Security problem is an important issue for Wireless Sensor Network.The paper focuses on the privacy protection of WSN applications.An anonymity enhancement tactic based on pseudonym mechanism is presented for clustere...Security problem is an important issue for Wireless Sensor Network.The paper focuses on the privacy protection of WSN applications.An anonymity enhancement tactic based on pseudonym mechanism is presented for clustered Wireless Sensor Network,which provides anonymity for both the sensors within a cluster and the cluster head nodes.Simulation experiments are launched through NS2 platform to validate the anonymity performance.The theoretical analysis and empirical study imply that the proposed scheme based on pseudonym can protect the privacies of both the sensor nodes and the cluster head nodes.The work is valuable and the experimental results are convincible.展开更多
This paper presents an anomaly detection approach to detect intrusions into computer systems. In this approach, a hierarchical hidden Markov model (HHMM) is used to represent a temporal profile of normal behavior in...This paper presents an anomaly detection approach to detect intrusions into computer systems. In this approach, a hierarchical hidden Markov model (HHMM) is used to represent a temporal profile of normal behavior in a computer system. The HHMM of the norm profile is learned from historic data of the system's normal behavior. The observed behavior of the system is analyzed to infer the probability that the HHMM of the norm profile supports the observed behavior. A low probability of support indicates an anomalous behavior that may result from intrusive activities. The model was implemented and tested on the UNIX system call sequences collected by the University of New Mexico group. The testing results showed that the model can clearly identify the anomaly activities and has a better performance than hidden Markov model.展开更多
Library function call sequence is the direct reflection of a program's behavior. The relationship between program vulnerability and library calls is analyzed, and an intrusion detection method via library calls is pr...Library function call sequence is the direct reflection of a program's behavior. The relationship between program vulnerability and library calls is analyzed, and an intrusion detection method via library calls is proposed, in which the short sequences of library call are used as signature profile. In this intrusion detection method, library interposition is used to hook library calls, and with the discussion of the features of the library call sequence in detail, an algorithm based on information-theory is applied to determine the appropriate length of the library call sequence. Experiments show good performance of our method against intrusions caused by the popular program vulnerabilities.展开更多
Format-preserving encryption (FPE), which makes sure that ciphertext has the same format as plaintext, has been widely used in protecting sensitive data in a database. Aiming at efficiently solving the FPE problem o...Format-preserving encryption (FPE), which makes sure that ciphertext has the same format as plaintext, has been widely used in protecting sensitive data in a database. Aiming at efficiently solving the FPE problem on a collection of practical domains, we propose the RREM (random reference-based encryption mode), which constructs bijection between the original domain and integer set through distance computation. If an appropriate distance function is predefined, the proposed mode can solve the FPE problem on linear equidistance domain in a more efficient way than previous methods. Furthermore, we make a classification on various types of domains, show the application of RREM in some practical domains, and specify RREM’s capability of solving the FPE problem on frequently-used fields in database quite efficiently.展开更多
End hopping is one of the good methods to defend against network attack,but has problems with network address translation(NAT) because packets sent from an unknown endpoint would be dropped by NAT.To avoid the dropp...End hopping is one of the good methods to defend against network attack,but has problems with network address translation(NAT) because packets sent from an unknown endpoint would be dropped by NAT.To avoid the dropping of packets,we propose a punching scheme:a client sends a punching packet to create mapping rules in NAT,so that the packets from the server would be able to pass through effectively with such rules.In this paper,some preliminaries and definitions are provided for building the model of end hopping.Then we discuss the main reason of such packet dropping and specify all the failure situations based on the model.What's more,we analyze how the punching scheme helps end hopping cross NAT.Finally,we validate the feasibility of this scheme with empirical results:if the client is behind a NAT and with punching scheme,the service rate increases to 100%.Therefore,our proposed scheme can greatly improve the performance of crossing NAT in end hopping with little security and computational overhead.展开更多
基金the National Natural Science Foundation of China (NSFC) under grant No.61309024,the National Key Basic Research Program of China (973) under Grant No.2013CB834204,the Fundamental Research Funds for the Central Universities under grant No.14CX06009A at China University of Petroleum
文摘Security problem is an important issue for Wireless Sensor Network.The paper focuses on the privacy protection of WSN applications.An anonymity enhancement tactic based on pseudonym mechanism is presented for clustered Wireless Sensor Network,which provides anonymity for both the sensors within a cluster and the cluster head nodes.Simulation experiments are launched through NS2 platform to validate the anonymity performance.The theoretical analysis and empirical study imply that the proposed scheme based on pseudonym can protect the privacies of both the sensor nodes and the cluster head nodes.The work is valuable and the experimental results are convincible.
基金Supported by the Science and Technology Development Project Foundation of Tianjin (033800611, 05YFGZGX24200)
文摘This paper presents an anomaly detection approach to detect intrusions into computer systems. In this approach, a hierarchical hidden Markov model (HHMM) is used to represent a temporal profile of normal behavior in a computer system. The HHMM of the norm profile is learned from historic data of the system's normal behavior. The observed behavior of the system is analyzed to infer the probability that the HHMM of the norm profile supports the observed behavior. A low probability of support indicates an anomalous behavior that may result from intrusive activities. The model was implemented and tested on the UNIX system call sequences collected by the University of New Mexico group. The testing results showed that the model can clearly identify the anomaly activities and has a better performance than hidden Markov model.
基金Supported by the Science and Technology Development Project Foundation of Tianjin (033800611, 05YFGZGX24200)
文摘Library function call sequence is the direct reflection of a program's behavior. The relationship between program vulnerability and library calls is analyzed, and an intrusion detection method via library calls is proposed, in which the short sequences of library call are used as signature profile. In this intrusion detection method, library interposition is used to hook library calls, and with the discussion of the features of the library call sequence in detail, an algorithm based on information-theory is applied to determine the appropriate length of the library call sequence. Experiments show good performance of our method against intrusions caused by the popular program vulnerabilities.
基金Supported by the National Natural Science Foundation of China(60973141)the Specialized Research Fund for the Doctoral Program of Higher Education of China (20100031110030)+1 种基金the Funds of Key Lab of Fujian Province University Network Security and Cryptology (2011004)the Fundamental Research Funds for the Central Universities
文摘Format-preserving encryption (FPE), which makes sure that ciphertext has the same format as plaintext, has been widely used in protecting sensitive data in a database. Aiming at efficiently solving the FPE problem on a collection of practical domains, we propose the RREM (random reference-based encryption mode), which constructs bijection between the original domain and integer set through distance computation. If an appropriate distance function is predefined, the proposed mode can solve the FPE problem on linear equidistance domain in a more efficient way than previous methods. Furthermore, we make a classification on various types of domains, show the application of RREM in some practical domains, and specify RREM’s capability of solving the FPE problem on frequently-used fields in database quite efficiently.
基金Supported by the National Natural Science Foundation of China (60973141,61272423)the Specialized Research Fund for the Doctoral Program of Higher Education of China (20100031110030)the Funds of Key Lab of Fujian Province University Network Security and Cryptology (2011004)
文摘End hopping is one of the good methods to defend against network attack,but has problems with network address translation(NAT) because packets sent from an unknown endpoint would be dropped by NAT.To avoid the dropping of packets,we propose a punching scheme:a client sends a punching packet to create mapping rules in NAT,so that the packets from the server would be able to pass through effectively with such rules.In this paper,some preliminaries and definitions are provided for building the model of end hopping.Then we discuss the main reason of such packet dropping and specify all the failure situations based on the model.What's more,we analyze how the punching scheme helps end hopping cross NAT.Finally,we validate the feasibility of this scheme with empirical results:if the client is behind a NAT and with punching scheme,the service rate increases to 100%.Therefore,our proposed scheme can greatly improve the performance of crossing NAT in end hopping with little security and computational overhead.