DEFIDNET: A framework for optimal allocation of cyberdefenses in Intrusion Detection Networks

Intrusion Detection Networks (IDN) are distributed cyberdefense systems composed of different nodes performing local detection and filtering functions, as well as sharing information with other nodes in the IDN. The security and resilience of such cyberdefense systems are paramount, since an attacker will try to evade them or render them unusable before attacking the end systems. In this paper, we introduce a system model for IDN nodes in terms of their logical components, functions, and communication channels. This allows us to model different IDN node roles (e.g., detectors, filters, aggregators, correlators, etc.) and architectures (e.g., hierarchical, centralized, fully distributed, etc.). We then introduce a threat model that considers adversarial actions executed against particular IDN nodes, and also the propagation of such actions throughout connected nodes. Based on such models, we finally introduce a countermeasure allocation model based on a multi-objective optimization algorithm to obtain optimal allocation strategies that minimize both risk and cost. Our experimental results obtained through simulation with different IDN architectures illustrate the benefit of our framework to design and reconfigure cyberdefense systems optimally.     

单片机破解的常用方法及应对策略

介绍了单片机内部密码破解的常用方法，重点说明了侵入型攻击／物理攻击方法的详细步骤，最后，从应用角度出发，提出了对付破解的几点建议。     

Moderators of nonverbal indicators of deception: A meta-analytic synthesis.

In many legal proceedings, fact finders scrutinize the demeanor of a defendant or witness, particularly his or her nonverbal behavior, for indicators of deception. This meta-analysis investigated directly observable nonverbal correlates of deception as a function of different moderator variables. Although lay people and professionals alike assume that many nonverbal behaviors are displayed more frequently while lying, of 11 different behaviors observable in the head and body area, only 3 were reliably associated with deception. Nodding, foot and leg movements, and hand movements were negatively related to deception in the overall analyses weighted by sample size. Most people assume that nonverbal behaviors increase while lying; however, these behaviors decreased, whereas others showed no change. There was no evidence that people avoid eye contact while lying, although around the world, gaze aversion is deemed the most important signal of deception. Most effect sizes were found to be heterogeneous. Analyses of moderator variables revealed that many of the observed relationships varied as a function of content, motivation, preparation, sanctioning of the lie, experimental design, and operationalization. Existing theories cannot readily account for the heterogeneity in findings. Thus, practitioners are cautioned against using these indicators in assessing the truthfulness of oral reports. (PsycINFO Database Record (c) 2010 APA, all rights reserved)     

运用模式分类的雷达抗转发式距离欺骗干扰方法

针对雷达转发式欺骗干扰中的距离欺骗，提出了一种基于模式分类来识别目标与干扰的方法。该方法基于干扰和目标能量和起伏特性差异确定提取特征因子，再利用RBF神经网络方法进行分类。仿真结果表明，该方法具有较好的抗距离欺骗干扰性能。     

Binary rewriting and call interception for efficient runtime protection against buffer overflows

Buffer overflow vulnerabilities are one of the most commonly and widely exploited security vulnerabilities in programs. Most existing solutions for avoiding buffer overflows are either inadequate, inefficient or incompatible with existing code. In this paper, we present a novel approach for transparent and efficient runtime protection against buffer overflows. The approach is implemented by two tools: Type Information Extractor and Depositor (TIED) and LibsafePlus. TIED is first used on a binary executable or shared library file to extract type information from the debugging information inserted in the file by the compiler and reinsert it in the file as a data structure available at runtime. LibsafePlus is a shared library that is preloaded when the program is run. LibsafePlus intercepts unsafe C library calls such as strcpy and uses the type information made available by TIED at runtime to determine whether it would be ‘safe’ to carry out the operation. With our simple design we are able to protect most applications with a performance overhead of less than 10%. Copyright © 2006 John Wiley & Sons, Ltd.     

数字水印攻击及对策分析

数字水印技术作为数字媒体版权保护的重要手段越来越引起人们的重视。文章讨论了数字水印的概念、特征,重点介绍了数字水印的鲁棒性及影响数字水印鲁棒性的因素,总结和分析了数字水印主要攻击方式并提出相应的应对措施。     

低速率拒绝服务攻击研究与进展综述

低速率拒绝服务攻击是新型的拒绝服务攻击,对Internet的安全造成严重的潜在威胁,引起众多研究者的兴趣和重视,成为网络安全领域的重要研究课题之一.自2003年以来,研究者先后刻画了Shrew攻击、降质攻击、脉冲拒绝服务攻击和分布式拒绝服务攻击等多种低速率拒绝服务攻击方式,并提出了相应的检测防范方法.从不同角度对这种新型攻击的基本机理和攻击方法进行了深入的研究;对TCP拥塞控制机制进行了安全性分析,探讨了引起安全问题的原因;对现有的各种各样的LDoS攻击防范和检测方案,从多个方面进行了分类总结和分析评价;最后总结了当前研究中出现的问题,并展望了未来研究发展的趋势,希望能为该领域的研究者提供一些有益的启示.     

网络化雷达协同抗欺骗式干扰技术研究进展

网络化雷达在战场上可以构成全方位、立体化、多层次的战斗体系,因 此对欺骗式干扰对抗具有很大的优越性。本文首先简要介绍了网络化雷达概念,并分析了其 抗干扰优势。根据网络化雷达融合结构不同,将现有协同抗干扰方法分为数据级融合抗欺骗 式干扰和信号级融合抗欺骗式干扰两大类,其中,数据级融合方法进一步分类为点迹关联和 航迹关联两类。本文对各类方法进行了详细介绍,在此基础上,比较分析了数据级融合和信 号级融合两类方法的抗干扰性能及算法复杂度,为抗干扰措施的选择提供依据。最后,针对 现有方法中存在的问题,对网络化雷达协同抗欺骗式干扰的发展趋势进行展望,指出下一步 的研究方向。     

关于网络信息安全相关技术的探讨

科学技术的快速发展,有效的带动了计算机技术和网络技术的发展进程,随之而来的网络信息安全成为我们不得不关注的重要问题.网络环境具有自身的特殊性,近年来,我国网络用户呈迅猛的趋势在增加,可以说网络已成为我们工作和生活中非常重要的组成部分.这就需要我们对网络信息安全给予充分的重视,否则网络用户的合法权益将受到较大的损害,同时网络的发展也会受到相应的制约.文中对网络信息安全的现状进行了分析,并进一步对网络信息安全技术进行了具体的阐述.