According to the characteristic of cruise missiles,navigation point setting is simplified,and the principle of route planning for saturation attack and a concept of reference route are put forward.With the help of the...According to the characteristic of cruise missiles,navigation point setting is simplified,and the principle of route planning for saturation attack and a concept of reference route are put forward.With the help of the shortest-tangent idea in route-planning and the algorithm of back reasoning from targets,a reference route algorithm is built on the shortest range and threat avoidance.Then a route-flight-time algorithm is built on navigation points.Based on the conditions of multi-direction saturation attack,a route planning algorithm of multi-direction saturation attack is built on reference route,route-flight-time,and impact azimuth.Simulation results show that the algorithm can realize missiles fired in a salvo launch reaching the target simultaneously from different directions while avoiding threat.展开更多
Based on the analysis for the interception process of ship-to-air missile system to the anti-ship missile stream, the antagonism of ship-to-air missile and anti-ship missile stream was modeled by Monte Carlo method. T...Based on the analysis for the interception process of ship-to-air missile system to the anti-ship missile stream, the antagonism of ship-to-air missile and anti-ship missile stream was modeled by Monte Carlo method. This model containing the probability of acquiring anti-ship missile, threat estimation, firepower distribution, interception, effectiveness evaluation and firepower turning, can dynamically simulate the antagonism process of anti-ship missile attack stream and anti-air missile weapon system. The anti-ship missile's saturation attack stream for different ship-to-air missile systems can be calculated quantitatively. The simulated results reveal the relations among the anti-ship missile saturation attack and the attack intensity of anti-ship missile, interception mode and the main parameters of anti-air missile weapon system. It provides a theoretical basis for the effective operation of anti-ship missile.展开更多
Software-defined networking (SDN) decouples the data and control planes. However, attackers can lead catastrophic results to the whole network using manipulated flooding packets, called the data-to-control-plane satur...Software-defined networking (SDN) decouples the data and control planes. However, attackers can lead catastrophic results to the whole network using manipulated flooding packets, called the data-to-control-plane saturation attacks. The existing methods, using centralized mitigation policies and ignoring the buffered attack flows, involve extra network entities and make benign traffic suffer from long network recovery delays. For these purposes, we propose LFSDM, a saturation attack detection and mitigation system, which solves these challenges by leveraging three new techniques: 1) using linear discriminant analysis (LDA) and extracting a novel feature called control channel occupation rate (CCOR) to detect the attacks, 2) adopting the distributed mitigation agents to reduce the number of involved network entities and, 3) cleaning up the buffered attack flows to enable fast recovery. Experiments show that our system can detect the attacks timely and accurately. More importantly, compared with the previous work, we save 81% of the network recovery delay under attacks ranging from 1,000 to 4,000 packets per second (PPS) on average, and 87% of the network recovery delay under higher attack rates with PPS ranging from 5,000 to 30,000.展开更多
Software defined networking(SDN)has attracted significant attention from both academia and industry by its ability to reconfigure network devices with logically centralized applications.However,some critical security ...Software defined networking(SDN)has attracted significant attention from both academia and industry by its ability to reconfigure network devices with logically centralized applications.However,some critical security issues have also been introduced along with the benefits,which put an obstruction to the deployment of SDN.One root cause of these issues lies in the limited resources and capability of devices involved in the SDN architecture,especially the hardware switches lied in the data plane.In this paper,we analyze the vulnerability of SDN and present two kinds of SDN-targeted attacks:1)data-to-control plane saturation attack which exhausts resources of all SDN components,including control plane,data plane,and the in-between downlink channel and 2)control plane reflection attack which only attacks the data plane and gets conducted in a more efficient and hidden way.Finally,we propose the corresponding defense frameworks to mitigate such attacks.展开更多
基金supported by the Aeronautical Science Foundation of China (20085584010)
文摘According to the characteristic of cruise missiles,navigation point setting is simplified,and the principle of route planning for saturation attack and a concept of reference route are put forward.With the help of the shortest-tangent idea in route-planning and the algorithm of back reasoning from targets,a reference route algorithm is built on the shortest range and threat avoidance.Then a route-flight-time algorithm is built on navigation points.Based on the conditions of multi-direction saturation attack,a route planning algorithm of multi-direction saturation attack is built on reference route,route-flight-time,and impact azimuth.Simulation results show that the algorithm can realize missiles fired in a salvo launch reaching the target simultaneously from different directions while avoiding threat.
文摘Based on the analysis for the interception process of ship-to-air missile system to the anti-ship missile stream, the antagonism of ship-to-air missile and anti-ship missile stream was modeled by Monte Carlo method. This model containing the probability of acquiring anti-ship missile, threat estimation, firepower distribution, interception, effectiveness evaluation and firepower turning, can dynamically simulate the antagonism process of anti-ship missile attack stream and anti-air missile weapon system. The anti-ship missile's saturation attack stream for different ship-to-air missile systems can be calculated quantitatively. The simulated results reveal the relations among the anti-ship missile saturation attack and the attack intensity of anti-ship missile, interception mode and the main parameters of anti-air missile weapon system. It provides a theoretical basis for the effective operation of anti-ship missile.
基金The work was supported in part by the National Natural Science Foundation of China under Grant Nos.61972371,U19B2023 and U19B2044the Youth Innovation Promotion Association of the Chinese Academy of Sciences under Grant No.Y202093.
文摘Software-defined networking (SDN) decouples the data and control planes. However, attackers can lead catastrophic results to the whole network using manipulated flooding packets, called the data-to-control-plane saturation attacks. The existing methods, using centralized mitigation policies and ignoring the buffered attack flows, involve extra network entities and make benign traffic suffer from long network recovery delays. For these purposes, we propose LFSDM, a saturation attack detection and mitigation system, which solves these challenges by leveraging three new techniques: 1) using linear discriminant analysis (LDA) and extracting a novel feature called control channel occupation rate (CCOR) to detect the attacks, 2) adopting the distributed mitigation agents to reduce the number of involved network entities and, 3) cleaning up the buffered attack flows to enable fast recovery. Experiments show that our system can detect the attacks timely and accurately. More importantly, compared with the previous work, we save 81% of the network recovery delay under attacks ranging from 1,000 to 4,000 packets per second (PPS) on average, and 87% of the network recovery delay under higher attack rates with PPS ranging from 5,000 to 30,000.
基金supported in part by the National Key R&D Program of China under Grant No.2017YFB0801701the National Science Foundation of China under Grant No.61472213CERNET Innovation Project(NGII20160123)
文摘Software defined networking(SDN)has attracted significant attention from both academia and industry by its ability to reconfigure network devices with logically centralized applications.However,some critical security issues have also been introduced along with the benefits,which put an obstruction to the deployment of SDN.One root cause of these issues lies in the limited resources and capability of devices involved in the SDN architecture,especially the hardware switches lied in the data plane.In this paper,we analyze the vulnerability of SDN and present two kinds of SDN-targeted attacks:1)data-to-control plane saturation attack which exhausts resources of all SDN components,including control plane,data plane,and the in-between downlink channel and 2)control plane reflection attack which only attacks the data plane and gets conducted in a more efficient and hidden way.Finally,we propose the corresponding defense frameworks to mitigate such attacks.
