逼恶意网站现形

在您点击某些连接进行访问的瞬间,恶意伤害就可能发生了。要避免恶意网站的伤害,还得从识别恶意网址做起。     

一种基于DPI分析的报文检测方法

在移动互联网时代,网页重定向对业务推广、业务发展等具有重要影响,网站调整、页面更新、网址迁移等均需要使用网页重定向技术,否则访问用户得到一个404页面错误信息,带来用户和访问流量的白白丧失。针对当前存重定向劫持问题,以及现有解决方案中的不足,文章创新性地提出了基于DPI的全网重定向报文监控及分析方法,在报文分析的基础上,拦截异常重定向域名和地址,在解决重定向劫持的同时,有效提升客户感知。     

轻量级的自学习网页分类方法

提出了一种自学习的轻量级网页分类方法SLW.SLW首次引入了访问关系的概念,使其具有反馈和自学习的特点.SLW从已有的恶意网页集合出发,自动发现可信度低的用户和对应的访问关系,从而进一步利用低可信度用户对其他网页的访问关系来发现未知的恶意网址集合.实验结果表明,在相同数据集上,相比于传统检测方法,SLW方法可以显著提高恶意网页检测效果,大幅降低平均检测时间.     

社交网络将成为新威胁的温床

最近,迈克菲（McAfee）公司公布了2010年威胁预测报告,其主要预测包括： 1、社交网络将成威胁温床 Facebook、Twitter以及这些网站上的第三方应用程序使犯罪分子的作案工具发生了迅速变化。网络犯罪分子将利用朋友之间的信任,诱使用户点击那些本应该谨慎对待的链接。在Twitter这样的网站上使用缩略网址将更容易掩盖恶意网址,并将用户引向这些网址。     

基于评分机制的移动用户隐私保护方案研究

开发人员的技术缺陷和用户隐私数据的潜在商业价值,使得用户隐私面临巨大安全威胁,针对恶意应用软件和应用自身缺陷带来的安全危机,结合应用市场的评分评价机制,提出一种方便用户安装和使用移动应用的用户隐私保护方案MURT。此方案提供接口设定终端应用信任阈值,并在应用和隐私数据之间添加强制访问控制模块,该模块会拦截综合评级低于信任阈值的应用的访问请求,并为请求者提供虚假服务,保证应用顺利运行的前提下确保隐私数据的完整性和安全性。方案在Android平台上编码实现,实验表明:MURT在保障用户体验的基础上,有效地扼制了隐私数据泄漏。     

Windows8成网络攻击诱饵

Windows8 刚刚上市,就成为黑客发动攻击的诱饵。黑客会利用Windows8形成的热门话题来诱使用户访问恶意网站,窃取用户的个人信息。     

WCDMA网络恶意呼叫的分析与优化

通过在华为MSOFTX3000软交换设备上对WCDMA网络中的恶意呼叫行为进行分析,提出了一种对恶意呼叫用户进行甄别的方法,并提出了有效的检测规则优化方法及方案。为进一步增强恶意呼叫拦截的准确性提供了较好的参考。     

Websense提供先进的Web安全防护有效对抗新型攻击

近日．Web安全、邮件安全和数据安全解决方案提供商Websense正式发布其升级版内容安全防护．确保用户免受借网址缩短服务发起的新型攻击以及利用开心网、各种博客、Facebook、Twitter等社交类网站中的评论所发布的恶意攻击等。     

恶意和受侵害的网站

攻击者经常使用网站托管钓鱼网页或分发恶意软件。恶意网站通常看起来是完全合法的,甚至面对那些有经验的计算机用户,也常常不暴露出它们恶意性质的标识。为了保护用户远离恶意网页,微软和其他的浏览器厂商已经开发出各种各样的过滤器,这些过滤器能够存放含有恶意软件和钓鱼攻击网站的网址,并在用户尝试浏览这些网址时显示出明显的警告。     

基于软件定义网络的校园网防火墙设计

网络防火墙可以实现对网络数据包进行有效过滤与拦截,是网络系统中一种非常重要的安全信息防护技术。但是传统防火墙,由于物理的硬件限制,需将防火墙设备安装在网络中多个位置,造成管理困难,并且无法对用户访问的恶意网站流量进行区别、分析。针对以上问题,设计了一种基于软件定义网络（software defined network, SDN）的防火墙系统。首先,通过SDN的可编程性自定义传输网络的规则策略与网络路由策略,实现对校园网内部的访问控制列表（access control list, ACL）控制和对网络的集中配置管理,然后,通过万维网（world wide web, Web）端界面下发防火墙规则,实现网络防火墙的过滤与拦截功能,最后,通过解析域名系统（domain name system, DNS）数据包,提取DNS主机域名,采用动态规划算法中的最短编辑距离实现DNS恶意域名防护。实验结果表明所设计防火墙系统能够使管理更加地智能化和自动化,能够提高整体网络的实时性和安全性。     

基于XGBoost算法的垃圾短信分层分级治理体系

为有效整治垃圾短信,不断提升不良信息治理的精准性,文章基于XGBoost算法构建了一套科学的分层分级垃圾短信治理体系。通过对用户入网、消费、通信行为等特征进行建模与运算,识别出用户发送垃圾短信的风险系数,并定义了六级用户。分级名单生成后,依托于垃圾短信拦截系统的分级策略管理功能,分别设置相匹配的拦截策略。在加大对中高危用户的识别和拦截力度的同时,有效降低了高价值用户因不良信息治理导致被误拦截的风险。该治理体系应用于辽宁移动管理实际以来,垃圾短信平均投诉量降幅34.82%。误关停投诉率稳定在0.1%以内。一至三级高价值客户群关停投诉量降幅27.43%。     

Attribute-Based Worker Selection Scheme by Using Blockchain in Decentralized Crowdsourcing Scenario

Traditional crowdsourcing based on cen-tralized management platform is vulnerable to Distributed denial of service (DDoS) attack and single point of failure. Combining blockchain technology with crowdsourcing can well solve the above problems, enabling users to realize peer-to-peer transactions and collaboration based on decentralized trust in distributed systems where nodes do not need to trust each other. Although the current methods have solved the above problems, task publishers select workers based on their reputation values, which has two disadvantages: subjectivity and difficulty in initial value setting. Due to the complexity of crowdsourcing network, there will be malicious users in the network. The requirement for anonymity protects both legitimate and malicious users. In order to solve these problems, we propose an attribute-based worker selection scheme using the private set intersection technology. Our scheme also realizes the malicious user identity disclosure function. A concrete example of our scheme is given.     

Identification of key cyberbullies: A text mining and social network analysis approach

Cyberbullying is a major problem in society, and the damage it causes is becoming increasingly significant. Previous studies on cyberbullying focused on detecting and classifying malicious comments. However, our study focuses on a substantive alternative to block malicious comments via identifying key offenders through the application of methods of text mining and social network analysis (SNA). Thus, we propose a practical method of identifying social network users who make high rates of insulting comments and analyzing their resultant influence on the community. We select the Korean online community of Daum Agora to validate our proposed method. We collect over 650,000 posts and comments via web crawling. By applying a text mining method, we calculate the Losada ratio, a ratio of positive-to-negative comments. We then propose a cyberbullying index and calculate it based on text mining. By applying the SNA method, we analyze relationships among users so as to ascertain the influence that the core users have on the community. We validate the proposed method of identifying key cyberbullies through a real-world application and evaluations. The proposed method has implications for managing online communities and reducing cyberbullying.     

3G IP Multimedia Subsystem based framework for lawful interception

Issues related to lawful interception, such as invasion of privacy and efficient investigation, are presently at the forefront of social consciousness. Interception technology has to consistently evolve in order to keep pace with new and varied network structures. Thus, standard lawful interception documents that are appropriate for the existing PSTN, 2G and 3G, and packet-based communication are being proposed. In particular, newly arising services based on IP Multimedia Subsystems (IMSs) that support multimedia streaming, data transmission, and voice over IP, make lawful interception even more imperative. In this paper, we propose an architecture for IMS/Session Initiation Protocol based Lawful Interception (LI) in wireless 3G networks. We also propose LI techniques that are differentiated according to the IMS characteristics where content service providers are separated from network providers. Using the standards of dynamic triggering technologies for commissioning the authority to intercept among multiple network providers as a basis, we analyze IMS architecture and service operation methods. We then propose an LI architecture that is appropriate for IMS services. In addition, we present the results of a quality of service performance analysis conducted on our proposed interception architecture for various numbers of IMS users.     

A Novel Approach to Analyzing for Detecting Malicious Network Activity Using a Cloud Computing Testbed

Recent developments have caused the expansion of various cloud computing environments and services. Cloud computing environments have led to research in the areas of data processing, virtual environments, and access control. Information security is the most important research area for these environments security. In this study, we analyzed typical example of network testbeds, which have been used for malicious activity data collection and its subsequent analysis. Further, we propose an effective malicious network application testbed, which is based on a cloud system. We also verified the performance of our new testbed by comparing real malicious activity with the cloud-based testbed results.     

基于社会计算的IM恶意代码防御机制

即时通信(IM,Instant Messaging)网络已成为恶意代码传播的主要途径之一,本文提出了一种基于社会计算的IM恶意代码防御机制:利用用户与好友之间的社会信任关系,通过社会计算集成网络中多种反病毒软件的检测结果及用户的安全经验形成群体智慧,从而构成一个分布式协作防御机制.该机制利用即时通信网络平台,并依据好友间的交互行为计算动态信任,在IM客户端部署方案,用户之间实时相互协作抵御通过IM传播的恶意代码.实验结果表明,在大多数用户接受好友警告的情况下,即时通信网络中所有节点最终都被免疫,提高了整个社会网络防御IM恶意代码的能力.     

浅谈计算机网络的安全与管理

计算机网络的应用越来越广泛,人们的日常生活、工作、学习等各方面几乎都会应用到计算机网络。尤其是计算机网络应用到电子商务、电子政务以及企业,事业单位的管理等领域,对计算机网络的安全要求也越来越高。一些恶意者,也利用各种手段对计算机网络的安全造成各种威胁。因此,计算机网络的安全与管理越来越受到人们的关注,成为一个研究的新课题。     

信息网络内生恶意行为检测框架

“内生安全”赋予信息网络自学习、自成长的能力,是构建可信智能通信网络不可或缺的重要组成部分。面向信息网络“内生安全”,提出了一种内生恶意行为检测框架,变被动防御为主动拦截。同时,对内生恶意行为检测框架中五大关键组件进行了建模分析,并对自学习、自成长的恶意行为检测机制进行了阐述。最后,搭建原型系统并进行了实验,实验结果表明了检测框架的可行性和有效性。     

全光网络的安全性探讨

全光网络通过渡长路由为用户提供一个透明的光路,因此带来了许多安全性问题.袭击者往往根据全光网的弱点进行业务干扰和分光窃取信号.文章主要探讨了与全光网络的光层有关的安全管理问题.在对全光网络的安全特征进行分析的基础上,介绍了全光网可能遭到的恶意攻击的3种方式.针对不同的攻击方式提出了一些解决办法,并对这些方法的优缺点作了分析比较.     

Weight sequential log-likelihood ratio detect algorithm with malicious users removing

Due to the openness of the cognitive radio network, spectrum sensing data falsification (SSDF) can attack the spectrum sensing easily, while there is no effective algorithm proposed in current research work, so this paper introduces the malicious users removing to the weight sequential probability radio test (WSPRT). The terminals' weight is weighted by the accuracy of their spectrum sensing information, which can also be used to detect the malicious user. If one terminal owns a low weight, it can be treated as malicious user, and should be removed from the aggregation center. Simulation results show that the improved WSPRT can achieve higher performance compared with the other two conventional sequential detection methods under different number of malicious users.