共查询到20条相似文献,搜索用时 125 毫秒
1.
网络攻击的追踪是对网络攻击做出正确响应的重要前提,采用代数方法,利用IP报文中的选项字段,以概率将流经路由器的地址标注报文,使得受攻击主机端能够利用被标注报文内的地址信息重构攻击路径,从而追踪到攻击源点.重点讨论了如何运用代数方法记录报文流经路由器的地址,以及利用报文中记录的信息重构路径使ISP部署相关策略对这些范围的主机加以防范.可以预见,网络攻击的追踪和路径重构技术仍将是目前网络安全一个重要的研究热点,而且随着IPv6的应用,攻击源追踪问题将取得实质性突破.同时指出了该方法存在的问题,并进行了进一步展望. 相似文献
2.
3.
4.
5.
分析了电信网络新出现的安全问题,NTP(网络时间协议)新型攻击的特点是攻击流量庞大,用户比较容易忽视,蠕虫和木马危害影响范围较广,手机病毒和木马频繁出现.提出了应对措施. 相似文献
6.
7.
2021年7月,全省互联网基础设施运行总体平稳,骨干网各项监测指标正常.木马僵尸网络、蠕虫病毒、web攻击等是全省重要信息系统和互联网用户面临的最主要的网络安全威胁.本月全省感染木马、僵尸程序主机总数有所下降,被利用作为控制端主机数量较上月有所下降,感染蠕虫病毒主机数量较上月有所下降,受web攻击主机数量较上月有所下降.本月全省感染木马或僵尸网络病毒的主机IP数量为16019个; 被利用作为木马或僵尸网络控制端服务器的IP数量为3685个;感染蠕虫病毒的主机IP数量为274个;遭受web攻击的主机IP数量为2794个; 全省被利用作为web攻击的IP数量为5743个. 相似文献
8.
9.
10.
摘 要:SD-WAN 发展势头迅猛,电信运营商与互联网企业都在不断扩大布局。作为形态多样化的技术, SD-WAN 中并未对时钟同步做出明确规范。分析了时钟同步对 SD-WAN 技术实现和业务运行的重要性。简述了在SD-WAN被广泛采用的互联网公共NTP服务时钟同步方案的利弊,由此展开讨论在不同场景可实现的自建NTP服务时钟同步方案,并设计了基于自建NTP服务利用管理隧道加密传输NTP同步数据的时钟同步方法,使SD-WAN平台和设备在时间同步时获得更高的安全性与稳定性。 相似文献
11.
Copy-move forgery (CMF) is a popular image manipulation technique that is simple and effective in creating forged illustrations. The bulk of CMF detection methods concentrate on common geometrical transformation attacks (e.g., rotation and scale) and post-processing attacks (e.g., Joint Photographic Experts Group (JPEG) compression and Gaussian noise addition). However, geometrical transformation that involves reflection attacks has not yet been highlighted in the literature. As the threats of reflection attack are inevitable, there is an urgent need to study CMF detection methods that are robust against this type of attack. In this study, we investigated common geometrical transformation attacks and reflection-based attacks. Also, we suggested a robust CMF detection method, called SIFT-Symmetry, that innovatively combines the Scale Invariant Feature Transform (SIFT)-based CMF detection method with symmetry-based matching. We evaluated the SIFT-Symmetry with three established methods that are based on SIFT, multi-scale analysis, and patch matching using two new datasets that cover simple transformation and reflection-based attacks. The results show that the F-score of the SIFT-Symmetry method surpassed the average 80% value for all geometrical transformation cases, including simple transformation and reflection-based attacks, except for the reflection with rotation case which had an average F-score of 65.3%. The results therefore show that the SIFT-Symmetry method gives better performance compared to the other existing methods. 相似文献
12.
随着传统互联网逐渐向“互联网+”演变,域名系统(domain namesystem,DNS)从基础的地址解析向全面感知、可靠传输等新模式不断扩展。新场景下的DNS由于功能的多样性和覆盖领域的广泛性,一旦受到攻击会造成严重的后果,因此DNS攻击检测与安全防护方面的研究持续进行并越来越受到重视。首先介绍了几种常见的DNS攻击,包括DNS欺骗攻击、DNS隐蔽信道攻击、DNS DDoS(distributed denial of service)攻击、DNS反射放大攻击、恶意DGA域名;然后,从机器学习的角度出发对这些攻击的检测技术进行了系统性的分析和总结;接着,从DNS去中心化、DNS加密认证、DNS解析限制3个方面详细介绍了DNS的安全防护技术;最后,对未来的研究方向进行了展望。 相似文献
13.
针对大型公共场所需放置多台同步时钟的问题,提出了基于网络时间协议(NTP协议)的数字钟设计方案,利用嵌入式网络模块实现网络接口、美信的实时时钟芯片实现时钟的信息存储和更新、奥地利微电子的8通道恒流发光二极管(LED)驱动芯片实现时间显示。该基于NTP协议的数字钟定期向NTP服务器发送请求包,利用服务器的响应包的时间戳可以计算出本地客户机时间,修正客户机时间,使其时间与时间服务器的时间保持一致。该数字钟由于采用NTP网络协议,时间同步于NTP服务器,走时准确,安装方便。 相似文献
14.
Model checking based on linear temporal logic reduces the false negative rate of misuse detection. However, linear temporal logic formulae cannot be used to describe concurrent attacks and piecewise attacks. So there is still a high rate of false negatives in detecting these complex attack patterns. To solve this problem, we use interval temporal logic formulae to describe concurrent attacks and piecewise attacks. On this basis, we formalize a novel algorithm for intrusion detection based on model checking interval temporal logic. Compared with the method based on model checking linear temporal logic, the new algorithm can find unknown succinct attacks. The simulation results show that the new method can effectively reduce the false negative rate of concurrent attacks and piecewise attacks. 相似文献
15.
16.
无线局域网MAC层DoS攻击检测 总被引:2,自引:0,他引:2
当前对无线局域网入侵检测的研究多处于理论阶段,尚缺少检测基础平台和实验支持。文章针对基础结构模式的无线局域网,设计了一种MAC层DoS攻击的检测方法,通过实验捕捉和分析MAC层相关控制帧和管理帧,以及判断门限值,检测出MAC层存在的几种主要DoS攻击。 相似文献
17.
电子邮件是APT (Advanced Persistent Threat)攻击中常用的攻击载体,本文针对APT邮件攻击提出了一种基于多维度分析的APT邮件攻击检测方法。首先,提取邮件头部和邮件正文信息,邮件附件文件还原;然后,分别通过邮件头部、邮件正文、情报检测、文件内容深度检测、邮件异常行为检测和邮件站点自学习等多维度进行分析;最后基于分析结果将邮件归类为普通邮件和可疑APT攻击特征的邮件。本文提出的方法既结合传统的邮件威胁攻击特征,并融入情报检测和附件深度检测,且考虑邮件异常行为分析,最后结合客户业务进行自学习分析,有效地提高了APT邮件攻击的检测准确率,为APT邮件攻击检测提供一种良好的检测方案。 相似文献
18.
19.
Web应用程序时刻面临着来自网络空间中诸如SQL注入等代码注入式攻击的安全威胁.大多数针对SQL注入攻击的检测方法执行效率较低,检测精度也不够高,特别是实现方法不易被重用.根据注入型脆弱性特征提出了一种基于AOP(Aspect-Oriented Programming)和动态污点分析的SQL注入行为检测方法,并通过方面(aspect)模块化单元对污点分析过程进行了封装,使得安全这类典型的程序横切关注点从基层子系统中分离,提高了检测代码的可重用性.在污点汇聚点结合通知(advice)机制动态加载各类检测组件实现在运行时执行检测代码,从而应对SQL注入这类典型的针对Web应用程序的代码注入攻击方式.实验表明,该方法能够在不修改应用程序执行引擎及源码的前提下实现自保护过程,有效防御重言式(tautologies)、逻辑错误查询(logically incorrect queries)、联合查询(union query)、堆叠查询(piggy-backed queries)、存储过程(stored procedures)、推理查询(inference query)、编码转换(alternate encodings)等7种典型的SQL注入攻击类型. 相似文献
20.
An intrusion detection system based on combining probability predictions of a tree of classifiers 下载免费PDF全文
Ahmed Ahmim Makhlouf Derdour Mohamed Amine Ferrag 《International Journal of Communication Systems》2018,31(9)
Intrusion detection system (IDS) represents an unavoidable tool to secure our network. It is considered as a second defense line against the different form of attacks. The principal limits of the current IDSs are their inability to combine the detection of the new form of attacks with high detection rate and low false alarm rate. In this paper, we propose an intrusion detection system based on the combination of the probability predictions of a tree of classifiers. Specifically, our model is composed of 2 layers. The first one is a tree of classifiers. The second layer is a classifier that combines the probability predictions of the tree. The built tree contains 4 levels where each node of this tree represents a classifier. The first node classifies the connections in 2 clusters: Denial of Service attacks and Cluster 2. Then, the second node classifies the connections of the Cluster 2 in Probing attacks and Cluster 3. The third node classifies the connections of the Cluster 3 in Remote‐to‐Local attacks and Cluster 4. Finally, the last node classifies the connections of the Cluster 4 in User‐to‐Root attacks and Normal connections. The second layer contains the last classifier that combines the probability predictions of the first layer and take the final decision. The experiments on KDD'99 and NSL‐KDD show that our model gives a low false alarm rate and the highest detection rate. Furthermore, our model is more precise than the recent intrusion detection system models with accuracy equal to 96.27% for KDD'99 and 89.75% for NSL‐KDD. 相似文献