The Deep Packet Inspection(DPI)method is a popular method that can accurately identify the flow data and its corresponding application.Currently,the DPI method is widely used in common network management systems.Howev...The Deep Packet Inspection(DPI)method is a popular method that can accurately identify the flow data and its corresponding application.Currently,the DPI method is widely used in common network management systems.However,the major limitation of DPI systems is that their signature library is mainly extracted manually,which makes it hard to efficiently obtain the signature of new applications.Hence,in this paper,we propose an automatic signature extraction mechanism using Principal Component Analysis(PCA)technology,which is able to extract the signature automatically.In the proposed method,the signatures are expressed in the form of serial consistent sequences constructed by principal components instead of normally separated substrings in the original data extracted from the traditional methods.Extensive experiments based on numerous sets of data have been carried out to evaluate the performance of the proposed scheme,and the results prove that the newly proposed method can achieve good performance in terms of accuracy and efficiency.展开更多
Fast-flux is a Domain Name System(DNS)technique used by botnets to organise compromised hosts into a high-availability,loadbalancing network that is similar to Content Delivery Networks(CDNs).Fast-Flux Service Network...Fast-flux is a Domain Name System(DNS)technique used by botnets to organise compromised hosts into a high-availability,loadbalancing network that is similar to Content Delivery Networks(CDNs).Fast-Flux Service Networks(FFSNs)are usually used as proxies of phishing websites and malwares,and hide upstream servers that host actual content.In this paper,by analysing recursive DNS traffic,we develop a fast-flux domain detection method which combines both real-time detection and long-term monitoring.Experimental results demonstrate that our solution can achieve significantly higher detection accuracy values than previous flux-score based algorithms,and is light-weight in terms of resource consumption.We evaluate the performance of the proposed fast-flux detection and tracking solution during a 180-day period of deployment on our university’s DNS servers.Based on the tracking results,we successfully identify the changes in the distribution of FFSN and their roles in recent Internet attacks.展开更多
‘TheInternet Plus"and"maker"made Yaowen Jiaozi magazine’s list of the 10 most popular Chinese catchphrases of 2015.list,published in the December 2015 issue,featured seven phrases from the Internet and three rela...‘TheInternet Plus"and"maker"made Yaowen Jiaozi magazine’s list of the 10 most popular Chinese catchphrases of 2015.list,published in the December 2015 issue,featured seven phrases from the Internet and three related to political and economic affairs.展开更多
Marine hydrate reservoirs can be divided into focused high-flux and distributed low-flux gas hydrate systems according to free gas migration control mechanisms. In focused high-flux hydrate reservoirs, fluids easily b...Marine hydrate reservoirs can be divided into focused high-flux and distributed low-flux gas hydrate systems according to free gas migration control mechanisms. In focused high-flux hydrate reservoirs, fluids easily break through the pressure of overlying sediments and reach the shallows, creating a series of geomorphological-geological-geophysical anomalies at and near the seafloor. Based on detailed interpretation of pre-drilling data in the eastern Pearl River Mouth Basin(PRMB),many anomalies related to the high-flux fluid flow are found, including seafloor mounds with intrusive characteristics, bright spot reflections above the bottom-stimulating reflector(BSR), phase reversals in the superficial layer, and an efficient fluid migration and accumulation system composed of fractures and uplifts. The second hydrate drilling expedition was carried out in the eastern PRMB in 2013 to study these anomalies. The acquired data show that high-flux fluid flow occurred in these sites. Gas hydrate pingoes, bright spot reflection above the BSR, and an efficient fluid migration and accumulation system can be used as identification signatures for high-flux fluid migration. The modes of high flux fluid flow are different in deep and shallow sediments during upward migration of fluid. Gas dissolved within migrating water dominates deep fluid migration and upward migration of a separate gas phase dominates the shallow process. This difference in migration models leads to formation of upper and lower concentrated hydrate reservoirs in the drilling area. The discovery of signatures of high-flux fluid flow and their migration modes will help with site selection and reduce risk in gas hydrate drilling.展开更多
基金supported by the National Natural Science Foundation of China under Grant No.61003282Beijing Higher Education Young Elite Teacher Project+3 种基金China Next Generation Internet(CNGI)Project"Research and Trial on Evolving Next Generation Network Intelligence Capability Enhancement(NICE)"the National Basic Research Program(973 Program)under Grant No.2009CB320-505the National Science and Technology Major Project"Research about Architecture of Mobile Internet"under Grant No.2011ZX03-002-001-01the National High Technology Research and Development Program(863 Program)under Grant No.2011AA010704
文摘The Deep Packet Inspection(DPI)method is a popular method that can accurately identify the flow data and its corresponding application.Currently,the DPI method is widely used in common network management systems.However,the major limitation of DPI systems is that their signature library is mainly extracted manually,which makes it hard to efficiently obtain the signature of new applications.Hence,in this paper,we propose an automatic signature extraction mechanism using Principal Component Analysis(PCA)technology,which is able to extract the signature automatically.In the proposed method,the signatures are expressed in the form of serial consistent sequences constructed by principal components instead of normally separated substrings in the original data extracted from the traditional methods.Extensive experiments based on numerous sets of data have been carried out to evaluate the performance of the proposed scheme,and the results prove that the newly proposed method can achieve good performance in terms of accuracy and efficiency.
基金supported by the National Basic Research Program of China(973 Program)under Grant No.2013CB329603Huawei Innovation Research Program+1 种基金the Opening Project of Key Laboratory of Information Network Security of Ministry of Public Security under Grant No.C11608the National Natural Science Foundation of China under Grant No.61271220
文摘Fast-flux is a Domain Name System(DNS)technique used by botnets to organise compromised hosts into a high-availability,loadbalancing network that is similar to Content Delivery Networks(CDNs).Fast-Flux Service Networks(FFSNs)are usually used as proxies of phishing websites and malwares,and hide upstream servers that host actual content.In this paper,by analysing recursive DNS traffic,we develop a fast-flux domain detection method which combines both real-time detection and long-term monitoring.Experimental results demonstrate that our solution can achieve significantly higher detection accuracy values than previous flux-score based algorithms,and is light-weight in terms of resource consumption.We evaluate the performance of the proposed fast-flux detection and tracking solution during a 180-day period of deployment on our university’s DNS servers.Based on the tracking results,we successfully identify the changes in the distribution of FFSN and their roles in recent Internet attacks.
文摘‘TheInternet Plus"and"maker"made Yaowen Jiaozi magazine’s list of the 10 most popular Chinese catchphrases of 2015.list,published in the December 2015 issue,featured seven phrases from the Internet and three related to political and economic affairs.
基金supported by the National Natural Science Foundation of China (Grant No. 41406068)
文摘Marine hydrate reservoirs can be divided into focused high-flux and distributed low-flux gas hydrate systems according to free gas migration control mechanisms. In focused high-flux hydrate reservoirs, fluids easily break through the pressure of overlying sediments and reach the shallows, creating a series of geomorphological-geological-geophysical anomalies at and near the seafloor. Based on detailed interpretation of pre-drilling data in the eastern Pearl River Mouth Basin(PRMB),many anomalies related to the high-flux fluid flow are found, including seafloor mounds with intrusive characteristics, bright spot reflections above the bottom-stimulating reflector(BSR), phase reversals in the superficial layer, and an efficient fluid migration and accumulation system composed of fractures and uplifts. The second hydrate drilling expedition was carried out in the eastern PRMB in 2013 to study these anomalies. The acquired data show that high-flux fluid flow occurred in these sites. Gas hydrate pingoes, bright spot reflection above the BSR, and an efficient fluid migration and accumulation system can be used as identification signatures for high-flux fluid migration. The modes of high flux fluid flow are different in deep and shallow sediments during upward migration of fluid. Gas dissolved within migrating water dominates deep fluid migration and upward migration of a separate gas phase dominates the shallow process. This difference in migration models leads to formation of upper and lower concentrated hydrate reservoirs in the drilling area. The discovery of signatures of high-flux fluid flow and their migration modes will help with site selection and reduce risk in gas hydrate drilling.
