Randomized gossip algorithms under attack

Recently, gossip-based algorithms have received significant attention for data aggregation in distributed environments. The main advantage of gossip-based algorithms is their robustness in dynamic and fault-prone environments with unintentional faults such as link failure and channel noise. However, the robustness of such algorithms in hostile environments with intentional faults has remained unexplored. In this paper, we call attention to the risks which may be caused by the use of gossip algorithms in hostile environments, i.e., when some malicious nodes collude to skew aggregation results by violating the normal execution of the protocol. We first introduce a model of hostile environment and then examine the behavior of randomized gossip algorithms in this model using probabilistic analysis. Our model of hostile environment is general enough to cover a wide range of attacks. However, to achieve stronger results, we focus our analysis on fully connected networks and some powerful attacks. Our analysis shows that in the presence of malicious nodes, after some initial steps, randomized gossip algorithms reach a point at which the lengthening of gossiping is harmful, i.e., the average accuracy of the estimates of the aggregate value begins to decrease strictly.     

Risk-based attack strategies for mobile ad hoc networks under probabilistic attack modeling framework

In this paper, we introduce and design a modeling framework that allows for the study and analysis of attack propagation in mobile ad hoc networks. The choice of a statistical approach for the problem is motivated by the dynamic characteristics of the ad hoc topology and the stochastic nature of threat propagation. Based on this probabilistic modeling framework, we study the impact of topology and mobility in the propagation of software threats over ad hoc networks. We design topology control algorithms that indicate how to properly adjust an attacker’s transmission radius, according to the measured topological characteristics and availability of its resources, in the process of infecting a network more effectively. Then based on these topology control algorithms we develop different attack strategies that may range from independent attacks to cooperative scenarios in order to increase the negative impact of an attack on the network. Our performance evaluation results demonstrate that the proposed topology control algorithms and respective attack strategies effectively balance the tradeoffs between the potential network damage and the attackers’ lifetime, and as a result significantly outperform any other flat and threshold-based approaches.     

Network security under siege: the timing attack

Although most encryption algorithms are theoretically secure and remain impervious to even the most sophisticated cryptanalytic techniques, new attacks like the timing attack exploit the engineering side of network security. A timing attack is basically a way of deciphering a user's private key information by measuring the time it takes to carry out cryptographic operations. Factors such as branching and conditional statements, RAM cache hits, processor instructions that run in nonfixed time, as well as performance optimizations to bypass unnecessary operations, all contribute to predictability and therefore to the probability of key decryption     

Security of autoregressive speech watermarking model under guessing attack

The security of the "autoregressive (AR) watermark in AR host" signal model is investigated. It is demonstrated through analysis and Monte Carlo simulation that the AR watermarking model is asymptotically as secure as the "white watermark in white host" model under the guessing attack.     

不同攻击模式下城市公交网络抗毁性分析

为了保证城市公交网络的安全运营、提高整个交通网络运行效率,以成都市公交网络为例,分析了该网络的拓扑结构特性,研究了该网络在随机攻击和蓄意攻击下的抗毁性。仿真结果表明,网络在随机攻击和基于节点度的攻击下连续移除节点的数目几乎不对网络的抗毁性产生影响,而在基于节点介数和效率的攻击下连续移除的节点个数越少,网络的抗毁性越差;基于节点介数的攻击对网络抗毁性产生的影响要比随机、基于节点度和效率更为显著。     

软件定义网络环境下的低速率拒绝服务攻击检测方法

低速率拒绝服务（LDoS）攻击是一种拒绝服务（DoS）攻击改进形式,因其攻击平均速率低、隐蔽性强,使得检测LDoS攻击成为难点。针对上述难点,提出了一种在软件定义网络（SDN）的架构下,基于加权均值漂移-K均值算法（WMS-Kmeans）的LDoS攻击检测方法。首先,通过获取OpenFlow交换机的流表信息,分析并提取出SDN环境下LDoS攻击流量的六元组特征;然后,利用平均绝对值百分比误差作为均值漂移聚类中欧氏距离的权值,以此产生的簇心作为K-Means的初始中心对流表进行聚类,从而实现LDoS攻击的检测。实验结果表明：在SDN环境下,所提方法对LDoS攻击具有较好的检测性能,平均检测率达到99.29%,平均误警率和平均漏警率分别为1.97%和0.69%。     

两种网络环境中权限提升攻击分析与对比

为了分析分离映射网络对权限提升攻击的缓解作用,提出了一种基于损失期望的攻击图建模评估方法.首先根据网络状态和脆弱性信息确定属性节点和原子攻击节点,生成攻击图,然后根据攻击者选取的攻击序列计算其对目标网络造成损失的期望值.基于该方法对两种网络环境中权限提升攻击情况进行了建模分析对比,结果表明分离映射网络对权限提升攻击起到了良好的缓解作用,较传统网络具有明显的安全优势.     

A bilevel fixed charge location model for facilities under imminent attack

We investigate a bilevel fixed charge facility location problem for a system planner (the defender) who has to provide public service to customers. The defender cannot dictate customer-facility assignments since the customers pick their facility of choice according to its proximity. Thus, each facility must have sufficient capacity installed to accommodate all customers for whom it is the closest one. Facilities can be opened either in the protected or unprotected mode. Protection immunizes against an attacker who is capable of destroying at most r unprotected facilities in the worst-case scenario. Partial protection or interdiction is not possible. The defender selects facility sites from m candidate locations which have different costs. The attacker is assumed to know the unprotected facilities with certainty. He makes his interdiction plan so as to maximize the total post-attack cost incurred by the defender. If a facility has been interdicted, its customers are reallocated to the closest available facilities making capacity expansion necessary. The problem is formulated as a static Stackelberg game between the defender (leader) and the attacker (follower). Two solution methods are proposed. The first is a tabu search heuristic where a hash function calculates and records the hash values of all visited solutions for the purpose of avoiding cycling. The second is a sequential method in which the location and protection decisions are separated. Both methods are tested on 60 randomly generated instances in which m ranges from 10 to 30, and r varies between 1 and 3. The solutions are further validated by means of an exhaustive search algorithm. Test results show that the defender's facility opening plan is sensitive to the protection and distance costs.     

数据注入攻击下ICPS的自适应事件触发弹性控制

为使工业信息物理系统(ICPS)抵御数据注入攻击, 本文研究了事件触发弹性控制策略, 采用自适应事件触发以减少通信资源, 构建攻击估计器以降低攻击对系统性能的影响. 通过H∞渐近稳定性准则推导估计器参数, 采用Lyapunov-Krasovskii函数推导事件触发、数据注入攻击、网络延迟和弹性控制器之间的定量关系. 以二自由度质量–弹簧–阻尼串联系统为被控对象, MATLAB仿真验证基于自适应事件触发的ICPS在数据注入攻击下的系统性能,结果表明所采取策略能保证系统的稳定性, 并有效减少通信资源.