This paper presents a mechanism for detecting flooding-attacks. The simplicity of the mechanism lies in its statelessness and low computation overhead, which makes the detection mechanism itself immune to flooding-att...This paper presents a mechanism for detecting flooding-attacks. The simplicity of the mechanism lies in its statelessness and low computation overhead, which makes the detection mechanism itself immune to flooding-attacks. The SYN-flooding, as an instance of flooding-attack, is used to illustrate the anomaly detection mechanism. The mechanism applies an exponentially weighted moving average (EWMA) method to detect the abrupt net flow and applies a symmetry analysis method to detect the anomaly activity of the network flow. Experiment shows that the mechanism has high detection accuracy and low detection latency.展开更多
Since the frequency of network security incidents is nonlinear,traditional prediction methods such as ARMA,Gray systems are difficult to deal with the problem.When the size of sample is small,methods based on artifici...Since the frequency of network security incidents is nonlinear,traditional prediction methods such as ARMA,Gray systems are difficult to deal with the problem.When the size of sample is small,methods based on artificial neural network may not reach a high degree of preciseness.Least Squares Support Vector Machines (LSSVM) is a kind of machine learning methods based on the statistics learning theory,it can be applied to solve small sample and non-linear problems very well.This paper applied LSSVM to predict the occur frequency of network security incidents.To improve the accuracy,it used an improved genetic algorithm to optimize the parameters of LSSVM.Verified by real data sets,the improved genetic algorithm (IGA) converges faster than the simple genetic algorithm (SGA),and has a higher efficiency in the optimization procedure.Specially,the optimized LSSVM model worked very well on the prediction of frequency of network security incidents.展开更多
In the process of analyzing the large-scale network security situation,the data we faced are always flooded and messy,and the information is difficult to obtain with respond to the query timely.Online analytical proce...In the process of analyzing the large-scale network security situation,the data we faced are always flooded and messy,and the information is difficult to obtain with respond to the query timely.Online analytical processing which use the Data-cube as a data source directly,calculated all or part of the Data-cube in advance,and it can reduce the query response time significantly.This paper considers a class of queries,called the Partial-MAX/MIN query.We introduce Rank Decision Tree(RD-Tree) and it’s searching algorithm for efficient processing of the partial-max/min queries.Through experiments,we show our approach has an efficient processing capability for partial-max/min queries.展开更多
English is the universal language. With the development of economic and cultural globalization, the demand for English has gradually increased. Traditional college English teaching cannot meet real requirement, so col...English is the universal language. With the development of economic and cultural globalization, the demand for English has gradually increased. Traditional college English teaching cannot meet real requirement, so college English teaching reform is imperative. With the development of online platform, the Internet has brought a great impetus to the curriculum reform. The author thinks that "MOOC" and College English Teaching Reform have a good point of combining, but there is still a problem remaining to be solved: How to make good use of"MOOC" for College English Teaching Reform service has a lot study space in the future.展开更多
The smart grid is the next generation of power and distribution systems. The integration of advanced network, communications, and computing techniques allows for the enhancement of efficiency and reliability. The smar...The smart grid is the next generation of power and distribution systems. The integration of advanced network, communications, and computing techniques allows for the enhancement of efficiency and reliability. The smart grid interconnects the flow of information via the power line, intelligent metering, renewable and distributed energy systems, and a monitoring and controlling infrastructure. For all the advantages that these components come with, they remain at risk to a spectrum of physical and digital attacks. This paper will focus on digital vulnerabilities within the smart grid and how they may be exploited to form full fledged attacks on the system. A number of countermeasures and solutions from the literature will also be reported, to give an overview of the options for dealing with such problems. This paper serves as a triggering point for future research into smart grid cyber security.展开更多
Denial of Service Distributed Denial of Service (DOS) attack, especially (DDoS) attack, is one of the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in ...Denial of Service Distributed Denial of Service (DOS) attack, especially (DDoS) attack, is one of the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in the behaviors of the network and can not deal with the problem exactly. In this paper, we start from the security of the protocol, then we propose a novel theory for security protocol analysis of Denial of Service in order to deal with the DoS attack. We first introduce the conception of weighted graph to extend the strand space model, then we extend the penetrator model and define the goal of anti-DoS attack through the conception of the DoS-stop protocol, finally we propose two kinds of DoS test model and erect the novel formal theory for security protocol analysis of Denial of Service. Our new formal theory is applied in two example protocols. It is proved that the Internet key exchange (IKE) easily suffers from the DoS attacks, and the efficient DoS- resistant secure key exchange protocol (JFK) is resistant against DoS attack for the server, respectively.展开更多
基金TheNationalHighTechnologyResearchandDevelopmentProgramofChina(863Program) (No .2 0 0 2AA14 5 0 90 )
文摘This paper presents a mechanism for detecting flooding-attacks. The simplicity of the mechanism lies in its statelessness and low computation overhead, which makes the detection mechanism itself immune to flooding-attacks. The SYN-flooding, as an instance of flooding-attack, is used to illustrate the anomaly detection mechanism. The mechanism applies an exponentially weighted moving average (EWMA) method to detect the abrupt net flow and applies a symmetry analysis method to detect the anomaly activity of the network flow. Experiment shows that the mechanism has high detection accuracy and low detection latency.
基金supported in part by the National High Technology Research and Development Program of China ("863" Program) (No.2007AA010502)
文摘Since the frequency of network security incidents is nonlinear,traditional prediction methods such as ARMA,Gray systems are difficult to deal with the problem.When the size of sample is small,methods based on artificial neural network may not reach a high degree of preciseness.Least Squares Support Vector Machines (LSSVM) is a kind of machine learning methods based on the statistics learning theory,it can be applied to solve small sample and non-linear problems very well.This paper applied LSSVM to predict the occur frequency of network security incidents.To improve the accuracy,it used an improved genetic algorithm to optimize the parameters of LSSVM.Verified by real data sets,the improved genetic algorithm (IGA) converges faster than the simple genetic algorithm (SGA),and has a higher efficiency in the optimization procedure.Specially,the optimized LSSVM model worked very well on the prediction of frequency of network security incidents.
文摘In the process of analyzing the large-scale network security situation,the data we faced are always flooded and messy,and the information is difficult to obtain with respond to the query timely.Online analytical processing which use the Data-cube as a data source directly,calculated all or part of the Data-cube in advance,and it can reduce the query response time significantly.This paper considers a class of queries,called the Partial-MAX/MIN query.We introduce Rank Decision Tree(RD-Tree) and it’s searching algorithm for efficient processing of the partial-max/min queries.Through experiments,we show our approach has an efficient processing capability for partial-max/min queries.
文摘English is the universal language. With the development of economic and cultural globalization, the demand for English has gradually increased. Traditional college English teaching cannot meet real requirement, so college English teaching reform is imperative. With the development of online platform, the Internet has brought a great impetus to the curriculum reform. The author thinks that "MOOC" and College English Teaching Reform have a good point of combining, but there is still a problem remaining to be solved: How to make good use of"MOOC" for College English Teaching Reform service has a lot study space in the future.
文摘The smart grid is the next generation of power and distribution systems. The integration of advanced network, communications, and computing techniques allows for the enhancement of efficiency and reliability. The smart grid interconnects the flow of information via the power line, intelligent metering, renewable and distributed energy systems, and a monitoring and controlling infrastructure. For all the advantages that these components come with, they remain at risk to a spectrum of physical and digital attacks. This paper will focus on digital vulnerabilities within the smart grid and how they may be exploited to form full fledged attacks on the system. A number of countermeasures and solutions from the literature will also be reported, to give an overview of the options for dealing with such problems. This paper serves as a triggering point for future research into smart grid cyber security.
基金This work is supported by National Natural Science Foundation of China under contract 60902008.
文摘Denial of Service Distributed Denial of Service (DOS) attack, especially (DDoS) attack, is one of the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in the behaviors of the network and can not deal with the problem exactly. In this paper, we start from the security of the protocol, then we propose a novel theory for security protocol analysis of Denial of Service in order to deal with the DoS attack. We first introduce the conception of weighted graph to extend the strand space model, then we extend the penetrator model and define the goal of anti-DoS attack through the conception of the DoS-stop protocol, finally we propose two kinds of DoS test model and erect the novel formal theory for security protocol analysis of Denial of Service. Our new formal theory is applied in two example protocols. It is proved that the Internet key exchange (IKE) easily suffers from the DoS attacks, and the efficient DoS- resistant secure key exchange protocol (JFK) is resistant against DoS attack for the server, respectively.
