基于概率TTL终值的IP欺骗DDoS防御策略

利用概率TTL(Time To Live)终值改进IP包过滤技术,结合流连接密度FCD为时间序列的非参数CUSUM算法,可以有效解决IP欺骗DDoS攻击.本文提出一种IP欺骗DDoS的防御策略,并给出了防御模型及模型中主要模块的实现算法.     

基于StackSF的DDoS攻击和IP欺骗新型防御机制

针对互联网上的主机正面临着IP欺骗和大规模分布式拒绝服务(DDoS)攻击威胁,提出一种新的防御机制——StackSF.该机制不同于以往的方法,它是通过数据包标记和临界过滤器分析每个数据包的信息内容,过滤掉攻击数据包并检测出遭受欺骗的源IP地址.同时,还可以防御各种方式的IP欺骗的攻击.     

Preventing Dropping Packets Attack in Sensor Networks： A Game Theory Approach

Focusing on dropping packets attacks in sensor networks, we propose a model of dropping packets attack-resistance as a repeated game based on such an assumption that sensor nodes are rational. The model prevents malicious nodes from attacking by establishing punishment mechanism, and impels sensor networks to reach a collaborative Nash equilibrium. Simulation results show that the devised model can effectively resist the dropping packets attacks（DPA） by choosing reasonable configuration parameters.     

基于主动防御模型的IP反向追踪方法

提出了一种基于主动防御模型的IP反向追踪方法,该方法以安全域为单位,利用hash函数序列的相关性和概率标记信息,通过主覆盖路由器的协同工作,实现了对攻击源的快速定位;在可供使用的标记位有限的情况下,提出了在标记时对摘要信息进行拆分、在反向追踪时利用异或运算实现对摘要信息拼装的方法,从而有效地减少“碰撞”的产生,保证了对大范围DDoS攻击的准确定位,分析结果表明：本方法大大缩短了标记路径,减少了重组攻击路径所需攻击报文数量。     

IP协议分析与数据包分解研究

在计算机网络中,入侵数据通过网络协议在网络中传输,对计算机安全有着很大的威胁。通过对数据包级的IP协议进行详细的分析和研究,对基于IP协议的入侵数据进行了实验分析,目的是要从中发现恶意的数据流,从而了解这些恶意数据流的特点。实验结果表明,许多入侵攻击是通过IP协议数据包进行的。因此,通过对正常的IP协议和带有攻击的IP协议进行解析和分析,得出这些攻击的特点,更好地完善入侵检测系统。     

一种基于分组漏斗的DDoS防御机制

提出一种新的基于分组漏斗算法以防御DDoS攻击.该算法引入基于历史IP过滤(History-based IP Filtering)算法思想,并采用活动IP(AIP)表和等待矩阵(Waiting Ma-trix)两级过滤机制保护服务器.实验结果显示,该防御方案以牺牲少量随机合法用户的正常访问为代价,过滤掉大部分攻击包,从而确保大多数合法用户的正常访问.     

Collaborative Filtering Algorithms Based on Kendall Correlation in Recommender Systems

In this work, Kendall correlation based collaborative filtering algorithms for the recommender systems are proposed. The Kendall correlation method is used to measure the correlation amongst users by means of considering the relative order of the users＇ ratings. Kendall based algorithm is based upon a more general model and thus could be more widely applied in e-commerce. Another discovery of this work is that the consideration of only positive correlated neighbors in prediction, in both Pearson and Kendall algorithms, achieves higher accuracy than the consideration of all neighbors, with only a small loss of coverage.     

Incremental Web Usage Mining Based on Active Ant Colony Clustering

To alleviate the scalability problem caused by the increasing Web using and changing users＇ interests, this paper presents a novel Web Usage Mining algorithm-Incremental Web Usage Mining algorithm based on Active Ant Colony Clustering. Firstly, an active movement strategy about direction selection and speed, different with the positive strategy employed by other Ant Colony Clustering algorithms, is proposed to construct an Active Ant Colony Clustering algorithm, which avoid the idle and ＂flying over the plane＂ moving phenomenon, effectively improve the quality and speed of clustering on large dataset. Then a mechanism of decomposing clusters based on above methods is introduced to form new clusters when users＇ interests change. Empirical studies on a real Web dataset show the active ant colony clustering algorithm has better performance than the previous algorithms, and the incremental approach based on the proposed mechanism can efficiently implement incremental Web usage mining.     

A Dynamic Active Multicast Group Access Control Framework Based on Trust Management System

The current multicast model provides no access control mechanism. Any host can send data directly to a multicast address or join a multicast group to become a member, which brings safety problems to multicast. In this paper, we present a new active multicast group access control mechanism that is founded on trust management. This structure can solve the problem that exists in multicast members＇ access control and distributing authorization of traditional IP multicast.     

An Efficient Multicast Source Authentication Protocol

We propose an efficient multicast source authentication protocol called efficient multi-tree-chains scheme （EMTC）, which shows more loss resistibility, less communication cost, and no delay at receivers. The EMTC scheme is based on combination of single Chain scheme and Hash Tree Chains scheme, and integrates the advantages of both. In this scheme, stream is firstly divided into blocks with n packets, and each block consists of m clusters, everyone of which contains a tree of packets. All clusters are chained together. Through EMTC, packets of one cluster can be authenticated by any packet of the previous cluster. Compared to other multicast authentication protocols, the proposed scheme has the following advantages： ① dramatically improves the resistance to burst packets loss; ② low computation and communication overhead; ③ imposes low delay on the sender side and no delay on the receiver side.     

Testing Forms in Web Applications Automatically

Forms enhance both the dynamic and interactive abilities of Web applications and the system complexity. And it is especially important to test forms completely and thoroughly. Therefore, this paper discusses how to carry out the form testing by different methods in the related testing phases. Namely, at first, automatically abstracting forms in the Web pages by parsing the HTML documents; then, ohtai ning the testing data with a certain strategies, such as by requirement specifications, by mining users＇ hefore input informarion or by recording meehanism; and next executing the testing actions automatically due to the well formed test cases; finally, a case study is given to illustrate the convenient and effective of these methods.     

基于双绞线的IP交换技术

目的研究在双绞线上直接传输TCP/IP分组的可行性,以此改进现有的网络体系结构,从而组建高效的局域网络。方法在分析现有IP交换技术的基础上,比较现有网络技术的优缺点,研究现有IP交换技术的特点和工作模式以及利用双绞线实现纯TCP/IP协议局域网的可行性。结果提出了在双绞线上进行IP分组传输的观点,提出了基于双绞线的IP交换方法,并给出了简单IP交换机的设计与实现。结论在双绞线上直接传输TCP/IP分组是可行的,并且网络传输效率得到很大提高。     

使用ns2模拟与改进PPM算法

根据推测路径需要的数据包数量、 推测复杂性和误报率等参数, 对不同的随机包标记（PPM）算法进行了评价. 通过扩充ns2、 确定攻击拓扑和攻击流量建立一个模拟测试环境, 实际模拟并对比分析了各种PPM算法, 可测试大规模DDoS攻击下各种PPM算法反向追踪的执行效果. 根据模拟过程和结果, 提出PPM的改进方向, 从而有效提高了反向追踪的实时性.     

基于软件定义网络的DDoS攻击检测方案

分布式拒绝服务(distributed denial-of-service,DDoS)攻击是网络中的常见威胁,攻击者通过向受害服务器发送大量无用请求使正常用户无法访问服务器,DDoS逐渐成为软件定义网络(software-defined networking,SDN)的重大安全隐患。针对SDN中DDoS攻击检测问题,提出了一种粗粒度与细粒度相结合的检测方案,使用队列论及条件熵作为到达流的粗粒度检测模块,使用机器学习作为细粒度检测模块,从合法包中准确检测出恶意流量。实验表明,在使用Mininet模拟SDN网络的环境中,方案可准确检测出DDoS攻击。     

路由器防范拒绝服务攻击技术研究

拒绝服务攻击给网络安全带来了巨大的威胁,防范DDoS攻击一直是安全领域的一个重要课题。介绍了路由器防范拒绝服务攻击的技术,包括IP路径重构技术、在源端防范DDoS策略、防范IP地址欺骗的机制和基于拥塞控制的方法,指出了进一步的研究方向。     

An E.Commerce Recommender System Based on Content-Based Filtering

Content-based filtering E-commerce recommender system was discussed fully in this paper. Users＇ unique features can be explored by means of vector space model firstly. Then based on the qualitative value of products informa tion, the recommender lists were obtained. Since the system can adapt to the users＇ feedback automatically, its performance were enhanced comprehensively. Finally the evaluation of the system and the experimental results were presented.     

A New Framework for Focused Web Crawling

Focused crawlers are important tools to support applications such as specialized Web portals, online searching, and Web search engines. A topic driven crawler chooses the best URLs and relevant pages to pursue during Web crawling. It is difficult to deal with irrelevant pages. This paper presents a novel focused crawler framework. In our focused crawler, we propose a method to overcome some of the limitations of dealing with the irrelevant pages. We also introduce the implementation of our focused crawler and present some important metrics and an evaluation function for ranking pages relevance. The experimental result shows that our crawler can obtain more ＂important＂ pages and has a high precision and recall value.     

Analysis and improvement of cross-realm client-to-client password authenticated key exchange protocols

Because cross-realm C2C-PAKE （client-to-client password authenticated key exchange） protocols can not resist some attacks, this paper writes up new attacks on two representative protocols, then designs a new cross-realm C2C-PAKE protocol with signature and optimal number of rounds for a client （only 2-rounds between a client and a server）. Finally, it is proved that the new protocol can be resistant to all known attacks through heuristic analysis and that it brings more security through the comparisons of security properties with other protocols.     

基于智能包过滤的DDoS防御模型

介绍了基于追踪的包过滤的原理。根据自适应包标记（Adjusted Probabilistic Packet Making,APPM）追踪技术,设计了一种基于追踪的智能包过滤模型以防御DDoS攻击。