The security problem of the Web system in the Internet based Intranet and the shortcomings of the methods used in solving this problem are analyzed and our system model of Web communication security are discussed, i...The security problem of the Web system in the Internet based Intranet and the shortcomings of the methods used in solving this problem are analyzed and our system model of Web communication security are discussed, i.e, adding local proxy to browser and reverse proxy to Web server based on present Web browser and server. The transformation between HTTP message and secure HTTP message is implemented in these two proxy modules. The architecture and implementing method is given and the features of this module is also discussed.展开更多
The concept of intelligent integrated network management (IINM) is briefly introduced. In order to analyze, design and implement IINM successfully, object oriented approach is testified to be an effective and efficien...The concept of intelligent integrated network management (IINM) is briefly introduced. In order to analyze, design and implement IINM successfully, object oriented approach is testified to be an effective and efficient way. In this paper, object oriented technique is applied to the structural model of IINM system, The Domain object class and the MU object class are used to represent the manager and the managed resources. Especially, NM IA is introduced which is a special object class with intelligent behaviors to manage the resources efficiently.展开更多
The neighbor knowledge in mobile ad hoc networks is important information. However, the accuracy of neighbor knowledge is paid in terms of energy consumption. In traditional schemes for neighbor discovery, a mobile no...The neighbor knowledge in mobile ad hoc networks is important information. However, the accuracy of neighbor knowledge is paid in terms of energy consumption. In traditional schemes for neighbor discovery, a mobile node uses fixed period to send HELLO messages to notify its existence. An adaptive scheme was proposed. The objective is that when mobile nodes are distributed sparsely or move slowly, fewer HELLO messages are needed to achieve reasonable accuracy, while in a mutable network where nodes are dense or move quickly, they can adaptively send more HELLO messages to ensure the accuracy. Simulation results show that the adaptive scheme achieves the objective and performs effectively.展开更多
Autonomic networking is one of the hot research topics in the research area of future network architectures.In this paper, we introduce context-aware and autonomic attributes into DiffServ QoS framework, and propose a...Autonomic networking is one of the hot research topics in the research area of future network architectures.In this paper, we introduce context-aware and autonomic attributes into DiffServ QoS framework, and propose a novel autonomic packet marking(APM) algorithm.In the proposed autonomic QoS framework, APM is capable of collecting various QoS related contexts, and adaptively adjusting its behavior to provide better QoS guarantee according to users' requirements and network conditions.Simulation results show that APM provides better performance than traditional packet marker, and significantly improves user's quality of experience.展开更多
Vulnerability-testing Oriented Petri Net (VOPN), a vulnerability testing model for communication protocol is brought forward first, which is combined Petri Net system with protocol Syntax analysis. Then vulnerabilit...Vulnerability-testing Oriented Petri Net (VOPN), a vulnerability testing model for communication protocol is brought forward first, which is combined Petri Net system with protocol Syntax analysis. Then vulnerability testing of implementation of HTTP protocol based on VOPN is made and the process is analyzed to prove the feasibility of the model.展开更多
The Binary-based attestation (BA) mechanism presented by the Trusted Computing Group can equip the application with the capability of genuinely identifying configurations of remote system. However, BA only supports ...The Binary-based attestation (BA) mechanism presented by the Trusted Computing Group can equip the application with the capability of genuinely identifying configurations of remote system. However, BA only supports the attestation for specific patterns of binary codes defined by a trusted party, mostly the software vendor, for a particular version of a software. In this paper, we present a Source-Code Oriented Attestation (SCOA) framework to enable custom built application to be attested to in the TCG attestation architecture. In SCOA, security attributes are bond with the source codes of an application instead of its binaries codes. With a proof chain generated by a Trusted Building System to record the building procedure, the challengers can determine whether the binary interacted with is genuinely built from a particular set of source codes. Moreover, with the security attribute certificates assigned to the source codes, they can determine the trustworthiness of the binary. In this paper, we present a TBS implementation with virtualization.展开更多
Existing detection methods against SYN flooding attacks are effective only at the later stages when attacking signatures are obvious.In this paper an early stage detecting method(ESDM) is proposed.The ESDM is a simple...Existing detection methods against SYN flooding attacks are effective only at the later stages when attacking signatures are obvious.In this paper an early stage detecting method(ESDM) is proposed.The ESDM is a simple but effective method to detect SYN flooding attacks at the early stage.In the ESDM the SYN traffic is forecasted by autoregressive integrated moving average model, and non-parametric cumulative sum algorithm is used to find the SYN flooding attacks according to the forecasted traffic.Trace-driven simulations show that ESDM is accurate and efficient to detect the SYN flooding attacks.展开更多
Since the frequency of network security incidents is nonlinear,traditional prediction methods such as ARMA,Gray systems are difficult to deal with the problem.When the size of sample is small,methods based on artifici...Since the frequency of network security incidents is nonlinear,traditional prediction methods such as ARMA,Gray systems are difficult to deal with the problem.When the size of sample is small,methods based on artificial neural network may not reach a high degree of preciseness.Least Squares Support Vector Machines (LSSVM) is a kind of machine learning methods based on the statistics learning theory,it can be applied to solve small sample and non-linear problems very well.This paper applied LSSVM to predict the occur frequency of network security incidents.To improve the accuracy,it used an improved genetic algorithm to optimize the parameters of LSSVM.Verified by real data sets,the improved genetic algorithm (IGA) converges faster than the simple genetic algorithm (SGA),and has a higher efficiency in the optimization procedure.Specially,the optimized LSSVM model worked very well on the prediction of frequency of network security incidents.展开更多
Traffic congestion is widely distributed around a network. Generally, to analyze traffic congestion, static traffic capacity is adopted. But dynamic characteristics must be studied because congestion is a dynamic proc...Traffic congestion is widely distributed around a network. Generally, to analyze traffic congestion, static traffic capacity is adopted. But dynamic characteristics must be studied because congestion is a dynamic process. A Dynamic Traffic Assignment modeling fundamental combined with an urban congestion analysis method is studied in this paper. Three methods are based on congestion analysis, and the stochastic user optimal DTA models are especially considered. Correspondingly, a dynamic system optimal model is suggested for responding congestion countermeasures and an ideal user optimal model for predicted congestion countermeasure respectively.展开更多
Flow-based measurement is a popular method for various network monitoring usages.However, many flow exporting softwares have still low performance to collect all flows.In this paper, we propose a IPFIX-based flow expo...Flow-based measurement is a popular method for various network monitoring usages.However, many flow exporting softwares have still low performance to collect all flows.In this paper, we propose a IPFIX-based flow export engine with an enhanced and extensible data structure, called XFix, on the basis of a GPL tool,-nProbe.In the engine, we use an extensible two-dimensional hash table for flow aggregation, which is able to improve the performance of the metering process as well as support bidirectional flow.Experimental results have shown its efficiency in multi-thread processing activity.展开更多
Our study deals with two major issues impacting current WebGIS development: interoperability of heterogeneous data and visualization of vector data on the Web. By using the combination of Geography Markup Language (...Our study deals with two major issues impacting current WebGIS development: interoperability of heterogeneous data and visualization of vector data on the Web. By using the combination of Geography Markup Language (GML), Scalable Vector Graphics (SVG) and Web Feature Service (WFS) Implementation Specifications developed by the OpenGIS Consortium (OGC), a strategy of WebGIS is proposed. The GML is used as a coding and data transportation mechanism to realize interoperability, the SVG to display GML data on the Web and the WFS as a data query mechanism to access and retrieve data at the feature level in real time on the Web. A case study shows that the combination mentioned above has enormous potential to achieve interoperability while not requiring considerable changes to existing legacy data. Original data formats need not be changed and could still be retrieved using WFS and transformed into GML in real time. SVG can oroduce suoerior ouality vector maps on a Web browser.展开更多
How to reduce the energy consumption powered mainly by battery to prolong the standby time is one of the crucial issues for IEEE 802.16e wireless MANs.By predicting the next downlink inter-packet arrival time,three tr...How to reduce the energy consumption powered mainly by battery to prolong the standby time is one of the crucial issues for IEEE 802.16e wireless MANs.By predicting the next downlink inter-packet arrival time,three traffic-prediction-assisted power saving mechanisms based on P-PSCI,i.e.,PSCI-PFD,PSCI-ED and PSCI-LD,were proposed.In addition,the corresponding adjustment strategies for P-PSCI were also presented when there were uplink packets to be transmitted during sleep mode.Simulation results reveal that compared with the sleep mode algorithm recommended by IEEE 802.16e,the proposed mechanism P-PSCI can improve both energy efficiency and packet delay for IEEE 802.16e due to the consideration of the traffic characteristics and rate changes.Moreover,the results also demonstrate that PSCI-PFD (a=-2) significantly outperforms PSCI-ED,PSCI-LD,and the standard sleep mode in IEEE 802.16e is in terms of energy efficiency and packet delay.展开更多
In this paper,a new architecture of optical networks—the optical network based on server system is considered.From the point of this new architecture,the network can be modeled as a server system with three type serv...In this paper,a new architecture of optical networks—the optical network based on server system is considered.From the point of this new architecture,the network can be modeled as a server system with three type servers—the access server,the node server and the link server. The network performances such as cost,energy consume and network capacity can be affected by the capability of these three type servers.New ILP formulations are proposed to analyze the network capacity under two types of node severs,with and without wavelength converter.Computer simulations are conducted to evaluate the effectiveness of these new formulations.The study has shown that the network can achieve the same throughput under the two types of node servers and the network throughput increases when the maximum allowed variation increases.展开更多
With development of electronic com- merce, non-repudiation protocol as the basal component of non-repudiation service has done more and more important functions. Comparing with lots of work on two-party non-repudiatio...With development of electronic com- merce, non-repudiation protocol as the basal component of non-repudiation service has done more and more important functions. Comparing with lots of work on two-party non-repudiation, there are less work on multi-party non-repudiation protocol. Multi-party protocol is more complex and facing more challenge of collusion attack. In this paper we give a kind of multi-party non-repudiation protocol based on off-line TTP with consistent evidence. Consistent evidence is a property that can not only simplify the process of disputation resolving, but also make the service more friendly to users, which means that whether or not TTP involves, evidences participants obtained are consistent. In the meanwhile we analyze the collusion attack that multi-party protocol facing, our protocol can prevent collusion attack.展开更多
Aiming at developing a node scheduling protocol for sensor networks with fewer active nodes,we propose a coordinated node scheduling protocol based on the presentation of a solution and its optimization to determine w...Aiming at developing a node scheduling protocol for sensor networks with fewer active nodes,we propose a coordinated node scheduling protocol based on the presentation of a solution and its optimization to determine whether a node is redundant.The proposed protocol can reduce the number of working nodes by turning off as many redundant nodes as possible without degrading the coverage and connectivity.The simulation result shows that our protocol outperforms the peer with respect to the working node number and dynamic coverage percentage.展开更多
Mobile multicast is important for the emerging applications such as mobile video or audio conference and mobile IPTV.Some mobile multicast schemes have been proposed in the past few years, but most of them study the r...Mobile multicast is important for the emerging applications such as mobile video or audio conference and mobile IPTV.Some mobile multicast schemes have been proposed in the past few years, but most of them study the reconstruc-tion of multicast delivery tree, and few consider the group membership management for mobile sub-scribers.In this paper, we propose a new mobile multicast method based on the Two-Hop Multicast Listener Discovery(THMLD) protocol which pro-vides the mobile multicast membership manage-ment function by forwarding the traditional MLD messages to its neighboring subnets.To evaluate its performance, we analyze the THMLD and set up the simulation platform to compare it with the several traditional mobile multicast methods.The results show that THMLD can reduce the multicast join time, and the THMLD-based mobile multicast method can reduce the multicast join delay at a cost of increasing additional multicast maintenance cost.展开更多
For the published block cipher algorithm, two kinds of round functions have been researched.Block ciphers in network environments are taking more risks than ever before because of their initialization key's distri...For the published block cipher algorithm, two kinds of round functions have been researched.Block ciphers in network environments are taking more risks than ever before because of their initialization key's distribution in the internet.The security of block cipher algorithm is affected by linear bias and nonlinear bias which are restricted by confusion layer and diffusion layer.This article takes an approach on how block cipher's two round structures are initially transformed when they fuse into LFSR.The SP structure can be considered two F functions in one Feistel round function which combines both right and left of origin data transformation.Furthermore, the round number linear function and nonlinear function of Feistel and SP structure are compared.The merit of SP structure is that it can fuse in LFSR as a nonlinear filter without memory.展开更多
Traffic classification research has been suffering from a trouble of collecting accurate samples with ground truth.A model named Traffic Labeller(TL) is proposed to solve this problem.TL system captures all user socke...Traffic classification research has been suffering from a trouble of collecting accurate samples with ground truth.A model named Traffic Labeller(TL) is proposed to solve this problem.TL system captures all user socket calls and their corresponding application process information in the user mode on a Windows host.Once a sending data call has been captured,its 5-tuple {source IP,destination IP,source port,destination port and transport layer protocol},associated with its application information,is sent to an intermediate NDIS driver in the kernel mode.Then the intermediate driver writes application type information on TOS field of the IP packets which match the 5-tuple.In this way,each IP packet sent from the Windows host carries their application information.Therefore,traffic samples collected on the network have been labelled with the accurate application information and can be used for training effective traffic classification models.展开更多
Mobility support for the next generation IPv6 networks has been one of the recent research issues due to the growing demand for wireless services over internet.In the other hand,3GPP has introduced IP Multimedia Subsy...Mobility support for the next generation IPv6 networks has been one of the recent research issues due to the growing demand for wireless services over internet.In the other hand,3GPP has introduced IP Multimedia Subsystem as the next generation IP based infrastructure for wireless and wired multimedia services.In this paper we present two context transfer mechanisms based on predictive and reactive schemes,to support seamless handover in IMS over Mobile IPv6.Those schemes reduce handover latency by transferring appropriate session information between the old and the new access networks.Moreover,we present two methods for QoS parameters negotiations to preserve service quality along the mobile user movement path.The performances of the proposed mechanisms are evaluated by simulations.展开更多
文摘The security problem of the Web system in the Internet based Intranet and the shortcomings of the methods used in solving this problem are analyzed and our system model of Web communication security are discussed, i.e, adding local proxy to browser and reverse proxy to Web server based on present Web browser and server. The transformation between HTTP message and secure HTTP message is implemented in these two proxy modules. The architecture and implementing method is given and the features of this module is also discussed.
文摘The concept of intelligent integrated network management (IINM) is briefly introduced. In order to analyze, design and implement IINM successfully, object oriented approach is testified to be an effective and efficient way. In this paper, object oriented technique is applied to the structural model of IINM system, The Domain object class and the MU object class are used to represent the manager and the managed resources. Especially, NM IA is introduced which is a special object class with intelligent behaviors to manage the resources efficiently.
基金The National Natural Science Foundation ofChina (No 60575036)The National BasicResearch Program (973) of China (No2002cb312200)
文摘The neighbor knowledge in mobile ad hoc networks is important information. However, the accuracy of neighbor knowledge is paid in terms of energy consumption. In traditional schemes for neighbor discovery, a mobile node uses fixed period to send HELLO messages to notify its existence. An adaptive scheme was proposed. The objective is that when mobile nodes are distributed sparsely or move slowly, fewer HELLO messages are needed to achieve reasonable accuracy, while in a mutable network where nodes are dense or move quickly, they can adaptively send more HELLO messages to ensure the accuracy. Simulation results show that the adaptive scheme achieves the objective and performs effectively.
基金Supported by the National Grand Fundamental Research 973 Program of China under Grant No. 2009CB320504the National High Technology Development 863 Program of China under Grant No.2007AA01Z206 and No.2009AA01Z210the EU FP7 Project EFIPSANS (INFSO-ICT-215549)
文摘Autonomic networking is one of the hot research topics in the research area of future network architectures.In this paper, we introduce context-aware and autonomic attributes into DiffServ QoS framework, and propose a novel autonomic packet marking(APM) algorithm.In the proposed autonomic QoS framework, APM is capable of collecting various QoS related contexts, and adaptively adjusting its behavior to provide better QoS guarantee according to users' requirements and network conditions.Simulation results show that APM provides better performance than traditional packet marker, and significantly improves user's quality of experience.
文摘Vulnerability-testing Oriented Petri Net (VOPN), a vulnerability testing model for communication protocol is brought forward first, which is combined Petri Net system with protocol Syntax analysis. Then vulnerability testing of implementation of HTTP protocol based on VOPN is made and the process is analyzed to prove the feasibility of the model.
基金This work is under support of National Natural Science Foundation of China under grant No. 60873238.
文摘The Binary-based attestation (BA) mechanism presented by the Trusted Computing Group can equip the application with the capability of genuinely identifying configurations of remote system. However, BA only supports the attestation for specific patterns of binary codes defined by a trusted party, mostly the software vendor, for a particular version of a software. In this paper, we present a Source-Code Oriented Attestation (SCOA) framework to enable custom built application to be attested to in the TCG attestation architecture. In SCOA, security attributes are bond with the source codes of an application instead of its binaries codes. With a proof chain generated by a Trusted Building System to record the building procedure, the challengers can determine whether the binary interacted with is genuinely built from a particular set of source codes. Moreover, with the security attribute certificates assigned to the source codes, they can determine the trustworthiness of the binary. In this paper, we present a TBS implementation with virtualization.
基金supported by the National High-Tech Research and Development Plan of China under Grant No. 2006AA01Z448 (863)the Key Science and Technology Research project of Ministry of Education of China under Grant No. 108013+1 种基金the Foundation for Innovative Research Groups of the National Natural Science Foundation of China under Grant No. 60821001the National Information Security Plan of China under Grant No.2007A14 (242)
文摘Existing detection methods against SYN flooding attacks are effective only at the later stages when attacking signatures are obvious.In this paper an early stage detecting method(ESDM) is proposed.The ESDM is a simple but effective method to detect SYN flooding attacks at the early stage.In the ESDM the SYN traffic is forecasted by autoregressive integrated moving average model, and non-parametric cumulative sum algorithm is used to find the SYN flooding attacks according to the forecasted traffic.Trace-driven simulations show that ESDM is accurate and efficient to detect the SYN flooding attacks.
基金supported in part by the National High Technology Research and Development Program of China ("863" Program) (No.2007AA010502)
文摘Since the frequency of network security incidents is nonlinear,traditional prediction methods such as ARMA,Gray systems are difficult to deal with the problem.When the size of sample is small,methods based on artificial neural network may not reach a high degree of preciseness.Least Squares Support Vector Machines (LSSVM) is a kind of machine learning methods based on the statistics learning theory,it can be applied to solve small sample and non-linear problems very well.This paper applied LSSVM to predict the occur frequency of network security incidents.To improve the accuracy,it used an improved genetic algorithm to optimize the parameters of LSSVM.Verified by real data sets,the improved genetic algorithm (IGA) converges faster than the simple genetic algorithm (SGA),and has a higher efficiency in the optimization procedure.Specially,the optimized LSSVM model worked very well on the prediction of frequency of network security incidents.
文摘Traffic congestion is widely distributed around a network. Generally, to analyze traffic congestion, static traffic capacity is adopted. But dynamic characteristics must be studied because congestion is a dynamic process. A Dynamic Traffic Assignment modeling fundamental combined with an urban congestion analysis method is studied in this paper. Three methods are based on congestion analysis, and the stochastic user optimal DTA models are especially considered. Correspondingly, a dynamic system optimal model is suggested for responding congestion countermeasures and an ideal user optimal model for predicted congestion countermeasure respectively.
文摘Flow-based measurement is a popular method for various network monitoring usages.However, many flow exporting softwares have still low performance to collect all flows.In this paper, we propose a IPFIX-based flow export engine with an enhanced and extensible data structure, called XFix, on the basis of a GPL tool,-nProbe.In the engine, we use an extensible two-dimensional hash table for flow aggregation, which is able to improve the performance of the metering process as well as support bidirectional flow.Experimental results have shown its efficiency in multi-thread processing activity.
基金Project 2006A018 supported by the Youth Scientific Research Foundation of China University of Mining & Technology
文摘Our study deals with two major issues impacting current WebGIS development: interoperability of heterogeneous data and visualization of vector data on the Web. By using the combination of Geography Markup Language (GML), Scalable Vector Graphics (SVG) and Web Feature Service (WFS) Implementation Specifications developed by the OpenGIS Consortium (OGC), a strategy of WebGIS is proposed. The GML is used as a coding and data transportation mechanism to realize interoperability, the SVG to display GML data on the Web and the WFS as a data query mechanism to access and retrieve data at the feature level in real time on the Web. A case study shows that the combination mentioned above has enormous potential to achieve interoperability while not requiring considerable changes to existing legacy data. Original data formats need not be changed and could still be retrieved using WFS and transformed into GML in real time. SVG can oroduce suoerior ouality vector maps on a Web browser.
基金Projects(60873265,61070194)supported by the National Natural Science Foundation of ChinaProject(2009AA112205)supported by the National High Technology Research and Development Program of China+1 种基金Project(2011FJ2003)supported by Science and Technology Key Projects of Hunan Province,ChinaProject(531107040201)supported by Chinese Universities Scientific Fund
文摘How to reduce the energy consumption powered mainly by battery to prolong the standby time is one of the crucial issues for IEEE 802.16e wireless MANs.By predicting the next downlink inter-packet arrival time,three traffic-prediction-assisted power saving mechanisms based on P-PSCI,i.e.,PSCI-PFD,PSCI-ED and PSCI-LD,were proposed.In addition,the corresponding adjustment strategies for P-PSCI were also presented when there were uplink packets to be transmitted during sleep mode.Simulation results reveal that compared with the sleep mode algorithm recommended by IEEE 802.16e,the proposed mechanism P-PSCI can improve both energy efficiency and packet delay for IEEE 802.16e due to the consideration of the traffic characteristics and rate changes.Moreover,the results also demonstrate that PSCI-PFD (a=-2) significantly outperforms PSCI-ED,PSCI-LD,and the standard sleep mode in IEEE 802.16e is in terms of energy efficiency and packet delay.
基金supported by China Post-doctoral Science Foundation funded project(20070420013)Open Fund of National Laboratory on Local Fiber-Optic Communication Networks & Advanced optical Communication Systems,(Pe-king University),PRChinaGuangxi Science Foundation(0731003)
文摘In this paper,a new architecture of optical networks—the optical network based on server system is considered.From the point of this new architecture,the network can be modeled as a server system with three type servers—the access server,the node server and the link server. The network performances such as cost,energy consume and network capacity can be affected by the capability of these three type servers.New ILP formulations are proposed to analyze the network capacity under two types of node severs,with and without wavelength converter.Computer simulations are conducted to evaluate the effectiveness of these new formulations.The study has shown that the network can achieve the same throughput under the two types of node servers and the network throughput increases when the maximum allowed variation increases.
文摘With development of electronic com- merce, non-repudiation protocol as the basal component of non-repudiation service has done more and more important functions. Comparing with lots of work on two-party non-repudiation, there are less work on multi-party non-repudiation protocol. Multi-party protocol is more complex and facing more challenge of collusion attack. In this paper we give a kind of multi-party non-repudiation protocol based on off-line TTP with consistent evidence. Consistent evidence is a property that can not only simplify the process of disputation resolving, but also make the service more friendly to users, which means that whether or not TTP involves, evidences participants obtained are consistent. In the meanwhile we analyze the collusion attack that multi-party protocol facing, our protocol can prevent collusion attack.
基金the National Natural Science Foundation of China(Grant No.60533110 and No.90604013)the Scientific Research Foundation of Harbin Institute of Technology(Grant No. HIT2002.74)
文摘Aiming at developing a node scheduling protocol for sensor networks with fewer active nodes,we propose a coordinated node scheduling protocol based on the presentation of a solution and its optimization to determine whether a node is redundant.The proposed protocol can reduce the number of working nodes by turning off as many redundant nodes as possible without degrading the coverage and connectivity.The simulation result shows that our protocol outperforms the peer with respect to the working node number and dynamic coverage percentage.
基金supported in part by 973 program under con-tract 2007CB307101National High Technology of China ("863 program") under contract No. 2008AA01A326 National Natural Science Foundation of China under Grant No. 60870015 and No. 60833002
文摘Mobile multicast is important for the emerging applications such as mobile video or audio conference and mobile IPTV.Some mobile multicast schemes have been proposed in the past few years, but most of them study the reconstruc-tion of multicast delivery tree, and few consider the group membership management for mobile sub-scribers.In this paper, we propose a new mobile multicast method based on the Two-Hop Multicast Listener Discovery(THMLD) protocol which pro-vides the mobile multicast membership manage-ment function by forwarding the traditional MLD messages to its neighboring subnets.To evaluate its performance, we analyze the THMLD and set up the simulation platform to compare it with the several traditional mobile multicast methods.The results show that THMLD can reduce the multicast join time, and the THMLD-based mobile multicast method can reduce the multicast join delay at a cost of increasing additional multicast maintenance cost.
文摘For the published block cipher algorithm, two kinds of round functions have been researched.Block ciphers in network environments are taking more risks than ever before because of their initialization key's distribution in the internet.The security of block cipher algorithm is affected by linear bias and nonlinear bias which are restricted by confusion layer and diffusion layer.This article takes an approach on how block cipher's two round structures are initially transformed when they fuse into LFSR.The SP structure can be considered two F functions in one Feistel round function which combines both right and left of origin data transformation.Furthermore, the round number linear function and nonlinear function of Feistel and SP structure are compared.The merit of SP structure is that it can fuse in LFSR as a nonlinear filter without memory.
基金ACKNOWLEDGEMENT This research was partially supported by the National Basic Research Program of China (973 Program) under Grant No. 2011CB30- 2605 the National High Technology Research and Development Program of China (863 Pro- gram) under Grant No. 2012AA012502+3 种基金 the National Key Technology Research and Dev- elopment Program of China under Grant No. 2012BAH37B00 the Program for New Cen- tury Excellent Talents in University under Gr- ant No. NCET-10-0863 the National Natural Science Foundation of China under Grants No 61173078, No. 61203105, No. 61173079, No. 61070130, No. 60903176 and the Provincial Natural Science Foundation of Shandong under Grants No. ZR2012FM010, No. ZR2011FZ001, No. ZR2010FM047, No. ZR2010FQ028, No. ZR2012FQ016.
文摘Traffic classification research has been suffering from a trouble of collecting accurate samples with ground truth.A model named Traffic Labeller(TL) is proposed to solve this problem.TL system captures all user socket calls and their corresponding application process information in the user mode on a Windows host.Once a sending data call has been captured,its 5-tuple {source IP,destination IP,source port,destination port and transport layer protocol},associated with its application information,is sent to an intermediate NDIS driver in the kernel mode.Then the intermediate driver writes application type information on TOS field of the IP packets which match the 5-tuple.In this way,each IP packet sent from the Windows host carries their application information.Therefore,traffic samples collected on the network have been labelled with the accurate application information and can be used for training effective traffic classification models.
文摘Mobility support for the next generation IPv6 networks has been one of the recent research issues due to the growing demand for wireless services over internet.In the other hand,3GPP has introduced IP Multimedia Subsystem as the next generation IP based infrastructure for wireless and wired multimedia services.In this paper we present two context transfer mechanisms based on predictive and reactive schemes,to support seamless handover in IMS over Mobile IPv6.Those schemes reduce handover latency by transferring appropriate session information between the old and the new access networks.Moreover,we present two methods for QoS parameters negotiations to preserve service quality along the mobile user movement path.The performances of the proposed mechanisms are evaluated by simulations.
