In order to manage all kinds of network security devices and software systems efficiently, and make them collaborate with each other, the model for an open network security management platform is presented. The feasib...In order to manage all kinds of network security devices and software systems efficiently, and make them collaborate with each other, the model for an open network security management platform is presented. The feasibility and key implementing technology of the model are expatiated. A prototype system is implemented to validate it.展开更多
This paper proposed a distributed key management approach by using the recently developed concepts of certificate-based cryptosystem and threshold secret sharing schemes. Without any assumption of prefixed trust relat...This paper proposed a distributed key management approach by using the recently developed concepts of certificate-based cryptosystem and threshold secret sharing schemes. Without any assumption of prefixed trust relationship between nodes, the ad hoc network works in a self-organizing way to provide the key generation and key management services using threshold secret sharing schemes, which effectively solves the problem of single point of failure. The proposed approach combines the best aspects of identity-based key management approaches (implicit certification) and traditional public key infrastructure approaches (no key escrow).展开更多
With the increasing enlargement of network scale and the rapid development of network techniques, large numbers of the network applications begin to appear. Packet capture plays an important role as one basic techniqu...With the increasing enlargement of network scale and the rapid development of network techniques, large numbers of the network applications begin to appear. Packet capture plays an important role as one basic technique used in each field of the network applications. In a high-speed network, the heavy traffic of network transmission challenges the packet capture techniques. This paper does an in-depth analysis on the traditional packet capture mechanisms in Linux, and then measures the performance bottleneck in the process of packet capture. The methods for improving the packet capture performance are presented and an optimized packet capture scheme is also designed and implemented. The test demonstrates that the new packet capture mechanism (Libpacket) can greatly improve the packet capture performance of the network application systems in a high-speed network.展开更多
Network-induced delay and jitter are key factors causing performance degradation and instability of NCSs (networked control systems). The relationships between the sampling periods of the control loops, network-induce...Network-induced delay and jitter are key factors causing performance degradation and instability of NCSs (networked control systems). The relationships between the sampling periods of the control loops, network-induced delay and jitter were studied aimed at token-type networks. A jitter-dependent optimal bandwidth scheduling algorithm for NCSs is proposed, which tries to achieve a tradeoff between bandwidth occupancy and system performance. Simulation tests proved the effectiveness of this optimal scheduling algorithm.展开更多
Wireless sensor networks are being deployed for some practical applications and their se-curity has received considerable attention.It is an important challenge to find out suitable keyagreement and encryption scheme ...Wireless sensor networks are being deployed for some practical applications and their se-curity has received considerable attention.It is an important challenge to find out suitable keyagreement and encryption scheme for wireless sensor networks due to limitations of the power,com-putation capability and storage resources.In this paper,an efficient key agreement and encryptionscheme for wireless sensor networks is presented.Results of analysis and simulations among the pro-posed scheme and other schemes show that the proposed scheme has some advantages in terms ofenergy consumption,computation requirement,storage requirement and security.展开更多
This paper discussed the necessity of establishing a computer network in a mining railway transport management system. The network structure and the system security design, associated with the real development conditi...This paper discussed the necessity of establishing a computer network in a mining railway transport management system. The network structure and the system security design, associated with the real development condition of a mining area, were brought forward, and the system evaluation was given.展开更多
Security issues are always difficult to deal with in mobile ad hoe networks. People seldom studied the costs of those security schemes respectively and for some security methods designed and adopted beforehand, their ...Security issues are always difficult to deal with in mobile ad hoe networks. People seldom studied the costs of those security schemes respectively and for some security methods designed and adopted beforehand, their effects are often investigated one by one. In fact, when facing certain attacks, different methods would respond individually and result in waste of resources. Making use of the cost management idea, we analyze the costs of security measures in mobile ad hoc networks and introduce a security framework based on security mechanisms cost management. Under the framework, the network system's own tasks can be finished in time and the whole network's security costs can be decreased. We discuss the process of security costs computation at each mobile node and in certain nodes groups. To show how to use the proposed security framework in certain applications, we give examples of DoS attacks and costs computation of defense methods. The results showed that more secure environment can be achieved based on the security framework in mobile ad hoc networks.展开更多
The key exposure problem is a practical threat for many security applications. In wireless sensor networks (WSNs), keys could be compromised easily due to its limited hardware protections. A secure group key managemen...The key exposure problem is a practical threat for many security applications. In wireless sensor networks (WSNs), keys could be compromised easily due to its limited hardware protections. A secure group key management scheme is responsible for secure distributing group keys among valid nodes of the group. Based on the key-insulated encryption (KIE), we propose a group key management scheme (KIE-GKMS), which integrates the pair-wise key pre-distribution for WSN. The KIE-GKMS scheme updates group keys dynamically when adding or removing nodes. Moreover, the security analysis proves that the KIE-GKMS scheme not only obtains the semantic security, but also provides the forward and backward security. Finally, the theoretical analysis shows that the KIE-GKMS scheme has constant performance on both communication and storage costs in sensor nodes.展开更多
Based on the analysis of developing target, function and constitution of research projects system for remote management, the virtual account system is established on 3 layers of B/S mode. The development process of vi...Based on the analysis of developing target, function and constitution of research projects system for remote management, the virtual account system is established on 3 layers of B/S mode. The development process of virtual account system is realized by JSP/Servlets development language and MySQL database under windows server 2003 platform. At the same time, network security module of the system has been realized to reduce the influence caused by network security incidents. The system is capable of updating the information of vertical and horizontal projects dynamically and assigning virtual funds on WWW. Also, it realizes the query, statistical analysis function and so on. Practical results show that the system is a successful system for analyzing the various projects index of different departments.展开更多
Network spoofing attacks are very specialized attacks, and network security managers brought a severe test. In this paper, through the analysis of the ARP protocol works, it discusses ARP protocol AR P virus are two c...Network spoofing attacks are very specialized attacks, and network security managers brought a severe test. In this paper, through the analysis of the ARP protocol works, it discusses ARP protocol AR P virus are two common attacks from the IP address to the security risks that exist in the physical address resolution process, and then analyzes in detail, and then introduces the AR P Find virus source and virus removal methods, and finally putting forward effective measures to guard against AR P virus.展开更多
With the development and popularization of network technology, such as attacks from the network is also facing serious challenges, showing a "one foot in mind that" the situation. How can detect possible security ri...With the development and popularization of network technology, such as attacks from the network is also facing serious challenges, showing a "one foot in mind that" the situation. How can detect possible security risks and the type of attack, and provide preventive strategy is to network managers have been pursuing the goal of network security situational awareness can speak a variety of services and associated data as a highly organic whole, summarized network security and dependency relationships come more comprehensive, complete, accurate decision-making for network security assessment and countermeasures.展开更多
Along with the rapid development of social networks, social network worms have constituted one of the major internet security problems. The root of worm is the inevitable software vulnerability during the design and i...Along with the rapid development of social networks, social network worms have constituted one of the major internet security problems. The root of worm is the inevitable software vulnerability during the design and implementation process of software. So it is hard to completely avoid worms in the existing software engineering systems. Due to lots of bandwidth consumption, the patch cannot be transmitted simultaneously by the network administrator to all hosts. This paper studies how to prevent the propagation of social network worms through the immunization of key nodes. Unlike existing containment models for worm propagation, a novel immunization strategy is proposed based on network vertex influence. The strategy selects the critical vertices in the whole network. Then the immunization is applied on the selected vertices to achieve the maximal effect of worm containment with minimal cost. Different algorithms are implemented to select vertices. Simulation experiments are presented to analyze and evaluate the performance of different algorithms.展开更多
The security evaluation for an information network system is an important management tool to insure its normal operation. We must realize the significance of the comprehensive network security risks. A network evaluat...The security evaluation for an information network system is an important management tool to insure its normal operation. We must realize the significance of the comprehensive network security risks. A network evaluation model and the algorithm are presented and adapt the hierarchical method to characterize the security risk situation. The evaluation method is used to evaluate the key nodes and the mathematics is used to analyze the whole network security situation. Compared with others, the method can automatically create a rule-based security evaluation model to evaluate the security threat from the individual security elements and the combination of security elements, and then evaluation the network situation. It is shown that this system provides a valuable model and algorithms to help to find the security rules, adjust the security展开更多
With the rapid development and wide application of network technology, information security issues are increasingly highlighted, received more and more attention. This article introduces the present situation of netwo...With the rapid development and wide application of network technology, information security issues are increasingly highlighted, received more and more attention. This article introduces the present situation of network information security, discusses the connotation of network information security, and analyzes the main threat to the security of the network information. And we separately detailed description of the data monitoring platform architecture from the data layer, network layer and presentation layer three levels, focuses on the functional structure of intelligent database platform, and puts forward to measures that ensure the safety of the platform and the internal data security. Through the design of the platform to improve the information security system has certain significance.展开更多
With the continuous development of network applications, network security equipment type and the number of growing, heterogeneous security devices is difficult synergistic, massive alarm information is difficult to de...With the continuous development of network applications, network security equipment type and the number of growing, heterogeneous security devices is difficult synergistic, massive alarm information is difficult to deal and the lack of an effective response to the treatment process as well as on security incidents. To solve these problems, the proposed design of a unified management platform for a variety of heterogeneous network security equipment. A brief introduction for the main functions of the platform.The article proposed a traffic handling mechanisms of heterogeneous security devices, allowing the platform to support heterogeneous security devices.展开更多
The rapid development of electronic businesses raises the need for exchanging information between enterprise networks via internet. Ira secure connection is necessary then a virtual private network(VPN) is essential...The rapid development of electronic businesses raises the need for exchanging information between enterprise networks via internet. Ira secure connection is necessary then a virtual private network(VPN) is essential. IPSec use encrypting and encapsulating technology in client device and establishes a secure tunnel connection. The private network built by IPSec technology can ensure good transmission performance and service quality over public networks. This paper analyses the architecture of IPSec and describes the process of creating a site- to-site IPSec VPN between header and branch of enterprise over internet. In addition, this study analyses the encryption at the boundary of the network and concludes a propose some practical problems need to consider inside enterprise network.展开更多
In this paper, online security warning and risk assessment of power grid are proposed, based on data from EMS (Energy Management System), combined with information of real-time operation state, component status and ...In this paper, online security warning and risk assessment of power grid are proposed, based on data from EMS (Energy Management System), combined with information of real-time operation state, component status and external operating environment. It combines the two factors, contingency likelihood and severity, that determine system reliability, into risk indices on different loads and operation modes, which provide precise evaluation of the power grid's security performance. According to these indices, it can know the vulnerable area of the system and whether the normal operating mode or repair mode is over-limited or not, and provide decision-making support for dispatchers. Common cause outages and equipment-aging are considered in terms of the establishment of outage model. Multiple risk indices are defined in order to reflect the risk level of the power grid more comprehensively.展开更多
文摘In order to manage all kinds of network security devices and software systems efficiently, and make them collaborate with each other, the model for an open network security management platform is presented. The feasibility and key implementing technology of the model are expatiated. A prototype system is implemented to validate it.
文摘This paper proposed a distributed key management approach by using the recently developed concepts of certificate-based cryptosystem and threshold secret sharing schemes. Without any assumption of prefixed trust relationship between nodes, the ad hoc network works in a self-organizing way to provide the key generation and key management services using threshold secret sharing schemes, which effectively solves the problem of single point of failure. The proposed approach combines the best aspects of identity-based key management approaches (implicit certification) and traditional public key infrastructure approaches (no key escrow).
基金Sponsored by the National High Technology Development Program of China (Grant No. 2002AA142020).
文摘With the increasing enlargement of network scale and the rapid development of network techniques, large numbers of the network applications begin to appear. Packet capture plays an important role as one basic technique used in each field of the network applications. In a high-speed network, the heavy traffic of network transmission challenges the packet capture techniques. This paper does an in-depth analysis on the traditional packet capture mechanisms in Linux, and then measures the performance bottleneck in the process of packet capture. The methods for improving the packet capture performance are presented and an optimized packet capture scheme is also designed and implemented. The test demonstrates that the new packet capture mechanism (Libpacket) can greatly improve the packet capture performance of the network application systems in a high-speed network.
基金Project supported by the National Natural Science Foundation ofChina (Nos. 60074011 and 60174009), and Youth Science and Tech-nology Foundation of Shanxi Province (No. 20051020), China
文摘Network-induced delay and jitter are key factors causing performance degradation and instability of NCSs (networked control systems). The relationships between the sampling periods of the control loops, network-induced delay and jitter were studied aimed at token-type networks. A jitter-dependent optimal bandwidth scheduling algorithm for NCSs is proposed, which tries to achieve a tradeoff between bandwidth occupancy and system performance. Simulation tests proved the effectiveness of this optimal scheduling algorithm.
基金the Six Great Talent Peak Plan of JiangsuProvince(No 06-E-044)the"Qinlan Project"plan of Jiangsu province 2006 and the Natural Science Founda-tion of Jiangsu Province(No.BK2004218).
文摘Wireless sensor networks are being deployed for some practical applications and their se-curity has received considerable attention.It is an important challenge to find out suitable keyagreement and encryption scheme for wireless sensor networks due to limitations of the power,com-putation capability and storage resources.In this paper,an efficient key agreement and encryptionscheme for wireless sensor networks is presented.Results of analysis and simulations among the pro-posed scheme and other schemes show that the proposed scheme has some advantages in terms ofenergy consumption,computation requirement,storage requirement and security.
文摘This paper discussed the necessity of establishing a computer network in a mining railway transport management system. The network structure and the system security design, associated with the real development condition of a mining area, were brought forward, and the system evaluation was given.
文摘Security issues are always difficult to deal with in mobile ad hoe networks. People seldom studied the costs of those security schemes respectively and for some security methods designed and adopted beforehand, their effects are often investigated one by one. In fact, when facing certain attacks, different methods would respond individually and result in waste of resources. Making use of the cost management idea, we analyze the costs of security measures in mobile ad hoc networks and introduce a security framework based on security mechanisms cost management. Under the framework, the network system's own tasks can be finished in time and the whole network's security costs can be decreased. We discuss the process of security costs computation at each mobile node and in certain nodes groups. To show how to use the proposed security framework in certain applications, we give examples of DoS attacks and costs computation of defense methods. The results showed that more secure environment can be achieved based on the security framework in mobile ad hoc networks.
基金Project(61100201) supported by National Natural Science Foundation of ChinaProject(12ZZ019) supported by Technology Innovation Research Program,Shang Municipal Education Commission,China+1 种基金Project(LYM11053) supported by the Foundation for Distinguished Young Talents in Higher Education of Guangdong Province,ChinaProject(NCET-12-0358) supported by New Century Excellent Talentsin University,Ministry of Education,China
文摘The key exposure problem is a practical threat for many security applications. In wireless sensor networks (WSNs), keys could be compromised easily due to its limited hardware protections. A secure group key management scheme is responsible for secure distributing group keys among valid nodes of the group. Based on the key-insulated encryption (KIE), we propose a group key management scheme (KIE-GKMS), which integrates the pair-wise key pre-distribution for WSN. The KIE-GKMS scheme updates group keys dynamically when adding or removing nodes. Moreover, the security analysis proves that the KIE-GKMS scheme not only obtains the semantic security, but also provides the forward and backward security. Finally, the theoretical analysis shows that the KIE-GKMS scheme has constant performance on both communication and storage costs in sensor nodes.
基金This work is supported by Liaoning Province Doctoral Startup Grant 20031069 and China National "863"CI MS Foundation ( NO2003AA412030 9 ,2004AA412020 08)
文摘Based on the analysis of developing target, function and constitution of research projects system for remote management, the virtual account system is established on 3 layers of B/S mode. The development process of virtual account system is realized by JSP/Servlets development language and MySQL database under windows server 2003 platform. At the same time, network security module of the system has been realized to reduce the influence caused by network security incidents. The system is capable of updating the information of vertical and horizontal projects dynamically and assigning virtual funds on WWW. Also, it realizes the query, statistical analysis function and so on. Practical results show that the system is a successful system for analyzing the various projects index of different departments.
文摘Network spoofing attacks are very specialized attacks, and network security managers brought a severe test. In this paper, through the analysis of the ARP protocol works, it discusses ARP protocol AR P virus are two common attacks from the IP address to the security risks that exist in the physical address resolution process, and then analyzes in detail, and then introduces the AR P Find virus source and virus removal methods, and finally putting forward effective measures to guard against AR P virus.
文摘With the development and popularization of network technology, such as attacks from the network is also facing serious challenges, showing a "one foot in mind that" the situation. How can detect possible security risks and the type of attack, and provide preventive strategy is to network managers have been pursuing the goal of network security situational awareness can speak a variety of services and associated data as a highly organic whole, summarized network security and dependency relationships come more comprehensive, complete, accurate decision-making for network security assessment and countermeasures.
基金supported by Fundamental Research Funds of the Central Universities under Grant no. N120317001 and N100704001Program for New Century Excellent Talents in University (NCET13-0113)+1 种基金Natural Science Foundation of Liaoning Province of China under Grant no. 201202059Program for Liaoning Excellent Talents in University under LR2013011
文摘Along with the rapid development of social networks, social network worms have constituted one of the major internet security problems. The root of worm is the inevitable software vulnerability during the design and implementation process of software. So it is hard to completely avoid worms in the existing software engineering systems. Due to lots of bandwidth consumption, the patch cannot be transmitted simultaneously by the network administrator to all hosts. This paper studies how to prevent the propagation of social network worms through the immunization of key nodes. Unlike existing containment models for worm propagation, a novel immunization strategy is proposed based on network vertex influence. The strategy selects the critical vertices in the whole network. Then the immunization is applied on the selected vertices to achieve the maximal effect of worm containment with minimal cost. Different algorithms are implemented to select vertices. Simulation experiments are presented to analyze and evaluate the performance of different algorithms.
文摘The security evaluation for an information network system is an important management tool to insure its normal operation. We must realize the significance of the comprehensive network security risks. A network evaluation model and the algorithm are presented and adapt the hierarchical method to characterize the security risk situation. The evaluation method is used to evaluate the key nodes and the mathematics is used to analyze the whole network security situation. Compared with others, the method can automatically create a rule-based security evaluation model to evaluate the security threat from the individual security elements and the combination of security elements, and then evaluation the network situation. It is shown that this system provides a valuable model and algorithms to help to find the security rules, adjust the security
文摘With the rapid development and wide application of network technology, information security issues are increasingly highlighted, received more and more attention. This article introduces the present situation of network information security, discusses the connotation of network information security, and analyzes the main threat to the security of the network information. And we separately detailed description of the data monitoring platform architecture from the data layer, network layer and presentation layer three levels, focuses on the functional structure of intelligent database platform, and puts forward to measures that ensure the safety of the platform and the internal data security. Through the design of the platform to improve the information security system has certain significance.
文摘With the continuous development of network applications, network security equipment type and the number of growing, heterogeneous security devices is difficult synergistic, massive alarm information is difficult to deal and the lack of an effective response to the treatment process as well as on security incidents. To solve these problems, the proposed design of a unified management platform for a variety of heterogeneous network security equipment. A brief introduction for the main functions of the platform.The article proposed a traffic handling mechanisms of heterogeneous security devices, allowing the platform to support heterogeneous security devices.
文摘The rapid development of electronic businesses raises the need for exchanging information between enterprise networks via internet. Ira secure connection is necessary then a virtual private network(VPN) is essential. IPSec use encrypting and encapsulating technology in client device and establishes a secure tunnel connection. The private network built by IPSec technology can ensure good transmission performance and service quality over public networks. This paper analyses the architecture of IPSec and describes the process of creating a site- to-site IPSec VPN between header and branch of enterprise over internet. In addition, this study analyses the encryption at the boundary of the network and concludes a propose some practical problems need to consider inside enterprise network.
文摘In this paper, online security warning and risk assessment of power grid are proposed, based on data from EMS (Energy Management System), combined with information of real-time operation state, component status and external operating environment. It combines the two factors, contingency likelihood and severity, that determine system reliability, into risk indices on different loads and operation modes, which provide precise evaluation of the power grid's security performance. According to these indices, it can know the vulnerable area of the system and whether the normal operating mode or repair mode is over-limited or not, and provide decision-making support for dispatchers. Common cause outages and equipment-aging are considered in terms of the establishment of outage model. Multiple risk indices are defined in order to reflect the risk level of the power grid more comprehensively.
