Automatic signature generation approaches have been widely applied in recent traffic classification.However,they are not suitable for LightWeight Deep Packet Inspection(LW_DPI) since their generated signatures are mat...Automatic signature generation approaches have been widely applied in recent traffic classification.However,they are not suitable for LightWeight Deep Packet Inspection(LW_DPI) since their generated signatures are matched through a search of the entire application data.On the basis of LW_DPI schemes,we present two Hierarchical Clustering(HC) algorithms:HC_TCP and HC_UDP,which can generate byte signatures from TCP and UDP packet payloads respectively.In particular,HC_TCP and HC_ UDP can extract the positions of byte signatures in packet payloads.Further,in order to deal with the case in which byte signatures cannot be derived,we develop an algorithm for generating bit signatures.Compared with the LASER algorithm and Suffix Tree(ST)-based algorithm,the proposed algorithms are better in terms of both classification accuracy and speed.Moreover,the experimental results indicate that,as long as the application-protocol header exists,it is possible to automatically derive reliable and accurate signatures combined with their positions in packet payloads.展开更多
The Deep Packet Inspection(DPI)method is a popular method that can accurately identify the flow data and its corresponding application.Currently,the DPI method is widely used in common network management systems.Howev...The Deep Packet Inspection(DPI)method is a popular method that can accurately identify the flow data and its corresponding application.Currently,the DPI method is widely used in common network management systems.However,the major limitation of DPI systems is that their signature library is mainly extracted manually,which makes it hard to efficiently obtain the signature of new applications.Hence,in this paper,we propose an automatic signature extraction mechanism using Principal Component Analysis(PCA)technology,which is able to extract the signature automatically.In the proposed method,the signatures are expressed in the form of serial consistent sequences constructed by principal components instead of normally separated substrings in the original data extracted from the traditional methods.Extensive experiments based on numerous sets of data have been carried out to evaluate the performance of the proposed scheme,and the results prove that the newly proposed method can achieve good performance in terms of accuracy and efficiency.展开更多
Polymorphic malware is a secure menace for application of computer network systems because hacker can evade detection and launch stealthy attacks. In this paper, a novel enhanced automated signature generation (EASG...Polymorphic malware is a secure menace for application of computer network systems because hacker can evade detection and launch stealthy attacks. In this paper, a novel enhanced automated signature generation (EASG) algorithm to detect polymorphic malware is proposed. The EASG algorithm is composed of enhanced-expectation maximum algorithm and enhanced K-means clustering algorithm. In EASG algorithm, the fixed threshold value is replaced by the decision threshold of interval area. The false positive ratio can be controlled at low level, and the iterative operations and the execution time are effectively reduced. Moreover, the centroid updating is realized by application of similarity metric of Mahalanobis distance and incremental learning. Different malware group families are partitioned by the centroid updating.展开更多
This paper studies the existing problems of message authentication protocols in vehicular ad hoc networks(VANETs) due to their significance in the future of commuting and transportation. Our contribution has been devo...This paper studies the existing problems of message authentication protocols in vehicular ad hoc networks(VANETs) due to their significance in the future of commuting and transportation. Our contribution has been devoted to implementing a new protocol for VANETs so that inherent security problems in past works are resolved. Exclusive security measures have been considered for the system which protects the users against threat of any attack. The new protocol shows a great hardness guaranteed by certificate based 80 bit security which assures messages to remain confidential in any time. Also, new unprecedented features like V2 X which improves system performance effectively have been instantiated. The simulation results indicate that message signature generation and verification both take place in much less time than present comparable rival protocols.展开更多
基金supported by the National Key Basic Research Program of China (973 Program) under Grant No. 2011CB302605the National High Technical Research and Development Program of China (863 Program) underGrants No. 2010AA012504,No. 2011AA010705+1 种基金the National Natural Science Foundation of China under Grant No. 60903166the National Science and Technology Support Program under Grants No. 2012BAH37B00,No. 2012-BAH37B01
文摘Automatic signature generation approaches have been widely applied in recent traffic classification.However,they are not suitable for LightWeight Deep Packet Inspection(LW_DPI) since their generated signatures are matched through a search of the entire application data.On the basis of LW_DPI schemes,we present two Hierarchical Clustering(HC) algorithms:HC_TCP and HC_UDP,which can generate byte signatures from TCP and UDP packet payloads respectively.In particular,HC_TCP and HC_ UDP can extract the positions of byte signatures in packet payloads.Further,in order to deal with the case in which byte signatures cannot be derived,we develop an algorithm for generating bit signatures.Compared with the LASER algorithm and Suffix Tree(ST)-based algorithm,the proposed algorithms are better in terms of both classification accuracy and speed.Moreover,the experimental results indicate that,as long as the application-protocol header exists,it is possible to automatically derive reliable and accurate signatures combined with their positions in packet payloads.
基金supported by the National Natural Science Foundation of China under Grant No.61003282Beijing Higher Education Young Elite Teacher Project+3 种基金China Next Generation Internet(CNGI)Project"Research and Trial on Evolving Next Generation Network Intelligence Capability Enhancement(NICE)"the National Basic Research Program(973 Program)under Grant No.2009CB320-505the National Science and Technology Major Project"Research about Architecture of Mobile Internet"under Grant No.2011ZX03-002-001-01the National High Technology Research and Development Program(863 Program)under Grant No.2011AA010704
文摘The Deep Packet Inspection(DPI)method is a popular method that can accurately identify the flow data and its corresponding application.Currently,the DPI method is widely used in common network management systems.However,the major limitation of DPI systems is that their signature library is mainly extracted manually,which makes it hard to efficiently obtain the signature of new applications.Hence,in this paper,we propose an automatic signature extraction mechanism using Principal Component Analysis(PCA)technology,which is able to extract the signature automatically.In the proposed method,the signatures are expressed in the form of serial consistent sequences constructed by principal components instead of normally separated substrings in the original data extracted from the traditional methods.Extensive experiments based on numerous sets of data have been carried out to evaluate the performance of the proposed scheme,and the results prove that the newly proposed method can achieve good performance in terms of accuracy and efficiency.
基金supported by the National 11th Five-Year-Support-Plan of China under Grant No.2006BAH02A0407the National Research Foundation for the Doctoral Program of Higher Education of China under Grant No.20060614016the National Natural Science Foundation of China under Grant No. 60671033
文摘Polymorphic malware is a secure menace for application of computer network systems because hacker can evade detection and launch stealthy attacks. In this paper, a novel enhanced automated signature generation (EASG) algorithm to detect polymorphic malware is proposed. The EASG algorithm is composed of enhanced-expectation maximum algorithm and enhanced K-means clustering algorithm. In EASG algorithm, the fixed threshold value is replaced by the decision threshold of interval area. The false positive ratio can be controlled at low level, and the iterative operations and the execution time are effectively reduced. Moreover, the centroid updating is realized by application of similarity metric of Mahalanobis distance and incremental learning. Different malware group families are partitioned by the centroid updating.
文摘This paper studies the existing problems of message authentication protocols in vehicular ad hoc networks(VANETs) due to their significance in the future of commuting and transportation. Our contribution has been devoted to implementing a new protocol for VANETs so that inherent security problems in past works are resolved. Exclusive security measures have been considered for the system which protects the users against threat of any attack. The new protocol shows a great hardness guaranteed by certificate based 80 bit security which assures messages to remain confidential in any time. Also, new unprecedented features like V2 X which improves system performance effectively have been instantiated. The simulation results indicate that message signature generation and verification both take place in much less time than present comparable rival protocols.
