Treatment of tab characters by a compiler

How expensive is it for a compiler to process horizontal tab characters introduced arbitrarily into program text? The measurements discussed in this note show that if tabs are uniformly expanded by the source text input module of the compiler, the process of reading and tokenizing the source program is slowed by about 20 per cent. This overhead can be completely eliminated by using an ‘extra space count’ in the lexical analyser instead of a uniform expansion.     

察打型无人机攻击航迹控制算法研究

固定翼无人机自身携带激光制导导弹进行对地攻击,需要自身携带的光电转台稳定跟踪目标并进行激光照射,指引导弹命中目标。为满足光电转台稳定跟踪目标的角速度限制及导弹可发射的限制条件,设计一种新型的航迹控制算法。利用基于李雅普诺夫向量场的导航算法,实现无人机从盘旋搜索到发现目标后转入导弹可攻击区并实施攻击的自动航迹控制,并保证无人机在调整姿态的同时光电转台稳定跟踪目标。利用某察打型无人机进行飞行验证,结果证明设计的算法能够较好完成无人机的攻击航迹控制,保证导弹发射。     

基于数学模型的发动机舱盖锁舌曲面优化

针对发动机罩非正常下落导致无法锁止的问题,推导非线性微分方程并采用泛函求解,将工程问题转化为力学数学模型.根据数学模型优化发动机舱盖锁舌曲面,采用有限元法搭建仿真模型.分析结果表明,基于数学模型的有限元法可以高效准确地模拟发动机舱盖关闭过程中锁的实际运动过程,优化结果可为发动机罩锁舌优化提供思路.     

基于攻击意图的复合攻击预测方法研究

入侵检测系统仅能检测到攻击,但不能预测攻击者下一步的攻击.分析了基于攻击行为预测方法的不足,提出了一种基于攻击意图的复合攻击预测方法.该方法使用抽象的攻击意图表示复合攻击,采用扩展的有向图表达攻击意图间的逻辑关系,建立了攻击匹配的攻击意图框架,在复合攻击预测算法中引入了攻击检测度和攻击匹配度两个概念.最后,通过实验验证了该方法的有效性.     

信任攻击建模方法

针对信任环境系统中存在的客观弱点和主观弱点,使用弱点利用规则和信任关系盗用规则来描述信任关系状态之间的转移过程,构建了信任攻击模型TAM。在该模型中,攻击者将客观弱点用于信任级别的提升,将主观弱点用于信任关系传递,将主、客观弱点的综合利用将导致信任关系的渗透与扩散,从而可导致攻击可达距离更大;提出了复杂度为多项式时间的TAM信任关系传递闭包生成算法,该算法可以给出当前弱点状态下的所有信任攻击路径。通过对真实弱点的建模,证明此模型可以对信任的安全性进行综合分析,生成信任攻击图、信任攻击路径等详细信息,展示攻击者和信任主体之间的交互过程,对攻击特征有更好的描述能力,帮助管理者预测所有可能的信任攻击,进而为相应的安全措施的制定提供依据。     

Internet attack mechanisms

Current media is filled with theoretical attacks, vulnerabilities and malicious activities, but the problems that make the news are rarely the ones that result in the common, day to day losses. A Mitnick might be able to mount an obscure sequencing attack against a perceived adversary, but such attacks will fall against virtually any firewall since it depends on a network finding nothing wrong with an internal machine suddenly appearing on the outside. Similarly, a SATAN/SANTA attack will quickly reveal holes but only if you happen to be running Unix with RPC and NFS active. This is not to say that such attacks are not common, just that they require a specific configuration to exist at the attackee's site.     

Blackhole attack: user identity and password seize attack using honeypot

Although the advance of ICT serves convenient lives, the adverse effect lies behind. Attacks such as spreading malicious code and luring users to fake websites via SMS or E-mail using social engineering have often occurred. Phishing, pharming, and smishing are getting diversified recently. The authentication of most websites is processed by simply using ID and password is the reason why the attack methods have been changing. Internet users are vulnerable in the process of authentication because they set and use an identical ID and similar password on different websites. This study discusses the length-related password vulnerability and introduces the method with which a hacker lures Internet users and seizes the users’ ID and password as well as password generation pattern. The paper also suggests that an additional and improved process is necessary to prevent various attacks like seizing account by the attacker.     

基于攻击描述语言的计算机网络攻击演练研究*

提出攻击描述语言(CNADL)面向攻击树建模,采用上下文无关文法设计,描述攻击企图、特征和步骤,由解释器生成相应操作的命令交互执行.基于CNADL在GTNets仿真平台上开发攻击演练系统.实验结果表明,基于CNADL的攻击演练系统能有效地刻画攻击特征,实现了拒绝服务、蠕虫、口令窃取和IP欺骗四种攻击仿真.     

基于攻击树和CVSS的网络攻击效果评估方法

为有效解决网络攻击效果评估中对指标数据的过度依赖性,提高网络攻击效果评估的准确性,提出了一种基于攻击树和CVSS的网络攻击效果评估方法 。首先,采用攻击树模型描述系统可能存在的攻击路径,并利用模糊层次分析法对各叶节点的发生概率进行求解;然后,基于CVSS漏洞信息建立网络攻击效果量化评估模型;最后,采用实例进行验证分析说明。该方法能够充分利用己有的攻击行为研究成果,评估结果较为客观,且思路清晰,算法简单,具有较强的通用性和工程应用价值。     

Attribution of attack trees

An attack tree is a useful analytical technique to model security threats and/or risks, and hence model attacks as actual realizations of the former. Research on attack trees have focused either on applying such trees to model various ranges of security systems, or on advancements to this technique in itself. In this paper, we revisit the notion of attack tree attribution, i.e. how explicit attribute values of child nodes are aggregated to form the attribute of the parent node, and propose a novel attribution approach. We then show using this approach within the context of analyzing the weakest links of security systems, how the weakest link may not necessarily always be so, but instead it depends on the existence of other stronger links within the system.