A New Model for Network Security Situation Assessment of the Industrial Internet

To address the problem of network security situation assessment in the Industrial Internet,this paper adopts the evidential reasoning(ER)algorithm and belief rule base(BRB)method to establish an assessment model.First,this paper analyzes the influencing factors of the Industrial Internet and selects evaluation indicators that contain not only quantitative data but also qualitative knowledge.Second,the evaluation indicators are fused with expert knowledge and the ER algorithm.According to the fusion results,a network security situation assessment model of the Industrial Internet based on the ER and BRB method is established,and the projection covariance matrix adaptive evolution strategy(P-CMA-ES)is used to optimize the model parameters.This method can not only utilize semiquantitative information effectively but also use more uncertain information and prevent the problem of combinatorial explosion.Moreover,it solves the problem of the uncertainty of expert knowledge and overcomes the problem of low modeling accuracy caused by insufficient data.Finally,a network security situation assessment case of the Industrial Internet is analyzed to verify the effectiveness and superiority of the method.The research results showthat this method has strong applicability to the network security situation assessment of complex Industrial Internet systems.It can accurately reflect the actual network security situation of Industrial Internet systems and provide safe and reliable suggestions for network administrators to take timely countermeasures,thereby improving the risk monitoring and emergency response capabilities of the Industrial Internet.

Analysis of Campus Network Security

Campus network provides a critical stage to student service and campus administration,which assumes a paramount part in the strategy of‘Rejuvenating the Country through Science and Education’and‘Revitalizing China through Talented Persons’.However,with the rapid development and continuous expansion of campus network,network security needs to be an essential issue that could not be overlooked in campus network construction.In order to ensure the normal operation of various functions of the campus network,the security risk level of the campus network is supposed to be controlled within a reasonable range at any moment.Through literature research,theory analysis and other methods,this paper systematically combs the research on campus network security at home and abroad,analyzing and researching the campus network security issues from a theoretical perspective.A series of efficient solutions accordingly were also put forward.

A Security Trade-Off Scheme of Anomaly Detection System in IoT to Defend against Data-Tampering Attacks

Internet of Things(IoT)is vulnerable to data-tampering(DT)attacks.Due to resource limitations,many anomaly detection systems(ADSs)for IoT have high false positive rates when detecting DT attacks.This leads to the misreporting of normal data,which will impact the normal operation of IoT.To mitigate the impact caused by the high false positive rate of ADS,this paper proposes an ADS management scheme for clustered IoT.First,we model the data transmission and anomaly detection in clustered IoT.Then,the operation strategy of the clustered IoT is formulated as the running probabilities of all ADSs deployed on every IoT device.In the presence of a high false positive rate in ADSs,to deal with the trade-off between the security and availability of data,we develop a linear programming model referred to as a security trade-off(ST)model.Next,we develop an analysis framework for the ST model,and solve the ST model on an IoT simulation platform.Last,we reveal the effect of some factors on the maximum combined detection rate through theoretical analysis.Simulations show that the ADS management scheme can mitigate the data unavailability loss caused by the high false positive rates in ADS.

Security and Privacy Challenges in SDN-Enabled IoT Systems: Causes, Proposed Solutions,and Future Directions

Software-Defined Networking(SDN)represents a significant paradigm shift in network architecture,separating network logic from the underlying forwarding devices to enhance flexibility and centralize deployment.Concur-rently,the Internet of Things(IoT)connects numerous devices to the Internet,enabling autonomous interactions with minimal human intervention.However,implementing and managing an SDN-IoT system is inherently complex,particularly for those with limited resources,as the dynamic and distributed nature of IoT infrastructures creates security and privacy challenges during SDN integration.The findings of this study underscore the primary security and privacy challenges across application,control,and data planes.A comprehensive review evaluates the root causes of these challenges and the defense techniques employed in prior works to establish sufficient secrecy and privacy protection.Recent investigations have explored cutting-edge methods,such as leveraging blockchain for transaction recording to enhance security and privacy,along with applying machine learning and deep learning approaches to identify and mitigate the impacts of Denial of Service(DoS)and Distributed DoS(DDoS)attacks.Moreover,the analysis indicates that encryption and hashing techniques are prevalent in the data plane,whereas access control and certificate authorization are prominently considered in the control plane,and authentication is commonly employed within the application plane.Additionally,this paper outlines future directions,offering insights into potential strategies and technological advancements aimed at fostering a more secure and privacy-conscious SDN-based IoT ecosystem.

Performance Evaluation of an Internet Protocol Security (IPSec) Based Multiprotocol Label Switching (MPLS) Virtual Private Network

This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in data networks has been increasing owing to the high cyber attacks and potential risks associated with networks spread over distant geographical locations. The MPLS networks ride on the public network backbone that is porous and highly susceptible to attacks and so the need for reliable security mechanisms to be part of the deployment plan. The evaluation criteria concentrated on Voice over Internet Protocol (VoIP) and Video conferencing with keen interest in jitter, end to end delivery and general data flow. This study used both structured questionnaire and observation methods. The structured questionnaire was administered to a group of 70 VPN users in a company. This provided the study with precise responses. The observation method was used in data simulations using OPNET Version 14.5 Simulation software. The results show that the IPSec features increase the size of data packets by approximately 9.98% translating into approximately 90.02% effectiveness. The tests showed that the performance metrics are all well within the recommended standards. The IPSec Based MPLS Virtual private network is more stable and secure than one without IPSec.

Wireless Sensor Security Issues on Data Link Layer:A Survey

A computer network can be defined as many computing devices connected via a communication medium like the internet.Computer network development has proposed how humans and devices communicate today.These networks have improved,facilitated,and made conventional forms of communication easier.However,it has also led to uptick in-network threats and assaults.In 2022,the global market for information technology is expected to reach$170.4 billion.However,in contrast,95%of cyber security threats globally are caused by human action.These networks may be utilized in several control systems,such as home-automation,chemical and physical assault detection,intrusion detection,and environmental monitoring.The proposed literature review presents a wide range of information on Wireless Social Networks(WSNs)and Internet of Things(IoT)frameworks.The aim is first to be aware of the existing issues(issues with traditional methods)and network attacks on WSN and IoT systems and how to defend them.The second is to review the novel work in the domain and find its limitations.The goal is to identify the area’s primary gray field or current research divide to enable others to address the range.Finally,we concluded that configuration.Message Rapid Spanning Tree Protocol(RSTP)messages have higher efficiency in network performance degradation than alternative Bridge Data Unit Protocol(BPDU)forms.The research divides our future research into solutions and newly developed techniques that can assist in completing the lacking component.In this research,we have selected articles from 2015 to 2021 to provide users with a comprehensive literature overview.

A 10 Gbps in-line network security processor based on configurable hetero-multi-cores

This paper deals with an in-line network security processor （NSP） design that implements the Intemet Protocol Security （IPSec） protocol processing for the 10 Gbps Ethernet. The 10 Gbps high speed data transfer, the IPSec processing in- cluding the crypto-operation, the database query, and IPSec header processing are integrated in the design. The in-line NSP is implemented using 65 nm CMOS technology and the layout area is 2.5 mm^3 mm with 360 million gates. A configurable crossbar data transfer skeleton implementing an iSLIP scheduling algorithm is proposed, which enables simultaneous data transfer between the heterogeneous multiple cores. There are, in addition, a high speed input/output data buffering mechanism and design of high performance hardware structures for modules, wherein the transfer efficiency and the resource utilization are maximized and the IPSec protocol processing achieves 10 Gbps line speed. A high speed and low power hardware look-up method is proposed, which effectively reduces the area and power dissipation. The post simulation results demonstrate that the design gives a peak throughput for the Authentication Header （AH） transport mode of 10.06 Gbps with the average test packet length of 512 bytes under the clock rate of 250 MHz, and power dissipation less than 1 W is obtained. An FPGA prototype is constructed to verify the function of the design. A test bench is being set up for performance and function verification.

Optimal Wavelet Neural Network-Based Intrusion Detection in Internet of Things Environment

As the Internet of Things(IoT)endures to develop,a huge count of data has been created.An IoT platform is rather sensitive to security challenges as individual data can be leaked,or sensor data could be used to cause accidents.As typical intrusion detection system(IDS)studies can be frequently designed for working well on databases,it can be unknown if they intend to work well in altering network environments.Machine learning(ML)techniques are depicted to have a higher capacity at assisting mitigate an attack on IoT device and another edge system with reasonable accuracy.This article introduces a new Bird Swarm Algorithm with Wavelet Neural Network for Intrusion Detection(BSAWNN-ID)in the IoT platform.The main intention of the BSAWNN-ID algorithm lies in detecting and classifying intrusions in the IoT platform.The BSAWNN-ID technique primarily designs a feature subset selection using the coyote optimization algorithm(FSS-COA)to attain this.Next,to detect intrusions,the WNN model is utilized.At last,theWNNparameters are optimally modified by the use of BSA.Awidespread experiment is performed to depict the better performance of the BSAWNNID technique.The resultant values indicated the better performance of the BSAWNN-ID technique over other models,with an accuracy of 99.64%on the UNSW-NB15 dataset.

Security and Privacy in 5G Internet of Vehicles(IoV)Environment

Modern vehicles are equipped with sensors,communication,and computation units that make them capable of providing monitoring services and analysis of real-time traffic information to improve road safety.The main aim of communication in vehicular networks is to achieve an autonomous driving environment that is accident-free alongside increasing road use quality.However,the demanding specifications such as high data rate,low latency,and high reliability in vehicular networks make 5G an emerging solution for addressing the current vehicular network challenges.In the 5G IoV environment,various technologies and models are deployed,making the environment open to attacks such as Sybil,Denial of Service(DoS)and jamming.This paper presents the security and privacy challenges in an IoV 5G environment.Different categories of vehicular network attacks and possible solutions are presented from the technical point of view.

A Blockchain-Based Architecture for Enabling Cybersecurity in the Internet-of-Critical Infrastructures

Due to the drastic increase in the number of critical infrastructures like nuclear plants,industrial control systems(ICS),transportation,it becomes highly vulnerable to several attacks.They become the major targets of cyberattacks due to the increase in number of interconnections with other networks.Several research works have focused on the design of intrusion detection systems(IDS)using machine learning(ML)and deep learning(DL)models.At the same time,Blockchain(BC)technology can be applied to improve the security level.In order to resolve the security issues that exist in the critical infrastructures and ICS,this study designs a novel BC with deep learning empowered cyber-attack detection(BDLE-CAD)in critical infrastructures and ICS.The proposed BDLE-CAD technique aims to identify the existence of intrusions in the network.In addition,the presented enhanced chimp optimization based feature selection(ECOA-FS)technique is applied for the selection of optimal subset of features.Moreover,the optimal deep neural network(DNN)with search and rescue(SAR)optimizer is applied for the detection and classification of intrusions.Furthermore,a BC enabled integrity checking scheme(BEICS)has been presented to defend against the misrouting attacks.The experimental result analysis of the BDLE-CAD technique takes place and the results are inspected under varying aspects.The simulation analysis pointed out the supremacy of the BDLE-CAD technique over the recent state of art techniques with the accuy of 92.63%.

Proposal of a Methodology for the Assessment of Security Levels of IoT Wireless Sensor Networks in Nuclear Environments

The use of Wireless Sensor Networks (WSN) associated with the reality of an Internet of Things (IoT) scenario in nuclear environments is a growing security concern. In this context, standards are intensified to preserve the physical integrity of these facilities considered to be highly critical due to the size of the impacts of safety accidents. This paper presents a proposal to build a methodology to evaluate the security levels of WSNs with IoT devices when used in nuclear areas. The proposal is initially based on related work to establish a more concrete initial framework and is structured in consistent steps from previous scientific studies.

A 5G Perspective of an SDN-Based Privacy-Preserving Scheme for IoT Networks

The ever-increasing needs of Internet of Things networks (IoTn) present considerable issues in computing complexity, security, trust, and authentication, among others. This gets increasingly more challenging as technology advances, and its use expands. As a consequence, boosting the capacity of these networks has garnered widespread attention. As a result, 5G, the next phase of cellular networks, is expected to be a game-changer, bringing with it faster data transmission rates, more capacity, improved service quality, and reduced latency. However, 5G networks continue to confront difficulties in establishing pervasive and dependable connections amongst high-speed IoT devices. Thus, to address the shortcomings in current recommendations, we present a unified architecture based on software-defined networks (SDNs) that provides 5G-enabled devices that must have complete secrecy. Through SDN, the architecture streamlines network administration while optimizing network communications. A mutual authentication protocol using elliptic curve cryptography is introduced for mutual authentication across certificate authorities and clustered heads in IoT network deployments based on IoT. Again, a dimensionality reduction intrusion detection mechanism is introduced to decrease computational cost and identify possible network breaches. However, to leverage the method’s potential, the initial module's security is reviewed. The second module is evaluated and compared to modern models.

Web Security and Log Management: An Application Centric Perspective

The World Wide Web has been an environment with many security threats and lots of reported cases of security breaches. Various tools and techniques have been applied in trying to curb this problem, however new attacks continue to plague the Internet. We discuss risks that affect web applications and explain how network-centric and host-centric techniques, as much as they are crucial in an enterprise, lack necessary depth to comprehensively analyze overall application security. The nature of web applications to span a number of servers introduces a new dimension of security requirement that calls for a holistic approach to protect the information asset regardless of its physical or logical separation of modules and tiers. We therefore classify security mechanisms as either infrastructure-centric or application-centric based on what asset is being secured. We then describe requirements for such application-centric security mechanisms.

A Dual-Channel Secure Transmission Scheme for Internet-Based Networked Control Systems

Two significant issues in Internet-based networked control systems （ INCSs）, transport performance of different protocols and security breach from Internet side, are investigated. First, for improving the performance of data transmission, user datagram protocol （UDP） is adopted as the main stand for controllers and plants using INCSs. Second, a dual-channel secure transmission scheme （DCSTS）based on data transmission characteristics of INCSs is proposed, in which a raw UDP channel and a secure TCP （transmission control protocol） connection making use of SSL/TLS （secure sockets layer/transport layer security） are included. Further, a networked control protocol （NCP） at application layer for supporting DCSTS between the controllers and plants in INCSs is designed, and it also aims at providing a universal communication mechanism for interoperability of devices among the networked control laboratories in Beijing Institute of Technology of China, Central South University of China and Tokyo University of Technology of Japan. By means of a networked single-degree-of-free- dom robot arm, an INCS under the new protocol and security environment is created. Compared with systems such as IPSec or SSL/TLS, which may cause more than 91% network throughput deduction, the new DCSTS protocol may yield results ten times better, being just 5.67%.

A Systematic Overview of Underwater Wireless Sensor Networks:Applications,Challenge and Research Perspectives

Underwater Wireless Sensor Networks(UWSNs)are becoming increasingly popular in marine applications due to advances in wireless and microelectronics technology.However,UWSNs present challenges in processing,energy,and memory storage due to the use of acoustic waves for communication,which results in long delays,significant power consumption,limited bandwidth,and packet loss.This paper provides a comprehensive review of the latest advancements in UWSNs,including essential services,common platforms,critical elements,and components such as localization algorithms,communication,synchronization,security,mobility,and applications.Despite significant progress,reliable and flexible solutions are needed to meet the evolving requirements of UWSNs.The purpose of this paper is to provide a framework for future research in the field of UWSNs by examining recent advancements,establishing a standard platform and service criteria,using a taxonomy to determine critical elements,and emphasizing important unresolved issues.

网络自由主义的本质、危害及其对策

研究网络自由主义思潮,需要从本质、危害和化解三重维度加以把握。在本质维度上,网络自由主义是一种唯心的、先验的、带有鲜明价值导向的社会思潮;在危害维度上,网络自由主义在意识形态、国家主权、民族精神和公共秩序等方面产生了消极影响;在化解维度上,应从加强党的建设、强化舆论引导、培育网络文化和完善网络立法等方面入手建设网络良好生态。

基于模糊逻辑的物联网流量攻击检测技术综述

物联网越来越多地出现在日常活动中,将我们周围多样化的物理设备连接到互联网,奠定了智慧城市、电子健康、精准农业等应用的基础。随着物联网应用的迅速普及,针对这类设备和服务的网络攻击数量也有所增加,且这些攻击具有不精确性和不确定性,使得对其进行正确检测和识别更加困难。为了应对上述挑战,学者们引入了基于模糊逻辑的攻击检测框架,在各种操作步骤中结合不同的模糊技术,以便在数据不准确和不确定时更精确地检测网络攻击。文中首先对物联网的安全性进行了详细的探讨,如其应对的安全挑战、所需的安全要求、面临的攻击类型等;其次对入侵检测系统(Intrusion Detection Systems,IDS)进行了描述,进而简述了物联网中IDS的基础框架;然后阐述了模糊逻辑的技术原理,分析了将其应用在流量攻击检测中的合理性;接着比较了各种基于不同技术的流量攻击检测方案,以说明它们在该领域的性能和重要性;最后总结了本文的主要工作,指出了未来的研究方向,为该领域的研究者提供了新的视角,以更好地应对不断升级的网络攻击。

Internet测量与分析综述

Internet的测量与分析为加强网络管理、提高网络利用率、防范大规模网络攻击提供了技术平台,已成为学术界、企业界和国家政府部门所普遍关心的重要问题之一.介绍了网络测量与分析的主要研究内容,以及国内外相关领域的研究现状,并对该领域的关键技术和难点问题进行了分析,同时给出了网络测量与分析的3个典型应用案例.

一个Internet路由器级拓扑自动发现系统

本文讨论了一个Internet路由器级拓扑自动发现系统的结构、所遇到的问题和若干关键技术,并实现了一个针对CERNET的拓扑发现原型系统。实验结果表明,发现方法可行,发现原理适合于大规模IP网络,可以拓展为一个发现全国Internet路由器级拓扑的系统。

Internet防火墙系统的设计与实现

本文首先分析了目前流行的网络互连协议——ＴＣＰ／ＩＰ协议存在的安全问题及Ｉｎｔｅｒｎｅｔ网的不安全性，然后给出了Ｉｎｔｅｒｎｅｔ网安全可行的解决方案——防火墙技术，同时分析了传统防火墙系统存在的不足，并设计了一个基于包过滤、代理技术和密码技术的双层防火墙系统，最后探讨了防火墙技术的发展方向。