In order to construct the trusted network and realize the trust of network behavior,a new multi-dimensional behavior measurement model based on prediction and control is presented.By using behavior predictive equation...In order to construct the trusted network and realize the trust of network behavior,a new multi-dimensional behavior measurement model based on prediction and control is presented.By using behavior predictive equation,individual similarity function,group similarity function,direct trust assessment function,and generalized predictive control,this model can guarantee the trust of an end user and users in its network.Compared with traditional measurement model,the model considers different characteristics of various networks.The trusted measurement policies established according to different network environments have better adaptability.By constructing trusted group,the threats to trusted group will be reduced greatly.Utilizing trusted group to restrict individuals in network can ensure the fault tolerance of trustworthiness of trusted individuals and group.The simulation shows that this scheme can support behavior measurement more efficiently than traditional ones and the model resists viruses and Trojans more efficiently than older ones.展开更多
The trusted network connection is a hot spot in trusted computing field and the trust measurement and access control technology are used to deal with network security threats in trusted network.But the trusted network...The trusted network connection is a hot spot in trusted computing field and the trust measurement and access control technology are used to deal with network security threats in trusted network.But the trusted network connection lacks fine-grained states and real-time measurement support for the client and the authentication mechanism is difficult to apply in the trusted network connection,it is easy to cause the loss of identity privacy.In order to solve the abovedescribed problems,this paper presents a trust measurement scheme suitable for clients in the trusted network,the scheme integrates the following attributes such as authentication mechanism,state measurement,and real-time state measurement and so on,and based on the authentication mechanism and the initial state measurement,the scheme uses the realtime state measurement as the core method to complete the trust measurement for the client.This scheme presented in this paper supports both static and dynamic measurements.Overall,the characteristics of this scheme such as fine granularity,dynamic,real-time state measurement make it possible to make more fine-grained security policy and therefore it overcomes inadequacies existing in the current trusted network connection.展开更多
As the information network plays a more and more important role globally, the traditional network theories and technologies, especially those related to network security, can no longer meet the network development req...As the information network plays a more and more important role globally, the traditional network theories and technologies, especially those related to network security, can no longer meet the network development requirements. Offering the system with secure and trusted services has become a new focus in network research. This paper first discusses the meaning of and aspects involved in the trusted network. According to this paper, the trusted network should be a network where the network’s and users’ behaviors and their results are always predicted and manageable. The trustworthiness of a network mainly involves three aspects: service provider, information transmission and terminal user. This paper also analyzes the trusted network in terms of trusted model for network/user behaviors, architecture of trusted network, service survivability and network manageability, which is designed to give ideas on solving the problems that may be faced in developing the trusted network.展开更多
The wireless sensor network is an emerging technology, which is used to sense and monitor the environment. As the nodes are deployed in an open environment, the security is one of the essential factors. The cryptograp...The wireless sensor network is an emerging technology, which is used to sense and monitor the environment. As the nodes are deployed in an open environment, the security is one of the essential factors. The cryptography techniques can ensure confidentiality, integrity and authentication. However, wireless sensor network also needs to deal with inside and outside attackers. To deal with outside attackers, attacks by compromised or malicious nodes, trust management system is suggested by many researchers in the area of wireless sensor network. Trust management system can be implemented in various applications for security management such as secure data aggregation, secure cluster head selection, trusted routing, access control, etc. Many researchers provide different kind of solutions for these secure applications based on trust management. However, to incorporate, all such applications on a single sensor node in the network, it is essential to design and develop a trust management system, which considers various aspects and applications of wireless sensor network. As a result, in this paper, we would like to propose a parameter and trust factor based secure communication framework and design a trust management system for wireless sensor networks. Our main contribution is to identify various parameters and trust factors which influences on trust in wireless sensor network and developing a framework for a trust management system based on various parameters and trust factors. The working of the proposed model is shown by simulation experiments conducted in MATLAB for the application of secure communication, data aggregation and intrusion detection in wireless sensor networks.展开更多
Handling service access in a cloud environment has been identified as a critical challenge in the modern internet world due to the increased rate of intrusion attacks.To address such threats towards cloud services,num...Handling service access in a cloud environment has been identified as a critical challenge in the modern internet world due to the increased rate of intrusion attacks.To address such threats towards cloud services,numerous techniques exist that mitigate the service threats according to different metrics.The rule-based approaches are unsuitable for new threats,whereas trust-based systems estimate trust value based on behavior,flow,and other features.However,the methods suffer from mitigating intrusion attacks at a higher rate.This article presents a novel Multi Fractal Trust Evaluation Model(MFTEM)to overcome these deficiencies.The method involves analyzing service growth,network growth,and quality of service growth.The process estimates the user’s trust in various ways and the support of the user in achieving higher service performance by calculating Trusted Service Support(TSS).Also,the user’s trust in supporting network stream by computing Trusted Network Support(TNS).Similarly,the user’s trust in achieving higher throughput is analyzed by computing Trusted QoS Support(TQS).Using all these measures,the method adds the Trust User Score(TUS)value to decide on the clearance of user requests.The proposed MFTEM model improves intrusion detection accuracy with higher performance.展开更多
Quorum systems have been used to solve the problem of data consistency in distributed fault-tolerance systems. But when intrusions occur, traditional quorum systems have some disadvantages. For example, synchronous qu...Quorum systems have been used to solve the problem of data consistency in distributed fault-tolerance systems. But when intrusions occur, traditional quorum systems have some disadvantages. For example, synchronous quorum systems are subject to DOS attacks, while asynchronous quorum systems need a larger system size (at least 3f+1 for generic data, and f fewer for self-verifying data). In order to solve the problems above, an intrusion-tolerance quorum system (ITQS) of hybrid time model based on trust timely computing base is presented (TTCB). The TTCB is a trust secure real-time component inside the server with a well defined interface and separated from the operation system. It is in the synchronous communication environment while the application layer in the server deals with read-write requests and executes update-copy protocols asynchronously. The architectural hybridization of synchrony and asynchrony can achieve the data consistency and availability correctly. We also build two kinds of ITQSes based on TTCB, i.e., the symmetrical and the asymmetrical TTCB quorum systems. In the performance evaluations, we show that TTCB quorum systems are of smaller size, lower load and higher availability.展开更多
One of the most effective measurements of intercommunication and collaboration in wireless sensor networks which leads to provide security is Trust Management. Most popular decision making systems used to collaborate ...One of the most effective measurements of intercommunication and collaboration in wireless sensor networks which leads to provide security is Trust Management. Most popular decision making systems used to collaborate with a stranger are tackled by two different existing trust management systems: one is a policy-based approach which verifies the decision built on logical properties and functionalities;the other approach is reputation-based approach which verifies the decision built on physical properties and functionalities of WSN. Proofless authorization, unavailability, vagueness and more complexity cause decreased detection rate and spoil the efficacy of the WSN in existing approaches. Some of the integrated approaches are utilized to improve the significance of the trust management strategies. In this paper, a Compact Trust Computation and Management (CTCM) approach is proposed to overcome the limitations of the existing approaches, also it provides a strong objective security with the calculability and the available security implications. Finally, the CTCM approach incorporates the optimum trust score for logical and physical investigation of the network resources. The simulation based experiment results show that the CTCM compact trust computation and management approach can provide an efficient defending mechanism against derailing attacks in WSN.展开更多
The conception of trusted network connection (TNC) is introduced, and the weakness of TNC to control user's action is analyzed. After this, the paper brings out a set of secure access and control model based on acc...The conception of trusted network connection (TNC) is introduced, and the weakness of TNC to control user's action is analyzed. After this, the paper brings out a set of secure access and control model based on access, authorization and control, and related authentication protocol. At last the security of this model is analyzed. The model can improve TNC's security of user control and authorization.展开更多
The important issues of network TCP congestion control are how to compute the link price according to the link status and regulate the data sending rate based on link congestion pricing feedback information.However,it...The important issues of network TCP congestion control are how to compute the link price according to the link status and regulate the data sending rate based on link congestion pricing feedback information.However,it is difficult to predict the congestion state of the link-end accurately at the source.In this paper,we presented an improved NUMFabric algorithm for calculating the overall congestion price.In the proposed scheme,the whole network structure had been obtained by the central control server in the Software Defined Network,and a kind of dual-hierarchy algorithm for calculating overall network congestion price had been demonstrated.In this scheme,the first hierarchy algorithm was set up in a central control server like Opendaylight and the guiding parameter B is obtained based on the intelligent data of global link state information.Based on the historical data,the congestion state of the network and the guiding parameter B is accurately predicted by the machine learning algorithm.The second hierarchy algorithm was installed in the Openflow link and the link price was calculated based on guiding parameter B given by the first algorithm.We evaluate this evolved NUMFabric algorithm in NS3,which demonstrated that the proposed NUMFabric algorithm could efficiently increase the link bandwidth utilization of cloud computing IoT datacenters.展开更多
Matrix factorization (MF) has been proved to be a very effective technique for collaborative filtering ( CF), and hence has been widely adopted in today's recommender systems, Yet due to its lack of consideration...Matrix factorization (MF) has been proved to be a very effective technique for collaborative filtering ( CF), and hence has been widely adopted in today's recommender systems, Yet due to its lack of consideration of the users' and items' local structures, the recommendation accuracy is not fully satisfied. By taking the trusts among users' and between items' effect on rating information into consideration, trust-aware recommendation systems (TARS) made a relatively good performance. In this paper, a method of incorporating trust into MF was proposed by building user-based and item-based implicit trust network under different contexts and implementing two implicit trust-based context-aware MF (]TMF) models. Experimental results proved the effectiveness of the methods.展开更多
Network functions such as intrusion detection systems (IDS) have been increasingly deployed as virtual network functions or outsourced to cloud service providers so as to achieve the scalability and agility, and reduc...Network functions such as intrusion detection systems (IDS) have been increasingly deployed as virtual network functions or outsourced to cloud service providers so as to achieve the scalability and agility, and reducing equipment costs and operational cost. However, virtual intrusion detection systems (VIDS) face more serious security threats due to running in a shared and virtualized environment instead of proprietary devices. Cloud service providers or malicious tenants may illegally access and tamper with the policies, packet information, and internal processing states of intrusion detection systems, thereby violating the privacy and security of tenant’s networks. To address these challenges, we use Intel Software Guard Extensions (SGX) to build a Trusted Virtual Intrusion Detection System (TVIDS). For TVIDS, to prevent cloud service providers from accessing sensitive information about the users’ network, we build a trusted execution environment for security policy, packets processing, and internal state so that cloud service providers and other malicious tenants can’t access the protected code, policy, processing states, and packets information of the intrusion detection system. We implemented TVIDS on the basis of the Snort which is a famous open-source IDS and evaluated its results on real SGX hardware.The results show that our method can protect the security of the virtual IDS and brings acceptable performance overhead.展开更多
Wireless sensor networks are open architectures, so any potential threat can easily intercept, wiretap and counterfeit the information. Therefore, the safety of WSN is very important. Since any single key system canno...Wireless sensor networks are open architectures, so any potential threat can easily intercept, wiretap and counterfeit the information. Therefore, the safety of WSN is very important. Since any single key system cannot guarantee the security of the wireless sensor network for communications, this paper introduces a hierarchical key management scheme based on the different abilities of different sensor nodes in the clustered wireless sensor network. In this scheme, the nodes are distributed into several clusters, and a cluster head must be elected for each cluster. Private communication between cluster heads is realized through the encryption system based on the identity of each head while private communication between cluster nodes in a same cluster head is achieved through the random key preliminary distribution system. Considering the characteristics of WSN, we adopt dynamic means called dynamic cluster key management scheme to deal with master key, so master key will be updated according to the changed dynamic network topology. For cluster head node plays a pivotal role in this scheme, a trust manage-ment system should be introduced into the election of the cluster head which will exclude the malicious node from outside the cluster, thus improve the whole network security.展开更多
基金This work was supported by the National Basic Research Pro-gram of China under Crant No.2007CB311100 Funds of Key Lab of Fujlan Province University Network Security and Cryp- toll1009+3 种基金 the National Science Foundation for Young Scholars of China under Crant No.61001091 Beijing Nature Science Foundation under Crant No. 4122012 "Next-Generation Broad-band Wireless Mobile Communication Network" National Sci-ence and Technology Major Special Issue Funding under Grant No. 2012ZX03002003 Funding Program for Academic tturmn Resources Development in Institutions of Higher Learning Under the Jurisdiction of Beijing Municipality of Chi-na.
文摘In order to construct the trusted network and realize the trust of network behavior,a new multi-dimensional behavior measurement model based on prediction and control is presented.By using behavior predictive equation,individual similarity function,group similarity function,direct trust assessment function,and generalized predictive control,this model can guarantee the trust of an end user and users in its network.Compared with traditional measurement model,the model considers different characteristics of various networks.The trusted measurement policies established according to different network environments have better adaptability.By constructing trusted group,the threats to trusted group will be reduced greatly.Utilizing trusted group to restrict individuals in network can ensure the fault tolerance of trustworthiness of trusted individuals and group.The simulation shows that this scheme can support behavior measurement more efficiently than traditional ones and the model resists viruses and Trojans more efficiently than older ones.
基金ACKNOWLEDGMENT This work was supported by the National Basic Research Program of China (973 Project) (NO.2007CB311100), the National Science Foundation for Young Scholars of China (Grant No.61001091), Beijing Nature Science Foundation(No. 4122012), "next-generation broadband wireless mobile communication network" National Science and Technology major Special issue funding(No. 2012ZX03002003), Funding Program for Academic Human Resources Development in Institutions of Higher Learning Under the Jurisdiction of Beijing Municipality of China and the key technology research and validation issue for the emergency treatment telemedicine public service platform which integrates the military and civilian and bases on the broadband wireless networks(No.2013ZX03006001-005), the issue belongs to Major national science and technology projects.
文摘The trusted network connection is a hot spot in trusted computing field and the trust measurement and access control technology are used to deal with network security threats in trusted network.But the trusted network connection lacks fine-grained states and real-time measurement support for the client and the authentication mechanism is difficult to apply in the trusted network connection,it is easy to cause the loss of identity privacy.In order to solve the abovedescribed problems,this paper presents a trust measurement scheme suitable for clients in the trusted network,the scheme integrates the following attributes such as authentication mechanism,state measurement,and real-time state measurement and so on,and based on the authentication mechanism and the initial state measurement,the scheme uses the realtime state measurement as the core method to complete the trust measurement for the client.This scheme presented in this paper supports both static and dynamic measurements.Overall,the characteristics of this scheme such as fine granularity,dynamic,real-time state measurement make it possible to make more fine-grained security policy and therefore it overcomes inadequacies existing in the current trusted network connection.
基金the National NaturalScience Foundation of China under Grant90412012 and 60673187
文摘As the information network plays a more and more important role globally, the traditional network theories and technologies, especially those related to network security, can no longer meet the network development requirements. Offering the system with secure and trusted services has become a new focus in network research. This paper first discusses the meaning of and aspects involved in the trusted network. According to this paper, the trusted network should be a network where the network’s and users’ behaviors and their results are always predicted and manageable. The trustworthiness of a network mainly involves three aspects: service provider, information transmission and terminal user. This paper also analyzes the trusted network in terms of trusted model for network/user behaviors, architecture of trusted network, service survivability and network manageability, which is designed to give ideas on solving the problems that may be faced in developing the trusted network.
文摘The wireless sensor network is an emerging technology, which is used to sense and monitor the environment. As the nodes are deployed in an open environment, the security is one of the essential factors. The cryptography techniques can ensure confidentiality, integrity and authentication. However, wireless sensor network also needs to deal with inside and outside attackers. To deal with outside attackers, attacks by compromised or malicious nodes, trust management system is suggested by many researchers in the area of wireless sensor network. Trust management system can be implemented in various applications for security management such as secure data aggregation, secure cluster head selection, trusted routing, access control, etc. Many researchers provide different kind of solutions for these secure applications based on trust management. However, to incorporate, all such applications on a single sensor node in the network, it is essential to design and develop a trust management system, which considers various aspects and applications of wireless sensor network. As a result, in this paper, we would like to propose a parameter and trust factor based secure communication framework and design a trust management system for wireless sensor networks. Our main contribution is to identify various parameters and trust factors which influences on trust in wireless sensor network and developing a framework for a trust management system based on various parameters and trust factors. The working of the proposed model is shown by simulation experiments conducted in MATLAB for the application of secure communication, data aggregation and intrusion detection in wireless sensor networks.
文摘Handling service access in a cloud environment has been identified as a critical challenge in the modern internet world due to the increased rate of intrusion attacks.To address such threats towards cloud services,numerous techniques exist that mitigate the service threats according to different metrics.The rule-based approaches are unsuitable for new threats,whereas trust-based systems estimate trust value based on behavior,flow,and other features.However,the methods suffer from mitigating intrusion attacks at a higher rate.This article presents a novel Multi Fractal Trust Evaluation Model(MFTEM)to overcome these deficiencies.The method involves analyzing service growth,network growth,and quality of service growth.The process estimates the user’s trust in various ways and the support of the user in achieving higher service performance by calculating Trusted Service Support(TSS).Also,the user’s trust in supporting network stream by computing Trusted Network Support(TNS).Similarly,the user’s trust in achieving higher throughput is analyzed by computing Trusted QoS Support(TQS).Using all these measures,the method adds the Trust User Score(TUS)value to decide on the clearance of user requests.The proposed MFTEM model improves intrusion detection accuracy with higher performance.
基金supported by the National Natural Science Foundation of China (60774091)
文摘Quorum systems have been used to solve the problem of data consistency in distributed fault-tolerance systems. But when intrusions occur, traditional quorum systems have some disadvantages. For example, synchronous quorum systems are subject to DOS attacks, while asynchronous quorum systems need a larger system size (at least 3f+1 for generic data, and f fewer for self-verifying data). In order to solve the problems above, an intrusion-tolerance quorum system (ITQS) of hybrid time model based on trust timely computing base is presented (TTCB). The TTCB is a trust secure real-time component inside the server with a well defined interface and separated from the operation system. It is in the synchronous communication environment while the application layer in the server deals with read-write requests and executes update-copy protocols asynchronously. The architectural hybridization of synchrony and asynchrony can achieve the data consistency and availability correctly. We also build two kinds of ITQSes based on TTCB, i.e., the symmetrical and the asymmetrical TTCB quorum systems. In the performance evaluations, we show that TTCB quorum systems are of smaller size, lower load and higher availability.
文摘One of the most effective measurements of intercommunication and collaboration in wireless sensor networks which leads to provide security is Trust Management. Most popular decision making systems used to collaborate with a stranger are tackled by two different existing trust management systems: one is a policy-based approach which verifies the decision built on logical properties and functionalities;the other approach is reputation-based approach which verifies the decision built on physical properties and functionalities of WSN. Proofless authorization, unavailability, vagueness and more complexity cause decreased detection rate and spoil the efficacy of the WSN in existing approaches. Some of the integrated approaches are utilized to improve the significance of the trust management strategies. In this paper, a Compact Trust Computation and Management (CTCM) approach is proposed to overcome the limitations of the existing approaches, also it provides a strong objective security with the calculability and the available security implications. Finally, the CTCM approach incorporates the optimum trust score for logical and physical investigation of the network resources. The simulation based experiment results show that the CTCM compact trust computation and management approach can provide an efficient defending mechanism against derailing attacks in WSN.
基金Supported by Specialized Research Fund for theDoctoral Programof Higher Education of China (20050013011)
文摘The conception of trusted network connection (TNC) is introduced, and the weakness of TNC to control user's action is analyzed. After this, the paper brings out a set of secure access and control model based on access, authorization and control, and related authentication protocol. At last the security of this model is analyzed. The model can improve TNC's security of user control and authorization.
基金supported by National Key R&D Program of China—Industrial Internet Application Demonstration-Sub-topic Intelligent Network Operation and Security Protection(2018YFB1802400).
文摘The important issues of network TCP congestion control are how to compute the link price according to the link status and regulate the data sending rate based on link congestion pricing feedback information.However,it is difficult to predict the congestion state of the link-end accurately at the source.In this paper,we presented an improved NUMFabric algorithm for calculating the overall congestion price.In the proposed scheme,the whole network structure had been obtained by the central control server in the Software Defined Network,and a kind of dual-hierarchy algorithm for calculating overall network congestion price had been demonstrated.In this scheme,the first hierarchy algorithm was set up in a central control server like Opendaylight and the guiding parameter B is obtained based on the intelligent data of global link state information.Based on the historical data,the congestion state of the network and the guiding parameter B is accurately predicted by the machine learning algorithm.The second hierarchy algorithm was installed in the Openflow link and the link price was calculated based on guiding parameter B given by the first algorithm.We evaluate this evolved NUMFabric algorithm in NS3,which demonstrated that the proposed NUMFabric algorithm could efficiently increase the link bandwidth utilization of cloud computing IoT datacenters.
文摘Matrix factorization (MF) has been proved to be a very effective technique for collaborative filtering ( CF), and hence has been widely adopted in today's recommender systems, Yet due to its lack of consideration of the users' and items' local structures, the recommendation accuracy is not fully satisfied. By taking the trusts among users' and between items' effect on rating information into consideration, trust-aware recommendation systems (TARS) made a relatively good performance. In this paper, a method of incorporating trust into MF was proposed by building user-based and item-based implicit trust network under different contexts and implementing two implicit trust-based context-aware MF (]TMF) models. Experimental results proved the effectiveness of the methods.
基金sponsored by the National Natural Science Foundation of China granted No.61872430, 61402342, 61772384the National Basic Research Program of China 973 Program granted No.2014CB340601Foundation of Science and Technology on Information Assurance Laboratory (No. KJ-17-103)
文摘Network functions such as intrusion detection systems (IDS) have been increasingly deployed as virtual network functions or outsourced to cloud service providers so as to achieve the scalability and agility, and reducing equipment costs and operational cost. However, virtual intrusion detection systems (VIDS) face more serious security threats due to running in a shared and virtualized environment instead of proprietary devices. Cloud service providers or malicious tenants may illegally access and tamper with the policies, packet information, and internal processing states of intrusion detection systems, thereby violating the privacy and security of tenant’s networks. To address these challenges, we use Intel Software Guard Extensions (SGX) to build a Trusted Virtual Intrusion Detection System (TVIDS). For TVIDS, to prevent cloud service providers from accessing sensitive information about the users’ network, we build a trusted execution environment for security policy, packets processing, and internal state so that cloud service providers and other malicious tenants can’t access the protected code, policy, processing states, and packets information of the intrusion detection system. We implemented TVIDS on the basis of the Snort which is a famous open-source IDS and evaluated its results on real SGX hardware.The results show that our method can protect the security of the virtual IDS and brings acceptable performance overhead.
基金supported by National Natural Science Foundation of China Grant No. 60803150, No.60803151the National High Technology Research and Development Program of China under grant Nos.2008AA01Z411+1 种基金the Key Program of NSFC-Guangdong Union Foundation under Grant No.U0835004China Postdoctoral Science Foundation No. 20090451495
文摘Wireless sensor networks are open architectures, so any potential threat can easily intercept, wiretap and counterfeit the information. Therefore, the safety of WSN is very important. Since any single key system cannot guarantee the security of the wireless sensor network for communications, this paper introduces a hierarchical key management scheme based on the different abilities of different sensor nodes in the clustered wireless sensor network. In this scheme, the nodes are distributed into several clusters, and a cluster head must be elected for each cluster. Private communication between cluster heads is realized through the encryption system based on the identity of each head while private communication between cluster nodes in a same cluster head is achieved through the random key preliminary distribution system. Considering the characteristics of WSN, we adopt dynamic means called dynamic cluster key management scheme to deal with master key, so master key will be updated according to the changed dynamic network topology. For cluster head node plays a pivotal role in this scheme, a trust manage-ment system should be introduced into the election of the cluster head which will exclude the malicious node from outside the cluster, thus improve the whole network security.
