共查询到20条相似文献,搜索用时 15 毫秒
1.
网络攻击检测在网络安全中扮演着重要角色。网络攻击检测的对象主要为僵尸网络、SQL注入等攻击行为。随着安全套接层/安全传输层(SSL/TLS)加密协议的广泛使用,针对SSL/TLS协议本身发起的SSL/TLS攻击日益增多,因此通过搭建网络流采集环境,构建了包含4种SSL/TLS攻击网络流与正常网络流的网络流数据集。针对当前网络攻击流检测的可观测性有限、网络流原始时空域分离性有限等问题,提出流谱理论,将网络空间中的威胁行为通过“势变”过程从原始时空域空间映射到变换域空间,具象为“势变谱”,形成可分离、可观测的特征表示集合,实现对网络流的高效分析。流谱理论在实际网络空间威胁行为检测中的应用关键是在给定变换算子的情况下,针对特定威胁网络流找到势变基底矩阵。由于SSL/TLS协议在握手阶段存在着强时序关系与状态转移过程,同时部分SSL/TLS攻击间存在相似性,因此对于SSL/TLS攻击的检测不仅需要考虑时序上下文信息,还需要考虑对SSL/TLS网络流的高分离度的表示。基于流谱理论,采用威胁模板思想提取势变基底矩阵,使用基于长短时记忆单元的势变基底映射,将SSL/TLS攻击网络流映射到流谱域空间。... 相似文献
2.
3.
为解决现有的防御链接预测攻击的隐私保护方法的不足,提出一种基于积分梯度的局部扰动算法LDIG (local disturbance algorithm based on integral gradient)。利用敏感链接的闭合子图确定扰动范围,根据扰动范围内链接的积分梯度迭代扰动链接,同时将链接预测对扰动图中敏感链接的预测结果作为扰动结束的判断依据。实验结果表明,LDIG算法的计算复杂度较低,适用于大规模社交网络的隐私保护,扰动链接的数量较少,提高了数据的效用性。 相似文献
4.
介绍了目前比较有效的抗差分能量分析(Differential Power Analysis,DPA)攻击的防范对策--掩码(Masking),并将改进后的简单固定值掩码方法推广到固定值掩码方法以抵抗二阶差分能量分析(SODPA)攻击。 相似文献
5.
Charu Gupta Rakesh Kumar Singh Amar Kumar Mohapatra 《Information Security Journal: A Global Perspective》2020,29(4):183-198
ABSTRACTXML based attacks are executed in web applications through crafted XML document that forces XML parser to process un-validated documents. This leads to disclosure of sensitive information, malicious code execution and disruption of services. OWASP has included XML based attacks at number four in its top 10 list of vulnerabilities published in 2017. Most of the vulnerabilities reported using the XML document range from high to critical and require to be addressed immediately. As per the National Vulnerability Database, 152 vulnerabilities have already been reported in the first five months of the year 2019. A varied number of XML vulnerabilities and their classification exist but are limited to a specific vulnerability. In this paper, the authors have proposed a classification of XML based vulnerabilities based on exhaustive literature survey. The approach/strategies to mitigate these vulnerabilities are also presented. The work will help the web developers for proposing secure parsers that will thwart such attacks. 相似文献
6.
《Journal of Computer and System Sciences》2007,73(5):788-817
A query is said to be secure against inference attacks by a user if there exists no database instance for which the user can infer the result of the query, using only authorized queries to the user. In this paper, first, the security problem against inference attacks on object-oriented databases is formalized. The definition of inference attacks is based on equational logic. Secondly, the security problem is shown to be undecidable, and a decidable sufficient condition for a given query to be secure under a given schema is proposed. The idea of the sufficient condition is to over-estimate inference attacks using over-estimated results of static type inference. The third contribution is to propose subclasses of schemas and queries for which the security problem becomes decidable. Lastly, the decidability of the security problem is shown to be incomparable with the static type inferability, although the tightness of the over-estimation of the inference attacks is affected in a large degree by that of the static type inference. 相似文献
7.
Xianwen YangAuthor Vitae Zheng LiAuthor VitaeAn WangAuthor Vitae Shengjun WenAuthor Vitae 《Microprocessors and Microsystems》2011,35(1):18-22
Aiming at the DES design scheme against power analysis attacks introduced by Standart et al., an improved scheme is presented in this paper. In the improved scheme, eight dummy S-Boxes are proposed to make the power consumption of the DES S-Box logic gates constant instead of random, and it can make the same difficulties for power analysis attackers consuming 98% less memories as compared with the previous scheme. By analyzing the improved scheme in theory and using an accurate circuit simulator, the secure efficacy of the improved one is verified. The verification results indicate that the improved scheme can satisfy the practical applications against power analysis attacks, and it can be also introduced into the FPGA implementations of other cryptographic algorithms’ S-Box against power analysis attacks. 相似文献
8.
This paper aims at presenting a new countermeasure against Side-Channel Analysis (SCA) attacks, whose implementation is based on a hardware-software co-design. The hardware architecture consists of a microprocessor, which executes the algorithm using a false key, and a coprocessor that performs several operations that are necessary to retrieve the original text that was encrypted with the real key. The coprocessor hardly affects the power consumption of the device, so that any classical attack based on such power consumption would reveal a false key. Additionally, as the operations carried out by the coprocessor are performed in parallel with the microprocessor, the execution time devoted for encrypting a specific text is not affected by the proposed countermeasure. In order to verify the correctness of our proposal, the system was implemented on a Virtex 5 FPGA. Different SCA attacks were performed on several functions of AES algorithm. Experimental results show in all cases that the system is effectively protected by revealing a false encryption key. 相似文献
9.
基于差分网格的抗RSD攻击盲指纹方案 总被引:1,自引:0,他引:1
为了提高数字指纹的抗综合攻击能力,构造了抗旋转、缩放、扭曲攻击(简记为RSD攻击)的数字指纹嵌入和提取策略。设计了数字指纹的空域—DCT域联合嵌入方案,给出了差分特征点的构造方法,以及基于差分特征点网格的数字指纹嵌入与提取算法,设计了高精度攻击参数辨识算法。实验结果表明,所提方案攻击参数辨识精度达到亚像素级,能抵抗缩放系数大于0.5的缩放攻击,45°角以内的任意旋转攻击,以及25°角以内的任意扭曲攻击;且指纹提取效果并不因旋转角度的增大而降低,也不因扭曲角度的增大而有明显降低。该方案提高了数字指纹的鲁棒性,使数字指纹系统在能抵抗去除攻击,剪切、平移、粘贴攻击(简称CTP攻击)的同时具备抵抗RSD攻击的能力。 相似文献
10.
利用Harris特征点并结合图像的归一化原理提出了一种新的数字水印方案。由于Harris算子的算法简单,稳健性较好,图像的特征点在经过几何攻击后仍然可以保持。而且,归一化的图像对图像的旋转不太敏感,所以首先对每一个以特征点为圆心的互不重叠的圆归一化以确定水印的嵌入点,然后把水印嵌入到原来的图像中,这样,可以很好地解决水印嵌入和检测的同步问题。实验证明,该算法能很好地抵抗如旋转,缩放,剪切等形式的几何攻击与常规信号处理攻击。 相似文献
11.
12.
13.
14.
针对DDoS攻击在ISP网络中的行为特点,提出了一种基于ISP网络的DDoS攻击协作防御方法.该方法从流量信息中构造出攻击会聚树,并根据攻击会聚树找出攻击数据流在ISP网络中的源,在源头对攻击数据流进行控制,从而达到在ISP网络内防御DDoS攻击的目的.该方法克服了在整个网络中防御DDoS攻击耗资巨大的缺点.实验结果表明,该方法能够快速有效了实现对DDoS攻击的防御. 相似文献
15.
Anbarasan M. Prakash S. Antonidoss A. Anand M. 《Multimedia Tools and Applications》2020,79(13-14):8929-8949
MANET(Mobile Adhoc Networks) possess the open system condition, absence of central server, mobile nodes that make helpless to security assault while conventional security components couldn’t meet MANET security prerequisites in view of restricted correspondence data transfer capacity, calculation power, memory and battery limit in addition to the vitality enabled environment. The trusted MANETs provide a reliable path and efficient communication but the secrecy of the trust values sometimes may be overheard by the masqueraders. Due to the need of the clustered MANETs the exchange of mathematical values remains to be a necessary part. In the proposed security of the trusted MANETs is focused so as to provide rigid and robust networks when additional resources are added. For clustering of the nodes LEACH protocol is suggested in which the CHs and CMs are fixed for the data transfer in the network. The energy is disseminated in the LEACH as to avoid the battery drain and network fatal. Hence to add resistance and to make an authentic network, the encryption and decoding is incorporated as a further supplementary to avoid the denial of service attacks, we have utilized DoS Pliancy Algorithm in which the acknowledgment based flooding attacks is focused. Likewise the encoded messages from the source node in one cluster can be recoded in the transmission stage itself to reproduce the messages. Contrasted with the past works, QoS of our proposed work has been made strides when tested with black hole and sink hole attacks. Simulation results shows that the DoS pliancy scheme works better and efficient when compared to the existing trust based systems.
相似文献16.
Audio watermarking scheme robust against desynchronization attacks based on kernel clustering 总被引:1,自引:0,他引:1
In this paper, we propose an adaptive audio watermarking scheme based on kernel fuzzy c-means (KFCM) clustering algorithm, which possesses robust ability against common signal processing and desynchronization attacks. The original audio signal is partitioned into audio frames and then each audio frame is further divided as two sub-frames. In order to resist desynchronization attacks, we embed a synchronization code into first sub-frame of each audio frame by using a mean quantization technique in temporal domain. Moreover, watermark signal is hid into DWT coefficients of second sub-frame of each audio frame by using an energy quantization technique. A local audio feature data set extracted from all audio frames is used to train a KFCM. The well-trained KFCM is used to adaptively control quantization steps in above two quantization techniques. The experimental results show the proposed scheme is robust to common signal processing (such as MP3 lossy compression, noise addition, filtering, re-sampling, re-quantizing) and desynchronization attacks (random cropping, pitch shifting, amplitude variation, time-scale modification, jittering). 相似文献
17.
针对应用层DDoS(application layer DDoS,App-DDoS)攻击行为的特点,提出了一种基于可信度的App-DDoS攻击防御方法.该方法从服务请求的速率和负载两个方面,统计分析正常用户的数据分布规律,并以此作为确定会话可信度的依据.调度策略再根据会话可信度实现对攻击的防御.最后,通过模拟攻击实验验证了防御方法的有效性.实验结果证明了该方法能够快速有效地实现对App-DDoS攻击的防御. 相似文献
18.
针对应用层分布式拒绝服务攻击的原理和特点,提出一种基于轻量级验证机制的防御算法,在客户端与服务器的通信过程中嵌入验证码,利用客户端计算,正确识别合法请求,过滤恶意攻击.验证机制在TCP/IP协议栈中呈非对称性,服务端的过滤在IP层进行,客户端的计算在应用层进行,使算法具有低的资源消耗和对通信双方的透明.该方法在抗分布式拒绝服务攻击网关平台上实现,测试结果表明,该方法具有良好的防御效果和优异的性能表现. 相似文献
19.
为了提高水印算法的抗几何攻击性和自适应性,提出了一种基于混沌的Contourlet域抗几何攻击的自适应图像水印算法。首先对载体图像进行Contourlet变换,并对低频子带进行分块奇异值分解,然后根据HVS原理自适应地将混沌加密后的水印信息嵌入到每块的最大奇异值中;最后使用改进的Harris-Laplace算子提取含水印图像的特征点。水印提取时利用受攻击前后图像的特征点矫正图像的几何变形。实验表明,该算法对JPEG压缩、滤波、加噪、旋转、缩放和平移等常规的图像处理和几何攻击具有很强的鲁棒性。 相似文献
20.
陶利民 《计算机工程与应用》2008,44(4):147-150
分布式拒绝服务(DDoS)攻击已成为网络最大的安全威胁之一,传统检测防御方法由于多采用单一防范措施很难对其彻底防范。利用移动Agent特性,在设计上整合多种防御方法,构造了一种综合的主动检测防御模型,并详细设计了模型中移动Agent的组成元件,力求解决存在的单点失效、被动防御等问题,使得该模型具有良好的健壮性和可扩展性。 相似文献