高校办公网入侵检测系统研究

随着计算机和网络技术的发展,网络入侵事件的日益增加,人们发现只从防御的角度构造安全系统是不够的,入侵检测成为继“防火墙”、“数据加密”等传统安全保护措施后新一代的网络安全保障技术。本文首先介绍入侵检测原理和分布式入侵检测方面的相关工作,在分析已有分布式入侵检测系统模型的基础上,提出了一个基于代理的校园网入侵检测系统模型框架。该模型采用分布式的体系结构,由一个代理控制中心和若干代理组成,结合了基于网络和基于主机的入侵检测方法。使用代理技术在分布式环境下对入侵进行检测,可以有效地检测各种入侵,并具有很好的可扩充性。     

高校办公网入侵检测系统研究

随着计算机和网络技术的发展，网络入侵事件的日益增加，人们发现只从防御的角度构造安全系统是不够的，入侵检测成为继“防火墙”、“数据加密”等传统安全保护措施后新一代的网络安全保障技术。本文首先介绍入侵检测原理和分布式入侵检测方面的相关工作．在分析已有分布式入侵检测系统模型的基础上，提出了一个基于代理的校园网入侵检测系统模型框架。该模型采用分布式的体系结构．由一个代理控制中心和若干代理组成．结合了基于网络和基于主机的入侵检测方法。使用代理技术在分布式环境下对入侵进行检测，可以有效地检测各种入侵．并具有很好的可扩充性。     

采用数据挖掘和代理技术的入侵检测系统研究

入侵检测系统是一种检测网络入侵行为并能够主动保护自己免受攻击的一种网络安全技术,是网络防火墙的合理补充.介绍了应用几种数据挖掘方法进行入侵检测的过程,并在此基础上提出了一个采用数据挖掘技术的基于代理的网络入侵检测系统模型.该模型由一定数量的代理组成,训练和检测过程完全不同与其它系统.由于代理的自学习能力,该系统具有自适应性和可扩展性.     

基于模式匹配和神经网络的分布式入侵防御系统的研究

本文提出一种基于模式匹配和神经网络技术的分布式入侵防御系统模型,设计一个基于该模型的入侵防御系统(称为Adidp)。并详细讨论该系统的体系结构、特点和实现技术等。该模型能够对大型高速分布异构网络进行有效的入侵检测和防御。     

防火墙与入侵检测联动的研究与设计

目前,网络攻击和入侵行为日趋复杂,单一的防御技术已经无法有效地保护网络。介绍防火墙、入侵检测技术的概念．设计一种防火墙和入侵检测系统联动的模型。使系统既能检测入侵行为,又能实时阻断攻击,从而达到提升系统整体防御能力的目的。     

一个千兆网络入侵防御系统的设计与实现

随着网络速度的日益提高和网络入侵行为的越来越复杂化，高速高性能的网络入侵检测和防御系统越来越受到重视，但是目前绝大部分研究都集中在网络入侵检测系统方面．但是由于入侵检测系统的局限性，同时不具有实时阻断的功能，目前入侵防御技术和系统更受人们的重视．由于入侵防御系统涉及很多关键技术和技术难点，因此目前千兆级的实用的入侵防御系统并不多见，论文提出了一个实现网络入侵防御系统的基于硬件的框架，这个框架实现了网络入侵防御系统的所有功能．测试表明具有实用性．     

面向物联网的Sybil入侵防御系统设计与实现

设计物联网中的Sybil入侵防御系统,进行入侵检测,保障物联网的网络安全,针对当前入侵防御系统拦截准确性不好的问题,提出基于网络入侵信号检测和前馈调制滤波设计的物联网Sybil入侵防御系统设计方法;首先进行Sybil入侵防御系统总体设计描述和功能分析,然后进行Sybil入侵信号检测算法设计,最后完成面向物联网的Sybil入侵防御系统硬件设计和软件开发,实现系统的集成设计;仿真测试表明,采用该系统进行物联网中的Sybil入侵检测的准确度较高,性能较好,具有较强的兼容性和友好性。     

一种基于移动代理的分布式网络入侵检测系统模型

本文设计了一种基于移动代理的完全对等分布式网络入侵检测系统模型。并详细设计了模型中入侵检测代理、系统通信和报警信息日志等系统关键模块。分析结果表明。霞模型具有较好的可扩充性、较轻的通信负载和较好的检测性能。     

入侵防御系统的进程行为拦截技术研究

在网络安全问题日益严峻的今天,入侵防御系统是能够及时中断、调整或隔离一些不正常或是具有伤害性的网络资料传输行为的重要安全设备.入侵防御系统拦截技术的好坏直接关系到入侵防御系统的性能,分析了进程的攻击行为,对入侵防御系统的进程行为拦截技术进行了研究探讨,并给出了控制进程的实例.     

基于机器学习的网络入侵检测与防御系统研究与研发

通过机器学习中的智融标识网络建立防御系统，可有效采集相关数据的特征及信息，识别异常流量，防御网络入侵。随后进行数据仿真，将所设计的智融标识网络的防御系统对相关数据集进行性能检测，将其与卷积神经网络、随机森林等常用的学习模型进行数据对比。研究结果表明，基于智融标识网络设计的防御系统具有更高的检测准确率，还可以对未知的攻击进行检测，缩短网络入侵检测更新时间，为网络安全奠定了强有力的理论基础。     

Design and performance evaluation of a multi-agent-based dynamic lifetime security scheme for AODV routing protocol

Ad hoc networks are becoming an important research aspect due to the self-organization network, dynamically changing topology, temporary network life and equal relationship among member of nodes. However, all the characters of ad hoc network make the security problem more serious. Network security and trustworthiness become the key problems of the network. Denial-of-service and Black hole attacks are the two puzzles in the security of ad hoc network. There are not satisfied solutions to solve the problem. A novel multi-agent-based dynamic lifetime intrusion detection and a response scheme are proposed to combat the two types of attacks. Multi-agents are related to one route request (RREQ)–route reply (RREP) stream. One agent monitors the nodes in three-hop zone. Agent can periodically update itself by the trustworthiness of the neighbor nodes. It can efficiently improve trustworthiness, decrease computing complexity and save energy consumption for network securities. Agent security specifications have been extracted from the feature of the attacks. Multi-agents can trace RREQ and RREP messages, stream to aggregate the key information to link list and MAC-IP control table and analyze them by intrusion detection algorithm. Different security metrics are proposed to quantitatively evaluate network security performance under different attacks. Ns2 simulator is expanded to validate the security scheme. Simulation results show that a multi-agent-based dynamic lifetime security scheme is highly effective to detect and block the two kinds of attacks.     

A queueing analysis for the denial of service (DoS) attacks in computer networks

In most network security analysis, researchers mainly focus on qualitative studies on security schemes and possible attacks, and there are few papers on quantitative analysis in the current literature. In this paper, we propose one queueing model for the evaluation of the denial of service (DoS) attacks in computer networks. The network under DoS attacks is characterized by a two-dimensional embedded Markov chain model. With this model, we can develop a memory-efficient algorithm for finding the stationary probability distribution which can be used to find other interesting performance metrics such as the connection loss probability and buffer occupancy percentages of half-open connections for regular traffic and attack traffic. Different from previous works in the literature, this paper gives a more general analytical approach to the study of security measures of a computer network under DoS attacks. We hope that our approach opens a new avenue to the quantitative evaluation of more complicated security schemes in computer networks.     

Protecting shared information in networks: A network security game with strategic attacks

A digital security breach, by which confidential information is leaked, does not only affect the agent whose system is infiltrated but is also detrimental to other agents socially connected to the infiltrated system. Although it has been argued that these externalities create incentives to underinvest in security, this presumption is challenged by the possibility of strategic adversaries that attack the least protected agents. In this paper we study a new model of security games in which agents share tokens of sensitive information in a network of contacts. The agents have the opportunity to invest in security to protect against an attack that can be either strategically or randomly targeted. We show that, in the presence of random attack, underinvestments always prevail at the Nash equilibrium in comparison with the social optimum. Instead, when the attack is strategic, either underinvestments or overinvestments are possible, depending on the network topology and on the characteristics of the process of the spreading of information. Actually, agents invest more in security than socially optimal when dependencies among agents are low (which can happen because the information network is sparsely connected or because the probability that information tokens are shared is small). These overinvestments pass on to underinvestments when information sharing is more likely (and therefore, when the risk brought by the attack is higher). In order to keep our analysis tractable, some of our results on strategic attacks make an assumption of homogeneity in the network, namely, that the network is vertex‐transitive. We complement these results with an analysis on star graphs (which are nonhomogeneous), which confirms that the essential lines of our findings can remain valid on general networks.     

一种基于移动代理的分布式IDS模型研究

传统的分布式层次型入侵检测系统也有难以克服的缺陷,在层出不穷的攻击方式面前容易崩溃。本文提出了一种基于移动代理的IDS模型,它综合了两个领域的研究成果：分布式IDS和移动代理(MA)。通过安全分析表明,该模型提供了较好的安全构架。     

基于防火墙网络安全技术的探究

伴随网络技术突飞猛进的发展,网络的安全问题频繁发生,网络攻击现象不断涌现,特别是在政府机构、科研研所、金融机构、企业的计算机网络较易遭遇来自黑客的侵袭。黑客攻击者可轻易地攻击未附加任何安全保护措施的网络,例如肆意变更关键的信息数据、进行非授权访问以及传播网络病毒等。这些不良攻击事件一旦出现,将会给相应部门带来较大的经济损失。在已经研制出的众多安全防范方案中,防火墙技术由于较成熟,并具备产品化,相对较早地被不少单位所运用。本文结合网络安全技术发展现状,系统地阐述防火墙的安全技术保障措施及未来发展前景。     

移动式网络的动态家乡代理协议

为了减轻移动式网络中的三角路由问题,引入一个动态家乡代理为外地的移动式网络提供本地家乡代理的服务。设计了基于AAA机制的动态家乡代理模型,实现了基于数字签名原则和D-H密钥交换算法的移动式网络注册和密钥协商协议,描述了移动式网络节点的数据路由方式。安全性分析表明,动态家乡代理协议安全地实现了移动路由器与动态家乡代理之间的密钥交换,有效防止了中间人攻击和会话拦截攻击,能对实施泛洪攻击的移动节点进行跟踪。     

基于统计分析的DDoS攻击检测

分析了分布式拒绝服务（Distributed Denial of Service,DDoS）攻击原理及其攻击特征,从提高检测响应时间和减少计算复杂性的角度提出了一种新的DDoS攻击检测方法。该方法基于DDoS攻击的固有特性,从IP连接数据的统计分析中寻找能够描述系统正常行为的分布规律,建立基于统计分析的DDoS攻击检测模型。实验结果表明,该方法能快速有效地实现对DDoS攻击的检测,并对其他网络安全检测具有指导作用。     

IPv6 WLAN安全网关设计

IPv6强大的寻址方案和对移动性的支持,使其在WLAN中的应用成为一种趋势。WLAN为用户提供了便捷接入的同时,也带来相较于有线网络更大的安全威胁,IPv6的邻居发现协议和自动配置功能等这些特点使得WLAN的接入安全变得更为复杂。设计一个IPv6 WLAN环境下的安全网关,能够检测到网络中潜在的漏洞和威胁,通过搭建实验环境,并对未授权接入、DAD DOS攻击和重定向攻击三种安全威胁进行了仿真,实验结果证明该安全网关的有效性。     

Vulnerability analysis of networks to detect multiphase attacks using the actor-based language Rebeca

Increasing use of networks and their complexity make the task of security analysis more and more complicated. Accordingly, automatic verification approaches have received more attention recently. In this paper, we investigate applying of an actor-based language based on reactive objects for analyzing a network environment communicating via Transport Protocol Layer (TCP). The formal foundation of the language and available tools for model checking provide us with formal verification support. Having the model of a typical network including client and server, we show how an attacker may combine simple attacks to construct a complex multiphase attack. We use Rebeca language to model the network of hosts and its model checker to find counter-examples as violations of security of the system. Some simple attacks have been modeled in previous works in this area, here we detect these simple attacks in our model and then verify the model to find more complex attacks which may include simpler attacks as their steps. We choose Rebeca because of its powerful yet simple actor-based paradigm in modeling concurrent and distributed systems. As the real network environment is asynchronous and event-based, Rebeca can be utilized to specify and verify the asynchronous systems, including network protocols.     

A strong user authentication scheme with smart cards for wireless communications

Seamless roaming over wireless network is highly desirable to mobile users, and security such as authentication of mobile users is challenging. Recently, due to tamper-resistance and convenience in managing a password file, some smart card based secure authentication schemes have been proposed. This paper shows some security weaknesses in those schemes. As the main contribution of this paper, a secure and light-weight authentication scheme with user anonymity is presented. It is simple to implement for mobile user since it only performs a symmetric encryption/decryption operation. Having this feature, it is more suitable for the low-power and resource-limited mobile devices. In addition, it requires four message exchanges between mobile user, foreign agent and home agent. Thus, this protocol enjoys both computation and communication efficiency as compared to the well-known authentication schemes. As a special case, we consider the authentication protocol when a user is located in his/her home network. Also, the session key will be used only once between the mobile user and the visited network. Besides, security analysis demonstrates that our scheme enjoys important security attributes such as preventing the various kinds of attacks, single registration, user anonymity, no password/verifier table, and high efficiency in password authentication, etc. Moreover, one of the new features in our proposal is: it is secure in the case that the information stored in the smart card is disclosed but the user password of the smart card owner is unknown to the attacker. To the best of our knowledge, until now no user authentication scheme for wireless communications has been proposed to prevent from smart card breach. Finally, performance analysis shows that compared with known smart card based authentication protocols, our proposed scheme is more simple, secure and efficient.