By allowing routers to combine the received packets before forwarding them,network coding-based applications are susceptible to possible malicious pollution attacks.Existing solutions for counteracting this issue eith...By allowing routers to combine the received packets before forwarding them,network coding-based applications are susceptible to possible malicious pollution attacks.Existing solutions for counteracting this issue either incur inter-generation pollution attacks(among multiple generations)or suffer high computation/bandwidth overhead.Using a dynamic public key technique,we propose a novel homomorphic signature scheme for network coding for each generation authentication without updating the initial secret key used.As per this idea,the secret key is scrambled for each generation by using the generation identifier,and each packet can be fast signed using the scrambled secret key for the generation to which the packet belongs.The scheme not only can resist intra-generation pollution attacks effectively but also can efficiently prevent inter-generation pollution attacks.Further,the communication overhead of the scheme is small and independent of the size of the transmitting files.展开更多
Attacks such as APT usually hide communication data in massive legitimate network traffic, and mining structurally complex and latent relationships among flow-based network traffic to detect attacks has become the foc...Attacks such as APT usually hide communication data in massive legitimate network traffic, and mining structurally complex and latent relationships among flow-based network traffic to detect attacks has become the focus of many initiatives. Effectively analyzing massive network security data with high dimensions for suspicious flow diagnosis is a huge challenge. In addition, the uneven distribution of network traffic does not fully reflect the differences of class sample features, resulting in the low accuracy of attack detection. To solve these problems, a novel approach called the fuzzy entropy weighted natural nearest neighbor(FEW-NNN) method is proposed to enhance the accuracy and efficiency of flowbased network traffic attack detection. First, the FEW-NNN method uses the Fisher score and deep graph feature learning algorithm to remove unimportant features and reduce the data dimension. Then, according to the proposed natural nearest neighbor searching algorithm(NNN_Searching), the density of data points, each class center and the smallest enclosing sphere radius are determined correspondingly. Finally, a fuzzy entropy weighted KNN classification method based on affinity is proposed, which mainly includes the following three steps: 1、 the feature weights of samples are calculated based on fuzzy entropy values, 2、 the fuzzy memberships of samples are determined based on affinity among samples, and 3、 K-neighbors are selected according to the class-conditional weighted Euclidean distance, the fuzzy membership value of the testing sample is calculated based on the membership of k-neighbors, and then all testing samples are classified according to the fuzzy membership value of the samples belonging to each class;that is, the attack type is determined. The method has been applied to the problem of attack detection and validated based on the famous KDD99 and CICIDS-2017 datasets. From the experimental results shown in this paper, it is observed that the FEW-NNN method improves the accuracy and efficiency of flow-based network traffic attack detection.展开更多
Cyber security lacks comprehensive theoretical guidance. General security theory, as a set of basic security theory concepts, is intended to guide cyber security and all the other security work. The general theory of ...Cyber security lacks comprehensive theoretical guidance. General security theory, as a set of basic security theory concepts, is intended to guide cyber security and all the other security work. The general theory of security aims to unify the main branches of cyber security and establish a unified basic theory. This paper proposal an overview on the general theory of security, which is devoted to constructing a comprehensive model of network security. The hierarchical structure of the meridian-collateral tree is described. Shannon information theory is employed to build a cyberspace security model. Some central concepts of security, i.e., the attack and defense, are discussed and several general theorems on security are presented.展开更多
In order to protect the website and assess the security risk of website, a novel website security risk assessment method is proposed based on the improved Bayesian attack graph(I-BAG) model. First, the Improved Bayesi...In order to protect the website and assess the security risk of website, a novel website security risk assessment method is proposed based on the improved Bayesian attack graph(I-BAG) model. First, the Improved Bayesian attack graph model is established, which takes attack benefits and threat factors into consideration. Compared with the existing attack graph models, it can better describe the website's security risk. Then, the improved Bayesian attack graph is constructed with optimized website attack graph, attack benefit nodes, threat factor nodes and the local conditional probability distribution of each node, which is calculated accordingly. Finally, website's attack probability and risk value are calculated on the level of nodes, hosts and the whole website separately. The experimental results demonstrate that the risk evaluating method based on I-BAG model proposed is a effective way for assessing the website security risk.展开更多
基金supported by the National Natural Science Foundation of China under Grant No. 61271174
文摘By allowing routers to combine the received packets before forwarding them,network coding-based applications are susceptible to possible malicious pollution attacks.Existing solutions for counteracting this issue either incur inter-generation pollution attacks(among multiple generations)or suffer high computation/bandwidth overhead.Using a dynamic public key technique,we propose a novel homomorphic signature scheme for network coding for each generation authentication without updating the initial secret key used.As per this idea,the secret key is scrambled for each generation by using the generation identifier,and each packet can be fast signed using the scrambled secret key for the generation to which the packet belongs.The scheme not only can resist intra-generation pollution attacks effectively but also can efficiently prevent inter-generation pollution attacks.Further,the communication overhead of the scheme is small and independent of the size of the transmitting files.
基金the Natural Science Foundation of China (No. 61802404, 61602470)the Strategic Priority Research Program (C) of the Chinese Academy of Sciences (No. XDC02040100)+3 种基金the Fundamental Research Funds for the Central Universities of the China University of Labor Relations (No. 20ZYJS017, 20XYJS003)the Key Research Program of the Beijing Municipal Science & Technology Commission (No. D181100000618003)partially the Key Laboratory of Network Assessment Technology,the Chinese Academy of Sciencesthe Beijing Key Laboratory of Network Security and Protection Technology
文摘Attacks such as APT usually hide communication data in massive legitimate network traffic, and mining structurally complex and latent relationships among flow-based network traffic to detect attacks has become the focus of many initiatives. Effectively analyzing massive network security data with high dimensions for suspicious flow diagnosis is a huge challenge. In addition, the uneven distribution of network traffic does not fully reflect the differences of class sample features, resulting in the low accuracy of attack detection. To solve these problems, a novel approach called the fuzzy entropy weighted natural nearest neighbor(FEW-NNN) method is proposed to enhance the accuracy and efficiency of flowbased network traffic attack detection. First, the FEW-NNN method uses the Fisher score and deep graph feature learning algorithm to remove unimportant features and reduce the data dimension. Then, according to the proposed natural nearest neighbor searching algorithm(NNN_Searching), the density of data points, each class center and the smallest enclosing sphere radius are determined correspondingly. Finally, a fuzzy entropy weighted KNN classification method based on affinity is proposed, which mainly includes the following three steps: 1、 the feature weights of samples are calculated based on fuzzy entropy values, 2、 the fuzzy memberships of samples are determined based on affinity among samples, and 3、 K-neighbors are selected according to the class-conditional weighted Euclidean distance, the fuzzy membership value of the testing sample is calculated based on the membership of k-neighbors, and then all testing samples are classified according to the fuzzy membership value of the samples belonging to each class;that is, the attack type is determined. The method has been applied to the problem of attack detection and validated based on the famous KDD99 and CICIDS-2017 datasets. From the experimental results shown in this paper, it is observed that the FEW-NNN method improves the accuracy and efficiency of flow-based network traffic attack detection.
基金supported by the National Key R&D Program of China (2016YFF0204001)the National Key Technology Support Program (2015BAH08F02)+3 种基金the CCF-Venustech Hongyan Research Initiative (2016-009)the PAPD fundthe CICAEET fundthe Guizhou Provincial Key Laboratory of Public Big Data Program
文摘Cyber security lacks comprehensive theoretical guidance. General security theory, as a set of basic security theory concepts, is intended to guide cyber security and all the other security work. The general theory of security aims to unify the main branches of cyber security and establish a unified basic theory. This paper proposal an overview on the general theory of security, which is devoted to constructing a comprehensive model of network security. The hierarchical structure of the meridian-collateral tree is described. Shannon information theory is employed to build a cyberspace security model. Some central concepts of security, i.e., the attack and defense, are discussed and several general theorems on security are presented.
基金supported by the project of the State Key Program of National Natural Science Foundation of China (No. 90818021)supported by a grant from the national high technology research and development program of China (863program) (No.2012AA012903)
文摘In order to protect the website and assess the security risk of website, a novel website security risk assessment method is proposed based on the improved Bayesian attack graph(I-BAG) model. First, the Improved Bayesian attack graph model is established, which takes attack benefits and threat factors into consideration. Compared with the existing attack graph models, it can better describe the website's security risk. Then, the improved Bayesian attack graph is constructed with optimized website attack graph, attack benefit nodes, threat factor nodes and the local conditional probability distribution of each node, which is calculated accordingly. Finally, website's attack probability and risk value are calculated on the level of nodes, hosts and the whole website separately. The experimental results demonstrate that the risk evaluating method based on I-BAG model proposed is a effective way for assessing the website security risk.
