基于BAN逻辑的SIP网络认证协议安全性研究

利用BAN逻辑对会话初始化协议(SIP)网络采用的超文本传输协议(HTTP)摘要认证协议进行了形式化分析和推导。通过严格的逻辑推导,证明HTTP摘要认证协议存在不足,以及由此产生的伪装攻击。通过对逻辑推理结果和推导过程的分析,针对BAN逻辑提出增加消息抗否认性规则和消息新鲜性传递规则,增强了BAN逻辑的逻辑推理能力;针对HTTP摘要认证协议提出增加数字签名、公私钥机制、双向认证和密钥协商,提高了HTTP摘要认证协议的安全性。     

一种基于SIP的安全解决方案

目前已有的认证机制不能有效解决SIP消息传送时面临的网络侦听问题.本文在分析现有研究工作的基础上,应用一个并行多进程的SIP非法消息检测流程,并通过扩展SIP认证头域,引进密文隐写系统,对SIP安全机制进行了改进,可以有效的避免SIP网络传输中被异常消息攻击、数据包被侦听、密文被分析的情况,保证了应用层的安全,实验结果验证了该方案的有效性.     

SIP协议一致性测试研究

SIP(Session Initiation Protocol会话初始化协议)是用来生成、修改、终结一个或多个参与者之间的会话的应用层协议.SIP可应用于IP电话、IMP(Instant message & Presence即时消息与存在)、视频会议、IMS(IP Multimedia Subsystem IP多媒体子系统)等.关于SIP协议的实现很多,需要SIP一致性测试来规范SIP协议实现与RFC3261的符合程度,作为SIP协议实现之间互通的保证.     

基于信任概率的双向路由表研究

分析现有P2P网络存在的安全问题，并针对这些问题提出新的解决方案，进行优化，并以Chord协议说明该模型的实现。实验证明，提出的方案是有效的，在具有一定比例恶意节点的P2P网络中，该方案对于信息窜改、信息窃听及路由功能失效等类型的恶意攻击有较好的抑制作用，不会降低网络的查询效率。     

网络攻击图生成方法研究

针对网络安全分析研究的要求,在已有研究的基础上,提出了一种灵活的网络攻击图生成方法.首先通过分析网络主机、用户权限、主机之间的连接关系和攻击等安全属性,建立了一个面向网络安全分析的安全模型,然后使用广度优先的正向搜索算法生成攻击路径,实现了网络攻击图的生成.通过实验和比较证明,该方法具有更高的有效性和更快的攻击图生成速度.     

SIP协议一致性测试研究

SIP(Session Initiation Protocol会话初始化协议)是用来生成、修改、终结一个或多个参与者之间的会话的应用层协议。SIP可应用于IP电话、IMP(Instant message &Presence即时消息与存在)、视频会议、IMS(IP Multimedia Subsystem IP多媒体子系统)等。关于SIP协议的实现很多,需要SIP一致性测试来规范SIP协议实现与RFC3261的符合程度,作为SIP协议实现之间互通的保证。     

基于JSR180的手机SIP功能的开发

本文介绍了JSR180资源开发包,分析了手机SIP的会话建立和拆除过程,开发了基于JSR180的短信收发程序,并给出了WTK模拟结果。本文对开发手机SIP功能具有参考作用。     

基于超图卷积网络的重复性消费会话推荐算法

针对基于会话的推荐算法(SBRS)在建模会话表示时,缺乏考虑会话中物品之间多元关联关系和用户重复性消费的行为模式,提出一种基于超图卷积网络的重复性消费会话推荐算法。算法首先根据用户的会话序列组建超图和线图,并通过超图卷积网络建模会话内物品之间多元关联关系和会话间交叉信息;接着通过注意力网络生成用户的意图表示;然后构建重复—探索模块以建模用户重复消费的行为模式;最后根据生成的会话表示预测下一个产生交互的物品评分,进行推荐。在2个公开的现实数据集上的大量实验结果表明,所提模型在召回率和平均倒数排名指标上优于其他基线算法。     

网络安全中的ARP协议和欺骗技术及其对策

针对目前校园网用户ARP病毒的频繁发作的现象,简单介绍ARP协议并分析ARP病毒攻击原理,提出了相应的解决方案.     

浅析针对移动IPv6攻击的几种解决方案

主要分析移动IPv6面临的攻击,并提出针对移动IPv6攻击的几种解决方案。     

A Novel DDoS Attack Detection Method Using Optimized Generalized Multiple Kernel Learning

Distributed Denial of Service (DDoS) attack has become one of the most destructive network attacks which can pose a mortal threat to Internet security. Existing detection methods cannot effectively detect early attacks. In this paper, we propose a detection method of DDoS attacks based on generalized multiple kernel learning (GMKL) combining with the constructed parameter R. The super-fusion feature value (SFV) and comprehensive degree of feature (CDF) are defined to describe the characteristic of attack flow and normal flow. A method for calculating R based on SFV and CDF is proposed to select the combination of kernel function and regularization paradigm. A DDoS attack detection classifier is generated by using the trained GMKL model with R parameter. The experimental results show that kernel function and regularization parameter selection method based on R parameter reduce the randomness of parameter selection and the error of model detection, and the proposed method can effectively detect DDoS attacks in complex environments with higher detection rate and lower error rate.     

A DDoS Attack Situation Assessment Method via Optimized Cloud Model Based on Influence Function

The existing network security situation assessment methods cannot effectively assess the Distributed denial-of-service (DDoS) attack situation. In order to solve these problems, we propose a DDoS attack situation assessment method via optimized cloud model based on influence function. Firstly, according to the state change characteristics of the IP addresses which are accessed by new and old user respectively, this paper defines a fusion feature value. Then, based on this value, we establish a V-Support Vector Machines (V-SVM) classification model to analyze network flow for identifying DDoS attacks. Secondly, according to the change of new and old IP addresses, we propose three evaluation indexes. Furthermore, we propose index weight calculation algorithm to measure the importance of different indexes. According to the fusion index, which is optimized by the weighted algorithm, we define the Risk Degree (RD) and calculate the RD value of each network node. Then we obtain the situation information of the whole network according to the RD values, which are from each network nodes with different weights. Finally, the whole situation information is classified via cloud model to quantitatively assess the DDoS attack situation. The experimental results show that our method can not only improve the detection rate and reduce the missing rate of DDoS attacks, but also access the DDoS attack situation effectively. This method is more accurate and flexible than the existing methods.     

An Erebus Attack Detection Method Oriented to Blockchain Network Layer

Recently, the Erebus attack has proved to be a security threat to the blockchain network layer, and the existing research has faced challenges in detecting the Erebus attack on the blockchain network layer. The cloud-based active defense and one-sidedness detection strategies are the hindrances in detecting Erebus attacks. This study designs a detection approach by establishing a ReliefF_WMRmR-based two-stage feature selection algorithm and a deep learning-based multimodal classification detection model for Erebus attacks and responding to security threats to the blockchain network layer. The goal is to improve the performance of Erebus attack detection methods, by combining the traffic behavior with the routing status based on multimodal deep feature learning. The traffic behavior and routing status were first defined and used to describe the attack characteristics at diverse stages of s leak monitoring, hidden traffic overlay, and transaction identity forgery. The goal is to clarify how an Erebus attack affects the routing transfer and traffic state on the blockchain network layer. Consequently, detecting objects is expected to become more relevant and sensitive. A two-stage feature selection algorithm was designed based on ReliefF and weighted maximum relevance minimum redundancy (ReliefF_WMRmR) to alleviate the overfitting of the training model caused by redundant information and noise in multiple source features of the routing status and traffic behavior. The ReliefF algorithm was introduced to select strong correlations and highly informative features of the labeled data. According to WMRmR, a feature selection framework was defined to eliminate weakly correlated features, eliminate redundant information, and reduce the detection overhead of the model. A multimodal deep learning model was constructed based on the multilayer perceptron (MLP) to settle the high false alarm rates incurred by multisource data. Using this model, isolated inputs and deep learning were conducted on the selected routing status and traffic behavior. Redundant intermodal information was removed because of the complementarity of the multimodal network, which was followed by feature fusion and output feature representation to boost classification detection precision. The experimental results demonstrate that the proposed method can detect features, such as traffic data, at key link nodes and route messages in a real blockchain network environment. Additionally, the model can detect Erebus attacks effectively. This study provides novelty to the existing Erebus attack detection by increasing the accuracy detection by 1.05%, the recall rate by 2.01%, and the F1-score by 2.43%.     

Unknown Attack Detection: Combining Relabeling and Hybrid Intrusion Detection

Detection of unknown attacks like a zero-day attack is a research field that has long been studied. Recently, advances in Machine Learning (ML) and Artificial Intelligence (AI) have led to the emergence of many kinds of attack-generation tools developed using these technologies to evade detection skillfully. Anomaly detection and misuse detection are the most commonly used techniques for detecting intrusion by unknown attacks. Although anomaly detection is adequate for detecting unknown attacks, its disadvantage is the possibility of high false alarms. Misuse detection has low false alarms; its limitation is that it can detect only known attacks. To overcome such limitations, many researchers have proposed a hybrid intrusion detection that integrates these two detection techniques. This method can overcome the limitations of conventional methods and works better in detecting unknown attacks. However, this method does not accurately classify attacks like similar to normal or known attacks. Therefore, we proposed a hybrid intrusion detection to detect unknown attacks similar to normal and known attacks. In anomaly detection, the model was designed to perform normal detection using Fuzzy c-means (FCM) and identify attacks hidden in normal predicted data using relabeling. In misuse detection, the model was designed to detect previously known attacks using Classification and Regression Trees (CART) and apply Isolation Forest (iForest) to classify unknown attacks hidden in known attacks. As an experiment result, the application of relabeling improved attack detection accuracy in anomaly detection by approximately 11% and enhanced the performance of unknown attack detection in misuse detection by approximately 10%.     

ICMPTend: Internet Control Message Protocol Covert Tunnel Attack Intent Detector

The Internet Control Message Protocol (ICMP) covert tunnel refers to a network attack that encapsulates malicious data in the data part of the ICMP protocol for transmission. Its concealment is stronger and it is not easy to be discovered. Most detection methods are detecting the existence of channels instead of clarifying specific attack intentions. In this paper, we propose an ICMP covert tunnel attack intent detection framework ICMPTend, which includes five steps: data collection, feature dictionary construction, data preprocessing, model construction, and attack intent prediction. ICMPTend can detect a variety of attack intentions, such as shell attacks, sensitive directory access, communication protocol traffic theft, filling tunnel reserved words, and other common network attacks. We extract features from five types of attack intent found in ICMP channels. We build a multi-dimensional dictionary of malicious features, including shell attacks, sensitive directory access, communication protocol traffic theft, filling tunnel reserved words, and other common network attack keywords. For the high-dimensional and independent characteristics of ICMP traffic, we use a support vector machine (SVM) as a multi-class classifier. The experimental results show that the average accuracy of ICMPTend is 92%, training ICMPTend only takes 55 s, and the prediction time is only 2 s, which can effectively identify the attack intention of ICMP.     

A Fast Two-Stage Black-Box Deep Learning Network Attacking Method Based on Cross-Correlation

Deep learning networks are widely used in various systems that require classification. However, deep learning networks are vulnerable to adversarial attacks. The study on adversarial attacks plays an important role in defense. Black-box attacks require less knowledge about target models than white-box attacks do, which means black-box attacks are easier to launch and more valuable. However, the state-of-arts black-box attacks still suffer in low success rates and large visual distances between generative adversarial images and original images. This paper proposes a kind of fast black-box attack based on the cross-correlation (FBACC) method. The attack is carried out in two stages. In the first stage, an adversarial image, which would be missclassified as the target label, is generated by using gradient descending learning. By far the image may look a lot different than the original one. Then, in the second stage, visual quality keeps getting improved on the condition that the label keeps being missclassified. By using the cross-correlation method, the error of the smooth region is ignored, and the number of iterations is reduced. Compared with the proposed black-box adversarial attack methods, FBACC achieves a better fooling rate and fewer iterations. When attacking LeNet5 and AlexNet respectively, the fooling rates are 100% and 89.56%. When attacking them at the same time, the fooling rate is 69.78%. FBACC method also provides a new adversarial attack method for the study of defense against adversarial attacks.     

Generating A New Shilling Attack for Recommendation Systems

A collaborative filtering-based recommendation system has been an integral part of e-commerce and e-servicing. To keep the recommendation systems reliable, authentic, and superior, the security of these systems is very crucial. Though the existing shilling attack detection methods in collaborative filtering are able to detect the standard attacks, in this paper, we prove that they fail to detect a new or unknown attack. We develop a new attack model, named Obscure attack, with unknown features and observed that it has been successful in biasing the overall top-N list of the target users as intended. The Obscure attack is able to push target items to the top-N list as well as remove the actual rated items from the list. Our proposed attack is more effective at a smaller number of k in top-k similar user as compared to other existing attacks. The effectivity of the proposed attack model is tested on the MovieLens dataset, where various classifiers like SVM, J48, random forest, and naïve Bayes are utilized.     

Adversarial Attacks on Content-Based Filtering Journal Recommender Systems

Recommender systems are very useful for people to explore what they really need. Academic papers are important achievements for researchers and they often have a great deal of choice to submit their papers. In order to improve the efficiency of selecting the most suitable journals for publishing their works, journal recommender systems (JRS) can automatically provide a small number of candidate journals based on key information such as the title and the abstract. However, users or journal owners may attack the system for their own purposes. In this paper, we discuss about the adversarial attacks against content-based filtering JRS. We propose both targeted attack method that makes some target journals appear more often in the system and non-targeted attack method that makes the system provide incorrect recommendations. We also conduct extensive experiments to validate the proposed methods. We hope this paper could help improve JRS by realizing the existence of such adversarial attacks.     

Research on Detection Method of Interest Flooding Attack on Content Centric Network

To improve the attack detection capability of content centric network (CCN), we propose a detection method of interest flooding attack (IFA) making use of the feature of self-similarity of traffic and the information entropy of content name of interest packet. On the one hand, taking advantage of the characteristics of self-similarity is very sensitive to traffic changes, calculating the Hurst index of the traffic, to identify initial IFA attacks. On the other hand, according to the randomness of user requests, calculating the information entropy of content name of the interest packets, to detect the severity of the IFA attack, is. Finally, based on the above two aspects, we use the bilateral detection method based on non-parametric CUSUM algorithm to judge the possible attack behavior in CCN. The experimental results show that flooding attack detection method proposed for CCN can not only detect the attack behavior at the early stage of attack in CCN, but also is more accurate and effective than other methods.     

ESAP: Efficient and secure authentication protocol for roaming user in mobile communication networks

The Global System for Mobile communication (GSM) network is proposed to mitigate the security problems and vulnerabilities observed in the mobile telecommunication system. However, the GSM network is vulnerable to different kinds of attacks such as redirection attack, impersonation attack and Man in-the Middle (MiTM) attack. The possibility of these attacks makes the wireless mobile system vulnerable to fraudulent access and eavesdropping. Different authentication protocols of GSM were proposed to overcome the drawbacks but many of them lead to network signalling overload and increases the call set-up time. In this paper, an efficient and secure authentication and key agreement protocol (ESAP-AKA) is proposed to overcome the flaws of existing authentication protocol for roaming users in the GSM network. The formal verification of the proposed protocol is presented by BAN logic and the security analysis is shown using the AVISPA tool. The security analysis shows that the proposed protocol avoids the different possible attacks on the communication network. The performance analysis based on the fluid flow mobility model shows that the proposed protocol reduces the communication overhead of the network by reducing a number of messages. On an average, the protocol reduces 60% of network signalling congestion overhead as compared with other existing GSM-AKA protocols. Moreover, the protocol not only removes the drawbacks of existing protocols but also accomplishes the needs of roaming users.