入侵检测系统中用户级报文传输机制研究

在分析了骨干网入侵检测系统性能瓶颈的基础上，提出并实现了一种面向入侵检测系统的用户级报文传输机制——ULMM(User-Levd Messaging Mechanism)。该通讯机制采用零拷贝技术，能够将传统TCP／IP协议栈从操作系统中旁路掉，利用异步DMA的方式实现用户层报文传输，从而有效地降低了入侵检测系统的通讯开销。试验证实，采用该通讯机制，大流量网络环境下的入侵检测系统可以获得很高的报文处理速率和CPU空闲率。     

Multi-Attack Intrusion Detection System for Software-Defined Internet of Things Network

Currently, the Internet of Things (IoT) is revolutionizing communication technology by facilitating the sharing of information between different physical devices connected to a network. To improve control, customization, flexibility, and reduce network maintenance costs, a new Software-Defined Network (SDN) technology must be used in this infrastructure. Despite the various advantages of combining SDN and IoT, this environment is more vulnerable to various attacks due to the centralization of control. Most methods to ensure IoT security are designed to detect Distributed Denial-of-Service (DDoS) attacks, but they often lack mechanisms to mitigate their severity. This paper proposes a Multi-Attack Intrusion Detection System (MAIDS) for Software-Defined IoT Networks (SDN-IoT). The proposed scheme uses two machine-learning algorithms to improve detection efficiency and provide a mechanism to prevent false alarms. First, a comparative analysis of the most commonly used machine-learning algorithms to secure the SDN was performed on two datasets: the Network Security Laboratory Knowledge Discovery in Databases (NSL-KDD) and the Canadian Institute for Cybersecurity Intrusion Detection Systems (CICIDS2017), to select the most suitable algorithms for the proposed scheme and for securing SDN-IoT systems. The algorithms evaluated include Extreme Gradient Boosting (XGBoost), K-Nearest Neighbor (KNN), Random Forest (RF), Support Vector Machine (SVM), and Logistic Regression (LR). Second, an algorithm for selecting the best dataset for machine learning in Intrusion Detection Systems (IDS) was developed to enable effective comparison between the datasets used in the development of the security scheme. The results showed that XGBoost and RF are the best algorithms to ensure the security of SDN-IoT and to be applied in the proposed security system, with average accuracies of 99.88% and 99.89%, respectively. Furthermore, the proposed security scheme reduced the false alarm rate by 33.23%, which is a significant improvement over prevalent schemes. Finally, tests of the algorithm for dataset selection showed that the rates of false positives and false negatives were reduced when the XGBoost and RF algorithms were trained on the CICIDS2017 dataset, making it the best for IDS compared to the NSL-KDD dataset.     

HDLIDP: A Hybrid Deep Learning Intrusion Detection and Prevention Framework

Distributed denial-of-service (DDoS) attacks are designed to interrupt network services such as email servers and webpages in traditional computer networks. Furthermore, the enormous number of connected devices makes it difficult to operate such a network effectively. Software defined networks (SDN) are networks that are managed through a centralized control system, according to researchers. This controller is the brain of any SDN, composing the forwarding table of all data plane network switches. Despite the advantages of SDN controllers, DDoS attacks are easier to perpetrate than on traditional networks. Because the controller is a single point of failure, if it fails, the entire network will fail. This paper offers a Hybrid Deep Learning Intrusion Detection and Prevention (HDLIDP) framework, which blends signature-based and deep learning neural networks to detect and prevent intrusions. This framework improves detection accuracy while addressing all of the aforementioned problems. To validate the framework, experiments are done on both traditional and SDN datasets; the findings demonstrate a significant improvement in classification accuracy.     

Multi-Step Detection of Simplex and Duplex Wormhole Attacks over Wireless Sensor Networks

Detection of the wormhole attacks is a cumbersome process, particularly simplex and duplex over the wireless sensor networks (WSNs). Wormhole attacks are characterized as distributed passive attacks that can destabilize or disable WSNs. The distributed passive nature of these attacks makes them enormously challenging to detect. The main objective is to find all the possible ways in which how the wireless sensor network’s broadcasting character and transmission medium allows the attacker to interrupt network within the distributed environment. And further to detect the serious routing-disruption attack “Wormhole Attack” step by step through the different network mechanisms. In this paper, a new multi-step detection (MSD) scheme is introduced that can effectively detect the wormhole attacks for WSN. The MSD consists of three algorithms to detect and prevent the simplex and duplex wormhole attacks. Furthermore, the proposed scheme integrated five detection modules to systematically detect, recover, and isolate wormhole attacks. Simulation results conducted in OMNET++ show that the proposed MSD has lower false detection and false toleration rates. Besides, MSD can effectively detect wormhole attacks in a completely distributed network environment, as suggested by the simulation results.     

A Fused Machine Learning Approach for Intrusion Detection System

The rapid growth in data generation and increased use of computer network devices has amplified the infrastructures of internet. The interconnectivity of networks has brought various complexities in maintaining network availability, consistency, and discretion. Machine learning based intrusion detection systems have become essential to monitor network traffic for malicious and illicit activities. An intrusion detection system controls the flow of network traffic with the help of computer systems. Various deep learning algorithms in intrusion detection systems have played a prominent role in identifying and analyzing intrusions in network traffic. For this purpose, when the network traffic encounters known or unknown intrusions in the network, a machine-learning framework is needed to identify and/or verify network intrusion. The Intrusion detection scheme empowered with a fused machine learning technique (IDS-FMLT) is proposed to detect intrusion in a heterogeneous network that consists of different source networks and to protect the network from malicious attacks. The proposed IDS-FMLT system model obtained 95.18% validation accuracy and a 4.82% miss rate in intrusion detection.     

Blockchain Assisted Intrusion Detection System Using Differential Flower Pollination Model

Cyberattacks are developing gradually sophisticated, requiring effective intrusion detection systems (IDSs) for monitoring computer resources and creating reports on anomalous or suspicious actions. With the popularity of Internet of Things (IoT) technology, the security of IoT networks is developing a vital problem. Because of the huge number and varied kinds of IoT devices, it can be challenging task for protecting the IoT framework utilizing a typical IDS. The typical IDSs have their restrictions once executed to IoT networks because of resource constraints and complexity. Therefore, this paper presents a new Blockchain Assisted Intrusion Detection System using Differential Flower Pollination with Deep Learning (BAIDS-DFPDL) model in IoT Environment. The presented BAIDS-DFPDL model mainly focuses on the identification and classification of intrusions in the IoT environment. To accomplish this, the presented BAIDS-DFPDL model follows blockchain (BC) technology for effective and secure data transmission among the agents. Besides, the presented BAIDS-DFPDL model designs Differential Flower Pollination based feature selection (DFPFS) technique to elect features. Finally, sailfish optimization (SFO) with Restricted Boltzmann Machine (RBM) model is applied for effectual recognition of intrusions. The simulation results on benchmark dataset exhibit the enhanced performance of the BAIDS-DFPDL model over other models on the recognition of intrusions.     

基于服务接触理论的社区团购服务系统设计研究

目的 将服务接触理论应用在社区团购服务中,分析社区团购中的服务接触,准确获取用户需求,改善用户体验,并提出服务系统改进设计方案。方法 首先,对社区团购中各要素之间的服务接触进行梳理,结合用户行为分析得出服务接触点,运用问卷调查法对服务接触点进行用户满意度评价,筛选出服务缺口,即评价值较低的服务接触点,以此挖掘出用户需求,并建立其与系统功能之间的有效映射关系,得到社区团购服务系统功能指标;其次,通过建立用户对系统功能指标满意度的SEM模型,确定各功能指标对用户满意度的影响权重大小,以指导设计。结论 完成了社区团购服务蓝图的构建及其相关配套设施的创新设计。该理论方法与实践路径能帮助获取用户多元化需求,把握社区团购服务系统设计重点,为其他同类型服务设计提供理论与实践参考。     

Improving the Detection Rate of Rarely Appearing Intrusions in Network-Based Intrusion Detection Systems

In network-based intrusion detection practices, there are more regular instances than intrusion instances. Because there is always a statistical imbalance in the instances, it is difficult to train the intrusion detection system effectively. In this work, we compare intrusion detection performance by increasing the rarely appearing instances rather than by eliminating the frequently appearing duplicate instances. Our technique mitigates the statistical imbalance in these instances. We also carried out an experiment on the training model by increasing the instances, thereby increasing the attack instances step by step up to 13 levels. The experiments included not only known attacks, but also unknown new intrusions. The results are compared with the existing studies from the literature, and show an improvement in accuracy, sensitivity, and specificity over previous studies. The detection rates for the remote-to-user (R2L) and user-to-root (U2L) categories are improved significantly by adding fewer instances. The detection of many intrusions is increased from a very low to a very high detection rate. The detection of newer attacks that had not been used in training improved from 9% to 12%. This study has practical applications in network administration to protect from known and unknown attacks. If network administrators are running out of instances for some attacks, they can increase the number of instances with rarely appearing instances, thereby improving the detection of both known and unknown new attacks.     

微型电动汽车产品服务系统设计的可持续性研究

目的以微型电动车租赁的用户满意度与商业可持续提升为目标,从利益相关者、产品与服务体系、用户价值与体验质量、商业模式等要素,构建微型电动车租赁服务的系统架构,并对产品服务体系进行整合与创新。方法分析微型电动车服务系统中利益相关者的需求,对系统中产品、服务和系统进行优化和设计,通过共享、互动及利益相关者的延伸与互动等方式,提升微型电动汽车产品服务系统的可持续性。结论提出系统化、模块化的微型电动车设计,以及充电桩的智能化、微型化发展的设计方向、拼车服务机制、电池的梯级利用回收机制,有效增加微型电动汽车的使用率、座位利用率,为后续实现产品服务系统设计的可持续提供设计方法与途径。     

企业职工健康体检车产品服务系统的概念设计

目的 针对企业职工健康体检流程复杂、耗时长、检后沟通不便等问题,深入研究职工医疗体检服务流程,构建企业职工健康体检车服务系统并输出相应的方案设计。方法 首先,通过调研与分析目标人群的健康体检现状、需求以及行为,运用产品服务系统设计的理论与方法,归纳凝练体检车服务系统的设计策略。其次,结合服务设计中的服务蓝图、系统图、服务触点等方法,整合服务系统中利益相关者的需求,进行体检车产品服务系统构建,指导体检车硬件和信息系统设计。结论 基于前期研究结果进行体检车空间布局与规划、人机工效学分析、体检APP的设计输出,在一定程度上优化了企业职工健康体检服务流程,探索了医疗体检的优化模式,提升了用户的体检体验。     

MSICST: Multiple-Scenario Industrial Control System Testbed for Security Research

A security testbed is an important aspect of Industrial Control System (ICS) security research. However, existing testbeds still have many problems in that they cannot fully simulate enterprise networks and ICS attacks. This paper presents a Multiple-Scenario Industrial Control System Testbed (MSICST), a hardware-in-the-loop ICS testbed for security research. The testbed contains four typical process scenarios: thermal power plant, rail transit, smart grid, and intelligent manufacturing. We use a combination of actual physical equipment and software simulations to build the process scenario sand table and use real hardware and software to build the control systems, demilitarized zone, and enterprise zone networks. According to the ICS cyber kill chain, the attacker is modeled, and two typical attack scenarios are constructed in the testbed. Through research into this security solution, whitelist-based host protection and a new Intrusion Detection System (IDS) are proposed and tested.     

Multi-Zone-Wise Blockchain Based Intrusion Detection and Prevention System for IoT Environment

Blockchain merges technology with the Internet of Things (IoT) for addressing security and privacy-related issues. However, conventional blockchain suffers from scalability issues due to its linear structure, which increases the storage overhead, and Intrusion detection performed was limited with attack severity, leading to performance degradation. To overcome these issues, we proposed MZWB (Multi-Zone-Wise Blockchain) model. Initially, all the authenticated IoT nodes in the network ensure their legitimacy by using the Enhanced Blowfish Algorithm (EBA), considering several metrics. Then, the legitimately considered nodes for network construction for managing the network using Bayesian-Direct Acyclic Graph (B-DAG), which considers several metrics. The intrusion detection is performed based on two tiers. In the first tier, a Deep Convolution Neural Network (DCNN) analyzes the data packets by extracting packet flow features to classify the packets as normal, malicious, and suspicious. In the second tier, the suspicious packets are classified as normal or malicious using the Generative Adversarial Network (GAN). Finally, intrusion scenario performed reconstruction to reduce the severity of attacks in which Improved Monkey Optimization (IMO) is used for attack path discovery by considering several metrics, and the Graph cut utilized algorithm for attack scenario reconstruction (ASR). UNSW-NB15 and BoT-IoT utilized datasets for the MZWB method simulated using a Network simulator (NS-3.26). Compared with previous performance metrics such as energy consumption, storage overhead accuracy, response time, attack detection rate, precision, recall, and F-measure. The simulation result shows that the proposed MZWB method achieves high performance than existing works     

智慧居家养老服务系统设计研究

目的在复杂社会化网络中,灵活运用社会生活产生的大数据,构建设计、技术与管理相结合的智慧居家养老服务系统,解决碎片化的养老服务与多样化的养老需求之间匹配度低的问题。方法将服务设计思维引入养老领域,在调研的基础上归纳居家养老服务生态。借助利益相关者价值网络和服务流程图这两种服务设计可视化工具,剖析科技介入的居家养老服务中存在的服务触点及其关联。结论重新组织智慧居家养老服务的关键触点,提出智慧居家养老服务系统架构,形成养老服务资源、养老生活动态信息和养老服务三者联动的持续性发展链路,有利于合理把握老龄人口需求,提升用户体验,为智慧居家养老体系的创新提供设计学视角的参考。     

预付费用户实现短消息业务的关键技术分析

介绍了目前国内移动智能网系统和短消息系统的现状 ,在此基础上提出了基于移动智能网的预付费用户实现短消息业务的 3种解决方案 ,对各方案进行了分析和比较。最后 ,介绍了CMIN0 2移动智能网系统中预付费短消息业务的实现。     

Enhanced Deep Autoencoder Based Feature Representation Learning for Intelligent Intrusion Detection System

In the era of Big data, learning discriminant feature representation from network traffic is identified has as an invariably essential task for improving the detection ability of an intrusion detection system (IDS). Owing to the lack of accurately labeled network traffic data, many unsupervised feature representation learning models have been proposed with state-of-the-art performance. Yet, these models fail to consider the classification error while learning the feature representation. Intuitively, the learnt feature representation may degrade the performance of the classification task. For the first time in the field of intrusion detection, this paper proposes an unsupervised IDS model leveraging the benefits of deep autoencoder (DAE) for learning the robust feature representation and one-class support vector machine (OCSVM) for finding the more compact decision hyperplane for intrusion detection. Specially, the proposed model defines a new unified objective function to minimize the reconstruction and classification error simultaneously. This unique contribution not only enables the model to support joint learning for feature representation and classifier training but also guides to learn the robust feature representation which can improve the discrimination ability of the classifier for intrusion detection. Three set of evaluation experiments are conducted to demonstrate the potential of the proposed model. First, the ablation evaluation on benchmark dataset, NSL-KDD validates the design decision of the proposed model. Next, the performance evaluation on recent intrusion dataset, UNSW-NB15 signifies the stable performance of the proposed model. Finally, the comparative evaluation verifies the efficacy of the proposed model against recently published state-of-the-art methods.     

利用电话网络自动校时系统的设计及编码格式

讨论精度可达毫秒级的、使用十分简便的电话网络校时服务系统的设计及编码格式。     

网络空间供应链入侵检测及防御子系统的投资合作机制研究

针对由入侵检测及入侵防御子系统所构成的网络空间供应链安全体系,研究供应链上下游企业共同投资安全体系构建的合作协调机制。考虑入侵防御子系统和入侵检测子系统的投资存在成本互补效应,分析了供应链福利最大化情况下的入侵防御子系统和入侵检测子系统的最优安全努力水准,并探讨了离散决策情形下安全体系构建的投资决策机制,以及供应商与零售商共同负责入侵检测与入侵防御子系统的投资决策机制。在此基础上,设计了供应链安全体系构建投资的奖惩协调机制,实现了上下游对不同子系统投资的协调与合作。     

System Travel Time Reliability: A Measure of the Quality of Service of Networks

In this study, the travel time reliability of network systems is measured by travel time limitation as well as two‐terminal reliability. In the network, each arc is a binary random variable weighted by travel time as well as by operational probability. The performance index or QoS of a network system indicates the probability that the source node can successfully travel to the destination node, while satisfying the travel time limitation. Unlike existing literature that evaluated travel time reliability via a single optimization path, the proposed index focuses on the performance of the entire network system. This study presents an efficient decomposition method in computing QoS based on the Dijkstra shortest path method. We employ a small network to demonstrate the algorithm step by step. In addition, computational experiments conducted on a prototype network show that the proposed algorithm is superior to existing methods. Copyright © 2015 John Wiley & Sons, Ltd.     

老年医养服务标准体系构建研究

面向老年人的医养服务是当前我国社会急需面临的社会问题,关系到社会稳定发展。系统分析医养服务模式所处的宏观环境和内部运营机制有利于全面掌握其优势和劣势。标准体系将国内各层次的标准围绕提升老年医养服务质量整合为相对完整的系统,并考虑便于推广等原则。通过GB/T 24421系列标准实施老年医养服务标准体系的构建,充分体现“医”、“养”部分,并以标准明细表的形式反映出医养服务质量。     

Game-Oriented Security Strategy Against Hotspot Attacks for Internet of Vehicles

With the rapid development of mobile communication technology, the application of internet of vehicles (IoV) services, such as for information services, driving safety, and traffic efficiency, is growing constantly. For businesses with low transmission delay, high data processing capacity and large storage capacity, by deploying edge computing in the IoV, data processing, encryption and decision-making can be completed at the local end, thus providing real-time and highly reliable communication capability. The roadside unit (RSU), as an important part of edge computing in the IoV, fulfils an important data forwarding function and provides an interactive communication channel for vehicles and server providers. Additional computing resources can be configured to accommodate the computing requirements of users. In this study, a virtual traffic defense strategy based on a differential game is proposed to solve the security problem of user-sensitive information leakage when an RSU is attacked. An incentive mechanism encourages service vehicles within the hot range to send virtual traffic to another RSU. By attracting the attention of attackers, it covers the target RSU and protects the system from attack. Simulation results show that the scheme provides the optimal strategy for intelligent vehicles to transmit virtual data, and ensures the maximization of users’ interests.