人信息,甚至阻止用户对标记内容的请求,引起拒绝服务。
路由相关攻击:此类攻击可分为分布式拒绝服务(DistributedDenialofService,DDoS)和欺骗攻击。其中,DDoS攻击可分为资源耗尽和时间攻击,欺骗攻击可分为阻塞攻击、劫持攻击和拦截攻击。在路由相关攻击中,以分布式拒绝服务攻击造成的危害影响最大。传统网络的DDoS攻击多表现为:控制许多终端系统的攻击者向网络发送大量恶意请求,以耗尽路由设备资源,如内存和处理能力等。而在内容中心网络中,攻击者旨在填充内容中心网络路由表,为合法用户造成DDoS,这类攻击又称为兴趣洪泛攻击。这是因为攻击者可以针对可用和不可用的内容发送这些恶意请求。被攻击的路由器试图满足这些恶意请求并将其转发到相邻的路由器,从而使恶意请求在网络中传播。在这种情况下,满足合法请求需要较长的响应时间。如果响应时间超过特定阈值,则合法请求不会被满足。这种攻击的影响在内容中心网络中会被逐渐放大,因为合法用户会不断重新传输不满意的请求,从而造
成了网络的额外过载路由相关攻击可能引起拒绝服务、资源耗尽、路径渗透、隐私泄露等,对内容中心网络造成较大威胁。
缓存相关攻击:常见的缓存攻击情形下,攻击者不断发送随机或不流行的请求到内容中心网络中,通过更改内容流行度来破坏内容中心网络的缓存。这些恶意请求会强制缓存系统存储最不流行的内容,并驱逐流行内容。通常当用户首次请求某个内容时,内容中心网络会从原始源中获取内容以响应用户请求。如果其他用户再次请求相同的内容,则第2个用户将从路由器中获取最近的可用副本(而不是原始源)。如果攻击者成功使网络缓存了不流行的内容,而第2个用户请求相同的内容,则第2个用户将从原始数据源获取内容,而不是最径,极大地降低了内容中心网络的分发效率。内容中心网络中的缓存相关攻击可能引发近的可用副本。
第6章 应用安全基础
1. 挑战应答认证协议为什么可以对抗重放攻击?
挑战-应答认证方法是通过一轮应答实现验证者对着证明者对认证,利用一次性随机数实现防止重放攻击。验证者提出接入请求,验证者向证明者发送一个一次性的随机数作为挑战,证明者利用单向密码函数,以双方共享的秘密作为输入,对随机数进行进行运算作为应答。验证者也利用随机数和共享的秘密作为单向函数的输入,将计算出的结果与证明者返回的应答进行比较,如两者一致则认证通过。
3. 简述数字证书有效性验证的步骤。
任何一个使用证书的第三方在验证证书有效性的时候要执行以下验证操作:证书颁发机构是否是其信任的机构,证书是否在有效期内,证书是否在证书撤销列表当中,证书的数字签名是否有效。所有上述验证通过后,用户就可以从证书获得证书持有人的公钥,并信任这个公钥。
4. FIDO 认证协议的主要目的是什么?简述 UAF 认证的主要流程。
FIDO联盟意图解决在线认证中基于口令认证难题,提供更简单、更安全的在线认证方案
UAF认证的主要流程如下:用户端发起认证后,服务端发送挑战给FIDO客户端,FIDO客户端通过生物特征或输入短的PIN码验证用户并解锁私钥,用私钥对挑战进行签名并返回给服务器,完成对客户端的认证。
7. 虚拟化主要有哪些方式?其面临的安全威胁是什么?
虚拟化技术上可以分为虚拟机和容器。虚拟机即在硬件之上增加一层虚拟机监控器的软件层来实现。虚拟机又可分为完全虚拟化和半虚拟化,完全虚拟化平台会认为自己就是运行在计算机物理硬件设备上的。完全虚拟化又可分为软件辅助和硬件辅助。
虚拟化架构可以分为:寄居架构,即在操作系统上安装和运行虚拟机,依赖主机操作系统对设备的驱动和物理资源的管理;裸金属结构,直接在硬件上安装虚拟化监控器,再在其上安装操作系统和应用,又可分为独立型、混合型、组合型;容器,运行再操作系统之上,创建一个独立的虚拟化实例,指向底层的托管操作系统,本质是一种特殊的进程。
面临的安全威胁主要有以下方面:虚拟机逃逸,突破虚拟机的限制,实现与宿主机操作系统或虚拟机管理系统交互;边信道攻击,利用在信息处理过程中使用的不同运算操作或特定物理机硬件而产生的不同额外信息而发起攻击;网络隔离困难,都部署在同一个云计算平台上时,难以实现不同网络安全区域的隔离,从而难以限制安全威胁扩散范围;镜像和快照风险,攻击者非法恢复快照将会造成一系列安全隐患,历史数据被清楚,且攻击行为被彻底隐藏。
8. 简述区块链的数据结构,说明其为什么具有不可篡改的特性。
一个完整的区块包括区块头和区块体,区块头包括版本号、前一个区块头的Hash值(采用SHA-256)、Merkel根(交易Merkel树根的Hash值,采用SHA-256),时间戳(精确到秒),难度目标(有效控制新区块产生速度),Nonce(目标Hash)。当有人想要修改交易记录时,必然会导致Merkel根相应变动,从而导致校验无法通过,进而具有不可篡改的特性。
9. 分析比特币采用工作量证明的共识机制与安全性之间的关系。
POW是应用于比特币系统的共识机制,网络中的节点需要通过不断计算寻找满足规则和小于难度目标的哈希值,并约定谁能优先算出正确答案,谁就可以获得比特币网络的奖励以及当前区块的记账权。获取到记账权的节点随后打包区块,并将打包好的区块广播给全网其他节点。全网节点接收到区块后,会对该区块进行验证,验证内容包括交易是否合法、难度值是否达到要求等。验证通过后,新区块将被添加到区块链中。这一机制实现了去中心化,具有较高的安全性。但是该机制也存在着缺点,挖矿的过程造成了大量资源的浪费,网络交易性能较低,区块确认共识达成周期较长。
10. 举例说明人工智能对网络安全的影响。
Security challenges brought about by the complexity of artificial intelligence technology and its applications: Artificial intelligence is not only a collection of various algorithms and solutions, but also a collection of software, hardware, data, equipment, communication protocols, and data interfaces. The rich and colorful ecosystem composed of people will be widely used in fields such as autonomous driving, industrial robots, smart medical care, drones, and smart home assistants in the future. This complex technical composition and application scenarios are bound to create new security vulnerabilities. . At the software and hardware level, including applications, models, platforms, and chips, coding may have loopholes or backdoors; at the model level, attackers may also plant backdoors in the model and implement advanced attacks. At present, most malicious backdoors implanted in the model are difficult to detect due to the uninterpretability of the model.
Cybercrime using artificial intelligence: At present, most industries have begun to try to use artificial intelligence technology to complete the transformation of automation and improve performance in all aspects. Cybercrime is no exception, and hackers will also Leverage artificial intelligence to make attacks more efficient. This is mainly because artificial intelligence systems have the characteristics of low cost, easy implementation and strong scalability, which can enable criminals to avoid regulatory detection in various ways through network security content filtering.
Security risks caused by the uncertainty of artificial intelligence
Artificial intelligence itself has an "algorithmic black box", and certain automated decisions and behaviors are unexplainable. The reasons and logic of such decisions and behaviors cannot be explained, and how to control the uncertainty of such automated decisions has become a major security challenge. The theoretical foundation of artificial intelligence technology is largely based on probability theory and mathematical statistics. Therefore, artificial intelligence is not a simple one-to-one mapping and causal relationship, but a machine-led correct choice and judgment with a high probability. Although theoretically, the probability of occurrence of risk events in the operation of artificial intelligence is very low, existing technology cannot predict the loss boundary and safety boundary it brings, especially when it will occur, at which node it will occur, and why it will occur. Hard to predict. Therefore, artificial intelligence programs have higher inherent risks than traditional computer programs.
Security challenges posed by artificial intelligence to privacy protection: The vigorous development of artificial intelligence is based on big data, cloud computing and other platforms. It only relies on hardware platforms to continuously collect and organize user characteristic data and behaviors. Data and artificial intelligence algorithms can continue to grow and be applied. Therefore, the risk of leakage of sensitive data will continue to increase. If artificial intelligence's own flaws are triggered or hacked, a large amount of sensitive information will be at risk of being leaked. At worst, users' personal information will be mastered by criminals, and at worst, it will endanger the user's property safety or even personal safety. At the same time, artificial intelligence technology can easily collect and identify personal privacy in cyberspace, such as text, avatar and other information, and accurately depict personal attributes such as personality, social relationships, income and consumption preferences based on this information. If you don’t pay attention, All aspects of a person will be fully perceived by artificial intelligence technology and exposed to society. Therefore, while developing and applying artificial intelligence technology, it is necessary to ensure the security of personal privacy from the aspects of technology, policies, laws and standards.
Network attack and defense based on artificial intelligence are becoming more and more intense.
Today, the engineering community and academia generally believe that the combination of artificial intelligence with attack and defense is an inevitable trend in the development of network security. Great room for growth. In traditional network attack and defense, the battle between network security personnel and hackers relies heavily on the personnel's prior experience accumulation, and is to a certain extent labor-intensive work in research and development. The emergence and development of artificial intelligence technology can highly automate labor-intensive work to a certain extent. On the one hand, network attackers can automate vulnerability mining, injecting, and attacking in network attacks to improve the efficiency of attacks. On the other hand, some security vendors have combined artificial intelligence technology with security defense strategies to construct active defense systems with autonomous learning capabilities. In addition to responding to traditional network threats, this defense system can also prevent potential various types of threats. Backdoor attacks are also capable of fighting against various types of increasingly complex and intelligent penetrating network intrusions.