网络攻击检测的门控记忆网络方法

针对互联网大规模网络攻击检测难题,结合词向量特征表示与循环神经网络,提出了一种门控记忆网络检测方法。该方法首先将网络请求数据转化为低维实值向量序列表示,然后利用门控循环神经网络的长时记忆能力提取请求数据的特征,最后采用逻辑斯特回归分类器实现了对网络攻击的自动检测。在CSIC2010公开数据集上,达到了98.5%的10折交叉验证F1分数,与传统方法相比,较大幅度地提高了网络攻击检测的准确率和召回率。所提方法可自动检测网络攻击,具有良好的检测效果。     

基于网络全局流量异常特征的DDoS攻击检测

由于分布式拒绝服务（DDoS）攻击的隐蔽性和分布式特征，提出了一种基于全局网络的DDoS检测方法。与传统检测方法只对单条链路或者受害者网络进行检测的方式不同，该方法对营运商网络中的OD流进行检测。该方法首先求得网络的流量矩阵，利用多条链路中攻击流的相关特性，使用K L变换将流量矩阵分解为正常和异常流量空间，分析异常空间流量的相关特征，从而检测出攻击。仿真结果表明该方法对DDoS攻击的检测更准确、更快速，有利于DDoS攻击的早期检测与防御。     

A traffic analysis attack to compute social network measures

The development of digital media, the increasing use of social networks, the easier access to modern technological devices, is perturbing thousands of people in their public and private lives. People love posting their personal news without consider the risks involved. Privacy has never been more important. Privacy enhancing technologies research have attracted considerable international attention after the recent news against users personal data protection in social media websites like Facebook. It has been demonstrated that even when using an anonymous communication system, it is possible to reveal user’s identities through intersection attacks or traffic analysis attacks. Combining a traffic analysis attack with Analysis Social Networks (SNA) techniques, an adversary can be able to obtain important data from the whole network, topological network structure, subset of social data, revealing communities and its interactions. The aim of this work is to demonstrate how intersection attacks can disclose structural properties and significant details from an anonymous social network composed of a university community.

     

Statistical analysis of network traffic for adaptive faults detection

This paper addresses the problem of normal operation baselining for automatic detection of network anomalies. A model of network traffic is presented in which studied variables are viewed as sampled from a finite mixture model. Based on the stochastic approximation of the maximum likelihood function, we propose baselining network normal operation, using the asymptotic distribution of the difference between successive estimates of model parameters. The baseline random variable is shown to be stationary, with mean zero under normal operation. Anomalous events are shown to induce an abrupt jump in the mean. Detection is formulated as an online change point problem, where the task is to process the baseline random variable realizations, sequentially, and raise alarms as soon as anomalies occur. An analytical expression of false alarm rate allows us to choose the design threshold, automatically. Extensive experimental results on a real network showed that our monitoring agent is able to detect unusual changes in the characteristics of network traffic, adapt to diurnal traffic patterns, while maintaining a low alarm rate. Despite large fluctuations in network traffic, this work proves that tailoring traffic modeling to specific goals can be efficiently achieved.     

Analysis of web server log files and attack detection

Problems of web application security and antihacker protection are very topical. Queries that users send to a web application via the Internet are registered in log files of the web server. Analyzing log files allows detecting anomalous changes that take place on the web server and identifying attacks. In this work, different methods are used to analyze log files and detect anomalies. The proposed methods allow detecting anomalous queries received from malicious users in log files of the web server.     

云环境下基于SOAP的Web服务应用层DoS攻击检测系统

针对云计算环境中的Web服务应用层容易遭受攻击的问题,提出一种用于Web服务应用层的基于SOAP的检测XML和HTTP层分布式拒绝服务(DDoS)攻击的防御系统。首先,从属于特定简单对象访问协议(SOAP)正常操作中提取数据集的特征值,构建相应的高斯请求模型;然后,对Web服务的网络服务描述语言(WSDL)中的一些属性进行设置,实现对攻击的初步过滤;再后,对服务请求的HTTP头部和XML内容进行检查,并与模型数据比较,进一步实现攻击检测。实验结果表明,该系统能够有效的预防多种DDoS攻击,且消耗较少的响应时间。     

浅析网络异常流量分析检测研究与实现

伴随着互联网技术与网络业务的快速发展,网络规模逐渐扩大,网络运用开始逐步朝多元化、多样化以及复杂化的方向发展.现今,网络流量监测已经逐渐发展为计算机网络运用当中一个必不可少的内容与环节.文章将对网络异常流量加以说明,并对网络异常流量检测技术研究与实现进行分析与研究.     

网络加密流量侧信道攻击研究综述

网络加密流量侧信道攻击通过分析、提取网络应用通信过程中泄露的数据包长度、时间等侧信道信息,能够识别用户的身份和行为,甚至还原用户输入的原始数据.基于信息论建立了网络加密流量侧信道攻击模型,使用统一的模型框架分析了代表性的指纹攻击、击键攻击和语音攻击的方法和效果,讨论了基于隐藏数据包长度和时间信息的防御方法,结合技术发展...     

Detecting attack signatures in the real network traffic with ANNIDA

In this paper, an improved version of ANNIDA for detecting attack signatures in the payload of network packets is presented. The Hamming Net artificial neural network methodology was used with good results. A review of the application’s development is followed by a summary of the modifications made in the application in order to classify real data. Application improvements are reported, solving the problems of time delays in writing/reading data in the files and data collision effects when generating numeric keys used to model data for the neural network. Test results highlight the increased accuracy and efficiency of the new application when submitted to real data from HTTP network traffic containing actual traces of attacks and legitimate data. Finally, an evaluation of the application to detect signatures in real network traffic data is presented.     

基于几何网络分析的城市公交智能评价*

城市公共交通网络是重要的城市基础设施,合理规划和高效管理是保障城市可持续性发展的有效措施。为此,利用地理信息系统、几何网络分析原理,综合分析城市公交运行特性和影响因素,构建了西安市公交几何网络空间数据库,建立了城市公交质量的评价模型;将评价模型与公交几何网络相结合,应用于西安市公交质量评价与管理中。研究结果表明,该方法简单易行、科学合理。     

Accurate traffic light detection using deep neural network with focal regression loss

This paper proposes a method that uses a deep neural network (DNN) to detect small traffic lights (TLs) in images captured by cameras mounted in vehicles. The proposed TL detector has a DNN architecture of encoder-decoder with focal regression loss; this loss function reduces loss of well-regressed easy examples. The proposed TL detector has freestyle anchor boxes that are placed at arbitrary locations in a grid cell of an input image, so it can detect small objects located at borders of the grid cell. We evaluate the proposed TL detector with a focal regression loss on two public TL datasets: Bosch small traffic light dataset, and LISA traffic lights dataset. Compared to state-of-the-art TL detectors, the proposed TL detector achieves 7.19%–42.03% higher mAP on the Bosch-TL dataset and 19.86%–49.16% higher AUC on the LISA-TL dataset.     

Minimum-cost network hardening using attack graphs

In defending one’s network against cyber attack, certain vulnerabilities may seem acceptable risks when considered in isolation. But an intruder can often infiltrate a seemingly well-guarded network through a multi-step intrusion, in which each step prepares for the next. Attack graphs can reveal the threat by enumerating possible sequences of exploits that can be followed to compromise given critical resources. However, attack graphs do not directly provide a solution to remove the threat. Finding a solution by hand is error-prone and tedious, particularly for larger and less secure networks whose attack graphs are overly complicated. In this paper, we propose a solution to automate the task of hardening a network against multi-step intrusions. Unlike existing approaches whose solutions require removing exploits, our solution is comprised of initially satisfied conditions only. Our solution is thus more enforceable, because the initial conditions can be independently disabled, whereas exploits are usually consequences of other exploits and hence cannot be disabled without removing the causes. More specifically, we first represent given critical resources as a logic proposition of initial conditions. We then simplify the proposition to make hardening options explicit. Among the options we finally choose solutions with the minimum cost. The key improvements over the preliminary version of this paper include a formal framework of the minimum network hardening problem, and an improved one-pass algorithm in deriving the logic proposition while avoiding logic loops.     

基于攻击链和网络流量检测的威胁情报分析研究

以特征检测为主的传统安全产品越来越难以有效检测新型威胁,针对现有方法检测威胁攻击的不足,进行了一种基于攻击链结合网络异常流量检测的威胁情报分析方法研究,通过对获取的威胁信息进行分析,将提取出的情报以机器可读的格式实现共享,达到协同防御。该方法首先对网络中的异常流量进行检测,分析流量特征及其之间的关系,以熵值序列链的形式参比网络攻击链的模式;对每个异常时间点分类统计特征项,进行支持度计数,挖掘特征之间频繁项集模式,再结合攻击链各阶段的特点,还原攻击过程。仿真结果表明,该方法可以有效的检测网络中的异常流量,提取威胁情报指标。     

基于流量分析的软件升级漏洞自动检测方法

软件升级过程中,缺乏对升级信息或升级包的认证可能会导致基于中间人攻击的远程代码执行漏洞。为此,提出一种升级漏洞自动检测方法。该方法通过提取升级过程中的网络流量,对升级机制自动画像,将其与漏洞特征向量匹配,预判升级漏洞;在模拟验证环境中,利用画像信息实施中间人攻击,验证检测结果。基于该方法设计了升级漏洞自动分析与验证系统,对 184 个 Windows 应用软件样本进行测试,检测出 117个样本的升级漏洞,证明了本方法的有效性。     

一种新的无线传感网络干扰攻击检测技术

为了解决现有干扰攻击检测技术存在数据包丢失、高开销和网络吞吐量的问题,提出了一种基于群集和时间戳的无线传感器网络干扰攻击检测技术。该技术基于聚类算法对传感器节点进行分组,利用时间戳识别恶意节点,通过判断签名是否匹配来检测干扰。如果任何节点被识别为恶意节点,就安排新群集绕过堵塞的区域,通过备用路由来继续通信。实验表明与现有技术相比,基于时间戳的干扰检测技术在数据包传输率（packet delivery ratio,PDR）、网络吞吐量、能量消耗和路由开销方面均优于现有方法性能。     

针对LTE-A网络中的DDoS攻击流量检测模型

近年来,4G LTE-A技术发展迅猛,移动设备的普及以及各种承载于4G网络的业务和应用已经成为我们日常不可或缺的部分。但网络攻击技术也不断的在发展,特别是近年来针对4G LTE-A网络的攻击技术的不断演进,已成为危害人们切身利益的关键问题。DDoS作为DoS攻击的一种,对网络带来了更大的危害,因此需要研究一种攻击检测模型。文章提出了一个针对LTE-A网络中的DDoS攻击流量检测模型,模型利用熵作为特征之一,并使用随机森林算法训练模型分类器,可将其部署在eNB上对流经该eNB的DDoS流量进行识别。通过验证,所提出的模型的检测准确率可达99.956%。     

采用回归方法优化网络流量管理模型处理性能

为探索优化网络流量管理性能的有效途径,在分析“深度报文检测和深度流行为检测”网络流量管理模型结构的基础上,确定了影响网络流量管理效率的性能指标及其计算方法,通过实际抽样流量数据计算性能指标值,建立性能指标关系散点图,发现性能指标间呈线性特征,采用多元回归方法建立性能指标估计函数,并利用标准化残差估计方法验证了函数的可用性和适应性,从而得到优化网络流量管理性能的定量计算方法。     

考虑边约束的网络交通流分配及应用*

依据局部近视的用户均衡原则建立了有边约束的网络交通流分配模型。新模型将一般的边约束和放松了的节点流量守恒条件分别转换为两个变分不等式,并将这些变分不等式与一般的基于路段交通流分配模型相结合简化了问题的约束集和求解。利用一般边约束概念,定义了广义的路段和路径行程费用。提出了“优先出牌”与“在途调整弹性”两个择路行为假设,并利用两种假设解释了现实网络中路径流量唯一的原因。依据出行者的择路行为设计了模型的求解算法。数值算例验证了模型及算法的有效性。研究表明,设计的算法可避免迭代求解起讫点对间最短路径,同时体现不