MTD增强的网络欺骗防御系统

计算机网络正在飞速发展,但随之而来的系统破坏、信息泄露等网络安全问题也日益突出。攻击者在正式攻击前通常进行大量的网络侦查,以发现目标网络和系统上的可利用漏洞,而传统网络系统中的静态配置为攻击者发现网络目标和发起攻击提供了极大的优势。为了减轻攻击者持续性网络侦查攻击的有效性,基于软件定义网络开发了移动目标防御（moving target defense,MTD）增强的网络欺骗防御系统。该系统采用网络欺骗技术,混淆攻击者收集到的目标网络和系统信息,延长攻击者扫描到网络内真实脆弱性主机的时间,提高其时间成本;并在此基础上融合移动目标防御技术,动态随机地变换网络内节点的IP地址,增强网络欺骗系统的防御效能。实现了系统原型并对其进行评估,在虚拟网络拓扑规模为3个网段且地址变换周期为30 s的配置下,该系统将攻击者发现脆弱性主机的时间平均延迟7倍,将攻击者成功攻击脆弱性主机的概率降低83%,同时系统额外开销平均在8%以内。     

基于最优停止理论的网络欺骗防御策略优化

网络欺骗防御已经成为网络主动防御的重要手段.网络欺骗防御系统中,防御方主动释放部分有效信息来迷惑攻击者,受到诱骗的攻击者则会在欺骗诱捕环境中实施进一步攻击,直至攻击者识破诱骗手段或防御方主动驱逐攻击者.为研究如何在达到有效防御效果的同时,尽量减少欺骗环境所释放的有效信息,分别分析了欺骗防御模型和最优停止理论问题模型,确...     

基于演化博弈的拟态防御策略优化

网络空间拟态防御是近些年出现的一种主动防御理论,以异构冗余和动态反馈机制不断调整执行环境来抵抗攻击。然而,面对黑客的多样化攻击手段,仅凭借拟态防御抵抗攻击是不安全的。为了增强系统的安全防御能力,本文在目前已有的防御系统基础上提出更为合理的防御选取方法。将有限理性的演化博弈引入到拟态防御中,构建了由攻击者、防御者和合法用户组成的三方演化博弈模型,并提出了最优防御策略求解方法。该博弈模型利用复制动态方程得到了演化稳定策略。仿真实验结果表明,系统通过执行推理的演化稳定策略可以降低损失,遏制攻击方的攻击行为,对拟态防御系统中防御策略选取和安全性增强具有一定的借鉴意义。     

入侵检测系统中的蜜罐技术应用

蜜罐作为一种主动的安全防御技术被引入网络安全领域。它的价值体现在它希望被攻击和威胁以获得攻击者更多的信息和攻击技术。同时通过吸引攻击者的攻击而保护真正的系统。     

入侵检测系统中的蜜罐技术应用

蜜罐作为一种主动的安全防御技术被引入网络安全领域。它的价值体现在它希望被攻击和威胁以获得攻击者更多的信息和攻击技术。同时通过吸引攻击者的攻击而保护真正的系统。     

一种基于交互行为的DDoS攻击防御方法

现有的DDoS攻击防御方法,通常由受害系统在对攻击流量进行分析的基础上识别出攻击者并进而采取相应的措施,而攻击特征的隐蔽性使得识别正确率很低。针对这一情况,提出了一种基于交互行为的DDoS攻击防御方法,该方法由受害系统在同客户进行交互的过程中识别出攻击者;并将应用目标与攻击防御相结合,建立了一个包括系统监测、攻击识别以及访问控制功能模块在内的整体模型;最后将该模型应用于Apache服务器,实验证明该方法是实用有效的。     

基于流量行为的DDoS检测系统

针对传统攻击检测算法不能实时识别攻击源和受害者的问题,基于对单用户流量行为的分析,设计实现一种实时的DDoS洪流攻击检测和防御系统。通过周期性地检测每个用户发送和接收的流量,判断其是否满足TCP和UDP协议行为的时间同步性,从而有效识别攻击者、受害者和正常用户,并且实时过滤攻击流量和转发正常流量。测试结果表明,该系统能够在攻击早期实时地检测出攻击者并过滤其流量,防御效果明显。     

基于时间自动机的入侵意图动态识别方法

入侵意图识别是在具体的网络环境下,根据攻击者的攻击行为和系统防护措施来推理和判断攻击者想要达到的最终目标.针对网络安全领域中的攻防对抗和动态特性,提出一种入侵意图的动态识别方法.该方法利用D-S证据理论融合入侵检测系统的报警信息来提炼攻击者的行为及其可信度,并结合系统响应信息应用时间自动机来实时描述脆弱性的状态变迁过程.然后在层次化的攻击路径图中,根据节点的状态和节点间的依赖关系计算攻击者真实入侵意图的概率.实验结果验证了此方法的有效性.     

工业信息物理系统的攻击建模研究

无线通信网络的脆弱性使得工业信息物理系统易遭受各类网络攻击.为了更深入地了解不同网络攻击的特征进而建立有效的防御措施,构建一种线性时不变离散系统的工业信息物理系统结构;深入研究信息物理系统攻击者攻击空间及攻击者攻击模型,采用控制理论方法研究攻击空间模型的模型知识、披露资源和破坏资源的数学表达;对拒绝服务攻击、重放攻击、虚假数据注入攻击3种典型网络攻击的基本特性,以及对应攻击下攻击模型的表现形式进行分析.通过Simulink/Truetime仿真工具对破坏性和隐蔽性性能进行仿真实验.结果表明,所研究的攻击空间模型及攻击者攻击模型能够有效地描述网络攻击的攻击特性.     

动态平台技术防御攻击的瞬态效能量化分析

移动目标防御（Moving Target Defense,MTD）是一种主动防御策略,而动态平台技术（Dynamic Platform Techniques,DPT）是MTD在平台层面的一种具体实现方案,其通过在脆弱网络系统中构建随机动态变化的运行平台,来提高脆弱网络系统中网络服务被探测和被攻击的复杂度,从而提高关键网络服务的安全性。目前状态空间模型已应用于MTD效能的量化分析,但仅用于稳态分析;而对于关键网络服务,DPT瞬态效能量化分析极为重要。本文通过分析脆弱网络系统中网络服务的可生存性,来实现DPT防御攻击的瞬态效能量化分析。本文构建了基于马尔可夫链的可生存性模型,用于捕捉从系统漏洞被披露到漏洞被消除这段时期内,攻击者、网络服务和防御机制三者之间的动态行为;定义了相关评估指标并给出了计算公式;进行了数值实验,利用构建的模型和指标计算公式,分析关键参数对DPT效能的影响,并设计了被动防御机制作为对比实验,以突显DPT的效能。     

Survivability evaluation towards attacked WSNs based on stochastic game and continuous-time Markov chain

Because a large number of Wireless Sensor Networks (WSNs) are deployed in unsafe surroundings, the survivability evaluation towards attacked WSNs has become a critical issue. Due to its popularity, the cluster-based structure of WSNs in this paper is selected to be studied and regarded as a serial-parallel system according to its characteristics. In order to set up the relation between the intention of attack behaviors and the randomness of continuous-time Markov chain (CTMC), we construct an attack-prediction stochastic game that is able to attain the attack probabilities adopted by the attacker in different states. Therefore, the consequence from a successful attack can be modeled as a deliberate state change of the CTMC. Upon this, the state transition matrix describing various states during the lifetime of an attacked sensor node can be formed. We are then able to compute the MTTF (Mean Time To Failure) of an attacked sensor node in perspective of CTMC. Based on the classical reliability theory, we thus propose a mechanism of survivability evaluation for attacked WSNs, which is composed of the reliability, survival lifetime, and availability in the steady state. Our experiments show the influence degree of the game parameters to the expected motivation of the attacker as well as disclose the relation between the MTTF of an attacked sensor node and the expected motivation of the attacker. In addition, the effectiveness of our survivability evaluation metrics is validated. These results will be able to build up the theoretical foundation to guide the design of highly survival WSNs.     

基于LSTM的集群用户作业执行时间预测模型

为提升服务质量,数据中心需要确保在规定的截止时间前完成用户作业,因此必须根据实时的系统资源对作业进行有效的调度。提出了一种作业调度算法,根据预测的作业执行时间进行批作业调度,以最小化批作业的完成时间。作业执行时间预测模型基于长短期记忆LSTM网络,根据用户作业类型、作业量、作业需要的CPU核数和内存数量,以及作业需要的资源在系统总资源中的占比,对用户作业的执行时间进行预测。预测结果用于判断集群是否有能力按时完成用户作业,同时为合理安排各作业的执行顺序提供依据。通过实验确定了影响LSTM时间预测模型性能的各超参数取值,如迭代次数、学习率和网络层数等。实验表明,与SVR模型、ARIMA模型和BP模型相比,基于LSTM的作业执行时间预测模型的决定系数R²分别有2.97%,2.34%和5.66%的提升效果,且预测的平均误差仅为0.78%。     

Improving responsiveness of soft aperiodic tasks using proportional slack time

In a real-time system with both hard real-time periodic jobs and soft real-time aperiodic jobs, it is important to guarantee that the deadline of each periodic job is met, as well as to provide a fast response time for each aperiodic job. We propose an algorithm, called Proportional Slack Reserve (PSR), that produces an efficient schedule for such an environment. For every execution unit of a periodic job, the PSR algorithm reserves time which can be used for execution of aperiodic jobs. If reserved time is not available, the algorithm assigns a deadline to an aperiodic job for achieving better responsiveness of aperiodic jobs. The proposed algorithm can fully utilize processing power while meeting all deadlines of periodic jobs. It can also easily reclaim the time unused by the periodic job. We analytically show that for each aperiodic job, the response time in a PSR schedule is no longer than that in a TBS schedule, which is known to be efficient for servicing aperiodic jobs. We also present simulation results in which the response time of PSR is significantly improved over that of TBS, and moreover the performance of PSR compares favorably with TB(N) considering scheduling overhead.     

Designing a MapReduce performance model in distributed heterogeneous platforms based on benchmarking approach

MapReduce framework is an effective method for big data parallel processing. Enhancing the performance of MapReduce clusters, along with reducing their job execution time, is a fundamental challenge to this approach. In fact, one is faced with two challenges here: how to maximize the execution overlap between jobs and how to create an optimum job scheduling. Accordingly, one of the most critical challenges to achieving these goals is developing a precise model to estimate the job execution time due to the large number and high volume of the submitted jobs, limited consumable resources, and the need for proper Hadoop configuration. This paper presents a model based on MapReduce phases for predicting the execution time of jobs in a heterogeneous cluster. Moreover, a novel heuristic method is designed, which significantly reduces the makespan of the jobs. In this method, first by providing the job profiling tool, we obtain the execution details of the MapReduce phases through log analysis. Then, using machine learning methods and statistical analysis, we propose a relevant model to predict runtime. Finally, another tool called job submission and monitoring tool is used for calculating makespan. Different experiments were conducted on the benchmarks under identical conditions for all jobs. The results show that the average makespan speedup for the proposed method was higher than an unoptimized case.

     

Detection and mitigation of actuator attacks on small unmanned aircraft systems

Unmanned aircraft systems (UAS) are susceptible to malicious attacks originated by intelligent adversaries, and the actuators constitute one of the critical attack surfaces. In this paper, the problem of detecting and mitigating attacks on the actuators of a small UAS is addressed. Three possible solutions of differing complexity and effectiveness are proposed to address the problem. The first method involves an active detection strategy, whereby carefully designed excitation signals are superimposed on the control commands to increase the detectability of the attack. In the second method, an unknown input observer is designed, which in addition to detecting the attack also estimates the magnitude of the attack. The third method entails designing an actuator system that makes use of variable frequency pulse-width modulated signals to improve the resilience of the actuator against malicious attacks. The effectiveness of the proposed methods is demonstrated using flight experiments and realistic MATLAB simulations that incorporate exogenous disturbances, such as steady winds, atmospheric turbulence, and measurement noise.     

面向端到端溯源攻击对手的Tor安全性模型

Tor匿名通信系统在全球范围内被广泛部署与使用,但其抵御溯源攻击的能力有待进一步建模分析。为精确衡量Tor用户在端到端溯源攻击下的安全性,综合Tor节点选择算法、用户使用模式、溯源攻击对手能力等要素,建立针对端到端溯源攻击对手的Tor安全性模型。经实验验证与分析结果表明,该模型可在统计意义下较精确计算对手捕获通信链路的概率及次数,以此衡量不同端到端溯源攻击对手对用户安全性的破坏程度。     

分布式系统中计算作业流的均衡调度算法

分布式系统中计算作业流被映射到节点后无法进行动态调整,使关键作业无法及时执行而造成作业间等待。针对该问题,提出一种计算作业流均衡调度算法。算法对映射到分布式节点的作业根据其依赖关系得出阶位值,依据该值在分布式节点上进行动态优先值调整,使关键作业尽早完成,减少作业之间的等待,缩短计算作业流执行时间。实际系统应用表明,该算法对作业管理系统中投入的计算作业流的快速执行有较强优越性。     

A Grid resource brokering strategy based on resource and network performance in Grid

To achieve high performance distributed data access and computing in Grid environment, monitoring of resource and network performance is vital. Our proposed Grid network monitoring architecture is modeled by the Grid scheduler. The proposed Grid network monitoring retrieves network metrics using sensors as network monitoring tools. The mobile agents are migrated to start the sensors to measure the network metrics in all Grid Resources from the Resource Broker. The raw data provided by the monitoring tools is used to produce a high level view of the Grid through the set of internal cost functions. The network cost function is formed by combining various network metrics such as bandwidth, Round Trip Time, jitter and packet loss to measure the network performance. This paper presents the Grid Resource Brokering strategy which analyzes the network metrics along with the resource metrics for the selection of the Grid resource to submit the job and the proposed approach is integrated with CARE Resource Broker (CRB) for job submission. The experimental results are evident for the minimization of job completion time for the submitted job. The simulation results also prove that the more number of jobs are completed with the proposed strategy which influences the better utilization of the Grid resources.     

SHadoop: Improving MapReduce performance by optimizing job execution mechanism in Hadoop clusters

As a widely-used parallel computing framework for big data processing today, the Hadoop MapReduce framework puts more emphasis on high-throughput of data than on low-latency of job execution. However, today more and more big data applications developed with MapReduce require quick response time. As a result, improving the performance of MapReduce jobs, especially for short jobs, is of great significance in practice and has attracted more and more attentions from both academia and industry. A lot of efforts have been made to improve the performance of Hadoop from job scheduling or job parameter optimization level. In this paper, we explore an approach to improve the performance of the Hadoop MapReduce framework by optimizing the job and task execution mechanism. First of all, by analyzing the job and task execution mechanism in MapReduce framework we reveal two critical limitations to job execution performance. Then we propose two major optimizations to the MapReduce job and task execution mechanisms: first, we optimize the setup and cleanup tasks of a MapReduce job to reduce the time cost during the initialization and termination stages of the job; second, instead of adopting the loose heartbeat-based communication mechanism to transmit all messages between the JobTracker and TaskTrackers, we introduce an instant messaging communication mechanism for accelerating performance-sensitive task scheduling and execution. Finally, we implement SHadoop, an optimized and fully compatible version of Hadoop that aims at shortening the execution time cost of MapReduce jobs, especially for short jobs. Experimental results show that compared to the standard Hadoop, SHadoop can achieve stable performance improvement by around 25% on average for comprehensive benchmarks without losing scalability and speedup. Our optimization work has passed a production-level test in Intel and has been integrated into the Intel Distributed Hadoop (IDH). To the best of our knowledge, this work is the first effort that explores on optimizing the execution mechanism inside map/reduce tasks of a job. The advantage is that it can complement job scheduling optimizations to further improve the job execution performance.