删除边的免疫策略

为了使用更少的免疫数量且更快地消灭病毒,提出了基于删除边的免疫策略。该策略根据边与重要节点之间的关系,对重要节点直接相连的边或任意两个重要节点与其共同邻居节点之间的边进行免疫。实验使用SIS病毒传播模型,分别在ER随机网络、BA无标度网络和几种实际网络中测试了该策略的免疫临界值以及对应网络的连通度,结果表明：删除边的免疫策略与目标免疫策略相比可以通过免疫较少的节点来消灭病毒,并且可以更好地保持网络的连通性。     

移动Ad Hoc网络的改进攻击树建模方法研究

针对各种类型的移动Ad Hoc网络(MANET)攻击的检测和分析已经有大量的研究,但对这些攻击行为的分析和评估仍然缺乏一种系统有效的攻击建模方式.在现有攻击树的基础上提出针对Ad Hoc网络攻击的改进攻击树.改进攻击树扩充了节点间的类型和节点属性,给出了节点属性参数的量化方法.该改进攻击树有效地实现了对移动Ad Hoc网络中链路层以上攻击行为的建模分析和评估,最后结合黑洞攻击,给出该改进攻击树的具体应用.     

一种蚁群优化的WSN分布式入侵检测模型

针对无线传感器网络中入侵者能在多个节点上移动并隐藏攻击源头的特点,提出了一种基于蚁群优化的无线传感器网络分布式入侵检测模型。分析了现有入侵检测对未知攻击检测率和误报率方面的不足,在此基础上提出了分布式入侵检测的体系结构,设计了基于蚁群优化的入侵检测算法。仿真实验表明提出的方案能够提高无线传感器网络对未知攻击的检测率和降低对正常网络流量的误报率,较好地解决了路由攻击、Sinkhole攻击问题,能够降低入侵检测的能耗。     

Securing DSR against wormhole attacks in multirate ad hoc networks

A wormhole attack is one of the hardest problems to detect whereas it can be easily implanted in any type of wireless ad hoc network. A wormhole attack can easily be launched by the attacker without having knowledge of the network or compromising any legitimate nodes. Most existing solutions either require special hardware devices or make strong assumptions in order to detect wormhole attacks which limit the usability of these solutions. In this paper, we present a security enhancement to dynamic source routing (DSR) protocol against wormhole attacks for ad hoc networks which relies on calculation of round trip time (RTT). Our protocol secures DSR against a wormhole attack in ad hoc networks for multirate transmissions. We also consider the processing and queuing delays of each participating node in the calculation of RTTs between neighbors which to date has not been addressed in the existing literature. This work provides two test cases that show that not taking multirate transmission into consideration results in miss identifying a wormhole attack.     

后量子密码算法的侧信道攻击与防御综述

为了解决量子计算对公钥密码安全的威胁,后量子密码成为密码领域的前沿焦点研究问题.后量子密码通过数学理论保证了算法的安全性,但在具体实现和应用中易受侧信道攻击,这严重威胁到后量子密码的安全性.基于美国NIST第2轮候选算法和中国CACR公钥密码竞赛第2轮的候选算法,针对基于格、基于编码、基于哈希、基于多变量等多种后量子密...     

移动ad hoc网络中DOS攻击及其防御机制

移动ad hoc网络由于其动态拓扑、无线信道以及各种资源有限的特点,特别容易遭受拒绝服务(DOS)攻击．提出了移动ad hoc网络中一种新的DOS攻击模型——ad hoc flooding攻击及其防御策略．该攻击主要针对移动ad hoc网络中的按需路由协议,如AODV,DSR等．ad hoc flooding攻击是通过在网络中泛洪发送超量路由查询报文及数据报文,大量地占用网络通信及节点资源,以至于阻塞节点正常的通信．分析ad hoc flooding攻击之后,提出了两种防御策略：其一是邻居阻止,即当入侵者发送大量路由查询报文时,邻居节点降低对其报文的处理优先级,直至不再接收其报文．其二是路径删除,即目标节点将入侵者发送攻击报文的路径删除,以阻止其继续发送攻击报文．模拟实验证实,通过这两种方法的结合．能够有效地阻止网络中的ad hoc flooding攻击行为．     

图对抗攻击研究综述

将深度学习用于图数据建模已经在包括节点分类、链路预测和图分类等在内的复杂任务中表现出优异的性能,但是图神经网络同样继承了深度神经网络模型容易在微小扰动下导致错误输出的脆弱性,引发了将图神经网络应用于金融、交通等安全关键领域的担忧。研究图对抗攻击的原理和实现,可以提高对图神经网络脆弱性和鲁棒性的理解,从而促进图神经网络更广泛的应用,图对抗攻击已经成为亟待深入研究的领域。介绍了图对抗攻击相关概念,将对抗攻击算法按照攻击策略分为拓扑攻击、特征攻击和混合攻击三类;进而,归纳每类算法的核心思想和策略,并比较典型攻击的具体实现方法及优缺点。通过分析现有研究成果,总结图对抗攻击存在的问题及其发展方向,为图对抗攻击领域进一步的研究和发展提供帮助。     

基于位置密钥的无线自组织网络的安全机制

移动自组织网络（MANETs）由于网络内节点移动的不确定性和计算存储有限性,导致了它在无人监管的敌方环境中很容易遭受攻击。虽然现存的一些基于位置校验而设计的安全机制能够抵御一些网络攻击,但是这些设计大多只适用于静态网络。将当前流行的位置密钥应用到动态网络当中,提出了一个新颖的概念--安全区域（SA）,来防御网络中的恶意攻击。该设计利用节点的位置密钥,可以成功抵御包括节点复制攻击、女巫攻击和虫洞攻击等臭名昭著的网络攻击。     

A countermeasure against wormhole attacks in MANETs using analytical hierarchy process methodology

Mobile ad hoc networks are vulnerable to a large group of attacks, e.g., wormhole attacks. In this paper, we propose a countermeasure to prevent wormhole attacks. We utilize analytical hierarchy process to elect some special nodes, named the local most trustable nodes, for the source and the destination node, respectively. The elected nodes are then required to implement our proposed scheme to prevent wormhole attacks. The proposed scheme cannot only detect wormhole attacks, but also locate wormhole nodes, i.e., identify the malicious nodes that behave wormhole attacks. To solve the colluding wormhole attack, we present a countermeasure named bi-directional wormhole location mechanism.     

Pair-wise path key establishment in wireless sensor networks

When sensor networks deployed in unattended and hostile environments, for securing communication between sensors, secret keys must be established between them. Many key establishment schemes have been proposed for large scale sensor networks. In these schemes, each sensor shares a secret key with its neighbors via preinstalled keys. But it may occur that two end nodes which do not share a key with each other could use a secure path to share a secret key between them. However during the transmission of the secret key, the secret key will be revealed to each node along the secure path. Several researchers proposed a multi-path key establishment to prevent a few compromised sensors from knowing the secret key, but it is vulnerable to stop forwarding or Byzantine attacks. To counter these attacks, we propose a hop by hop authentication scheme for path key establishment to prevent Byzantine attacks. Compared to conventional protocols, our proposed scheme can mitigate the impact of malicious nodes from doing a Byzantine attack and sensor nodes can identify the malicious nodes. In addition, our scheme can save energy since it can detect and filter false data not beyond two hops.     

面向漏洞检测模型的强化学习式对抗攻击方法

基于深度学习的代码漏洞检测模型因其检测效率高和精度准的优势,逐步成为检测软件漏洞的重要方法,并在代码托管平台Github的代码审计服务中发挥重要作用.然而,深度神经网络已被证明容易受到对抗攻击的干扰,这导致基于深度学习的漏洞检测模型存在遭受攻击,降低检测准确率的风险.因此,构建针对漏洞检测模型的对抗攻击,不仅可以发掘此类模型的安全缺陷,而且有助于评估模型的鲁棒性,进而通过相应的方法提升模型性能.但现有的面向漏洞检测模型的对抗攻击方法,依赖于通用的代码转换工具,并未提出针对性的代码扰动操作和决策算法,因此难以生成有效的对抗样本,且对抗样本的合法性依赖于人工检查.针对上述问题,提出了一种面向漏洞检测模型的强化学习式对抗攻击方法.本方法首先设计了一系列语义约束且漏洞保留的代码扰动操作作为扰动集合;其次,将具备漏洞的代码样本作为输入,利用强化学习模型选取具体的扰动操作序列.最后,根据代码样本的语法树节点类型寻找扰动的潜在位置,进行代码转换,从而生成对抗样本.本文基于SARD和NVD构建了两个实验数据集共14,278个代码样本并以此训练了四个具备不同特点的漏洞检测模型作为攻击目标.针对每个目标模型,训练了一个强化学习网络进行对抗攻击.结果显示,本文的攻击方法导致模型的召回率降低了74.34%,攻击成功率达到96.71%,相较基线方法,攻击成功率平均提升了68.76%.实验证明了当前的漏洞检测模型存在被攻击的风险,需要进一步研究提升模型的鲁棒性.     

复杂网络能控性鲁棒性研究进展

研究复杂网络能控性鲁棒性对包括社会网络、生物和技术网络等在内的复杂系统的控制和应用具有重要价值.复杂网络的能控性是指:可通过若干控制节点和适当的输入,在有限时间内将系统状态驱动至任意目标状态.能控性鲁棒性则是指在受到攻击的情况下,复杂网络依然维持能控性的能力.设计具有优异能控性鲁棒性的复杂网络模型和优化实际网络的能控性鲁棒性一直是复杂网络领域的重要研究内容.本文首先比较了常用的能控性鲁棒性定义及度量,接着从攻击策略的角度分析了3类攻击的特点及效果,包括随机攻击、基于特征的蓄意攻击和启发式攻击.然后比较了常见模型网络的能控性鲁棒性.介绍了常用优化策略,包括模型设计和重新连边等.目前的研究在攻击策略和拓扑结构优化方面都取得了进展,也为进一步理论分析提供条件.最后总结全文并提出潜在研究方向.     

基于簇的传感器网络节点复制攻击检测

当传感器节点布置在敌方区域并遭到敌人捕获时,敌方有能力破解传感器节点而得到其中所存储的重要信息.敌人一旦掌握这些信息,便可以复制一系列这样的节点且将其布置到网络中为进一步开展攻击作准备,这种入侵活动被称为传感器网络节点复制攻击.节点复制不同于诸如路由攻击一类的外部攻击,它直接危害传感器节点,破坏力强,给网络带来严重影响.在现有的分布式检测方法基础上提出一种基于簇结构的传感器网络节点复制攻击检测方案.仿真实验表明,改进的方案能对节点复制攻击做出有效判断,而且传输开销较现有检测方案要小.     

Structural robustness of city road networks based on community

Road network robustness is the ability of a road network to operate correctly under a wide range of attacks. A structural robustness analysis can describe the survivability of a city road network that is under attack and can help improve functions such as urban planning and emergency response. In this paper, a novel approach is presented to quantitatively evaluate road network robustness based on the community structure derived from a city road network, in which communities refer to those densely connected subsets of nodes that are sparsely linked to the remaining network. First, a road network is reconstructed into a set of connected communities. Then, successive simulated attacks are conducted on the reconstructed road networks to test the performance of the networks under attack. The performance of the networks is represented by efficiency and the occurrence of fragmentation. Three attack strategies, including a random attack and two intentional attacks, are performed to evaluate the survivability of the road network under different situations. Contrary to the traditional road segment-based approach, the community-based robustness analysis on a city road network shows distinct structural diversity between communities, providing greater insight into network vulnerability under intentional attacks. Six typical city road networks on three different continents are used to demonstrate the proposed approach. The evaluation results reveal an important feature of the structure of city road networks from a community-based perspective, i.e., that the structure is robust under random failure but fragile under intentional attack. This result is highly consistent in different city road network forms.     

一种针对快速梯度下降对抗攻击的防御方法

智能舰船识别可有效提高舰船装备智能化水平,但存在安全识别问题,即使性能卓越的分类模型也会受到对抗样本的攻击。面对快速梯度下降法（FGSM）这类对抗攻击,传统的防御方法需要先推倒已经训练好的分类模型,再通过安全手段进行重新训练。为简化这一过程,提出防御FGSM对抗攻击的FGSM-Defense算法。获得分类器对对抗样本初次预测的类别排名后,按相应置信度大小排名取出指定数量的类别。在此基础上,通过暴力搜索将这些类别依次指定为攻击目标,分别对原对抗样本进行FGSM有目标攻击,并按相应规则分步缩小搜索范围,筛选出对抗样本真实的类别。实验结果表明,该算法能够准确区分对抗样本的真实类别,在ImageNet数据集上的防御成功率为53.1%。与传统防御方法相比,其无需改变原有神经网络结构和重新训练分类模型,可减少对硬件算力的依赖,降低防御成本。     

CHEMAS: Identify suspect nodes in selective forwarding attacks

Selective forwarding attacks may corrupt some mission-critical applications such as military surveillance and forest fire monitoring in wireless sensor networks. In such attacks, most of the time malicious nodes behave like normal nodes but will from time to time selectively drop sensitive packets, such as a packet reporting the movement of the opposing forces, and thereby make it harder to detect their malicious nature. In this paper, we propose CHEMAS (CHEckpoint-based Multi-hop Acknowledgement Scheme), a lightweight security scheme for detecting selective forwarding attacks. Our scheme can randomly select part of intermediate nodes along a forwarding path as checkpoint nodes which are responsible for generating acknowledgements for each packet received. The strategy of random-checkpoint-selection significantly increases the resilience against attacks because it prevents a proportion of the sensor nodes from becoming the targets of attempts to compromise them. In our scheme, each intermediate node in a forwarding path, if it does not receive enough acknowledgements from the downstream checkpoint nodes, has the potential to detect abnormal packet loss and identify suspect nodes. We explore the feasibility of our detection scheme using both theoretical analysis and simulations. The simulation results show that our scheme can achieve a high detection rate, even in harsh radio conditions. The communication overhead incurred by our scheme is also within reasonable bounds.     

CTAC: Control traffic tunneling attacks’ countermeasures in mobile wireless networks

Multihop wireless ad hoc and sensor networks open the door for great networking opportunities especially in scenarios where it is infeasible or expensive to deploy significant networking infrastructure. However, the open communication media and the lack of networking infrastructure make these networks vulnerable to a wide range of security attacks. A particularly devastating attack is the control traffic tunneling attack, where a malicious node records control traffic at one location and tunnels it to a colluding node, possibly far away, which replays it locally. One of the control traffic attacks’ incarnations is the wormhole attack that can be used to prevent route establishment by preventing nodes from discovering legitimate routes that are more than two hops away. These attacks have been addressed by many researchers, however, most of the presented work is either limited to static scenarios, require expensive hardware or suffer from high overhead and performance degradation. In this paper, we present a scalable countermeasure for the control traffic tunneling attack, called CTAC, which alleviates these drawbacks and efficiently mitigates the attack in both static and mobile networks. CTAC uses trusted nodes called cluster heads (CH) for global tracking of node locations and profile keeping. Local monitoring is used to detect and isolate malicious nodes locally. Additionally, when sufficient suspicion builds up at a CH, it enforces a global isolation of the malicious node from the whole network. The performance gain, the relatively low overhead, and the positive impact of CTAC on the data traffic fidelity are brought out through analysis and extensive simulation using ns-2. The results show that CTAC achieves higher detection ratio and faster isolation time while considerably decreases the overhead energy and the end-to-end delay compared to the state-of-the art schemes.     

An image steganographic algorithm based on spatial desynchronization

Calibration based attack is one of the most important steganalytic attacks in recent past specifically for JPEG domain steganography. In calibration attack, the attacker generally predicts the cover image statistics from the stego image. Preventing attackers from such prediction is used to resist these attacks. Domain separation (or randomization) is such a technique which is used for hiding the embedding domain from the attacker. It is observed that existing domain randomization techniques cannot provide enough randomization such that they are easily be detected by recent steganalysis techniques. In this paper, we have extended our previous work based on spatial desynchronization using statistical analysis. It is also experimentally shown that proposed algorithm is less detectable against the calibration based blind as well as targeted steganalytic attacks than the existing JPEG domain steganographic schemes.     

基于动态授权的信任度证明机制

提出一种基于动态授权的信任证明机制（proof of trust,简称PoT）,并在该机制的基础上修正了现有区块生成策略中存在的诸如权益粉碎攻击和贿赂攻击等问题.PoT将网络中的节点分为矿工节点和基本权益代表（stakeholder）节点,根据节点参与创建区块的行为赋予其相应的信任度,stakeholder节点对区块进行签名操作并赋予区块信任度,最终根据区块所获得信任度权重竞争上链.同时,还针对贿赂攻击和常见的权益累积攻击的攻击成本以及系统对于攻击的反应进行了分析.仿真实验的结果表明,PoT机制在应对权益粉碎攻击、贿赂攻击以及权益累积攻击方面相比于传统权益证明机制有着显著优势.     

LiteWorp: Detection and isolation of the wormhole attack in static multihop wireless networks

In multihop wireless systems, such as ad hoc and sensor networks, the need for cooperation among nodes to relay each other’s packets exposes them to a wide range of security attacks. A particularly devastating attack is known as the wormhole attack, where a malicious node records control and data traffic at one location and tunnels it to a colluding node far away, which replays it locally. This can either disrupt route establishment or make routes pass through the malicious nodes. In this paper, we present a lightweight countermeasure for the wormhole attack, called LiteWorp, which relies on overhearing neighbor communication. LiteWorp is particularly suitable for resource-constrained multihop wireless networks, such as sensor networks. Our solution allows detection of the wormhole, followed by isolation of the malicious nodes. Simulation results show that every wormhole is detected and isolated within a very short period of time over a large range of scenarios. The results also show that the fraction of packets lost due to the wormhole when LiteWorp is applied is negligible compared to the loss in an unprotected network. Simulation results bring out the configuration where no framing is possible, while still having high detection rate. Analysis is done to show the low resource consumption of LiteWorp, the low detection latency, and the likelihood of framing by malicious nodes.