Research on Cyberspace Attack and Defense Confrontation Technology

This paper analyzes the characteristics of Interact space and confrontation, discussed on the main technology of network space attack and defense confrontation. The paper presents the realization scheme of network space attack defense confrontation system, and analyzes its feasibility. The technology and the system can provide technical support for the system in the network space of our country development, and safeguard security of network space in China, promote the development of the network space security industry of China, it plays an important role and significance to speed up China＇ s independent controllable security products development.

Address Resolution Protocol (ARP): Spoofing Attack and Proposed Defense

Networks have become an integral part of today’s world. The ease of deployment, low-cost and high data rates have contributed significantly to their popularity. There are many protocols that are tailored to ease the process of establishing these networks. Nevertheless, security-wise precautions were not taken in some of them. In this paper, we expose some of the vulnerability that exists in a commonly and widely used network protocol, the Address Resolution Protocol (ARP) protocol. Effectively, we will implement a user friendly and an easy-to-use tool that exploits the weaknesses of this protocol to deceive a victim’s machine and a router through creating a sort of Man-in-the-Middle (MITM) attack. In MITM, all of the data going out or to the victim machine will pass first through the attacker’s machine. This enables the attacker to inspect victim’s data packets, extract valuable data (like passwords) that belong to the victim and manipulate these data packets. We suggest and implement a defense mechanism and tool that counters this attack, warns the user, and exposes some information about the attacker to isolate him. GNU/Linux is chosen as an operating system to implement both the attack and the defense tools. The results show the success of the defense mechanism in detecting the ARP related attacks in a very simple and efficient way.

Discussion and Research on Information Security Attack and Defense Platform Construction in Universities Based on Cloud Computing and Virtualization

This paper puts forward the plan on constructing information security attack and defense platform based on cloud computing and virtualization, provides the hardware topology structure of the platform and technical framework of the system and the experimental process and technical principle of the platform. The experiment platform can provide more than 20 attack classes. Using the virtualization technology can build hypothesized target of various types in the laboratory and diversified network structure to carry out attack and defense experiment.

Low-power emerging memristive designs towards secure hardware systems for applications in internet of things

Emerging memristive devices offer enormous advantages for applications such as non-volatile memories and inmemory computing(IMC),but there is a rising interest in using memristive technologies for security applications in the era of internet of things(IoT).In this review article,for achieving secure hardware systems in IoT,lowpower design techniques based on emerging memristive technology for hardware security primitives/systems are presented.By reviewing the state-of-the-art in three highlighted memristive application areas,i.e.memristive non-volatile memory,memristive reconfigurable logic computing and memristive artificial intelligent computing,their application-level impacts on the novel implementations of secret key generation,crypto functions and machine learning attacks are explored,respectively.For the low-power security applications in IoT,it is essential to understand how to best realize cryptographic circuitry using memristive circuitries,and to assess the implications of memristive crypto implementations on security and to develop novel computing paradigms that will enhance their security.This review article aims to help researchers to explore security solutions,to analyze new possible threats and to develop corresponding protections for the secure hardware systems based on low-cost memristive circuit designs.

Defend Against Adversarial Samples by Using Perceptual Hash

Image classifiers that based on Deep Neural Networks(DNNs)have been proved to be easily fooled by well-designed perturbations.Previous defense methods have the limitations of requiring expensive computation or reducing the accuracy of the image classifiers.In this paper,we propose a novel defense method which based on perceptual hash.Our main goal is to destroy the process of perturbations generation by comparing the similarities of images thus achieve the purpose of defense.To verify our idea,we defended against two main attack methods(a white-box attack and a black-box attack)in different DNN-based image classifiers and show that,after using our defense method,the attack-success-rate for all DNN-based image classifiers decreases significantly.More specifically,for the white-box attack,the attack-success-rate is reduced by an average of 36.3%.For the black-box attack,the average attack-success-rate of targeted attack and non-targeted attack has been reduced by 72.8%and 76.7%respectively.The proposed method is a simple and effective defense method and provides a new way to defend against adversarial samples.

A Review on Cybersecurity Analysis,Attack Detection,and Attack Defense Methods in Cyber-physical Power Systems

Potential malicious cyber-attacks to power systems which are connected to a wide range of stakeholders from the top to tail will impose significant societal risks and challenges.The timely detection and defense are of crucial importance for safe and reliable operation of cyber-physical power systems(CPPSs).This paper presents a comprehensive review of some of the latest attack detection and defense strategies.Firstly,the vulnerabilities brought by some new information and communication technologies(ICTs)are analyzed,and their impacts on the security of CPPSs are discussed.Various malicious cyber-attacks on cyber and physical layers are then analyzed within CPPSs framework,and their features and negative impacts are discussed.Secondly,two current mainstream attack detection methods including state estimation based and machine learning based methods are analyzed,and their benefits and drawbacks are discussed.Moreover,two current mainstream attack defense methods including active defense and passive defense methods are comprehensively discussed.Finally,the trends and challenges in attack detection and defense strategies in CPPSs are provided.

System identification with binary-valued observations under both denial-of-service attacks and data tampering attacks:defense scheme and its optimality

In this paper,we investigate the defense problem against the joint attacks of denial-of-service attacks and data tampering attacks in the framework of system identification with binary-valued observations.By estimating the key parameters of the joint attack and compensating them in the identification algorithm,a compensation-oriented defense scheme is proposed.Then the identification algorithm of system parameter is designed and is further proved to be consistent.The asymptotic normality of the algorithm is obtained,and on this basis,we propose the optimal defense scheme.Furthermore,the implementation of the optimal defense scheme is discussed.Finally,a simulation example is presented to verify the effectiveness of the main results.

Towards Yo-Yo attack mitigation in cloud auto-scaling mechanism

Cloud platforms could automatically scale underlying network resources up and down in response to changes in the traffic load.Such an auto-scaling mechanism can largely enhance the elasticity and scalability of cloud platforms.However,it may introduce new security threats.For example,the Yo-Yo attack is a newly disclosed attack against the cloud auto-scaling mechanism.Attackers periodically send bursts of traffic to cause the autoscaling mechanism to oscillate between the scale-up process and the scale-down process,which may result in significant performance degradation and economic loss.None of the prior work addressed the problem of mitigating such an attack.In this paper,we propose a Trust-based Adversarial Scanner Delaying(TASD)approach to effectively and proactively mitigate the Yo-Yo attack on the cloud auto-scaling mechanism.In TASD,we first propose to use the trust-based scheme to establish trust values for users,which is leveraged to identify adversarial requests.Trust values are updated by jointly considering the request mode and the auto-scaling status.Then,we aim to disable the condition under which the Yo-Yo attack takes effect by injecting certain delay,under the QoS constraints,to manipulate the response time of suspicious requests and deceive the attackers.Our extensive evaluation demonstrates that our approach achieves promising results,e.g.,it can detect at least 80%Yo-Yo adversarial users and reduce more than 41%malicious scale-ups.

An Overview of General Theory of Security

Cyber security lacks comprehensive theoretical guidance. General security theory, as a set of basic security theory concepts, is intended to guide cyber security and all the other security work. The general theory of security aims to unify the main branches of cyber security and establish a unified basic theory. This paper proposal an overview on the general theory of security, which is devoted to constructing a comprehensive model of network security. The hierarchical structure of the meridian-collateral tree is described. Shannon information theory is employed to build a cyberspace security model. Some central concepts of security, i.e., the attack and defense, are discussed and several general theorems on security are presented.

Attack and Defense Strategies in Complex Networks Based on Game Theory

To investigate the attack and defense strategies in complex net works,the authors propose a two-player zero-sum static game model with complete information which considers attack and defense strategies simultaneously.The authors assume that both the attacker and defender have two typical strategies:Targeted strategy and random strategy.The authors explore the Nash equilibriums of the attacker-defender game and demonstrate that when the attacker's attack resources are not so significantly abundant as the defender's resources,there exists a pure-strategy Nash equilibrium in both model net works and real-world net works,in which the defender protects the hub t arge ts with large degrees preferentially,while the attacker prefers selecting the targets randomly.When the attack resources are much higher than defense resources,both the attacker and the defender adopt the targeted strategy in equilibriums.This paper provides a new theoretical framework for the study of attack and defense st rat egies in complex net works.

Interactive Visual Analysis on the Attack and Defense Drill of Grid Cyber-physical Systems

The open and distributed connection of the powersystem makes it vulnerable to various potential cyber-attacks,which may lead to power outages and even casualties. Therefore,the construction of attack and defense drill (ADD) platforms forattack mechanism investigation and protection strategy evaluationhas become a research hotspot. However, for the massiveand heterogeneous security analysis data generated during thedrill, it is rare to have a comprehensive and intuitive methodto visually and efficiently display the perspective of the attackerand defender. In order to solve this problem, this paper proposesa visual analysis scheme of an ADD framework for a grid cyberphysicalsystem (GCPS) based on the interactive visual analysismethod. Specifically, it realizes system weakness discovery basedon knowledge visualization, optimization of the detection modeland visualization interaction. Finally, the case study on thesimulation platform of ADD proves the effectiveness of theproposed method.

Proactive worm propagation modeling and analysis in unstructured peer-to-peer networks

It is universally acknowledged by network security experts that proactive peer-to-peer (P2P) worms may soon en-gender serious threats to the Internet infrastructures. These latent threats stimulate activities of modeling and analysis of the proactive P2P worm propagation. Based on the classical two-factor model,in this paper,we propose a novel proactive worm propagation model in unstructured P2P networks (called the four-factor model) by considering four factors:(1) network topology,(2) countermeasures taken by Internet service providers (ISPs) and users,(3) configuration diversity of nodes in the P2P network,and (4) attack and defense strategies. Simulations and experiments show that proactive P2P worms can be slowed down by two ways:improvement of the configuration diversity of the P2P network and using powerful rules to reinforce the most connected nodes from being compromised. The four-factor model provides a better description and prediction of the proactive P2P worm propagation.

Key technologies of new malicious code developments and defensive measures in communication networks

This article is focused on analyzing the key technologies of new malicious code and corresponding defensive measures in the large-scale communication networks. Based on description of the concepts and development of the malicious code, the article introduces the anti-analysis technology, splitting and inserting technology, hiding technology, polymorph virus technology, and auto production technology of the malicious code trends with intelligence, diversity and integration. Following that, it summarizes the security vulnerabilities of communication networks from four related layers aspects, according to the mechanisms of malicious code in the communication networks. Finally, it proposes rapid response disposition of malicious code attacks from four correlated steps： building up the network node monitoring system, suspicious code feature automation analysis and extraction, rapid active malicious code response technique for unknown malicious code, and malicious code attack immunity technique. As a result, it actively defenses against the unknown malicious code attacks and enhances the security performance of communication networks.