数据链路层安全研究

数据链路层安全风险的大小和发生的概率决定了整个数据链路层的安全.有效的安全风险评估有助于检测系统的安全防护,降低数据链路层的安全风险,并提高检测系统的抵御安全风险的能力.在贝叶斯网络和D-S证据理论的基础上,结合这两种方法,对数据链路层影响因素进行了量化,得到数据链路层的风险值.然后构建了系统的节点模型和进程模型.最后...     

Intelligent data analysis in information security

At present, there are a large number of trends and developments in artificial intelligence systems. This paper deals with the available intelligent data analysis in information security and the possibilities provided by data mining. Examples of tasks that can be solved using artificial intelligence systems are presented, including safe resource management, prediction of critical states and failures, resolution of conflicts in computational processes and information security regulations, and forensics.     

The weakest link revisited [information security]

It is a common saying that a chain is only as strong as its weakest link-a phrase information security officers, IT managers, consultants, researchers, journalists, and opinion makers reiterate ad nauseam when referring to an organization's information security posture. Most in the information security community would agree that a security architecture is only as strong as its weakest link. However, they usually cannot agree on what that is, and no expert risks making a definite statement about it. We can argue that a security strategy's weakest component will vary from one organization to in other but perhaps we should compare past perceptions of what a weakest link is to what it could well be in the near future.     

数据安全之剩余信息保护

随着信息化进程的加快,全球信息量呈爆炸式增长。随之而来的数据安全问题也日益增多,侵犯个人隐私、窃取个人信息等违法犯罪行为时有发生,数据安全问题日趋严重,已经成为影响国家公共安全、社会安全的突出问题。数据安全中的一个重要问题是对剩余信息的保护,即对用户使用过的信息,当该用户不再使用或不再存在时,应当采取一定的措施进行保护,防止剩余信息造成用户隐私的泄露。论文从标准要求、保护对象、在等级保护测评中面临的挑战、检测方法等多方面对剩余信息保护进行了分析,为等级保护测评中的剩余信息保护测试提供了全方位的技术支撑。     

WLAN时变信道下链路性能改进

在IEEE802.11n的MIMO信道模型基础上研究了时变信道下链路性能,提出了一种基于SNR动态调整调制编码方案(MCS)链路自适应方法。多普勒频移下利用基于长训练序列估计SNR动态调整MCS的方法来提高链路性能。仿真表明,该方法根据信道状况动态调整MCS,在数据吞吐率上有很大的提高。     

云计算环境下开放数据安全性研究

云计算技术是计算机技术未来发展趋势,云计算技术基于Internet技术,现在是网络时代,数据在网络上传播,保护数据的安全性是迫在眉睫,在云计算技术开发大数据的平台下,如何保护数据的安全是学者广泛研究的范畴.本论文从基于云计算环境下对开发数据的安全性进行研究,从不同层面阐述数据安全性的重要,希望本论文能为研究元计算技术安全性的学者提供理论参考依据.     

循环流化床过程仿真的数学模型

传统的循环流化床仿真的数学模型都采用反应动力学的方法。本文采用了CSTR的平衡反应算法,对循环流化床建立仿真的数学模型,已用于100MW循环流化床的实际工业装置仿真培训器中,算法比较稳定,模拟了循环流化床的开停车、事故处理和正常操作,动态趋势和实际工业装置相符。与设计值相比,模拟的稳态误差在1%以内,动态误差在5%以内。     

融合网络安全信息的网络安全态势评估模型

提出了融合网络安全信息的网络安全态势评估模型,该模型对多源安全设备的告警信息和主机系统日志进行校验、聚集融合,从而整体上降低安全设备的误报率,然后综合告警信息威胁量化结果和网络中漏洞的脆弱性量化结果两部分信息,对网络安全进行态势量化评估。经实验证实该模型能够比较准确的反映网络安全运行态势。     

大数据时代的金融信息安全

继云计算、物联网被发明和应用之后,大数据成为了当前信息产业的又一大技术创新。大数据技术创新在给人们带来机会和挑战的同时也对现有的信息安全手段提出了更高的要求。特别是大数据技术在金融行业的应用,现在的金融信息化已全面进入信息安全管理阶段,对计算机信息系统有着高度的依赖性,金融信息安全问题日益突显。本文主要论述了大数据时代对信息安全存在的威胁,并提出了如何采取对策确保大数据环境下的金融信息安全。     

An information security knowledge sharing model in organizations

Knowledge sharing plays an important role in the domain of information security, due to its positive effect on employees' information security awareness. It is acknowledged that security awareness is the most important factor that mitigates the risk of information security breaches in organizations. In this research, a model has been presented that shows how information security knowledge sharing (ISKS) forms and decreases the risk of information security incidents. The Motivation Theory and Theory of Planned Behavior besides Triandis model were applied as the theoretical backbone of the conceptual framework. The results of the data analysis showed that earning a reputation, and gaining promotion as an extrinsic motivation and curiosity satisfaction as an intrinsic motivation have positive effects on employees' attitude toward ISKS. However, self-worth satisfaction does not influence ISKS attitude. In addition, the findings revealed that attitude, perceived behavioral control, and subjective norms have positive effects on ISKS intention and ISKS intention affects ISKS behavior. The outcomes also showed that organizational support influences ISKS behavior more than trust. The results of this research should be of interest to academics and practitioners in the domain of information security.     

A wideband data link computer simulation model

This paper describes a computer simulation model capable of predicting the performance of a high data rate end-to-end communication system for biphase and quadriphase CPSK transmission. Simulation results are compared with laboratory measurements in order to verify the simulation procedure. Ultimately, the simulation model is utilized to conduct a parameter sensitivity analysis for the purpose of evaluating the effect of different signal distortion phenomena on link performance.     

数据挖掘技术在信息安全证据处理中的应用

为了有效解决信息安全证据获取和证据规范化等难题,文章从数据挖掘的角度,阐述了如何搜集、处理信息安全在搜索潜在威胁时的证据,给出了如何获取证据以及证据的规范化表示的基本思路,从而增强了信息网络的安全信任属性。     

探讨数据挖掘技术在网络信息安全管理中的应用

信息的收集,运用以及控制的竞争日益加剧,因此网络的安全问题也逐渐的成为了社会关注的主要问题,信息安全也已成为保障国家安全和社会稳定的重点方面.如何识别防御和攻击以及增强网络的安全已经成为技术管理人员研究的重要方面.网络安全领域的一个热门话题就是入侵检测.入侵检测的主要分析方法是异常检测和误用检测两种方法.     

Risk-neutral evaluation of information security investment on data centers

Based on given data center network topology and risk-neutral management, this work proposes a simple but efficient probability-based model to calculate the probability of insecurity of each protected resource and the optimal investment on each security protection device when a data center is under security breach. We present two algorithms that calculate the probability of threat and the optimal investment for data center security respectively. Based on the insecurity flow model (Moskowitz and Kang 1997) of analyzing security violations, we first model data center topology using two basic components, namely resources and filters, where resources represent the protected resources and filters represent the security protection devices. Four basic patterns are then identified as the building blocks for the first algorithm, called Accumulative Probability of Insecurity, to calculate the accumulative probability of realized threat (insecurity) on each resource. To calculate the optimal security investment, a risk-neutral based algorithm, called Optimal Security Investment, which maximizes the total expected net benefit is then proposed. Numerical simulations show that the proposed approach coincides with Gordon’s (Gordon and Loeb, ACM Transactions on Information and Systems Security 5(4):438–457, 2002) single-system analytical model. In addition, numerical results on two common data center topologies are analyzed and compared to demonstrate the effectiveness of the proposed approach. The technique proposed here can be used to facilitate the analysis and design of more secured data centers.     

浅析信息和网络安全体系模型

信息技术和网络安全在网络安全技术领域颇为人们关心,随着信息技术和网络水平的不断发展,信息和网络安全成为人们最注重的问题.本文就对信息和网络的安全体系模型进行了简单的探讨.     

智能可穿戴式医疗设备在医疗数据信息安全中的应用

针对智能可穿戴式医疗设备在医疗数据信息安全中的应用进行研究,分别分析了其在生物密钥、量子密钥、异构网络密钥中的应用.在生物密钥中应用智能可穿戴医疗设备可以实现通信中的双方认证,抵抗已知攻击;在量子密钥中应用智能可穿戴医疗设备可以对传输的信息进行数次加密处理,能够在理论层面上保障其信息的安全性;在异构网络密钥中应用智能可...     

Fuzzy OWA model for information security risk management

One of the methods for information security risk assessment is the substantiated choice and realization of countermeasures against threats. A situational fuzzy OWA model of a multicriteria decision making problem concerning the choice of countermeasures for reducing information security risks is proposed. The proposed model makes it possible to modify the associated weights of criteria based on the information entropy with respect to the aggregation situation. The advantage of the model is the continuous improvement of the weights of the criteria and the aggregation of experts’ opinions depending on the parameter characterizing the aggregation situation.     

基于企业涉密信息检测的数据安全解决方案

在综合考虑网络安全与内容安全的基础上提出了一种基于企业涉密信息检测的数据安全解决方案,方案从网络拓扑构成,安全体系结构及安全管理控制平台角度讨论了企业数据在Intemet安全传输涉及的物理安全、系统/桌面安全,网络安全、数据安全、应用安全和管理安全等因素,给出了相应的实现方法,并提出了一种加密传输方法,保障了企业数据传输的机密性、完整性和可用性.     

大数据背景下高校人事信息安全问题研究

随着信息技术的深入发展,网络安全法律法规不断健全,信息安全和网络安全的重要性持续提高。高校作为一个人员密集程度极高的机构,其数据信息量十分庞杂,数据在传输,应用过程中的信息安全问题日益凸显。文章在分析人事信息安全的重要性和信息安全风险形式基础上,结合不同高校人事信息安全工作方面的做法,从管理和技术两个层面探究高校人事信息安全的问题与成因,以期探索建立人事信息安全管理长效机制,营造良好的人事信息网络生态环境,助力人事管理工作有效推进,为高校教职工信息安全提供参考。