Attacks such as APT usually hide communication data in massive legitimate network traffic, and mining structurally complex and latent relationships among flow-based network traffic to detect attacks has become the foc...Attacks such as APT usually hide communication data in massive legitimate network traffic, and mining structurally complex and latent relationships among flow-based network traffic to detect attacks has become the focus of many initiatives. Effectively analyzing massive network security data with high dimensions for suspicious flow diagnosis is a huge challenge. In addition, the uneven distribution of network traffic does not fully reflect the differences of class sample features, resulting in the low accuracy of attack detection. To solve these problems, a novel approach called the fuzzy entropy weighted natural nearest neighbor(FEW-NNN) method is proposed to enhance the accuracy and efficiency of flowbased network traffic attack detection. First, the FEW-NNN method uses the Fisher score and deep graph feature learning algorithm to remove unimportant features and reduce the data dimension. Then, according to the proposed natural nearest neighbor searching algorithm(NNN_Searching), the density of data points, each class center and the smallest enclosing sphere radius are determined correspondingly. Finally, a fuzzy entropy weighted KNN classification method based on affinity is proposed, which mainly includes the following three steps: 1、 the feature weights of samples are calculated based on fuzzy entropy values, 2、 the fuzzy memberships of samples are determined based on affinity among samples, and 3、 K-neighbors are selected according to the class-conditional weighted Euclidean distance, the fuzzy membership value of the testing sample is calculated based on the membership of k-neighbors, and then all testing samples are classified according to the fuzzy membership value of the samples belonging to each class;that is, the attack type is determined. The method has been applied to the problem of attack detection and validated based on the famous KDD99 and CICIDS-2017 datasets. From the experimental results shown in this paper, it is observed that the FEW-NNN method improves the accuracy and efficiency of flow-based network traffic attack detection.展开更多
Computer networks face a variety of cyberattacks.Most network attacks are contagious and destructive,and these types of attacks can be harmful to society and computer network security.Security evaluation is an effecti...Computer networks face a variety of cyberattacks.Most network attacks are contagious and destructive,and these types of attacks can be harmful to society and computer network security.Security evaluation is an effective method to solve network security problems.For accurate assessment of the vulnerabilities of computer networks,this paper proposes a network security risk assessment method based on a Bayesian network attack graph(B_NAG)model.First,a new resource attack graph(RAG)and the algorithm E-Loop,which is applied to eliminate loops in the B_NAG,are proposed.Second,to distinguish the confusing relationships between nodes of the attack graph in the conversion process,a related algorithm is proposed to generate the B_NAG model.Finally,to analyze the reachability of paths in B_NAG,the measuring indexs such as node attack complexity and node state transition are defined,and an iterative algorithm for obtaining the probability of reaching the target node is presented.On this basis,the posterior probability of related nodes can be calculated.A simulation environment is set up to evaluate the effectiveness of the B_NAG model.The experimental results indicate that the B_NAG model is realistic and effective in evaluating vulnerabilities of computer networks and can accurately highlight the degree of vulnerability in a chaotic relationship.展开更多
By allowing routers to combine the received packets before forwarding them,network coding-based applications are susceptible to possible malicious pollution attacks.Existing solutions for counteracting this issue eith...By allowing routers to combine the received packets before forwarding them,network coding-based applications are susceptible to possible malicious pollution attacks.Existing solutions for counteracting this issue either incur inter-generation pollution attacks(among multiple generations)or suffer high computation/bandwidth overhead.Using a dynamic public key technique,we propose a novel homomorphic signature scheme for network coding for each generation authentication without updating the initial secret key used.As per this idea,the secret key is scrambled for each generation by using the generation identifier,and each packet can be fast signed using the scrambled secret key for the generation to which the packet belongs.The scheme not only can resist intra-generation pollution attacks effectively but also can efficiently prevent inter-generation pollution attacks.Further,the communication overhead of the scheme is small and independent of the size of the transmitting files.展开更多
Security issues are always difficult to deal with in mobile ad hoe networks. People seldom studied the costs of those security schemes respectively and for some security methods designed and adopted beforehand, their ...Security issues are always difficult to deal with in mobile ad hoe networks. People seldom studied the costs of those security schemes respectively and for some security methods designed and adopted beforehand, their effects are often investigated one by one. In fact, when facing certain attacks, different methods would respond individually and result in waste of resources. Making use of the cost management idea, we analyze the costs of security measures in mobile ad hoc networks and introduce a security framework based on security mechanisms cost management. Under the framework, the network system's own tasks can be finished in time and the whole network's security costs can be decreased. We discuss the process of security costs computation at each mobile node and in certain nodes groups. To show how to use the proposed security framework in certain applications, we give examples of DoS attacks and costs computation of defense methods. The results showed that more secure environment can be achieved based on the security framework in mobile ad hoc networks.展开更多
Recently,machine learning algorithms have been used in the detection and classification of network attacks.The performance of the algorithms has been evaluated by using benchmark network intrusion datasets such as DAR...Recently,machine learning algorithms have been used in the detection and classification of network attacks.The performance of the algorithms has been evaluated by using benchmark network intrusion datasets such as DARPA98,KDD’99,NSL-KDD,UNSW-NB15,and Caida DDoS.However,these datasets have two major challenges:imbalanced data and highdimensional data.Obtaining high accuracy for all attack types in the dataset allows for high accuracy in imbalanced datasets.On the other hand,having a large number of features increases the runtime load on the algorithms.A novel model is proposed in this paper to overcome these two concerns.The number of features in the model,which has been tested at CICIDS2017,is initially optimized by using genetic algorithms.This optimum feature set has been used to classify network attacks with six well-known classifiers according to high f1-score and g-mean value in minimumtime.Afterwards,amulti-layer perceptron based ensemble learning approach has been applied to improve the models’overall performance.The experimental results showthat the suggested model is acceptable for feature selection as well as classifying network attacks in an imbalanced dataset,with a high f1-score(0.91)and g-mean(0.99)value.Furthermore,it has outperformed base classifier models and voting procedures.展开更多
The approach of traffic abnormality detection of network resource allocation attack did not have reliable signatures to depict abnormality and identify them. However, it is crucial for us to detect attacks accurately....The approach of traffic abnormality detection of network resource allocation attack did not have reliable signatures to depict abnormality and identify them. However, it is crucial for us to detect attacks accurately. The technique that we adopted is inspired by long range dependence ideas. We use the number of packet arrivals of a flow in fixed-length time intervals as the signal and attempt to extend traffic invariant “self-similarity”. We validate the effectiveness of the approach with simulation and trace analysis.展开更多
As IoT devices become more ubiquitous, the security of IoT-based networks becomes paramount. Machine Learning-based cybersecurity enables autonomous threat detection and prevention. However, one of the challenges of a...As IoT devices become more ubiquitous, the security of IoT-based networks becomes paramount. Machine Learning-based cybersecurity enables autonomous threat detection and prevention. However, one of the challenges of applying Machine Learning-based cybersecurity in IoT devices is feature selection as most IoT devices are resource-constrained. This paper studies two feature selection algorithms: Information Gain and PSO-based, to select a minimum number of attack features, and Decision Tree and SVM are utilized for performance comparison. The consistent use of the same metrics in feature selection and detection algorithms substantially enhances the classification accuracy compared to the non-consistent use in feature selection by Information Gain (entropy) and Tree detection algorithm by classification. Furthermore, the Tree with consistent feature selection is comparable to the ensemble that provides excellent performance at the cost of computation complexity.展开更多
Active anomaly detection queries labels of sampled instances and uses them to incrementally update the detection model,and has been widely adopted in detecting network attacks.However,existing methods cannot achieve d...Active anomaly detection queries labels of sampled instances and uses them to incrementally update the detection model,and has been widely adopted in detecting network attacks.However,existing methods cannot achieve desirable performance on dynamic network traffic streams because(1)their query strategies cannot sample informative instances to make the detection model adapt to the evolving stream and(2)their model updating relies on limited query instances only and fails to leverage the enormous unlabeled instances on streams.To address these issues,we propose an active tree based model,adaptive and augmented active prior-knowledge forest(A3PF),for anomaly detection on network trafic streams.A prior-knowledge forest is constructed using prior knowledge of network attacks to find feature subspaces that better distinguish network anomalies from normal traffic.On one hand,to make the model adapt to the evolving stream,a novel adaptive query strategy is designed to sample informative instances from two aspects:the changes in dynamic data distribution and the uncertainty of anomalies.On the other hand,based on the similarity of instances in the neighborhood,we devise an augmented update method to generate pseudo labels for the unlabeled neighbors of query instances,which enables usage of the enormous unlabeled instances during model updating.Extensive experiments on two benchmarks,CIC-IDS2017 and UNSW-NB15,demonstrate that A3PF achieves significant improvements over previous active methods in terms of the area under the receiver operating characteristic curve(AUC-ROC)(20.9%and 21.5%)and the area under the precision-recall curve(AUC-PR)(44.6%and 64.1%).展开更多
At present,the severe network security situation has put forward high requirements for network security defense technology.In order to automate botnet threat warning,this paper researches the types and characteristics...At present,the severe network security situation has put forward high requirements for network security defense technology.In order to automate botnet threat warning,this paper researches the types and characteristics of Botnet.Botnet has special characteristics in attributes such as packets,attack time interval,and packet size.In this paper,the attack data is annotated by means of string recognition and expert screening.The attack features are extracted from the labeled attack data,and then use K-means for cluster analysis.The clustering results show that the same attack data has its unique characteristics,and the automatic identification of network attacks is realized based on these characteristics.At the same time,based on the collection and attribute extraction of Botnet attack data,this paper uses RF,GBM,XGBOOST and other machine learning models to test the warning results,and automatically analyzes the attack by importing attack data.In the early warning analysis results,the accuracy rates of different models are obtained.Through the descriptive values of the three accuracy rates of Accuracy,Precision,and F1_Score,the early warning effect of each model can be comprehensively displayed.Among the five algorithms used in this paper,three have an accuracy rate of over 90%.The three models with the highest accuracy are used in the early warning model.The research shows that cyberattacks can be accurately predicted.When this technology is applied to the protection system,accurate early warning can be given before a network attack is launched.展开更多
Cyber security lacks comprehensive theoretical guidance. General security theory, as a set of basic security theory concepts, is intended to guide cyber security and all the other security work. The general theory of ...Cyber security lacks comprehensive theoretical guidance. General security theory, as a set of basic security theory concepts, is intended to guide cyber security and all the other security work. The general theory of security aims to unify the main branches of cyber security and establish a unified basic theory. This paper proposal an overview on the general theory of security, which is devoted to constructing a comprehensive model of network security. The hierarchical structure of the meridian-collateral tree is described. Shannon information theory is employed to build a cyberspace security model. Some central concepts of security, i.e., the attack and defense, are discussed and several general theorems on security are presented.展开更多
In order to protect the website and assess the security risk of website, a novel website security risk assessment method is proposed based on the improved Bayesian attack graph(I-BAG) model. First, the Improved Bayesi...In order to protect the website and assess the security risk of website, a novel website security risk assessment method is proposed based on the improved Bayesian attack graph(I-BAG) model. First, the Improved Bayesian attack graph model is established, which takes attack benefits and threat factors into consideration. Compared with the existing attack graph models, it can better describe the website's security risk. Then, the improved Bayesian attack graph is constructed with optimized website attack graph, attack benefit nodes, threat factor nodes and the local conditional probability distribution of each node, which is calculated accordingly. Finally, website's attack probability and risk value are calculated on the level of nodes, hosts and the whole website separately. The experimental results demonstrate that the risk evaluating method based on I-BAG model proposed is a effective way for assessing the website security risk.展开更多
This paper puts forward the plan on constructing information security attack and defense platform based on cloud computing and virtualization, provides the hardware topology structure of the platform and technical fra...This paper puts forward the plan on constructing information security attack and defense platform based on cloud computing and virtualization, provides the hardware topology structure of the platform and technical framework of the system and the experimental process and technical principle of the platform. The experiment platform can provide more than 20 attack classes. Using the virtualization technology can build hypothesized target of various types in the laboratory and diversified network structure to carry out attack and defense experiment.展开更多
Brain aging is typically associated with a significant decline in cognitive performance.Vascular risk factors(VRF)and subsequent atherosclerosis(AS)play a major role in this process.Brain resilience reflects the brain...Brain aging is typically associated with a significant decline in cognitive performance.Vascular risk factors(VRF)and subsequent atherosclerosis(AS)play a major role in this process.Brain resilience reflects the brain’s ability to withstand external perturbations,but the relationship of brain resilience with cognition during the aging process remains unclear.Here,we investigated how brain topological resilience(BTR)is associated with cognitive performance in the face of aging and vascular risk factors.We used data from two cross-ethnicity community cohorts,PolyvasculaR Evaluation for Cognitive Impairment and Vascular Events(PRECISE,n=2220)and Sydney Memory and Ageing Study(MAS,n=246).We conducted an attack simulation on brain structural networks based on k-shell decomposition and node degree centrality.BTR was defined based on changes in the size of the largest subgroup of the network during the simulation process.Subsequently,we explored the negative correlations of BTR with age,VRF,and AS,and its positive correlation with cognitive performance.Furthermore,using structural equation modeling(SEM),we constructed path models to analyze the directional dependencies among these variables,demonstrating that aging,AS,and VRF affect cognition by disrupting BTR.Our results also indicated the specificity of this metric,independent of brain volume.Overall,these findings underscore the supportive role of BTR on cognition during aging and highlight its potential application as an imaging marker for objective assessment of brain cognitive performance.展开更多
The world airport network(WAN) is one of the networked infrastructures that shape today's economic and social activity, so its resilience against incidents affecting the WAN is an important problem. In this paper, ...The world airport network(WAN) is one of the networked infrastructures that shape today's economic and social activity, so its resilience against incidents affecting the WAN is an important problem. In this paper, the robustness of air route networks is extended by defining and testing several heuristics to define selection criteria to detect the critical nodes of the WAN.In addition to heuristics based on genetic algorithms and simulated annealing, custom heuristics based on node damage and node betweenness are defined. The most effective heuristic is a multiattack heuristic combining both custom heuristics. Results obtained are of importance not only for advance in the understanding of the structure of complex networks, but also for critical node detection.展开更多
This article is focused on analyzing the key technologies of new malicious code and corresponding defensive measures in the large-scale communication networks. Based on description of the concepts and development of t...This article is focused on analyzing the key technologies of new malicious code and corresponding defensive measures in the large-scale communication networks. Based on description of the concepts and development of the malicious code, the article introduces the anti-analysis technology, splitting and inserting technology, hiding technology, polymorph virus technology, and auto production technology of the malicious code trends with intelligence, diversity and integration. Following that, it summarizes the security vulnerabilities of communication networks from four related layers aspects, according to the mechanisms of malicious code in the communication networks. Finally, it proposes rapid response disposition of malicious code attacks from four correlated steps: building up the network node monitoring system, suspicious code feature automation analysis and extraction, rapid active malicious code response technique for unknown malicious code, and malicious code attack immunity technique. As a result, it actively defenses against the unknown malicious code attacks and enhances the security performance of communication networks.展开更多
The network attack profit graph(NAPG)model and the attack profit path predication algorithm are presented herein to cover the shortage of considerations in attacker’s subjective factors based on existing network atta...The network attack profit graph(NAPG)model and the attack profit path predication algorithm are presented herein to cover the shortage of considerations in attacker’s subjective factors based on existing network attack path prediction methods.Firstly,the attack profit is introduced,with the attack profit matrix designed and the attack profit matrix generation algorithm given accordingly.Secondly,a path profit feasibility analysis algorithm is proposed to analyze the network feasibility of realizing profit of attack path.Finally,an opportunity profit path and an optimal profit path are introduced with the selection algorithm and the prediction algorithm designed for accurate prediction of the path.According to the experimental test,the network attack profit path predication algorithm is applicable for accurate prediction of the opportunity profit path and the optimal profit path.展开更多
The archiving of Internet traffic is an essential function for retrospective network event analysis and forensic computer communication. The state-of-the-art approach for network monitoring and analysis involves stora...The archiving of Internet traffic is an essential function for retrospective network event analysis and forensic computer communication. The state-of-the-art approach for network monitoring and analysis involves storage and analysis of network flow statistic. However, this approach loses much valuable information within the Internet traffic. With the advancement of commodity hardware, in particular the volume of storage devices and the speed of interconnect technologies used in network adapter cards and multi-core processors, it is now possible to capture 10 Gbps and beyond real-time network traffic using a commodity computer, such as n2disk. Also with the advancement of distributed file system (such as Hadoop, ZFS, etc.) and open cloud computing platform (such as OpenStack, CloudStack, and Eucalyptus, etc.), it is practical to store such large volume of traffic data and fully in-depth analyse the inside communication within an acceptable latency. In this paper, based on well- known TimeMachine, we present TIFAflow, the design and implementation of a novel system for archiving and querying network flows. Firstly, we enhance the traffic archiving system named TImemachine+FAstbit (TIFA) with flow granularity, i.e., supply the system with flow table and flow module. Secondly, based on real network traces, we conduct performance comparison experiments of TIFAflow with other implementations such as common database solution, TimeMachine and TIFA system. Finally, based on comparison results, we demonstrate that TIFAflow has a higher performance improvement in storing and querying performance than TimeMachine and TIFA, both in time and space metrics.展开更多
Although using machine learning techniques to solve computer security challenges is not a new idea,the rapidly emerging Deep Learning technology has recently triggered a substantial amount of interests in the computer...Although using machine learning techniques to solve computer security challenges is not a new idea,the rapidly emerging Deep Learning technology has recently triggered a substantial amount of interests in the computer security community.This paper seeks to provide a dedicated review of the very recent research works on using Deep Learning techniques to solve computer security challenges.In particular,the review covers eight computer security problems being solved by applications of Deep Learning:security-oriented program analysis,defending return-oriented programming(ROP)attacks,achieving control-flow integrity(CFI),defending network attacks,malware classification,system-event-based anomaly detection,memory forensics,and fuzzing for software security.展开更多
To address the issue of internal network security, Software-Defined Network(SDN) technology has been introduced to large-scale cloud centers because it not only improves network performance but also deals with netwo...To address the issue of internal network security, Software-Defined Network(SDN) technology has been introduced to large-scale cloud centers because it not only improves network performance but also deals with network attacks. To prevent man-in-the-middle and denial of service attacks caused by an address resolution protocol bug in an SDN-based cloud center, this study proposed a Bayes-based algorithm to calculate the probability of a host being an attacker and further presented a detection model based on the algorithm. Experiments were conducted to validate this method.展开更多
Although using machine learning techniques to solve computer security challenges is not a new idea,the rapidly emerging Deep Learning technology has recently triggered a substantial amount of interests in the computer...Although using machine learning techniques to solve computer security challenges is not a new idea,the rapidly emerging Deep Learning technology has recently triggered a substantial amount of interests in the computer security community.This paper seeks to provide a dedicated review of the very recent research works on using Deep Learning techniques to solve computer security challenges.In particular,the review covers eight computer security problems being solved by applications of Deep Learning:security-oriented program analysis,defending return-oriented programming(ROP)attacks,achieving control-flow integrity(CFI),defending network attacks,malware classification,system-event-based anomaly detection,memory forensics,and fuzzing for software security.展开更多
基金the Natural Science Foundation of China (No. 61802404, 61602470)the Strategic Priority Research Program (C) of the Chinese Academy of Sciences (No. XDC02040100)+3 种基金the Fundamental Research Funds for the Central Universities of the China University of Labor Relations (No. 20ZYJS017, 20XYJS003)the Key Research Program of the Beijing Municipal Science & Technology Commission (No. D181100000618003)partially the Key Laboratory of Network Assessment Technology,the Chinese Academy of Sciencesthe Beijing Key Laboratory of Network Security and Protection Technology
文摘Attacks such as APT usually hide communication data in massive legitimate network traffic, and mining structurally complex and latent relationships among flow-based network traffic to detect attacks has become the focus of many initiatives. Effectively analyzing massive network security data with high dimensions for suspicious flow diagnosis is a huge challenge. In addition, the uneven distribution of network traffic does not fully reflect the differences of class sample features, resulting in the low accuracy of attack detection. To solve these problems, a novel approach called the fuzzy entropy weighted natural nearest neighbor(FEW-NNN) method is proposed to enhance the accuracy and efficiency of flowbased network traffic attack detection. First, the FEW-NNN method uses the Fisher score and deep graph feature learning algorithm to remove unimportant features and reduce the data dimension. Then, according to the proposed natural nearest neighbor searching algorithm(NNN_Searching), the density of data points, each class center and the smallest enclosing sphere radius are determined correspondingly. Finally, a fuzzy entropy weighted KNN classification method based on affinity is proposed, which mainly includes the following three steps: 1、 the feature weights of samples are calculated based on fuzzy entropy values, 2、 the fuzzy memberships of samples are determined based on affinity among samples, and 3、 K-neighbors are selected according to the class-conditional weighted Euclidean distance, the fuzzy membership value of the testing sample is calculated based on the membership of k-neighbors, and then all testing samples are classified according to the fuzzy membership value of the samples belonging to each class;that is, the attack type is determined. The method has been applied to the problem of attack detection and validated based on the famous KDD99 and CICIDS-2017 datasets. From the experimental results shown in this paper, it is observed that the FEW-NNN method improves the accuracy and efficiency of flow-based network traffic attack detection.
基金This work was partially supported by the National Natural Science Foundation of China(61300216,Wang,H,www.nsfc.gov.cn).
文摘Computer networks face a variety of cyberattacks.Most network attacks are contagious and destructive,and these types of attacks can be harmful to society and computer network security.Security evaluation is an effective method to solve network security problems.For accurate assessment of the vulnerabilities of computer networks,this paper proposes a network security risk assessment method based on a Bayesian network attack graph(B_NAG)model.First,a new resource attack graph(RAG)and the algorithm E-Loop,which is applied to eliminate loops in the B_NAG,are proposed.Second,to distinguish the confusing relationships between nodes of the attack graph in the conversion process,a related algorithm is proposed to generate the B_NAG model.Finally,to analyze the reachability of paths in B_NAG,the measuring indexs such as node attack complexity and node state transition are defined,and an iterative algorithm for obtaining the probability of reaching the target node is presented.On this basis,the posterior probability of related nodes can be calculated.A simulation environment is set up to evaluate the effectiveness of the B_NAG model.The experimental results indicate that the B_NAG model is realistic and effective in evaluating vulnerabilities of computer networks and can accurately highlight the degree of vulnerability in a chaotic relationship.
基金supported by the National Natural Science Foundation of China under Grant No. 61271174
文摘By allowing routers to combine the received packets before forwarding them,network coding-based applications are susceptible to possible malicious pollution attacks.Existing solutions for counteracting this issue either incur inter-generation pollution attacks(among multiple generations)or suffer high computation/bandwidth overhead.Using a dynamic public key technique,we propose a novel homomorphic signature scheme for network coding for each generation authentication without updating the initial secret key used.As per this idea,the secret key is scrambled for each generation by using the generation identifier,and each packet can be fast signed using the scrambled secret key for the generation to which the packet belongs.The scheme not only can resist intra-generation pollution attacks effectively but also can efficiently prevent inter-generation pollution attacks.Further,the communication overhead of the scheme is small and independent of the size of the transmitting files.
文摘Security issues are always difficult to deal with in mobile ad hoe networks. People seldom studied the costs of those security schemes respectively and for some security methods designed and adopted beforehand, their effects are often investigated one by one. In fact, when facing certain attacks, different methods would respond individually and result in waste of resources. Making use of the cost management idea, we analyze the costs of security measures in mobile ad hoc networks and introduce a security framework based on security mechanisms cost management. Under the framework, the network system's own tasks can be finished in time and the whole network's security costs can be decreased. We discuss the process of security costs computation at each mobile node and in certain nodes groups. To show how to use the proposed security framework in certain applications, we give examples of DoS attacks and costs computation of defense methods. The results showed that more secure environment can be achieved based on the security framework in mobile ad hoc networks.
文摘Recently,machine learning algorithms have been used in the detection and classification of network attacks.The performance of the algorithms has been evaluated by using benchmark network intrusion datasets such as DARPA98,KDD’99,NSL-KDD,UNSW-NB15,and Caida DDoS.However,these datasets have two major challenges:imbalanced data and highdimensional data.Obtaining high accuracy for all attack types in the dataset allows for high accuracy in imbalanced datasets.On the other hand,having a large number of features increases the runtime load on the algorithms.A novel model is proposed in this paper to overcome these two concerns.The number of features in the model,which has been tested at CICIDS2017,is initially optimized by using genetic algorithms.This optimum feature set has been used to classify network attacks with six well-known classifiers according to high f1-score and g-mean value in minimumtime.Afterwards,amulti-layer perceptron based ensemble learning approach has been applied to improve the models’overall performance.The experimental results showthat the suggested model is acceptable for feature selection as well as classifying network attacks in an imbalanced dataset,with a high f1-score(0.91)and g-mean(0.99)value.Furthermore,it has outperformed base classifier models and voting procedures.
文摘The approach of traffic abnormality detection of network resource allocation attack did not have reliable signatures to depict abnormality and identify them. However, it is crucial for us to detect attacks accurately. The technique that we adopted is inspired by long range dependence ideas. We use the number of packet arrivals of a flow in fixed-length time intervals as the signal and attempt to extend traffic invariant “self-similarity”. We validate the effectiveness of the approach with simulation and trace analysis.
文摘As IoT devices become more ubiquitous, the security of IoT-based networks becomes paramount. Machine Learning-based cybersecurity enables autonomous threat detection and prevention. However, one of the challenges of applying Machine Learning-based cybersecurity in IoT devices is feature selection as most IoT devices are resource-constrained. This paper studies two feature selection algorithms: Information Gain and PSO-based, to select a minimum number of attack features, and Decision Tree and SVM are utilized for performance comparison. The consistent use of the same metrics in feature selection and detection algorithms substantially enhances the classification accuracy compared to the non-consistent use in feature selection by Information Gain (entropy) and Tree detection algorithm by classification. Furthermore, the Tree with consistent feature selection is comparable to the ensemble that provides excellent performance at the cost of computation complexity.
基金Project supported by the National Science and Technology Major Project(No.2022ZD0115302)the National Natural Science Foundation of China(No.61379052)+1 种基金the Science Foundation of Ministry of Education of China(No.2018A02002)the Natural Science Foundation for Distinguished Young Scholars of Hunan Province,China(No.14JJ1026)。
文摘Active anomaly detection queries labels of sampled instances and uses them to incrementally update the detection model,and has been widely adopted in detecting network attacks.However,existing methods cannot achieve desirable performance on dynamic network traffic streams because(1)their query strategies cannot sample informative instances to make the detection model adapt to the evolving stream and(2)their model updating relies on limited query instances only and fails to leverage the enormous unlabeled instances on streams.To address these issues,we propose an active tree based model,adaptive and augmented active prior-knowledge forest(A3PF),for anomaly detection on network trafic streams.A prior-knowledge forest is constructed using prior knowledge of network attacks to find feature subspaces that better distinguish network anomalies from normal traffic.On one hand,to make the model adapt to the evolving stream,a novel adaptive query strategy is designed to sample informative instances from two aspects:the changes in dynamic data distribution and the uncertainty of anomalies.On the other hand,based on the similarity of instances in the neighborhood,we devise an augmented update method to generate pseudo labels for the unlabeled neighbors of query instances,which enables usage of the enormous unlabeled instances during model updating.Extensive experiments on two benchmarks,CIC-IDS2017 and UNSW-NB15,demonstrate that A3PF achieves significant improvements over previous active methods in terms of the area under the receiver operating characteristic curve(AUC-ROC)(20.9%and 21.5%)and the area under the precision-recall curve(AUC-PR)(44.6%and 64.1%).
基金The research of this paper is supported by the project of Jiangsu Provincial Department of Education(20KJB413002)the science and technology research project of Jiangsu Provincial Public Security Department(2020KX007Z)+2 种基金the Jiangsu Police Institute high level talent introduction research start-up fund”(JSPIGKZ,JSPI20GKZL404)the 2021 doctor of entrepreneurship and innovation in Jiangsu Province(JSSCBS20210599)the Undergraduate Innovation and Entrepreneurship Training Program of Jiangsu Police College(No.202110329053Y)。
文摘At present,the severe network security situation has put forward high requirements for network security defense technology.In order to automate botnet threat warning,this paper researches the types and characteristics of Botnet.Botnet has special characteristics in attributes such as packets,attack time interval,and packet size.In this paper,the attack data is annotated by means of string recognition and expert screening.The attack features are extracted from the labeled attack data,and then use K-means for cluster analysis.The clustering results show that the same attack data has its unique characteristics,and the automatic identification of network attacks is realized based on these characteristics.At the same time,based on the collection and attribute extraction of Botnet attack data,this paper uses RF,GBM,XGBOOST and other machine learning models to test the warning results,and automatically analyzes the attack by importing attack data.In the early warning analysis results,the accuracy rates of different models are obtained.Through the descriptive values of the three accuracy rates of Accuracy,Precision,and F1_Score,the early warning effect of each model can be comprehensively displayed.Among the five algorithms used in this paper,three have an accuracy rate of over 90%.The three models with the highest accuracy are used in the early warning model.The research shows that cyberattacks can be accurately predicted.When this technology is applied to the protection system,accurate early warning can be given before a network attack is launched.
基金supported by the National Key R&D Program of China (2016YFF0204001)the National Key Technology Support Program (2015BAH08F02)+3 种基金the CCF-Venustech Hongyan Research Initiative (2016-009)the PAPD fundthe CICAEET fundthe Guizhou Provincial Key Laboratory of Public Big Data Program
文摘Cyber security lacks comprehensive theoretical guidance. General security theory, as a set of basic security theory concepts, is intended to guide cyber security and all the other security work. The general theory of security aims to unify the main branches of cyber security and establish a unified basic theory. This paper proposal an overview on the general theory of security, which is devoted to constructing a comprehensive model of network security. The hierarchical structure of the meridian-collateral tree is described. Shannon information theory is employed to build a cyberspace security model. Some central concepts of security, i.e., the attack and defense, are discussed and several general theorems on security are presented.
基金supported by the project of the State Key Program of National Natural Science Foundation of China (No. 90818021)supported by a grant from the national high technology research and development program of China (863program) (No.2012AA012903)
文摘In order to protect the website and assess the security risk of website, a novel website security risk assessment method is proposed based on the improved Bayesian attack graph(I-BAG) model. First, the Improved Bayesian attack graph model is established, which takes attack benefits and threat factors into consideration. Compared with the existing attack graph models, it can better describe the website's security risk. Then, the improved Bayesian attack graph is constructed with optimized website attack graph, attack benefit nodes, threat factor nodes and the local conditional probability distribution of each node, which is calculated accordingly. Finally, website's attack probability and risk value are calculated on the level of nodes, hosts and the whole website separately. The experimental results demonstrate that the risk evaluating method based on I-BAG model proposed is a effective way for assessing the website security risk.
文摘This paper puts forward the plan on constructing information security attack and defense platform based on cloud computing and virtualization, provides the hardware topology structure of the platform and technical framework of the system and the experimental process and technical principle of the platform. The experiment platform can provide more than 20 attack classes. Using the virtualization technology can build hypothesized target of various types in the laboratory and diversified network structure to carry out attack and defense experiment.
基金National Natural Science Foundation of China(82372040 and 82271329)National Key Research and Development Program of China(2022YFC2504900and 2016YFC0901002)+3 种基金Chinese Academy of Medical Sciences Innovation Fund for Medical Sciences(2019-I2M-5-029)Key Science&Technologies R&D Program of Lishui City(2019ZDYF18)AstraZeneca Investment(China)and Beijing Natural Science Foundation(Z200016)The Sydney Memory and Ageing Study has been funded by three National Health&Medical Research Council(NHMRC)Program Grants(ID350833,ID568969,and APP1093083)。
文摘Brain aging is typically associated with a significant decline in cognitive performance.Vascular risk factors(VRF)and subsequent atherosclerosis(AS)play a major role in this process.Brain resilience reflects the brain’s ability to withstand external perturbations,but the relationship of brain resilience with cognition during the aging process remains unclear.Here,we investigated how brain topological resilience(BTR)is associated with cognitive performance in the face of aging and vascular risk factors.We used data from two cross-ethnicity community cohorts,PolyvasculaR Evaluation for Cognitive Impairment and Vascular Events(PRECISE,n=2220)and Sydney Memory and Ageing Study(MAS,n=246).We conducted an attack simulation on brain structural networks based on k-shell decomposition and node degree centrality.BTR was defined based on changes in the size of the largest subgroup of the network during the simulation process.Subsequently,we explored the negative correlations of BTR with age,VRF,and AS,and its positive correlation with cognitive performance.Furthermore,using structural equation modeling(SEM),we constructed path models to analyze the directional dependencies among these variables,demonstrating that aging,AS,and VRF affect cognition by disrupting BTR.Our results also indicated the specificity of this metric,independent of brain volume.Overall,these findings underscore the supportive role of BTR on cognition during aging and highlight its potential application as an imaging marker for objective assessment of brain cognitive performance.
文摘The world airport network(WAN) is one of the networked infrastructures that shape today's economic and social activity, so its resilience against incidents affecting the WAN is an important problem. In this paper, the robustness of air route networks is extended by defining and testing several heuristics to define selection criteria to detect the critical nodes of the WAN.In addition to heuristics based on genetic algorithms and simulated annealing, custom heuristics based on node damage and node betweenness are defined. The most effective heuristic is a multiattack heuristic combining both custom heuristics. Results obtained are of importance not only for advance in the understanding of the structure of complex networks, but also for critical node detection.
基金supported by the National Natural Science Foundation of China (60973139,60773041)the Natural Science Foundation of Jiangsu Province (BK2008451)+4 种基金the Hi-Tech Research and Development Program of China (2007AA01Z404,2007AA01Z478)Foundation of National Laboratory for Modern Communications (9140C1105040805)the Postdoctoral Foundation (0801019C,20090451240,20090451241)the Science & Technology Innovation Fund for Higher Education Institutions of Jiangsu Province (CX08B-085Z,CX08B-086Z)the Six Kinds of Top Talent of Jiangsu Province (2008118)
文摘This article is focused on analyzing the key technologies of new malicious code and corresponding defensive measures in the large-scale communication networks. Based on description of the concepts and development of the malicious code, the article introduces the anti-analysis technology, splitting and inserting technology, hiding technology, polymorph virus technology, and auto production technology of the malicious code trends with intelligence, diversity and integration. Following that, it summarizes the security vulnerabilities of communication networks from four related layers aspects, according to the mechanisms of malicious code in the communication networks. Finally, it proposes rapid response disposition of malicious code attacks from four correlated steps: building up the network node monitoring system, suspicious code feature automation analysis and extraction, rapid active malicious code response technique for unknown malicious code, and malicious code attack immunity technique. As a result, it actively defenses against the unknown malicious code attacks and enhances the security performance of communication networks.
基金the National Natural Science Foundation of China(61802117)。
文摘The network attack profit graph(NAPG)model and the attack profit path predication algorithm are presented herein to cover the shortage of considerations in attacker’s subjective factors based on existing network attack path prediction methods.Firstly,the attack profit is introduced,with the attack profit matrix designed and the attack profit matrix generation algorithm given accordingly.Secondly,a path profit feasibility analysis algorithm is proposed to analyze the network feasibility of realizing profit of attack path.Finally,an opportunity profit path and an optimal profit path are introduced with the selection algorithm and the prediction algorithm designed for accurate prediction of the path.According to the experimental test,the network attack profit path predication algorithm is applicable for accurate prediction of the opportunity profit path and the optimal profit path.
基金the National Key Basic Research and Development (973) Program of China (Nos. 2012CB315801 and 2011CB302805)the National Natural Science Foundation of China A3 Program (No. 61161140320) and the National Natural Science Foundation of China (No. 61233016)Intel Research Councils UPO program with title of security Vulnerability Analysis based on Cloud Platform with Intel IA Architecture
文摘The archiving of Internet traffic is an essential function for retrospective network event analysis and forensic computer communication. The state-of-the-art approach for network monitoring and analysis involves storage and analysis of network flow statistic. However, this approach loses much valuable information within the Internet traffic. With the advancement of commodity hardware, in particular the volume of storage devices and the speed of interconnect technologies used in network adapter cards and multi-core processors, it is now possible to capture 10 Gbps and beyond real-time network traffic using a commodity computer, such as n2disk. Also with the advancement of distributed file system (such as Hadoop, ZFS, etc.) and open cloud computing platform (such as OpenStack, CloudStack, and Eucalyptus, etc.), it is practical to store such large volume of traffic data and fully in-depth analyse the inside communication within an acceptable latency. In this paper, based on well- known TimeMachine, we present TIFAflow, the design and implementation of a novel system for archiving and querying network flows. Firstly, we enhance the traffic archiving system named TImemachine+FAstbit (TIFA) with flow granularity, i.e., supply the system with flow table and flow module. Secondly, based on real network traces, we conduct performance comparison experiments of TIFAflow with other implementations such as common database solution, TimeMachine and TIFA system. Finally, based on comparison results, we demonstrate that TIFAflow has a higher performance improvement in storing and querying performance than TimeMachine and TIFA, both in time and space metrics.
基金This work was supported by ARO W911NF-13-1-0421(MURI),NSF CNS-1814679,and ARO W911NF-15-1-0576.
文摘Although using machine learning techniques to solve computer security challenges is not a new idea,the rapidly emerging Deep Learning technology has recently triggered a substantial amount of interests in the computer security community.This paper seeks to provide a dedicated review of the very recent research works on using Deep Learning techniques to solve computer security challenges.In particular,the review covers eight computer security problems being solved by applications of Deep Learning:security-oriented program analysis,defending return-oriented programming(ROP)attacks,achieving control-flow integrity(CFI),defending network attacks,malware classification,system-event-based anomaly detection,memory forensics,and fuzzing for software security.
基金supported by the National Natural Science Foundation of China(Nos.61472033,61370092,and 61272432)
文摘To address the issue of internal network security, Software-Defined Network(SDN) technology has been introduced to large-scale cloud centers because it not only improves network performance but also deals with network attacks. To prevent man-in-the-middle and denial of service attacks caused by an address resolution protocol bug in an SDN-based cloud center, this study proposed a Bayes-based algorithm to calculate the probability of a host being an attacker and further presented a detection model based on the algorithm. Experiments were conducted to validate this method.
基金supported by ARO W911NF-13-1-0421(MURI),NSF CNS-1814679,and ARO W911NF-15-1-0576.
文摘Although using machine learning techniques to solve computer security challenges is not a new idea,the rapidly emerging Deep Learning technology has recently triggered a substantial amount of interests in the computer security community.This paper seeks to provide a dedicated review of the very recent research works on using Deep Learning techniques to solve computer security challenges.In particular,the review covers eight computer security problems being solved by applications of Deep Learning:security-oriented program analysis,defending return-oriented programming(ROP)attacks,achieving control-flow integrity(CFI),defending network attacks,malware classification,system-event-based anomaly detection,memory forensics,and fuzzing for software security.