基于决策树算法的网络信息安全威胁识别方法

为了提高网络信息的安全性,引进决策树算法,设计基于决策树算法的网络信息安全威胁识别方法。提取网络信息属性,获取数据的划分规则,从决策树的根节点开始执行构造行为,进而生成可用于识别威胁源端的决策树;将测试样本数据集合中的数组作为依托,对数据生成中影响决策树稳定性的数据或信息作为初步生成规则,以此将决策树中的数据集合进行冗余值删除处理,实现基于决策树剪枝处理的网络信息分类处理;根据检测到的攻击路径识别攻击的源端,实现识别网络信息安全威胁。实验表明,相比传统方法,设计的识别方法,可以在确保威胁识别具有时效性的基础上,提升信息安全威胁识别结果的准确率,准确率最高达到100.0%,远高于传统方法。     

基于大数据分析的APT攻击检测研究综述

高级持续性威胁（APT, advanced persistent threat）已成为高安全等级网络的最主要威胁之一,其极强的针对性、伪装性和阶段性使传统检测技术无法有效识别,因此新型攻击检测技术成为APT攻击防御领域的研究热点。首先,结合典型APT攻击技术和原理,分析攻击的6个实施阶段,并归纳攻击特点;然后,综述现有APT攻击防御框架研究的现状,并分析网络流量异常检测、恶意代码异常检测、社交网络安全事件挖掘和安全事件关联分析等4项基于网络安全大数据分析的APT攻击检测技术的研究内容与最新进展;最后,提出抗APT攻击的系统综合防御框架和智能反馈式系统安全检测框架,并指出相应技术在应对APT攻击过程中面临的挑战和下一步发展方向。     

基于XGBoost的DDoS攻击流量过滤算法

分布式拒绝服务（Distributed Denial of Service,DDoS）攻击是当今网络空间安全的主要威胁之一。现有DDo S攻击检测算法虽然能够准确告警,但无法响应攻击。提出了一种基于XGBoost的流量过滤算法,使用攻击检测生成流量样本标签,训练机器学习模型,实现过滤规则的实时更新。仿真实验结果表明,该方法可以有效过滤异常流量。     

Jetson Nano神经网络物理电磁泄漏安全研究

如果采用旁路攻击方法对神经网络结构、框架进行攻击,恢复出结构、权重等信息,会产生敏感信息的泄漏,因此,需要警惕神经网络计算设备在旁路攻击领域产生敏感信息泄露的潜在风险。本文基于Jetson Nano平台,针对神经网络及神经网络框架推理时产生的旁路电磁泄漏信号进行采集,设计了基于深度学习方法的旁路攻击算法,对旁路进行分析研究,并对两个维度的安全进行评估。研究表明,良好的网络转换策略能够提升网络分类识别准确率5%～12%。两种评估任务中,针对同一框架下不同结构的典型神经网络推理时,电磁泄漏的分类准确率达到97.21%;针对不同神经网络框架下同一种网络推理时,电磁泄漏的分类准确率达到100%。说明旁路电磁攻击方法对此类嵌入式图像处理器(GPU)计算平台中的深度学习算法隐私产生了威胁。     

基于时序注意力机制的红外弱小目标智能检测识别算法框架

针对资源受限、高动态复杂场景下的红外弱小目标检测识别问题,基于时序注意力机制提出了一种轻量化的智能检测识别通用算法框架,使其具备自动提取和学习目标时序变化信息的能力。所提出的算法框架主要在基于卷积神经网络模型的单帧检测识别算法基础上,结合了基于循环神经网络相关模型构造的时序注意力模块,从而使对应算法模型具有自动关联多帧之间目标特征信息变化的功能。在相关红外弱小目标图像数据集上,通过对算法框架与其他方法进行对比,结果表明所提出算法框架显著提升了对红外弱小目标的检测识别准确率。     

基于树形规则的网络安全事件关联分析方法

为了解决网络安全管理中海量数据,误报严重,报警零散的问题,提出了一种基于树形关联规则的网络安全事件关联分析方法.该方法通过对告警出现率与相似度的计算来聚合网络安全事件,并通过对告警可信度的计算来识别误报警.同时,通过树形规则中树节点之间的关系来定义同一类告警,算法能有效地将零散存在的告警组织成为一个完整的攻击.初步的试验表明该方法能够有效地减少告警数量,识别误报和关联安全事件.     

4G时代基于网络流量大数据分析的安全预警讨论

本文将以流量数据分析监测安全攻击为主,制定预警方案,而在标准大数据采集、存储与分析的基础上,自动化地采集并存储流量数据信息,进而检测出网站业务攻击问题以及未知威胁构建分类异常的问题.与此同时,采用多种方式制定出安全事件的监测以及预警的方案,希望有所帮助.     

针对当前未知威胁APT攻防技术的浅析

从未知威胁尤其是APT检测体系上应该形成一个纵深且关联分析深入的防御体系。前期是完善地渗透攻击检测技术针对多样的攻击、0day漏洞和木马等恶意程序的防护,然后就是智能的事件及流量特征关联与分析上进行识别。这就是结合目前现有技术可以提出的一个更加完整,且针对未知威胁的检测体系。     

基于文本分类与语义识别的电力运营数据智能处理

针对当前电力运营数据分析和利用不足的现状,提出一种基于文本分类与语义识别的电力运营数据智能处理算法。该算法采用剔除异常文本、分词以及去停顿词等操作进行电力运营文本清洗,再使用连续词袋（CBOW）模型实现电力运营文本的向量化表示。同时利用Apriori算法挖掘电力运营文本向量与文本分类结果的关联规则,并基于小批量梯度下降（MBGD）的长短期记忆网络（LSTM）算法来获取电力运营文本分类的结果。通过对新疆电网某历史数据的仿真分析结果表明,文中所提算法相较于LSTM与Apriori-SVM算法,在电力运营文本分类上具有更高的准确率;且与传统梯度下降法相比,MBGD算法能够在保持较高准确率的同时大幅缩减模型的训练时间。     

基于机器学习的光网络干扰攻击检测、识别与恢复方法

光网络由于其结构的脆弱性，容易受到旨在中断通信服务的信号干扰攻击。基于此，提出了一种基于机器学习的攻击检测、识别与恢复框架。在攻击检测与识别方面，评估了BiLSTM、1DCNN和7种常规机器学习分类器（ANN、DT、KNN、LDA、NB、RF和SVM）在检测攻击是否存在，以及识别受到的不同类型的干扰攻击上的性能。在攻击恢复方面，提出了基于BiLSTM-BiGRU的干扰攻击恢复模型，分别用来恢复轻度带内、强度带内、轻度带外和强度带外干扰攻击。数值仿真结果表明，所提模型表现出优异的性能，检测与识别准确率高达99.20%，针对4种攻击的恢复率分别为95.05%、97.03%、94.06%和61.88%。     

Hybrid Fuzzy Adaptive Wiener Filtering with Optimization for Intrusion Detection

Intrusion detection plays a key role in detecting attacks over networks, and due to the increasing usage of Internet services, several security threats arise. Though an intrusion detection system (IDS) detects attacks efficiently, it also generates a large number of false alerts, which makes it difficult for a system administrator to identify attacks. This paper proposes automatic fuzzy rule generation combined with a Wiener filter to identify attacks. Further, to optimize the results, simplified swarm optimization is used. After training a large dataset, various fuzzy rules are generated automatically for testing, and a Wiener filter is used to filter out attacks that act as noisy data, which improves the accuracy of the detection. By combining automatic fuzzy rule generation with a Wiener filter, an IDS can handle intrusion detection more efficiently. Experimental results, which are based on collected live network data, are discussed and show that the proposed method provides a competitively high detection rate and a reduced false alarm rate in comparison with other existing machine learning techniques.     

Approach of detecting low-rate DoS attack based on combined features

LDoS (low-rate denial of service) attack is a kind of RoQ (reduction of quality) attack which has the characteristics of low average rate and strong concealment.These characteristics pose great threats to the security of cloud computing platform and big data center.Based on network traffic analysis,three intrinsic characteristics of LDoS attack flow were extracted to be a set of input to BP neural network,which is a classifier for LDoS attack detection.Hence,an approach of detecting LDoS attacks was proposed based on novel combined feature value.The proposed approach can speedily and accurately model the LDoS attack flows by the efficient self-organizing learning process of BP neural network,in which a proper decision-making indicator is set to detect LDoS attack in accuracy at the end of output.The proposed detection approach was tested in NS2 platform and verified in test-bed network environment by using the Linux TCP-kernel source code,which is a widely accepted LDoS attack generation tool.The detection probability derived from hypothesis testing is 96.68%.Compared with available researches,analysis results show that the performance of combined features detection is better than that of single feature,and has high computational efficiency.     

一种支持迁移的Web服务安全防护机制

SOA是一种标准化接口的分布式计算模型,基于Web服务平台无关性的特点允许服务功能通过动态组合支撑不同种类的应用业务,但是服务运行的动态性、复杂性和跨组织的松耦合性使服务系统面临严重的攻击威胁。针对分布式环境中服务全生命周期安全防护的应用需求,提出了一种可迁移的Web服务安全防护方法,不仅能够在服务节点正常运行过程中通过安全防护模块支撑服务的认证、访问控制和攻击检测,而且能够对服务迁移的全过程进行安全增强,实现无缝的安全防护能力,为安全服务环境的设计完善提供了一种可行思路。     

Android collusion attack detection model

In order to solve the problem of poor efficiency and low accuracy of Android collusion detection,an Android collusion attack model based on component communication was proposed.Firstly,the feature vector set was extracted from the known applications and the feature vector set was generated.Secondly,the security policy rule set was generated through training and classifying the privilege feature set.Then,the component communication finite state machine according to the component and communication mode feature vector set was generated,and security policy rule set was optimized.Finally,a new state machine was generated by extracting the unknown application’s feature vector set,and the optimized security policy rule set was matched to detect privilege collusion attacks.The experimental results show that the proposed model has better detective efficiency and higher accuracy.     

基于安全问题描述的网络安全模型

过去人们对网络安全问题的研究主要集中在技术方面，而网络安全问题不是单纯依靠技术手段能解决的，安全管理也是解决网络安全问题很重要的手段。因此文章首先给出网络安全问题的一种描述方法，综合技术和管理两方面的内容，采取层次化的设计方法，提出了一种混合的安全模型，为今后研究和实施网络安全系统提供参照。     

Endogenous security architecture of Ethernet switch based on mimic defense

Aiming at the unknown vulnerabilities and unknown backdoor security threats faced by Ethernet switches,a switch endogenous security architecture based on mimicry defense theory was proposed.The theoretical basis,construction mode and security mechanism of the architecture ware introduced,the algorithm strategy and security improvement effect of TAMA algorithm were proposed and analyzed,a prototype of mimic switch was designed and implemented,and the security tests of white box stuffing and attack chain were carried out.Theoretical analysis and test results show that the architecture has good unknown vulnerabilities and unknown backdoor defense capabilities in various attack scenarios.     

Network security situation evaluation method for multi-step attack

Aiming at analyzing the influence of multi-step attack,as well as reflecting the system’s security situation accurately and comprehensively,a network security situation evaluation method for multi-step attack was proposed.This method firstly clustered security events into several attack scenes,which was used to identify the attacker.Then the attack path and the attack phase were identified by causal correlation of every scene.Finally,combined with the attack phase as well as the threat index,the quantitative standard was established to evaluate the network security situation.The proposed method is assessed by two network attack-defense experiments,and the results illustrate accuracy and effectiveness of the method.     

基于贝叶斯攻击图的SDN安全预测方法

现有研究者采用威胁建模和安全分析系统的方法评估和预测软件定义网络（software defined network, SDN）安全威胁,但该方法未考虑SDN控制器的漏洞利用概率以及设备在网络中的位置,安全评估不准确。针对以上问题,根据设备漏洞利用概率和设备关键度结合PageRank算法,设计了一种计算SDN中各设备重要性的算法;根据SDN攻击图和贝叶斯理论设计了一种度量设备被攻击成功概率的方法。在此基础上设计了一种基于贝叶斯攻击图的SDN安全预测算法,预测攻击者的攻击路径。实验结果显示,该方法能够准确预测攻击者的攻击路径,为安全防御提供更准确的依据。     

Evaluation method for information security capability of mobile phone user based on behavior ontology under unconscious condition

A security capacity assessment method based on security behavior ontology,was proposed to collect users' be-havior data from their smartphones under unconscious condition to solve the problem of detecting mobile phone users' real existing insecure behaviors.A security behavior ontology was set up for formalizing the phone,message,network and App behavior data of mobile phone users and relevant rules were also set down for determining and associating inse-cure actions.Referring to the notion of attack graph,an insecure behavior detection algorithm was proposed based on behavior association graph for analyzing the paths of insecure behaviors dynamically.Furthermore,a competency model of information security capability assessment was presented for realizing the quantitative evaluation of information secu-rity capability of users.The experiment results prove the effectiveness of present competency model for insecure behavior path detection and security ability assessment.     

一种基于信任模型的安全度量及安全路由算法设计

针对网络路由的攻击普遍且后果严重。目前的研究大多是采用数字签名,消息验证和入侵检测等机制来提高路由控制信息的安全,基本没有考虑机密应用数据的路由安全问题。该文通过分析通信实体的安全机制和安全威胁来测量链路和节点的信任度,建立节点间的信任关系,并基于该信任模型定义和量化一种新的安全度量SM(Security Metric),提出以SM为选路标准的安全路由算法SMRA(Security Metric based Routing Algorithm)。仿真表明,网络存在攻击时,SMRA算法比OSPF算法有更好的包传输率和路由安全性能。