Xiaochun Yun · Weiping Wen Bo Lang · Hanbing Yan · Li Ding Jia Li · Yu Zhou (Eds.) Communications in Computer and Information Science 970 Cyber Security 15th International Annual Conference, CNCERT 2018 Beijing, China, August 14–16, 2018 Revised Selected Papers Communications in Computer and Information Science 970 Commenced Publication in 2007 Founding and Former Series Editors: Phoebe Chen, Alfredo Cuzzocrea, Xiaoyong Du, Orhun Kara, Ting Liu, Dominik Ślęzak, and Xiaokang Yang Editorial Board Simone Diniz Junqueira Barbosa Pontifical Catholic University of Rio de Janeiro (PUC-Rio), Rio de Janeiro, Brazil Joaquim Filipe Polytechnic Institute of Setúbal, Setúbal, Portugal Ashish Ghosh Indian Statistical Institute, Kolkata, India Igor Kotenko St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences, St. Petersburg, Russia Krishna M. Sivalingam Indian Institute of Technology Madras, Chennai, India Takashi Washio Osaka University, Osaka, Japan Junsong Yuan University at Buffalo, The State University of New York, Buffalo, USA Lizhu Zhou Tsinghua University, Beijing, China More information about this series at http://www.springer.com/series/7899 Xiaochun Yun Weiping Wen (cid:129) Bo Lang Hanbing Yan Li Ding (cid:129) (cid:129) Jia Li Yu Zhou (Eds.) (cid:129) Cyber Security 15th International Annual Conference, CNCERT 2018 – Beijing, China, August 14 16, 2018 Revised Selected Papers Editors Xiaochun Yun LiDing CNCERT CNCERT Beijing,China Beijing,China Weiping Wen Jia Li PekingUniversity CNCERT Beijing,China Beijing,China BoLang YuZhou Beihang University CNCERT Beijing,China Beijing,China Hanbing Yan CNCERT Beijing,China ISSN 1865-0929 ISSN 1865-0937 (electronic) Communications in Computer andInformation Science ISBN 978-981-13-6620-8 ISBN978-981-13-6621-5 (eBook) https://doi.org/10.1007/978-981-13-6621-5 LibraryofCongressControlNumber:2019931949 ©TheEditor(s)(ifapplicable)andTheAuthor(s)2019.Thisbookisanopenaccesspublication. OpenAccessThisbookislicensedunderthetermsoftheCreativeCommonsAttribution4.0International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution andreproductioninanymediumorformat,aslongasyougiveappropriatecredittotheoriginalauthor(s)and thesource,providealinktotheCreativeCommonslicenseandindicateifchangesweremade. Theimagesorotherthirdpartymaterialinthisbookareincludedinthebook'sCreativeCommonslicense, unlessindicatedotherwiseinacreditlinetothematerial.Ifmaterialisnotincludedinthebook'sCreative Commonslicenseandyourintendeduseisnotpermittedbystatutoryregulationorexceedsthepermitteduse, youwillneedtoobtainpermissiondirectlyfromthecopyrightholder. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbookare believedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsortheeditors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissionsthatmayhavebeenmade.Thepublisherremainsneutralwithregardtojurisdictionalclaimsin publishedmapsandinstitutionalaffiliations. ThisSpringerimprintispublishedbytheregisteredcompanySpringerNatureSingaporePteLtd. Theregisteredcompanyaddressis:152BeachRoad,#21-01/04GatewayEast,Singapore189721, Singapore Preface The China Cyber Security Annual Conference is the annual event of the National Computer Network Emergency Response Technical Team/Coordination Center of China (hereinafter referred to as CNCERT/CC). Since 2004, CNCERT/CC has successfully held 14 China Cyber Security Annual Conferences. As an important bridgefortechnicalandserviceexchangeoncybersecurityaffairsamongindustryand academics,aswellasresearchandapplication,theconferencehasplayedanactiverole in safeguarding cyber security and raising social awareness. This year, the China Cyber Security Annual Conference 2018 was held in Beijing, China, during August 14–16, 2018, as the 15th event in the series. The theme of the conferencewas“LeveragingSmarterTechnologiesforaMoreSecureEcosystem.”The missionwastopresentandshareanewemergingfocusandconcernsoncybersecurity, andtodiscussnewcountermeasuresorapproachestodealwiththem.Therewereover 2,500 attendees at the conference. Please refer to the following URL for more infor- mation about the event: http://conf.cert.org.cn. The papers contained in these proceedings of CNCERT 2018 address a series of cyber-related issues ranging from negative logic system, privacy protection-based access control schemes, mobile devices security management, malware detection with neural networks, malicious website identification, blockchain security, Android mal- ware detection, APT attack defense, and vulnerability leak detection, to name just a few. We announced our call for papers (in Chinese) on the conference website, after which 53 submissions were received by the deadline from authors at a wide range of affiliations, including research institutions, NGOs, universities, and companies. After receiving all submissions, we randomly assigned five papers to every reviewer, and every paper was reviewed by three reviewers. All submissions were judged on their credibility of innovation, contribution, reference value, significance of research, lan- guage quality, and originality. We adopted a thorough and competitive reviewing and selection process that took place in two rounds. We first invited the reviewers to provide an initial review. Based on the comments received, 27 papers passed and the authorsofthese27pre-acceptedpapersmademodificationsaccordingly.Inthesecond round, their modified papers were reviewed again. Finally, 15 out of the 53 submis- sions stood out and were accepted. The acceptance rate was 28.3%. However, at the last minute, one of the 15 dropped out and thus finally 14 papers were published. Wesincerelythankallauthorsfortheirinterestinparticipating,andourthanksalso go to the Program Committee chair and members for their considerable efforts and dedication to this program in helping us solicit and select papers of quality and creativity. VI Preface We hope these proceedings of CNCERT 2018 will serve not only as a snapshot of the current cyber landscape and developments, but also as a catalyst and inspiring work for your own research toward a securely shaped cyber world. November 2018 Xiaochun Yun Weiping Wen Bo Lang Hanbing Yan Li Ding Jia Li Yu Zhou Organization Program Committee Program Chair Xiaochun Yun CNCERT, China Program Committee Members Weiping Wen Peking University, China Xinhui Han Instituteof ComputerScience and Technology, Peking University, China Kangjie Lu University of Minnesota, USA Haixin Duan Tsinghua University, China Chao Zhang Tsinghua University, China Dawn Song University of California, Berkeley, USA Xinguang Xiao Antiy Corporation, China Bo Lang Beihang University, China Stevens Le Blond Max Planck Institute for Software Systems, Germany Senlin Luo Beijing University of Technology, China Baoxu Liu Institute of Information Engineering, China Academy of Sciences, China Guoai Xu Beijing University of Posts and Telecommunications, China Xueying Li Topsec Corporation, China Yongzheng Zhang Institute of Information Engineering, China Academy of Sciences, China Yuanzhuo Wang Institute of Computing Technology, China Academy of Sciences, China Min Yang Fudan University, China Purui Su Institute of Software, China Academy of Sciences, China Guojun Peng Wuhan University, China Hua Zhang Beijing University of Posts and Telecommunications, China Siri Bromander University of Oslo, Norway Xu Meng Georgia Institute of Technology, USA Daniel Scofield Assured Information Security, USA Khundrakpam Johnson National Institute of Technology, India Singh Bryan Perozzi Stony Brook University, USA M. E. J. Newman University of Michigan, USA Yaniv David Technion, Israel VIII Organization Zoubin Ghahramani University of Cambridge, UK Andrew Ng Stanford University, USA Michael Backesa Saarland University and CISPA-Stanford Center, Germany and USA Christopher Kruegel University of California, USA Hanbing Yan CNCERT, China Li Ding CNCERT, China Jia Li CNCERT, China Yu Zhou CNCERT, China Teng Zhang CNCERT, China Contents Identity Authentication Research on Identity Authentication Method Based on Negative Logic System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Yexia Cheng, Yuejin Du, Jin Peng, Jun Fu, and Baoxu Liu Design of Multi-dimensional Electronic Channel Unified Identity Authentication Method for Power Information System. . . . . . . . . . . . . . . . . 16 Baoxian Guo, Ying Xu, Renjie Li, and Xingxiong Zhu Mobile Security Extension of ISO/IEC27001 to Mobile Devices Security Management. . . . . . 27 Xiaobo Zhu and Yunqian Zhu Android Malware Detection Method Based on Frequent Pattern and Weighted Naive Bayes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Jingwei Li, Bozhi Wu, and Weiping Wen Emerging Technologies An Overview of Blockchain Security Analysis . . . . . . . . . . . . . . . . . . . . . . 55 Hai Wang, Yong Wang, Zigang Cao, Zhen Li, and Gang Xiong Automatic and Accurate Detection of Webshell Based on Convolutional Neural Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Zhuo-Hang Lv, Han-Bing Yan, and Rui Mei End-Link Collaboration Control Mechanism in Intelligent Networks Based on Traffic Classification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 Songer Sun, Li Zhang, Xiaoping Han, and Chengjie Gu Malware Detection with Neural Network Using Combined Features . . . . . . . 96 Huan Zhou Cyber Threat Detection and Defense Malicious Websites Identification Based on Active-Passive Method. . . . . . . . 109 Xue-qiang Zou, Peng Zhang, Cai-yun Huang, and Xiu-guo Bao A Model of APT Attack Defense Based on Cyber Threat Detection . . . . . . . 122 Yue Li, Teng Zhang, Xue Li, and Ting Li