Capturing an intruder in product networks

In this paper, we propose a solution to the problem of capturing an intruder in a product network. This solution is derived based on the assumption of existing algorithms for basic member graphs of a graph product. In this problem, a team of cleaner agents are responsible for capturing a hostile intruder in the network. While the agents can move in the network one hop at a time, the intruder is assumed to be arbitrarily fast in a way that it can traverse any number of nodes contiguously as far as no agents reside in those nodes. Here, we consider a version of the problem where each agent can replicate new agents. Thus, the algorithm starts with a single agent and new agents are created on demand. We propose a novel method for deriving intrusion capturing algorithms based on the abstract idea of spanning search trees. Later, we utilize this method for deriving capturing algorithms for Cartesian product graphs.     

Contiguous Search Problem in Sierpiński Graphs

In this paper we consider the problem of capturing an intruder in a particular fractal graph, the Sierpiński graph SG _n . The problem consists of having a team of mobile software agents that collaborate in order to capture the intruder. The intruder is a mobile entity that escapes from the team of agents, moving arbitrarily fast inside the network, i.e., traversing any number of contiguous nodes as long as no other agent resides on them. The agents move asynchronously and they know the network topology they are in is a Sierpiński graph SG _n . We first derive lower bounds on the minimum number of agents, number of moves and time steps required to capture the intruder. We then consider some variations of the model based on the capabilities of the agents: visibility, where the agents can “see” the state of their neighbors and thus can move autonomously; locality, where the agents can only access local information and thus their moves have to be coordinated by a leader. For each model, we design a capturing strategy and we make some observations. One of our goals is to continue a previous study on what is the impact of visibility on complexity: in this topology we are able to reach an optimal bound on the number of agents required by both cleaning strategies. However, the strategy in the visibility model is fully distributed, whereas the other strategy requires a leader. Moreover, the second strategy requires a higher number of moves and time steps. A preliminary version of this paper has been presented at the 4th International Conference on Fun with Algorithms (FUN’07) 17.     

Cooperative exploration and protection of a workspace assisted by information networks

We develop strategies that enable multiple robots to cooperatively explore an unknown workspace while building information networks. Every robot deploys information nodes with sensing and communication capabilities while constructing the Voronoi diagram as the topological map of the workspace. The resulting information networks constructed by individual robots will eventually meet, allowing for inter-robot information sharing. The constructed information network is then employed by the mobile robots to protect the workspace against intruders. We introduce the intruder capturing strategy on the Voronoi diagram assisted by information networks.     

网络入侵中的检测逃避与计算机取证

本文分析了入侵者用来逃避审计、日志控制及入侵检测机制所采用的工具和技术,描述了入侵者所采用的操作系统和网络策略,及企图对抗计算机取证和逃避检测的隐藏技术。介绍了在安全事件发生之前管理员应当采取的一些准备工作与防范策略。     

An Immunity-based Security Architecture for Mobile Ad Hoc Networks

Mobile ad hoc network of lets convenient infrastructure less communication over the shared wireless channel. However, the nature of ad hoc networks makes them vulnerable to security attacks. Existing security technologies such as intrusion prevention and intrusion detection are passive in response to intrusions in that their countermeasures are only to protect the networks and there is no automated, network-wide counteraction against detected intrusions. While they all play an important role in counteracting intrusion, they do not, however, effectively address the root cause of the problem - intruders. In this paper, wc propose the architecture of automated intrusion response. When an intruder is found in our architecture, the block agents will get to the neighbor nodes of the intruder and formed a firewall to isolate the intruder. In the end, we illustrate our architecture by an example.     

基于不完全信息多阶段博弈的入侵路径预测

随着入侵的推进入侵者掌握的信息会逐步增加,依据新信息入侵者会找到更好的入侵路径并作出调整。为了使防御方能准确预测入侵路径,首先基于超图理论建立动态防御图并提出动态防御图更新方法,对入侵者的信息更新进行预测;然后建立不完全信息多阶段博弈模型对不同阶段入侵者的入侵路径调整进行预测;最后设计基于博弈的动态防御图路径预测算法,对完整的入侵路径进行预测。实验给出对入侵路径进行预测的典型实例,对实例结果的分析说明了模型的合理性与准确性。     

基于AEGM的网络攻击渗透测试预案生成系统

为满足网络安全管理需要,从入侵者角度出发,提出一种面向渗透测试的攻击事件图模型AEGM,并设计实现了一个网络攻击渗透测试预案生成系统。该系统以原子攻击知识库的构建及应用为前提,综合分析了从被测试目标网络脆弱点间的关联衍生出的攻击事件间的逻辑关系。利用前向广度优先搜索策略构建AEGM模型,产生渗透测试方案集,并以成功概率进行最优方案度量。实验结果表明,该方法能够有效生成渗透测试方案集,为网络安全的测试和分析提供有益参考。     

分布式蠕虫蜜罐部署策略分析

蜜罐的捕获能力来自于其数量和分布位置,在同一网络拓扑中,运用合理的部署策略,可以部署最少的蜜罐,在最短的时间内捕获到蠕虫样本。本文讨论了蜜罐以及蠕虫扫描策略的研究内容,对红色代码蠕虫进行了深入的分析,根据随机扫描扫描策略建立了蜜罐部署策略模型,针对红色代码这种网络蠕虫的扫描策略,在模拟环境下对蜜罐部署策略进行了验证。     

An efficient intruder detection algorithm against sinkhole attacks in wireless sensor networks

In a wireless sensor network, multiple nodes would send sensor readings to a base station for further processing. It is known that such a many-to-one communication is highly vulnerable to a sinkhole attack, where an intruder attracts surrounding nodes with unfaithful routing information, and then performs selective forwarding or alters the data passing through it. A sinkhole attack forms a serious threat to sensor networks, particularly considering that the sensor nodes are often deployed in open areas and of weak computation and battery power.In this paper, we present a novel algorithm for detecting the intruder in a sinkhole attack. The algorithm first finds a list of suspected nodes through checking data consistency, and then effectively identifies the intruder in the list through analyzing the network flow information. The algorithm is also robust to deal with multiple malicious nodes that cooperatively hide the real intruder. We have evaluated the performance of the proposed algorithm through both numerical analysis and simulations, which confirmed the effectiveness and accuracy of the algorithm. Our results also suggest that its communication and computation overheads are reasonably low for wireless sensor networks.     

基于移动代理的网管研究

由于计算机网络和通信网络内在的复杂性,并且随着网络的不断发展,传统集中式网络管理已经越来越不能满足实际的需要,采用分布式管理策略已经成为网络管理研究和发展的重要方向。针对目前这种现状,提出基于移动代理的网络管理策略,使得网络管理具有分布式管理的功能,提高网络管理的灵活性和自主性,解决集中式网络管理中存在的缺陷和问题。通过建立移动代理工作运行模型,并在相同的网络条件下,与传统网络管理策略进行分析比较,确立基于移动代理网络管理策略的优势。     

Handwritten Data Clustering Using Agents Competition in Networks

In this paper, we study a new type of competitive learning scheme realized on large-scale networks. The model consists of several agents walking within the network and competing with each other to occupy as many nodes as possible, while attempting to reject intruder agents. In the end of the process, each agent dominates a community (a strongly connected subnetwork). Here, the model is described by a stochastic dynamical system. In this paper, a mathematical analysis for uncovering the system’s properties is presented. In addition, the model is applied to solve handwritten digits and letters clustering problems. An interesting feature is that the model is able to group the same digits or letters even with considerable distortions into the same cluster. Computer simulations reveal that the proposed technique presents high precision of cluster detections, as well as low computational complexity.     

An Adaptive Strategy via Reinforcement Learning for the Prisoner's Dilemma Game

The iterated prisoner's dilemma (IPD) is an ideal model for analyzing interactions between agents in complex networks. It has attracted wide interest in the development of novel strategies since the success of tit-for-tat in Axelrod's tournament. This paper studies a new adaptive strategy of IPD in different complex networks, where agents can learn and adapt their strategies through reinforcement learning method. A temporal difference learning method is applied for designing the adaptive strategy to optimize the decision making process of the agents. Previous studies indicated that mutual cooperation is hard to emerge in the IPD. Therefore, three examples which based on square lattice network and scale-free network are provided to show two features of the adaptive strategy. First, the mutual cooperation can be achieved by the group with adaptive agents under scale-free network, and once evolution has converged mutual cooperation, it is unlikely to shift. Secondly, the adaptive strategy can earn a better payoff compared with other strategies in the square network. The analytical properties are discussed for verifying evolutionary stability of the adaptive strategy.      

An effective attack scenario construction model based on identification of attack steps and stages

International Journal of Information Security - A Network Intrusion Detection System is a network security technology for detecting intruder attacks. However, it produces a great amount of...     

网络数据采集技术研究

随着网络带宽的不断增长,网络安全系统(如网络入侵检测系统--NIDS)对网络数据包捕获能力要求越来越高,为了提高网络数据包的捕获能力以适应当今高速网络环境,本文在分析传统网络数据采集系统的基础上,采用地址映射、零拷贝捕包和零拷贝存储等技术,提出一种新的捕包系统,该系统的性能较传统的方法有了大幅的提高,在千兆网络环境下,能够满足网络安全对网络数据包捕获能力的需求.     

On Confinement of the Initial Location of an Intruder in a Multi-robot Pursuit Game

Research in multi-robot pursuit-evasion demonstrates that three pursuers are sufficient to capture an intruder in a polygonal environment. However, this result requires the confined of the initial location of the intruder within the convex hull of the locations of the pursuers. In this study, we extend this result to alleviate this convexity through the application of a set of virtual goals that are independent of the locations of the pursuers. These virtual goals are solely calculated using the location information of the intruder such that whose locations confine the intruder within their convex hull at every execution cycle. We propose two strategies to coordinate the pursuers. They are the agents votes maximization and the profile matrix permutations strategies. We consider the time, the energy expended, and the distance traveled by the pursuers as metrics to analyze the performance of these strategies in contrast to three different allocation strategies. They are the probabilistic, the leader-follower, and the prioritization coordination strategies.     

Intelligent unmanned anti-theft system using network camera

In this paper, we propose the intelligent unmanned anti-theft system using network cameras. To do this, we use two Internet Protocol (IP) cameras, which are installed at the inside and the outside of the restricted area. First of all, the external camera is used to monitor a potential intruder entering the restricted area in real time. To detect the potential intruder from sequential images obtained by external IP camera, we propose the robust algorithm combining the background modeling, the hybrid silhouette, the convex summation, the morphology and the smoothing. Once the intruder is detected by the external camera, the internal camera with pan-tilt mechanism is then activated and starts tracking the intruder and monitoring the prescribed valuables registered with some feature points in the database. To track the intruder, we propose the tracking algorithm using the background elimination and the histogram. And then, we completes the proposed anti-theft system by using the Scale Invariant Feature Transform (SIFT) algorithm in order to monitor whether the intruder steals the prescribed valuables or not. Finally, we have shown the effectiveness and the applicability of the proposed method through experiments.     

基于免疫网络的策略选择模型研究

研究免疫网络在一类路径选择和规划问题（羊群问题）中的应用。利用免疫网络动力学模型实现羊群问题中主动主体和被动主体之间相互作用,抗体和抗原分别对应选择的策略和动态变化的环境,建立基于免疫网络的主动主体行动策略选择模型。仿真结果表明,该方法中主动主体通过与被动主体之间相互作用,可以比传统方法自发形成概率的、较好的主动主体的行动策略,达到使羊归圈的目的。     

关于企业网络安全问题的探讨

随着网络应用的扩大,企业对于网络的应用过程中安全风险也变得更加严重和复杂,网络安全问题可以导致入侵者到企业内部网上进行攻击、窃取或其它破坏,这些不安全因素都对企业利用网络构成严重的安全威胁。以下主要介绍了企业网络安全影响因素及其对策。     

Windows平台下网络数据包捕获的设计与实现

对网络数据包进行分析是入侵检测技术通常采用的方法,Winpcap提供了Windows平台下捕获数据包的功能,使用vc6.0开发工具结合Winpcap开发包可以方便的在Windows平台下捕获网络数据包,包捕获模块采用线程实现,可以提高捕获效率。文中给出了包捕获的详细设计方案和捕获流程,对捕获原理进行了简单介绍和分析。     

基于潜信道的IPSec密钥恢复方案

传统密钥恢复协议采取增加密钥恢复字段的方法,恶意攻击者容易辨别具备密钥恢复功能的数据包,并进行过滤阻挠。该文将潜信道密钥恢复与具体协议相结合,提出基于IPSec协议的密钥恢复方案。该方案易于实施,数据包具有不可过滤性,可避免恶意攻击者的过滤阻挠,进行有效的网络监控。