采用工作量证明共识机制的区块链中挖矿攻击者间的“鲶鱼效应”

近年来,采用工作量证明共识机制(Proof of Work,PoW)的区块链被广泛地应用于以比特币为代表的数字加密货币中.自私挖矿攻击(Selfish mining)等挖矿攻击(Mining attack)策略威胁了采用工作量证明共识机制的区块链的安全性.在自私挖矿攻击策略被提出之后,研究者们进一步优化了单个攻击者的挖矿攻击策略.在前人工作的基础上,本文提出了新颖的两阶段挖矿攻击模型,该模型包含拥有单攻击者的传统自私挖矿系统与拥有两个攻击者的多攻击者系统.本文的模型同时提供了理论分析与仿真量化分析,并将两个攻击者区分为内部攻击者与外部攻击者.通过引入内部攻击者与外部攻击者的概念,本文指出传统自私挖矿系统转化为多攻击者系统的条件.本文进一步揭示了在多攻击者系统中两个攻击者将产生竞争并面临着“矿工困境”问题.攻击者间的竞争可被总结为“鲶鱼效应”:外部攻击者的出现导致内部攻击者的相对收益下降至多67.4%,因此内部攻击者需要优化攻击策略.本文提出了名为部分主动发布策略的全新挖矿攻击策略,相较于自私挖矿策略,该策略是半诚实的攻击策略.在特定场景下,部分主动发布策略可以提高攻击者的相对收益并破解攻击者面临的“矿工困境”问题.     

A Network Security Risk Assessment Method Based on a B_NAG Model

Computer networks face a variety of cyberattacks. Most network attacks are contagious and destructive, and these types of attacks can be harmful to society and computer network security. Security evaluation is an effective method to solve network security problems. For accurate assessment of the vulnerabilities of computer networks, this paper proposes a network security risk assessment method based on a Bayesian network attack graph (B_NAG) model. First, a new resource attack graph (RAG) and the algorithm E-Loop, which is applied to eliminate loops in the B_NAG, are proposed. Second, to distinguish the confusing relationships between nodes of the attack graph in the conversion process, a related algorithm is proposed to generate the B_NAG model. Finally, to analyze the reachability of paths in B_NAG, the measuring indexs such as node attack complexity and node state transition are defined, and an iterative algorithm for obtaining the probability of reaching the target node is presented. On this basis, the posterior probability of related nodes can be calculated. A simulation environment is set up to evaluate the effectiveness of the B_NAG model. The experimental results indicate that the B_NAG model is realistic and effective in evaluating vulnerabilities of computer networks and can accurately highlight the degree of vulnerability in a chaotic relationship.     

基于攻击距离的攻击图优化方法

传统网络攻击图的生成随着网络规模扩大存在状态爆炸问题,网络安全管理员往往拿着冗余的攻击图不知所措。为了消除攻击图中不必要的攻击路径,保留下最优的攻击路径以供管理员防御参考,本文利用攻击距离对复杂的攻击图进行了优化。实验结果表明,利用此方法优化后的攻击图保留了最有可能的攻击路径,降低了攻击图的规模,随着网络规模的扩大,效果也越来越明显。     

基于模拟攻击的高校网络安全风险评估研究

针对高校网络目前存在的安全风险,提出一种新型的基于模拟攻击的高校网络安全风险评估模型。该模型综合考虑了单机脆弱性和网络攻击威胁,首先结合原有基于单机脆弱性测出的风险值,模拟攻击者利用网络弱点的入侵过程,产生攻击状态图;然后基于生成的攻击状态图和原有风险值,识别攻击者入侵网络所利用的攻击行为、可能路线及导致的安全状态变化,评估潜在威胁的位置;并对新方法的风险值给出了定量分析,从而为针对性地实施风险控制决策提供更准确的依据。实验结果表明,该模型是正确的,并且平均要比目前存在的风险评估模型多发现大约50%的安全风险。由此可以看出,本模型方法的评估结论较传统方法更为准确。     

基于卡尔曼滤波的电力虚假数据注入攻击检测方法

能源互联网的主体是基于状态估计下的电力系统。虚假数据注入攻击（FDIA）通过恶意篡改或注入电力数据,进而引发错误的状态估计结果。这种攻击方式存在引发大面积停电事故的风险,严重影响能源互联网的正常运行。在matpower 4.0中的IEEE-14节点系统上,利用以残差方程为基础的标准残差检测法和目标函数极值法,对FDIA进行了检测实验。提出了一种基于卡尔曼滤波的FDIA检测方法,并在MATLAB上进行了验证。实验结果表明,该方法可以在短时间内发现FDIA的发生。     

基于改进自注意力机制生成对抗网络的智能电网GPS欺骗攻击防御方法

为了避免全球定位系统欺骗攻击(GSA)对相量测量装置造成的危害,提出了一种基于改进自注意力机制生成对抗网络(SAGAN)的智能电网GSA防御方法.首先,通过引入深度学习参数,构建了改进网络-物理模型,利用历史数据计算得到当前时刻的量测值.然后,在SAGAN的生成器和判别器网络中分别融入一个时间注意力模块,提出了一种用于实现网络-物理模型的改进SAGAN防御方法.通过训练改进SAGAN,得到一对判别器和生成器,利用判别器检测采集的量测值是否遭受GSA,当检测到攻击时,利用生成器生成的数据替换欺骗数据,从而实现智能电网对GSA的主动防御.最后,基于IEEE 14节点和IEEE 118节点系统进行仿真测试,结果验证了所提方法的可行性和有效性.     

几种添加剂对模型石膏性能的影响

研究了N型减水剂、硅溶胶等添加剂对模型石膏凝结时间、强度、吸水率、溶蚀率等性能的影响,并确定了有关性能与添加量之间的关系,得出了最佳添加量。     

Long-term performance of cement paste during combined calcium leaching-sulfate attack: kinetics and size effect

This paper presents experimental results obtained on cement paste samples (water/cement ratio of 0.4) subjected to a low-concentration (15 mmol/l) external sulfate attack during several weeks. Chemical and microstructural analyses include the continuous monitoring of calcium loss and sulfate consumption within the cement paste, periodic layer by layer X-ray diffraction (XRD)/energy-dispersive spectrometer (EDS) analyses of the solid constituents of the cement matrix (ettringite, portlandite, gypsum) within the calcium-depleted part of the samples. Scanning electron microscopy (SEM) and visual observations are used to follow the crack pattern evolution during the external sulfate attack. The relation between the size of the specimen and crack initiation/development is investigated experimentally by performing tests on samples with different thickness/diameter ratios.     

Data-mining based SQL injection attack detection using internal query trees

Detecting SQL injection attacks (SQLIAs) is becoming increasingly important in database-driven web sites. Until now, most of the studies on SQLIA detection have focused on the structured query language (SQL) structure at the application level. Unfortunately, this approach inevitably fails to detect those attacks that use already stored procedure and data within the database system. In this paper, we propose a framework to detect SQLIAs at database level by using SVM classification and various kernel functions. The key issue of SQLIA detection framework is how to represent the internal query tree collected from database log suitable for SVM classification algorithm in order to acquire good performance in detecting SQLIAs. To solve the issue, we first propose a novel method to convert the query tree into an n-dimensional feature vector by using a multi-dimensional sequence as an intermediate representation. The reason that it is difficult to directly convert the query tree into an n-dimensional feature vector is the complexity and variability of the query tree structure. Second, we propose a method to extract the syntactic features, as well as the semantic features when generating feature vector. Third, we propose a method to transform string feature values into numeric feature values, combining multiple statistical models. The combined model maps one string value to one numeric value by containing the multiple characteristic of each string value. In order to demonstrate the feasibility of our proposals in practical environments, we implement the SQLIA detection system based on PostgreSQL, a popular open source database system, and we perform experiments. The experimental results using the internal query trees of PostgreSQL validate that our proposal is effective in detecting SQLIAs, with at least 99.6% of the probability that the probability for malicious queries to be correctly predicted as SQLIA is greater than the probability for normal queries to be incorrectly predicted as SQLIA. Finally, we perform additional experiments to compare our proposal with syntax-focused feature extraction and single statistical model based on feature transformation. The experimental results show that our proposal significantly increases the probability of correctly detecting SQLIAs for various SQL statements, when compared to the previous methods.     

基于FPGA实现AES的侧信道碰撞攻击

为了解决攻击点在能量迹中具体位置的识别问题,在对侧信道碰撞攻击技术研究的基础上,提出了通过计算能量迹中每个采样点的方差来识别攻击点的方差检查技术。并利用基于相关系数的碰撞检测方法,对一种AES的FPGA实现实施了攻击。实验结果表明,方差检查技术可以有效地识别攻击点在能量迹中的具体位置。