Journal of Cybersecurity (2024)

28 February 2024, Volume 2 Issue 1

• Select all

  |

Special Contributions

• Select

  SARPPR: reconstructing cyberspace security defense model

  FANG Binxing, JIA Yan, LI Aiping, GU Zhaoquan, YU Han

  Journal of Cybersecurity. 2024, 2(1): 2-12.https://doi.org/10.20172/j.issn.2097-3136.240101

  Abstract ()Download PDF () HTML ()Knowledge map Save

  Faced with the new network security threats, establishing an effective network security defense model has become an urgent need. Traditional network security defense models include PDR (Protection-Detection-Response), PDRR (Protection-Detection-Response-Recovery), and APPDRR (Assessment-Policy Protection-Detection-Reaction-Restoration) models, among which the more classic APPDRR model improves network security through six elements: analysis, policy, protection, detection, response and recovery. With the continuous development of network attack and defense methods, the APPDRR model can no longer satisfy the practical needs of network security defense. With the emergence and development of emerging network security defense technologies such as situation awareness, active defense, mimetic defense and shield cube, there is an urgent need to reconstruct and expand the original cyberspace security defense model. In response to this issue, the APPDRR model was restructured and a SARPPR network security defense model of“guard mode + self-defense mode + iterative mode” was proposed to cover and guide the latest technological development of network security defense and respond to complex network security threats. From the perspective of ensuring the safety of important activities, this model extended the “guard mode” and “iterative mode” on the basis of the traditional “self-defense mode”, and achieved a full lifecycle defense of prevention, response and review analysis. This model was the first cyberspace security assurance model that coverd the entire lifecycle defense, capable of addressing unknown network security threats such as highly covert APT (Advanced Persistent Threat), as well as the challenges of building endogenous security capabilities in existing information system. This model has been applied to the network security guarantee of major events such as the Beijing Winter Olympics Games, 2022 Hangzhou Asian Games, Chengdu Universiade, Cultural Expo and Canton Fair, achieving zero accidents and verifying the effectiveness of this model.

Review

• Select

  Survey on digital watermarking technology for artificial intelligence generated content models

  GUO Zhaojun, LI Meiling, ZHOU Yangming, PENG Wanli, LI Sheng, QIAN Zhenxing, ZHANG Xinpeng

  Journal of Cybersecurity. 2024, 2(1): 13-39.https://doi.org/10.20172/j.issn.2097-3136.240102

  Abstract ()Download PDF () HTML ()Knowledge map Save

  Artificial intelligence (AI) is changing the world, and artificial intelligence generated content (AI Generated Content, AIGC) is currently one of the most cutting-edge technology. The evolution of AIGC, introduce the technological changes from AI to AIGC, and discuss the related problems and challenges caused by AIGC as well as coping strategies. At the same time, this study will also focus on the laws and regulations and international trends on a global scale, analyze the initiatives taken by different countries and organizations in AI regulation, especially China's contribution in global AI governance. The Digital Watermarking (DW) technology of the AIGC model is introduced. Digital Watermarking has been developed for many years and has played an important role in multimedia rights confirmation, anti-counterfeiting, authentication, etc. With the rise of AIGC, Digital Watermarking has begun to play a new role in model protection, content traceability and sample protection. The introduction on the research progress of digital watermarking technology for AIGC model will provide a new perspective dimension for understanding the development of AIGC security field, and provide a reference for researching the application practice in the field of AIGC.

  See Also

  Journal of Cybersecurity and Privacy

• Select

  Advances in security and privacy−preserving techniques for large language models

  MU Yiyang, CHEN Hanxiao, LI Hongwei

  Journal of Cybersecurity. 2024, 2(1): 40-49.https://doi.org/10.20172/j.issn.2097-3136.240103

  Abstract ()Download PDF () HTML ()Knowledge map Save

  Large language models, as artificial intelligence models with excellent natural language processing capabilities, are widely used in health care, finance, law and other fields. With the continuous development of large language models, it raises a growing concern regarding security and privacy issues, which has garnered increasing attention from researchers. First of all, the relevant background of large language models was introduced and the adversary model was described from three aspects of adversary goals, adversary knowledge and adversary capabilities. Secondly, common security threats to large language models, such as poisoning attacks, backdoor attacks, and adversarial attacks, along with corresponding defense methods like early stopping and identifying poisoned examples through perplexity analysis were summarized. Moving on, common privacy threats to large language models, which encompass direct data leakage during training, model inversion attacks, and membership inference attacks were summarized. Present privacy-preserving techniques, such as differential privacy and secure multi-party computation, that could mitigate these threats were given. In conclusion, the persisting challenges and outline future development directions in this domain were proposed.

• Select

  Frontier research and prospect of watermarking for generated images

  WANG Jinwei, JIANG Xiaoli, TAN Guifeng, LUO Xiangyang

  Journal of Cybersecurity. 2024, 2(1): 50-62.https://doi.org/10.20172/j.issn.2097-3136.240104

  Abstract ()Download PDF () HTML ()Knowledge map Save

  With the wave of deep synthesis brought about by AIGC (Artificial Intelligence Generative Content), digital watermarking technology was widely used to identify the copyright protection of generated content and models as an active defense method in the field of image forensics. Therefore, generating image watermarks had attracted more and more attention from researchers. Firstly, the research background of generative image watermarking was introduced, and the research motivation of generative image watermarking was introduced from the perspectives of model copyright protection and AIGC supervision. Then, based on the development of generation model and watermarking technology, the problem of generating image watermarks was introduced, and the watermarks were divided into two categories according to whether they participated in the generation process, and the current status of these two types of generated image watermarks was sorted out and introduced in detail. Subsequently, the existing methods of generating image watermarks were evaluated. On the basis of the robustness, imperceptibility and capacity of traditional watermarks, new requirements for generating image watermarks were further proposed. Finally, the problems and development trends that needed to be further solved in the generation of image watermarks were pointed out.

Academic Research

• Select

  Watermarking for large language models based on knowledge injection

  CHEN Kejiang, LI Shuai, ZHANG Weiming, YU Nenghai

  Journal of Cybersecurity. 2024, 2(1): 63-71.https://doi.org/10.20172/j.issn.2097-3136.240105

  Abstract ()Download PDF () HTML ()Knowledge map Save

  Large language models have shown outstanding performance on natural language processing tasks due to their exceptional text understanding and generation capabilities. Training large language models demands high-quality annotated data and expensive computational resources, making them significant digital assets with considerable commercial value while susceptible to intellectual property theft. Therefore, Developing watermarking technologies is key to ensuring copyright protection for large language models. Existing large language models watermarking methods based on box-free watermarks that provide strong copyright safeguards. However, these methods frequently suffer from inadequate concealment, reduced text quality, and difficulties in implementation within open-source environments. To address the above issues, a large language models watermarking method based on knowledge injection was proposed. During the watermark embedding phase, the watermark was embedded into custom knowledge and the model learns the watermarked knowledge through supervised fine-tuning. In the watermark extraction phase, the model owner only needed to design questions related to the watermark knowledge and query the model to be tested, extracting the watermark information based on the model's responses. The experiments conduct validate the effectiveness, fidelity and robustness of the proposed method.

• Select

  Gradient normalization for adaptive loss balancing in end-to-end speech synthesis

  CHEN Kuan, CHEN Tao, YOU Weike, ZHOU Linna, YANG Zhongliang

  Journal of Cybersecurity. 2024, 2(1): 72-82.https://doi.org/10.20172/j.issn.2097-3136.240106

  Abstract ()Download PDF () HTML ()Knowledge map Save

  Text-to-Speech (TTS) synthesis refers to the process of generating target speaker's speech from given text through model processing. It has become a crucial component in numerous applications. The Variational Inference for Text-to-Speech (VITS) model represents a significant advancement in TTS technology, offering superior speech quality and a more natural sound compared to traditional two-stage models. However, it is crucial to note that the performance of the VITS model is highly sensitive to how its losses are balanced. Currently, there is a lack of research on the effective balance of the losses. This study introduced Gradient Normalization for adaptive loss balancing in end-to-end speech synthesis as a means to identify the optimal balance for the VITS model. This method aimed to enhance the model's adaptability by dynamically adjusting the weighting of different loss components during training. To assess the accuracy and naturalness of synthesized speech using our proposed approach, the study conducted experiments using a publicly available Chinese TTS dataset. The results demonstrated that models using this method to balance losses had seen performance improvements, confirming the effectiveness of the approach. The significance of this research lies in its contribution to advancing TTS technology, particularly in the context of the VITS model.

• Select

  Security threats and solution strategies in the application of large-scale artificial intelligence model

  LIU Yishi, ZHOU Yajian, CUI Ying, LIU Jianwei

  Journal of Cybersecurity. 2024, 2(1): 83-91.https://doi.org/10.20172/j.issn.2097-3136.240107

  Abstract ()Download PDF () HTML ()Knowledge map Save

  As computer hardware and algorithm technology improve by leaps and bounds in recent years, the artificial intelligence technology represented by large-scale model has shown greater advantages than human beings in many fields. However, AI-based systems are often vulnerable to a variety of security threats during initial data collection and preparation, training and reasoning, and deployment. In AI-based systems, the data acquisition and preprocessing stage is vulnerable to sensor spoofing attacks, and the model training and inference stage is vulnerable to poisoning attacks and adversarial attacks. In order to address these security threats against AI systems, the challenges and solution strategies faced by AI large-scale model security were summarized, so that AI technology based on large-scale model could be utilized in industrial applications. Specifically, the AI large-scale model and its characteristics are introduced, and then the technical risks and security vulnerabilities of the AI large-scale model were summarized and analyzed. Finally, the research areas and challenges of AI large-scale model security detection and protection were discussed.

• Select

  Generative image endogenous watermarking method based on exact diffusion inversion

  LI Li, ZHANG Xinpeng, WANG Zichi, WU Deyang, WU Hanzhou

  Journal of Cybersecurity. 2024, 2(1): 92-100.https://doi.org/10.20172/j.issn.2097-3136.240108

  Abstract ()Download PDF () HTML ()Knowledge map Save

  The diffusion model has achieved significant success in image generation, but it is difficult to distinguish the authenticity of the generated images. Therefore, abusing the diffusion model will lead to social issues such as privacy and security, legal ethics, and so on. Adding watermarks to the output of the generated model can track the copyright of the generated content and prevent potential harm caused by artificial intelligence-generated content. For the diffusion model, the endogenous watermarking method of adding watermarks to the initial noise vector can directly generate watermarked images. During copyright verification, the initial vector is reconstructed through reverse diffusion to extract the watermark. However, the sampling process in the diffusion model is not strictly reversible, and there is a significant error between the reconstructed noise vector and the original noise, making it difficult to ensure accurate watermark extraction. By introducing Exact Diffusion Inversion via Coupled Transformations (EDICT), the initial noise vector can be reconstructed more accurately, improving the accuracy of watermark extraction. The performance improvement of generative image endogenous watermarking by introducing EDICT has been verified through experiments. The experimental results show that endogenous watermarking can embed invisible watermarks in generated images, and the embedded watermarks can be accurately extracted through precise backdiffusion and have a certain degree of robustness.

• Select

  Scaling-based image-level feature enhancement for steganalysis

  LIU Xulong, LI Weixiang, LIN Kaiqing, LI Bin

  Journal of Cybersecurity. 2024, 2(1): 101-112.https://doi.org/10.20172/j.issn.2097-3136.240109

  Abstract ()Download PDF () HTML ()Knowledge map Save

  With the rapid development of deep learning, the research of image steganalysis techniques based on deep learning have made significant progress. However, in terms of residual feature extraction and enhancement, traditional image preprocessing enhancement techniques often inevitably weaken the steganographic signals, making it difficult to adapt simple image preprocessing methods to steganalysis. Therefore, existing deep learning steganalysis research tends to design fixed filter kernels or optimize the learning of the residual convolutional layers, resulting in a relative lack of exploration of steganographic feature enhancement at the input image level. In this regard, a novel and efficient method for image-level feature enhancement in steganalysis is proposed. By employing the nearest neighbor interpolation algorithm to expand the size of image, the image’ s steganographic signals is amplified while maintaining their original distribution. This further enhances the model’ s capability of steganographic residual feature extraction, and effectively improves the detectability of steganographic traces without making significant changes to the existing steganalysis process. The experimental results show that the proposed method can significantly improve the model’ s detection accuracy under various steganography algorithms, especially for low embedding rate environment where the accuracy can be improved by 2.81%. It confirms the effectiveness of image-level preprocessing on steganographic residual feature enhancement, and provides a new research perspective on image residual feature extraction for deep learning steganalysis models.

• Select

  Federated model authorization scheme based on backdoor watermarking

  ZHANG Zhun, LI Jiarui, YUE Peng, YANG Wenyuan, CAO Xiaochun

  Journal of Cybersecurity. 2024, 2(1): 113-122.https://doi.org/10.20172/j.issn.2097-3136.240110

  Abstract ()Download PDF () HTML ()Knowledge map Save

  With the deepening application of distributed machine learning techniques in various fields, issues concerning model security have become increasingly prominent. Federated learning, as an innovative method of distributed machine learning, allows multiple participants to jointly train models while protecting data privacy. However, the models trained face issues of misuse and challenges in copyright protection. Malicious users may utilize these models without authorization, seeking economic benefits and thus infringing upon the copyright and intellectual property rights of the participating entities. Addressing the problem of model misuse and difficulty in protecting copyrights in distributed machine learning, A federated model authorization scheme was proposed based on backdoor watermarking for the federated learning context. This scheme embeds backdoor watermarks and issues access tokens through a central server after model training, managing the usage rights of the model. Under this scheme, users can only recover the backdoor information and obtain the right to use the model after collecting the access tokens from the majority of the participants, signifying their authorization. Otherwise, without the backdoor information, the user cannot pass the model's verification and is unable to use the model normally. Experiments conducted on multiple datasets indicate that the accuracy of models embedded with backdoor watermarks is negligibly different from that of the original federated learning models. Moreover, these models can accurately verify authorization information and efficiently identify users. This federated model authorization scheme based on backdoor watermarking not only effectively resolves the copyright protection issues of federated learning models but also significantly enhances their overall security and reliability.