基于概要数据结构的全网络持续流检测方法

持续流是隐蔽的网络攻击过程中显现的一种重要特征，它不产生大量流量且在较长周期内有规律地发生，给传统的检测方法带来极大挑战。针对网络攻击的隐蔽性、单监测点的重负荷和信息有限的问题，提出全网络持续流检测方法。首先，设计一种概要数据结构，并将其部署在每个监测点；其次，当网络流到达监测点时，提取流的概要信息并更新概要数据结构的一位；然后，在测量周期结束时，主监测点将来自其他监测点的概要信息进行综合；最后，提出流持续性的近似估计，通过一些简单计算为每个流构建一个位向量，利用概率统计方法估计流持续性，使用修正后的持续性估计检测持续流。通过真实的网络流量进行实验，结果表明，与长持续时间流检测算法（TLF）相比，所提方法的准确性提高了50%，误报率和漏报率分别降低了22%和20%，说明全网络持续流检测方法能够有效监测高速网络流量。     

Securing keystroke dynamics from replay attacks

Keystroke dynamics is a viable behavioral biometric technique for identity verification based on users’ keyboard interaction traits. Keystroke dynamics can help prevent credentials from being abused in case of theft or leakage. But what happens if the keystroke events are eavesdropped and being replayed? Attackers that intercept keystroke dynamics authentication sessions of benign users can easily replay them from other sources unchanged or with minor changes and gain illegitimate privileges. Hence, even with its major security advantages, keystroke dynamics can still expose authentication mechanisms to replay attacks. Although replay attack is one of the oldest techniques to manipulate authentication systems, keystroke dynamics does not help preventing it. We suggest a new protocol for dynamics exchange based on choosing a subset of real and fake information snippets shared between the client and service providers to lure potential attackers. We evaluated our method on four state-of-the-art keystroke dynamics algorithms and three publicly available datasets and showed that we can dramatically reduce the possibility of replay attacks while preserving highly accurate user verification.     

Research on HTML5 application cache poison attack

HTML5 application cache (AppCache) allowed Web browser to access Web offline.But it also brought a new method of cache poisoning attack that was more persisting.As for websites which used the AppCache,a novel poisoning method RFTM (replace file twice method),in which the attacker replaced the manifest file twice to poison the client’s AppCache,was proposed.Compared with the original attack,the legal server would not receive abnormal HTTP requests from the client in the attack.Therefore,changing the server configuration could not prevent the client from the RFTM AppCache poisoning.To avoid the attack mentioned above,a lightweight signature defense scheme Sec-Cache in application layer was designed.Furthermore,experiments show that it has good performance and compatibility.     

ECC fault attack algorithm based on Grover's quantum search algorithm with 0.1π phase rotation

The Grover's a1gorithm was used for fau1t attack against the pub1ic key cryptography.A fixed phase rotation based Grover's a1gorithm was proposed，and the probabi1ity of success achieved 99.23% with 0.1π phase rotation.Combined with the fau1t attack further，ECC（e11iptic curve cryptography）vo1tage burr attack a1gorithm based on Grover a1gorithm with 0.1π phase rotation was proposed.Then a safety Kob1itz curve，K-163，pub1ished successfu11y attacked by NIST on binary domain in simu1ation and the success rate was 100%.The comp1exity of the attack great1y reduces on the exponentia1.It was a new effective way，except the Shor's a1gorithm，to attack pub1ic key cryptography by quantum computing，and it contributed to extend the attack ways to the other pub1ic key cryptography.     

Effect of fine crack width and water cement ratio of SHCC on chloride ingress and rebar corrosion

SHCC (Strain Hardening Cement-based Composite) is a material known for its strain-hardening behavior under tensile and bending stress and its characteristic numerous small cracks. SHCC is expected to show superior durability because of the fineness of the cracks. In this study, chloride ingress through cracks into SHCC and progress of rebar corrosion in three mixtures of SHCC with various water-cement ratios were investigated. Through a chloride solution immersion test, it was confirmed that chloride could penetrate through even very fine cracks. The resistivity of cracked SHCC against chloride ingress is mainly governed by the accumulated crack width and the water cement ratio. Chloride pre-mixed SHCC specimens were left in a high-temperature, high-humidity chamber for 11 months to promote rebar corrosion. While the accumulated crack width and the water cement ratio were both influential to an increase in corrosion area, only the water cement ratio had bearing on corrosion loss.     

Effect of NaOH activation on sulphate resistance of GGBFS and binary blend pastes

This paper presents an investigation into the observed enhanced performance that alkali activated ground granulated blast furnace slag (GGBFS) and binary blends offer against sulphate attack. X-ray diffraction (XRD) was carried out to identify and quantify the crystalline phases formed in a wide range of GGBFS and GGBFS-OPC (ordinary Portland cement) blends. Furthermore, specimens were exposed to a sulphate solution to examine the evolution of compressive strength along with identification of activation and/or hydration products. XRD demonstrated that ettringite was completely decomposed into its constituents in the presence of NaOH while quantification ascertained the formation of considerable amounts of hydrotalcite in the activated GGBFS and binary blends. Alkali activated GGBFS and binary blends specimens with higher GGBFS content offered enhanced resistance against aggressive sulphate ions and no significant degradation products were observed in these specimens after 6 months of exposure to sulphate solution. The results demonstrated that hydrotalcite formation may be a major reason for the improved sulphate resistance of alkali activated GGBFS and binary blend pastes with higher GGBFS content.     

Evaluating Intrusion‐Tolerant Certification Authority Systems

Various intrusion‐tolerant certification authority (CA) systems have been proposed to provide attack resilient certificate signing (or update) services. However, it is difficult to compare them against each other directly, due to the diversity in system organizations, threshold signature schemes, protocols and usage scenarios. We present a framework for intrusion‐tolerant CA system evaluation, which consists of three components, namely, an intrusion‐tolerant CA model, a threat model and a metric for comparative evaluation. The evaluation framework covers system organizations, protocols, usage scenarios, the period of certificate validity, the revocation rate and the mean time to recovery. Based on the framework, four representative systems are evaluated and compared in three typical usage scenarios, producing reasonable and insightful results. The interdependence between usage scenarios and system characteristics is investigated, providing a guideline to design better systems for different usage scenarios. The proposed framework provides an effective and practicable method to evaluate intrusion‐tolerant CA systems quantitatively, and helps customers to choose and configure an intrusion‐tolerant CA system. Moreover, the comparison results offer valuable insights to further improve the attack resilience of intrusion‐tolerant CA systems. Copyright © 2011 John Wiley & Sons, Ltd.     

物体打击事故分析与应对策略

结合具体物体打击事故,分析了研究脚手架、预留洞口和拆除落物打击安全事故发生的根本原因,总结脚手架、预留洞口和拆除落物打击事故的经验教训,指出应不断加强施工人员的安全教育培训,切实提高建筑从业人员的安全意识,以减少或避免施工过程中物体打击事故的发生。     

对Rijndael-256算法新的积分攻击

本文对Rijndael-256密码进行分析,从比特的层面上寻找平衡性,得到了一个新的3轮积分区分器,该区分器仅需32个明文就可将3轮Rijndael-256与随机置换区分开来,并且所得密文的每一比特都是平衡的.该区分器在已知的mjndael-256积分区分器中所需明文量最少.基于新的区分器,对4至7轮Riindael-...