Generating attack pattern automatically based on attack tree is studied. The extending definition of attack tree is proposed. And the algorithm of generating attack tree is presented. The method of generating attack p...Generating attack pattern automatically based on attack tree is studied. The extending definition of attack tree is proposed. And the algorithm of generating attack tree is presented. The method of generating attack pattern automatically based on attack tree is shown, which is tested by concrete attack instances. The results show that the algorithm is effective and efficient. In doing so, the efficiency of generating attack pattern is improved and the attack trees can be reused.展开更多
Network security equipment is crucial to information systems, and a proper evaluation model can ensure the quality of network security equipment. However, there is only a few models of comprehensive models nowadays. A...Network security equipment is crucial to information systems, and a proper evaluation model can ensure the quality of network security equipment. However, there is only a few models of comprehensive models nowadays. An index system for network security equipment was established and a model based on attack tree with risk fusion was proposed to obtain the score of qualitative indices. The proposed model implements attack tree model and controlled interval and memory(CIM) model to solve the problem of quantifying qualitative indices, and thus improves the accuracy of the evaluation.展开更多
Cocoa farming faces numerous constraints that affect production levels. Among these constraints are termites, one of the biggest scourges in tropical agriculture and agroforestry. The aim of this study is to assess th...Cocoa farming faces numerous constraints that affect production levels. Among these constraints are termites, one of the biggest scourges in tropical agriculture and agroforestry. The aim of this study is to assess the level of damage caused by termites in cocoa plantations. To this end, 3 plantations were selected. In each of the 3 plantations, 18 plots containing an average of 47 ± 6 cocoa plants were delimited. Sampling was based on 25 cocoa plants per plot. The study consisted in sampling the termites observed on the plants and noting the type of damage caused by them, taking into account the density of the harvest veneers and, above all, the termites’ progress through the anatomical structures of the plant, i.e. the bark, sapwood and heartwood. A total of 8 termite species were collected from cocoa plants. These species are responsible for four types of damage (D1, D2, D3 and D4), grouped into minor damage (D1 and D2) and major damage (D3 and D4). D1 damage ranged from 24.67% ± 5.64% to 39.55% ± 7.43%. D2 damage ranged from 6.88% ± 1.31% to 9.33% ± 2.79%. D3 damage ranged from 2.88% ± 1.55% to 6.44% ± 1.55%. D4 damage ranged from 1.11% ± 1% to 3.11% ± 1.37%. Among the termite species collected, Microcerotermes sp, C. sjostedti, A. crucifer and P. militaris were the most formidable on cocoa trees in our study locality. In view of the extensive damage caused by termites, biological control measures should be considered, using insecticidal plants.展开更多
For the discontinuous occupancy of primary users in cognitive radio networks(CRN),the time-varying of spectrum holes becomes more and more highlighted.In the dynamic environment,cognitive users can access channels tha...For the discontinuous occupancy of primary users in cognitive radio networks(CRN),the time-varying of spectrum holes becomes more and more highlighted.In the dynamic environment,cognitive users can access channels that are not occupied by primary users,but they have to hand off to other spectrum holes to continue communication when primary users come back,which brings new security problems.Tracking user attack(TUA) is a typical attack during spectrum handoff,which will invalidate handoff by preventing user accessing,and break down the whole network.In this paper,we propose a Channel Selection Information Hiding scheme(CSIH) to defense TUA.With the proposed scheme,we can destroy the routes to the root node of the attack tree by hiding the information of channel selection and enhance the security of cognitive radio networks.展开更多
This paper presents a novel probability generation algorithm to predict attacks from an insider who exploits known system vulnerabilities through executing authorized operations. It is different from most intrusion de...This paper presents a novel probability generation algorithm to predict attacks from an insider who exploits known system vulnerabilities through executing authorized operations. It is different from most intrusion detection systems (IDSs) because these IDSs are inefficient to resolve threat from authorized insiders. To deter cracker activities, this paper introduces an improved structure of augmented attack tree and a notion of "minimal attack tree", and proposes a new generation algorithm of minimal attack tree. We can provide a quantitative approach to help system administrators make sound decision.展开更多
In order to evaluate all attack paths in a threat tree,based on threat modeling theory,a weight distribution algorithm of the root node in a threat tree is designed,which computes threat coefficients of leaf nodes in ...In order to evaluate all attack paths in a threat tree,based on threat modeling theory,a weight distribution algorithm of the root node in a threat tree is designed,which computes threat coefficients of leaf nodes in two ways including threat occurring possibility and the degree of damage.Besides,an algorithm of searching attack path was also obtained in accordence with its definition.Finally,an attack path evaluation system was implemented which can output the threat coefficients of the leaf nodes in a target threat tree,the weight distribution information,and the attack paths.An example threat tree is given to verify the effectiveness of the algorithms.展开更多
This paper presents the attack tree modeling technique of quantifying cyber-attacks on a hypothetical school network system. Attack trees are constructed by decomposing the path in the network system where attacks are...This paper presents the attack tree modeling technique of quantifying cyber-attacks on a hypothetical school network system. Attack trees are constructed by decomposing the path in the network system where attacks are plausible. Considered for the network system are two possible network attack paths. One network path represents an attack through the Internet, and the other represents an attack through the Wireless Access Points (WAPs) in the school network. The probabilities of success of the events, that is, 1) the attack payoff, and 2) the commitment of the attacker to infiltrate the network are estimated for the leaf nodes. These are used to calculate the Returns on Attacks (ROAs) at the Root Nodes. For Phase I, the “As Is” network, the ROA values for both attack paths, are higher than 7 (8.00 and 9.35 respectively), which are high values and unacceptable operationally. In Phase II, countermeasures are implemented, and the two attack trees reevaluated. The probabilities of success of the events, the attack payoff and the commitment of the attacker are then re-estimated. Also, the Returns on Attacks (ROAs) for the Root Nodes are re-assessed after executing the countermeasures. For one attack tree, the ROA value of the Root Node was reduced to 4.83 from 8.0, while, for the other attack tree, the ROA value of the Root Node changed to 3.30 from 9.35. ROA values of 4.83 and 3.30 are acceptable as they fall within the medium value range. The efficacy of this method whereby, attack trees are deployed to mitigate computer network risks, as well as using it to assess the vulnerability of computer networks is quantitatively substantiated.展开更多
文摘Generating attack pattern automatically based on attack tree is studied. The extending definition of attack tree is proposed. And the algorithm of generating attack tree is presented. The method of generating attack pattern automatically based on attack tree is shown, which is tested by concrete attack instances. The results show that the algorithm is effective and efficient. In doing so, the efficiency of generating attack pattern is improved and the attack trees can be reused.
基金The Research of Key Technology and Application of Information Security Certification Project(No.2016YFF0204001)
文摘Network security equipment is crucial to information systems, and a proper evaluation model can ensure the quality of network security equipment. However, there is only a few models of comprehensive models nowadays. An index system for network security equipment was established and a model based on attack tree with risk fusion was proposed to obtain the score of qualitative indices. The proposed model implements attack tree model and controlled interval and memory(CIM) model to solve the problem of quantifying qualitative indices, and thus improves the accuracy of the evaluation.
文摘Cocoa farming faces numerous constraints that affect production levels. Among these constraints are termites, one of the biggest scourges in tropical agriculture and agroforestry. The aim of this study is to assess the level of damage caused by termites in cocoa plantations. To this end, 3 plantations were selected. In each of the 3 plantations, 18 plots containing an average of 47 ± 6 cocoa plants were delimited. Sampling was based on 25 cocoa plants per plot. The study consisted in sampling the termites observed on the plants and noting the type of damage caused by them, taking into account the density of the harvest veneers and, above all, the termites’ progress through the anatomical structures of the plant, i.e. the bark, sapwood and heartwood. A total of 8 termite species were collected from cocoa plants. These species are responsible for four types of damage (D1, D2, D3 and D4), grouped into minor damage (D1 and D2) and major damage (D3 and D4). D1 damage ranged from 24.67% ± 5.64% to 39.55% ± 7.43%. D2 damage ranged from 6.88% ± 1.31% to 9.33% ± 2.79%. D3 damage ranged from 2.88% ± 1.55% to 6.44% ± 1.55%. D4 damage ranged from 1.11% ± 1% to 3.11% ± 1.37%. Among the termite species collected, Microcerotermes sp, C. sjostedti, A. crucifer and P. militaris were the most formidable on cocoa trees in our study locality. In view of the extensive damage caused by termites, biological control measures should be considered, using insecticidal plants.
基金the National Natural Science Foundation of China under Grant No.61172068,6137317 0.The Fundamental Research Funds for the Central Universities,Program for New Century Excellent Talents in University
文摘For the discontinuous occupancy of primary users in cognitive radio networks(CRN),the time-varying of spectrum holes becomes more and more highlighted.In the dynamic environment,cognitive users can access channels that are not occupied by primary users,but they have to hand off to other spectrum holes to continue communication when primary users come back,which brings new security problems.Tracking user attack(TUA) is a typical attack during spectrum handoff,which will invalidate handoff by preventing user accessing,and break down the whole network.In this paper,we propose a Channel Selection Information Hiding scheme(CSIH) to defense TUA.With the proposed scheme,we can destroy the routes to the root node of the attack tree by hiding the information of channel selection and enhance the security of cognitive radio networks.
基金Supported by the National Key Technologies Re-search and Development Programof China (2004BA907A20)
文摘This paper presents a novel probability generation algorithm to predict attacks from an insider who exploits known system vulnerabilities through executing authorized operations. It is different from most intrusion detection systems (IDSs) because these IDSs are inefficient to resolve threat from authorized insiders. To deter cracker activities, this paper introduces an improved structure of augmented attack tree and a notion of "minimal attack tree", and proposes a new generation algorithm of minimal attack tree. We can provide a quantitative approach to help system administrators make sound decision.
基金Supported by National Natural Science Foundation of China (No.90718023)National High-Tech Research and Development Program of China (No.2007AA01Z130)
文摘In order to evaluate all attack paths in a threat tree,based on threat modeling theory,a weight distribution algorithm of the root node in a threat tree is designed,which computes threat coefficients of leaf nodes in two ways including threat occurring possibility and the degree of damage.Besides,an algorithm of searching attack path was also obtained in accordence with its definition.Finally,an attack path evaluation system was implemented which can output the threat coefficients of the leaf nodes in a target threat tree,the weight distribution information,and the attack paths.An example threat tree is given to verify the effectiveness of the algorithms.
文摘This paper presents the attack tree modeling technique of quantifying cyber-attacks on a hypothetical school network system. Attack trees are constructed by decomposing the path in the network system where attacks are plausible. Considered for the network system are two possible network attack paths. One network path represents an attack through the Internet, and the other represents an attack through the Wireless Access Points (WAPs) in the school network. The probabilities of success of the events, that is, 1) the attack payoff, and 2) the commitment of the attacker to infiltrate the network are estimated for the leaf nodes. These are used to calculate the Returns on Attacks (ROAs) at the Root Nodes. For Phase I, the “As Is” network, the ROA values for both attack paths, are higher than 7 (8.00 and 9.35 respectively), which are high values and unacceptable operationally. In Phase II, countermeasures are implemented, and the two attack trees reevaluated. The probabilities of success of the events, the attack payoff and the commitment of the attacker are then re-estimated. Also, the Returns on Attacks (ROAs) for the Root Nodes are re-assessed after executing the countermeasures. For one attack tree, the ROA value of the Root Node was reduced to 4.83 from 8.0, while, for the other attack tree, the ROA value of the Root Node changed to 3.30 from 9.35. ROA values of 4.83 and 3.30 are acceptable as they fall within the medium value range. The efficacy of this method whereby, attack trees are deployed to mitigate computer network risks, as well as using it to assess the vulnerability of computer networks is quantitatively substantiated.
