面向自治域的DoS攻击流抑制模型

针对因特网上的DoS攻击,结合下一代安全因特网架构,分析了现有权证方案在申请、授权和解授权等方面的问题。兼顾网络拥塞反馈机制,结合多级主动队列、信誉计算等思想,提出了一种面向自治域的DoS攻击流抑制模型,并进一步分析其有效性。通过在NS2上利用权威的CAIDA真实拓扑数据集,对权证授权时间和授权通信量、平均权证获取时间、不同方案的文件传输时间进行对比分析和评价,结果表明本方案能有效降低平均权证获取时间,提高文件传输效率,使权证方案更具可行性和顽健性。     

人机交互下的 自动驾驶车联网关键安全技术

依托人工智能技术,网联自动驾驶车辆为乘客提供强大的人机交互系统,乘客可以通过该系统获取包括道路安全信息、娱乐应用等在内的多种信息.然而,自动驾驶车联网的网络开放性使得上述人机交互过程容易成为攻击者的目标,本文介绍了自动驾驶车联网中针对人机交互的攻击模式与相应解决方案,包括信息路由攻击、组件攻击和数据隐私攻击下的防护方案...     

指定验证人无第三方代理多重签名方案

分析了一些典型的代理多重签名方案,发现已经存在的方案存在漏洞,容易受到内部攻击和外部攻击,针对以上问题提出一个新的代理多重签名方案,改进后的方案克服了原方案的缺陷,通过性能分析,新的方案更加安全可靠.     

基于混沌的带密钥散列函数安全分析

利用统计分析、生日攻击等方法,针对一类基于混沌系统的带密钥散列函数进行了分析,给出了针对这些算法的伪造攻击和等价密钥恢复攻击。同时,研究了上述攻击奏效的原因,并由此总结了基于混沌技术设计带密钥散列函数时应该注意的问题。最后,提出了一个改进方案,该方案可以抵抗伪造攻击和等价密钥攻击,并且增加的计算负担可以忽略不计。     

基于智能卡和密码保护的WSN远程用户安全认证方案

针对无线传感器网络（WSN）用户远程安全认证问题,分析现有方案的不足,提出一种新颖的基于智能卡的WSN远程用户认证方案。通过用户、网关节点和传感器节点之间的相互认证来验证用户和节点的合法性,并结合动态身份标识来抵抗假冒攻击、智能卡被盗攻击、服务拒绝攻击、字典攻击和重放攻击。同时对用户信息进行匿名保护,且用户能够任意修改密码。性能比较结果表明,该方案具有较高的安全性能,且具有较小的计算开销。     

面向企业网的APT攻击特征分析及防御技术探讨

近年来,APT 攻击成为信息安全业界的关注热点。针对APT 攻击特征分析传统网络安全防御体系对其失效的原因,并在此基础上提出APT 攻击防御方案。该防御方案包括基础安全防御和动态防御体系,力求构建从保护、检测、响应到恢复的信息安全防御体系。最后,对 APT 攻击给业界带来的影响进行了思考和展望。     

融合时间戳和同态签名的安全网络编码方法

针对无线多跳网络编码的安全性问题,提出了一种融合时间戳和同态签名的安全网络编码方法。在利用基于RSA的同态签名方案抵御污染攻击的基础上,引入时间戳设计新型同态签名方案来抵御网络中的重放攻击,以时间戳为源生成网络编码的随机系数来保证签名的同态性。重点分析了本方案产生随机系数的方式对网络编码解码概率的影响,并建立了攻击模型证明方案可同时抵御网络中的污染攻击和重放攻击。性能分析表明本方案与基于RSA的同态签名方案开销比值接近于1。     

可证安全的数字水印方案

应用水印、密码学和编码技术,提出了一个可证安全的数字水印方案,包括嵌入水印方案和提取验证水印方案.方案中水印包含了身份标识(ID)、作品描述和水印密钥,便于认证和身份鉴别,方案具有较高的安全性可以抵抗目前所有的水印协议攻击,并用RO模型证明其安全性,特别是提供了独特的验证纠正恢复能力,具有很好的性能.     

基于零知识证明的多实体RFID认证协议

物联网的发展对射频识别(RFID)系统的安全性能提出了越来越高的要求。虽然基于密钥阵列的RFID认证协议解决了传统RFID认证协议在多实体环境中存在的内部攻击问题,但基于交换实体身份信息的认证方式存在信息泄露的安全隐患。针对这一问题,设计了基于零知识证明的多实体RFID认证协议(MERAP)。该协议采用分布式密钥阵列抵御内部攻击,利用零知识证明方案实现双向认证时敏感身份信息零泄露。性能分析结果显示,MERAP协议在维持一定复杂度和标签成本的基础上,可抵抗包括重传、跟踪、拒绝服务和篡改等多种外部攻击和内部攻击。     

基于P2P的僵尸网络防治技术研究

针对传统DDo S防御方法只能进行被动防御攻击,无法根除攻击流量这一问题,提出了IP城域网清洗方案。在研究了典型P2P僵尸网络Super Net的架构、传播和引导策略、抖动处理方法、交互和控制策略以及参数选择的基础上,给出了传统防御方法的不足。最后针对现有的僵尸网络,设计了IP城域网清洗方案,同时给出了攻击流量识别方案、引流方案、DDo S流量清洗方案和正常流量回注技术的实现方法。     

Tearing down the Internet

Recent advances in scale-free networks have claimed that their topologies are very weak against attacks. The inhomogeneous connectivity distribution of large-scale current communication networks, such as the Internet, could be exploited by evil hackers in order to damage these systems. However, there have not been many studies on the approaches and consequences of such targeted attacks. In this paper, we propose an in-depth study of the Internet topology robustness to attacks at the network layer. Several attacking techniques are presented, as well as their effects on the connectivity of the Internet. We show that although the removal of a small fraction of nodes (less than 10%) can damage the Internet connectivity, such a node removal attack would still require a large amount of work to be carried out. To achieve this, we study in detail the interactions between the intradomain and interdomain levels of the Internet through the use of an overlay.     

新网络环境下应用层DDoS攻击的剖析与防御

针对新网络环境下近两年新出现的应用层分布式拒绝服务攻击,本文将详细剖析其原理与特点,并分析现有检测机制在处理这种攻击上的不足.最后,本文提出一种基于用户行为的检测机制,它利用Web挖掘的方法通过Web访问行为与正常用户浏览行为的偏离程度检测与过滤恶意的攻击请求,并通过应用层与传输层的协作实现对攻击源的隔离.     

基于NCL电路的抗故障攻击设计研究

作为旁路攻击的一种重要方式,故障攻击为攻击者对密码系统实施攻击提供了更加丰富的信息和手段,并几乎攻破了当前所有主流的密码体制。针对故障攻击的防御问题,大量的防御方案被提出,但大都在空间/时间代价、故障覆盖率等方面存在不足。该文以NCL(Null Convention Logic)电路及双轨编码的强鲁棒性特点为基础,通过综合运用轨间信号同步、传播延迟匹配、非法编码检测及自反馈等手段,提出一种电路级故障攻击防御方法。分析及实验表明,该防御方法能够以较小的代价实现有效的故障检测,抑制各类故障的传播,并能非常方便地扩展至自动化综合过程中。     

Networked intelligent robots through the Internet: issues and opportunities

Intelligent robotic systems have been extensively applied in factory automation, space exploration, intelligent buildings, surgery, military service, and also in our daily life. Various remote control methods have been performed for intelligent robotic systems, such as radio, microwave, computer networks, etc. Nowadays, the computer network services have broadly used in our daily life, such as FTP, Telnet, the World Wide Web, e-mail, etc. Consequently, it is very convenient to use the Internet to control intelligent robot, and the users will increase in the future. In the past few years, many researchers have been using the Internet as a command transmission medium which can control the intelligent robot and obtain feedback signals. Although the Internet has many advantages in a variety of fields, using the Internet to control intelligent robots also has some limitations, such as the uncertain time-delay problem, the uncertain data-loss problem, and the data-transmission security problem. In the literature, many experts proposed various methods to solve these problems. This paper will discuss these methods and analyze the effects on the remote control systems caused by these problems. The intelligent robot can simultaneously present low-level navigational capabilities, medium-level self-positioning capabilities, high-level motion-planning capabilities, and the ability to be controlled through the Internet. The issues for controlling intelligent robots through the Internet will be discussed in terms of direct control, behavior programming control, supervisory control, and learning control. Finally, we enumerate some opportunities for the application of network-based intelligent robots, and present some successful examples of networked intelligent robots in our laboratory. Future trends and concluding remarks appear at the end of this paper.     

分布式拒绝服务攻击研究新进展综述

 分布式拒绝服务攻击一直是网络安全领域的研究难点.本文在进一步分析分布式拒绝服务攻击的危害及其原因的基础上,重点综述了2005年以后对该问题的研究和解决方案,主要包括:基于网络服务提供商的网络过滤、基于校验工作、基于重叠网络和基于网络功能.通过分析它们的优缺点,总结出可部署的解决方案的特点,并对今后的研究进行了展望.     

互联网高级持续性威胁分析取证手段及技术研究

本研究主要对互联网高级威胁及原始流量分析手段及技术进行研究及分析,阐述了该方面研究的现状及主要技术手段,并说明了研究互联网高级威胁重点及难点主要是合理有效的分析手段。本文针对一种新型的、典型的互联网威胁分析系统,该系统针对原始流量进行采集和监控,对流量信息进行深度还原、存储、查询和分析,为及时掌握核心网络及系统的相关互联网安全威胁风险,以及检测漏洞、病毒、木马、网络攻击情况,发现网络安全事件的具体原因及可能存在的风险,对重大互联网安全威胁进行预警及预防,对互联网上存在的恶意行为及威胁进行溯源、分析、取证、处置及预防,提出了一种全新的解决思路,在保障重要信息系统的网络安全方面有了技术及理念性的创新。     

俄罗斯网络战发展研究

作为传统军事强国的俄罗斯,在网络空间这一新型对抗领域中处于先天劣势,加之近年来全球网络空间竞争加剧,俄罗斯与西方国家日益交恶,因此,俄罗斯在重新升华对网络战、网络空间安全认识的同时,加强网络攻击武器装备和技术的研究,其攻击能力明显提高,攻击手段呈现出复杂化、智能化等特点.此外,俄罗斯通过打造国家互联网、军用互联网、国家...     

A novel IPv6 traceback architecture using COPS protocol

In any Distributed Denial of Service (DDoS) attack, invaders may use incorrect or spoofed Internet Protocol (IP) addresses in the attacking packets and thus disguise the actual origin of the attacks. This is primarily due to the stateless nature of the Internet. IP traceback algorithms provide mechanisms for identifying the true source of an IP datagram on the Internet ensuring at least the accountability of cyber attacks. While many IP traceback techniques have been proposed, most of the previous studies focus and offer solutions for DDoS attacks done on Internet Protocol version 4 (IPv4) environment. IPv4 and IPv6 networks differ greatly from each other, which urge the need of traceback techniques specifically tailored for IPv6 networks. In this paper, we propose a novel traceback architecture for IPv6 networks using Common Open-Policy Service and a novel packet-marking scheme. We also provide complete underlying protocol details required for traceback support in IPv6 networks. The proposed architecture is on demand and only single packet is required to traceback the attack.     

A systematic literature review of machine learning applications in IoT

The Internet of Things (IoT) is a network of interconnected smart objects having capabilities that collectively form an ecosystem and enable the delivery of smart services to users. The IoT is providing several benefits into people's lives through the environment. The various applications that are run in the IoT environment offer facilities and services. The most crucial services provided by IoT applications are quick decision for efficient management. Recently, machine learning (ML) techniques have been successfully used to maximize the potential of IoT systems. This paper presents a systematic review of the literature on the integration of ML methods in the IoT. The challenges of IoT systems are split into two categories: fundamental operation and performance. We also look at how ML is assisting in the resolution of fundamental system operation challenges such as security, big data, clustering, routing, and data aggregation.