A definition of self-determined priority is used in airfight decision firstly. A scheme of grouping the whole fighters is introduced, and the principle of target assignment and fire control is designed. Based on the ...A definition of self-determined priority is used in airfight decision firstly. A scheme of grouping the whole fighters is introduced, and the principle of target assignment and fire control is designed. Based on the neutral network, the decision algorithm is derived and the whole coordinated decision system is simulated. Secondly an algorithm for missile-attacking area is described and its calculational result is obtained under initial conditions. Then the attacking of missile is realized by the proportion guidance. Finally, a multi-target attack system. The system includes airfight decision, estimation of missile attack area and calculation of missile attack procedure. A digital simulation demonstrates that the airfight decision algorithm is correct. The methods have important reference values for the study of fire control system of the fourth generation fighter.展开更多
Network attack graphs are originally used to evaluate what the worst security state is when a concerned net-work is under attack. Combined with intrusion evidence such like IDS alerts, attack graphs can be further use...Network attack graphs are originally used to evaluate what the worst security state is when a concerned net-work is under attack. Combined with intrusion evidence such like IDS alerts, attack graphs can be further used to perform security state posterior inference (i.e. inference based on observation experience). In this area, Bayesian network is an ideal mathematic tool, however it can not be directly applied for the following three reasons: 1) in a network attack graph, there may exist directed cycles which are never permitted in a Bayesian network, 2) there may exist temporal partial ordering relations among intrusion evidence that can-not be easily modeled in a Bayesian network, and 3) just one Bayesian network cannot be used to infer both the current and the future security state of a network. In this work, we improve an approximate Bayesian posterior inference algorithm–the likelihood-weighting algorithm to resolve the above obstacles. We give out all the pseudocodes of the algorithm and use several examples to demonstrate its benefit. Based on this, we further propose a network security assessment and enhancement method along with a small network scenario to exemplify its usage.展开更多
This paper considers the problem of generating a flight trajectory for a single fixed-wing unmanned combat aerial vehicle (UCAV) performing an air-to-surface multi-target attack (A/SMTA) mission using satellite-gu...This paper considers the problem of generating a flight trajectory for a single fixed-wing unmanned combat aerial vehicle (UCAV) performing an air-to-surface multi-target attack (A/SMTA) mission using satellite-guided bombs. First, this problem is formulated as a variant of the traveling salesman problem (TSP), called the dynamic-constrained TSP with neighborhoods (DCT- SPN). Then, a hierarchical hybrid approach, which partitions the planning algorithm into a roadmap planning layer and an optimal control layer, is proposed to solve the DCTSPN. In the roadmap planning layer, a novel algorithm based on an updatable proba- bilistic roadmap (PRM) is presented, which operates by randomly sampling a finite set of vehicle states from continuous state space in order to reduce the complicated trajectory planning problem to planning on a finite directed graph. In the optimal control layer, a collision-free state-to-state trajectory planner based on the Gauss pseudospectral method is developed, which can generate both dynamically feasible and optimal flight trajectories. The entire process of solving a DCTSPN consists of two phases. First, in the offline preprocessing phase, the algorithm constructs a PRM, and then converts the original problem into a standard asymmet- ric TSP (ATSP). Second, in the online querying phase, the costs of directed edges in PRM are updated first, and a fast heuristic searching algorithm is then used to solve the ATSP. Numerical experiments indicate that the algorithm proposed in this paper can generate both feasible and near-optimal solutions quickly for online purposes.展开更多
The continuous improvement of the cyber threat intelligence sharing mechanism provides new ideas to deal with Advanced Persistent Threats(APT).Extracting attack behaviors,i.e.,Tactics,Techniques,Procedures(TTP)from Cy...The continuous improvement of the cyber threat intelligence sharing mechanism provides new ideas to deal with Advanced Persistent Threats(APT).Extracting attack behaviors,i.e.,Tactics,Techniques,Procedures(TTP)from Cyber Threat Intelligence(CTI)can facilitate APT actors’profiling for an immediate response.However,it is difficult for traditional manual methods to analyze attack behaviors from cyber threat intelligence due to its heterogeneous nature.Based on the Adversarial Tactics,Techniques and Common Knowledge(ATT&CK)of threat behavior description,this paper proposes a threat behavioral knowledge extraction framework that integrates Heterogeneous Text Network(HTN)and Graph Convolutional Network(GCN)to solve this issue.It leverages the hierarchical correlation relationships of attack techniques and tactics in the ATT&CK to construct a text network of heterogeneous cyber threat intelligence.With the help of the Bidirectional EncoderRepresentation fromTransformers(BERT)pretraining model to analyze the contextual semantics of cyber threat intelligence,the task of threat behavior identification is transformed into a text classification task,which automatically extracts attack behavior in CTI,then identifies the malware and advanced threat actors.The experimental results show that F1 achieve 94.86%and 92.15%for the multi-label classification tasks of tactics and techniques.Extend the experiment to verify the method’s effectiveness in identifying the malware and threat actors in APT attacks.The F1 for malware and advanced threat actors identification task reached 98.45%and 99.48%,which are better than the benchmark model in the experiment and achieve state of the art.The model can effectivelymodel threat intelligence text data and acquire knowledge and experience migration by correlating implied features with a priori knowledge to compensate for insufficient sample data and improve the classification performance and recognition ability of threat behavior in text.展开更多
Building attack scenario is one of the most important aspects in network security.This paper pro-posed a system which collects intrusion alerts,clusters them as sub-attacks using alerts abstraction,ag-gregates the sim...Building attack scenario is one of the most important aspects in network security.This paper pro-posed a system which collects intrusion alerts,clusters them as sub-attacks using alerts abstraction,ag-gregates the similar sub-attacks,and then correlates and generates correlation graphs.The scenarios wererepresented by alert classes instead of alerts themselves so as to reduce the required rules and have the a-bility of detecting new variations of attacks.The proposed system is capable of passing some of the missedattacks.To evaluate system effectiveness,it was tested with different datasets which contain multi-stepattacks.Compressed and easily understandable Correlation graphs which reflect attack scenarios were gen-erated.The proposed system can correlate related alerts,uncover the attack strategies,and detect newvariations of attacks.展开更多
The real-time of network security situation awareness(NSSA)is always affected by the state explosion problem.To solve this problem,a new NSSA method based on layered attack graph(LAG)is proposed.Firstly,network is div...The real-time of network security situation awareness(NSSA)is always affected by the state explosion problem.To solve this problem,a new NSSA method based on layered attack graph(LAG)is proposed.Firstly,network is divided into several logical subnets by community discovery algorithm.The logical subnets and connections between them constitute the logical network.Then,based on the original and logical networks,the selection of attack path is optimized according to the monotonic principle of attack behavior.The proposed method can sharply reduce the attack path scale and hence tackle the state explosion problem in NSSA.The experiments results show that the generation of attack paths by this method consumes 0.029 s while the counterparts by other methods are more than 56 s.Meanwhile,this method can give the same security strategy with other methods.展开更多
We introduce a novel model for robustness of complex with a tunable attack information parameter. The random failure and intentional attack known are the two extreme cases of our model. Based on the model, we study th...We introduce a novel model for robustness of complex with a tunable attack information parameter. The random failure and intentional attack known are the two extreme cases of our model. Based on the model, we study the robustness of complex networks under random information and preferential information, respectively. Using the generating function method, we derive the exact value of the critical removal fraction of nodes for the disintegration of networks and the size of the giant component. We show that hiding just a small fraction of nodes randomly can prevent a scale-free network from collapsing and detecting just a small fraction of nodes preferentially can destroy a scale-free network.展开更多
Watermarking system based on quantization index modulation (QIM) is increasingly popular in high payload applications,but it is inherently fragile against amplitude scaling attacks.In order to resist desynchronizati...Watermarking system based on quantization index modulation (QIM) is increasingly popular in high payload applications,but it is inherently fragile against amplitude scaling attacks.In order to resist desynchronization attacks of QIM digital watermarking,a low density parity check (LDPC) code-aided QIM watermarking algorithm is proposed,and the performance of QIM watermarking system can be improved by incorporating LDPC code with message passing estimation/detection framework.Using the theory of iterative estimation and decoding,the watermark signal is decoded by the proposed algorithm through iterative estimation of amplitude scaling parameters and decoding of watermark.The performance of the proposed algorithm is closer to the dirty paper Shannon limit than that of repetition code aided algorithm when the algorithm is attacked by the additive white Gaussian noise.For constant amplitude scaling attacks,the proposed algorithm can obtain the accurate estimation of amplitude scaling parameters.The simulation result shows that the algorithm can obtain similar performance compared to the algorithm without desynchronization.展开更多
Sybil attacks are one of the most prominent security problems of trust mechanisms in a distributed network with a large number of highly dynamic and heterogeneous devices,which expose serious threat to edge computing ...Sybil attacks are one of the most prominent security problems of trust mechanisms in a distributed network with a large number of highly dynamic and heterogeneous devices,which expose serious threat to edge computing based distributed systems.Graphbased Sybil detection approaches extract social structures from target distributed systems,refine the graph via preprocessing methods and capture Sybil nodes based on the specific properties of the refined graph structure.Graph preprocessing is a critical component in such Sybil detection methods,and intuitively,the processing methods will affect the detection performance.Thoroughly understanding the dependency on the graph-processing methods is very important to develop and deploy Sybil detection approaches.In this paper,we design experiments and conduct systematic analysis on graph-based Sybil detection with respect to different graph preprocessing methods on selected network environments.The experiment results disclose the sensitivity caused by different graph transformations on accuracy and robustness of Sybil detection methods.展开更多
分布式拒绝服务(Distributed Denial of Service,DDoS)攻击已经成为网络安全的主要威胁之一,其中应用层DDoS攻击是主要的攻击手段。应用层DDoS攻击是针对具体应用服务的攻击,其在网络层行为表现正常,传统安全设备无法有效抵御。同时,现...分布式拒绝服务(Distributed Denial of Service,DDoS)攻击已经成为网络安全的主要威胁之一,其中应用层DDoS攻击是主要的攻击手段。应用层DDoS攻击是针对具体应用服务的攻击,其在网络层行为表现正常,传统安全设备无法有效抵御。同时,现有的针对应用层DDoS攻击的检测方法检测能力不足,难以适应攻击模式的变化。为此,文章提出一种基于时空图神经网络(Spatio-Temporal Graph Neural Network,STGNN)的应用层DDoS攻击检测方法,利用应用层服务的特征,从应用层数据和应用层协议交互信息出发,引入注意力机制并结合多个GraphSAGE层,学习不同时间窗口下的实体交互模式,进而计算检测流量与正常流量的偏差,完成攻击检测。该方法仅利用时间、源IP、目的IP、通信频率、平均数据包大小5维数据便可有效识别应用层DDoS攻击。由实验结果可知,该方法在攻击样本数量较少的情况下,与对比方法相比可获得较高的Recall和F1分数。展开更多
文摘A definition of self-determined priority is used in airfight decision firstly. A scheme of grouping the whole fighters is introduced, and the principle of target assignment and fire control is designed. Based on the neutral network, the decision algorithm is derived and the whole coordinated decision system is simulated. Secondly an algorithm for missile-attacking area is described and its calculational result is obtained under initial conditions. Then the attacking of missile is realized by the proportion guidance. Finally, a multi-target attack system. The system includes airfight decision, estimation of missile attack area and calculation of missile attack procedure. A digital simulation demonstrates that the airfight decision algorithm is correct. The methods have important reference values for the study of fire control system of the fourth generation fighter.
文摘Network attack graphs are originally used to evaluate what the worst security state is when a concerned net-work is under attack. Combined with intrusion evidence such like IDS alerts, attack graphs can be further used to perform security state posterior inference (i.e. inference based on observation experience). In this area, Bayesian network is an ideal mathematic tool, however it can not be directly applied for the following three reasons: 1) in a network attack graph, there may exist directed cycles which are never permitted in a Bayesian network, 2) there may exist temporal partial ordering relations among intrusion evidence that can-not be easily modeled in a Bayesian network, and 3) just one Bayesian network cannot be used to infer both the current and the future security state of a network. In this work, we improve an approximate Bayesian posterior inference algorithm–the likelihood-weighting algorithm to resolve the above obstacles. We give out all the pseudocodes of the algorithm and use several examples to demonstrate its benefit. Based on this, we further propose a network security assessment and enhancement method along with a small network scenario to exemplify its usage.
文摘This paper considers the problem of generating a flight trajectory for a single fixed-wing unmanned combat aerial vehicle (UCAV) performing an air-to-surface multi-target attack (A/SMTA) mission using satellite-guided bombs. First, this problem is formulated as a variant of the traveling salesman problem (TSP), called the dynamic-constrained TSP with neighborhoods (DCT- SPN). Then, a hierarchical hybrid approach, which partitions the planning algorithm into a roadmap planning layer and an optimal control layer, is proposed to solve the DCTSPN. In the roadmap planning layer, a novel algorithm based on an updatable proba- bilistic roadmap (PRM) is presented, which operates by randomly sampling a finite set of vehicle states from continuous state space in order to reduce the complicated trajectory planning problem to planning on a finite directed graph. In the optimal control layer, a collision-free state-to-state trajectory planner based on the Gauss pseudospectral method is developed, which can generate both dynamically feasible and optimal flight trajectories. The entire process of solving a DCTSPN consists of two phases. First, in the offline preprocessing phase, the algorithm constructs a PRM, and then converts the original problem into a standard asymmet- ric TSP (ATSP). Second, in the online querying phase, the costs of directed edges in PRM are updated first, and a fast heuristic searching algorithm is then used to solve the ATSP. Numerical experiments indicate that the algorithm proposed in this paper can generate both feasible and near-optimal solutions quickly for online purposes.
基金supported by China’s National Key R&D Program,No.2019QY1404the National Natural Science Foundation of China,Grant No.U20A20161,U1836103the Basic Strengthening Program Project,No.2019-JCJQ-ZD-113.
文摘The continuous improvement of the cyber threat intelligence sharing mechanism provides new ideas to deal with Advanced Persistent Threats(APT).Extracting attack behaviors,i.e.,Tactics,Techniques,Procedures(TTP)from Cyber Threat Intelligence(CTI)can facilitate APT actors’profiling for an immediate response.However,it is difficult for traditional manual methods to analyze attack behaviors from cyber threat intelligence due to its heterogeneous nature.Based on the Adversarial Tactics,Techniques and Common Knowledge(ATT&CK)of threat behavior description,this paper proposes a threat behavioral knowledge extraction framework that integrates Heterogeneous Text Network(HTN)and Graph Convolutional Network(GCN)to solve this issue.It leverages the hierarchical correlation relationships of attack techniques and tactics in the ATT&CK to construct a text network of heterogeneous cyber threat intelligence.With the help of the Bidirectional EncoderRepresentation fromTransformers(BERT)pretraining model to analyze the contextual semantics of cyber threat intelligence,the task of threat behavior identification is transformed into a text classification task,which automatically extracts attack behavior in CTI,then identifies the malware and advanced threat actors.The experimental results show that F1 achieve 94.86%and 92.15%for the multi-label classification tasks of tactics and techniques.Extend the experiment to verify the method’s effectiveness in identifying the malware and threat actors in APT attacks.The F1 for malware and advanced threat actors identification task reached 98.45%and 99.48%,which are better than the benchmark model in the experiment and achieve state of the art.The model can effectivelymodel threat intelligence text data and acquire knowledge and experience migration by correlating implied features with a priori knowledge to compensate for insufficient sample data and improve the classification performance and recognition ability of threat behavior in text.
基金the National High Technology Research and Development Programme of China(2006AA01Z452)
文摘Building attack scenario is one of the most important aspects in network security.This paper pro-posed a system which collects intrusion alerts,clusters them as sub-attacks using alerts abstraction,ag-gregates the similar sub-attacks,and then correlates and generates correlation graphs.The scenarios wererepresented by alert classes instead of alerts themselves so as to reduce the required rules and have the a-bility of detecting new variations of attacks.The proposed system is capable of passing some of the missedattacks.To evaluate system effectiveness,it was tested with different datasets which contain multi-stepattacks.Compressed and easily understandable Correlation graphs which reflect attack scenarios were gen-erated.The proposed system can correlate related alerts,uncover the attack strategies,and detect newvariations of attacks.
基金National Natural Science Foundation of China(No.61772478)
文摘The real-time of network security situation awareness(NSSA)is always affected by the state explosion problem.To solve this problem,a new NSSA method based on layered attack graph(LAG)is proposed.Firstly,network is divided into several logical subnets by community discovery algorithm.The logical subnets and connections between them constitute the logical network.Then,based on the original and logical networks,the selection of attack path is optimized according to the monotonic principle of attack behavior.The proposed method can sharply reduce the attack path scale and hence tackle the state explosion problem in NSSA.The experiments results show that the generation of attack paths by this method consumes 0.029 s while the counterparts by other methods are more than 56 s.Meanwhile,this method can give the same security strategy with other methods.
基金Supported by the National Natural Science Foundation of China under Grant No 70501032.
文摘We introduce a novel model for robustness of complex with a tunable attack information parameter. The random failure and intentional attack known are the two extreme cases of our model. Based on the model, we study the robustness of complex networks under random information and preferential information, respectively. Using the generating function method, we derive the exact value of the critical removal fraction of nodes for the disintegration of networks and the size of the giant component. We show that hiding just a small fraction of nodes randomly can prevent a scale-free network from collapsing and detecting just a small fraction of nodes preferentially can destroy a scale-free network.
基金National Natural Science Foundation of China(No.61272432)Qingdao Science and Technology Development Plan(No.12-1-4-6-(10)-jch)
文摘Watermarking system based on quantization index modulation (QIM) is increasingly popular in high payload applications,but it is inherently fragile against amplitude scaling attacks.In order to resist desynchronization attacks of QIM digital watermarking,a low density parity check (LDPC) code-aided QIM watermarking algorithm is proposed,and the performance of QIM watermarking system can be improved by incorporating LDPC code with message passing estimation/detection framework.Using the theory of iterative estimation and decoding,the watermark signal is decoded by the proposed algorithm through iterative estimation of amplitude scaling parameters and decoding of watermark.The performance of the proposed algorithm is closer to the dirty paper Shannon limit than that of repetition code aided algorithm when the algorithm is attacked by the additive white Gaussian noise.For constant amplitude scaling attacks,the proposed algorithm can obtain the accurate estimation of amplitude scaling parameters.The simulation result shows that the algorithm can obtain similar performance compared to the algorithm without desynchronization.
基金the National Key R&D Program of China(No.2017YFB0802403)the Beijing Natural Science Foundation(No.4202036)+1 种基金the National Natural Science Foundation of China(No.U1733115,No.61871023)the Opening Project of Shanghai Key Laboratory of Inte grated Administration Technologies for Information Security(No.AGK2019001).
文摘Sybil attacks are one of the most prominent security problems of trust mechanisms in a distributed network with a large number of highly dynamic and heterogeneous devices,which expose serious threat to edge computing based distributed systems.Graphbased Sybil detection approaches extract social structures from target distributed systems,refine the graph via preprocessing methods and capture Sybil nodes based on the specific properties of the refined graph structure.Graph preprocessing is a critical component in such Sybil detection methods,and intuitively,the processing methods will affect the detection performance.Thoroughly understanding the dependency on the graph-processing methods is very important to develop and deploy Sybil detection approaches.In this paper,we design experiments and conduct systematic analysis on graph-based Sybil detection with respect to different graph preprocessing methods on selected network environments.The experiment results disclose the sensitivity caused by different graph transformations on accuracy and robustness of Sybil detection methods.
