全光网络中攻击的检测与定位

从研究攻击的角度出发,提出了全光网络安全管理框架。针对常见网络中的攻击,分析了网络中易受攻击的器件,分别采用参数比较检测法和综合监测器件检测法,准确地检测出带内干扰攻击、带外干扰攻击、窃听和断纤。运用两种新的检测方法,结合攻击的定位算法,就能有效地查找到整个网络的攻击源,且定位于被攻击的器件。     

Fast and Scalable Pattern Matching for Network Intrusion Detection Systems

High-speed packet content inspection and filtering devices rely on a fast multipattern matching algorithm which is used to detect predefined keywords or signatures in the packets. Multipattern matching is known to require intensive memory accesses and is often a performance bottleneck. Hence, specialized hardware-accelerated algorithms are required for line-speed packet processing. We present hardware-implementable pattern matching algorithm for content filtering applications, which is scalable in terms of speed, the number of patterns and the pattern length. Our algorithm is based on a memory efficient multihashing data structure called Bloom filter. We use embedded on-chip memory blocks in field programmable gate array/very large scale integration chips to construct Bloom filters which can suppress a large fraction of memory accesses and speed up string matching. Based on this concept, we first present a simple algorithm which can scan for several thousand short (up to 16 bytes) patterns at multigigabit per second speeds with a moderately small amount of embedded memory and a few mega bytes of external memory. Furthermore, we modify this algorithm to be able to handle arbitrarily large strings at the cost of a little more on-chip memory. We demonstrate the merit of our algorithm through theoretical analysis and simulations performed on Snort's string set.     

基于SNMP和神经网络的DDoS攻击检测

DDoS（Distributed Denial of Service）已经严重威胁计算机网络安全。对DDoS攻击检测的关键是找到能反映攻击流和正常流区别的特征,设计简单高效的算法,实时检测。通过对攻击特点的分析,总结出15个基于SNMP（Simple Network Management Protocol）的检测特征。利用BP神经网络高效的计算性能,设计了基于SNMP和神经网络的DDoS攻击检测模型,提高了检测实时性和准确性。实验表明：该检测模型对多种DDoS攻击都具有很好的检测效果。     

Detection of Wormhole Attack and Secure Path Selection in Wireless Sensor Network

In Wireless Sensor Network (WSN), securable data transmission is one of the most challenges. During the transmission between the source and a destination node, routing information of the particular path may be misbehaved by the particular nodes which are known as wormhole nodes/attackers. The paths which include the wormhole nodes are known as wormhole attacked paths. For improving security in WSN, these wormhole attacked paths should be identified. To achieve this, wormhole attack detection method and optimal or secure path selection are presented in this paper. Initially, ‘K’ paths or multiple paths are generated between source and destination using Ad-hoc On demand Multipath Distance Vector (AOMDV) routing protocol. Then, the source node identifies the wormhole attacked path by verifying the Detection Packet (DP) and Feedback Packet (FP) from the destination. After detecting the wormhole attacked paths, the source node selects the optimal path among the attacker free paths using Particle Swarm Optimization (PSO) algorithm. Simulation results show that the performance of the proposed approach improves energy efficiency and network lifetime of the network.

     

On Secure and Privacy-Aware Sybil Attack Detection in Vehicular Communications

The foreseen dream of Vehicular Ad Hoc NETwork (VANET) deployment is obstructed by long-chased security and privacy nightmares. Despite of the increasing demand for perfect privacy, it conflicts with rather more serious security threat called ‘Sybil Attack’ which refers to, impersonation of one physical entity for many, namely Sybil nodes. In such circumstances, data received from malicious Sybil attacker may seem as if it was received from many distinct physical nodes. Sybil nodes may deliberately mislead other neighbors, resulting in catastrophic situations like traffic jams or even deadly accidents. Preventing such attacks in a privacy-enabled environment is not a trivial task. In this paper, we aim at two conflicting goals, i.e. privacy and Sybil attack in VANET. We leverage pseudonymless beaconing in order to preserve privacy. To cope with Sybil attack, we put forth a twofold strategy. In order to avoid Sybil attack through scheduled beacons, we employ tamper resistant module (TRM) to carry out a pre-assembly data analysis on data that is used to assemble beacons whereas for event reporting message (ERM), we employ road side units (RSUs) to localize Sybil nodes in VANET and report them to the revocation authority(s). RSUs distribute authorized tokens among the benign vehicular nodes which in turn are consumed to report ERMs. RSUs collect ERMs for certain event and figures out if more than one ERM for the same event includes identical token or, if an ERM is sent more than once by the same source. Our proposed scheme preserves privacy in both beacons and ERMs, and provides conditional anonymity where in case of a dispute; malicious attackers are subject to revocation. We also show that our proposed scheme outperforms the previously proposed scheme from security and computational complexity standpoint.     

Cognitive Radio Jamming Attack Detection Using an Autoencoder for CRIoT Network

Wireless Personal Communications - IoT network-connected devices are increasing day by day. It is impossible to allocate a spectrum for all IoT devices. This spectrum scarcity can be solved by...     

计算机网络安全漏洞检测与攻击图构建研究

随着经济不断发展,计算机信息技术在各行业的应用变得越来越广,大大推动我国现代化建设的信息化发展进度。在实际应用过程中,网络环境具有一定复杂性,使得计算机网络出现各种安全漏洞,必须选择合适的计算机网络安全漏洞检测方法,并高度重视攻击图构建问题,才能提高计算机的网络安全和信息安全,最终全面计算机安全防范能力。     

基于FSM检测的移动自组网攻击分类研究

在移动自组网环境下,由于移动节点可能被攻击截获,导致攻击从内部产生,传统的网络安全措施难以应用,只有通过入侵检测才能发现攻击者。通过分析移动自组网的攻击类型,并构造从恶意节点发起的攻击树,采用有限状态机的思想,设计一个基于FSM的入侵检测算法。采用该算法的入侵检测系统可通过邻居节点的监视,实时地检测到节点的各种攻击行为。     

基于网络流量自相似性的蠕虫攻击检测方法研究

网络蠕虫攻击是一种危害巨大且难以防御的网络攻击方式。传统的基于特征匹配的蠕虫检测方法受限于对蠕虫特征值的提取,无法检测未知类型蠕虫的攻击。在此将表征网络流量自相性的Hurst参数应用到蠕虫攻击检测,通过对Hurst参数的变化来检测未知类型蠕虫的攻击。实验表明该方法能有效检测到网络中采用主动扫描方式传播的未知类型蠕虫攻击行为。     

Wormhole Attack Detection System for IoT Network: A Hybrid Approach

Many errors in data communication cause security attacks in Internet of Things (IoT). Routing errors at network layer are prominent errors in IoT which degrade the quality of data communication. Many attacks like sinkhole attack, blackhole attack, selective forwarding attack and wormhole attack enter the network through the network layer of the IoT. This paper has an emphasis on the detection of a wormhole attack because it is one of the most uncompromising attacks at the network layer of IoT protocol stack. The wormhole attack is the most disruptive attack out of all the other attacks mentioned above. The wormhole attack inserts information on incorrect routes in the network; it also alters the network information by causing a failure of location-dependent protocols thus defeating the purpose of routing algorithms. This paper covers the design and implementation of an innovative intrusion detection system for the IoT that detects a wormhole attack and the attacker nodes. The presence of a wormhole attack is identified using location information of any node and its neighbor with the help of Received Signal Strength Indicator (RSSI) values and the hop-count. The proposed system is energy efficient hence it is beneficial for a resource-constrained environment of IoT. It also provides precise true-positive (TPR) and false-positive detection rate (FPR).

     

IP Traffic Modelling in Scalable Drone Network for Carrying Scalable Logistic Operations

Wireless Personal Communications - This study presents a self modelling method for control system of multi-coupled non-linear scalable drones based logistic services with the help of second-order...     

复杂网络与可扩展路由

互联网规模扩大,相应路由表大小呈指数增加,形成下一代互联网可扩展路由“瓶颈”。基于复杂网络和可扩展路由的相关理论与主要策略,文章对相关研究成果。如小世界效应所表现出来的特性、小世界和无标度网络模型,网格、层次及隐藏度量等3种可扩展路由网络模型,随机游走、贪婪、最大度、优先、本地介数、距离与度及相似性与度混合等多种路由策略等进行了分析与归纳。这些研究结果和方法为因互联网规模不断扩大所带来的路由系统可扩展性问题提供解决方案     

可分级音频编码在网络中的应用

可分级音频编码对于在像Internet之类的带宽没有保证、丢包很常见的网络部的应用具有很重要的意义。结合RTP协议和最新的MPEG－4音频标准提出了解决方案。     

一种DDoS攻击的检测算法

对于骨干网中存在的DDoS攻击,由于背景流量巨大,且分布式指向受害者的多个攻击流尚未汇聚,因此难以进行有效的检测。为了解决该问题,本文提出一种基于全局流量异常相关分析的检测方法,根据攻击流引起流量之间相关性的变化,采用主成份分析提取多条流量中的潜在异常部分之间的相关性,并将相关性变化程度作为攻击检测测度。实验结果证明了测度的可用性,能够克服骨干网中DDoS攻击流幅值相对低且不易检测的困难,同现有的全局流量检测方法相比,该方法能够取得更高的检测率。     

A Lightweight and Scalable Physical Layer Attack Detection Mechanism for the Internet of Things (IoT) Using Hybrid Security Schema

Wireless Personal Communications - The Internet of Things, also known as the IoT, refers to the billions of devices around the world that are now connected to the Internet, collecting and sharing...     

无线Ad H0c网络中MAC层DoS攻击检测系统的设计

文章在引入拒绝服务攻击(DoS)和分布式拒绝服务(DDoS)攻击的原理的基础上,讨论了无线Ad Hoc网络可能遭受的拒绝服务攻击类型,针对其中的MAC层拒绝服务攻击提出了一种检测系统设计方案,并描述了该方案的算法流程和多线程数据处理步骤,最后通过仿真对该检测系统在失效告警率和内存占用率两方面的性能进行了分析.     

网络黑客常用攻击手段

黑客攻击手段可分为非破坏性攻击和破坏性攻击两类。非破坏性攻击一般是为了扰乱系统的运行,并不盗窃系统资料,通常采用拒绝服务攻击或信息炸弹;破坏性攻击是以侵入他人电脑系统、盗窃系统保密信息、破坏目标系统的数据为目的。下面为大家介绍4种黑客常用的攻击手段。 后门程序:由于程序员设计一些功能复杂的程序时,一般采用模块化的程序设计思想,将整个项目分割为多个功能模块,分别进行设计、调     

网络攻击与防御

随着Internet的发展与普及,网络安全问题日益突出,已经严重地干扰了网络的自由和安全。就此对目前网络中存在的安全问题进行了探讨与论证,并对目前网络中比较流行的网络攻击手段进行了总结归类和研究与分析,进而提出防御策略。     

SYN Flood攻击的检测

为有效防止和避免网络的SYN Flood攻击,论文介绍了 SYN Hood攻击的基本原理,国内外研究现状,然后详细描述了两种比较有效和方便实施的防御方法:SYN-cookie技术和地址状态监控.SYN-cookie技术实现了无状态的握手,避免了SYN Flood的资源消耗.地址状态监控的解决方法能够对每一个连接服务器的...     

Smaclad: Secure Mobile Agent Based Cross Layer Attack Detection and Mitigation in Wireless Network

Mobile Networks and Applications - Threats in wireless network are common these days and when it comes to security threats their consequences are countless. Some of the most commonly witnessed...