共查询到20条相似文献,搜索用时 109 毫秒
1.
This article is concerned with the stability issue of networked switched systems which consist of only unstable subsystems subject to Denial of Service (DoS) attacks. The stability analysis of networked switched systems in the presence of DoS attacks under state-dependent switching is first presented. It is shown that the derived restrictions which differ from those in the existing work are imposed on DoS attack model. Specifically, the proposed conditions to characterize the duration and frequency of DoS attacks are state-dependent and mode-dependent. As a result, the ratio of total duration of DoS attack to the operating time of switched systems is higher than the previous literature. Furthermore, our result is extended to the stability of networked switched affine systems in the presence of DoS attacks. In the end, two simulation examples are given to demonstrate the effectiveness of our work. 相似文献
2.
The radio-based medium of satellite communication systems is vulnerable to interference on physical channels: unintentional interferences occur frequently and jamming attacks can be achieved using low-grade technology. While application layer security protocols cannot defend against denial of service (DoS) attacks where the attacker jams continuously, effective security protocols ensure that communication can continue after such interference has stopped.This paper analyses an authentication and key agreement protocol for satellite communications. The presented analysis reveals that the protocol is susceptible to a new DoS attack, where attackers jam a single message to achieve a permanent DoS condition. A new authentication and key agreement protocol is proposed that additionally addresses the scenario where messages send over the mobile satellite channel may not reach their intended recipient due to accidental or malicious interference. Analysis of the new protocol demonstrates that it is effective in countering the disruptive effects of jamming. 相似文献
3.
Prashant Rajvaidya Krishna N. Ramachandran Kevin C. Almeroth 《Journal of Network and Systems Management》2004,12(3):297-326
A lack of mechanisms to monitor and manage multicast networks has adversely affected progress in several areas critical for successful deployment. One such area involves discovering and solving multicast security vulnerabilities. Although a number of vulnerabilities exist, the most troubling are a set of easily exploited Denial-of-Service (DoS) attacks. The main reason for this concern is that the one-to-many nature of multicast can significantly magnify the effects of these attacks. Among the possible multicast DoS attacks, those that target the the Multicast Source Discovery Protocol (MSDP) can be most damaging. MSDP vulnerabilities are unusually easy to exploit and can lead to infrastructure-wide damage. In this paper, our goal is to develop a security framework that protects against DoS attacks through detection and then deflection. In developing our framework, we first examine the vulnerability of multicast protocols, to DoS attacks. We use data collected with our global monitoring infrastructure, Mantra, to analyze the nature and effects of attacks that have already occurred. We then create additional, more virulent strains. Finally, we propose a family of solutions to detect and deflect the effects of each attack. Our techniques are evaluated by simulating their effectiveness against both real and simulated workloads. 相似文献
4.
针对一类网络化控制系统,当考虑网络控制系统遭受PWM (Pulsewidth-Modulated)型DoS (Denial-of-Service, DoS)攻击时,提出一种基于缓存机制的记忆型事件触发机制策略.本文考虑的DoS攻击可检测,并且攻击的周期时长以及每周期内的最短休眠时间已知.为了减少网络控制系统中数据包的发送频次,本文设计了基于相对误差的新型事件触发策略,与传统事件触发策略相比,通过增加缓存器来有效利用已经发送的历史采样数据,最终达到改善系统动态过程的目的.接下来,综合考虑网络攻击和事件触发方案,建立了网络化切换系统模型,构造分段李雅普诺夫泛函,推导出系统指数稳定的结论并且对控制器增益及事件触发参数进行协同设计.最后,通过仿真案例,验证了所提出方法的有效性. 相似文献
5.
研究了DoS攻击下网络化控制系统基于观测器的控制器设计问题.首先,提出了一种具有多个增益的切换Luenberger观测器,实现了无DoS攻击时系统状态的间歇性估计.根据获得的估计值,控制器同时计算了系统当前以及未来一段时域的控制信号,并将其封装在一个数据包中发送给执行器,保证了系统在有无DoS攻击时都有合适的控制输入更新.其次,利用构造的切换系统对DoS攻击下观测器与控制器的不同动态进行了统一的建模,基于多Lyapunov函数方法推导了任意切换律下系统指数稳定的充分条件,并给出了相应的观测器与控制器设计方法.最后,通过网络化倒立摆系统的实验验证了所提方法的有效性. 相似文献
6.
本文研究了DoS攻击下网络化控制系统记忆型事件触发预测补偿控制问题. 首先, 由于网络带宽资源有限
和系统状态不完全可观测性, 引入了记忆型事件触发函数, 为观测器提供离散事件触发传输方案. 然后, 分析了网络
传输通道上发生的DoS攻击. 结合上述记忆型事件触发方案, 在控制节点设计一类新颖的预测控制算法, 节省网络
带宽资源并主动补偿DoS攻击. 同时, 建立了基于观测器的记忆型事件触发预测控制的闭环系统, 并且分析稳定性.
通过线性矩阵不等式(LMI)和Lyapunov稳定性理论, 建立了控制器、观测器和记忆型事件触发矩阵的联合设计方案,
并验证了该方案的可行性. 仿真结果表明, 该方案结合记忆型事件触发机制可以有效补偿DoS攻击, 节约网络带宽
资源. 相似文献
7.
The Universal Mobile Telecommunication Standard (UMTS) is continuously evolving to meet the growing demand of modern mobile and Internet applications for high capacity and advanced features in security and quality of service. Although admittedly enhanced in terms of security when compared to 2G systems, UMTS still has weaknesses that can lead to security incidents. In this paper, we investigate the vulnerabilities of the UMTS security architecture that can be exploited by a malicious individual to mount Denial of Service (DoS) attacks. Our focus is on signaling-oriented attacks above the physical layer. We describe and analyze several novel attacks that can be triggered against both core UMTS architecture as well as hybrid UMTS/WLAN realms. An additional contribution of this paper is the presentation of an extensive survey of similar attacks in UMTS and related protocol infrastructures such as IP Multimedia Subsystem (IMS). Finally, we offer some suggestions that would provide greater tolerance to the system against DoS attacks. 相似文献
8.
本 文 研 究 了 一 类 带 有 多 率 采 样 的 线 性 多 智 能 体 系 统(Multiagent Systems, MASs)在 拒 绝 服
务(Denial-of-Service, DoS)攻击下的安全一致性控制问题, 其中DoS攻击通常阻断智能体之间的信息传输. 本文将多
率采样在网络化控制系统中的结果推广到了多智能体系统, 并考虑了非理想通信网络环境. 首先, 通过引入一个匹
配机制来同步由多率采样引起的智能体不同状态分量的采样数据. 然后, 在DoS攻击下, 针对带有多率采样的线
性MAS提出了一个基于多率采样的安全一致性控制器. 通过使用李雅普诺夫稳定性理论和切换系统方法, 获得了
包含DoS 攻击持续时间以及攻击频率的安全一致性充分条件. 最后, 给出了一个仿真例子来验证所提方法的有效
性, 并给出了多率采样与单率采样机制的性能对比分析. 相似文献
9.
《Computer Networks》2007,51(12):3564-3573
In most network security analysis, researchers mainly focus on qualitative studies on security schemes and possible attacks, and there are few papers on quantitative analysis in the current literature. In this paper, we propose one queueing model for the evaluation of the denial of service (DoS) attacks in computer networks. The network under DoS attacks is characterized by a two-dimensional embedded Markov chain model. With this model, we can develop a memory-efficient algorithm for finding the stationary probability distribution which can be used to find other interesting performance metrics such as the connection loss probability and buffer occupancy percentages of half-open connections for regular traffic and attack traffic. Different from previous works in the literature, this paper gives a more general analytical approach to the study of security measures of a computer network under DoS attacks. We hope that our approach opens a new avenue to the quantitative evaluation of more complicated security schemes in computer networks. 相似文献
10.
拒绝服务攻击的分析和防范 总被引:6,自引:0,他引:6
由于现有网络体系结构和网络协议中的缺陷和弱点,以及多年来网络系统累积下了无数的漏洞,使得网络安全越来越成为人们关注的焦点。拒绝服务攻击是黑客攻击系统时经常用到的一种方法,黑客们正醉心于对它的研究,而无数的网络用户将成为这种攻击的受害者。拒绝服务攻击的手段很多,给研究者的分析、判定、防御和恢复造成了很大困难。该文从多个方面对拒绝服务攻击进行了剖析,预测了发展趋势,提出了系统的防御解决方案。同时还给不负责任或缺乏经验的网络管理员敲响了警钟,必须加强安全意识,不断提高和强化网络安全设施,维护网络安全是大家共同的职责。 相似文献
11.
针对拒绝服务(denial-of-service, DoS)攻击下一类二阶多智能体系统的安全分组一致性协同控制问题,区别于同类工作,在非周期性多信道独立的攻击场景下,基于复杂系统中智能体间的合作与竞争交互,提出一种新的带有状态估计器的安全分组一致性控制协议.在该协议的作用下,首先,给出DoS攻击持续时间的约束条件,通过设计合适的李雅普诺夫函数,结合求解代数黎卡提方程得到不同攻击模式下信道的衰减率;然后,通过引入与各个信道对应的等效衰减率,克服所得衰减率与信道难以匹配的问题,并给出系统的稳定性判据;最后,通过数值实验验证理论分析所得结论的正确性和有效性. 相似文献
12.
《Computer Networks》2007,51(3):655-670
In this paper we study two access control protocols which have similar two-layer access control architectures for wireless networks in public places. The first protocol, called the Lancaster protocol, employs user password for authentication and enforces access control at the IP layer; while the second protocol, referred to as the Stanford protocol, uses public key cryptosystems (PKC) for authentication and performs access control at the link layer. Although both protocols are intended to restrict access to wireless networks only to authorized users, our analysis shows that both protocols have serious security flaws which make them vulnerable to attacks. Then we propose a password-based protocol and a PKC-based protocol for the Lancaster architecture and the Stanford architecture, respectively. Both of our protocols provide mutual authentication, perfect forward secrecy and access control for wireless networks. Moreover, they also provide DoS resistance and identity confidentiality for the client. We present detailed security and performance analysis for our protocols, and show that both of our protocols are secure and efficient for access control in wireless networks. 相似文献
13.
Client puzzles have been advocated as a promising countermeasure to denial-of-service (DoS) attacks in recent years. However,
how to operationalize this idea in network protocol stacks still has not been sufficiently studied. In this paper, we describe
our research on a multi-layer puzzle-based DoS defense architecture, which embeds puzzle techniques into both end-to-end and
IP-layer services. Specifically, our research results in two new puzzle techniques: puzzle auctions for end-to-end protection and congestion puzzles for IP-layer protection. We present the designs of these approaches and evaluations of their efficacy. We demonstrate that
our techniques effectively mitigate DoS threats to IP, TCP and application protocols; maintain full interoperability with
legacy systems; and support incremental deployment. We also provide a game theoretic analysis that sheds light on the potential
to use client puzzles for incentive engineering: the costs of solving puzzles on an attackers’ behalf could motivate computer
owners to more aggressively cleanse their computers of malware, in turn hindering the attacker from capturing a large number
of computers with which it can launch DoS attacks. 相似文献
14.
针对存在拒绝服务(DoS)攻击与执行器故障的工业信息物理融合系统(ICPS),将机理解析与数据驱动方法相结合,在新型自适应事件触发通信机制下,研究双重安全控制问题.首先,设计自适应事件触发机制,能够触发参数随系统行为动态自适应变化,节约更多网络通信资源;其次,基于系统最大允许时延建立攻击检测机制,可以有效区分大、小能量DoS攻击;再次,基于极限学习机算法(ELM)建立时序预测模型,用于大能量DoS攻击时重构修正控制量,以主动容侵攻击的影响,并给出与小能量攻击时机理解析的弹性被动容侵来提升系统对攻击的防御能力;然后,借助T-S模糊理论、时滞系统理论、新型Bessel-Legendre不等式等,推证得到系统鲁棒观测器及双重安全控制器的解析求解方法,使双重安全控制与通讯性能得到折衷协同提升;最后,通过实例仿真验证所提出方法的有效性. 相似文献
15.
路由优化中的安全问题是MIPv6研究的热点。本文阐述了MIPv6路由优化过程中的安全威胁,分析了现有的MIPv6安全路由优化方法,提出了基于身份的MIPv6快速安全路由优化。通过分析比较,基于身份的MIPv6快速安全路由优化能够抵御重定向攻击、中间人攻击和拒绝服务攻击,并用对称加密机制生成绑定更新认证码,提高路由优化速度。 相似文献
16.
17.
针对信息物理系统(CPS)安全控制设计问题,提出拒绝服务(DoS)攻击下具有任意有界丢包的事件触发预测控制(ETPC)方法.首先,考虑DoS攻击能量的有限性及攻击行为的任意性,将DoS攻击描述为事件触发通信机制下的任意有界丢包;其次,在控制器端利用最近一次收到的状态信息进行控制器增益序列的预测设计以补偿DoS攻击造成的数据包丢失;随后,基于Lyapunov稳定性理论及切换系统分析方法考虑了DoS攻击下CPS的安全性并给出了控制序列设计方法.所提出的ETPC设计方法只需利用最近时刻收到的状态信息,无需满足传统CPS稳定性对最大允许丢包数的约束,为大时滞CPS的稳定性分析及控制提供了有效的解决方案.最后,通过仿真实例验证所提出的基于事件触发预测控制设计方法的有效性. 相似文献
18.
身份验证是网络应用系统中的第一道防线,目的是验证通信双方的身份,防止非法用户窃取和假冒合法用户.尽管通过口令是最方便的身份验证方法,但它也伴随着字典攻击的威胁.分析了常用的几种一次性口令身份认证方案,在挑战-响应方案基础上,利用安全单向哈希函数提出并设计了一种新型身份验证方案.该方案不仅明显减少了认证服务器的开销,而且能有效地抵御字典攻击、拒绝服务攻击等攻击手段,显著增强了应用系统的安全性. 相似文献
19.
20.
Badishi G. Keidar I. Sasson A. 《Dependable and Secure Computing, IEEE Transactions on》2006,3(1):45-61
We propose a framework and methodology for quantifying the effect of denial of service (DoS) attacks on a distributed system. We present a systematic study of the resistance of gossip-based multicast protocols to DoS attacks. We show that even distributed and randomized gossip-based protocols, which eliminate single points of failure, do not necessarily eliminate vulnerabilities to DoS attacks. We propose Drum - a simple gossip-based multicast protocol that eliminates such vulnerabilities. Drum was implemented in Java and tested on a large cluster. We show, using closed-form mathematical analysis, simulations, and empirical tests, that Drum survives severe DoS attacks. 相似文献