一种基于可信业务流的未知威胁检测方法

在APT攻击过程中,突破目标系统的防御机制后,下一步是在目标系统网络内部持续渗透,控制更多的主机并搜集有价值的数据。通常情况下,持续渗透阶段在网络内传播的未知恶意攻击检测是困难的。本文以生产网为研究对象,利用生产网流量相对可控的特点,提出了一种未知威胁检测方法。该方法基于业务归并网络流量,通过将流量分为可信流量和非可信流量,不断缩小攻击流量的范围并最终实现未知恶意攻击识别。通过原型系统在生产环境的测试表明该方法是可行的。     

可信路由机理及关键技术

文章认为由于网络规模的增大以及节点移动、多宿主、网络流量工程等需求的不断增强,使得路由可扩展性、安全性、可靠性等问题凸显。尽管与可信路由相对应的理论技术方案不断提出,但未能从根本上解决网络路由的可信任问题。为此文章提出可信路由体系结构模型、可信域内路由、可信域间路由等新网络环境下的可信路由参考机制,并对可信路由涉及的关键技术,如映射可扩展技术、路由信任机制、多径路由技术、服务质量保证、路由监测管理技术,进行了研究和探讨。     

平台型流量网关研究与实践

为了解决微服务技术架构下的服务耦合、权限管理、流量可控等问题,提出构建平台型流量网关,主要介绍了其系统架构、功能架构及全局配置、集群节点、路由管理、安全防护、审计监控、自动化运维等功能,并对其价值进行了阐述,实现应用级、页面级、服务级的多维度路由控制,在保证其本身业务灵活性的同时满足平台整体的智能管控要求。     

基于TNC的可信接入控制技术研究

计算平台接入网络时的可信状态对网络安全具有重要的影响,为此可信计算组织TCG提出了TNC架构用以解决计算平台的可信接入问题,该架构提出了可信接入的模型和基本方法,已成为业界的研究热点.通过研究基于TNC架构的可信接入控制技术,实现了具有可信接入控制功能的可信交换机,并给出了可信接入控制应用解决方案,表明基于TNC的可信接入控制技术可以有效地从网络入口处防止非法或不可信终端给网络带来的潜在安全威胁.     

基于终端可信度的路由策略设计与实现

可信路由随着可信网络的发展而兴起,目前的研究主要集中在轻量化网络的路由策略方面,存在的问题主要有路由算法开销大、应用范围小,且主要以IPv4为基础。提出了一种基于IPv6流标签定制的可信路由方案,在终端的可信评估基础上,通过流识别和流标记实现可信路由策略。利用前驱ARP代理机制设计了一种基于代理的虚拟链路协议,并设计了原型系统。实验证明,该协议实现了IPv6的流标记路由,提高了信息传输的安全性和效率。     

一种基于TEE的区块链智能合约架构设计

针对现有图灵完备的智能合约架构必须依赖虚拟机或容器,存在执行效率低、可维护性弱和安全性能力不足等问题,提出了一种基于可信执行环境的可动态加载智能合约架构,通过可信应用（Trusted Application,TA）实现智能合约关键且通用的逻辑,突破智能合约对于高级编程语言和标准库的支持,实现可插拔的智能合约软件模块,减轻了开发者学习成本,提升了区块链智能合约的安全性、编程效率、执行效率和易用性。经过实验验证,在未使用TA的情况下,系统吞吐量可达到31 000 TPS,在使用TA的情况下,可实现系统平均吞吐量为520 TPS。     

应用流量管理技术在有线宽频网络中的应用

有线宽频网络运营商在网络运营中，会因为应用流量的不规范应用而对业务造成极大影响甚至带来损失，探讨把应用流量管理技术引进有线宽带网络，通过该技术对应用流量的智能识别、分类、控制等实现对网络流量的管理，进一步提高带宽资源的利用率。     

基于业务感知的认知网络QoS自适应控制技术

文章研究并提出了基于业务感知的认知网络服务质量(QoS)自适应控制架构。该架构在智能业务感知和分类模型的基础上对数据包进行分类和识别,并借鉴控制理论通过基于端路协同的认知网络业务流QoS自适应控制机制实现对网络流量的控制。在认知网络环境下,该架构可以构建QoS的自动感知、分析、关联、反馈、决策、配置和实施机制,进行资源的优化调整分配,适应网络环境的变化,优化网络端到端的性能,保证用户的服务质量。     

边缘计算下物联网终端的可信评估安全技术

针对传统安全防护机制无法确保边缘计算下海量物联网终端接入安全,特别是数据泄漏等问题,提出一种边缘计算下物联网终端的可信接入安全技术,该技术设计一种基于分布式群智感知网络体系架构,通过分发的智能模型对行为特征进行检测分类,提供恶意行为识别等边缘服务,保证边缘环境下物联网终端的接入安全。     

传感器网络中一种分布式数据汇聚层次路由算法

由于传感器网络具有能量约束,低速率冗余数据和多对一传输等特点,传统的端到端集中式路由算法一般不适合传感器网络.提出了一种分布式数据汇聚层次路由算法,该算法利用能量核的思想汇聚数据和减少传输到目的节点的信息.模拟结果表明:比较传统的端到端集中式路由算法,该算法可以显著减少能量消耗;与一般的数据汇聚算法相比,该算法在保证能量消耗少的条件下,具有复杂度低和可扩展性好的特点.     

QoS路由度量参数的选择问题研究

具有服务质量保证的QoS路由技术是为具有QoS要求的多媒体等网络业务提供有保证的网络服务的核心要素。QoS路由技术由路由选择算法以及用于反映网络状态的路由度量参数的选择、获取与更新两部分内容组成。正确选取合适的度量参数是减小寻路开销，得到简单、具有扩展性的选路算法并获得满足业务要求的QoS路由的前提与基础。本对QoS路由所需要的度量参数的基本性质、选取方法等问题进行了较全面的分析讨论，并简要介绍了度量信息更新的基本策略。     

On the performance analysis of the minimum-blocking and bandwidth-reallocation channel-assignment (MBCA/BRCA) methods for quality-of-service routing support in mobile multimedia ad hoc networks

Quality-of-service (QoS) routing is the key to support multimedia services in wireless multihop networks. The goal of QoS routing is to find satisfactory paths that support the end-to-end QoS requirements of the multimedia flows. Previous work has demonstrated a framework for supporting QoS routing in mobile ad hoc networks, where two novel mechanisms for dynamic channel assignment, called the minimum-blocking and bandwidth-reallocation channel-assignment (MBCA/BRCA) algorithms, were proposed. MBCA/BRCA are on-demand channel assignment methods that reactively provide a differentiated service treatment to multimedia traffic flows at the link level using novel techniques for end-to-end path QoS maximization. Efficient QoS routing is then accomplished by giving the routing mechanism access to QoS information, thus coupling the coarse grain (routing) and fine grain (congestion control) resource allocation. In this paper, the specifics and individual mechanisms of the MBCA/BRCA algorithms are presented, whereas their effectiveness and the manner in which they interact in order to contribute to the overall protocol performance is examined and documented. The system performance is studied through simulations experiments under various QoS traffic flows and network scenarios. The protocol's behavior and the changes introduced by variations on some of the mechanisms that make up the protocol is further investigated. As demonstrated, the MBCA/BRCA methods are able to increase system's aggregate traffic by 2.8 Kb/s, on average, comparing to a non-MBCA/BRCA dynamic channel-allocation scheme.     

MPLS网络中保证服务质量的多径路由选择策略

本文提出了一种在多协议标签交换(MPLS, Multiple Protocol Label Switching) 网络中保证服务质量 (QoS,Quality-of-Service) 的多径路由选择策略,其核心思想是引入多路径分散业务量机制,在保证用户服务质量要求的同时达到增加网络呼叫接受率和平衡网络负载的目的.文中着重讨论了用户端对端服务质量要求的多路分解和分配问题,在此基础上提出了多径路由的分支路径选择策略,并研究了策略中的关键参数K对该策略性能的影响.数值结果显示出多路径分散业务量在网络负载均衡方面的重要意义,并且表明用户的要求相对网络资源越高使用多径传输的优势越明显.     

A novel QoS routing protocol for LEO and MEO satellite networks

The rapid advance of communication and satellite technology pushes broadband satellite networks to carry on multimedia traffic. However, the function of onboard routing cannot be provided in existing satellite networks with inter‐satellite links, and quality of service (QoS) of satellite networks cannot be reliably guaranteed because of great difficulties in processing of long distance‐dependent traffic. In this paper, a two‐layered low‐Earth orbit and medium‐Earth orbit satellite network (LMSN) is presented. A novel hierarchical and distributed QoS routing protocol (HDRP) is investigated, and an adaptive bandwidth‐constrained minimum‐delay path algorithm is developed to calculate routing tables efficiently using the QoS metric information composed of delays and bandwidth. The performance of LMSN and HDRP is also evaluated through simulations and theoretical analysis. Copyright © 2007 John Wiley & Sons, Ltd.     

A hierarchical multilayer QoS routing system with dynamic SLAmanagement

This paper proposes a hierarchical multilayer QoS routing system with dynamic SLA management for large-scale IP networks. Previously, the promising approach to provide QoS in large-scale IP networks using a mixture of DiffServ-based QoS management and MPLS-based traffic engineering has been actively discussed. However, the introduction of QoS exacerbates the already existing scalability problems of the standard IP routing protocols. In order to address this issue, we propose a new scalable routing framework based on hierarchical QoS-aware path computation. We augment the existing OSPF and CR-LDP protocols to support hierarchical QoS routing, QoS aggregation, and QoS reservation in our MPLS-DiffServ-based hierarchical routing network. In order to provide additional flexibility and cost-efficiency, we augment the network with a policy server which is capable of dynamically handling SLAs between the networks and providing load balancing management within the network. We implement a prototype of the proposed framework and study its performance with a virtual network simulator and specially designed QoS routing algorithm simulator. In our simulations, we evaluate both the implementation complexity and algorithms performance; the results demonstrate the efficiency of the framework and its advantages over the existing proposals     

Security and QoS Self-Optimization in Mobile Ad Hoc Networks

Network quality-of-service and network security have been considered as separate entities and research in these areas have largely proceeded independently. However, security impacts overall QoS and it is therefore essential to consider both security and QoS together when designing protocols for ad hoc environments as one impacts the other. In this paper we propose a mechanism for a distributed dynamic management system which aims to maximize QoS and/or security while maintaining a minimum user acceptable level of QoS and/or security even as network resource availability change. In order to achieve this objective, we propose three basic frameworks: a policy based plug-in security framework, multi-layer QoS guided routing and a proportional integral derivative (PID) controller. Simulation results indicate the proposed PID optimized security and QoS algorithm produce similar performance as non-secure QoS routing protocols under various traffic loads.     

Mobile flow-aware networks for mobility and QoS support in the IP-based wireless networks

As the volume of mobile traffic consisting of video, voice, and data is rapidly expanding, a challenge remains with the mobile transport network, which must deliver data traffic to mobile devices without degrading the service quality. Since every Internet service holds its own service quality requirements, the flow-aware traffic management in fine granularity has been widely investigated to guarantee Quality of Service (QoS) in the IP networks. However, the mobile flow-aware management has not been sufficiently developed yet because of the inherent constraints of flow routing in the mobile networks regarding flow-aware mobility and QoS support. In this paper, we propose a flow-aware mobility and QoS support scheme called mobile flow-aware network (MFAN) for IP-based wireless mobile networks. The proposed scheme consists of dynamic handoff mechanisms based on QoS requirements per flow to reduce the processing overhead of the flow router while ensuring QoS guarantee to mobile flows. The performance analyses of the proposed scheme demonstrate that MFAN successfully supports the mobile flow traffic delivery while satisfying the QoS requirement of flows in the wireless mobile IP networks.     

Evaluating the impact of stale link state on quality-of-servicerouting

Quality-of-service (QoS) routing satisfies application performance requirements and optimizes network resource usage by selecting paths based on connection traffic parameters and link load information. However, distributing link state imposes significant bandwidth and processing overhead on the network. This paper investigates the performance tradeoff between protocol overhead and the quality of the routing decisions in the context of the source-directed link state routing protocols proposed for IP and ATM networks. We construct a detailed model of QoS routing that parameterizes the path-selection algorithm, link-cost function, and link state update policy. Through extensive simulation experiments with several network topologies and traffic patterns, we uncover the effects of stale link state information and random fluctuations in traffic load on the routing and setup overheads. We then investigate how inaccuracy of link state information interacts with the size and connectivity of the underlying topology. Finally, we show that tuning the coarseness of the link-cost metric to the inaccuracy of underlying link state information reduces the computational complexity of the path-selection algorithm without significantly degrading performance. This work confirms and extends earlier studies, and offers new insights for designing efficient quality-of-service routing policies in large networks     

Radio Network Aggregation for 5G Mobile Terminals in Heterogeneous Wireless and Mobile Networks

This paper provides a novel design concept for advanced mobile multi interface terminals with radio network aggregation capability and enhanced quality of service (QoS) provisioning for multimedia services (voice, video and data) in heterogeneous wireless and mobile networks. A new module is established which provides the best QoS and lowest cost for any given multimedia service by using simultaneously all available wireless and mobile access networks for a given traffic flow. This novel adaptive QoS module with adaptive QoS routing algorithm is called advanced QoS routing algorithm (AQoSRA), which is defined independently from any existing and future radio access technology. The performance of our proposal is evaluated using simulations and analysis with multi-interface mobile stations with AQoSRA within, carrying multimedia traffic in heterogeneous mobile and wireless environment with coexistence of multiple Radio Access Technologies, such as 3G, 4G as well as future 5G radio access networks. The analysis of the proposed framework for radio networks aggregation in advanced mobile terminals has shown overall better performances regarding the achievable throughput and multimedia access probability in heterogeneous wireless and mobile environment.     

Design of an optimized traffic-aware routing algorithm using integer linear programming for software-defined networking

The number of internet users and connected devices has dramatically expanded due to the recent technological boom and the benefits that the internet of things offers to ease our lives. Network scheduling, quality of service, resource allocation, and security issues are now being addressed via software-defined networking (SDN). SDN has several benefits over traditional networks, including global centralized control, managing network traffic, and separating the forwarding and control plane. The work done in this paper aims to design and implement a traffic-aware routing framework based on routing optimization presented as an integer linear programming (ILP) to improve heterogeneous traffic flows' quality of service (QoS) in a simulated SDN environment. With the knowledge that the routing problem is a nondeterministic polynomial-time-hard problem, the proposed scheme aims to decrease the computational routing time to make the ILP-based routing system more suitable for real-time processing. The simulation results illustrate that the proposed framework reduces the computational time by 23% and 49% for Abilene and Goodnet topology, respectively. Additionally, with 1000 flows in the network, the suggested scheme reduces the number of network flows that violate the QoS by 9% and 22% (with Abilene topology) and 16% and 51% (with Goodnet topology) as compared to the existing shortest path delay and sway methods, respectively.