DEFIDNET: A framework for optimal allocation of cyberdefenses in Intrusion Detection Networks

Intrusion Detection Networks (IDN) are distributed cyberdefense systems composed of different nodes performing local detection and filtering functions, as well as sharing information with other nodes in the IDN. The security and resilience of such cyberdefense systems are paramount, since an attacker will try to evade them or render them unusable before attacking the end systems. In this paper, we introduce a system model for IDN nodes in terms of their logical components, functions, and communication channels. This allows us to model different IDN node roles (e.g., detectors, filters, aggregators, correlators, etc.) and architectures (e.g., hierarchical, centralized, fully distributed, etc.). We then introduce a threat model that considers adversarial actions executed against particular IDN nodes, and also the propagation of such actions throughout connected nodes. Based on such models, we finally introduce a countermeasure allocation model based on a multi-objective optimization algorithm to obtain optimal allocation strategies that minimize both risk and cost. Our experimental results obtained through simulation with different IDN architectures illustrate the benefit of our framework to design and reconfigure cyberdefense systems optimally.     

单片机破解的常用方法及应对策略

介绍了单片机内部密码破解的常用方法，重点说明了侵入型攻击／物理攻击方法的详细步骤，最后，从应用角度出发，提出了对付破解的几点建议。     

Binary rewriting and call interception for efficient runtime protection against buffer overflows

Buffer overflow vulnerabilities are one of the most commonly and widely exploited security vulnerabilities in programs. Most existing solutions for avoiding buffer overflows are either inadequate, inefficient or incompatible with existing code. In this paper, we present a novel approach for transparent and efficient runtime protection against buffer overflows. The approach is implemented by two tools: Type Information Extractor and Depositor (TIED) and LibsafePlus. TIED is first used on a binary executable or shared library file to extract type information from the debugging information inserted in the file by the compiler and reinsert it in the file as a data structure available at runtime. LibsafePlus is a shared library that is preloaded when the program is run. LibsafePlus intercepts unsafe C library calls such as strcpy and uses the type information made available by TIED at runtime to determine whether it would be ‘safe’ to carry out the operation. With our simple design we are able to protect most applications with a performance overhead of less than 10%. Copyright © 2006 John Wiley & Sons, Ltd.     

数字水印攻击及对策分析

数字水印技术作为数字媒体版权保护的重要手段越来越引起人们的重视。文章讨论了数字水印的概念、特征,重点介绍了数字水印的鲁棒性及影响数字水印鲁棒性的因素,总结和分析了数字水印主要攻击方式并提出相应的应对措施。     

迭代立方攻击及其应用

由于种种原因,实际分析中立方攻击通常无法找到相当数量的密钥比特线性表达式,基于迭代的思想,提出了一种迭代立方攻击方法。将其应用于55轮KATAN32算法,实验结果表明较之前的方法,该方法具有更小的数据复杂度和计算复杂度,攻击效果明显。     

低速率拒绝服务攻击研究与进展综述

低速率拒绝服务攻击是新型的拒绝服务攻击,对Internet的安全造成严重的潜在威胁,引起众多研究者的兴趣和重视,成为网络安全领域的重要研究课题之一.自2003年以来,研究者先后刻画了Shrew攻击、降质攻击、脉冲拒绝服务攻击和分布式拒绝服务攻击等多种低速率拒绝服务攻击方式,并提出了相应的检测防范方法.从不同角度对这种新型攻击的基本机理和攻击方法进行了深入的研究;对TCP拥塞控制机制进行了安全性分析,探讨了引起安全问题的原因;对现有的各种各样的LDoS攻击防范和检测方案,从多个方面进行了分类总结和分析评价;最后总结了当前研究中出现的问题,并展望了未来研究发展的趋势,希望能为该领域的研究者提供一些有益的启示.     

智能电网的安全可控性

计算机与信息技术在电力系统中的广泛应用提高了电网的自动化、智能化水平,同时也将传统IT领域的众多安全隐患引入了电网。智能电网是社会域、信息域、物理域多域交互、渗透形成的大规模新型融合网络,其安全威胁具有多域渗透、跨域攻击的特点。文中描述了智能电网基本安全需求及其与传统IT安全需求的不同;分析了智能电网中多域渗透攻击并且对信息-物理安全威胁进行分类;基于分域防护、多域协同、边界防护的思想提出了智能电网多域协同安全防护模型。     

关于网络信息安全相关技术的探讨

科学技术的快速发展,有效的带动了计算机技术和网络技术的发展进程,随之而来的网络信息安全成为我们不得不关注的重要问题.网络环境具有自身的特殊性,近年来,我国网络用户呈迅猛的趋势在增加,可以说网络已成为我们工作和生活中非常重要的组成部分.这就需要我们对网络信息安全给予充分的重视,否则网络用户的合法权益将受到较大的损害,同时网络的发展也会受到相应的制约.文中对网络信息安全的现状进行了分析,并进一步对网络信息安全技术进行了具体的阐述.     

基于车联网的合谋攻击研究

车联网系统中的Sybil攻击检测方案大多使用匿名认证来保障车辆隐私安全,但这种认证方式在面对恶意车辆之间合谋发动Sybil攻击时将不具有有效性.本文阐述了现有的车联网身份认证技术中存在合谋攻击,并提出了一种较为有效的检测方案.     

Towards a trust,reputation and recommendation meta model

New trust, reputation and recommendation (TRR) models are continuously proposed. However, the existing models lack shared bases and goals. For this reason, in this work we define an innovative meta model to facilitate the definition and standardization of a generic TRR model. Following the meta model, researchers in the field will be able to define standard models, compare them with other models and reuse parts of them. A standardization is also needed to determine which properties should be present in a TRR model.In accordance with the objectives we were seeking, following our meta model, we have defined a pre-standardized TRR model for e-commerce, identified the fundamental concepts and the main features that contribute to form trust and reputation in that domain, respected the dependence on the context/role of trust and reputation, aggregated only homogeneous trust information; listed and shown how to defend from the main malicious attacks.