Most recent satellite network research has focused on providing routing services without considering security. In this paper, for the sake of better global coverage, we introduce a novel triple-layered satellite netwo...Most recent satellite network research has focused on providing routing services without considering security. In this paper, for the sake of better global coverage, we introduce a novel triple-layered satellite network architecture including Geostationary Earth Orbit (GEO), Highly Elliptical Orbit (HEO), and Low Earth Orbit (LEO) satellite layers, which provides the near-global coverage with 24 hour uninterrupted over the areas varying from 75° S to 90° N. On the basis of the hierarchical architecture, we propose a QoS-guaranteed secure multicast routing protocol (QGSMRP) for satellite IP networks using the logical location concept to isolate the mobility of LEO and HEO satellites. In QGSMRP, we employ the asymmetric cryptography to secure the control messages via the pairwise key pre-distribution, and present a least cost tree (LCT) strategy to construct the multicast tree under the condition that the QoS constraints are guaranteed, aiming to minimize the tree cost. Simulation results show that the performance benefits of the proposed QGSMRP in terms of the end-to-end tree delay, the tree cost, and the failure ratio of multicasting connections by comparison with the conventional shortest path tree (SPT) strategy.展开更多
Networks protection against different types of attacks is one of most important posed issue into the network and information security domains. This problem on Wireless Sensor Networks (WSNs), in attention to their spe...Networks protection against different types of attacks is one of most important posed issue into the network and information security domains. This problem on Wireless Sensor Networks (WSNs), in attention to their special properties, has more importance. Now, there are some of proposed solutions to protect Wireless Sensor Networks (WSNs) against different types of intrusions;but no one of them has a comprehensive view to this problem and they are usually designed in single-purpose;but, the proposed design in this paper has been a comprehensive view to this issue by presenting a complete Intrusion Detection Architecture (IDA). The main contribution of this architecture is its hierarchical structure;i.e. it is designed and applicable, in one, two or three levels, consistent to the application domain and its required security level. Focus of this paper is on the clustering WSNs, designing and deploying Sensor-based Intrusion Detection System (SIDS) on sensor nodes, Cluster-based Intrusion Detection System (CIDS) on cluster-heads and Wireless Sensor Network wide level Intrusion Detection System (WSNIDS) on the central server. Suppositions of the WSN and Intrusion Detection Architecture (IDA) are: static and heterogeneous network, hierarchical, distributed and clustering structure along with clusters' overlapping. Finally, this paper has been designed a questionnaire to verify the proposed idea;then it analyzed and evaluated the acquired results from the questionnaires.展开更多
Improving maternal health is one of the Sustainable Development Goals.Hospital service areas(HSAs),which contain most hospitalization behaviors at the local scale,are crucial for health care planning.However,little at...Improving maternal health is one of the Sustainable Development Goals.Hospital service areas(HSAs),which contain most hospitalization behaviors at the local scale,are crucial for health care planning.However,little attention has been given to HSAs for maternal care and the hierarchy structure.Considering Hubei,central China,as a case study,this study aims to fill these gaps by developing a method for delineating hierarchical HSAs for maternal care using a network optimization approach.The approach is driven by actual patient flow data and has an explicit objective to maximize the modularity.It also establishes the hierarchical structure of maternal care HSAs,which is fundamental for the planning of hierarchical maternal care and referral systems.In our case study,45 secondary HSAs and 22tertiary HSAs are delineated to achieve maximal modularity.The HSAs perform well in terms of indices such as the Localization Index and Market Share Index.Furthermore,there is a complementary relationship between secondary and tertiary hospitals,which suggests the need for referral system planning.This study can provide evidence for the validity of the HSA and the planning of maternal care HSAs in China.It also provides transferable methods for planning hierarchical HSAs in other developing countries.展开更多
Considering that growing hierarchical self-organizing map(GHSOM) ignores the influence of individual component in sample vector analysis, and its accurate rate in detecting unknown network attacks is relatively lower,...Considering that growing hierarchical self-organizing map(GHSOM) ignores the influence of individual component in sample vector analysis, and its accurate rate in detecting unknown network attacks is relatively lower, an improved GHSOM method combined with mutual information is proposed. After theoretical analysis, experiments are conducted to illustrate the effectiveness of the proposed method by accurately clustering the input data. Based on different clusters, the complex relationship within the data can be revealed effectively.展开更多
Increasing time-spent online has amplified users' exposure to tile tilreat oI miormanon leakage. Although existing security systems (such as firewalls and intrusion detection systems) can satisfy most of the securi...Increasing time-spent online has amplified users' exposure to tile tilreat oI miormanon leakage. Although existing security systems (such as firewalls and intrusion detection systems) can satisfy most of the security requirements of network administrators, they are not suitable for detecting the activities of applying the HTTP-tunnel technique to steal users' private information. This paper focuses on a network behavior-based method to address the limitations of the existing protection systems. At first, it analyzes the normal network behavior pattern over HTI'P traffic and select four features. Then, it pres- ents an anomaly-based detection model that applies a hierarchical clustering technique and a scoring mechanism. It also uses real-world data to validate that the selected features are useful. The experiments have demonstrated that the model could achieve over 93% hit-rate with only about 3% false- positive rate. It is regarded confidently that the approach is a complementary technique to the existing security systems.展开更多
The effects of strategy on the network security defense and the related research on intrusion response strategy are briefly presented, with the focus on the status and function of intrusion re- sponse strategy in the ...The effects of strategy on the network security defense and the related research on intrusion response strategy are briefly presented, with the focus on the status and function of intrusion re- sponse strategy in the intrusion response decision-making. Some specific response strategies for specific response goals are presented as well. The relevant knowledge of the planning, and a classification of response tasks are proposed. The intrusion response planning methods and models based on hierarchical task network (HTN) are described in detail. On this basis, the model of combining the response measure decision-making with the response time decision-making is expounded. The proposed model can integrate response strategy into response decision-making mechanism. In addition, the results of the intrusion response experiments are provided to verify the ability of using different response strategies to achieve different response goals. At last, the application needs of response strategy in network security are analyzed, and the approaches of the response strategy applied in in- trusion response system are summarized.展开更多
文摘Most recent satellite network research has focused on providing routing services without considering security. In this paper, for the sake of better global coverage, we introduce a novel triple-layered satellite network architecture including Geostationary Earth Orbit (GEO), Highly Elliptical Orbit (HEO), and Low Earth Orbit (LEO) satellite layers, which provides the near-global coverage with 24 hour uninterrupted over the areas varying from 75° S to 90° N. On the basis of the hierarchical architecture, we propose a QoS-guaranteed secure multicast routing protocol (QGSMRP) for satellite IP networks using the logical location concept to isolate the mobility of LEO and HEO satellites. In QGSMRP, we employ the asymmetric cryptography to secure the control messages via the pairwise key pre-distribution, and present a least cost tree (LCT) strategy to construct the multicast tree under the condition that the QoS constraints are guaranteed, aiming to minimize the tree cost. Simulation results show that the performance benefits of the proposed QGSMRP in terms of the end-to-end tree delay, the tree cost, and the failure ratio of multicasting connections by comparison with the conventional shortest path tree (SPT) strategy.
文摘Networks protection against different types of attacks is one of most important posed issue into the network and information security domains. This problem on Wireless Sensor Networks (WSNs), in attention to their special properties, has more importance. Now, there are some of proposed solutions to protect Wireless Sensor Networks (WSNs) against different types of intrusions;but no one of them has a comprehensive view to this problem and they are usually designed in single-purpose;but, the proposed design in this paper has been a comprehensive view to this issue by presenting a complete Intrusion Detection Architecture (IDA). The main contribution of this architecture is its hierarchical structure;i.e. it is designed and applicable, in one, two or three levels, consistent to the application domain and its required security level. Focus of this paper is on the clustering WSNs, designing and deploying Sensor-based Intrusion Detection System (SIDS) on sensor nodes, Cluster-based Intrusion Detection System (CIDS) on cluster-heads and Wireless Sensor Network wide level Intrusion Detection System (WSNIDS) on the central server. Suppositions of the WSN and Intrusion Detection Architecture (IDA) are: static and heterogeneous network, hierarchical, distributed and clustering structure along with clusters' overlapping. Finally, this paper has been designed a questionnaire to verify the proposed idea;then it analyzed and evaluated the acquired results from the questionnaires.
基金National Natural Science Foundation of China,No.41671497。
文摘Improving maternal health is one of the Sustainable Development Goals.Hospital service areas(HSAs),which contain most hospitalization behaviors at the local scale,are crucial for health care planning.However,little attention has been given to HSAs for maternal care and the hierarchy structure.Considering Hubei,central China,as a case study,this study aims to fill these gaps by developing a method for delineating hierarchical HSAs for maternal care using a network optimization approach.The approach is driven by actual patient flow data and has an explicit objective to maximize the modularity.It also establishes the hierarchical structure of maternal care HSAs,which is fundamental for the planning of hierarchical maternal care and referral systems.In our case study,45 secondary HSAs and 22tertiary HSAs are delineated to achieve maximal modularity.The HSAs perform well in terms of indices such as the Localization Index and Market Share Index.Furthermore,there is a complementary relationship between secondary and tertiary hospitals,which suggests the need for referral system planning.This study can provide evidence for the validity of the HSA and the planning of maternal care HSAs in China.It also provides transferable methods for planning hierarchical HSAs in other developing countries.
基金Supported by the Natural Science Foundation of Tianjin(No.15JCQNJC00200)
文摘Considering that growing hierarchical self-organizing map(GHSOM) ignores the influence of individual component in sample vector analysis, and its accurate rate in detecting unknown network attacks is relatively lower, an improved GHSOM method combined with mutual information is proposed. After theoretical analysis, experiments are conducted to illustrate the effectiveness of the proposed method by accurately clustering the input data. Based on different clusters, the complex relationship within the data can be revealed effectively.
基金Supported by the National Natural Science Foundation of China(No.61070185,61003261)the Knowledge Innovation Program of the Chinese Academy of Sciences(No.XDA06030200)
文摘Increasing time-spent online has amplified users' exposure to tile tilreat oI miormanon leakage. Although existing security systems (such as firewalls and intrusion detection systems) can satisfy most of the security requirements of network administrators, they are not suitable for detecting the activities of applying the HTTP-tunnel technique to steal users' private information. This paper focuses on a network behavior-based method to address the limitations of the existing protection systems. At first, it analyzes the normal network behavior pattern over HTI'P traffic and select four features. Then, it pres- ents an anomaly-based detection model that applies a hierarchical clustering technique and a scoring mechanism. It also uses real-world data to validate that the selected features are useful. The experiments have demonstrated that the model could achieve over 93% hit-rate with only about 3% false- positive rate. It is regarded confidently that the approach is a complementary technique to the existing security systems.
文摘The effects of strategy on the network security defense and the related research on intrusion response strategy are briefly presented, with the focus on the status and function of intrusion re- sponse strategy in the intrusion response decision-making. Some specific response strategies for specific response goals are presented as well. The relevant knowledge of the planning, and a classification of response tasks are proposed. The intrusion response planning methods and models based on hierarchical task network (HTN) are described in detail. On this basis, the model of combining the response measure decision-making with the response time decision-making is expounded. The proposed model can integrate response strategy into response decision-making mechanism. In addition, the results of the intrusion response experiments are provided to verify the ability of using different response strategies to achieve different response goals. At last, the application needs of response strategy in network security are analyzed, and the approaches of the response strategy applied in in- trusion response system are summarized.
