全光网络中攻击的检测与定位

从研究攻击的角度出发,提出了全光网络安全管理框架。针对常见网络中的攻击,分析了网络中易受攻击的器件,分别采用参数比较检测法和综合监测器件检测法,准确地检测出带内干扰攻击、带外干扰攻击、窃听和断纤。运用两种新的检测方法,结合攻击的定位算法,就能有效地查找到整个网络的攻击源,且定位于被攻击的器件。     

Fast and Scalable Pattern Matching for Network Intrusion Detection Systems

High-speed packet content inspection and filtering devices rely on a fast multipattern matching algorithm which is used to detect predefined keywords or signatures in the packets. Multipattern matching is known to require intensive memory accesses and is often a performance bottleneck. Hence, specialized hardware-accelerated algorithms are required for line-speed packet processing. We present hardware-implementable pattern matching algorithm for content filtering applications, which is scalable in terms of speed, the number of patterns and the pattern length. Our algorithm is based on a memory efficient multihashing data structure called Bloom filter. We use embedded on-chip memory blocks in field programmable gate array/very large scale integration chips to construct Bloom filters which can suppress a large fraction of memory accesses and speed up string matching. Based on this concept, we first present a simple algorithm which can scan for several thousand short (up to 16 bytes) patterns at multigigabit per second speeds with a moderately small amount of embedded memory and a few mega bytes of external memory. Furthermore, we modify this algorithm to be able to handle arbitrarily large strings at the cost of a little more on-chip memory. We demonstrate the merit of our algorithm through theoretical analysis and simulations performed on Snort's string set.     

网络隐写信息传递系统的高效攻击检测

提出了一种基于多路复用波束域约束指向形成的网络隐写信息传递系统的高效攻击检测算法,设计了网络隐写信息传递系统模型,提取信号的本征频率、群延迟和包络等信号特征,对链路层中的加密数据进行块内频率检测,为提高检测概率,对提取得到的多路复用波束域约束指向输出结果进行频分复用分解。根据最小均方误差准则,得到在网络隐写信息传递系统中攻击信号的波束域约束指向形成,实现正交频谱分离,抑制了干扰噪声,实现对攻击信号的高效检测。仿真结果表明,该算法检测出攻击信号波峰明显,抗噪能力强,检测概率高,在网络安全设计和信号检测等领域均具有一定的应用价值。     

基于SNMP和神经网络的DDoS攻击检测

DDoS（Distributed Denial of Service）已经严重威胁计算机网络安全。对DDoS攻击检测的关键是找到能反映攻击流和正常流区别的特征,设计简单高效的算法,实时检测。通过对攻击特点的分析,总结出15个基于SNMP（Simple Network Management Protocol）的检测特征。利用BP神经网络高效的计算性能,设计了基于SNMP和神经网络的DDoS攻击检测模型,提高了检测实时性和准确性。实验表明：该检测模型对多种DDoS攻击都具有很好的检测效果。     

ZigBee同频攻击检测抑制模型研究

针对ZigBee通信中易遭受同频攻击导致数据阻塞和失真问题,该文提出一种同频攻击检测模型。该模型利用信号频谱的高斯分布规律和同频攻击对变换域幅值的影响进行同频攻击检测。在此基础上,通过嵌入空闲频带信道跳变机制和基于可变退避周期及接入概率的自适应退避算法,给出了同频攻击检测抑制方案。实验结果表明,该文模型和方案可以有效抵御同频攻击。     

On Secure and Privacy-Aware Sybil Attack Detection in Vehicular Communications

The foreseen dream of Vehicular Ad Hoc NETwork (VANET) deployment is obstructed by long-chased security and privacy nightmares. Despite of the increasing demand for perfect privacy, it conflicts with rather more serious security threat called ‘Sybil Attack’ which refers to, impersonation of one physical entity for many, namely Sybil nodes. In such circumstances, data received from malicious Sybil attacker may seem as if it was received from many distinct physical nodes. Sybil nodes may deliberately mislead other neighbors, resulting in catastrophic situations like traffic jams or even deadly accidents. Preventing such attacks in a privacy-enabled environment is not a trivial task. In this paper, we aim at two conflicting goals, i.e. privacy and Sybil attack in VANET. We leverage pseudonymless beaconing in order to preserve privacy. To cope with Sybil attack, we put forth a twofold strategy. In order to avoid Sybil attack through scheduled beacons, we employ tamper resistant module (TRM) to carry out a pre-assembly data analysis on data that is used to assemble beacons whereas for event reporting message (ERM), we employ road side units (RSUs) to localize Sybil nodes in VANET and report them to the revocation authority(s). RSUs distribute authorized tokens among the benign vehicular nodes which in turn are consumed to report ERMs. RSUs collect ERMs for certain event and figures out if more than one ERM for the same event includes identical token or, if an ERM is sent more than once by the same source. Our proposed scheme preserves privacy in both beacons and ERMs, and provides conditional anonymity where in case of a dispute; malicious attackers are subject to revocation. We also show that our proposed scheme outperforms the previously proposed scheme from security and computational complexity standpoint.     

Detection of Wormhole Attack and Secure Path Selection in Wireless Sensor Network

In Wireless Sensor Network (WSN), securable data transmission is one of the most challenges. During the transmission between the source and a destination node, routing information of the particular path may be misbehaved by the particular nodes which are known as wormhole nodes/attackers. The paths which include the wormhole nodes are known as wormhole attacked paths. For improving security in WSN, these wormhole attacked paths should be identified. To achieve this, wormhole attack detection method and optimal or secure path selection are presented in this paper. Initially, ‘K’ paths or multiple paths are generated between source and destination using Ad-hoc On demand Multipath Distance Vector (AOMDV) routing protocol. Then, the source node identifies the wormhole attacked path by verifying the Detection Packet (DP) and Feedback Packet (FP) from the destination. After detecting the wormhole attacked paths, the source node selects the optimal path among the attacker free paths using Particle Swarm Optimization (PSO) algorithm. Simulation results show that the performance of the proposed approach improves energy efficiency and network lifetime of the network.

     

计算机网络安全漏洞检测与攻击图构建研究

随着经济不断发展,计算机信息技术在各行业的应用变得越来越广,大大推动我国现代化建设的信息化发展进度。在实际应用过程中,网络环境具有一定复杂性,使得计算机网络出现各种安全漏洞,必须选择合适的计算机网络安全漏洞检测方法,并高度重视攻击图构建问题,才能提高计算机的网络安全和信息安全,最终全面计算机安全防范能力。     

Cognitive Radio Jamming Attack Detection Using an Autoencoder for CRIoT Network

Wireless Personal Communications - IoT network-connected devices are increasing day by day. It is impossible to allocate a spectrum for all IoT devices. This spectrum scarcity can be solved by...     

Wormhole Attack Detection System for IoT Network: A Hybrid Approach

Many errors in data communication cause security attacks in Internet of Things (IoT). Routing errors at network layer are prominent errors in IoT which degrade the quality of data communication. Many attacks like sinkhole attack, blackhole attack, selective forwarding attack and wormhole attack enter the network through the network layer of the IoT. This paper has an emphasis on the detection of a wormhole attack because it is one of the most uncompromising attacks at the network layer of IoT protocol stack. The wormhole attack is the most disruptive attack out of all the other attacks mentioned above. The wormhole attack inserts information on incorrect routes in the network; it also alters the network information by causing a failure of location-dependent protocols thus defeating the purpose of routing algorithms. This paper covers the design and implementation of an innovative intrusion detection system for the IoT that detects a wormhole attack and the attacker nodes. The presence of a wormhole attack is identified using location information of any node and its neighbor with the help of Received Signal Strength Indicator (RSSI) values and the hop-count. The proposed system is energy efficient hence it is beneficial for a resource-constrained environment of IoT. It also provides precise true-positive (TPR) and false-positive detection rate (FPR).

     

基于网络流量自相似性的蠕虫攻击检测方法研究

网络蠕虫攻击是一种危害巨大且难以防御的网络攻击方式。传统的基于特征匹配的蠕虫检测方法受限于对蠕虫特征值的提取,无法检测未知类型蠕虫的攻击。在此将表征网络流量自相性的Hurst参数应用到蠕虫攻击检测,通过对Hurst参数的变化来检测未知类型蠕虫的攻击。实验表明该方法能有效检测到网络中采用主动扫描方式传播的未知类型蠕虫攻击行为。     

基于FSM检测的移动自组网攻击分类研究

在移动自组网环境下,由于移动节点可能被攻击截获,导致攻击从内部产生,传统的网络安全措施难以应用,只有通过入侵检测才能发现攻击者。通过分析移动自组网的攻击类型,并构造从恶意节点发起的攻击树,采用有限状态机的思想,设计一个基于FSM的入侵检测算法。采用该算法的入侵检测系统可通过邻居节点的监视,实时地检测到节点的各种攻击行为。     

IP Traffic Modelling in Scalable Drone Network for Carrying Scalable Logistic Operations

Wireless Personal Communications - This study presents a self modelling method for control system of multi-coupled non-linear scalable drones based logistic services with the help of second-order...     

复杂网络与可扩展路由

互联网规模扩大,相应路由表大小呈指数增加,形成下一代互联网可扩展路由“瓶颈”。基于复杂网络和可扩展路由的相关理论与主要策略,文章对相关研究成果。如小世界效应所表现出来的特性、小世界和无标度网络模型,网格、层次及隐藏度量等3种可扩展路由网络模型,随机游走、贪婪、最大度、优先、本地介数、距离与度及相似性与度混合等多种路由策略等进行了分析与归纳。这些研究结果和方法为因互联网规模不断扩大所带来的路由系统可扩展性问题提供解决方案     

内容中心网络的DoS攻击研究

“内容中心网络”(Content Centric Networking,CCN)是未来互联网架构体系群中极具前景的架构之一。CCN的核心思想在于内容命名,即用户不需要根据数据的地址而仅根据数据的名字来获取目标内容。在设计上,CCN是一种基于拉(pull-based)的网络,即用户为了获取相应的内容,必须向网络发送一个兴趣包(Interest)以便获取同名数据包(Data),也就是说CCN是一个用户驱动的网络。安全对任何一种网络架构来说,都是不容忽视的一个问题,其中,拒绝服务攻击(DoS)是TCP/IP网络中最为常见的攻击手法之一,这里研究了CCN中常见的DoS攻击,并提出了具有针对性的解决方案。     

网络攻击检测中基于RTFF的大容量数据管理

In this paper, we present Real-Time Flow Filter (RTFF) —a system that adopts a middle ground between coarse-grained volume anomaly detection and deep packet in-spection. RTFF was designed with the goal of scaling to high volume data feeds that are common in large Tier-1 ISP networks and providing rich, timely information on ob-served attacks. It is a software solution that is designed to run on off-the-shelf hardware platforms and incorporates a scalable data processing architecture along with lightweight analysis algorithms that make it suitable for deployment in large networks. RTFF also makes use of state of the art machine learning algorithms to construct attack models that can be used to detect as well as predict attacks.     

可分级音频编码在网络中的应用

可分级音频编码对于在像Internet之类的带宽没有保证、丢包很常见的网络部的应用具有很重要的意义。结合RTP协议和最新的MPEG－4音频标准提出了解决方案。     

A Lightweight and Scalable Physical Layer Attack Detection Mechanism for the Internet of Things (IoT) Using Hybrid Security Schema

Wireless Personal Communications - The Internet of Things, also known as the IoT, refers to the billions of devices around the world that are now connected to the Internet, collecting and sharing...     

基于对象特征的软件定义网络分布式拒绝服务攻击检测方法

软件定义网络(SDN)受到分布式拒绝服务(DDoS)攻击时,攻击方会发送大量数据包,产生大量新的终端标识占用网络连接资源,影响网络正常运转。为准确发现受攻击对象,检测被占用资源,利用GHSOM技术,该文提出基于对象特征的DDoS攻击检测方法。首先,结合SDN网络及攻击特点,提出基于目的地址的检测7元组,并以此作为判断目标地址是否受到DDoS攻击的检测元素;然后,采用模块化设计,将GHSOM算法应用于SDN网络DDoS攻击的分析检测中,并在OpenDayLight的仿真平台上完成了仿真实验。实验结果显示,该文提出的检测7元组可有效检测目标对象是否受到DDoS攻击。     

无线Ad H0c网络中MAC层DoS攻击检测系统的设计

文章在引入拒绝服务攻击(DoS)和分布式拒绝服务(DDoS)攻击的原理的基础上,讨论了无线Ad Hoc网络可能遭受的拒绝服务攻击类型,针对其中的MAC层拒绝服务攻击提出了一种检测系统设计方案,并描述了该方案的算法流程和多线程数据处理步骤,最后通过仿真对该检测系统在失效告警率和内存占用率两方面的性能进行了分析.