共查询到20条相似文献,搜索用时 15 毫秒
1.
A cyber physical system (CPS) is a complex system that integrates sensing, computation, control and networking into physical processes and objects over Internet. It plays a key role in modern industry since it connects physical and cyber worlds. In order to meet ever-changing industrial requirements, its structures and functions are constantly improved. Meanwhile, new security issues have arisen. A ubiquitous problem is the fact that cyber attacks can cause significant damage to industrial systems, and thus has gained increasing attention from researchers and practitioners. This paper presents a survey of state-of-the-art results of cyber attacks on cyber physical systems. First, as typical system models are employed to study these systems, time-driven and event-driven systems are reviewed. Then, recent advances on three types of attacks, i.e., those on availability, integrity, and confidentiality are discussed. In particular, the detailed studies on availability and integrity attacks are introduced from the perspective of attackers and defenders. Namely, both attack and defense strategies are discussed based on different system models. Some challenges and open issues are indicated to guide future research and inspire the further exploration of this increasingly important area. 相似文献
2.
3.
《IEEE transactions on systems, man, and cybernetics. Part A, Systems and humans : a publication of the IEEE Systems, Man, and Cybernetics Society》2009,39(5):1074-1085
4.
定向网络攻击对网络空间安全构成了极大的威胁,甚至已经成为国家间网络对抗的一种主要形式。本文认为定向网络攻击难以避免,传统的以识别并阻断攻击为核心的防御体系不能很好地应对复杂先进的定向网络攻击,遂提出将追踪溯源作为威慑性防御手段。本文给出了定向网络攻击追踪溯源的形式化定义和分类;充分借鉴了网络欺骗等领域的研究成果,提出通过构建虚实结合的网络和系统环境,采用主被动相结合的方式,追踪溯源定向网络攻击;构建了包括网络服务、主机终端、文件数据、控制信道、行为特征和挖掘分析六个层次的定向网络攻击追踪溯源模型,并系统阐述了模型各层次的内涵及主要技术手段;以此模型为基础,建立了以"欺骗环境构建"、"多源线索提取"、"线索分析挖掘"为主线的追踪溯源纵深体系,多维度追踪溯源定向网络攻击;结合现有攻击模型、追踪溯源理论和典型溯源案例,论证了所建立的模型的有效性。 相似文献
5.
高菲 《计算技术与自动化》2021,40(1):184-188
传统的网络恶意攻击取证方法对恶意攻击行为的检查不全面、恶意攻击行为相似度分辨准确性低。为此,提出了一种分布式异构网络恶意攻击取证及预警方法。利用CVSS计算器对网络恶意攻击行为的严重等级进行评估,结合灰关联分析法建立灰关联模型,对评估要素进行量化处理;在此基础上,获取并处理日志、事件、警告和证据信息,建立证据库。根据取证结果,结合TOP-K预警策略实现分布式异构网络恶意攻击的预警和预警信息储存。实验结果表明,所提方法对恶意攻击行为的查全率和恶意攻击行为相似度分辨的准确性较高,且预警反应耗时较短,不仅能够准确检测恶意攻击行为,还能够及时发出警报,有效维持分布式异构网络的安全性。 相似文献
6.
为了解决传统网络攻击入侵方案在进行网络恶意攻击并行入侵时,存在攻击入侵成功率低、恶意攻击节点失效率高、网络攻击入侵耗时长的问题,提出针对网络恶意攻击并行入侵实验。分析网络恶意攻击中的重要攻击手段—虫洞攻击和并行入侵的网络结构;在抗原信号的基础上,利用树突状细胞算法构建异度方程,确定特征阈值,以确定的特征阈值作为选择入侵路径概率的基础,完成对网络恶意攻击并行入侵的估计。最后通过仿真设计,证明了所提方案相比传统方案的攻击入侵成功率高、恶意攻击节点失效率低、网络攻击入侵耗时短,说明了所提方案的攻击入侵效果更佳,可为今后的网络防御工作提供良好的参考。 相似文献
7.
8.
Pieter Ceelen Sjouke Mauw Saa Radomirovi 《Electronic Notes in Theoretical Computer Science》2008,197(2):31
In the context of Dolev-Yao style analysis of security protocols, we consider the capability of an intruder to dynamically choose and assign names to agents. This capability has been overlooked in all significant protocol verification frameworks based on formal methods. We identify and classify new type-flaw attacks arising from this capability.Several examples of protocols that are vulnerable to this type of attack are given, including Lowe's modification of KSL. The consequences for automatic verification tools are discussed. 相似文献
9.
10.
韩晓松 《网络安全技术与应用》2011,(12):54-56
本文从犯罪社会学的相关理论与国内国际网络恐怖主义活动发展的实际出发,分析网络恐怖主义活动的特点、形式、成因及反恐工作面临的挑战,并提出解决对策。 相似文献
11.
12.
基于主机的检测系统对文件检测能力更强.但是因为开销,成本过高,因此实际中基于网络的检测系统应用场景更广泛,可以部署的节点更多,提升网络恶意代码检测系统的检测能力可以更有效地为之后的恶意代码防御做出支持。但是其节点设备数量虽然多,却相对低端,单台成本更低,不能像主机检测一样将捕捉到的网络数据包还原,即使可以,也费时费力,处理速度跟不上网络流量,将会造成大量的丢包。因此,如果能让检测系统的前端主机在能够不重组数据包就检测出数据包是否为恶意代码意义重大,在不还原数据包的情况下,通过对单包的内容进行检测从而对有问题的包产生告警信息,可以显著增强基于网络的恶意代码检测系统前端主机的检测能力,使其在病毒种植过程中就能探测到异常。 相似文献
13.
Giancarlo Fortino Fabrizio Messina Domenico Rosaci Giuseppe M. L. Sarnè 《IEEE/CAA Journal of Automatica Sinica》2020,7(5):1263-1278
The purpose of the next internet of things (IoT) is that of making available myriad of services to people by high sensing intelligent devices capable of reasoning and real time acting. The convergence of IoT and multi-agent systems (MAS) provides the opportunity to benefit from the social attitude of agents in order to perform machine-to-machine (M2M) coopera-tion among smart entities. However, the selection of reliable partners for cooperation represents a hard task in a mobile and federated context, especially because the trustworthiness of devices is largely unreferenced. The issues discussed above can be synthesized by recalling the well known concept of social resilience in IoT systems, i.e., the capability of an IoT network to resist to possible attacks by malicious agent that potentially could infect large areas of the network, spamming unreliable infor-mation and/or assuming unfair behaviors. In this sense, social resilience is devoted to face malicious activities of software agents in their social interactions, and do not deal with the correct working of the sensors and other information devices. In this setting, the use of a reputation model can be a practicable and effective solution to form local communities of agents on the basis of their social capabilities. In this paper, we propose a framework for agents operating in an IoT environment, called ResIoT, where the formation of communities for collaborative purposes is performed on the basis of agent reputation. In order to validate our approach, we performed an experimental campaign by means of a simulated framework, which allowed us to verify that, by our approach, devices have not any economic convenience to performs misleading behaviors. Moreover, further experimental results have shown that our approach is able to detect the nature of the active agents in the systems (i.e., honest and malicious), with an accuracy of not less than 11% compared to the best competitor tested and highlighting a high resilience with respect to some malicious activities. 相似文献
14.
随着计算机技术的迅猛发展,自然语言处理成为计算机科学领域与人工智能领域中的一个重要方向,且文本知识获取(knowledge acquisition from text, KAT)是人工智能的重要研究内容。当前对于文本研究,大多采用关键字以及机器学习方法,准确率并不高。该文提出了一种基于语义文法的中文网络攻击事件知识获取方法。首先介绍参考FrameNet构建的语义分类和描述框架,它在现代汉语基本句模分类的基础上进行了扩充和改进。其次,重点介绍了攻击文本中最常见的遭受类语义类的设计和形成过程。然后将语义分类和描述框架应用在“网络安全”领域,形成“网络攻击语义类”,并介绍在建立“网络攻击语义类”时遇到的难题,包括文法的设计中对事元的确定、复合句的处理、“的是”结构句型的分析设计、谓词设计等。最后,使用国家某安全部门提供的真实数据进行网络攻击知识抽取,实验表明该方法具有较高的准确率。 相似文献
15.
《Information Security Journal: A Global Perspective》2013,22(2):87-94
ABSTRACT This essay discusses the nature of transnational organized crime (TOC) and its activities affecting today's electronic landscape. It is assumed that the reader is familiar with IT-related information security in general, and therefore the technicalities around networks and information systems will be avoided as many papers and books cover these subjects extensively. Most security practitioners are familiar with the technical aspects of IT-related attacks (referred to here as cyber attacks or crimes) but not so with the organization and structure of the groups behind these attacks. We will further explore the origins and evolution of TOC, and how it influences and is influenced by today's omnipresent ‘speed of thought’ digital society. 相似文献
16.
17.
18.
Returned-Oriented-Programming (ROP)攻击能突破传统防御机制如DEP和W (+) X.目前ROP攻击检测误报率较高,无法准确区分ROP攻击与正常指令执行.ROP攻击需执行系统调用完成攻击,执行系统调用前寄存器须设置为正确的值,并且每条x86指令对应一个或多个gadget.基于上述特点,提出一种有效的二进制代码级ROP攻击检测方法:截获返回指令并作为起始点计算gadget数目,并在系统调用执行前判断寄存器是否被修改为与其参数类型相同的值.该方法不依赖启发式学习,能准确检测栈溢出的ROP攻击.通过动态插桩工具实现原型系统,对ROP攻击和正常程序进行了测试,实验结果表明系统漏报率和误报率较低,且性能损失较小. 相似文献
19.
An RBAC Implementation and Interoperability Standard: The INCITS Cyber Security 1.1 Model 总被引:1,自引:0,他引:1
An operational definition for role-based access control (RBAC) is that permission assignment is based on the role a principal is assuming during a work session. The central underlying concept is thus that IT permissions are assigned to roles rather than directly to users. This level of indirection can provide simpler security administration and finer-grained access control policies. 相似文献
20.
There is an impedance mismatch between message-passing concurrency and virtual machines, such as the JVM. VMs usually map their threads to heavyweight OS processes. Without a lightweight process abstraction, users are often forced to write parts of concurrent applications in an event-driven style which obscures control flow, and increases the burden on the programmer.In this paper we show how thread-based and event-based programming can be unified under a single actor abstraction. Using advanced abstraction mechanisms of the Scala programming language, we implement our approach on unmodified JVMs. Our programming model integrates well with the threading model of the underlying VM. 相似文献