Research on Cyberspace Attack and Defense Confrontation Technology

This paper analyzes the characteristics of Interact space and confrontation, discussed on the main technology of network space attack and defense confrontation. The paper presents the realization scheme of network space attack defense confrontation system, and analyzes its feasibility. The technology and the system can provide technical support for the system in the network space of our country development, and safeguard security of network space in China, promote the development of the network space security industry of China, it plays an important role and significance to speed up China＇ s independent controllable security products development.

Discussion and Research on Information Security Attack and Defense Platform Construction in Universities Based on Cloud Computing and Virtualization

This paper puts forward the plan on constructing information security attack and defense platform based on cloud computing and virtualization, provides the hardware topology structure of the platform and technical framework of the system and the experimental process and technical principle of the platform. The experiment platform can provide more than 20 attack classes. Using the virtualization technology can build hypothesized target of various types in the laboratory and diversified network structure to carry out attack and defense experiment.

Attack and Defense Strategies in Complex Networks Based on Game Theory

To investigate the attack and defense strategies in complex net works,the authors propose a two-player zero-sum static game model with complete information which considers attack and defense strategies simultaneously.The authors assume that both the attacker and defender have two typical strategies:Targeted strategy and random strategy.The authors explore the Nash equilibriums of the attacker-defender game and demonstrate that when the attacker's attack resources are not so significantly abundant as the defender's resources,there exists a pure-strategy Nash equilibrium in both model net works and real-world net works,in which the defender protects the hub t arge ts with large degrees preferentially,while the attacker prefers selecting the targets randomly.When the attack resources are much higher than defense resources,both the attacker and the defender adopt the targeted strategy in equilibriums.This paper provides a new theoretical framework for the study of attack and defense st rat egies in complex net works.

Interactive Visual Analysis on the Attack and Defense Drill of Grid Cyber-physical Systems

The open and distributed connection of the powersystem makes it vulnerable to various potential cyber-attacks,which may lead to power outages and even casualties. Therefore,the construction of attack and defense drill (ADD) platforms forattack mechanism investigation and protection strategy evaluationhas become a research hotspot. However, for the massiveand heterogeneous security analysis data generated during thedrill, it is rare to have a comprehensive and intuitive methodto visually and efficiently display the perspective of the attackerand defender. In order to solve this problem, this paper proposesa visual analysis scheme of an ADD framework for a grid cyberphysicalsystem (GCPS) based on the interactive visual analysismethod. Specifically, it realizes system weakness discovery basedon knowledge visualization, optimization of the detection modeland visualization interaction. Finally, the case study on thesimulation platform of ADD proves the effectiveness of theproposed method.

Address Resolution Protocol (ARP): Spoofing Attack and Proposed Defense

Networks have become an integral part of today’s world. The ease of deployment, low-cost and high data rates have contributed significantly to their popularity. There are many protocols that are tailored to ease the process of establishing these networks. Nevertheless, security-wise precautions were not taken in some of them. In this paper, we expose some of the vulnerability that exists in a commonly and widely used network protocol, the Address Resolution Protocol (ARP) protocol. Effectively, we will implement a user friendly and an easy-to-use tool that exploits the weaknesses of this protocol to deceive a victim’s machine and a router through creating a sort of Man-in-the-Middle (MITM) attack. In MITM, all of the data going out or to the victim machine will pass first through the attacker’s machine. This enables the attacker to inspect victim’s data packets, extract valuable data (like passwords) that belong to the victim and manipulate these data packets. We suggest and implement a defense mechanism and tool that counters this attack, warns the user, and exposes some information about the attacker to isolate him. GNU/Linux is chosen as an operating system to implement both the attack and the defense tools. The results show the success of the defense mechanism in detecting the ARP related attacks in a very simple and efficient way.

An Overview of General Theory of Security

Cyber security lacks comprehensive theoretical guidance. General security theory, as a set of basic security theory concepts, is intended to guide cyber security and all the other security work. The general theory of security aims to unify the main branches of cyber security and establish a unified basic theory. This paper proposal an overview on the general theory of security, which is devoted to constructing a comprehensive model of network security. The hierarchical structure of the meridian-collateral tree is described. Shannon information theory is employed to build a cyberspace security model. Some central concepts of security, i.e., the attack and defense, are discussed and several general theorems on security are presented.

Proactive worm propagation modeling and analysis in unstructured peer-to-peer networks

It is universally acknowledged by network security experts that proactive peer-to-peer (P2P) worms may soon en-gender serious threats to the Internet infrastructures. These latent threats stimulate activities of modeling and analysis of the proactive P2P worm propagation. Based on the classical two-factor model,in this paper,we propose a novel proactive worm propagation model in unstructured P2P networks (called the four-factor model) by considering four factors:(1) network topology,(2) countermeasures taken by Internet service providers (ISPs) and users,(3) configuration diversity of nodes in the P2P network,and (4) attack and defense strategies. Simulations and experiments show that proactive P2P worms can be slowed down by two ways:improvement of the configuration diversity of the P2P network and using powerful rules to reinforce the most connected nodes from being compromised. The four-factor model provides a better description and prediction of the proactive P2P worm propagation.

Key technologies of new malicious code developments and defensive measures in communication networks

This article is focused on analyzing the key technologies of new malicious code and corresponding defensive measures in the large-scale communication networks. Based on description of the concepts and development of the malicious code, the article introduces the anti-analysis technology, splitting and inserting technology, hiding technology, polymorph virus technology, and auto production technology of the malicious code trends with intelligence, diversity and integration. Following that, it summarizes the security vulnerabilities of communication networks from four related layers aspects, according to the mechanisms of malicious code in the communication networks. Finally, it proposes rapid response disposition of malicious code attacks from four correlated steps： building up the network node monitoring system, suspicious code feature automation analysis and extraction, rapid active malicious code response technique for unknown malicious code, and malicious code attack immunity technique. As a result, it actively defenses against the unknown malicious code attacks and enhances the security performance of communication networks.