The technique of IP traceback may effectively block DOS (Denial Of Service) and meet the requirement of the computer forensic, but its accuracy depends upon that condition that each node in the Internet must support I...The technique of IP traceback may effectively block DOS (Denial Of Service) and meet the requirement of the computer forensic, but its accuracy depends upon that condition that each node in the Internet must support IP packet marking or detected agents. So far, this requirement is not satisfied. On the basis of traditional traceroute,this paper investigates the efficiency of discovering path methods from aspects of the size and order of detecting packets, and the length of paths.It points out that the size of padding in probed packets has a slight effect on discovering latency, and the latency with the method of bulk sending receiving is much smaller than one with the traditional traceroute. Moreover, the loss rate of packets with the technique of TTL (Time To Live) which increases monotonously is less than that with the technique of TTL which decreases monotonously. Lastly,OS (Operating System) passive fingerprint is used as heuristic to predict the length of the discovered path so as to reduce disturbance in network traffic.展开更多
Due to constrained resources, DDoS attack is one of the biggest threats to MANET. IP traceback technique is useful to defend against such type of attacks, since it can identify the attack sources. Several types of tra...Due to constrained resources, DDoS attack is one of the biggest threats to MANET. IP traceback technique is useful to defend against such type of attacks, since it can identify the attack sources. Several types of traceback schemes have been proposed for wired networks. Among all the existing schemes, probabilistic packet marking (PPM) scheme might be the most promising scheme for MANET. However its performance in MANET is not as good as that in Internet. In this paper, a new scheme based on the codingtechnique (CT) is proposed for traceback in MANET. Furthermore, a new idea of Incremental traceback is raised to cope with the situation of incremental attack (ICT). We present the protocol design and conduct theoretical analysis of this scheme. Additionally, we conduct experiments to compare it with the traditional PPM scheme. The experimental results show that the new coding-based traceback scheme outperforms the PPM scheme in MANET.展开更多
攻击者溯源对于维护工业控制系统(Industrial Control System,ICS)安全十分重要。通过部署分布式工控蜜罐,收集工控恶意流量,提出基于CNN-LSTM的工控协议同源攻击检测方法,运用CNN和基于注意力机制的LSTM对数据包和流量特征进行学习,根...攻击者溯源对于维护工业控制系统(Industrial Control System,ICS)安全十分重要。通过部署分布式工控蜜罐,收集工控恶意流量,提出基于CNN-LSTM的工控协议同源攻击检测方法,运用CNN和基于注意力机制的LSTM对数据包和流量特征进行学习,根据BP反向传播算法对模型进行迭代寻优分类。模型相比较其他方法,具有更高的准确率和F值,对处理离线工控蜜罐数据具有相当的优势,准确率达到93.7%;找到包括Shodan、Cencys这类知名设备搜索引擎在内的10个组织,涉及到的IP节点超过200个。展开更多
文摘The technique of IP traceback may effectively block DOS (Denial Of Service) and meet the requirement of the computer forensic, but its accuracy depends upon that condition that each node in the Internet must support IP packet marking or detected agents. So far, this requirement is not satisfied. On the basis of traditional traceroute,this paper investigates the efficiency of discovering path methods from aspects of the size and order of detecting packets, and the length of paths.It points out that the size of padding in probed packets has a slight effect on discovering latency, and the latency with the method of bulk sending receiving is much smaller than one with the traditional traceroute. Moreover, the loss rate of packets with the technique of TTL (Time To Live) which increases monotonously is less than that with the technique of TTL which decreases monotonously. Lastly,OS (Operating System) passive fingerprint is used as heuristic to predict the length of the discovered path so as to reduce disturbance in network traffic.
文摘Due to constrained resources, DDoS attack is one of the biggest threats to MANET. IP traceback technique is useful to defend against such type of attacks, since it can identify the attack sources. Several types of traceback schemes have been proposed for wired networks. Among all the existing schemes, probabilistic packet marking (PPM) scheme might be the most promising scheme for MANET. However its performance in MANET is not as good as that in Internet. In this paper, a new scheme based on the codingtechnique (CT) is proposed for traceback in MANET. Furthermore, a new idea of Incremental traceback is raised to cope with the situation of incremental attack (ICT). We present the protocol design and conduct theoretical analysis of this scheme. Additionally, we conduct experiments to compare it with the traditional PPM scheme. The experimental results show that the new coding-based traceback scheme outperforms the PPM scheme in MANET.
文摘攻击者溯源对于维护工业控制系统(Industrial Control System,ICS)安全十分重要。通过部署分布式工控蜜罐,收集工控恶意流量,提出基于CNN-LSTM的工控协议同源攻击检测方法,运用CNN和基于注意力机制的LSTM对数据包和流量特征进行学习,根据BP反向传播算法对模型进行迭代寻优分类。模型相比较其他方法,具有更高的准确率和F值,对处理离线工控蜜罐数据具有相当的优势,准确率达到93.7%;找到包括Shodan、Cencys这类知名设备搜索引擎在内的10个组织,涉及到的IP节点超过200个。