A new byte block cipher algorithm with discrete chaos and Feistel structure has been studied for confidential communication in wireless sensor network to improve security. After permutation,the byte block was encrypte...A new byte block cipher algorithm with discrete chaos and Feistel structure has been studied for confidential communication in wireless sensor network to improve security. After permutation,the byte block was encrypted through a Feistel structure in multiple turns and afterwards replaced again. The child keys are the composite sequence of discrete chaos and linear congruence sequences. Both the plain text and cipher text are of 8 bits. The number of keys is alterable. A nonlinear encryption function in the Feistel structure with chaos was constructed. The cipher algorithm was realized in the Micaz node,and the confidential communication experiment in wireless sensor network was completed success-fully. Additional ROM memory required for the cipher algorithm is 4144 bytes and an additional RAM memory 61 bytes. The cipher algorithm is nonlinear chaos and the Feistel structure holds the best of the RC6,DES and SKIPJACK cipher algorithms.The result shows that the algorithm needs a little memory and is safe at a high level.展开更多
The existing network security management systems are unable either to provide users with useful security situation and risk assessment, or to aid administrators to make right and timely decisions based on the current ...The existing network security management systems are unable either to provide users with useful security situation and risk assessment, or to aid administrators to make right and timely decisions based on the current state of network. These disadvantages always put the whole network security management at high risk. This paper establishes a simulation environment, captures the alerts as the experimental data and adopts statistical analysis to seek the vulnerabilities of the services provided by the hosts in the network. According to the factors of the network, the paper introduces the two concepts: Situational Meta and Situational Weight to depict the total security situation. A novel hierarchical algorithm based on analytic hierarchy process (AHP) is proposed to analyze the hierarchy of network and confirm the weighting coefficients. The algorithm can be utilized for modeling security situation, and determining its mathematical expression. Coupled with the statistical results, this paper simulates the security situational trends. Finally, the analysis of the simulation results proves the algorithm efficient and applicable, and provides us with an academic foundation for the implementation in the security situation展开更多
For the application of wireless sensor networks in the military field, one of the main challenges is security. To solve the problem of verifying the location claim for a node, a new location verifica- tion algorithm c...For the application of wireless sensor networks in the military field, one of the main challenges is security. To solve the problem of verifying the location claim for a node, a new location verifica- tion algorithm called node cooperation based location secure verification (NCBLSV) algorithm is proposed. NCBLSV could verify malicious nodes by contrasting neighbor nodes and nodes under beam width angle using an adaptive array antenna at a base point. Simulation experiments are con- ducted to evaluate the performance of this algorithm by varying the communication range and the an- tenna beam width angle. Results show that NCBLSV algorithm has high probability of successful ma- licious nodes detection and low probability of false nodes detection. Thus, it is proved that the NCBLSV algorithm is useful and necessary in the wireless sensor networks security.展开更多
A new scheme to verifiably redistribute a secret from the old to new shareholders without reconstruction of the secret is presented in this paper. The scheme allows redistribution between different access structures a...A new scheme to verifiably redistribute a secret from the old to new shareholders without reconstruction of the secret is presented in this paper. The scheme allows redistribution between different access structures and between different threshold schemes. A point worth mentioning is that this verifiable secret redistribution (VSR) scheme can identify dishonest old shareholders during redistribution without any assumption. A certain technique is adopted to verify the correctness of the old shares of the secret. As a result, the scheme is very efficient. It can be applied to proactive secret sharing (PSS) schemes to construct more flexible and practical proactive secret sharing schemes.展开更多
The core of network security is the risk assessment. In this letter,a risk assessment method is introduced to estimate the wireless network security. The method,which combines Analytic Hier-archy Process (AHP) method ...The core of network security is the risk assessment. In this letter,a risk assessment method is introduced to estimate the wireless network security. The method,which combines Analytic Hier-archy Process (AHP) method and fuzzy logical method,is applied to the risk assessment. Fuzzy logical method is applied to judge the important degree of each factor in the aspects of the probability,the influence and the uncontrollability,not to directly judge the important degree itself. The risk as-sessment is carved up 3 layers applying AHP method,the sort weight of the third layer is calculated by fuzzy logical method. Finally,the important degree is calculated by AHP method. By comparing the important degree of each factor,the risk which can be controlled by taking measures is known. The study of the case shows that the method can be easily used to the risk assessment of the wireless network security and its results conform to the actual situation.展开更多
The transient critical boundary of dynamic security region (DSR) can be approximated by a few hyper planes correlated with instability separation modes. A method to fast predict instability separation modes is propose...The transient critical boundary of dynamic security region (DSR) can be approximated by a few hyper planes correlated with instability separation modes. A method to fast predict instability separation modes is proposed for DSR calculation in power injection space. The method identifies coherent generation groups by the developed K-medoids algorithm, taking a similarity matrix derived from the reachability Grammian as the index. As an experimental result, reachability Grammian matrices under local injections are approximately invariant. It indicates that the generator coherency identifications are nearly consistent for different injections. Then instability separation modes can be predicted at the normal operating point, while average initial acceleration is considered as the measure of the critical generator group to amend the error. Moreover, based on these predicted instability separation modes, a critical point search strategy for DSR calculation is illustrated in the reduced injection space of the critical generators. The proposed method was evaluated using New England Test System, and the computation accuracy and speed in determining the practical DSR were improved.展开更多
A comprehensive risk based security assessment which includes low voltage, line overload and voltage collapse was presented using a relatively new neural network technique called as the generalized regression neural n...A comprehensive risk based security assessment which includes low voltage, line overload and voltage collapse was presented using a relatively new neural network technique called as the generalized regression neural network (GRNN) with incorporation of feature extraction method using principle component analysis. In the risk based security assessment formulation, the failure rate associated to weather condition of each line was used to compute the probability of line outage for a given weather condition and the extent of security violation was represented by a severity function. For low voltage and line overload, continuous severity function was considered due to its ability to zoom in into the effect of near violating contingency. New severity function for voltage collapse using the voltage collapse prediction index was proposed. To reduce the computational burden, a new contingency screening method was proposed using the risk factor so as to select the critical line outages. The risk based security assessment method using GRNN was implemented on a large scale 87-bus power system and the results show that the risk prediction results obtained using GRNN with the incorporation of principal component analysis give better performance in terms of accuracy.展开更多
Wormhole attack is a serious threat against MANET (mobile ad hoc network) and its routing protocols. A new approach—tunnel key node identification (TKNI) was proposed. Based on tunnel-key-node identification and prio...Wormhole attack is a serious threat against MANET (mobile ad hoc network) and its routing protocols. A new approach—tunnel key node identification (TKNI) was proposed. Based on tunnel-key-node identification and priority-based route discovery, TKNI can rapidly rebuild the communications that have been blocked by wormhole attack. Compared to previous approaches, the proposed approach aims at both static and dynamic topology environment, involves addressing visible and invisible wormhole attack modes, requires no extra hardware, has a low overhead, and can be easily applied to MANET.展开更多
Intrusion detection can be essentially regarded as a classification problem,namely,dis-tinguishing normal profiles from intrusive behaviors. This paper introduces boosting classification algorithm into the area of int...Intrusion detection can be essentially regarded as a classification problem,namely,dis-tinguishing normal profiles from intrusive behaviors. This paper introduces boosting classification algorithm into the area of intrusion detection to learn attack signatures. Decision tree algorithm is used as simple base learner of boosting algorithm. Furthermore,this paper employs the Principle Com-ponent Analysis (PCA) approach,an effective data reduction approach,to extract the key attribute set from the original high-dimensional network traffic data. KDD CUP 99 data set is used in these ex-periments to demonstrate that boosting algorithm can greatly improve the classification accuracy of weak learners by combining a number of simple “weak learners”. In our experiments,the error rate of training phase of boosting algorithm is reduced from 30.2% to 8% after 10 iterations. Besides,this paper also compares boosting algorithm with Support Vector Machine (SVM) algorithm and shows that the classification accuracy of boosting algorithm is little better than SVM algorithm’s. However,the generalization ability of SVM algorithm is better than boosting algorithm.展开更多
This paper first describes the basic theory of BP neural network algorithm, defects and improved methods, establishes a computer network security evaluation index system, explores the computer network security evaluat...This paper first describes the basic theory of BP neural network algorithm, defects and improved methods, establishes a computer network security evaluation index system, explores the computer network security evaluation method based on BP neural network, and has designed to build the evaluation model, and shows that the method is feasible through the MATLAB simulation experiments.展开更多
In order to avoid internal attacks during data aggregation in wireless sensor networks, a grid-based network architecture fit for monitoring is designed and the algorithms for network division, initialization and grid...In order to avoid internal attacks during data aggregation in wireless sensor networks, a grid-based network architecture fit for monitoring is designed and the algorithms for network division, initialization and grid tree construction are presented. The characteristics of on-off attacks are first studied and monitoring mechanisms are then designed for sensor nodes. A Fast Detection and Slow Recovery (FDSR) algorithm is proposed to prevent on-off attacks by observing the behaviors of the nodes and computing reputations. A recovery mechanism is designed to isolate malicious nodes by identifying the new roles of nodes and updating the grid tree. In the experiments, some situations of on-off attacks are simulated and the results are compared with other approaches. The experimental results indicate that our approach can detect malicious nodes effectively and guarantee secure data aggregation with acceptable energy consumption.展开更多
Due to the complicated background of objectives and speckle noise, it is almost impossible to extract roads directly from original synthetic aperture radar(SAR) images. A method is proposed for extraction of road netw...Due to the complicated background of objectives and speckle noise, it is almost impossible to extract roads directly from original synthetic aperture radar(SAR) images. A method is proposed for extraction of road network from high-resolution SAR image. Firstly, fuzzy C means is used to classify the filtered SAR image unsupervisedly, and the road pixels are isolated from the image to simplify the extraction of road network. Secondly, according to the features of roads and the membership of pixels to roads, a road model is constructed, which can reduce the extraction of road network to searching globally optimization continuous curves which pass some seed points. Finally, regarding the curves as individuals and coding a chromosome using integer code of variance relative to coordinates, the genetic operations are used to search global optimization roads. The experimental results show that the algorithm can effectively extract road network from high-resolution SAR images.展开更多
In order to protect the website and assess the security risk of website, a novel website security risk assessment method is proposed based on the improved Bayesian attack graph(I-BAG) model. First, the Improved Bayesi...In order to protect the website and assess the security risk of website, a novel website security risk assessment method is proposed based on the improved Bayesian attack graph(I-BAG) model. First, the Improved Bayesian attack graph model is established, which takes attack benefits and threat factors into consideration. Compared with the existing attack graph models, it can better describe the website's security risk. Then, the improved Bayesian attack graph is constructed with optimized website attack graph, attack benefit nodes, threat factor nodes and the local conditional probability distribution of each node, which is calculated accordingly. Finally, website's attack probability and risk value are calculated on the level of nodes, hosts and the whole website separately. The experimental results demonstrate that the risk evaluating method based on I-BAG model proposed is a effective way for assessing the website security risk.展开更多
Paper study the MAC layer security mechanism and data frame structure in ZigBee protocol, improve the algorithm for random Fuzzing test technology, and test method of attack fusion boundary, structure of Fuzzing and t...Paper study the MAC layer security mechanism and data frame structure in ZigBee protocol, improve the algorithm for random Fuzzing test technology, and test method of attack fusion boundary, structure of Fuzzing and the node clone, proposed a ZigBee routing protocol for the MAC layer security comprehensive detection algorithm. Fuzzing test show that the testing algorithm can not only greatly improve the test efficiency in Fuzzing, more than the structure of Fuzzing is increased by 50% in path coverage.展开更多
A number of contingencies simulated during dynamic security assessment do not generate unacceptable values of power system state variables, due to their small influence on system operation. Their exclusion from the se...A number of contingencies simulated during dynamic security assessment do not generate unacceptable values of power system state variables, due to their small influence on system operation. Their exclusion from the set of contingencies to be simulated in the security assessment would achieve a significant reduction in computation time. This paper defines a critical contingencies selection method for on-line dynamic security assessment. The selection method results from an off-line dynamical analysis, which covers typical scenarios and also covers various related aspects like frequency, voltage, and angle analyses among others. Indexes measured over these typical scenarios are used to train neural networks, capable of performing on-line estimation of a critical contingencies list according to the system state.展开更多
In order to reduce broadcast storms, improve network security, virtual LAN technology has been widely used in LAN planning. But in many networks, it was be required that computers in different VLAN (Virtual Local Are...In order to reduce broadcast storms, improve network security, virtual LAN technology has been widely used in LAN planning. But in many networks, it was be required that computers in different VLAN (Virtual Local Area Network) could be communicated. This article mainly introduced the VLAN classification method inter-VLAN data communication technology, and explained in detail with two simple examples the concrete configure method of the communication between the same cross-switch VLAN traffic and inter-VLAN.展开更多
基金Projects G1999033105 supported by the National Basic Research Program of ChinaCSTC2005BB2198 by the Fund of Chongqing Science and Technol-ogy Committee+1 种基金2005KJ092 by the Fund of the Natural Science of Education Department of Anhui Province in China2004LKQ01 by the Fund ofNatural Science for Young Teachers of Huainan Normal University in China
文摘A new byte block cipher algorithm with discrete chaos and Feistel structure has been studied for confidential communication in wireless sensor network to improve security. After permutation,the byte block was encrypted through a Feistel structure in multiple turns and afterwards replaced again. The child keys are the composite sequence of discrete chaos and linear congruence sequences. Both the plain text and cipher text are of 8 bits. The number of keys is alterable. A nonlinear encryption function in the Feistel structure with chaos was constructed. The cipher algorithm was realized in the Micaz node,and the confidential communication experiment in wireless sensor network was completed success-fully. Additional ROM memory required for the cipher algorithm is 4144 bytes and an additional RAM memory 61 bytes. The cipher algorithm is nonlinear chaos and the Feistel structure holds the best of the RC6,DES and SKIPJACK cipher algorithms.The result shows that the algorithm needs a little memory and is safe at a high level.
基金Supported by the High Technology Research and Development Programme of China (No. 2003AA142160) and the National Natural Science Foundation of China (No. 60605019).
文摘The existing network security management systems are unable either to provide users with useful security situation and risk assessment, or to aid administrators to make right and timely decisions based on the current state of network. These disadvantages always put the whole network security management at high risk. This paper establishes a simulation environment, captures the alerts as the experimental data and adopts statistical analysis to seek the vulnerabilities of the services provided by the hosts in the network. According to the factors of the network, the paper introduces the two concepts: Situational Meta and Situational Weight to depict the total security situation. A novel hierarchical algorithm based on analytic hierarchy process (AHP) is proposed to analyze the hierarchy of network and confirm the weighting coefficients. The algorithm can be utilized for modeling security situation, and determining its mathematical expression. Coupled with the statistical results, this paper simulates the security situational trends. Finally, the analysis of the simulation results proves the algorithm efficient and applicable, and provides us with an academic foundation for the implementation in the security situation
基金Supported by the National High Technology Research and Development Programme of China ( No. 2004AA001210) and the National Natural Science Foundation of China (No. 60532030).
文摘For the application of wireless sensor networks in the military field, one of the main challenges is security. To solve the problem of verifying the location claim for a node, a new location verifica- tion algorithm called node cooperation based location secure verification (NCBLSV) algorithm is proposed. NCBLSV could verify malicious nodes by contrasting neighbor nodes and nodes under beam width angle using an adaptive array antenna at a base point. Simulation experiments are con- ducted to evaluate the performance of this algorithm by varying the communication range and the an- tenna beam width angle. Results show that NCBLSV algorithm has high probability of successful ma- licious nodes detection and low probability of false nodes detection. Thus, it is proved that the NCBLSV algorithm is useful and necessary in the wireless sensor networks security.
文摘A new scheme to verifiably redistribute a secret from the old to new shareholders without reconstruction of the secret is presented in this paper. The scheme allows redistribution between different access structures and between different threshold schemes. A point worth mentioning is that this verifiable secret redistribution (VSR) scheme can identify dishonest old shareholders during redistribution without any assumption. A certain technique is adopted to verify the correctness of the old shares of the secret. As a result, the scheme is very efficient. It can be applied to proactive secret sharing (PSS) schemes to construct more flexible and practical proactive secret sharing schemes.
基金the National Natural Science Foundation of China (No.60573036).
文摘The core of network security is the risk assessment. In this letter,a risk assessment method is introduced to estimate the wireless network security. The method,which combines Analytic Hier-archy Process (AHP) method and fuzzy logical method,is applied to the risk assessment. Fuzzy logical method is applied to judge the important degree of each factor in the aspects of the probability,the influence and the uncontrollability,not to directly judge the important degree itself. The risk as-sessment is carved up 3 layers applying AHP method,the sort weight of the third layer is calculated by fuzzy logical method. Finally,the important degree is calculated by AHP method. By comparing the important degree of each factor,the risk which can be controlled by taking measures is known. The study of the case shows that the method can be easily used to the risk assessment of the wireless network security and its results conform to the actual situation.
基金Supported by National Natural Science Foundation of China (No.50595413)Special Fund of the National Fundamental Research of China(No.2004CB217904)+4 种基金US EPRI under Agreement EP-P29464/C9966Foundation for the Author of National Excellent Doctoral Disserta-tion (No.200439)Key Project of Ministry of Education of China(No.105047)Program for New Century Excellent Talents in University,Fok Ying Tung Education Foundation (No.104019)Innovation Fund of Tianjin Municipal (2006-09)
文摘The transient critical boundary of dynamic security region (DSR) can be approximated by a few hyper planes correlated with instability separation modes. A method to fast predict instability separation modes is proposed for DSR calculation in power injection space. The method identifies coherent generation groups by the developed K-medoids algorithm, taking a similarity matrix derived from the reachability Grammian as the index. As an experimental result, reachability Grammian matrices under local injections are approximately invariant. It indicates that the generator coherency identifications are nearly consistent for different injections. Then instability separation modes can be predicted at the normal operating point, while average initial acceleration is considered as the measure of the critical generator group to amend the error. Moreover, based on these predicted instability separation modes, a critical point search strategy for DSR calculation is illustrated in the reduced injection space of the critical generators. The proposed method was evaluated using New England Test System, and the computation accuracy and speed in determining the practical DSR were improved.
文摘A comprehensive risk based security assessment which includes low voltage, line overload and voltage collapse was presented using a relatively new neural network technique called as the generalized regression neural network (GRNN) with incorporation of feature extraction method using principle component analysis. In the risk based security assessment formulation, the failure rate associated to weather condition of each line was used to compute the probability of line outage for a given weather condition and the extent of security violation was represented by a severity function. For low voltage and line overload, continuous severity function was considered due to its ability to zoom in into the effect of near violating contingency. New severity function for voltage collapse using the voltage collapse prediction index was proposed. To reduce the computational burden, a new contingency screening method was proposed using the risk factor so as to select the critical line outages. The risk based security assessment method using GRNN was implemented on a large scale 87-bus power system and the results show that the risk prediction results obtained using GRNN with the incorporation of principal component analysis give better performance in terms of accuracy.
文摘Wormhole attack is a serious threat against MANET (mobile ad hoc network) and its routing protocols. A new approach—tunnel key node identification (TKNI) was proposed. Based on tunnel-key-node identification and priority-based route discovery, TKNI can rapidly rebuild the communications that have been blocked by wormhole attack. Compared to previous approaches, the proposed approach aims at both static and dynamic topology environment, involves addressing visible and invisible wormhole attack modes, requires no extra hardware, has a low overhead, and can be easily applied to MANET.
基金National High-tech R&D Program of China (2003AA142060)National Basic Research Program of China (2001CB09403).
文摘Intrusion detection can be essentially regarded as a classification problem,namely,dis-tinguishing normal profiles from intrusive behaviors. This paper introduces boosting classification algorithm into the area of intrusion detection to learn attack signatures. Decision tree algorithm is used as simple base learner of boosting algorithm. Furthermore,this paper employs the Principle Com-ponent Analysis (PCA) approach,an effective data reduction approach,to extract the key attribute set from the original high-dimensional network traffic data. KDD CUP 99 data set is used in these ex-periments to demonstrate that boosting algorithm can greatly improve the classification accuracy of weak learners by combining a number of simple “weak learners”. In our experiments,the error rate of training phase of boosting algorithm is reduced from 30.2% to 8% after 10 iterations. Besides,this paper also compares boosting algorithm with Support Vector Machine (SVM) algorithm and shows that the classification accuracy of boosting algorithm is little better than SVM algorithm’s. However,the generalization ability of SVM algorithm is better than boosting algorithm.
文摘This paper first describes the basic theory of BP neural network algorithm, defects and improved methods, establishes a computer network security evaluation index system, explores the computer network security evaluation method based on BP neural network, and has designed to build the evaluation model, and shows that the method is feasible through the MATLAB simulation experiments.
基金This work was supported by the National Natural Science Foundation of China under Grant No. 60873199.
文摘In order to avoid internal attacks during data aggregation in wireless sensor networks, a grid-based network architecture fit for monitoring is designed and the algorithms for network division, initialization and grid tree construction are presented. The characteristics of on-off attacks are first studied and monitoring mechanisms are then designed for sensor nodes. A Fast Detection and Slow Recovery (FDSR) algorithm is proposed to prevent on-off attacks by observing the behaviors of the nodes and computing reputations. A recovery mechanism is designed to isolate malicious nodes by identifying the new roles of nodes and updating the grid tree. In the experiments, some situations of on-off attacks are simulated and the results are compared with other approaches. The experimental results indicate that our approach can detect malicious nodes effectively and guarantee secure data aggregation with acceptable energy consumption.
文摘Due to the complicated background of objectives and speckle noise, it is almost impossible to extract roads directly from original synthetic aperture radar(SAR) images. A method is proposed for extraction of road network from high-resolution SAR image. Firstly, fuzzy C means is used to classify the filtered SAR image unsupervisedly, and the road pixels are isolated from the image to simplify the extraction of road network. Secondly, according to the features of roads and the membership of pixels to roads, a road model is constructed, which can reduce the extraction of road network to searching globally optimization continuous curves which pass some seed points. Finally, regarding the curves as individuals and coding a chromosome using integer code of variance relative to coordinates, the genetic operations are used to search global optimization roads. The experimental results show that the algorithm can effectively extract road network from high-resolution SAR images.
基金supported by the project of the State Key Program of National Natural Science Foundation of China (No. 90818021)supported by a grant from the national high technology research and development program of China (863program) (No.2012AA012903)
文摘In order to protect the website and assess the security risk of website, a novel website security risk assessment method is proposed based on the improved Bayesian attack graph(I-BAG) model. First, the Improved Bayesian attack graph model is established, which takes attack benefits and threat factors into consideration. Compared with the existing attack graph models, it can better describe the website's security risk. Then, the improved Bayesian attack graph is constructed with optimized website attack graph, attack benefit nodes, threat factor nodes and the local conditional probability distribution of each node, which is calculated accordingly. Finally, website's attack probability and risk value are calculated on the level of nodes, hosts and the whole website separately. The experimental results demonstrate that the risk evaluating method based on I-BAG model proposed is a effective way for assessing the website security risk.
文摘Paper study the MAC layer security mechanism and data frame structure in ZigBee protocol, improve the algorithm for random Fuzzing test technology, and test method of attack fusion boundary, structure of Fuzzing and the node clone, proposed a ZigBee routing protocol for the MAC layer security comprehensive detection algorithm. Fuzzing test show that the testing algorithm can not only greatly improve the test efficiency in Fuzzing, more than the structure of Fuzzing is increased by 50% in path coverage.
文摘A number of contingencies simulated during dynamic security assessment do not generate unacceptable values of power system state variables, due to their small influence on system operation. Their exclusion from the set of contingencies to be simulated in the security assessment would achieve a significant reduction in computation time. This paper defines a critical contingencies selection method for on-line dynamic security assessment. The selection method results from an off-line dynamical analysis, which covers typical scenarios and also covers various related aspects like frequency, voltage, and angle analyses among others. Indexes measured over these typical scenarios are used to train neural networks, capable of performing on-line estimation of a critical contingencies list according to the system state.
文摘In order to reduce broadcast storms, improve network security, virtual LAN technology has been widely used in LAN planning. But in many networks, it was be required that computers in different VLAN (Virtual Local Area Network) could be communicated. This article mainly introduced the VLAN classification method inter-VLAN data communication technology, and explained in detail with two simple examples the concrete configure method of the communication between the same cross-switch VLAN traffic and inter-VLAN.
