一种基于属性邻接矩阵和博弈理论的风险控制模型

为了网络安全管理员能够在有限的资源条件下及时加固关键节点,减少网络攻击带来的损失,设计一种基于属性邻接矩阵和博弈理论的风险控制模型。该模型利用BFS攻击图简化算法删减攻击图中出现的环路和冗余节点,将简化后的攻击图转化为属性邻接矩阵,最后利用博弈理论得出可能的攻击路径和最优防御策略。实验结果表明,与传统风险控制方法相比,该模型解决了顶点和边数过多导致图结构过于复杂的问题,更具可视性地得出了攻击路径和原子攻击序列,可为信息系统管理员提供科学的理论参考。     

基于属性邻接矩阵的攻击图表示方法研究

为降低攻击图的复杂度,方便安全人员的理解分析,该文提出了属性邻接矩阵的表示方法,并设计了多步邻接矩阵的算法。利用邻接矩阵元素表示目标网络中各属性的连接关系,通过矩阵算法得到多步攻击路径,对邻接矩阵进行概率计算可得攻击成功的概率。实验环境验证了所提方法能提高攻击图的可视性,降低安全分析的难度。     

一种基于攻击图模型的网络安全评估方法

随着网络的深入和快速发展,网络安全问题日益严峻,研究网络安全的评估方法,具有重要的现实意义。安全漏洞的大量存在是安全问题的总体形势趋于严峻的重要原因之一。详细介绍了攻击图建模方法,给出了攻击图自动生成算法,提出了一种利用数学模型分析攻击图,并对网络系统进行安全评估的方法,最后通过一个虚拟网络环境对网络安全评估方法进行了验证。该方法对攻击图的研究具有现实意义。     

基于攻击图模型的网络安全风险评估研究

提出一种基于攻击图的多智能代理(Agent)的网络安全风险评估模型.首先,提出了基于多Agent的风险评估架构并给出了主Agent和子Agent的主要模块的功能设计,以网络中主机上的组件为基本节点,采用多Agent协同工作的方式构建攻击图.其次,定义五种风险指数并给出网络安全风险指数的计算方法.最后,基于Java的Agent开发框架(Java Agent Development Framework,JADE)实现了该评估模型,通过对仿真网络的风险评估验证了此模型的可行性和有效性.     

基于攻击图的主机安全评估方法

针对目前主机安全评估方法中无法准确计算主机安全值,忽略攻击图中主机关联性等问题,提出一种基于攻击图的主机安全评估方法.首先,生成主机攻击图,从漏洞自身、时间、环境和操作系统可利用性4个角度量化原子攻击概率并计算主机攻击概率.然后,根据专家先验评估和相关性定权法计算主机资产重要性,依据攻击图中主机间的关联关系计算主机的拓...     

基于图的分布式平飞航迹关联算法

航迹关联是分布式传感器信息融合的关键问题之一,其主要问题在于多目标平飞航迹难以关联,而实际工程应用中无法实时获取方差数据又增加了关联难度。将同一传感器获取的平飞航迹抽象为图论中无分辨的点,应用综合B型关联理论计算各点间距,进而构造反映航迹间关联关系的双向连通图,并用邻接矩阵描述其关联拓扑关系。不同节点的公共观测连通图对应的邻接矩阵必然是相似的,继而将图二分为单点图及其对应补图,利用辩证的思想将补图所对应的邻接矩阵的特征值抽象为对应点的特征向量,最终将平飞航迹关联落脚至多维分配问题。实验仿真表明,该方法具有较好的关联效果。     

用于评估网络整体安全性的攻击图生成方法

为了评估网络的整体安全性,提出了一种新的攻击图生成方法.该方法采用正向、广度优先的策略搜索网络弱点间的依赖关系.利用限制攻击步骤数和状态节点可达性的策略来解决攻击图生成过程中存在的状态爆炸问题.实验结果表明,利用该方法生成的攻击图能够用于评估网络的整体安全性,采用的限制策略可以有效地去除攻击图中的冗余节点和边,并且降低了攻击图生成时的系统资源消耗.     

攻击图的网络威胁自动建模方法研究

为了增强网络的安全性,对网络整体进行威胁分析和评估应用,结合攻击图的特点,研究并提出了一种攻击图的网络威胁自动化建模方法。在攻击图生成之前,抽象出网络威胁数学模型,包括主机信息、拓扑信息、漏洞信息和攻击者信息四个组成部分。并针对所建的网络威胁模型提出自动建模方法和具体的自动化流程。基于此,结合攻击事件的Büchi模型和CTL描述,使用符号模型检验算法自动生成攻击图,为攻击图的应用奠定基础。     

基于动态概率攻击图的云环境攻击场景构建方法

针对复杂多步攻击检测问题,研究面向云计算环境的攻击场景构建方法。首先,构建了动态概率攻击图模型,设计了概率攻击图更新算法,使之能够随着时空的推移而周期性更新,从而适应弹性、动态性的云计算环境。其次,设计了攻击意图推断算法和最大概率攻击路径推断算法,解决了误报、漏报导致的攻击场景错误、断裂等不确定性问题,保证了攻击场景的准确性。同时将攻击场景随动态概率攻击图动态演化,保证了攻击场景的完备性和新鲜性。实验结果表明,所提方法能够适应弹性、动态的云计算环境,还原出攻击者完整的攻击渗透过程,重构出高层次的攻击场景,为构建可监管可追责的云环境提供了一定的依据和参考。     

面向工控网络安全和漏洞分析的攻击图生成研究

针对目前大部分工业控制网络缺乏必需的通信攻击防御能力问题,提出了一种攻击图生成技术,从而达到对工业控制网络的安全分析和漏洞分析的目的,给出了工业控制网络攻击图的生成算法及构建步骤,并应用生成的攻击图对工业控制系统网络进行了渗透测试和漏洞分析。最后通过"震网"病毒对生成的攻击图进行了实验,实验结果表明,按照上述理论生成的攻击图确实有效可行。     

项目反应理论在实时网络风险评估中的应用

为提高传统网络风险评估方法的准确性,针对大部分网络风险评估方法未考虑攻击能力值的问题,提出了一种基于项目反应理论的实时网络风险评估方法。该方法利用项目反应理论引入的攻击能力值参数以及服务安全等级参数,对传统攻击威胁值和攻击成功概率计算方法进行改进,并采用三标度层次分析法构建出更准确的服务重要性权重,最终获得符合网络环境的评估态势。仿真结果表明：该方法可以提高评估结果的准确度,并实时地绘制更符合真实网络环境的安全态势图。     

Network intrusion intention analysis model based on Bayesian attack graph

Aiming at the problem of ignoring the impact of attack cost and intrusion intention on network security in the current network risk assessment model,in order to accurately assess the target network risk,a method of network intrusion intention analysis based on Bayesian attack graph was proposed.Based on the atomic attack probability calculated by vulnerability value,attack cost and attack benefit,the static risk assessment model was established in combination with the quantitative attack graph of Bayesian belief network,and the dynamic update model of intrusion intention was used to realize the dynamic assessment of network risk,which provided the basis for the dynamic defense measures of attack surface.Experiments show that the model is not only effective in evaluating the overall security of the network,but also feasible in predicting attack paths.     

Dynamic migration method of key virtual network function based on risk awareness

Aiming at the problems that traditional dynamic migration methods have many migration nodes,high migration frequency,and long service function chain (SFC) link path after migration when dealing with side channel attack,a dynamic migration method of critical virtual network function (VNF) based on risk awareness was proposed.In order to reduce the number of migrated nodes,only the key VNF with private information was migrated.Combined with the side channel attack detection system,the triggering migration was performed on the critical VNF which were under attack,and the key VNF was also periodically migrated according to the side channel information leakage model.Finally,a multi-attribute node sorting method base on the technique for order preference by similarity to ideal solution was used to select the migration destination server to avoid the path being too long after migration.Experiments show that the proposed method has a lower number of migration nodes and migration frequency when achieving the same side channel attack defense performance,and effectively avoids the problem that the SFC path is too long after migration.     

Round reduction-based fault attack on SM4 algorithm

A novel method of fault attack based on round reduction against SM4 algorithm was proposed.Faults were in-jected into the last four rounds of the SM4 encryption algorithm,so that the number of the algorithm's rounds can be re-duced.In known-ciphertext scenario,four traces are enough to recover the total 128 bit master key by screening these faults easily.The proposed attack is made to an unprotected SM4 smart card.Experiment shows that this attack method is efficient,and which not only simplifies the existing differential fault attack,but also improves the feasibility of the attack.     

Two-layer assignment method for online Chinese characterrecognition

A method of stroke order and number-free online recognition of Chinese characters is proposed. Both input characters and model characters are represented with complete relational graphs (CRGs). Classification of an input character can be implemented by matching its CRG against every CRG of the model base. However, efficient algorithms for graph matching are not available. Therefore, the graph-matching problem is transformed into a two-layer assignment problem and is solved with the Hungarian method. Two complexity reduction schemes are presented to save computational time. Tests demonstrate the efficiency of the proposed method     

攻击图展示技术研究

攻击图技术是一种基于模型的网络脆弱性评估方法。它通过对目标网络建模,以攻击规则对攻击者建模,然后根据二者之间的相互作用关系产生攻击图,展示目标网络内各个脆弱性之间的关系、脆弱性与网络安全配置之间的关系。早期的攻击图都是采用手工生成,速度慢效果差。为了方便研究人员使用攻击图分析目标网络安全状况,对攻击图的自动展示技术进行了研究。通过选用成熟的软件和设计合适的转换方法对攻击图进行解析,生成简洁清楚的攻击图,提高了攻击图的效能。     

Improved authenticated key agreement protocol based on Bi-ISIS problem

In the post quantum era, public key cryptographic scheme based on lattice is considered to be the most promising cryptosystem that can resist quantum computer attacks. However, there are still few efficient key agreement protocols based on lattice up to now. To solve this issue, an improved key agreement protocol with post quantum security is proposed. Firstly, by analyzing the Wess-Zumino model + ( WZM + ) key agreement protocol based on small integer solution (SIS) hard problem, it is found that there are fatal defects in the protocol that cannot resist man-in-the-middle attack. Then based on the bilateral inhomogeneous small integer solution (Bi-ISIS) problem, a mutual authenticated key agreement (AKA) protocol with key confirmation is proposed and designed. Compared with Diffie-Hellman (DH) protocol, WZM + key agreement protocol, and the AKA agreement based on the ideal lattice protocol, the improved protocol satisfies the provable security under the extend Canetti-Krawczyk (eCK) model and can resist man-in-the-middle attack, replay attack and quantum computing attack.     

基于ESD测试的无线电网络抗SSDF攻击协作频谱感知方案

针对认知无线电网络中协作频谱感知容易遭受数据伪造攻击的问题,提出一种基于检验统计和极端学生化偏差检验法的协作频谱感知方案。首先,将差分进化算法与加权增益合并软决策融合方法相结合,形成一种高效的节点决策融合机制。然后,在协作感知中,根据节点的软决策数据,利用检验统计消除故障认知节点。最后,利用提出的改进型ESD检验法消除恶意认知节点,从而形成全局决策。仿真结果表明,该方案在协作感知中能够有效过滤SSDF攻击数据,具有较低的误检测率。