The effects of strategy on the network security defense and the related research on intrusion response strategy are briefly presented, with the focus on the status and function of intrusion re- sponse strategy in the ...The effects of strategy on the network security defense and the related research on intrusion response strategy are briefly presented, with the focus on the status and function of intrusion re- sponse strategy in the intrusion response decision-making. Some specific response strategies for specific response goals are presented as well. The relevant knowledge of the planning, and a classification of response tasks are proposed. The intrusion response planning methods and models based on hierarchical task network (HTN) are described in detail. On this basis, the model of combining the response measure decision-making with the response time decision-making is expounded. The proposed model can integrate response strategy into response decision-making mechanism. In addition, the results of the intrusion response experiments are provided to verify the ability of using different response strategies to achieve different response goals. At last, the application needs of response strategy in network security are analyzed, and the approaches of the response strategy applied in in- trusion response system are summarized.展开更多
The nature of adhoc networks makes them vulnerable to security attacks. Many security technologies such as intrusion prevention and intrusion detection are passive in response to intrusions in that their countermea- s...The nature of adhoc networks makes them vulnerable to security attacks. Many security technologies such as intrusion prevention and intrusion detection are passive in response to intrusions in that their countermea- sures are only to protect the networks, and there is no automated network-wide counteraction against detected intrusions, the architecture of cooperation intrusion response based multi-agent is propose. The architecture is composed of mobile agents. Monitor agent resides on every node and monitors its neighbor nodes. Decision agent collects information from monitor nodes and detects an intrusion by security policies. When an intruder is found in the architecture, the block agents will get to the neighbor nodes of the intruder and form the mobile firewall to isolate the intruder. In the end, we evaluate it by simulation.展开更多
Malicious attacks against data are unavoidable in the interconnected,open and shared Energy Internet(EI),Intrusion tolerant techniques are critical to the data security of EI.Existing intrusion tolerant techniques suf...Malicious attacks against data are unavoidable in the interconnected,open and shared Energy Internet(EI),Intrusion tolerant techniques are critical to the data security of EI.Existing intrusion tolerant techniques suffered from problems such as low adaptability,policy lag,and difficulty in determining the degree of tolerance.To address these issues,we propose a novel adaptive intrusion tolerance model based on game theory that enjoys two-fold ideas:(1)it constructs an improved replica of the intrusion tolerance model of the dynamic equation evolution game to induce incentive weights;and (2)it combines a tournament competition model with incentive weights to obtain optimal strategies for each stage of the game process.Extensive experiments are conducted in the IEEE 39-bus system,whose results demonstrate the feasibility of the incentive weights,confirm the proposed strategy strengthens the system’s ability to tolerate aggression,and improves the dynamic adaptability and response efficiency of the aggression-tolerant system in the case of limited resources.展开更多
Cyber threats are serious concerns for power systems.For example,hackers may attack power control systems via interconnected enterprise networks.This paper proposes a risk assessment framework to enhance the resilienc...Cyber threats are serious concerns for power systems.For example,hackers may attack power control systems via interconnected enterprise networks.This paper proposes a risk assessment framework to enhance the resilience of power systems against cyber attacks.The duality element relative fuzzy evaluation method is employed to evaluate identified security vulnerabilities within cyber systems of power systems quantitatively.The attack graph is used to identify possible intrusion scenarios that exploit multiple vulnerabilities.An intrusion response system(IRS)is developed to monitor the impact of intrusion scenarios on power system dynamics in real time.IRS calculates the conditional Lyapunov exponents(CLEs)on line based on the phasor measurement unit data.Power system stability is predicted through the values of CLEs.Control actions based on CLEs will be suggested if power system instability is likely to happen.A generic wind farm control system is used for case study.The effectiveness of IRS is illustrated with the IEEE 39 bus system model.展开更多
A color petri net (CPN) based attack modeling approach is addressed. Compared with graph-based modeling, CPN based attack model is flexible enough to model Internet intrusions, because of their static and dynamic feat...A color petri net (CPN) based attack modeling approach is addressed. Compared with graph-based modeling, CPN based attack model is flexible enough to model Internet intrusions, because of their static and dynamic features. The processes and rules of building CPN based attack model from attack tree are also presented. In order to evaluate the risk of intrusion, some cost elements are added to CPN based attack modeling. This extended model is useful in intrusion detection and risk evaluation. Experiences show that it is easy to exploit CPN based attack modeling approach to provide the controlling functions, such as intrusion response and intrusion defense. A case study given in this paper shows that CPN based attack model has many unique characters which attack tree model hasn’t.展开更多
文摘The effects of strategy on the network security defense and the related research on intrusion response strategy are briefly presented, with the focus on the status and function of intrusion re- sponse strategy in the intrusion response decision-making. Some specific response strategies for specific response goals are presented as well. The relevant knowledge of the planning, and a classification of response tasks are proposed. The intrusion response planning methods and models based on hierarchical task network (HTN) are described in detail. On this basis, the model of combining the response measure decision-making with the response time decision-making is expounded. The proposed model can integrate response strategy into response decision-making mechanism. In addition, the results of the intrusion response experiments are provided to verify the ability of using different response strategies to achieve different response goals. At last, the application needs of response strategy in network security are analyzed, and the approaches of the response strategy applied in in- trusion response system are summarized.
基金This project was supported by the National Natural Science Foundation of China (60672068)the National High Technology Development 863 Program of China (2006AA01Z436, 2007AA01Z452.)
文摘The nature of adhoc networks makes them vulnerable to security attacks. Many security technologies such as intrusion prevention and intrusion detection are passive in response to intrusions in that their countermea- sures are only to protect the networks, and there is no automated network-wide counteraction against detected intrusions, the architecture of cooperation intrusion response based multi-agent is propose. The architecture is composed of mobile agents. Monitor agent resides on every node and monitors its neighbor nodes. Decision agent collects information from monitor nodes and detects an intrusion by security policies. When an intruder is found in the architecture, the block agents will get to the neighbor nodes of the intruder and form the mobile firewall to isolate the intruder. In the end, we evaluate it by simulation.
基金supported by the National Natural Science Foundation of China(Nos.51977113,62293500,62293501 and 62293505).
文摘Malicious attacks against data are unavoidable in the interconnected,open and shared Energy Internet(EI),Intrusion tolerant techniques are critical to the data security of EI.Existing intrusion tolerant techniques suffered from problems such as low adaptability,policy lag,and difficulty in determining the degree of tolerance.To address these issues,we propose a novel adaptive intrusion tolerance model based on game theory that enjoys two-fold ideas:(1)it constructs an improved replica of the intrusion tolerance model of the dynamic equation evolution game to induce incentive weights;and (2)it combines a tournament competition model with incentive weights to obtain optimal strategies for each stage of the game process.Extensive experiments are conducted in the IEEE 39-bus system,whose results demonstrate the feasibility of the incentive weights,confirm the proposed strategy strengthens the system’s ability to tolerate aggression,and improves the dynamic adaptability and response efficiency of the aggression-tolerant system in the case of limited resources.
文摘Cyber threats are serious concerns for power systems.For example,hackers may attack power control systems via interconnected enterprise networks.This paper proposes a risk assessment framework to enhance the resilience of power systems against cyber attacks.The duality element relative fuzzy evaluation method is employed to evaluate identified security vulnerabilities within cyber systems of power systems quantitatively.The attack graph is used to identify possible intrusion scenarios that exploit multiple vulnerabilities.An intrusion response system(IRS)is developed to monitor the impact of intrusion scenarios on power system dynamics in real time.IRS calculates the conditional Lyapunov exponents(CLEs)on line based on the phasor measurement unit data.Power system stability is predicted through the values of CLEs.Control actions based on CLEs will be suggested if power system instability is likely to happen.A generic wind farm control system is used for case study.The effectiveness of IRS is illustrated with the IEEE 39 bus system model.
基金Supperted by the Nation High Technology Research and Development Program of China (863 Program) (No.2002AA001042) and the Tackle Key Problem Program of Sichuan Province (No. 01GG0712)
文摘A color petri net (CPN) based attack modeling approach is addressed. Compared with graph-based modeling, CPN based attack model is flexible enough to model Internet intrusions, because of their static and dynamic features. The processes and rules of building CPN based attack model from attack tree are also presented. In order to evaluate the risk of intrusion, some cost elements are added to CPN based attack modeling. This extended model is useful in intrusion detection and risk evaluation. Experiences show that it is easy to exploit CPN based attack modeling approach to provide the controlling functions, such as intrusion response and intrusion defense. A case study given in this paper shows that CPN based attack model has many unique characters which attack tree model hasn’t.
