The virtual private network (VPN) system, which is one of the construction methods for private networks over the Internet, is gaining prominence. VPNs are currently used for corporate networks to support end to end ...The virtual private network (VPN) system, which is one of the construction methods for private networks over the Internet, is gaining prominence. VPNs are currently used for corporate networks to support end to end communications. But if they are applied to private networks for distributed departments in organizations, some problems should be concerned, such as low efficiency of packet transfer and nonsupport of unsymmetrical VPN connections. At first this paper analyzes the limitations of VPN used in the environment of multiple subnets, and then brings up a distributed module of VPN with low cost, high packet transfer efficiency and powerful functions of user authentication and access control.展开更多
Traffic classification research has been suffering from a trouble of collecting accurate samples with ground truth.A model named Traffic Labeller(TL) is proposed to solve this problem.TL system captures all user socke...Traffic classification research has been suffering from a trouble of collecting accurate samples with ground truth.A model named Traffic Labeller(TL) is proposed to solve this problem.TL system captures all user socket calls and their corresponding application process information in the user mode on a Windows host.Once a sending data call has been captured,its 5-tuple {source IP,destination IP,source port,destination port and transport layer protocol},associated with its application information,is sent to an intermediate NDIS driver in the kernel mode.Then the intermediate driver writes application type information on TOS field of the IP packets which match the 5-tuple.In this way,each IP packet sent from the Windows host carries their application information.Therefore,traffic samples collected on the network have been labelled with the accurate application information and can be used for training effective traffic classification models.展开更多
With the rapid development of Virtual Private Network (VPN), many companies and organizations use VPN to implement their private communication. Traditionally, VPN uses security protocols to protect the confidentiality...With the rapid development of Virtual Private Network (VPN), many companies and organizations use VPN to implement their private communication. Traditionally, VPN uses security protocols to protect the confidentiality of data, the message integrity and the endpoint authentication. One core technique of VPN is tunneling, by which clients can access the in- ternal servers traversing VPN. However, the tunneling technique also introduces a concealed security hole. It is possible that if one vicious user can establish tunneling by the VPN server, he can compromise the internal servers behind the VPN server. So this paper presents a novel Application-layer based Centralized Information Access Control (ACIAC) for VPN to solve this problem. To implement an efficient, flexible and multi-decision access control model, we present two key techniques to ACIAC—the centralized management mechanism and the stream-based access control. Firstly, we implement the information center and the constraints/events center for ACIAC. By the two centers, we can provide an abstract access control mechanism, and the material access control can be decided dynamically by the ACIAC’s constraint/event mechanism. Then we logically classify the VPN communication traffic into the access stream and the data stream so that we can tightly couple the features of VPN communication with the access control model. We also provide the design of our ACIAC prototype in this paper.展开更多
Although the new technology of protection and automation system of substation based on IEC61850 standard has developed rapidly in China,reliability measures depending on this technology need to be further researched.B...Although the new technology of protection and automation system of substation based on IEC61850 standard has developed rapidly in China,reliability measures depending on this technology need to be further researched.By taking advantage of convenient information sharing,two kinds of new schemes,shared backup protection unit(SBPU)and signal backup(SB),have been proposed to solve the failure problem of protective devices and current/voltage transducers respectively,and the working principle of these two schemes are also described.Furthermore,the key technologies of on-line diagnosis of protective devices'failure and on-line status diagnosis of optical or electronic current/voltage transducers to realize the two schemes are proposed.展开更多
E-mail communication network evolution model based on user information propagation is studied. First, mathematical representation of weighted e-mail communication network is proposed, and network center parameters of ...E-mail communication network evolution model based on user information propagation is studied. First, mathematical representation of weighted e-mail communication network is proposed, and network center parameters of Enron dataset and the distribution of node degree and strength are analyzed. Then, some rules of e-mail communication network evolution are found. Second, the model of e-mail information propagation is described, and e-mail communication network evolution model based on user information propagation is proposed. Lastly, the simulation proves the correctness of the distribution characteristic of degree and strength of the model proposed and then verifies that the model proposed is closer to the real situation of e-mail communication network through parameter comparison. This research provides the basis for other researches on social network evolution and data communication.展开更多
Similarity matching and this paper, a saliency-based information presentation are two matching algorithm is proposed key factors in information retrieval. In for user-oriented search based on the psychological studies...Similarity matching and this paper, a saliency-based information presentation are two matching algorithm is proposed key factors in information retrieval. In for user-oriented search based on the psychological studies on human perception, and major emphasis on the saliently similar aspect of objects to be compared is placed and thus the search result is more agreeable for users. After relevant results are obtained, the cluster-based browsing algorithm is adopted for search result presentation based on social network analysis. By organizing the results in clustered lists, the user can have a general understanding of the whole collection by viewing only a small part of results and locate those of major interest rapidly. Experimental results demonstrate the advantages of the proposed algorithm over the traditional work.展开更多
Trusted computing,which can effectively increase the credibility of information system,has made great achievements and is in continuous development. For country who is going to strengthen network construction like Chi...Trusted computing,which can effectively increase the credibility of information system,has made great achievements and is in continuous development. For country who is going to strengthen network construction like China,it is an important fundamental supporting technology worth researching. China is in the international forefront in the field of trusted computing. This paper gives comprehensive introductions to the new development and application of key technologies in trusted computing,such as various trusted platform modules(TPM、TCM、TPCM),TCG Software Stack(TSS),trusted cloud server and Trusted Execution Environment(TEE). We illustrate the progressing and application extension of these technologies and also point out some key problems worth studying in the future.展开更多
Based on the massive data collected with a passive network monitoring equipment placed in China's backbone, we present a deep insight into the network backbone traffic and evaluate various ways for inproving traffic ...Based on the massive data collected with a passive network monitoring equipment placed in China's backbone, we present a deep insight into the network backbone traffic and evaluate various ways for inproving traffic classifying efficiency in this pa- per. In particular, the study has scrutinized the net- work traffic in terms of protocol types and signatures, flow length, and port distffoution, from which mean- ingful and interesting insights on the current Intemet of China from the perspective of both the packet and flow levels are derived. We show that the classifica- tion efficiency can be greatly irrproved by using the information of preferred ports of the network applica- tions. Quantitatively, we find two traffic duration thresholds, with which 40% of TCP flows and 70% of UDP flows can be excluded from classification pro- cessing while the in^act on classification accuracy is trivial, i.e., the classification accuracy can still reach a high level by saving 85% of the resources.展开更多
In this paper,the basic requirements of the smart grid in China are studied.By applying Internet of Things(IoT) technologies,various intelligent services can be created.The development of the smart grid would rely hea...In this paper,the basic requirements of the smart grid in China are studied.By applying Internet of Things(IoT) technologies,various intelligent services can be created.The development of the smart grid would rely heavily on the application of IoT.The three-layer architecture of IoT for the smart grid in China is introduced.Various information and communication technologies of IoT applied to smart grid are discussed.Particularly,several typical IoT application solutions such as power transmission line monitoring,smart patrol,smart home and electric vehicle management,are provided.展开更多
文摘The virtual private network (VPN) system, which is one of the construction methods for private networks over the Internet, is gaining prominence. VPNs are currently used for corporate networks to support end to end communications. But if they are applied to private networks for distributed departments in organizations, some problems should be concerned, such as low efficiency of packet transfer and nonsupport of unsymmetrical VPN connections. At first this paper analyzes the limitations of VPN used in the environment of multiple subnets, and then brings up a distributed module of VPN with low cost, high packet transfer efficiency and powerful functions of user authentication and access control.
基金ACKNOWLEDGEMENT This research was partially supported by the National Basic Research Program of China (973 Program) under Grant No. 2011CB30- 2605 the National High Technology Research and Development Program of China (863 Pro- gram) under Grant No. 2012AA012502+3 种基金 the National Key Technology Research and Dev- elopment Program of China under Grant No. 2012BAH37B00 the Program for New Cen- tury Excellent Talents in University under Gr- ant No. NCET-10-0863 the National Natural Science Foundation of China under Grants No 61173078, No. 61203105, No. 61173079, No. 61070130, No. 60903176 and the Provincial Natural Science Foundation of Shandong under Grants No. ZR2012FM010, No. ZR2011FZ001, No. ZR2010FM047, No. ZR2010FQ028, No. ZR2012FQ016.
文摘Traffic classification research has been suffering from a trouble of collecting accurate samples with ground truth.A model named Traffic Labeller(TL) is proposed to solve this problem.TL system captures all user socket calls and their corresponding application process information in the user mode on a Windows host.Once a sending data call has been captured,its 5-tuple {source IP,destination IP,source port,destination port and transport layer protocol},associated with its application information,is sent to an intermediate NDIS driver in the kernel mode.Then the intermediate driver writes application type information on TOS field of the IP packets which match the 5-tuple.In this way,each IP packet sent from the Windows host carries their application information.Therefore,traffic samples collected on the network have been labelled with the accurate application information and can be used for training effective traffic classification models.
基金Project (No. 60373088) supported by the National Natural ScienceFoundation of China
文摘With the rapid development of Virtual Private Network (VPN), many companies and organizations use VPN to implement their private communication. Traditionally, VPN uses security protocols to protect the confidentiality of data, the message integrity and the endpoint authentication. One core technique of VPN is tunneling, by which clients can access the in- ternal servers traversing VPN. However, the tunneling technique also introduces a concealed security hole. It is possible that if one vicious user can establish tunneling by the VPN server, he can compromise the internal servers behind the VPN server. So this paper presents a novel Application-layer based Centralized Information Access Control (ACIAC) for VPN to solve this problem. To implement an efficient, flexible and multi-decision access control model, we present two key techniques to ACIAC—the centralized management mechanism and the stream-based access control. Firstly, we implement the information center and the constraints/events center for ACIAC. By the two centers, we can provide an abstract access control mechanism, and the material access control can be decided dynamically by the ACIAC’s constraint/event mechanism. Then we logically classify the VPN communication traffic into the access stream and the data stream so that we can tightly couple the features of VPN communication with the access control model. We also provide the design of our ACIAC prototype in this paper.
基金National Natural Science Foundation of China(No.50777068).
文摘Although the new technology of protection and automation system of substation based on IEC61850 standard has developed rapidly in China,reliability measures depending on this technology need to be further researched.By taking advantage of convenient information sharing,two kinds of new schemes,shared backup protection unit(SBPU)and signal backup(SB),have been proposed to solve the failure problem of protective devices and current/voltage transducers respectively,and the working principle of these two schemes are also described.Furthermore,the key technologies of on-line diagnosis of protective devices'failure and on-line status diagnosis of optical or electronic current/voltage transducers to realize the two schemes are proposed.
基金sponsored by the National Natural Science Foundation of China under grant number No. 61100008, 61201084the China Postdoctoral Science Foundation under Grant No. 2013M541346+3 种基金Heilongiiang Postdoctoral Special Fund (Postdoctoral Youth Talent Program) under Grant No. LBH-TZ0504Heilongjiang Postdoctoral Fund under Grant No. LBH-Z13058the Natural Science Foundation of Heilongjiang Province of China under Grant No. QC2015076Funds for the Central Universities of China under grant number HEUCF100602
文摘E-mail communication network evolution model based on user information propagation is studied. First, mathematical representation of weighted e-mail communication network is proposed, and network center parameters of Enron dataset and the distribution of node degree and strength are analyzed. Then, some rules of e-mail communication network evolution are found. Second, the model of e-mail information propagation is described, and e-mail communication network evolution model based on user information propagation is proposed. Lastly, the simulation proves the correctness of the distribution characteristic of degree and strength of the model proposed and then verifies that the model proposed is closer to the real situation of e-mail communication network through parameter comparison. This research provides the basis for other researches on social network evolution and data communication.
基金Supported by the Fund for Basic Research of National Non-Profit Research Institutes(No.XK2012-2,ZD2012-7-2)the Fund for Preresearch Project of ISTIC(No.YY201208)
文摘Similarity matching and this paper, a saliency-based information presentation are two matching algorithm is proposed key factors in information retrieval. In for user-oriented search based on the psychological studies on human perception, and major emphasis on the saliently similar aspect of objects to be compared is placed and thus the search result is more agreeable for users. After relevant results are obtained, the cluster-based browsing algorithm is adopted for search result presentation based on social network analysis. By organizing the results in clustered lists, the user can have a general understanding of the whole collection by viewing only a small part of results and locate those of major interest rapidly. Experimental results demonstrate the advantages of the proposed algorithm over the traditional work.
基金supported by the National Natural Science Foundation of China (Grant NO.61332019, NO.61402342, NO.61202387)the National Basic Research Program of China ("973" Program) (Grant No.2014CB340600)the National High–Tech Research and Development Program of China ("863" Program) (Grant No.2015AA016002)
文摘Trusted computing,which can effectively increase the credibility of information system,has made great achievements and is in continuous development. For country who is going to strengthen network construction like China,it is an important fundamental supporting technology worth researching. China is in the international forefront in the field of trusted computing. This paper gives comprehensive introductions to the new development and application of key technologies in trusted computing,such as various trusted platform modules(TPM、TCM、TPCM),TCG Software Stack(TSS),trusted cloud server and Trusted Execution Environment(TEE). We illustrate the progressing and application extension of these technologies and also point out some key problems worth studying in the future.
基金This paper was partially supported by the National Natural Science Foundation of China under Crant No. 61072061111 Project of China under Crant No. B08004 the Fundamental Research Funds for the Central Universities under Grant No. 2009RC0122. References
文摘Based on the massive data collected with a passive network monitoring equipment placed in China's backbone, we present a deep insight into the network backbone traffic and evaluate various ways for inproving traffic classifying efficiency in this pa- per. In particular, the study has scrutinized the net- work traffic in terms of protocol types and signatures, flow length, and port distffoution, from which mean- ingful and interesting insights on the current Intemet of China from the perspective of both the packet and flow levels are derived. We show that the classifica- tion efficiency can be greatly irrproved by using the information of preferred ports of the network applica- tions. Quantitatively, we find two traffic duration thresholds, with which 40% of TCP flows and 70% of UDP flows can be excluded from classification pro- cessing while the in^act on classification accuracy is trivial, i.e., the classification accuracy can still reach a high level by saving 85% of the resources.
基金supported by the foundations of the Important National Science & Technology Specific Projects of China under Grant 2010ZX03006-005-02the National Basic Research Program of China (973 Program) under Grant 2011CB302900
文摘In this paper,the basic requirements of the smart grid in China are studied.By applying Internet of Things(IoT) technologies,various intelligent services can be created.The development of the smart grid would rely heavily on the application of IoT.The three-layer architecture of IoT for the smart grid in China is introduced.Various information and communication technologies of IoT applied to smart grid are discussed.Particularly,several typical IoT application solutions such as power transmission line monitoring,smart patrol,smart home and electric vehicle management,are provided.
