Analysis and Application of Covert Channels of Internet Control Message Protocol

Based on the analysis of the covert channel＇s working mechanism of the internet control message protocol （ICMP） in internet protocol version 4 （IPv4） and Internet Protocol version 6 （IPv6）, the ICMP covert channd＇s algorithms of the IPv4 and IPv6 are presented, which enable automatic channeling upon IPv4/v6 nodes with non-IPv4-compatible address, and the key transmission is achieved by using this channel in the embedded Internet terminal. The result shows that the covert channel＇s algorithm, which we implemented if, set correct, the messages of this covert channel might go through the gateway and enter the local area network.     

基于链表结构的IPv6网络数据采集方法

新一代互联网络协议（Internet Protocol Next Generation-IPng）的研究和实践已经成为国内外热点．在分析网络数据采集工具的基础上，给出了基于链表结构的网络数据动态采集方法，同时搭建了一个纯IPv6的实验环境，重点分析了IPv6的数据报采集的结果，经测试效果良好．     

A Neural Network Approach for Misuse and Anomaly Intrusion Detection

An MLP(Multi-Layer Perceptron)/ Elman neural network is proposed in this paper, which realizes classification with memory of past events using the real-time classification of MI.P and the memorial functionality of Elman. The system‘s sensitivity for the memory of past events can be easily reconfigured without retraining the whole network. This approach can be used for both misuse and anomaly detection system. The intrusion detection systems(IDSs) using the hybrid MLP/Elman neural network are evaluated by the intrusion detection evaluation data sponsored by U. S. Defense Advanced Research Projects Agency (DARPA). The results of experiment are presented in Receiver Operating Characteristic (ROC) curves. The capabilites of these IDSs to identify Deny of Service(DOS) and probing attacks are enhanced.     

An Improved Model of Attack Probability Prediction System

This paper presents a novel probability generation algorithm to predict attacks from an insider who exploits known system vulnerabilities through executing authorized operations. It is different from most intrusion detection systems （IDSs） because these IDSs are inefficient to resolve threat from authorized insiders. To deter cracker activities, this paper introduces an improved structure of augmented attack tree and a notion of ＂minimal attack tree＂, and proposes a new generation algorithm of minimal attack tree. We can provide a quantitative approach to help system administrators make sound decision.     

Methods for Increasing Creditability of Anomaly Detection System

Based on Bayes‘ theorem we point out that the false positive rate must be lower than the intrusion base rate in order to make the Alarm Credibility Probability of the intrusion detection system exceed 50%. We present the methods that have been used in our developing intrusion detection system AIIDS (artificial immune intrusion detection systems) to increase the creditability of anomaly detection system. These methods include increasing the regularities of the system call trace by use of Hidden Markov Model (HMM), making every antibody or detector has finite lifetime, offering the detector a co-stimulate signal to illustrate whether there is damage in the system according to the integrity, confidentiality, or availability of the system resource.     

Analysis and improvement of cross-realm client-to-client password authenticated key exchange protocols

Because cross-realm C2C-PAKE （client-to-client password authenticated key exchange） protocols can not resist some attacks, this paper writes up new attacks on two representative protocols, then designs a new cross-realm C2C-PAKE protocol with signature and optimal number of rounds for a client （only 2-rounds between a client and a server）. Finally, it is proved that the new protocol can be resistant to all known attacks through heuristic analysis and that it brings more security through the comparisons of security properties with other protocols.     

A mobile accessible closed multi-part group communication scheme in IPv6 network

To solve the problems of current IP multicast which includes poor inter-domain many-to-many group support, security vulnerabilities and dependency to specific multicast infrastructure, a mobile accessible closed multi-part group （MACMPG） communication protocol in IPv6 network is proposed. By extending the single source multicast protocol, the communication channel for multi-part group communication across domains is established. Based on lPv6 CGA, the secure closed group communication scheme is designed. The access to the multicast traffic only confined to the authorized senders and receivers and only trusted routers are allowed to be the branch points of MACMPG tree. By tunneling mechanism, the MACMPG traffic can be transmitted across non-MACMPG routing area, and the mobile nodes can join the group remotely and roam freely between domains, which eliminates the dependency on specific IP multicast routing.     

一种基于数据包分析的网络入侵检测探针

首先介绍入侵检测系统的原理，并在此基础上利用Kdevelop2.0以及Qt在Linux操作系统下实现了基于数据包分析的网络入侵检测探针程序，该程序完成了共享网段中的数据包的捕获和分析，入侵特征的匹配以及对入侵活动的响应等功能。     

SIP数据采集系统的设计与实现

SIP数据采集系统作为SIP入侵检测系统不可缺少的一部分,对其检测性能和准确率有着重要的影响。由于目前的数据采集工具不能直接用于处理应用层数据,很难满足SIP入侵检测系统的需求。分析了libpcap和pf_ring两种包捕获技术,描述了pf_ring的工作机制,设计了一种基于pf_ring技术的SIP数据采集系统结构。通过优化oSIP协议栈,采用在内核层和用户层结合的方法开发SIP数据过滤插件,实现了一种高效的SIP数据采集系统。通过比较实验证明本文提出的SIP数据采集系统在SIP数据采集方面具有一定的优越性,保证SIP入侵检测系统采集数据的高稳定性,为SIP入侵检测系统提供稳定可靠的数据来源。     

基于NDIS的入侵检测系统设计与实现

在提高入侵检测速度和减少误报、漏报这2个方面展开了研究。文中基于NDIS中间层驱动程序,引入协议分析技术作为入侵分析的预处理模块,提出了一种入侵检测模型,并对其中的数据采集模块和协议分析模块进行了实现。在数据采集模块中设计并实现了基于Windows操作系统NDIS中间层驱动程序的数据捕获机制,该模块在Windows系统核心态中运行,与物理网卡驱动程序相邻,可以最大程度上减少数据捕获过程中产生的重复拷贝。而协议分析模块分成核心态协议分析模块以及用户态协议分析模块,通过Windows系统中的事件机制与文件映射机制实现了二者之间的通信,利用中间层驱动实现了核心态协议分析模块,最后利用核心态协议分析模块实现了对几种常见攻击的检测。     

基于隐马尔可夫模型的无线局域网媒体接入控制层入侵检测方法

将无线局域网媒体接入控制(MAC)层字段作为检测入侵的分析对象,提出了基于隐马尔可夫模型(HMM)的无线局域网MAC层入侵检测方法.采用了基于控制台、服务器、代理的3层分布式无线局域网入侵检测框架;基于HMM模型对无线局域网的MAC帧头部进行建模;利用正常的无线局域网络数据对HMM进行训练,并记忆正常系统下的数据包行为.由此,检测发现了出现概率小的数据包或数据包序列,并制定了入侵检测阈值.试验结果表明,所提方法对已有的无线局域网MAC层攻击的误报率和漏报率比较低,并能检测未知攻击.     

Fault Tolerant Approach for Data Encryption and Digital Signature Based on ECC System

An integrated fault tolerant approach for data encryption and digital signature based on elliptic curve cryptography is proposed. This approach allows the receiver to verify the sender‘s identity and can simultaneously deal with error detection and data correction. Up to three errors in our approach can be detected and corrected. This approach has atleast the same security as that based on RSA system, but smaller keys to achieve the same level of security. Our approach is more efficient than the known ones and more suited for limited environments like personal digital assistants (PDAs), mobile phones and smart cards without RSA coprocessors.     

A Robust IP Packets Filtering Mechanism for Protecting Web Server from DDoS Attacks

Distributed denial of service （DDoS） attacks exploit the availability of Web servers, resulting in the severe loss of their connectivity. We present a robust IP packets filtering mechanism which combines the detection and filtering engine together to protect Web Servers from DDoS Attacks. The mechanism can detect DDoS attacks by inspecting inbound packets with an IP address database, and filter out lower priority IP addresses to preserve the connection for valid users by monitoring the queues status. We use the Netfilter＇s technique, a framework inside the Linux 2.4. X, to implement it on a Web server. Also, we evaluate this mechanism and analyze the influence of some important parameters on system performance. The experimental results show that this mechanism is effective against DDoS attacks.     

Spectrofluorimetric method for the determination of triamcinolone acetonide

0　IntroductionTriamcinoloneAcetonide,9 fluoro 11β,2 1 dihydroxy 16α,17[(1 methylethylidene)bis (oxy) ] pregn 1,4 diene 3,2 0 dione,Mris 4 34.4 8(abr.TA ) .Itbelongstoaclassofadrenalcortexhormonedrug ,whosefunctionsareaffectionofsugarmetabolism ,anti inflammationandresistancehypersusceptibilityetc.TAcanbesuitabletorheumatoidarthritisanddermatosissuchashypersusceptibilityandneuropathicdermatitis .ThefunctionsofTAisstrongerandlongerthantriamcinolone[1 ,2 ] .ThecommonmethodsofdetectingTAm…     

A Lightweight Mobile RSVP for Unicast

This paper presents a lighter protocol, and it removes the multicast burdens from RSVP to adapt to unicast applications. At the same time, when RSVP is used in wireless networks, some issues about mobility raise popular concerns. The proposed protocol a lightweight mobile RSVP protocol, solves the problems by the following mechanisms： changeless flow identifier, a new state management and ＂refresh＂ mechanism.     

Association rules applied to intrusion detection

We discuss the basic intrusion detection techniques, and focus on how to apply association rules to intrusion detection. Begin with analyzing some close relations between user’s behaviors, we discuss the mining algorithm of association rules and apply to detect anomaly in IDS. Moreover, according to the characteristic of intrusion detection, we optimize the mining algorithm of association rules, and use fuzzy logic to improve the system performance. Foundation item: Supported by the National Natural Science Foundation of China (69983005) Biography: Mao Ping-ping (1979-), male, Master candidate, research direction: multimedia and network security.     

Investigation of Ru （ phen ）3^2＋-Hydrazine-Ce（Ⅳ） Chemiluminescence System and Its Analytical Application

0 IntroductionThbiep ycroidmipnlee)xru ctahteinoinu mof(Ⅱ r)u t(he Rniuu(mbip,y m)3ai2n +ly) atrnids- t(r2is -,(21’ -,10-phenanthroline)ruthenium(Ⅱ) (Ru(phen)32 +) ,is a kindof sensitive analytical reagent for electrogenerated chemilumi-nescence(ECL) and chemiluminescence(CL) ,on which a par-ticular review has been presented[1]. The earliest publicationon the synthesis of Ru(bipy)32 +appeared in 1936[2], andduringthefollowing30 years ,theinvestigations relatedtothissubstance were only in…     

Combined Viterbi detector for a balanced code in page memories

Based on the two path metrics being equal at a merged node in the trellis employed to describe a Viterbi detector for the detection of data encoded with a rate 6 : 8 balanced binary code in page-oriented optical memories, the combined Viterbi detector scheme is proposed to improve raw biterror rate performance by mitigating the occurrence of a twobit reversing error event in an estimated codeword for the balanced code. The effectiveness of the detection scheme is verified for different data quantizations using Monte Carlo simulations.     

Improved Authenticated Multi-Key Agreement Protocol

Zhou et al give an attack on Ham＇s modified authenticated multi-key agreement protocol, and give a protocol that can prevent the unknown key-share attack. The paper points out that the protocol is vulnerable to a concatenation attack. This paper proposes an improved authenticated multi-key agreement protocol which shows how to make Harn＇s protocol more secure by modifying the signature and verification. And this protocol can escape the concatenation attack.