抵御DoS攻击的认证协议安全方案

认证协议为保证其安全性,通常要使用复杂的密码算法,从而造成DoS攻击隐患.为解决该问题,基于保护协议响应方的立场,综合Cookie方法和工作量证明方法的思想,采用两阶段认证的方法,提出了该一种抵御DoS攻击的认证协议安全方案.对方案进行了框架设计和实现设计,并根据方案建立实验模型.实验结果的分析表明了方案抵御DoS攻击的能力,然后分析了安全方案的安全特性.最后应用安全方案对Helsinki协议进行了改进,增强了该协议的抗DOS攻击能力.     

DoS攻击下电力网络控制系统脆弱性分析及防御

考虑DoS攻击对电力信息物理系统的影响,提出一种电力网络控制系统脆弱节点的检测方法和防御策略,采用分布式控制架构设计传感器和RTU的传输路径.通过求解最稀疏矩阵优化问题,提出一种识别并保护电力通信网脆弱节点和边的方法,保证系统实现安全稳定运行.进一步提出一种可以抵御DoS攻击的电力网络控制系统拓扑设计方法,研究系统遭受DoS攻击时能恢复稳定的电力网络控制系统拓扑连接方式. IEEE 9节点系统用于仿真验证,充分验证了算法的可行性和可靠性,并针对该9节点电力网络控制系统,给出了具体的网络攻击防御策略.     

基于生存性的DoS攻击防御方案

拒绝服务攻击(DoS)是Internet中常见的一种攻击形式,提出一种基于覆盖网络的防御DoS攻击的方案。通过覆盖网络中的冗余资源和自恢复功能确保系统在遭到DoS攻击时仍能提供一定性能的服务,并可自动从攻击中恢复正常。     

一种基于TPM的DoS/DDoS攻击防范方法

提出一种利用可信技术来抵御DoS/DDoS攻击的方法.在现有的网络传输机制中对设备和协议做了一些加强,在攻击发起之时隔离恶意连接请求,以维持服务器正常运作.     

一种基于数据挖掘的拒绝服务攻击检测技术

提出了一种新的、基于数据挖掘的DoS攻击检测技术--DMDoSD,它首先利用Apriori关联算法从原始网络数据中提取流量特征,然后利用K-means聚类算法自适应地产生检测模型,这两种算法的结合能够实时地、自动地、有效地检测DoS攻击.DMDoSD除了向现有的IDS发出攻击报警外,还进一步利用关联算法分析异常网络数据包,确定攻击特征,为DoS攻击的防御提供支持.     

一种基于挑战/应答技术的Kerberos协议改进

Kerberos协议是单点登录(SSO)架构常用的方案之一.论文在研究和分析传统Kerberos协议的基础上,针对协议的不足,提出了一种协议的改进方案.该方案采用基于挑战/应答异步技术的动态口令替代客户端和应用服务器端的主密钥,从而提高抵御字典攻击和重放攻击方面的能力.实验结果证明了该方案的有效性.     

基于主机资源耗损分析防御DoS攻击的算法及实现

随着计算机技术的迅速发展,DoS攻击成为主要的网络安全隐患.从分析主机资源耗损入手,提出了一种防御DoS攻击的一种算法.该算法通过分析系统CPU占用率来判断是否发生DoS攻击和进行DoS攻击的IP数据包,并进一步取缔非法占用的系统资源来保护主机能够正常工作.     

基于支持向量机的P2P网络DoS攻击检测

对等网络技术近年来发展迅速,但其安全性问题一直是P2P网络进一步发展和应用急待解决的重要问题之一。由于对等网络的松散性,基于洪泛式请求的拒绝服务（DoS）攻击已经成为主要威胁之一。文章首先介绍和分析了DoS攻击在对等网络下的特点,然后提出了一种基于支持向量机的P2P环境下DoS攻击的检测模型,该模型能够通过以离线的方式对发生DoS攻击时流的统计特性进行特征提取,并能实时识别攻击的发生。实验证明,这种模型具有较高的检测率和较低的误检率。     

内容中心网络中DoS攻击问题综述

“内容中心网络”（Content Centric Networking,CCN）是未来互联网架构体系群中极具前景的架构之一。尽管CCN网络的全新设计使其能够抵御目前网络存在的大多数形式DoS攻击,但仍引发了新型的DoS攻击,其中危害较大的两类攻击是兴趣包泛洪攻击和缓存污染攻击。这两类DoS攻击利用了CCN网络自身转发机制的安全逻辑漏洞,通过泛洪大量的恶意攻击包,耗尽网络资源,并导致网络瘫痪。与传统IP网络中DoS攻击相比,CCN网络中的内容路由、内嵌缓存和接收者驱动传输等新特征,对其DoS攻击的检测和防御方法都提出了新的挑战。本文首先介绍CCN网络的安全设计和如何对抗已有的DoS攻击,然后从多角度描述、比较CCN中新型DoS攻击的特点,重点阐述了兴趣包泛洪攻击和缓存污染攻击的分类、检测和防御方法,以及它们所面临的问题挑战,最后对全文进行总结。     

一种新的WSN下抵御PDoS攻击的方案

由于无线传感器网络（WSN）具有资源有限、节点脆弱等特点,使得WSN中的节点易受DoS攻击。文章分析了现有方案的存储量和计算量等问题,并指出其存在的缺陷,在此基础上,提出了一种基于三层单向Hash链（TL-OHC）的抵御PDoS攻击的方案。该方案有效地减少了基站的负荷,并且缩短了中间节点的计算时间和计算量。     

A speculative load adaptive streaming scheme for efficient video delivery

Video on demand services require video broadcast schemes to provide efficient and reliable performance under various client request loads. In this paper, we have developed an efficient request load adaptive broadcast scheme, speculative load adaptive streaming scheme (SLAS), that requires lower service bandwidth than previous approaches, regardless of request rate. We have provided both analysis and simulation to show the performance gain over previous schemes. In this paper, we provide the theoretic upper bound of the continuous segment allocations on channels. We found that the number of allocated segments of the SLAS is close to the theoretic upper bound when compared with other schemes over various numbers of stream channels. Our analysis of client waiting time is almost identical to simulation results about all client requests. By simulation, we compared the required service bandwidth and storage requirements of the SLAS scheme and other schemes and found the SLAS scheme is an efficient broadcast scheme as compared to well known seamless channel transition schemes.     

Optimal chaining scheme for video-on-demand applications on collaborative networks

By forwarding the server stream client by client, a chaining-based scheme is a good way to reduce the server streams for streaming applications in well-connected networks. In this paper, we prove that the minimum number of required server streams in such schemes is n-k+1, where n is the number of client requests and k is a value determined by client buffer sizes and the distribution of requests. In addition, we present an optimal chaining algorithm using a dynamic buffer allocation strategy. Compared to existing chaining schemes, our scheme not only utilizes the backward (basic chaining) and/or forward (adaptive chaining) buffer, but also exploits the buffers of other clients in order to extend the chain as much as possible. In this way, more clients can be chained together and served by the same server stream. Our simulation results show that the requirements of the server streams in the presented scheme are much lower those of existing chaining schemes. We also introduce mechanisms for handling VCR functions and fault exceptions in practical applications.     

Design and implementation of MP3-music on demand system using streaming technology

The success of the Internet and the use of broadband in homes have caused a gradual shift in traffic on the Internet from data to multimedia communication. Multimedia applications typically include a large quantity of video/audio information. Streaming technology is normally adopted to handle the transmission of multimedia traffic and thus reduce the buffer requirement on the client side and the service request/response time. This work focuses on the transmission of MP3 music which has a constant bit rate characteristic. The design of both the server side and the client side of the MP3-music on demand (MoD) system with streaming technology, is considered to meet the quality of service (QoS) requirements of MP3 music. A stream buffering technique is used and an adaptive rate control mechanism is applied in combination with a client feedback packet to prevent stream buffer overflow or underflow on the client side, and thereby accommodate the network delay, jitter, and timing deviation between the server machine and the client host. A server self-timing revision scheme is used to reduce the network overhead of the feedback mechanism. The adaptive rate control mechanism is developed and verified using a computer simulation. Finally, for completeness a MoD system is constructed with a low-cost embedded network system to which an Altera FPGA is applied to provide cut-through data movement and an adaptive rate control mechanism is realized to evaluate QoS.     

Server side,play buffer based quality control for adaptive media streaming

Existing media streaming protocols provide bandwidth adaptation features in order to deliver seamless video streams in an abrupt bandwidth shortage on the networks. For instance, popular HTTP streaming protocols such as HTTP Live Streaming (HLS) and MPEG-DASH are designed to select the most appropriate streaming quality based on client side bandwidth estimation. Unfortunately, controlling the quality at the client side means the effectiveness of the adaptive streaming is not controlled by service providers, and it harms the consistency in quality-of-service. In addition, recent studies show that selecting media quality based on bandwidth estimation may exhibit unstable behavior in certain network conditions. In this paper, we demonstrate that the drawbacks of existing protocols can be overcome with a server side, buffer based quality control scheme. Server side quality control solves the service quality problem by eliminating client assistance. Buffer based control scheme eliminates the side effects of bandwidth based stream selection. We achieve this without client assistance by designing a play buffer estimation algorithm. We prototyped the proposed scheme in our streaming service testbed which supports pre-transcoding and live-transcoding of the source media file. Our evaluation results show that the proposed quality control performs very well both in simulated and real environments.     

Adaptive Broadcasting for Similarity Queries in Wireless Content Delivery Systems

We present a new adaptive and energy-efficient broadcast dissemination model that supports flexible responses to client requests. In current broadcast dissemination models, clients must specify precisely what documents they require, and servers disseminate exactly those documents. This approach can be impractical, since in practice, clients may know the characteristics of the documents, but not the document names or IDs. In our model, clients specify the required document using attributes, and servers broadcast documents that match client requests at a prespecified level of similarity. A single document may satisfy several clients, so the server broadcasts a minimal set of documents that achieves a desired level of satisfaction in the client population. We introduce a mechanism for the server to obtain randomized feedback from clients to adapt its broadcast program to client needs. Finally, the server integrates a selective tune-in scheme based on approximate index matching to allow clients to conserve energy. Our simulation results show that our model captures client interest patterns efficiently and accurately and scales very well with the number of clients, while reducing overall client average waiting times. The selective tune-in scheme can considerably reduce the consumption of client energy with moderate waiting time overhead.     

Accelerating task completion in mobile offloading systems through adaptive restart

Mobile application offloading is an efficient technique to unload the burden of intensive computation from thin clients to powerful servers. In a mobile offloading system, cloud computing is utilized to complete some heavy tasks which are migrated from resource-constrained mobile devices to the Cloud. To assure system performance, the quality of the wireless network connection plays an important role. In previous work we experimentally explored the impact of packet loss and delay in wireless networks on the completion time of an offloading task. We investigated a local restart mechanism to mitigate these effects. In the presence of unreliable communication, once the waiting time for the response of a cloud server exceeds a given threshold, exploiting the local resources of a mobile client can accelerate the task completion.In this paper, we upgrade the restart mechanism by allowing several offloading retries before a job eventually is locally restarted and finally completed in the client device itself. This is an adaptive restart scheme which aims first at completing the job using restart with offloading. If several successive offloading attempts fail the job is completed locally. Adaptively selecting the right retry threshold and automatically restarting at the appropriate moment can balance out undesired effects. This paper extends Wang and Wolter (Proceedings of the 6th ACM/SPEC international conference on performance engineering. ACM, pp 3–13, 2015) by adding an adaptive retry scheme, a mathematical derivation of the optimal limit for offloading attempts so as to minimize the task completion time using a greedy method, and by the results of a practical evaluation study which shows the efficiency and benefits of the adaptive restart scheme.     

具有可伸缩性的增强型高级锥形广播算法

镜像金字塔广播算法（MPB）采用镜像的方法来减少金字塔算法（PB）对用户缓存的要求。EMPB算法和APB算法则对该算法做了进一步改进以提高其性能。但APB算法并不具备可伸缩性和最好的性能。通过对这些算法的分析,提出了高效可伸缩高级锥形算法SAPB。该算法能适应不同用户缓存限制,并通过可伸缩参数的选择可获取比上述算法更好的性能,使VoD系统具有很好的灵活性和较强的用户环境适应能力。     

基于视点预测的全景视频码率自适应策略

为解决全景视频传输中存在的视频卡顿多、用户体验质量（quality of experience,QoE）低等问题,研究当前主流的视点自适应传输方案,提出一种基于视点预测的码率自适应策略（VPBAS）。首先,构建了一种基于长短期记忆网络和全卷积网络的视点预测模型,模型将视点数据和视频显著性信息进行特征融合,实现不同模态数据的相互补充和修正,提高视点预测的准确率;然后,客户端采用随机森林算法预测当前的可用带宽,并根据视点预测结果和可用带宽信息为视频分块选择码率。最后,客户端把选择的码率信息定期发送给服务器,服务器根据反馈的信息向客户端推送最佳码率的全景视频流,这种交互过程在视频播放期间不断地重复,直至客户端观看完毕。实验结果表明,与现有传输方案相比,VPBAS能有效提高带宽受限情况下的视频观看体验。     

Interactive visualization of medical volume models in mobile devices

Interactive visualization of volume models in standard mobile devices is a challenging present problem with increasing interest from new application fields like telemedicine. The complexity of present volume models in medical applications is continuously increasing, therefore increasing the gap between the available models and the rendering capabilities in low-end mobile clients. New and efficient rendering algorithms and interaction paradigms are required for these small platforms. In this paper, we propose a transfer function-aware compression and interaction scheme, for client-server architectures with visualization on standard mobile devices. The scheme is block-based, supporting adaptive ray-casting in the client. Our two-level ray-casting allows focusing on small details on targeted regions while keeping bounded memory requirements in the GPU of the client. Our approach includes a transfer function-aware compression scheme based on a local wavelet transformation, together with a bricking scheme that supports interactive inspection and levels of detail in the mobile device client. We also use a quantization technique that takes into account a perceptive metrics of the visual error. Our results show that we can have full interaction with high compression rates and with transmitted model sizes that can be of the order of a single photographic image.     

Pipelining parallel image compositing and delivery for efficient remote visualization

Scientific datasets of large volumes generated by next-generation computational sciences need to be transferred and processed for remote visualization and distributed collaboration among a geographically dispersed team of scientists. Parallel visualization using high-performance computing facilities is a typical approach to processing such increasingly large datasets. We propose an optimized image compositing scheme with linear pipeline and adaptive transport to support efficient image delivery to a remote client. The proposed scheme arranges an arbitrary number of parallel processors within a cluster in a linear order and divides the image into a carefully selected number of segments, which flow through the linear in-cluster pipeline and wide-area networks to the remote client consecutively. We analytically determine the segment size that minimizes the final image display time and derive the conditions where the proposed image compositing and delivery scheme outperforms the traditional schemes including the binary swap algorithm. In order to match the transport throughput for image delivery over wide-area networks to the pipelining rate for image compositing within the cluster, we design a class of transport protocols using stochastic approximation methods that are able to stabilize the data flow at a target rate. The experimental results from remote visualization of large-scale scientific datasets justify the correctness of our theoretical analysis and illustrate the superior performances of the proposed method.