In the traditional Intemet Protocol (IP) architecture, there is an overload of IP sermntic problems. Existing solutions focused mainly on the infrastructure for the fixed network, and there is a lack of support for ...In the traditional Intemet Protocol (IP) architecture, there is an overload of IP sermntic problems. Existing solutions focused mainly on the infrastructure for the fixed network, and there is a lack of support for Mobile Ad Hoc Networks (MANETs). To improve scalability, a routing protocol for MANETs is presented based on a locator named Tree-structure Locator Distance Vector (TLDV). The hard core of this routing method is the identifier/locator split by the Distributed Hash Table (DHT) method, which provides a scalable routing service. The node locator indicates its relative location in the network and should be updated whenever topology changes, kocator space ks organized as a tree-structure, and the basic routing operation of the TLDV protocol is presented. TLDV protocol is compared to some classical routing protocols for MANETs on the NS2 platform Results show that TLDV has better scalability. Key words:展开更多
Network security policy and the automated refinement of its hierarchies aims to simplify the administration of security services in complex network environments. The semantic gap between the policy hierarchies reflect...Network security policy and the automated refinement of its hierarchies aims to simplify the administration of security services in complex network environments. The semantic gap between the policy hierarchies reflects the validity of the policy hierarchies yielded by the automated policy refinement process. However, little attention has been paid to the evaluation of the compliance between the derived lower level policy and the higher level policy. We present an ontology based on Ontology Web Language (OWL) to describe the semantics of security policy and their implementation. We also propose a method of estimating the semantic similarity between a given展开更多
In the system of Computer Network Collaborative Defense(CNCD),it is difficult to evaluate the trustworthiness of defense agents which are newly added to the system,since they lack historical interaction for trust eval...In the system of Computer Network Collaborative Defense(CNCD),it is difficult to evaluate the trustworthiness of defense agents which are newly added to the system,since they lack historical interaction for trust evaluation.This will lead that the newly added agents could not get reasonable initial trustworthiness,and affect the whole process of trust evaluation.To solve this problem in CNCD,a trust type based trust bootstrapping model was introduced in this research.First,the division of trust type,trust utility and defense cost were discussed.Then the constraints of defense tasks were analyzed based on game theory.According to the constraints obtained,the trust type of defense agents was identified and the initial trustworthiness was assigned to defense agents.The simulated experiment shows that the methods proposed have lower failure rate of defense tasks and better adaptability in the respect of defense task execution.展开更多
The global view of firewall policy conflict is important for administrators to optimize the policy.It has been lack of appropriate firewall policy global conflict analysis,existing methods focus on local conflict dete...The global view of firewall policy conflict is important for administrators to optimize the policy.It has been lack of appropriate firewall policy global conflict analysis,existing methods focus on local conflict detection.We research the global conflict detection algorithm in this paper.We presented a semantic model that captures more complete classifications of the policy using knowledge concept in rough set.Based on this model,we presented the global conflict formal model,and represent it with OBDD(Ordered Binary Decision Diagram).Then we developed GFPCDA(Global Firewall Policy Conflict Detection Algorithm) algorithm to detect global conflict.In experiment,we evaluated the usability of our semantic model by eliminating the false positives and false negatives caused by incomplete policy semantic model,of a classical algorithm.We compared this algorithm with GFPCDA algorithm.The results show that GFPCDA detects conflicts more precisely and independently,and has better performance.展开更多
基金Acknowledgements This work was supported by the Hi-Tech Research and Development Program of China under Grant No.2007AA01Z407 the Co-Funding Project of Beijing Municipal education Commission under Grant No.JD100060630+3 种基金 National Foundation Research Project the National Natural Science Foundation Project under Grant No. 61170295 the Project of Aeronautical Science Foundation of China under Caant No.2011ZC51024 and the Fundamental Research Funds for the Central Universities.
文摘In the traditional Intemet Protocol (IP) architecture, there is an overload of IP sermntic problems. Existing solutions focused mainly on the infrastructure for the fixed network, and there is a lack of support for Mobile Ad Hoc Networks (MANETs). To improve scalability, a routing protocol for MANETs is presented based on a locator named Tree-structure Locator Distance Vector (TLDV). The hard core of this routing method is the identifier/locator split by the Distributed Hash Table (DHT) method, which provides a scalable routing service. The node locator indicates its relative location in the network and should be updated whenever topology changes, kocator space ks organized as a tree-structure, and the basic routing operation of the TLDV protocol is presented. TLDV protocol is compared to some classical routing protocols for MANETs on the NS2 platform Results show that TLDV has better scalability. Key words:
基金the National Natural Science Foundation of China
文摘Network security policy and the automated refinement of its hierarchies aims to simplify the administration of security services in complex network environments. The semantic gap between the policy hierarchies reflects the validity of the policy hierarchies yielded by the automated policy refinement process. However, little attention has been paid to the evaluation of the compliance between the derived lower level policy and the higher level policy. We present an ontology based on Ontology Web Language (OWL) to describe the semantics of security policy and their implementation. We also propose a method of estimating the semantic similarity between a given
基金supported by the National Natural Science Foundation of China under Grant No.61170295
文摘In the system of Computer Network Collaborative Defense(CNCD),it is difficult to evaluate the trustworthiness of defense agents which are newly added to the system,since they lack historical interaction for trust evaluation.This will lead that the newly added agents could not get reasonable initial trustworthiness,and affect the whole process of trust evaluation.To solve this problem in CNCD,a trust type based trust bootstrapping model was introduced in this research.First,the division of trust type,trust utility and defense cost were discussed.Then the constraints of defense tasks were analyzed based on game theory.According to the constraints obtained,the trust type of defense agents was identified and the initial trustworthiness was assigned to defense agents.The simulated experiment shows that the methods proposed have lower failure rate of defense tasks and better adaptability in the respect of defense task execution.
基金supported by the National Nature Science Foundation of China under Grant No.61170295 the Project of National ministry under Grant No.A2120110006+2 种基金 the Co-Funding Project of Beijing Municipal Education Commission under Grant No.JD100060630 the Beijing Education Committee General Program under Grant No. KM201211232010 the National Nature Science Foundation of China under Grant NO. 61370065
文摘The global view of firewall policy conflict is important for administrators to optimize the policy.It has been lack of appropriate firewall policy global conflict analysis,existing methods focus on local conflict detection.We research the global conflict detection algorithm in this paper.We presented a semantic model that captures more complete classifications of the policy using knowledge concept in rough set.Based on this model,we presented the global conflict formal model,and represent it with OBDD(Ordered Binary Decision Diagram).Then we developed GFPCDA(Global Firewall Policy Conflict Detection Algorithm) algorithm to detect global conflict.In experiment,we evaluated the usability of our semantic model by eliminating the false positives and false negatives caused by incomplete policy semantic model,of a classical algorithm.We compared this algorithm with GFPCDA algorithm.The results show that GFPCDA detects conflicts more precisely and independently,and has better performance.
