后向攻击技术方案的对比与选择

以空战前向攻击为参照，以对比的方式分析，论证了导弹越肩发射后向攻击和后向发射后向攻击技术方案的特点和存在的问题，在此讨论的基础上，提出了选择空战导弹后向攻击技术方案的倾向性意见。     

混沌序列与一类基于移位寄存器的非线性序列的性能比较

混沌序列与一类基于移位寄存器的非线性序列非线性前馈逻辑(Non-Linear Feed-ForwardLogic,NLFFL)序列都具有非线性、宽带类噪声、大的码族、长的周期且容易产生的特性,通过对它们在产生方式、相关性能、多址性能以及抗相关攻击能力等方面进行分析和仿真研究,说明混沌序列与该类非线性序列在性能上总体相当,但对于短周期序列(N1023),混沌序列的抗相关攻击、抗干扰能力更强,因此更具有实用价值。     

基于Markov攻击图和博弈模型的区块链安全态势感知方法

全面准确地感知区块链网络中各节点所遭受的日蚀攻击情况是一个难题,该文针对该难题提出一种基于Markov攻击图和博弈模型的区块链安全态势感知方法。该方法结合区块链网络各节点以及日蚀攻击的特点建立Markov攻击图模型,随后将该模型进行量化从而计算各攻击路径的转换概率,选择较高概率的攻击路径进行多阶段攻防博弈并计算双方的最大目标函数值。通过分析这些函数值,完成对整个区块链网络节点的安全态势感知,达到对未来安全情况的预测和系统维护的目的。实验对比表明,该模型方法不但具有较低的入侵成功次数,还具有较好的确保系统完整性等方面的优势。     

基于脆弱性变换的网络动态防御有效性分析方法

有效性分析对合理制订最优网络动态防御策略至关重要.首先利用随机抽样模型从脆弱性变换角度给出入侵成功概率计算公式,用于刻画变换空间、变换周期及脆弱性数量对网络入侵过程的影响;然后针对单、多脆弱性变换两种情况,分别给出相应的入侵成功概率极限定理并予以证明,同时给出两种情况下的最优变换空间计算方法;仿真结果表明,增大单条入侵路径上依次攻击的脆弱性数量、减小变换周期可持续提高网络动态防御有效性,而增大变换空间初始可以提升网络动态防御有效性,但是由于入侵成功概率会随变换空间的持续增大而逐渐收敛,在入侵成功概率收敛时,有效性无法持续提高.     

基于模糊—隐马尔可夫模型的复合式攻击预测方法

通过对复合式攻击预测方法的研究,将关联规则、模糊评价法和隐马尔可夫模型相结合,提出了基于模糊—隐马尔可夫模型的复合式攻击预测方法。该方法首先将原始报警信息融合为超级报警信息,进而基于攻击行为的初始概率分布确定初始状态矩阵,根据关联规则确定状态转移矩阵,应用模糊判别法确定观察矩阵,最后应用隐马尔可夫模型中的Forward算法对报警信息隶属的攻击场景进行了识别,Viterbi算法对攻击意图序列进行了预测。仿真实验验证了该方法的有效性。     

针对虫洞攻击的无线传感器网络安全定位方法

节点定位技术是无线传感器网络的关键技术之一,是很多基于无线传感器网络的应用的基础。然而,无线传感器网络通常部署在无人值守的敌对环境中,攻击节点能够很容易地破坏网络中节点的定位过程。本文针对无线传感器网络中距离无关的定位技术,分析了虫洞攻击对DV-Hop定位过程的影响,提出了一种无线传感器网络中抵御虫洞攻击的DV-Hop安全定位方法。仿真结果表明所提出的安全定位方法能够有效降低虫洞攻击对DV-Hop定位过程的影响,验证了该方法的有效性。     

光滑逼近超完备稀疏表示的图像超分辨率重构

为改善单帧降质图像的分辨率水平,提出了一种新的基于稀疏表示的学习法超分辨率图像重构方法。针对信号在既定的欠定超完备字典下的非稀疏性问题,采用光滑的递减函数逼近L0范数以避免对稀疏度先验的依赖,从而实现待重构图像块的有效稀疏表示,同时通过梯度下降的迭代优化获得稳定的收敛解。与双立方插值相比,图像的三倍超分辨实验显示,图像峰值信噪比(PSNR)提高2dB,框架相似性(SSIM)改善0.04,重构图像剔除了更多的模糊退化及边缘伪迹。该方法适于单帧降质图像的超分辨率增强。     

Hadoop‐based analytic framework for cyber forensics

With an exponential increase in the data size and complexity of various documents to be investigated, existing methods of network forensics are found not much efficient with respect to accuracy and detection ratio. The existing techniques for network forensic analysis exhibit inherent limitations while processing a huge volume, variety, and velocity of data. It makes network forensic a time‐consuming and resource‐consuming task. To balance time taken and output delivered, these existing techniques put a limit on the amount of data under analysis, which results in a polynomial time complexity of these solutions. So to mitigate these issues, in this paper, we propose an effective framework to overcome the limitation to handle large volume, variety, and velocity of data. An architectural setup that consists of MapReduce framework on top of Hadoop Distributed File System environment is proposed in this paper. The proposed framework demonstrates its capability to handle issues of storage and processing of big data using cloud computing. Also, in the proposed framework, supervised machine learning (random forest‐based decision tree) algorithm has been implemented to demonstrate better sensitivity. To train and validate the model, online available data set from CAIDA is taken and university network traffic samples, with increasing size, has been taken for experiment. Results thus obtained confirm the superiority of the proposed framework in network forensics, with an average accuracy of 99.34% (malicious and nonmalicious traffic).     

Cooperative detection and protection for Interest flooding attacks in named data networking

Named data networking (NDN) is a new emerging architecture for future network, which may be a substitute of the current TCP/IP‐based network, for the content‐oriented data request mode becoming the future trend of development. The security of NDN has attracted much attention, as an implementation of next‐generation Internet architecture. Although NDN is immune to most current attack, it cannot resist the distributed denial of service like attack – Interest flooding attack (IFA) – effectively. IFA takes advantages of the forwarding mechanism of NDN, flooding a large number of malicious Interest packets at quite a high rate, and exploits the network resources, which may cause the paralysis of the network. Taking into account the severity of the destruction, we propose an algorithm to counter such new type of attack. We analyze three properties of IFA, and use them to judge and filter Interest packets. Vector space model and Markov model are used in our method to realize a cooperative detection. Meanwhile, we present the retransmission forwarding mechanism to ensure legitimate user request. The ndnSIM module of ns3 is used for the corresponding simulation, and results of the simulation will be given to show the effectiveness of our algorithm. Copyright © 2014 John Wiley & Sons, Ltd.     

Attack path prediction method based on causal knowledge net

The existing attack path prediction methods can not accurately reflect the variation of the following attack path caused by the capability of the attacker.Accordingly an attack path prediction method based on causal knowledge net was presented.The proposed method detected the current attack actions by mapping the alarm sets to the causal knowledge net.By analyzing the attack actions,the capability grade of the attacker was inferred,according to which adjust the probability knowledge distribution dynamically.With the improved Dijkstra algorithm,the most possible attack path was computed.The experiments results indicate that the proposed method is suitable for a real network confrontation environment.Besides,the method can enhance the accuracy of attack path prediction.