The wide application of network technology in power systems brings not only convenience and flexibility but also security threats. An architecture of network security for power system was proposed in this study,which ...The wide application of network technology in power systems brings not only convenience and flexibility but also security threats. An architecture of network security for power system was proposed in this study,which protected data and facilities from being attacked by outside users by means of firewall, security monitor and control system. Firewall was basically the first line of defense for the intranet; the security monitoring system was a kind of IDS (Intrusion Detection System), while security control system provided authentication, authorization,data-encrypted transmission and security management. This architecture provides various security services, such as identification, authentication, authorization, data integrity and confidentiality.展开更多
In this paper we have present the architecture and module for internet firewall. The central component is fuzzy controller while properties of packets are fuzzified as inputs. On the basis of proposed fuzzy security a...In this paper we have present the architecture and module for internet firewall. The central component is fuzzy controller while properties of packets are fuzzified as inputs. On the basis of proposed fuzzy security algorithm, we have figured out security level of each packet and adjust according to packets dynamic states. Internet firewall can respond to these dynamics and take respective actions accordingly. Therefore, proactive firewall solves the conflict between speed and security by providing high performance and high security. Simulation shows that if the response value is in between 0.7 and 1 it belongs to high security.展开更多
This paper rejuvenates the notion of conformance testing in order to assess the security of networks. It leverages the Testing and Test Control Notation Version 3 (TTCN-3) by applying it to a redefined notion of <i...This paper rejuvenates the notion of conformance testing in order to assess the security of networks. It leverages the Testing and Test Control Notation Version 3 (TTCN-3) by applying it to a redefined notion of <i>System under Test</i> (<i>SUT</i>). Instead of testing, as it is classically done, a software/firmware/ hardware element, an intangible object, namely the network, is tested in order to infer some of its security properties. After a brief introduction of TTCN-3 and Titan, its compilation and execution environment, a couple of use cases are provided to illustrate the feasibility of the approach. The pros and cons of using TTCN-3 to implement a scalable and flexible network testing environment are discussed.展开更多
This article analyzes the problem of computer network security, and design scheme of the network security system. The scheme uses advanced network security technologies, includes a complete set of physical isolation, ...This article analyzes the problem of computer network security, and design scheme of the network security system. The scheme uses advanced network security technologies, includes a complete set of physical isolation, desktop system security, virus protection, identity authentication, access control, information encryption, message integrity check, non-repudiation, security audit, intrusion detection, vulnerability scanning, electromagnetic leakage emission protection, security management and other security technology and management measures, the purpose is to establish a complete, multi-level three-dimensional, network security defense system.展开更多
Along with the deepening of the reform and opening-up policy and the entering of the WTO,international exchange of economy and culture has become more and more frequent,Internet has become an indispensable part of our...Along with the deepening of the reform and opening-up policy and the entering of the WTO,international exchange of economy and culture has become more and more frequent,Internet has become an indispensable part of our life,its rapid development brings great convenience to us,and all of the computers will be connected by Internet in the 21 century,thus the meaning of information security has changed substantially.It not only changes from a general guarding to a common defence,but from a specific field to a public subject as well.However,the opening and sharing of the Internet resource,unefficient supervision as well as various virus make people's information and belongings being in an extremely dangerous environment.The fight between hackers and anti-hackers,destruction and anti-destruction has already affected the stable running of the network and users' legal right,caused great economy damages and it could also threat our country's security.So a right understanding and in-time measures should be paid special attention to.The thesis firstly expatiates the current state of the network security and its importance,and discusses some major factors and threats that affect the network security.And the thesis also introduce some catalogues of the security techniques,some relevant information and their major characters,besides that,I enumerate some popular and effective methods of protecting our network,including the widely used firewall,and the meticulous techniques such as security scan techniques and techniques of intrusion detection.Lastly,some protective measures are stated.展开更多
Firewalls are crucial elements that enhance network security by examining the field values of every packet and deciding whether to accept or discard a packet according to the firewall policies. With the development of...Firewalls are crucial elements that enhance network security by examining the field values of every packet and deciding whether to accept or discard a packet according to the firewall policies. With the development of networks, the number of rules in firewalls has rapidly increased, consequently degrading network performance.In addition, because most real-life firewalls have been plagued with policy conflicts, malicious traffics can be allowed or legitimate traffics can be blocked. Moreover, because of the complexity of the firewall policies, it is very important to reduce the number of rules in a firewall while keeping the rule semantics unchanged and the target firewall rules conflict-free. In this study, we make three major contributions. First, we present a new approach in which a geometric model, multidimensional rectilinear polygon, is constructed for the firewall rules compression problem.Second, we propose a new scheme, Firewall Policies Compression(FPC), to compress the multidimensional firewall rules based on this geometric model. Third, we conducted extensive experiments to evaluate the performance of the proposed method. The experimental results demonstrate that the FPC method outperforms the existing approaches, in terms of compression ratio and efficiency while maintaining conflict-free firewall rules.展开更多
In today’s world, computer networks form an essential part of any organization. They are used not only to communicate information amongst the various parties involved but also to process data and store critical infor...In today’s world, computer networks form an essential part of any organization. They are used not only to communicate information amongst the various parties involved but also to process data and store critical information which is accessible to approved subscribers. Protecting critical data, ensuring confidentiality, and thwarting illegal access are primary concerns for such organizations. This case study presents security recommendations for any such organization, to assist them in defining security policies at various levels of the network infrastructure.展开更多
With the increasing use of novel exploitation techniques in modern malicious software it can be argued that current intrusion detection and intrusion prevention systems are failing to keep pace. While some intrusion p...With the increasing use of novel exploitation techniques in modern malicious software it can be argued that current intrusion detection and intrusion prevention systems are failing to keep pace. While some intrusion prevention systems have the capability to detect evasion techniques they all fail to detect novel unknown exploitation techniques. Traditional proxy approaches have failed to protect the universe of discourse that a network enabled service can be engaged in as they view all information flows of the same type in a uniform manner. In this paper we propose a micro-proxy architecture that utilizes reverse engineering techniques to identify a valid universe of discourse for a network service. This valid universe of discourse is then applied to validate legitimate transactions to a service. Thus in effect, the micro proxy implements a default deny policy via the analysis of the application level discourse.展开更多
文摘The wide application of network technology in power systems brings not only convenience and flexibility but also security threats. An architecture of network security for power system was proposed in this study,which protected data and facilities from being attacked by outside users by means of firewall, security monitor and control system. Firewall was basically the first line of defense for the intranet; the security monitoring system was a kind of IDS (Intrusion Detection System), while security control system provided authentication, authorization,data-encrypted transmission and security management. This architecture provides various security services, such as identification, authentication, authorization, data integrity and confidentiality.
文摘In this paper we have present the architecture and module for internet firewall. The central component is fuzzy controller while properties of packets are fuzzified as inputs. On the basis of proposed fuzzy security algorithm, we have figured out security level of each packet and adjust according to packets dynamic states. Internet firewall can respond to these dynamics and take respective actions accordingly. Therefore, proactive firewall solves the conflict between speed and security by providing high performance and high security. Simulation shows that if the response value is in between 0.7 and 1 it belongs to high security.
文摘This paper rejuvenates the notion of conformance testing in order to assess the security of networks. It leverages the Testing and Test Control Notation Version 3 (TTCN-3) by applying it to a redefined notion of <i>System under Test</i> (<i>SUT</i>). Instead of testing, as it is classically done, a software/firmware/ hardware element, an intangible object, namely the network, is tested in order to infer some of its security properties. After a brief introduction of TTCN-3 and Titan, its compilation and execution environment, a couple of use cases are provided to illustrate the feasibility of the approach. The pros and cons of using TTCN-3 to implement a scalable and flexible network testing environment are discussed.
文摘This article analyzes the problem of computer network security, and design scheme of the network security system. The scheme uses advanced network security technologies, includes a complete set of physical isolation, desktop system security, virus protection, identity authentication, access control, information encryption, message integrity check, non-repudiation, security audit, intrusion detection, vulnerability scanning, electromagnetic leakage emission protection, security management and other security technology and management measures, the purpose is to establish a complete, multi-level three-dimensional, network security defense system.
文摘Along with the deepening of the reform and opening-up policy and the entering of the WTO,international exchange of economy and culture has become more and more frequent,Internet has become an indispensable part of our life,its rapid development brings great convenience to us,and all of the computers will be connected by Internet in the 21 century,thus the meaning of information security has changed substantially.It not only changes from a general guarding to a common defence,but from a specific field to a public subject as well.However,the opening and sharing of the Internet resource,unefficient supervision as well as various virus make people's information and belongings being in an extremely dangerous environment.The fight between hackers and anti-hackers,destruction and anti-destruction has already affected the stable running of the network and users' legal right,caused great economy damages and it could also threat our country's security.So a right understanding and in-time measures should be paid special attention to.The thesis firstly expatiates the current state of the network security and its importance,and discusses some major factors and threats that affect the network security.And the thesis also introduce some catalogues of the security techniques,some relevant information and their major characters,besides that,I enumerate some popular and effective methods of protecting our network,including the widely used firewall,and the meticulous techniques such as security scan techniques and techniques of intrusion detection.Lastly,some protective measures are stated.
基金supported by the National Natural Science Foundation of China(Nos.61672543 and 61402542)Research Foundation of the Education Department of Hunan Province(No.17B022)Hunan Provincial Innovation Foundation for Postgraduate(No.CX2014B081)
文摘Firewalls are crucial elements that enhance network security by examining the field values of every packet and deciding whether to accept or discard a packet according to the firewall policies. With the development of networks, the number of rules in firewalls has rapidly increased, consequently degrading network performance.In addition, because most real-life firewalls have been plagued with policy conflicts, malicious traffics can be allowed or legitimate traffics can be blocked. Moreover, because of the complexity of the firewall policies, it is very important to reduce the number of rules in a firewall while keeping the rule semantics unchanged and the target firewall rules conflict-free. In this study, we make three major contributions. First, we present a new approach in which a geometric model, multidimensional rectilinear polygon, is constructed for the firewall rules compression problem.Second, we propose a new scheme, Firewall Policies Compression(FPC), to compress the multidimensional firewall rules based on this geometric model. Third, we conducted extensive experiments to evaluate the performance of the proposed method. The experimental results demonstrate that the FPC method outperforms the existing approaches, in terms of compression ratio and efficiency while maintaining conflict-free firewall rules.
文摘In today’s world, computer networks form an essential part of any organization. They are used not only to communicate information amongst the various parties involved but also to process data and store critical information which is accessible to approved subscribers. Protecting critical data, ensuring confidentiality, and thwarting illegal access are primary concerns for such organizations. This case study presents security recommendations for any such organization, to assist them in defining security policies at various levels of the network infrastructure.
文摘With the increasing use of novel exploitation techniques in modern malicious software it can be argued that current intrusion detection and intrusion prevention systems are failing to keep pace. While some intrusion prevention systems have the capability to detect evasion techniques they all fail to detect novel unknown exploitation techniques. Traditional proxy approaches have failed to protect the universe of discourse that a network enabled service can be engaged in as they view all information flows of the same type in a uniform manner. In this paper we propose a micro-proxy architecture that utilizes reverse engineering techniques to identify a valid universe of discourse for a network service. This valid universe of discourse is then applied to validate legitimate transactions to a service. Thus in effect, the micro proxy implements a default deny policy via the analysis of the application level discourse.
