一种保障移动智能体系统的安全模型

基于移动智能体的应用技术需要率先解决系统的基本安全问题,以支持其发展与成熟。鉴于传统的被动防御安全策略不能适应移动智能体技术应用的发展需要,提出了一种保障移动智能体系统安全的安全模型。按模型实现的原型系统能够主动识别并实时响应攻击行为。该系统还可利用端口映射的机制迷惑攻击者,起到代理服务器型防火墙的实际功效,这是对移动智能体系统安全解决方案的积极探索。     

Decentralized network management based on mobile agent

The mobile agent technology can be employed effectively for the decentralized management of complex networks. We show how the integration of mobile agent with legacy management protocol, such as simple network management protocol (SNMP), leads to decentralized management architecture. HostWatcher is a framework that allows mobile agents to roam network, collect and process data, and perform certain adaptive actions. A prototype system is built and a quantitative analysis underlines the benefits in respect to reducing network load.     

基于多Agent的可控网络安全系统研究

移动安全Agent扫描各客户主机的漏洞,采集记录异常活动的审计日志,实现事前和事后的安全保障,但移动Agent自身的通信和迁移的安全性同样重要.首先结合硬件特征属性密钥和用户信息,实现基于Agent技术的多因素认证系统,在认证基础上,利用非对称加密技术和密钥管理,保障Agent通信和迁移的安全性.Agent作为软件,容易受到外部破坏,采用检测代理,通过Agent的协作,利用地址解析协议对网内节点的扫描,将广域网扫描机制转化为简单易行的内网扫描,从而保障客户主机中认证Agent的部署可靠性.实验结果表明,该系统效率高,可扩展性、通用性好.     

基于安全代理的中间件技术研究

安全技术在目前信息技术应用,特别是在电子政务、电子商务等对安全性要求特别高的应用中是一个关键问题。对安全代理技术的体系结构、访问控制、通信机制、认证机制等关键技术进行了研究。该安全代理技术不同于通常的代理技术,它由代理客户端、代理服务器、安全控制列表等关键组件组成。随着安全代理技术的应用,应用系统的安全性得到了很好的控制,有较强的实际应用价值。     

Discussion on data-security of space-earth integrated network and analysis ofspace communications protocol standards

1.INTRODUCTION ItisnaturalforustoapplyTCP/IPtonewenviron ments.ButforInternetsomekeyassumptionsare madeabouttheperformanceoflower levellinks:an end to endpathexistsbetweenadatasourceandits goal;themaximumback and forthtimebetweenany pairofnodesisnotverylong;andtheend to end pathlossprobabilityisverysmall.Unfortunately,spacecommunicationnetworkviolatesoneormoreof theseassumptions.SotheTCP/IPmodelcan’twork properlyinthespacenetwork.Thecharacteristicsofthespacecommunication networkared…     

复杂网络信息系统安全资源优化配置研究

安全资源的优化配置对于实现复杂网络信息系统安全风险管理具有非常重要的作用.建立了基于攻击传播性及分层防护的复杂网络信息系统安全资源分配模型.以该模型为基础,实现了单层防护以及双层防护方式下的安全资源分配过程.通过仿真实验的验证,在安全风险评估过程中考虑攻击传播性,有助于更加准确地评估整个组织中的安全风险.同时,采用分层防护方式能够在固有投资条件下更加有效地降低复杂网络信息系统的安全风险.     

一种可信安全仿真计算机设计

当前的通用仿真计算机主要关注于实时性的研究与应用,忽略了身份认证、资源控制等安全防护功能的集成。在参考可信计算技术的基础上,提出了一种集终端安全防护和数据安全存储于一体的可信安全仿真计算机解决方案。论述了整体的体系结构,详细分析了可信安全仿真计算机实时性、安全性的实现机制。实验结果表明,该可信安全仿真计算机能够较好地抵御典型的网络攻击,可以满足仿真系统的实时性要求。     

移动融合网络中基于信道质量的分流算法

随着现代社会的发展,各种智能终端已经成为生活中不可或缺的一部分,如何为其提供快速高效的网络服务是一个亟待解决的问题。使用移动融合网络,将固定网络与移动网络进行融合、充分发挥两者的优势,是当前研究的热点。首先介绍了移动融合网络的概念,然后提出了基于信道质量的分流算法,以解决移动融合网络中的分流问题。最后进行了仿真实验,分别仿真了数据全走长期演进(long term evolution, LTE)网络、数据全走无线保真(wireless fidelity, WiFi)网络、基于信道质量进行分流3种情况。通过对比发现该算法可以显著提高系统吞吐量、减小时延,从而验证了其有效性。     

内网安全文件系统的设计与实现

针对内网海量数据存储安全问题,设计了多协议安全文件系统(MPSFS).一方面,MPSFS支持不同协议用户的访问,为不同用户提供统一的访问接口,实现用户高效和快速的访问;另一方面,MPSFS与身份认证和安全算法相结合充分保证内网存储系统中数据的安全性.实验结果显示,MPSFS在保证信息存储安全性的同时,对内网I/O性能影响在实际中是可以接受的.     

基于Plug-in的WWW安全认证系统研究

插件(Plug-in)结构能使软件动态寻找和加载特定代码模块,被越来越广泛地采用.在基于B/S体系结构中采用Plug-in技术可以有效地增强浏览器功能.从基于Web的安全认证出发,研究了浏览器中Plug-in程序设计方法,提出了浏览器中采用Plug-in技术实现基于IC卡的用户身份认证方案,通过对服务器资源设定和Web页面改造,实现了用户对服务器Web资源访问控制功能.     

基于安全控制模块的高可信计算机研究

当前的可信计算机主要关注于TPM安全芯片的集成与应用,在可信根保护、文件加密存储和系统安全防护方面存在不足。在参考可信计算技术的基础上,提出了一种以内嵌的安全控制模块为物理信任根的高可信计算机解决方案。论述了整体的组成结构、工作原理,详细分析了高可信计算机中安全控制模块和可信BIOS的实现机制。相关实验结果验证了高可信计算机平台设计方案的有效性。     

Distributed intrusion detection for mobile ad hoc networks

Mobile ad hoc networking(MANET)has become an exciting and important technology in recent years,because of the rapid proliferation of wireless devices.Mobile ad hoc networks is highly vulnerable to attacks due to the open medium,dynamically changing network topology,cooperative algorithms,and lack of centralized monitoring and management point.The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective for those features.A distributed intrusion detection approach based on timed automata is given.A cluster-based detection scheme is presented,where periodically a node is elected as the monitor node for a cluster.These monitor nodes can not only make local intrusion detection decisions,but also cooperatively take part in global intrusion detection.And then the timed automata is constructed by the way of manually abstracting the correct behaviours of the node according to the routing protocol of dynamic source routing(DSR).The monitor nodes can verify the behaviour of every nodes by timed automata,and validly detect real-time attacks without signatures of intrusion or trained data.Compared with the architecture where each node is its own IDS agent,the approach is much more efficient while maintaining the same level of effectiveness.Finally,the intrusion detection method is evaluated through simulation experiments.     

Prediction-based protocol for mobile target tracking in wireless sensor networks

Remote tracking for mobile targets is one of the most important applications in wireless sensor networks (WSNs). A target tracking protoco–exponential distributed predictive tracking (EDPT) is proposed. To reduce energy waste and response time, an improved predictive algorithm–exponential smoothing predictive algorithm (ESPA) is presented. With the aid of an additive proportion and differential (PD) controller, ESPA decreases the system predictive delay effectively. As a recovery mechanism, an optimal searching radius (OSR) algorithm is applied to calculate the optimal radius of the recovery zone. The simulation results validate that the proposed EDPT protocol performes better in terms of track failed ratio, energy waste ratio and enlarged sensing nodes ratio, respectively.     

Performance analysis of mobile ad hoc networks under flooding attacks

Due to their characteristics of dynamic topology, wireless channels and limited resources, mobile ad hoc networks are particularly vulnerable to a denial of service (DoS) attacks launched by intruders. The effects of flooding attacks in network simulation 2 (NS2) and measured performance parameters are investigated, including packet loss ratio, average delay, throughput and average number of hops under different numbers of attack nodes, flooding frequency, network bandwidth and network size. Simulation results show that with the increase of the flooding frequency and the number of attack nodes, network performance sharply drops. But when the frequency of flooding attacks or the number of attack nodes is greater than a certain value, performance degradation tends to a stable value.     

Multi-agent cooperative intrusion response in mobile adhoc networks

The nature of adhoc networks makes them vulnerable to security attacks. Many security technologies such as intrusion prevention and intrusion detection are passive in response to intrusions in that their countermeasures are only to protect the networks, and there is no automated network-wide counteraction against detected intrusions. the architecture of cooperation intrusion response based multi-agent is propose. The architecture is composed of mobile agents. Monitor agent resides on every node and monitors its neighbor nodes. Decision agent collects information from monitor nodes and detects an intrusion by security policies. When an intruder is found in the architecture, the block agents will get to the neighbor nodes of the intruder and form the mobile firewall to isolate the intruder. In the end, we evaluate it by simulation.     

Multilevel security model for ad hoc networks

Modern battlefield doctrine is based on mobility, flexibility, and rapid response to changing situations. As is well known, mobile ad hoc network systems are among the best utilities for battlefield activity. Although much research has been done on secure routing, security issues have largely been ignored in applying mobile ad hoc network theory to computer technology. An ad hoc network is usually assumed to be homogeneous, which is an irrational assumption for armies. It is clear that soldiers, commanders, and commanders-in-chief should have different security levels and computation powers as they have access to asymmetric resources. Imitating basic military rank levels in battlefield situations, how multilevel security can be introduced into ad hoc networks is indicated, thereby controlling restricted classified information flows among nodes that have different security levels.     

移动自组织网络中自适应分段路径保护机制

节点稀疏情况下,源节点无法建立完备的保护路径,端到端连接的可靠性降低。提出了一种适合于动态网络拓扑的自适应分段路径保护机制,该机制把端到端路径分成多个较短的段,并按照当前拓扑情况为其建立保护路径,以提高端到端路径的可靠性。仿真结果表明,通过适当的额外数据包开销所得到的分组投递率、端到端时延和路由发现次数都比传统路径保护机制有明显改善。     

基于神经网络的移动机器人路径规划方法

针对动态环境下移动机器人路径规划,提出了一种基于递归神经网络的实时路径规划方法。利用神经网络表示机器人的工作空间,每个神经元都只有局部侧连接。目标点位置神经元具有全局最大的正活性值,该活性值通过神经元之间的局部侧连接逐渐衰减地传播到整个状态空间,障碍物及其周围区域神经元活性值则被抑制为零。目标点全局地吸引机器人,障碍物局部地将机器人推开实现避障,从而能够在动态环境下产生最优规划路径。仿真结果表明该方法具有较好的环境适应性和实时性。     

基于GA-ANN的中国金融安全预警系统设计及实证分析

国家金融体系的安全运行关系到经济社会的稳定,建立有效的金融安全预警系统已成为各界十分关注的焦点.基于现有文献,在金融安全预警指标体系中补充影子银行相关指标,以保证高杠杆、高流动性风险的经济参数参与建模,使得金融安全预警指标体系更加完整;运用因子分析计算七个金融子系统及整体金融系统安全得分,基于遗传算法优化的人工神经网络(genetic algorithm-artificial neural network,GA-ANN)建立中国金融安全预警系统,观察金融系统运行是否平稳、金融安全得分是否出现剧烈波动或异常值,以此判断国家金融状况是否安全,并对2013年我国金融安全状况进行预测.其中,GA-ANN网络较径向基神经网络、反向传播神经网络和广义回归神经网络,具有更好的拟合精度.预测结果显示2013年下半年我国金融系统总体运行安全,但在影子银行、股市和保险子系统存在一定的不安全因素.研究成果为政策制定者和广大投资者对国家宏观金融安全预判提供了参考依据.     

基于神经网络的异常入侵检测系统

针对神经网络检测器本身的网络结构和算法进行改造可获得好的性能,但无法从根本上解决误报率和漏报率等问题,通过对程序行为的深入研究,对程序行为进行动态建模,提出了一个应用BP神经网络检测器针对程序行为异常的入侵检测模型,从而更准确地发现程序行为的异常。通过Apache服务器为例论证其可行性。