In order to manage all kinds of network security devices and software systems efficiently, and make them collaborate with each other, the model for an open network security management platform is presented. The feasib...In order to manage all kinds of network security devices and software systems efficiently, and make them collaborate with each other, the model for an open network security management platform is presented. The feasibility and key implementing technology of the model are expatiated. A prototype system is implemented to validate it.展开更多
Association rules are useful for determining correlations between items. Applying association rules to intrusion detection system (IDS) can improve the detection rate, but false positive rate is also increased. Weight...Association rules are useful for determining correlations between items. Applying association rules to intrusion detection system (IDS) can improve the detection rate, but false positive rate is also increased. Weighted association rules are used in this paper to mine intrustion models, which can increase the detection rate and decrease the false positive rate by some extent. Based on this, the structure of host-based IDS using weighted association rules is proposed.展开更多
The expansibility of PKI is expected to have the features that when the amount of user exceeds the system capacity, the users’ requirement can still be met by simply expanding the number of PKI entities and managemen...The expansibility of PKI is expected to have the features that when the amount of user exceeds the system capacity, the users’ requirement can still be met by simply expanding the number of PKI entities and management levels, and this expansion should be achieved smoothly from the original system. The upward, downward, and horizontal expansions of PKI are discussed in this paper. A path discovery method is suggested to reduce the effect of PKI expansion to the end entities, so as to enhance the availbility of PKI services.展开更多
This paper presents a mechanism for detecting flooding-attacks. The simplicity of the mechanism lies in its statelessness and low computation overhead, which makes the detection mechanism itself immune to flooding-att...This paper presents a mechanism for detecting flooding-attacks. The simplicity of the mechanism lies in its statelessness and low computation overhead, which makes the detection mechanism itself immune to flooding-attacks. The SYN-flooding, as an instance of flooding-attack, is used to illustrate the anomaly detection mechanism. The mechanism applies an exponentially weighted moving average (EWMA) method to detect the abrupt net flow and applies a symmetry analysis method to detect the anomaly activity of the network flow. Experiment shows that the mechanism has high detection accuracy and low detection latency.展开更多
The key exchange is a fundamental building block in the cryptography. Several provable security models for the key exchange protocol are proposed. To determine the exact properties required by the protocols, a single ...The key exchange is a fundamental building block in the cryptography. Several provable security models for the key exchange protocol are proposed. To determine the exact properties required by the protocols, a single unified security model is essential, The eCK , eCK and CK models are examined and the result is proved that the eCK' model is the strongest provable security model for the key exchange. The relative security strength among these models is analyzed. To support the implication or non-implication relations among these models, the formal proofs and the counter-examples are given.展开更多
The impact of risk correlation on firm's investments in information system security is studied by using quantification models combining the ideas of the risk management theory and the game theory. The equilibrium lev...The impact of risk correlation on firm's investments in information system security is studied by using quantification models combining the ideas of the risk management theory and the game theory. The equilibrium levels of self-protection and insurance coverage under the non- cooperative condition are compared with socially optimal solutions, and the associated coordination mechanisms are proposed. The results show that self-protection investment increases in response to an increase in potential loss when the interdependent risk is small; the interdependent risk of security investments often induce firms to underinvest in security relative to the socially efficient level by ignoring marginal external costs or benefits conferred on others. A subsidy on self-protection investment from the government can help coordinate a firm's risk management decision and, thereby, improve individual security level and overall social welfare.展开更多
The virtual private network (VPN) system, which is one of the construction methods for private networks over the Internet, is gaining prominence. VPNs are currently used for corporate networks to support end to end ...The virtual private network (VPN) system, which is one of the construction methods for private networks over the Internet, is gaining prominence. VPNs are currently used for corporate networks to support end to end communications. But if they are applied to private networks for distributed departments in organizations, some problems should be concerned, such as low efficiency of packet transfer and nonsupport of unsymmetrical VPN connections. At first this paper analyzes the limitations of VPN used in the environment of multiple subnets, and then brings up a distributed module of VPN with low cost, high packet transfer efficiency and powerful functions of user authentication and access control.展开更多
The security problem of the Web system in the Internet based Intranet and the shortcomings of the methods used in solving this problem are analyzed and our system model of Web communication security are discussed, i...The security problem of the Web system in the Internet based Intranet and the shortcomings of the methods used in solving this problem are analyzed and our system model of Web communication security are discussed, i.e, adding local proxy to browser and reverse proxy to Web server based on present Web browser and server. The transformation between HTTP message and secure HTTP message is implemented in these two proxy modules. The architecture and implementing method is given and the features of this module is also discussed.展开更多
The main goal of routing solutions is to satisfy the requirements of the Quality of Service (QoS) for every admitted connection as well as to achieve a global efficiency in resource utilization.In this paper proposes ...The main goal of routing solutions is to satisfy the requirements of the Quality of Service (QoS) for every admitted connection as well as to achieve a global efficiency in resource utilization.In this paper proposes a solution based on Hopfield neural network (HNN) to deal with one of representative routing problems in uni-cast routing,i.e.the multi-constrained(MC) routing problem.Computer simulation shows that we can obtain the optimal path very rapidly with our new Lyapunov energy functions.展开更多
To satisfy the need of good quality and high yield primary production,the farmland information management system based on wireless Sensor Network has been proposed.We give priority to analyzing the basic function of t...To satisfy the need of good quality and high yield primary production,the farmland information management system based on wireless Sensor Network has been proposed.We give priority to analyzing the basic function of the system,building the systematic structure of applied system and network system,and implementing the energy control and safety design of system.The system can reduce manpower operation and the error of manual measuration in the course of practical production,reduce the cost of agricultural production,and realize automatization of agricultural production to the largest extent to provide an effective way to realize good quality and high yield primary production,which has an important realistic meaning.展开更多
Today companies and organizations are using the Web as the main informationdissemination means both at internal and external level. Information dissemination often takes theform of XML documents that are made availabl...Today companies and organizations are using the Web as the main informationdissemination means both at internal and external level. Information dissemination often takes theform of XML documents that are made available at Web servers, or that are actively broadcasted byWeb servers to interested clients. These documents often contain information at different degrees ofsensitivity, therefore a strong XML security platform and mechanism is needed. In this paper wedeveloped CIT/XML security platform and take a close look to syntax and processing of CIT/digitalsignature model, CIT/encryption model, CIT/smart card crypto and SPKI interface security models.Security services such as authentication, integrity and confidentiality to XML documents and non-XMLdocuments, which exchanged among various servers, are provided.展开更多
文摘In order to manage all kinds of network security devices and software systems efficiently, and make them collaborate with each other, the model for an open network security management platform is presented. The feasibility and key implementing technology of the model are expatiated. A prototype system is implemented to validate it.
文摘Association rules are useful for determining correlations between items. Applying association rules to intrusion detection system (IDS) can improve the detection rate, but false positive rate is also increased. Weighted association rules are used in this paper to mine intrustion models, which can increase the detection rate and decrease the false positive rate by some extent. Based on this, the structure of host-based IDS using weighted association rules is proposed.
文摘The expansibility of PKI is expected to have the features that when the amount of user exceeds the system capacity, the users’ requirement can still be met by simply expanding the number of PKI entities and management levels, and this expansion should be achieved smoothly from the original system. The upward, downward, and horizontal expansions of PKI are discussed in this paper. A path discovery method is suggested to reduce the effect of PKI expansion to the end entities, so as to enhance the availbility of PKI services.
基金TheNationalHighTechnologyResearchandDevelopmentProgramofChina(863Program) (No .2 0 0 2AA14 5 0 90 )
文摘This paper presents a mechanism for detecting flooding-attacks. The simplicity of the mechanism lies in its statelessness and low computation overhead, which makes the detection mechanism itself immune to flooding-attacks. The SYN-flooding, as an instance of flooding-attack, is used to illustrate the anomaly detection mechanism. The mechanism applies an exponentially weighted moving average (EWMA) method to detect the abrupt net flow and applies a symmetry analysis method to detect the anomaly activity of the network flow. Experiment shows that the mechanism has high detection accuracy and low detection latency.
基金Supported by the National High Technology Research and Development Program of China("863"Program)(2006AA706103)~~
文摘The key exchange is a fundamental building block in the cryptography. Several provable security models for the key exchange protocol are proposed. To determine the exact properties required by the protocols, a single unified security model is essential, The eCK , eCK and CK models are examined and the result is proved that the eCK' model is the strongest provable security model for the key exchange. The relative security strength among these models is analyzed. To support the implication or non-implication relations among these models, the formal proofs and the counter-examples are given.
基金The National Natural Science Foundation of China(No.71071033)
文摘The impact of risk correlation on firm's investments in information system security is studied by using quantification models combining the ideas of the risk management theory and the game theory. The equilibrium levels of self-protection and insurance coverage under the non- cooperative condition are compared with socially optimal solutions, and the associated coordination mechanisms are proposed. The results show that self-protection investment increases in response to an increase in potential loss when the interdependent risk is small; the interdependent risk of security investments often induce firms to underinvest in security relative to the socially efficient level by ignoring marginal external costs or benefits conferred on others. A subsidy on self-protection investment from the government can help coordinate a firm's risk management decision and, thereby, improve individual security level and overall social welfare.
文摘The virtual private network (VPN) system, which is one of the construction methods for private networks over the Internet, is gaining prominence. VPNs are currently used for corporate networks to support end to end communications. But if they are applied to private networks for distributed departments in organizations, some problems should be concerned, such as low efficiency of packet transfer and nonsupport of unsymmetrical VPN connections. At first this paper analyzes the limitations of VPN used in the environment of multiple subnets, and then brings up a distributed module of VPN with low cost, high packet transfer efficiency and powerful functions of user authentication and access control.
文摘The security problem of the Web system in the Internet based Intranet and the shortcomings of the methods used in solving this problem are analyzed and our system model of Web communication security are discussed, i.e, adding local proxy to browser and reverse proxy to Web server based on present Web browser and server. The transformation between HTTP message and secure HTTP message is implemented in these two proxy modules. The architecture and implementing method is given and the features of this module is also discussed.
基金This workis supported by National Natural Science Foundationof China ( No.60277022) Outstanding Youth Foundation ofHenan Province , Natural Science Foundation of Tianjin( No.023800811) +1 种基金the Research Fund for the Doctoral Program ofHigher education(No.20030055022) The Project-sponsored bySRFfor ROCS,SEM.
文摘The main goal of routing solutions is to satisfy the requirements of the Quality of Service (QoS) for every admitted connection as well as to achieve a global efficiency in resource utilization.In this paper proposes a solution based on Hopfield neural network (HNN) to deal with one of representative routing problems in uni-cast routing,i.e.the multi-constrained(MC) routing problem.Computer simulation shows that we can obtain the optimal path very rapidly with our new Lyapunov energy functions.
基金Supported by National 863 Plan Project (2008AA10Z220 )Key Technological Task Project of Henan Agricultural Domain(082102140004)~~
文摘To satisfy the need of good quality and high yield primary production,the farmland information management system based on wireless Sensor Network has been proposed.We give priority to analyzing the basic function of the system,building the systematic structure of applied system and network system,and implementing the energy control and safety design of system.The system can reduce manpower operation and the error of manual measuration in the course of practical production,reduce the cost of agricultural production,and realize automatization of agricultural production to the largest extent to provide an effective way to realize good quality and high yield primary production,which has an important realistic meaning.
文摘Today companies and organizations are using the Web as the main informationdissemination means both at internal and external level. Information dissemination often takes theform of XML documents that are made available at Web servers, or that are actively broadcasted byWeb servers to interested clients. These documents often contain information at different degrees ofsensitivity, therefore a strong XML security platform and mechanism is needed. In this paper wedeveloped CIT/XML security platform and take a close look to syntax and processing of CIT/digitalsignature model, CIT/encryption model, CIT/smart card crypto and SPKI interface security models.Security services such as authentication, integrity and confidentiality to XML documents and non-XMLdocuments, which exchanged among various servers, are provided.
