防范电子商务信用骗取的种群共存模型

通过一个简化的演化博弈模型,发现由于信用体系存在技术上或规则上的潜在漏洞,以及交易者是自利理性的,电子商务信用骗取行为的出现不可避免。为此构建种群共存模型,分析信用评级与交易者之间不同关系的稳定演化结果,提出建立一种与交易者“独立共存”的新型信用体系以有效防范信用骗取。仿真实验很好地支持了上述结论。     

一种新的WSN下抵御PDoS攻击的方案

由于无线传感器网络（WSN）具有资源有限、节点脆弱等特点,使得WSN中的节点易受DoS攻击。文章分析了现有方案的存储量和计算量等问题,并指出其存在的缺陷,在此基础上,提出了一种基于三层单向Hash链（TL-OHC）的抵御PDoS攻击的方案。该方案有效地减少了基站的负荷,并且缩短了中间节点的计算时间和计算量。     

一种能抵抗拒绝服务攻击的RFID安全认证协议

在分析现有一些RFID认证协议的基础上,采用流密码加密和密钥动态更新的方法设计了一种能抵抗拒绝服务攻击的RFID安全认证协议。对该协议的安全性和性能进行了分析,结果表明协议能够有效防止拒绝服务攻击、隐私攻击、窃听攻击、重传攻击,同时解决了RFID的隐私问题。     

Defending against the propagation of active worms

Active worms propagate across networks by employing the various target discovery techniques. The significance of target discovery techniques in shaping a worm’s propagation characteristics is derived from the life cycle of a worm. The various target discovery techniques that could be employed by active worms are discussed. It is anticipated that future active worms would employ multiple target discovery techniques simultaneously to greatly accelerate their propagation. To accelerate a worm’s propagation, the slow start phase in the worm’s propagation must be shortened by letting the worm infect the first certain percentage of susceptible hosts as soon as possible. Strategies that future active worms might employ to shorten the slow start phase in their propagation are studied. Their respective cost-effectiveness is assessed. A novel active defense mechanism is proposed, which could be an emerging solution to the active worm problem. Our major contributions in this article are first, we found the combination of target discovery techniques that can best accelerate the propagation of active worms; second, we proposed several strategies to shorten a worm’s slow start phase in its propagation and found the cost-effective hit-list size and average size of internally generated target lists; third, we proposed a novel active defense mechanism and evaluated its effectiveness; and fourth, we proposed three novel discrete time deterministic propagation models of active worms.     

Execution transactions for defending against software failures: use and evaluation

We examine the problem of containing buffer overflow attacks in a safe and efficient manner. Briefly, we automatically augment source code to dynamically catch stack and heap-based buffer overflow and underflow attacks, and recover from them by allowing the program to continue execution. Our hypothesis is that we can treat each code function as a transaction that can be aborted when an attack is detected, without affecting the application's ability to correctly execute. Our approach allows us to enable selectively or disable components of this defensive mechanism in response to external events, allowing for a direct tradeoff between security and performance. We combine our defensive mechanism with a honeypot-like configuration to detect previously unknown attacks, automatically adapt an application's defensive posture at a negligible performance cost, and help determine worm signatures. Our scheme provides low impact on application performance, the ability to respond to attacks without human intervention, the capacity to handle previously unknown vulnerabilities, and the preservation of service availability. We implement a stand-alone tool, DYBOC, which we use to instrument a number of vulnerable applications. Our performance benchmarks indicate a slow-down of 20% for Apache in full-protection mode, and 1.2% with selective protection. We provide preliminary evidence toward the validity of our transactional hypothesis via two experiments: first, by applying our scheme to 17 vulnerable applications, successfully fixing 14 of them; second, by examining the behavior of Apache when each of 154 potentially vulnerable routines are made to fail, resulting in correct behavior in 139 cases (90%), with similar results for sshd (89%) and Bind (88%).     

基于移动Agent的DDoS攻击综合防御模型

分布式拒绝服务（DDoS）攻击已成为网络最大的安全威胁之一,传统检测防御方法由于多采用单一防范措施很难对其彻底防范。利用移动Agent特性,在设计上整合多种防御方法,构造了一种综合的主动检测防御模型,并详细设计了模型中移动Agent的组成元件,力求解决存在的单点失效、被动防御等问题,使得该模型具有良好的健壮性和可扩展性。     

Defending against hitlist worms using network address space randomization

Worms are self-replicating malicious programs that represent a major security threat for the Internet, as they can infect and damage a large number of vulnerable hosts at timescales where human responses are unlikely to be effective. Sophisticated worms that use precomputed hitlists of vulnerable targets are especially hard to contain, since they are harder to detect, and spread at rates where even automated defenses may not be able to react in a timely fashion.This paper examines a new proactive defense mechanism called Network Address Space Randomization (NASR) whose objective is to harden networks specifically against hitlist worms. The idea behind NASR is that hitlist information could be rendered stale if nodes are forced to frequently change their IP addresses. NASR limits or slows down hitlist worms and forces them to exhibit features that make them easier to contain at the perimeter. We explore the design space for NASR and present a prototype implementation as well as experiments examining the effectiveness and limitations of the approach.     

BGP协议防御DDoS攻击的方法浅析

BGP(Border Gateway Protocol)协议是Internet中应用最广泛的自治系统间路由协议,它通过面向连接的TCP(Transfer Control Protocol)协议保障路由信息的可靠转发。然而,以DDoS(Distributed Denial of Service)为代表的网络攻击对基于TCP的应用协议产生了严重的威胁。保护BGP协议较为常见的方法是在网络边缘添加防火墙、流量分析仪等安全设备。从分析BGP邻居的建立过程及DDoS的攻击特点入手,提出一种新的思路,在不增加运营成本的前提下,实现BGP协议对DDoS的防御。     

嵌入式系统安全中缓冲区溢出防止技术的研究与实现

提出将嵌入式系统下缓冲区溢出分为堆栈溢出攻击和指针攻击两类,并基于该分类提出软硬件结合的防范缓冲区溢出方法,针对两类缓冲区溢出分别采用基于硬件的堆栈保护技术和指针保护技术来防范.与[2]中的软硬件防范技术(HSDefender)相比,本文的方法进一步实现了数据指针的保护.     

基于良性蠕虫对抗P2P蠕虫的策略研究

随着P2P软件的推广与普及, P2P蠕虫已成为P2P网络安全的主要威胁之一,P2P蠕虫基于hit-list攻击邻居节点,具有隐蔽性好、攻击性强等特点。基于混合型良性蠕虫概念设计出自动优先趋进优质节点(APTHQN)的对抗策略,合理利用优质节点的拓扑优势,有效适应了P2P网络的动态性。实验仿真结果表明,采用此策略的良性蠕虫在保持较少的网络资源消耗同时,高效地抑制了P2P蠕虫的传播。     

嵌入式系统安全中缓冲区溢出防止技术的研究与实现

提出将嵌入式系统下缓冲区溢出分为堆栈溢出攻击和指针攻击两类,并基于该分类提出软硬件结合的防范缓冲区溢出方法,针对两类缓冲区溢出分别采用基于硬件的堆栈保护技术和指针保护技术来防范。与[2]中的软硬件防范技术(HSDefender)相比,本文的方法进一步实现了数据指针的保护。     

Treating scalability and modelling human countermeasures against local preference worms via gradient models

A network worm is a specific type of malicious software that self propagates by exploiting application vulnerabilities in network-connected systems. Worm propagation models are mathematical models that attempt to capture the propagation dynamics of scanning worms as a means to understand their behaviour. It turns out that the emerged scalability in worm propagation plays an important role in order to describe the propagation in a realistic way. On the other hand human-based countermeasures also drastically affect the propagation in time and space. This work elaborates on a recent propagation model (Avlonitis et al. in J Comput Virol 3, 87–92, 2007) that makes use of Partial Differential Equations in order to treat correctly scalability and non-uniform behaviour (e.g., local preference worms). The aforementioned gradient model is extended in order to take into account human-based countermeasures that influence the propagation of local-preference worms in the Internet. Certain aspects of scalability emerged in random and local preference strategies are also discussed by means of random field considerations. As a result the size of a critical network that needs to be studied in order to describe the global propagation of a scanning worm is estimated. Finally, we present simulation results that validate the proposed analytical results and demonstrate the higher propagation rate of local preference worms compared with random scanning worms.     

一种IPv6环境下实时DDoS防御方法

现有的DDoS防御方法大多是针对传统IPv4网络提出的,而且它们的防御实时性还有待进一步提高。针对这种情况,提出了一种IPv6环境下实时防御DDoS的新方法,其核心思想是首先在受害者自治系统内建立决策判据树,然后依据决策判据1和2对该树进行实时监控,如果发现攻击,就发送过滤消息通知有关实体在受害端和源端一起对攻击包进行过滤,从而保护受害者。实验证明,该方法能够在秒钟数量级检测到攻击并且对攻击包进行过滤,能有效地防范多个DDoS攻击源。另外,该方法还能准确地区分攻击流和高业务流,可以在不恢复攻击路径的情况下直接追踪到攻击源所在的自治系统（甚至是子网）。     

IP traceback-based intelligent packet filtering: a novel technique for defending against Internet DDoS attacks

Distributed Denial of Service (DDoS) is one of the most difficult security problems to address. While many existing techniques (e.g., IP traceback) focus on tracking the location of the attackers after-the-fact, little is done to mitigate the effect of an attack while it is raging on. We present a novel technique that can effectively filter out the majority of DDoS traffic, thus improving the overall throughput of the legitimate traffic. The proposed scheme leverages on and generalizes the IP traceback schemes to obtain the information concerning whether a network edge is on the attacking path of an attacker ("infected") or not ("clean"). We observe that, while an attacker will have all the edges on its path marked as "infected," edges on the path of a legitimate client will mostly be "clean". By preferentially filtering out packets that are inscribed with the marks of "infected" edges, the proposed scheme removes most of the DDoS traffic while affecting legitimate traffic only slightly. Simulation results based on real-world network topologies all demonstrate that the proposed technique can improve the throughput of legitimate traffic by three to seven times during DDoS attacks.     

DDoS攻击原理与防御

该文介绍了DDoS攻击原理和攻击过程,从预防、检测和响应3个方面分析了防御DDoS攻击的技术和方法,阐述了几种较为典型的应用。最后,针对目前DDoS攻击防御研究现状提出了防御攻击的方法和建议。     

网站平台安全防入侵问题解决方法与实现

信息技术与加、解密算法的不发展使维护信息系统安全的难度也随之越来越大。在网站给人们带来巨大便利的同时，也带来了一个不容忽视的问题——网站平台的安全．本文就围绕这个问题提出了自己的一些解决方案与方法．     

RFID重加密技术中的一种防置换攻击算法

重加密技术是解决RFID（射频识别）安全问题的一种方法,它周期性地改变标签名以防止标签跟踪。重加密要求标签名可修改,这就使得攻击者可以交换两个合法标签的标签名,形成置换攻击。防置换攻击仍然是重加密中未完全解决的问题,其难点在于防置换攻击时需保持标签匿名性。提出了一种重加密中的防置换攻击算法,在“攻击失效”模型下,实现了防ID置换攻击和公钥置换攻击,并给出了证明。该算法要求标签内增加一个硬件乘法器,目前的RFID芯片水平可实现该要求。     

开放系统的恶意代码防御模型

提出了一个适用于开放系统环境的恶意代码防御模型。把系统内部划分为可信域和不可信域,可信域由已标识客体和已授权主体构成,不可信域由未标识客体和未授权主体构成。为把低完整性级别的信息限制在不可信域以防范恶意代码对可信域的渗透和攻击,定义了主体授权规则、客体访问规则和主体通信规则。为使可信域可以安全地同外界进行信息交换,引入了可信完整性部件。可信完整性部件由安全性检查部件和可信度提升部件构成,其中前者对所有要进入可信域的客体进行安全性检查,后者把经检查被认为是安全的客体转移到可信域并提升其完整性级别,从而在不损害安全性的前提下提高系统的可用性。     

CAD of worms and their machining tools

To develop high-quality products, geometric modeling is needed in gear engineering to calculate the workpiece and tool geometry of worms, threads, or similar mechanical elements that can be described by helical or rotatory surfaces and that are to be generated by milling, grinding, or whirling. A survey will be given on the theoretical background, corresponding procedures, and illustrating examples of application concerning: (a) design of gear or worm profiles by means of curve primitives, their motion and manipulation; (b) calculation of conjugate gear profiles subjected to trochoidal motion; (c) calculation of arbitrary plane intersections of helicoids; and (d) calculation of the rotatory machining tool surface for a given worm and the inverse problem, including the solution of the undercut problem. Basic to the achieved integrated approach to CAD/CAM in this field is a discrete curve representation as sequence of points, tangent lines, and osculating circles providing higher geometrical information about curve and surface shape, which is also of high functional and economical importance for technological decisions.