攻击图算法在入侵防御系统中的应用

 针对目前及时发现网络漏洞,增强网络安全十分困难等问题,提出了基于攻击图的入侵防御方法.该方法通过生成全局网络攻击图算法来建立网络初始攻击图,并调用攻击图优化算法来去除全局攻击图中不合理路径,达到简化攻击图目的.最后,通过计算攻击图各状态节点损失度算法来为管理人员提供优化网络安全策略的依据.实验证明,这种入侵防御方法合理有效,并具有简单易行等优点.     

基于Spark的DA算法并行化研究

在对大规模数据进行蜻蜓算法优化时,由于要计算的维度过多,迭代次数过大,从而耗费大量运算时间,而基于Spark分布式计算可以减少大数据运算的耗时。将DA算法在Spark分布式计算平台下进行并行计算,把蜻蜓种群被分配到各个节点,每节点中蜻蜓个体信息通过多线程并行更新,然后共享全局最优解,从而提高大规模数据优化的运行速度。最后仿真实验的验证是由4个测试函数进行测试,验证结果显示:在保证正确率的前提下,基于Spark的DA算法在对大规模数据优化的计算用用时最少。     

一种改进Logistic混沌序列安全网络编码设计

针对多源组播带宽利用率较低和构造算法收敛时间过长的不足,提出了确定线性逐层构造算法.该方案只需通过一次试播,即可逐层构造各个编码节点的编码系数,并对出现数据冗余的链路进行修剪枝操作,最终使信宿端接收到的全局编码矩阵满秩,从而顺利解码.针对网络编码中的全局窃听攻击和污染攻击,从密码学角度出发,提出了一种基于混沌序列的安全网络编码方案,通过改进Logistic混沌序列对原始消息的最后一维数据进行加密,并利用m序列扰动混沌序列构造全局编码矩阵,实现将加密的原始信息与全局编码矩阵线性组合进行传输并在信宿端点构造线性列表,对污染信息进行过滤.通过仿真与数据分析可得:该方案提高了多源组播的通信效率,在抵抗全局窃听攻击的同时,还可以滤除污染信息,使网络的安全性进一步得到提高.     

面向时间敏感网络的安全感知调度方法

时间敏感网络（TSN）中信息的真实性是系统的关键安全要素,然而直接引入传统安全认证机制会导致系统可调度性和实时性大幅降低。现有的方法仍存在适用场景少、资源消耗高等问题。针对这些问题,文中提出了一种面向TSN的安全感知调度方法。首先基于TSN流量特性设计了一种时间有效的一次性签名安全机制,为消息提供高效的组播源认证;然后提出相应的安全模型对该机制进行评估,描述安全机制对任务和流量的影响;最后对提出的安全感知调度方法进行数学建模,在传统调度约束的基础上,增加了安全机制相关的约束,同时以最小化应用端到端时延为优化目标,使用约束规划进行求解。仿真实验结果表明：改进的一次性签名机制的引入可以有效保护TSN中关键信息的真实性,且对调度的影响有限;在多个基于真实工业场景生成的不同规模测试用例中,产生的应用端到端时延平均仅增加13.3%,带宽消耗平均仅增加5.8%;与其他同类型方法相比,文中方法的带宽消耗更低,更加适用于有严格带宽限制的TSN。     

Load Feedback-Based Resource Scheduling and Dynamic Migration-Based Data Locality for Virtual Hadoop Clusters in OpenStack-Based Clouds

With cloud computing technology becoming more mature, it is essential to combine the big data processing tool Hadoop with the Infrastructure as a Service(Iaa S) cloud platform. In this study, we first propose a new Dynamic Hadoop Cluster on Iaa S(DHCI) architecture, which includes four key modules: monitoring,scheduling, Virtual Machine(VM) management, and VM migration modules. The load of both physical hosts and VMs is collected by the monitoring module and can be used to design resource scheduling and data locality solutions. Second, we present a simple load feedback-based resource scheduling scheme. The resource allocation can be avoided on overburdened physical hosts or the strong scalability of virtual cluster can be achieved by fluctuating the number of VMs. To improve the flexibility, we adopt the separated deployment of the computation and storage VMs in the DHCI architecture, which negatively impacts the data locality. Third, we reuse the method of VM migration and propose a dynamic migration-based data locality scheme using parallel computing entropy. We migrate the computation nodes to different host(s) or rack(s) where the corresponding storage nodes are deployed to satisfy the requirement of data locality. We evaluate our solutions in a realistic scenario based on Open Stack.Substantial experimental results demonstrate the effectiveness of our solutions that contribute to balance the workload and performance improvement, even under heavy-loaded cloud system conditions.     

Spark日志整合与FCM-DNN的网络流量分析算法

为了解决网络设备类型划分粒度粗,导致网络流量无法准确分类的问题,提出了一种基于Spark日志集成与FCM-DNN的流量分析算法。首先,该方法使用Spark集成会话日志以获取可分析的结构化数据;然后对同一网站的行为数据进行聚类,提取网站的多类簇特征集合,以解决单个会话连接特征维度较少、特征相似且不平衡的问题;最后,构建DNN网络,将统一化后的聚类特征与原始特征结合进行训练,并从聚类分组长度和损失函数等多个方面进行算法优化。仿真实验结果表明,对于特征较少的会话日志数据,该算法有效提高了网站分类的准确性,同时在保留学生上网特征的前提下将日志压缩了700倍,从而节省了存储开销。     

Public Bicycle Operating System Based on Space-Time Security and the Internet of Things

The bad behaviors of some users and the drawbacks of public bicycles have hindered the promotion of public bicycles. The current problems include low utilization rate, uneven distribution, high loss rate and insecure lock. However, there is few feasible research in this new field. To address these issues of public bicycles, we propose a public bicycle operating system(PBOS). PBOS involves three key technologies: 1) To acquire a dynamic password and realize bicycle self-rescue, we devise an intelligent lock that utilizes the Internet of Things (IoT) to establish Bluetooth connection with user’s mobile phone. 2) To avoid bicycle loss and improve the security of data transmission, we design a space-time security protocol to work between bicycle’s intelligent lock, mobile app, and server. 3) To increase the average utilization rate and distribution, we present a cooperative game model for bicycle scheduling. Finally, we evaluate the performance and validate the theoretical properties of PBOS through extensive simulations.     

基于行为关联的Web自适应入侵检测系统设计与实现

提出了一种适用于Web服务器的自适应入侵检测机制,将检测模块直接嵌入Web服务器中,采用客户访问行为关联预测,配合异常检测和误用检测,动态产生和调整特征规则,确定合法请求,过滤异常请求并确认攻击类型,从而达到预防新型攻击与检测已知攻击事件的目的. 对实现的系统进行了测试验证,在一般攻击扫描情况下攻击检测准确率可高达95.8%.     

Network security situation evaluation based on modified D-S evidence theory

With the rapid development of global information and the increasing dependence on network for people, network security problems are becoming more and more serious. By analyzing the existing security assessment methods, we propose a network security situation evaluation system based on modified D-S evidence theory is proposed. Firstly, we give a modified D-S evidence theory to improve the reliability and rationality of the fusion result and apply the theory to correlation analysis. Secondly, the attack successful support is accurately calculated by matching internal factors with external threats. Multi-module evaluation is established to comprehensively evaluate the situation of network security. Finally we use an example of actual network datasets to validate the network security situation evaluation system. The simulation result shows that the system can not only reduce the rate of false positives and false alarms, but also effectively help analysts comprehensively to understand the situation of network security.     

用于图像篡改检测与恢复的安全双水印算法

为提高可恢复双水印算法抵抗伪造攻击的能力,提出一种用于图像篡改检测和恢复的安全双水印算法.该算法首先基于密钥生成随机序列,利用该随机序列将双水印信息加密之后再嵌入图像块的低位,同时,该随机序列结合图像块内容和嵌入在低位的恢复水印生成认证数据,以提高可恢复双水印算法抵抗伪造攻击的能力.实验结果表明该算法有效提高了自恢复双水印算法抵抗伪造攻击的能力.     

防御拒绝服务攻击的身份认证方案

针对安全协议存在的拒绝服务攻击隐患,文中提出了发起者身份认证方案.方案借鉴Cookie机制和Client Puzzle方法的思想,通过在C00kie中嵌入puzzle的方法,采用强认证和弱认证相结合的模式进行设计.实验结果表明,该方案在不改变安全协议系统结构的前提下,可以增强其防御计算资源消耗型、存储资源消耗型和虚假网络地址型拒绝服务攻击的能力.该方案适用于安全协议响应方对安全性要求较高,响应方计算能力较强的环境.     

基于混合优化算法的医学图像配准技术

在图像配准的优化算法中, 为避免使算法陷入局部最优的问题。 因此, 提出基于最大互信息和混合优化算法的医学图像配准算法, 利用模拟退火算法思想改进粒子群优化算法, 提高了全局寻优的能力, 能更好地跳出局部最优。 由实验结果可知, 该方法不仅具有较好的图像配准精度, 对椒盐噪声和高斯噪声也有较好的鲁棒性。     

NDN中基于神经网络的兴趣洪泛攻击综合防御方案

命名数据网络(named data networking, NDN)中的请求-应答通信模式及有状态的转发滋生了新的分布式拒绝服务(distributed denial of service, DDoS)攻击方式—兴趣洪泛攻击(interest flooding attack, IFA)。IFA是NDN中主要的拒绝服务威胁,虽然IFA防御方案被广泛研究,但目前缺乏系统的解决方案。针对这一问题,基于粒子群优化的后向传播神经网络算法提出一种新的IFA检测方法,并结合基于基尼不纯度的恶意前缀识别方法和兴趣包回溯方法来缓解攻击危害,形成一种综合的防御方案。通过ndnSIM仿真实验证明,提出的方案不仅可以准确检测和有效防御IFA攻击,而且解决了基于窗口检测方案无法检测连续攻击的问题。     

An unknown Trojan detection method based on software network behavior

Aiming at the difficulty of unknown Trojan detection in the APT flooding situation, an improved detecting method has been proposed. The basic idea of this method originates from advanced persistent threat (APT) attack intents: besides dealing with damaging or destroying facilities, the more essential purpose of APT attacks is to gather confidential data from target hosts by planting Trojans. Inspired by this idea and some in-depth analyses on recently happened APT attacks, five typical communication characteristics are adopted to describe application’s network behavior, with which a fine-grained classifier based on Decision Tree and Na ve Bayes is modeled. Finally, with the training of supervised machine learning approaches, the classification detection method is implemented. Compared with general methods, this method is capable of enhancing the detection and awareness capability of unknown Trojans with less resource consumption.     

An Ant Colony Optimization Algorithm to Satellite Data Transmission Scheduling Problems

数据传输资源调度是空间资源管理的重要内容之一。为了有效求解数据传输资源调度问题,基于蚁群算法构建了一种数据传输资源调度方法。实验结果表明,蚁群算法能有效求解数据传输资源调度问题。本文方法可推广应用到其他资源调度领域。     

A punching scheme for crossing NAT in end hopping

End hopping is one of the good methods to defend against network attack,but has problems with network address translation(NAT) because packets sent from an unknown endpoint would be dropped by NAT.To avoid the dropping of packets,we propose a punching scheme:a client sends a punching packet to create mapping rules in NAT,so that the packets from the server would be able to pass through effectively with such rules.In this paper,some preliminaries and definitions are provided for building the model of end hopping.Then we discuss the main reason of such packet dropping and specify all the failure situations based on the model.What’s more,we analyze how the punching scheme helps end hopping cross NAT.Finally,we validate the feasibility of this scheme with empirical results:if the client is behind a NAT and with punching scheme,the service rate increases to 100%.Therefore,our proposed scheme can greatly improve the performance of crossing NAT in end hopping with little security and computational overhead.     

基于Windows日志的安全审计技术研究

事件日志记录着操作系统或应用程序中重要的事件。通过对日志进行分析,发现所需事件信息和规律是安全审计的根本目的。文章讨论了对Windows系统日志文件进行集中式统一管理,采用API钩子技术实现Windows下的审计数据的获取,并通过对Windows日志的分析给出了一种基于主机日志分析的安全审计通用模型。     

Hybrid Particle Swarm Optimization Algorithm Based on Entropy Theory for Solving DAR Scheduling Problem

An efficient task-scheduling algorithm in the Digital Array Radar(DAR) is essential to ensure that it can handle a large number of requested tasks simultaneously. As a solution to this problem, in this paper, we propose an optimization model for scheduling DAR tasks using a hybrid approach. The optimization model considers the internal task structure and the DAR task-scheduling characteristic. The hybrid approach integrates a particle swarm optimization algorithm with a genetic algorithm and a heuristic task-interleaving algorithm. We introduce the chaos theory to optimize initialized particles and use entropy theory to indicate the diversity of particles and adaptively adjust the inertia weight, the crossover probability, and the mutation probability. Then, we improve both the efficiency and global exploration ability of the hybrid algorithm. In the framework of the swarm exploration algorithm, we include a heuristic task-interleaving scheduling algorithm, which not only utilizes the wait interval to transmit or receive subtasks, but also overlaps the receive intervals of different tasks. In a large-scale simulation,we demonstrate that the proposed algorithm is more robust and effective than existing algorithms.     

最大互信息系数的并行计算方法研究

针对最大互信息系数（Maximal Information Coefficient,MIC）近似算法在大规模数据场景下的计算时间复杂度高,计算时间增长快的问题,提出一种最大互信息系数并行计算（The Parallel Computing Maximal Information Coefficient,PCMIC）方法。分别在Spark和Spark-消息传递接口（Message Passing Interface,MPI）计算框架中,在不同的数据规模和不同的噪声水平下,利用PCMIC算法对十四种典型的相关关系做并行计算。另外在不同节点数的情况下,选择两种具有代表性的相关关系来测试PCMIC算法在两种计算框架中的性能。实验结果表明：（1）PCMIC算法在两种框架下的运算效果与原始MIC近似算法相比,同样具有普适性和均匀性,而且具有良好的可扩展性。（2）随着数据规模和节点数的增加,PCMIC算法在两种框架中运算的时间增长明显比MIC近似算法慢,而且在Spark-MPI框架下的并行加速比和效率略优于Spark。（3）Spark能够支持MPI任务的调度,为研究不同并行计算框架之间的融合奠定了一定的理论和应用基础。     

Key-Recovery Attacks on LED-Like Block Ciphers

Asymmetric cryptographic schemes, represented by RSA, have been shown to be insecure under quantum computing conditions. Correspondingly, there is a need to study whether the symmetric cryptosystem can still guarantee high security with the advent of quantum computers. In this paper, based on the basic principles of classical slide attacks and Simon's algorithm, we take LED-like lightweight block ciphers as research objects to present a security analysis under both classical and quantum attacks, fully considering the influence on the security of the ciphers of adding the round constants. By analyzing the information leakage of round constants, we can introduce the differential of the round constants to propose a classical slide attack on full-round LED-64 with a probability of 1. The analysis result shows that LED-64 is unable to resist this kind of classical slide attack, but that attack method is not applicable to LED-128. As for quantum attacks, by improving on existing quantum attack methods we demonstrate a quantum single-key slide attack on LED-64 and a quantum related-key attack on LED-128, and indicators of the two attack algorithms are analyzed in detail. The attack results show that adding round constants does not completely improve the security of the ciphers, and quantum attacks can provide an exponential speed-up over the same attacks in the classical model. It further illustrates that the block cipher that is proved to be safe under classical settings is not necessarily secure under quantum conditions.