Optimizing the Defense System of University English Teaching Platform from the Perspective of Network Security: Preventing Data Leakage and Network Attacks

At this stage, the university network teaching platform gradually for most colleges and universities, the platform contains a large amount of teaching information, teachers and students personal information, as well as school-related information, etc., the security risk prevention of the network teaching platform has become the focus of widespread social concern, the research on the network security risk prevention strategy for the university network teaching platform is of great practical significance, and also at this stage of the formalization of the domestic Internet network, Standardization, standardization, systematization and modernization of the inevitable requirements of the stable development of society as a whole is of great significance [1-4].

One of the important sources of network security risk is the risk of network platform operating system, including various types of office software operating systems and database servers, etc., so that the vulnerability of the operating system has become a major security risk [5-6]. Database is an indispensable tool in the network teaching platform, its construction process will inevitably appear certain security loopholes, and built on the database on top of a number of applications also indirectly exist certain security risks [7-8]. At the same time, if there is some abnormal access to the database is attacked, it is likely to lead to the collapse of the system. Generally speaking, the network teaching platform will be built with corresponding security protection system, after the teaching platform system is illegally invaded, the security protection system has been seriously damaged, which will have an extremely negative impact on the normal operation of the teaching platform [9-11]. Scientific management and protection of the network platform can better reduce network security risks [12].

In addition, some risk factors may be introduced during the management of the system within the teaching. The professional level of management personnel can reduce unnecessary risks, so managers should have a deep understanding of the network and a high level of professionalism, so that when the system is attacked, they can determine the response program in time to eliminate risks [13-15]. And the fastest path of network risk spreading is network virus, which is the biggest threat to network security. Network viruses can perform illegal browsing of web pages, download, and automatically invade the network teaching platform through social means and so on. Viruses can also spread rapidly in a short period of time, so that the information in the system is leaked, some of the related files are completely deleted, interrupt the network and server, and even cause damage to the hardware system [16-18]. There is also a complete information transmission process can effectively avoid network risks. In the process of information transmission, if there is a virus invasion or software out of synchronization and other situations will lead to incomplete information transmission, which will bring some security risks [19-21].

Traditional network security technology generally focuses on strengthening the protection of the system itself, such as the use of centralized identity authentication products, the installation of firewalls at the network exit location, the use of Class B databases and operating systems, encryption of information in the transmission process [22-23]. However, this method will lead to the blind construction of the whole system. Blind construction will produce unnecessary waste, in the case of does not understand the current status quo, the overall reinforcement of the entire system is not necessary, the security investment is too large, but does not grasp the key aspects of security protection issues. In view of the above, and considering that most of the campus English online teaching platforms in universities lack effective security models, resulting in security design cannot be effectively introduced into the functional design, it is very necessary to explore the security measures to protect the online English teaching platform system [24-27].

For the optimization strategy of the defense system of university English teaching platform, this paper carries out the following research. Firstly, it proposes the use of XML to organize teaching data and the “one-level ownership, two-level management” mode to manage teaching data, so as to build the data processing system of the teaching platform. Secondly, this paper explores the principles of RSA public key generation algorithm and AES encryption algorithm, combines the two to construct the RSA-AES hybrid encryption algorithm and applies it to the defense system of university English teaching platform. Finally, three rounds of tests are conducted on the operation efficiency, defense capability, and overall performance of the platform defense system using the algorithm in this paper.

2

Pedagogical data-processing systems

The data processing system of university English teaching platform proposed in this paper can realize: ① saving the teaching data of university English platform in XML format; ② browsing and editing the data of university English teaching platform; and ③ exchanging data between heterogeneous university English teaching platforms and university English teaching platforms. The system structure is shown in Figure 1.

The teaching data stream from the university English teaching platform is converted into XML documents through the data format processing module and imported into the data storage module; when needed, these XML documents can be parsed by the data format processing module and then imported into the original university English teaching platform. Users can browse the data in the data storage module, and the system selects a matching style sheet from the XSL style sheet library according to the specific content of the browse, and maps the XML document into a Web page for displaying to users. Users can submit editing requests directly on the Web page, the data editing and processing module will select the appropriate algorithm from the data processing algorithm library according to the request to process the edited XML document of the teaching data and import it into the data storage module (covering the original document).

The data storage module’s XML document structure is in line with the original university English teaching platform. If you want to exchange data between heterogeneous teaching platforms, you first have to import the teaching data into the data storage module, and then parse and reconstruct these XML documents through the XML document structure conversion module. Reconstruction, these XML documents into the original document isomerization, and the new platform structure to match the new document. When converting the document structure, it is necessary to read the DITD documents before and after the conversion from the DID library, and the converted XML documents can be imported into the new university English teaching platform by the data format processing module.

A university English school is a university English teaching and teaching management system developed by a university computing center, which has accumulated a large amount of university English teaching data since its operation. In this paper, the teaching data processing system is realized on the basis of “English Learning Hall of a University”.

2.1

Using XML to organize instructional data

Extensible Markup Language XML is a source markup language recommended by the W3C, which has three features: authors can define new tags and attributes; the document structure can achieve arbitrarily complex nesting; XML documents can contain their own format of the syntax description (DID). DTD (Document Type Definition) is used to define a specific format for a certain type of XML document, to standardize the content of such XML documents. DTD (Document Type Definition) is used to define a specific format for a certain type of XML document, to standardize the content of such XML documents, the framework structure, the use of DTD, XMIL document format structure can be varied.

Organization of teaching data in XML format is the core of the whole system. Course as the basic unit to save data, each course within the teaching data is divided into four categories: BBS class data (Q&A, discussion); auxiliary courseware class data; homework class data; recommended materials (handouts) class data. Each type of data is further divided into two parts: unstructured data is stored in a specified path; structured data is stored in an XML document. In the DTD document library, each type of instructional data XML document has a matching DID document to illustrate the structure of its content framework. the XML document also stores index information pointing to the same type of unstructured data, such as paths, file types, etc., so as to tightly integrate the structured and unstructured data.

2.2

Design of the secondary management model

Considering the real demand for the construction of the data sharing platform of the university English teaching system, and drawing on the sharing programs such as certificate sharing, elliptic curve algorithm sharing, and data hierarchical sharing, in the process of designing and constructing the sharing platform of the university English teaching system, according to the scale of data sharing, management and application difficulties of the university English teaching system, we propose to establish a “one-level ownership, two-level management” model in which the sharing platform will set up a scope of shared data sharing. The “one-level ownership, two-level management” model. The so-called “one level of ownership and two levels of management” model means that the ownership of shared data belongs to the data sharing platform manager, who defines the data sharing rights, but adopts a two-level management structure in the management mode, where the sharing platform manager authorizes professional managers who understand the semantics, security scope, and confidentiality scope of the shared data to actually manage the data. However, in the management method, a two-tier management structure is adopted, in which the sharing platform manager authorizes the professional manager who understands the semantics, security scope and confidentiality of the shared data to carry out actual management.

The “one-level ownership” in the “one-level ownership, two-level management model” means that after the shared data is uploaded to the sharing platform, the storage, management and ownership of the shared data belong to the administrator of the sharing platform, and the owner of the shared data no longer has the right to manage the data. The owner of the shared data no longer has management authority over the data. In view of the heterogeneity of shared data, in order to effectively manage heterogeneous shared data and extract the metadata information of shared data, the administrator achieves the control of shared data storage, sharing and authorization through the management of homogeneous metadata.

The specific implementation of “one level of all” is shown in Figure 2.

Each subsystem uploads the shared data to the data sharing platform, and subsystems A, B, and C share the data $(A_{1}, A_{2})$ $$\left( {{A_1},{A_2}} \right)$$, B₁, and C₁, respectively. shared data A₁, A₂, B₁, and C₁ are centrally stored in the sharing platform, and the ownership is also attributed to the sharing platform, which extracts the metadata information a₁, a₂, b₁, and c₁ of A₁, A₂, B₁, and C₁, respectively, and the administrator M has the management privileges of the metadata information, and the administrator M The management of shared data is realized through the management of metadata.

The “second-level management” in the security management model means that the administrator of the sharing platform delegates the data management privileges to the second-level administrator who has a better understanding of the semantics and security scope of the data, and the second-level administrator actually authorizes the access to the data. The specific model is shown in Figure 3.

In order to realize the specialized management of shared data, the administrator of the sharing platform M can establish a second-level administrator, who will formulate the sharing scheme and carry out the real management of the data. As shown in Fig. 3, the manager of the sharing platform entrusts the management authority of data a₁ and b₁ to the second-level manager M₁, and entrusts the management authority of data a₂ and c₁ to the second-level manager M₂. M₁ and M₂ respectively carry out the actual sharing authorization of data resources $(a_{1}, b_{1})$ $$\left( {{a_1},{b_1}} \right)$$ and $(a_{2}, c_{1})$ $$\left( {{a_2},{c_1}} \right)$$, and formulate a reasonable data sharing scheme.

Under the above shared platform secondary management mode, the secondary managers of the shared information platform manage the shared data, but their operations are audited for later checking and analysis; the administrators of the information sharing platform are similar to the “security administrators”, who mainly manage the permissions and operations of the secondary managers in a secure manner, and audit their behaviors to ensure that their data management and operations are in compliance with the security regulations. The administrator of the information sharing platform is similar to a “security administrator”, who mainly manages the authority and operation of the secondary management personnel in a secure manner, and audits their behavior to ensure that their data management and operation behaviors are legal and reasonable.

3

Encryption algorithms for defence systems

3.1

Key Generation Algorithm

RSA public key cryptosystem is a special kind of encryption system with reversible modulo exponential operation. Its appearance not only solves the problem of key distribution, but also meets the needs of a variety of functions such as digital signature authentication, identification, and so on, and thus has a wide range of applications in modern confidential communications.

RSA algorithm is also recognised as a very secure public key cryptography algorithm, and in all public key cryptography algorithms is also the easiest to understand and implement, RSA algorithm’s security is based on the ‘large integer decomposition of the difficulty’, because for the processing power of modern computers, it is easy to solve for the product of two large prime numbers, and the product is decomposed into two prime factors is very easy. The RSA public key cryptography algorithm system usually consists of a key generation process, an encryption and decryption process, and a signature authentication process. The key is divided into two types, public and private, and is used in pairs. In the encryption and decryption process, the data is encrypted with the public key and decrypted with the private key, while in the signature authentication process, the private key is used for signing and the public key is used for authentication.

RSA key generation method is as follows: 1)

Choose any two large prime numbers p and q (confidential), and p ≠ q, and compute modulus n = p*q (which can be made public).

2)

Solve n for the Euler function φ(n) = (p − 1)*(q − 1) and keep φ(n) secret.

3)

Choose at random an integer e (public), e to satisfy gcd(e, φ(n)) = 1 i.e. e is mutually prime with φ(n) and e is less than φ(n).

4)

Calculate d to satisfy d*e = 1 mod φ(n) and keep d secret.

5)

Destroy p, q and φ(n).

Through the above process, public key e, private key d and modulus n can be generated, usually (e, n) and (d, n) are called public key pair PK and private key pair SK respectively, where public key pair PK(e, n) is public and private key pair $S K (d)$ $$SK\left( d \right)$$ and n are kept secret.

3.1.1

Encryption and decryption algorithms

The first step in encryption using the public key cryptography algorithm RSA is to digitise the plaintext in chunks, because the message to be encrypted may be a piece of text or a string, and only after the message is digitised can it be encrypted and transmitted. However, in the process, it is necessary to ensure that the length of each digitised plaintext is not greater than the length of modulo n, and then RSA encryption is performed.

The properties of RSA encryption and decryption algorithm are shown in equations (1), (2) and (3): (1) $c = E_{P K} (m) = m^{e} \mod n$ $$c = {E_{PK}}(m) = {m^e}\ \bmod \ n$$ (2) $m = D_{S K} (c) = c^{d} \mod n$ $$m = {D_{SK}}(c) = {c^d}\ \bmod \ n$$ (3) $m = D_{S K} (E_{P K} (m))$ $$m = {D_{SK}}\left( {{E_{PK}}(m)} \right)$$

Where, m is the message i.e. plaintext, c is the ciphertext, (e, n) is the public key pair PK, (d, n) is the private key pair SK, where, E_PK(m), D_SK(c) are the encryption algorithm and decryption algorithm respectively.

3.1.2

Signature Authentication Algorithm

A digital signature is the electronic counterpart of a handwritten signature and is mainly used to sign digital messages to prevent impersonation forgery and tampering of the message, as well as for identification of the two parties to the communication. However, it is different from an ordinary mail drop because it is intrinsically linked to the content of the signed message. The digital signature should have the following characteristics. 1)

Publicly verifiable: anyone can verify the validity of the signature.

2)

Unforgeability: It is difficult for any other person to forge a signature other than the legitimate signer.

3)

Non-repudiation: the signer can not deny his signature afterwards.

4)

Uniqueness: the signature corresponds to the signed message.

3.2

Principle of AES encryption algorithm

3.2.1

Replacement process

The AES encryption process involves a large number of box substitution processes. Take IP substitution as an example, the first three bits of the IP substitution table are 58, 50, 42, which means that the data in the 58th, 50th and 42nd bits of the input data block are replaced with the 1st, 2nd and 3rd bits respectively. The same is true for the other substitutions. These replacements can rearrange the data to act as a disruption.

3.2.2

Sub-Key Generation

The generation of the subkey consists of the substitution and shifting process. The user provides the 64-bit master key and uses the 8th, 16th, 24th, 32nd, 40th, 48th, 56th, and 64th bits as checksum bits, which are not involved in the operation. After PC-1 substitution, these 8 parity bits are eliminated, and the remaining 56-bit key involved in the operation is divided into two groups, C₀ and D₀, with 28 bits in each group, and then left shifted by the shift table to get two groups, C₁ and D₁, which are combined into a 56-bit key, and then turned into a 48-bit subkey K₁ after PC-2 substitution, i.e., the key used for the first round of the S-box encryption cycle. Repeat the above steps to obtain the key to be used in each round of the cycle. The subkey generation is shown in Fig. 4.

3.2.3

Initial replacement (IP replacement)

Before encryption or decryption, the data needs to be rearranged. The encrypted data is split into groups of 64 bits and arranged in 8 rows and 8 columns, called plaintext. The 64-bit blocks of binary plaintext are then rearranged using a fixed IP replacement table.

3.2.4

Wheel function operations

After the initial substitution, we get the plaintext in disordered order, which is evenly divided into two groups: L₀ (32 bits), R₀ (32 bits), and perform the E-box extended substitution on R₀ to get $R_{0}^{'}$ $${R_0^\prime}$$ (48 bits), which is different-or-or with each bit of the first round key K₀ (48 bits) to get a 48-bit output, which is evenly divided into 8 groups of 6 bits each and fed into S-boxes to perform the substitution. The final result of the substitution of these 8 sets of data is 32 bits of data, and the result obtained by iso-originating the result with each bit of L₀ is used as the final result of R₀. At this point, swap L₀ and R₀ to get L₁ and R₁ and start the next cycle. After 16 cycles, we get L₁₅ and R₁₅.

3.2.5

Inverse Initial Replacement (FP Replacement)

The last step of AES encryption is the inverse initial permutation, which combines the results L₁₅ and R₁₅ of the last round function into a 64-bit data for FP permutation, and finally obtains the ciphertext output.

3.3

Hybrid RSA-AES encryption algorithm

From the in-depth analysis of RSA encryption algorithm and AES encryption algorithm in this paper, we can know that RSA encryption algorithm as an asymmetric encryption algorithm has the advantage of high security, but due to its own algorithm needs to be modulo n resulting in all the data greater than n will produce a wrap-around, and its encryption efficiency is not high, so it is not suitable for encryption of large files. AES encryption algorithm as a symmetric encryption algorithm has a faster encryption speed and can encrypt large files, but due to its characteristics as a symmetric encryption algorithm security is not high, especially in the cloud environment, the system is distributed and deployed, which further increases the likelihood of the leakage of the secret key, and symmetric encryption algorithms encryption and decryption using the same key, so that the cost of the secret key management has increased greatly. In order to ensure the security of these files and the feasibility and efficiency of file encryption, this paper integrates the advantages of RSA encryption algorithm and AES encryption algorithm, and mixes the advantages of the two algorithms to complement each other to form a safe and effective encryption algorithm suitable for the needs of the encryption module of the system.

The basic idea of this algorithm is as follows, in order to be able to effectively encrypt large files, the uploaded files are encrypted using AES, in this paper the AES-128 algorithm with a secret key length of 128bit is used to encrypt the files, the files are encrypted and then uploaded to the cloud storage system, and in order to ensure that the encryption is secure. The AES algorithm secret key encrypts the public key generated by the RSA algorithm, and the encrypted AES secret key is saved by the user. When decrypting the downloaded file, use the RSA private key to decrypt the encrypted AES secret key to obtain the AES secret key, and then use the AES secret key to decrypt the ciphertext to obtain the final plaintext. The encryption and decryption process is shown in Figure 5.

4

Examination of the hybrid RSA-AES encryption algorithm

4.1

Operational efficiency of the algorithm

In this section, this paper will analyze the operational efficiency of the hybrid RSA-AES encryption algorithm through simulation experiments. All the experiments are run on a desktop computer with 3.40GHz CPU and 8GB RAM running Ubuntu 12.04, and all the experimental codes are written in Python. In this paper, we use the Teaching Evaluation dataset from “English Learning Center of a School” as the training set of the hybrid RSA-AES encryption algorithm. This dataset contains 1728 records, each for 6 attributes (d=6) as well as 4 categories (λ=4). At the same time we fix the parameters in the experiment (l = 20). We adjust the number of training sets required for the hybrid RSA-AES encryption algorithm, i.e., the size of m, and measure the running time required for stage 1 as well as stage 2 in the platform defense system and the communication between the two cloud servers CS₁ and CS₂ for different key lengths K. The running time of stage 1 as well as stage 2 in the platform defense system is measured in Fig. 6 as well as Fig. 7. The distribution of the running time of stage 1 as well as stage 2 is shown in Fig. 6 as well as Fig. 7.

Figure 6 shows the running time of stage 1 for K=512 bits as well as for 1024 bits. When K = 512 bits, the number of samples m in the training set gradually increases from 400 to 1600, and the computation time spent in stage 1 changes from 1.76 seconds to 6.85 seconds accordingly. When K = 1024 bits, the number of samples m in the training set gradually increases from 400 to 1600, and the computation time spent in stage 1 changes from 11.81 seconds to 46.56 seconds accordingly. From Fig. 6, we can see that the running time of stage 1 grows linearly with the sample data m, indicating that the hybrid RSA-AES encryption algorithm is more efficient in processing data.

The running time of stage 2 in the platform defense system is shown in Fig. 7. When K=512 bits, the number of samples m in the training set is gradually increased from 400 to 1600, and the computation time spent in stage 2 is correspondingly changed from 5.33 minutes to 30.81 minutes. When K=1024 bits, the number of samples m in the training set gradually increases from 400 to 1600, and the computation time spent in stage 2 also changes from 16.31 minutes to 89.25 minutes accordingly. It can be seen that the computation time of stage 2 is much higher than that of stage 1, however, the whole algorithm including stage 1 and stage 2 is outsourced to the cloud server for computation, and the system does not bear any computational burden. In this way, the RSA-AES hybrid encryption algorithm scheme can greatly reduce the computational burden of the system.

Stage 1 in the algorithm, the amount of communication between CS₁ and CS₂ is shown in Fig. 8. When K = 512 bits, the number of samples m in the training set is gradually increased from 400 to 1600, and the amount of communication between CS₁ and CS₂ is correspondingly increased from 0.5 MB to 2.11 MB. When K = 512 bits, the number of samples m in the training set is gradually increased from 400 to 1600, and the amount of communication between CS₁ and CS₂ is correspondingly increased from 0.92 MB to 3.63 MB. From Fig. 8 we can see that the communication between CS₁ and CS₂ in stage 1 grows linearly with the sample data m, indicating that the hybrid RSA-AES encryption algorithm is able to handle a wide range of data better.

The amount of communication between CS₁ and CS₂ in phase 2 in the algorithm is shown in Fig. 9. When K = 512 bits, the number of samples m in the training set is gradually increased from 400 to 1600, and the amount of communication between CS₁ and CS₂ is correspondingly increased from 4.45 MB to 17.75 MB. When K = 1024 bits, the number of samples m in the training set is gradually increased from 400 to 1600, and the amount of communication between CS₁ and CS₂ is correspondingly increased from 8.06 MB to 32.09 MB.

4.2

Experiments on defense against network attacks

Figure 10 illustrates the statistics of RSA-AES key requests under a new form of persistent DoS attack. In order to verify the impact of this attack on the instructional platform defense system, simulation experiments are designed and conducted in this paper. In the experiment, a network environment with 100 users and 10 servers of the teaching platform defense system is simulated, in which 10-15 users are browsing the platform data within the coverage area of each teaching platform defense system server. Each user periodically sends RSA-AES key requests to the instructional platform defense system, while the instructional platform defense system provides necessary data information and service messages to the users. In the attack scenario, the attacker is unable to process legitimate RSA-AES key requests by continuously sending a large number of invalid RSA-AES keys to the target teaching platform defense system, which causes the teaching platform defense system to run out of resources. In our experiments, we counted the number of broadcast keys received by the teaching platform defense system in different time periods to evaluate the impact of DoS attacks. Comparison results show that the teaching platform defense system is able to successfully receive the vast majority of RSA-AES key requests from users when it is not under attack. However, with the initiation of the new DoS attack, the number of legitimate RSA-AES keys received by the Teaching Platform Defense System decreases significantly, and there is even a situation that the Teaching Platform Defense System fails to receive valid RSA-AES keys during the peak of the attack. This indicates that the attacker successfully blocked the normal communication of the teaching platform defense system by saturating its resources to achieve the effect of a DoS attack.

The Teaching Platform Defense System sends a request to verify the RSA-AES key to all users who have established communication after a DoS attack is detected. After receiving the request, the user decrypts the RSA-AES secret key by the RSA private key and transmits it back to the Teaching Platform Defense System. The Teaching Platform Defense System evaluates the decrypted value received against its own calculated value, and if it is accurate and consistent, it continues to communicate. If there is no agreement, the user will be identified as a fake user and communication will be shut down.

Figure 11 shows the change in the number of RSA-AES secret keys received by the teaching platform defense system after verifying the RSA-AES key method. In the experiment, we simulated a server containing 75 normal users who send 1 AES key per second for data exchange. At the same time, the attacker deploys 10 witch users (i.e., attacker users disguised as normal users), which also send 1 forged AES secret key per second in an attempt to interfere with the communication between the teaching platform defense system and the normal users. When the Teaching Platform Defense System activates the traffic restriction, the strategy of verifying the RSA-AES key method is used in order to defend against potential DoS attacks. At this time, the RSA-AES key verification messages of normal users interact frequently, resulting in an increase in the number of RSA-AES key requests received by the teaching platform defense system. However, at the end of the RSA-AES key verification process, the teaching platform defense system successfully identifies and blocks the forged RSA-AES key from the witch user, which ultimately keeps the number of received valid RSA-AES keys stable. This change suggests that the verified RSA-AES key approach plays a positive role in defending against DoS attacks, even though the implementation process leads to a short-term rise in the number of RSA-AES key requests.

4.3

Comparison of Encryption Algorithms

In this paper, we compare the RBS-IP-CHOCK model based on key management in the literature, the hybrid solution based on distributed and centralized in the literature with the hybrid RSA-AES encryption algorithm proposed in this paper, and analyze the performance of different defense strategies in terms of CPU and memory consumption. Figure 12 shows the performance data of the three defense strategies in terms of CPU usage and Figure 13 shows the performance data of the three defense strategies in terms of memory consumption. These data will provide an important basis for understanding the impact of DoS attacks on the performance of the encryption module of the teaching platform and the effectiveness of its mitigation strategies.

The results in Figs. 12 and 13 show that the proposed hybrid RSA-AES encryption algorithm has the least impact on the CPU and memory usage of the teaching platform defense system. The average CPU occupancy is less than 15%, and the average memory usage is 20 MB, which does not affect the normal functional operation of the teaching platform defense system. The paper also verifies the resource consumption of the teaching platform defense system in the case of different numbers of attacking users, and the experimental results are shown in Figure 13. The experimental results show that when the number of attacking users exceeds 25, the CPU and memory occupancy are less than 30%. Additionally, the average detection delay of the method is 20 ms and the average revalidation delay is 15 ms, which is suitable for DoS attack defense in the teaching platform defense system.

5

Conclusion

In this paper, we firstly process the data in the teaching platform. This paper proposes to organize the teaching data in XML as the core and closely combine the structured and unstructured data, and at the same time, we propose the mode of “one level of ownership and two levels of management” to realize the strict control of the platform administrator over the data. At the same time, the “one-level ownership, two-level management” model is proposed to realize the strict control of data by the platform administrator. Subsequently, in order to ensure that the data will not be leaked. This paper analyzes the generation and encryption principles of the RSA algorithm and the AES algorithm. By using the RSA encryption algorithm to encrypt the public key generated by the AES encryption algorithm, and using the RSA private key to decrypt the encrypted AES secret key to obtain the AES secret key when downloading the file to decrypt, the RSA-SEA hybrid encryption algorithm of this paper is constructed. Finally, in order to test the effectiveness of the platform defense system equipped with this paper’s algorithm in operation and defense, this paper launches three rounds of experiments. In the experiments, this paper’s algorithm can not only reduce the computational burden of the system well, but also be able to defend against DoS attacks by verifying the key, the average CPU occupancy rate is less than 15%, and the average re-verification delay is only 15 milliseconds. This paper’s algorithm’s key role in aiding the platform in defending against network attacks is fully demonstrated.

The algorithm in this paper performs well in terms of operational efficiency, defense capability, and overall performance, and is able to provide stable technical support for the existing university English teaching platform, thus guaranteeing the data security of the university English teaching platform.

Language:: English

Publication timeframe:: 1 times per year
Journal Subjects:: Life Sciences, Life Sciences, other, Mathematics, Applied Mathematics, General Mathematics, Physics, Physics, other

Journal RSS Feed

Optimizing the Defense System of University English Teaching Platform from the Perspective of Network Security: Preventing Data Leakage and Network Attacks

Xuan Du

Published Online: Mar 24, 2025

Received: Oct 27, 2024

Accepted: Feb 13, 2025

DOI: https://doi.org/10.2478/amns-2025-0774

KeywordsTeaching platform, Data leakage, Network attack, AES, RSA

© 2025 Xuan Du, published by Sciendo

This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Keywords
Teaching platform, Data leakage, Network attack, AES, RSA