基于NAT的混合型防火墙

传统防火墙分析 包过滤防火墙位于协议网络层,按照网络安全策略对IP包进行选择,允许或拒绝特定的报文通过。过滤一般是基于一个IP分组的有关域(IP源地址、IP目的地址、TCP/UDP源端口或服务类型和TCP/UDP目的端口或服务类型)进行的。基于IP源/目的地址的过滤,即根据特定组织机构的网络安全策略,过滤掉具有特定IP地址的分组,从而保护内部网络;基于TCP/UDP源/目的端口的过滤,因为端口号区分了不同的服务类型或连接类型(如SMTP使用端口25,Telnet使用端口23等),所以为包过滤提供了更大的灵活性。同时由于它是位于协议的网络层,所以效率较高;但是该防火墙所依靠的安全参数仅为IP报头的地址和端口信息,若要增加安全     

基于数据流模型的NetFlow流数据安全检测分析系统

本文设计了一个基于数据流模型的Netflow流数据安全监测分析系统,其应用背景是在骨干网络路由器上的大规模数据流处理。基于对Netflow原始流信息中的源/目的IP地址、源/目的端口、TCP/UDP/ICMP协议等进行SUM、CONUT、Top-K三种聚集计算,对骨干网络中的流数据根据相关需求进行监测骨干网络中的网络安全事件,进一步对未知蠕虫病毒具有检测和预警的功能。SUM、COUNT、Top-K三个底层通用算法基于数据流模型,体现出了它的实时性、持续性及其高性能。     

新品纵览

实达网络12月上旬推出S2126G/S2150G系列千兆智能交换机,它能够基于交换机物理端口、MAC地址、VLAN号、IP地址、TCP/UDP端口号等来区分不同的业务流,能够智能地识别应用事件如视频、音频、数据流(多媒体教学、视频会议、MIS、ERP、OA、备份数据)的紧急和重要程度。     

基于Netflow的流量分析技术研究

流量分析是统计用户通信量和检测异常流量的基础.传统的网络流量检测工具仅仅使用TCP/UDP/IP包头信息,因为TCP或者UDP端口号可能被不同的应用使用,故它们不能有效地识别不同应用的流量.本文论述了Netflow流量分析技术的特点和工作原理,并探讨了Netflow的应用和发展.     

基于行为模型的IP Forwarding异常检测方法

通过研究网络流动态特征,基于路由变化、流变化和包延迟,以及IP报文头信息（例如TTL、源/目的地址、报文长度和路由器时间戳）建立网络行为模型,通过高性能测量和在线分析网络流和路由信息对初始网络异常产生实时报警,实现了IP forwarding网络异常的有效检测和识别。定义了网络行为模型的五种功能模块,通过关联空间和时间状态信息检测识别网络异常为大范围监测网络提供强大支持。     

局域网IP冲突问题的探讨

网络简介 作为典型的企业网架构,本单位网络拓扑结构大致分为三级,并全部采用北电产品。第一级由ATM交换机组成,网络服务器、多媒体工作站等工作在主干网络上,第二级由大量的以太网交换机构成,对第三级桌面提供高密度端口。并根据划分出的VLAN(Vitual Local Area Network)提供实际的VLAN端口。网络协议采用TCP/IP,IP地址规划使用静态IP地址分配,由网管员统一规划。 问题的提出 我们知道,对于在Internet和Intranet网络上,使用TCP/IP协议时每台主机必须具有独立的IP地址,有了IP地址的主机才能与网络上的其它主机进行通讯。随着网络应用大力推广,网络客户急剧膨胀,由于静态IP地址分配,IP地址冲突的麻烦相继     

一个加强的NAT-PT模型

NAT-PT(network address translation + protocol translation)允许IPv6节点与IPv4节点之间进行通信.NAPT-PT则通过一定的映射方法以充分复用注册地址的所有端口,应用NAPT-PT模型,每个注册V4地址最多可建立63K从V6节点到V4节点的TCP会话和UDP会话.然而,对于从V4节点到V6节点的会话,每个注册IP地址只能映射到一个V6地址.当地址池中的地址耗尽时,V4节点不能再访问其他V6节点.ENAT-PT (enhanced NAT-PT)模型是对NAT-PT的改进.其主要思想是同时使用源地址、目的地址、源端口、目的端口来识别一个会话.ENAT-PT模型可通过一个注册地址同时建立大量从V4节点到V6节点的会话,在实际应用中对解决IPv4地址短缺问题具有重要意义.     

安全门诊

1.我安装的是Windows 2000系统,现在我只想开有限几个端口给用户使用,把所有其他端口全部关掉,有什么办法? 答:可以通过[控制面板]—>[网络属性]—>[TCP/IP]—>[属性]—>[高级]—>[选项(options)]—>[TCP/IP筛选]进行端口的设定。此处可以添加允许TCP端口号,当然也可以全部允许。UDP和IP协议也是如此。     

基于HMM的分布式拒绝服务攻击检测方法

在分布式拒绝服务(DDoS)攻击时,网络中数据包的统计特征会显示出异常.检测这种异常是一项重要的任务.一些检测方法基于数据包速率的假设,然而这种假设在一些情况下是不合理的.另一些方法基于IP地址和数据报长度的统计特征,但这些方法在IP地址欺骗攻击时检测率急剧下降.提出了一种基于隐马尔可夫模型(HMM)的DDoS异常检测方法.该方法集成了4种不同的检测模型以对付不同类型的攻击.通过从数据包中提取TCP标志位,UDP端口和ICMP类型及代码等属性信息建立相应的TCP,UDP和ICMP 的隐马尔可夫模型,用于描述正常情况下网络数据包序列的统计特征.然后用它来检测网络数据包序列,判断是否有DDoS攻击.实验结果显示该方法与其他同类方法相比通用性更好、检测率更高.     

网络经济环境下IP协议的安全防范策略

IP地址的识别及安全防范技术在网络经济应用中重要性日益突出,本文对IP地址盗用和IP地址使用原理和方法进行有针对性的分析,根据TCP/IP协议栈模型的不同层次结构阐述了网络不安全的原因,从而达到在不同的层次采用不同的安全技术方法来防范的目的。     

Only connect: teaching, technology and telesis

Abstract This paper describes an approach to the design of interactive multimedia materials being developed in a European Community project. The developmental process is seen as a dialogue between technologists and teachers. This dialogue is often problematic because of the differences in training, experience and culture between them. Conditions needed for fruitful dialogue are described and the generic model for learning design used in the project is explained.     

European Community policy and the market

Abstract This paper starts with some reflections on the policy considerations and priorities which are shaping European Commission (EC) research programmes. Then it attempts to position the current projects which seek to capitalise on information and communications technologies for learning in relation to these priorities and the apparent realities of the marketplace. It concludes that while there are grounds to be optimistic about the contribution EC programmes can make to the efficiency and standard of education and training, they are still too technology driven.     

一种自适应子融合集成多分类器方法

融合集成方法已经广泛应用在模式识别领域,然而一些基分类器实时性能稳定性较差,导致多分类器融合性能差,针对上述问题本文提出了一种新的基于多分类器的子融合集成分类器系统。该方法考虑在度量层融合层次之上通过对各类基多分类器进行动态选择,票数最多的类别作为融合系统中对特征向量识别的类别,构成一种新的自适应子融合集成分类器方法。实验表明,该方法比传统的分类器以及分类融合方法识别准确率明显更高,具有更好的鲁棒性。     

Avoiding semantic and temporal gaps in developing software intensive systems

Development of software intensive systems (systems) in practice involves a series of self-contained phases for the lifecycle of a system. Semantic and temporal gaps, which occur among phases and among developer disciplines within and across phases, hinder the ongoing development of a system because of the interdependencies among phases and among disciplines. Such gaps are magnified among systems that are developed at different times by different development teams, which may limit reuse of artifacts of systems development and interoperability among the systems. This article discusses such gaps and a systems development process for avoiding them.     

Designing economic np control charts: A programmed simulation approach

This paper presents control charts models and the necessary simulation software for the location of economic values of the control parameters. The simulation program is written in FORTRAN, requires only 10K of main storage, and can run on most mini and micro computers. Two models are presented - one describes the process when it is operating at full capacity and the other when the process is operating under capacity. The models allow the product quality to deteriorate to a further level before an existing out-of-control state is detected, and they can also be used in situations where no prior knowledge exists of the out-of-control causes and the resulting proportion defectives.     

The development of robot art

Going through a few examples of robot artists who are recognized worldwide, we try to analyze the deepest meaning of what is called “robot art” and the related art field definition. We also try to highlight its well-marked borders, such as kinetic sculptures, kinetic art, cyber art, and cyberpunk. A brief excursion into the importance of the context, the message, and its semiotics is also provided, case by case, together with a few hints on the history of this discipline in the light of an artistic perspective. Therefore, the aim of this article is to try to summarize the main characteristics that might classify robot art as a unique and innovative discipline, and to track down some of the principles by which a robotic artifact can or cannot be considered an art piece in terms of social, cultural, and strictly artistic interest. This work was presented in part at the 13th International Symposium on Artificial Life and Robotics, Oita, Japan, January 31–February 2, 2008     

Explanation and prediction: an architecture for default and abductive reasoning

Although there are many arguments that logic is an appropriate tool for artificial intelligence, there has been a perceived problem with the monotonicity of classical logic. This paper elaborates on the idea that reasoning should be viewed as theory formation where logic tells us the consequences of our assumptions. The two activities of predicting what is expected to be true and explaining observations are considered in a simple theory formation framework. Properties of each activity are discussed, along with a number of proposals as to what should be predicted or accepted as reasonable explanations. An architecture is proposed to combine explanation and prediction into one coherent framework. Algorithms used to implement the system as well as examples from a running implementation are given.     

Three Process Perspectives: Organizations, Teams, and People

This paper provides the author's personal views and perspectives on software process improvement. Starting with his first work on technology assessment in IBM over 20 years ago, Watts Humphrey describes the process improvement work he has been directly involved in. This includes the development of the early process assessment methods, the original design of the CMM, and the introduction of the Personal Software Process (PSP)^SM and Team Software Process (TSP){^SM}. In addition to describing the original motivation for this work, the author also reviews many of the problems he and his associates encountered and why they solved them the way they did. He also comments on the outstanding issues and likely directions for future work. Finally, this work has built on the experiences and contributions of many people. Mr. Humphrey only describes work that he was personally involved in and he names many of the key contributors. However, so many people have been involved in this work that a full list of the important participants would be impractical.     

基于复小波噪声方差显著修正的SAR图像去噪

提出了一种基于复小波域统计建模与噪声方差估计显著性修正相结合的合成孔径雷达(Synthetic Aperture Radar,SAR)图像斑点噪声滤波方法。该方法首先通过对数变换将乘性噪声模型转化为加性噪声模型,然后对变换后的图像进行双树复小波变换(Dualtree Complex Wavelet Transform,DCWT),并对复数小波系数的统计分布进行建模。在此先验分布的基础上,通过运用贝叶斯估计方法从含噪系数中恢复原始系数,达到滤除噪声的目的。实验结果表明该方法在去除噪声的同时保留了图像的细节信息,取得了很好的降噪效果。     

How do children do mathematics with LOGO?

Abstract  This paper considers some results of a study designed to investigate the kinds of mathematical activity undertaken by children (aged between 8 and 11) as they learned to program in LOGO. A model of learning modes is proposed, which attempts to describe the ways in which children used and acquired understanding of the programming/mathematical concepts involved. The remainder of the paper is concerned with discussing the validity and limitations of the model, and its implications for further research and curriculum development.