IKE分析与改进

因特网密钥交换协议(IKE)是一种网络信息安全协议。作为一种混合型协议，由于其复杂性．它的安全性引起了人们的重视。文中针对其安全性进行了探讨。介绍了密钥交换协议IKE的相关知识及其工作原理，在此基础上分析了中间人攻击、重放攻击及拒绝服务攻击的基理，结合IKE的工作过程，分析IKE遭受三种攻击的方式和可能性，提出用“联锁协议”在IKE中防“中间人攻击”，通过消息ID防“重放攻击”并研究了用来防止“拒绝服务攻击”的Cookie的生成问题。     

Effects of cyber security knowledge on attack detection

Ensuring cyber security is a complex task that relies on domain knowledge and requires cognitive abilities to determine possible threats from large amounts of network data. This study investigates how knowledge in network operations and information security influence the detection of intrusions in a simple network. We developed a simplified Intrusion Detection System (IDS), which allows us to examine how individuals with or without knowledge in cyber security detect malicious events and declare an attack based on a sequence of network events. Our results indicate that more knowledge in cyber security facilitated the correct detection of malicious events and decreased the false classification of benign events as malicious. However, knowledge had less contribution when judging whether a sequence of events representing a cyber-attack. While knowledge of cyber security helps in the detection of malicious events, situated knowledge regarding a specific network at hand is needed to make accurate detection decisions. Responses from participants that have knowledge in cyber security indicated that they were able to distinguish between different types of cyber-attacks, whereas novice participants were not sensitive to the attack types. We explain how these findings relate to cognitive processes and we discuss their implications for improving cyber security.     

Protecting shared information in networks: A network security game with strategic attacks

A digital security breach, by which confidential information is leaked, does not only affect the agent whose system is infiltrated but is also detrimental to other agents socially connected to the infiltrated system. Although it has been argued that these externalities create incentives to underinvest in security, this presumption is challenged by the possibility of strategic adversaries that attack the least protected agents. In this paper we study a new model of security games in which agents share tokens of sensitive information in a network of contacts. The agents have the opportunity to invest in security to protect against an attack that can be either strategically or randomly targeted. We show that, in the presence of random attack, underinvestments always prevail at the Nash equilibrium in comparison with the social optimum. Instead, when the attack is strategic, either underinvestments or overinvestments are possible, depending on the network topology and on the characteristics of the process of the spreading of information. Actually, agents invest more in security than socially optimal when dependencies among agents are low (which can happen because the information network is sparsely connected or because the probability that information tokens are shared is small). These overinvestments pass on to underinvestments when information sharing is more likely (and therefore, when the risk brought by the attack is higher). In order to keep our analysis tractable, some of our results on strategic attacks make an assumption of homogeneity in the network, namely, that the network is vertex‐transitive. We complement these results with an analysis on star graphs (which are nonhomogeneous), which confirms that the essential lines of our findings can remain valid on general networks.     

基于口令的客户端/服务器认证协议

身份认证是建立客户端和服务器之间安全会话的前提条件。Kim和Chung提出了一种双方的双向认证方案,其以较小的计算量得到了学者们的关注。但经分析发现,该方案并不安全：无法抵抗离线口令猜测攻击和无限次在线口令猜测攻击,也不能防止服务器伪装攻击。为了解决这些安全隐患,利用非对称Rabin密码体制提出了一种改进的方案,并基于BAN逻辑对方案的正确性进行了严格验证。最后还分析了新方案的安全性和性能。     

模拟复杂网络下子网络节点抗攻击设计

针对复杂网络节点受攻击而出现的安全性问题,提出在模拟复杂网络基础上结合Feistel算法的子网络节点抵抗攻击方法;该方法通过子网络节点定位参数集,建立恶意节点位置模型,并确定定位真实精度;而后利用Feistel算法对节点密文进行加密处理,进而使加密信息恢复成明文信息,完成模拟复杂网络下子网络节点的抗攻击方法改进;结果证明,该方法不仅能够准确地对恶意节点进行定位,而且增强了节点抗攻击性能,提升了网络安全性。     

安全协议中防御拒绝服务攻击的请求成功率保证算法

安全协议在维护网络安全的过程中,都需要采用密码算法来达到其安全的目的.在其运行的初始阶段,要进行复杂计算,并需保存相关状态信息,这使得其存在拒绝服务攻击的安全隐患.本文分析针对安全协议的拒绝服务攻击方式,并重点讨论防御攻击的puzzle方法,定量的研究其防御拒绝服务攻击的过程,给出了难度系数的调整公式,进一步提出请求成功率保证算法,能根据需要动态调整防御拒绝服务攻击的强度,进而提高安全协议的安全性和系统的运行效率.     

基于模糊信息融合的网络化系统安全态势评估

网络化系统安全态势知识的获得不是孤立的,它通过对攻击频率、攻击难易性和攻击严重性等攻击要素的关联和服务、主机、网络3层的态势融合构成了一个复杂的系统工程。通过识别攻击要素间具有相互依赖的关联关系,该文使用模糊信息融合技术对攻击要素进行关联,在服务、主机、网络3个层次使用统计技术完成相应的态势信息融合过程。实验表明,模型可以真实地反映安全态势情况。     

基于扩展ROM技术的网络安全隔离卡设计

漏洞扫描还不能完全将网络终端中存在的各种复杂攻击检出,许多传统安全技术时常失效,从信息安全技术层面上还不能有效解决现代网络中的安全问题。该文介绍了PCI扩展ROM规范、网络通信链路切换机制和机密信息存储原理,分析了主机和外部设备互连关系以及攻击特征,提出一种新的基于扩展ROM防止机密信息泄漏的安全网络终端结构,该结构支持网络终端内外网的物理隔离。     

PLC攻防关键技术研究进展

震网病毒爆发之后,工控系统开始逐渐成为攻击者的主要攻击目标之一。随着对工业控制系统不断的不断了解,攻击者的攻击手段日益复杂化,攻击手段更加复杂,应用技术更加先进,攻击手法更加多样。PLC作为工业控制系统中重要的基础性控制设备,其面临的信息安全问题值得重视。论文从攻防的角度,首先对PLC的基本结构和工作原理进行了深入剖析,分析其脆弱性;然后对PLC攻击技术进行了分类,并详细分析了各类攻击技术的攻击原理;对国内外PLC安全防护技术领域的研究进行了概括性的总结和归纳;最后给出了PLC信息安全的未来研究趋势及展望。     

A semantic approach to improving machine readability of a large-scale attack graph

Automation in cyber security can be achieved by using attack graphs. Attack graphs allow us to model possible paths that a potential attacker can use to intrude into a target network. In particular, graph representation is often used to increase visibility of information, but it is not effective when a large-scale attack graph is produced. However, it is inevitable that such a voluminous attack graph is generated by modeling a variety of data from an increasing number of network hosts. Therefore, we need more intelligent ways of inferring the knowledge required to harden network security from the attack graph, beyond getting information such as possible attack paths. Ontology technology enables a machine to understand information and makes it easier to infer knowledge based on relational facts from big data. Constructing ontology in the domain of attack graph generation is a prerequisite for increasing machine intelligence and implementing an automated process. In this paper, we propose a semantic approach to make a large-scale attack graph machine readable. The approach provides several benefits. First, users can obtain relational facts based on reasoning from a large-scale attack graph, and the semantics of an attack graph can provide intuition to users. In addition, intelligence-based security assessment can be possible using the obtained ontological structures. By improving the machine readability of an attack graph, our approach could lead to automated assessment of network security.

     

浅谈现今网络威胁的变化趋势

网络应用的不断丰富，将使全世界的计算机都能通过Intemet联到一起，信息安全的内涵也就发生了根本的变化，未来的信息网络安全形势将日益复杂。当前网络上的各种攻击行为和用户面临的威胁发生了很大的变化，文章主要研究了网络威胁的变化趋势，包括目的的变化、攻击行为的变化、传播速度变化、攻击工具的变化、攻击者的变化、攻击形式的变化等     

面向攻击者的入侵告警分析系统设计与实现

现有攻击行为分析技术大致可以分为“面向网络”和“面向攻击者”两类。与传统的“面向网络”的分析方法相比,“面向攻击者”的分析方法更多地考虑了主体相关性等因素,因此分析结果更为准确、可靠。基于以往在攻击行为分析技术领域的相关研究成果,设计并实现了一种面向攻击者的入侵告警分析原型系统CABAS。基于Darpa2000数据集的离线测试结果表明,该系统能够实现对多方合作的复杂攻击进行准确分析,大大提高安全管理工作的有效性。     

一种基于非均匀离散傅立叶变换的鲁棒音频水印算法

基于离散傅立叶变换（DFT）的音频水印算法对常规信号处理操作具有较高的鲁棒性，然而，在DFT域的固定频率点嵌入水印信息易受频域攻击，导致此类水印算法存在安全隐患．为进一步说明这种安全隐患，本文描述了一种新颖的频域攻击方法，仿真结果表明采用该方法可以在不影响含水印音频信号听觉感知质量的条件下有效去除水印信息．针对上述问题，本文提出了一种基于非均匀离散傅立叶变换（NDFT）的鲁棒音频水印算法．该算法基于NDFT可以任意选择频率点的特性，利用混沌映射随机选取NDFT域的水印嵌入频率点，以实现水印嵌入位置的随机性．此外，引入另一个混沌映射置乱加密待嵌入的水印信息以提高算法抵抗拷贝攻击的能力．理论分析和实验结果表明该算法不仅具有抗常规信号处理操作高的鲁棒性，而且能够抵抗频域的恶意攻击，大的密钥空间保证了系统高安全性．     

拟态数据库的网络攻击抵御能力评估和实证

在复杂的网络环境中Web数据库面临诸多威胁和挑战.在传统数据库防护技术的基础上,提出一种基于动态异构冗余体系的拟态数据库应用.针对动态异构冗余的拟态数据库模型进行攻击抵御能力实证评估.重点针对拟态数据库的表决器部分进行评估和实验,从不利用软件漏洞的基础出发,使用应用软件的字符处理特性机制来完成攻击实验.论证得出在满足"...     

适用于无线体域网的动态口令认证协议

无线体域网中传输的是与生命高度相关的敏感数据，身份认证是信息安全保护的第一道防线。现有的基于人体生物信息的身份认证方案存在信息难提取、偶然性大和误差性大的问题，基于传统密码学的认证方案需较大计算资源和能量消耗，并不适用于无线体域网环境。为此，在动态口令和非对称加密机制基础上，提出一种适用于无线体域网的动态口令双向认证轻量协议，并对其进行形式化分析。通过理论证明、SVO逻辑推理及SPIN模型检测得出：该协议满足双向认证，且能够抵御重放攻击、伪装攻击、拒绝服务器攻击和口令离线攻击，具有较高安全性。     

Economic incentives in security information sharing: the effects of market structures

The past few years have witnessed numerous information security incidents throughout the world, which unfortunately become increasingly tough to be completely addressed just by technology solutions such as advanced firewalls and intrusion detection systems. In addition to technology components, Internet environment can be viewed as a complex economic system consisting of firms, hackers, government sectors and other participants, whose economic incentives should be taken into account carefully when security solutions are formulated. In order to better protect information assets, information security economics as an emerging and thriving research branch emerges aiming at attempting to solve the problems of distorted incentives of such stakeholders by means of economic approaches. However, how these participants’ economic incentives for information security improvement change when they evolve between different market structures has remained unknown yet. Using game theory, we develop an analytical framework to investigate the effects of market structures on security investments, information sharing, attack investments, expected profits, expected consumer surplus and expected social welfare. We demonstrate that the levels of security investments, information sharing, attack investments, and expected profits are higher while expected consumer surplus and expected social welfare are lower under Cournot competition than under Bertrand competition. In particular, we surprisingly find that under either type of competition, the demand switch ratio caused by security breaches may benefit firms, consumers, government sectors and harm hackers. Our results provide some relevant managerial insights into formulating the strategies of security investments and information sharing for the firms transforming from one type of competition to the other.     

蜜罐技术在工控安全态势感知中的应用研究

随着工业化与信息化的融合发展,联网工控系统和设备数量持续上升,网络攻击手段复杂多变、重大安全事件频繁发生,不断敲响了工业信息安全警钟。工业控制系统蜜罐技术作为被动诱捕手段之一,能够有效捕获针对工业控制系统发起的网络攻击数据,进而分析攻击手段,剖析黑客活动趋势,在工控安全态势感知领域有着极高的实用价值。本文结合国家工控安全监测与态势感知平台应用结果,分析工控蜜罐的具体作用及功能,并阐述当前工控蜜罐遇到的问题及下一步研究方向。     

基于HIS原理的复杂异构网络异常检测机制

异构网络的融合使网络安全问题更加复杂,独立式的安全机制已不再有效。为此,针对复杂异构网络的传染性和主要的外部网络攻击,提出一个基于人体免疫系统相关原理的异常检测机制,使异构网络中的各网络实体协同工作,检测网络攻击造成的网络异常。模拟实验结果证明,该异常检测机制能有效识别拒绝服务、分布式拒绝服务和蠕虫病毒等网络攻击。     

Attacks Against Cross-Chain Systems and Defense Approaches: A Contemporary Survey

The blockchain cross-chain is a significant technology for inter-chain interconnection and value transfer among different blockchain networks. Cross-chain overcomes the “information island” problem of the closed blockchain network and is increasingly applied to multiple critical areas such as finance and the internet of things (IoT). Blockchain can be divided into three main categories of blockchain networks: public blockchains, private blockchains, and consortium blockchains. However, there are differences in block structures, consensus mechanisms, and complex working mechanisms among heterogeneous blockchains. The fragility of the cross-chain system itself makes the cross-chain system face some potential security and privacy threats. This paper discusses security defects on the cross-chain implementation mechanism, and discusses the impact of the structural features of blockchain networks on cross-chain security. In terms of cross-chain intercommunication, a cross-chain attack can be divided into a multi-chain combination attack, native chain attack, and inter-chain attack diffusion. Then various security threats and attack paths faced by the cross-chain system are analyzed. At last, the corresponding security defense methods of cross-chain security threats and future research directions for cross-chain applications are put forward.

     

How Internet Security Breaches Harm Market Value

Decision-tree induction is an effective technique for examining the factors influencing abnormal stock market returns when security breaches are announced in the public media. In this article, the authors extend a previous study, specifically identifying new relationships between abnormal returns and firm and attack characteristics and subject them to traditional statistical testing. They relate their results to the confidential, integrity, and availability dimensions of information security and discuss the findings' technical and managerial implications. The Web extra for this article presents detailed event data.