Research on the Construction of Computer Network Security System in Middle School Campus Network

In order to improve the security of high school campus networks,this paper introduces the goal,system composition,and function of the network security of high school campus networks,and puts forward a series of strategies,including the establishment of network security protection system,data backup and recovery mechanism,and strengthening network security management and training.Through these strategies,the safety and stable operation of the campus network can be ensured,the quality of education can be improved,and school’s development can be promoted.

System Architecture and Key Technologies of Network Security Situation Awareness System YHSAS

Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHSAS is developed for national backbone network,large network operators,large enterprises and other large-scale network.This paper describes its architecture and key technologies:Network Security Oriented Total Factor Information Collection and High-Dimensional Vector Space Analysis,Knowledge Representation and Management of Super Large-Scale Network Security,Multi-Level,Multi-Granularity and Multi-Dimensional Network Security Index Construction Method,Multi-Mode and Multi-Granularity Network Security Situation Prediction Technology,and so on.The performance tests show that YHSAS has high real-time performance and accuracy in security situation analysis and trend prediction.The system meets the demands of analysis and prediction for large-scale network security situation.

A Security Trade-Off Scheme of Anomaly Detection System in IoT to Defend against Data-Tampering Attacks

Internet of Things(IoT)is vulnerable to data-tampering(DT)attacks.Due to resource limitations,many anomaly detection systems(ADSs)for IoT have high false positive rates when detecting DT attacks.This leads to the misreporting of normal data,which will impact the normal operation of IoT.To mitigate the impact caused by the high false positive rate of ADS,this paper proposes an ADS management scheme for clustered IoT.First,we model the data transmission and anomaly detection in clustered IoT.Then,the operation strategy of the clustered IoT is formulated as the running probabilities of all ADSs deployed on every IoT device.In the presence of a high false positive rate in ADSs,to deal with the trade-off between the security and availability of data,we develop a linear programming model referred to as a security trade-off(ST)model.Next,we develop an analysis framework for the ST model,and solve the ST model on an IoT simulation platform.Last,we reveal the effect of some factors on the maximum combined detection rate through theoretical analysis.Simulations show that the ADS management scheme can mitigate the data unavailability loss caused by the high false positive rates in ADS.

Intelligent Immunity Based Security Defense System for Multi-Access Edge Computing Network

In this paper,the security problem for the multi-access edge computing(MEC)network is researched,and an intelligent immunity-based security defense system is proposed to identify the unauthorized mobile users and to protect the security of whole system.In the proposed security defense system,the security is protected by the intelligent immunity through three functions,identification function,learning function,and regulation function,respectively.Meanwhile,a three process-based intelligent algorithm is proposed for the intelligent immunity system.Numerical simulations are given to prove the effeteness of the proposed approach.

Study on Network Security Architecture for Power Systems

The wide application of network technology in power systems brings not only convenience and flexibility but also security threats. An architecture of network security for power system was proposed in this study,which protected data and facilities from being attacked by outside users by means of firewall, security monitor and control system. Firewall was basically the first line of defense for the intranet; the security monitoring system was a kind of IDS (Intrusion Detection System), while security control system provided authentication, authorization,data-encrypted transmission and security management. This architecture provides various security services, such as identification, authentication, authorization, data integrity and confidentiality.

Research on College Network Information Security Protection in the Digital Economy Era

In the era of the digital economy,the informatization degree of various industries is getting deeper and deeper,and network information security has also come into people’s eyes.Colleges and universities are in the position of training applied talents,because of the needs of teaching and education,as well as the requirements of teaching reform,the information construction of colleges and universities has been gradually improved,but the problem of network information security is also worth causing people to ponder.The low security of the network environment will cause college network information security leaks,and even hackers will attack the official website of the university and leak the personal information of teachers and students.To solve such problems,this paper studies the protection of college network information security against the background of the digital economy era.This paper first analyzes the significance of network information security protection,then points out the current and moral problems,and finally puts forward specific countermeasures,hoping to create a safe learning environment for teachers and students for reference.

Quality of Service and Security on Cisco Network Devices, Coupled with the Development of a Mobile Application Prototype Software for Server Room Temperature Monitoring

In an era where digital technology is paramount, higher education institutions like the University of Zambia (UNZA) are employing advanced computer networks to enhance their operational capacity and offer cutting-edge services to their academic fraternity. Spanning across the Great East Road campus, UNZA has established one of the most extensive computer networks in Zambia, serving a burgeoning community of over 20,000 active users through a Metropolitan Area Network (MAN). However, as the digital landscape continues to evolve, it is besieged with burgeoning challenges that threaten the very fabric of network integrity—cyber security threats and the imperatives of maintaining high Quality of Service (QoS). In an effort to mitigate these threats and ensure network efficiency, the development of a mobile application to monitor temperatures in the server room was imperative. According to L. Wei, X. Zeng, and T. Shen, the use of wireless sensory networks to monitor the temperature of train switchgear contact points represents a cost-effective solution. The system is based on wireless communication technology and is detailed in their paper, “A wireless solution for train switchgear contact temperature monitoring and alarming system based on wireless communication technology”, published in the International Journal of Communications, Network and System Sciences, vol. 8, no. 4, pp. 79-87, 2015 [1]. Therefore, in this study, a mobile application technology was explored for monitoring of temperatures in the server room in order to aid Cisco device performance. Additionally, this paper also explores the hardening of Cisco device security and QoS which are the cornerstones of this study.

Reform of the Course System of Network Security Theory and Technology for Foreign Students in China

Theory and technology of network security is the core course of information security major,however,it still faces many challenges in the education of foreign graduate students studying in China.This paper analyzes the status quo and existing problems in the course of theory and technology of network security for foreign graduate students studying in China,the most fundamental of which is that the existing teaching materials are difficult to meet the needs of foreign graduate students.In view of the problem,this paper discusses how to improve the existing teaching materials to adapt to the teaching needs for foreign students and puts forward some new ideas and reform measures.

Design and Implementation of an Open Network Security Management Platform

In order to manage all kinds of network security devices and software systems efficiently, and make them collaborate with each other, the model for an open network security management platform is presented. The feasibility and key implementing technology of the model are expatiated. A prototype system is implemented to validate it.

Intelligent Intrusion Detection System Model Using Rough Neural Network

A model of intelligent intrusion detection based on rough neural network (RNN), which combines the neural network and rough set, is presented. It works by capturing network packets to identify network intrusions or malicious attacks using RNN with sub-nets. The sub-net is constructed by detection-oriented signatures extracted using rough set theory to detect different intrusions. It is proved that RNN detection method has the merits of adaptive, high universality, high convergence speed, easy upgrading and management.

Towards an Artificial Immune System for Detecting Anomalies in Wireless Mesh Networks

This paper focuses on investigating immunological principles in designing a multi-agent security architecture for intrusion detection and response in wireless mesh networks.In this approach,the immunity-based agents monitor the situation in the network.These agents can take appropriate actions according to the underlying security policies.Specifically,their activities are coordinated in a hierarchical fashion while sensing,communicating,determining and generating responses.Such an agent can learn about and adapt to its environment dynamically and can detect both known and unknown intrusions.The proposed intrusion detection architecture is designed to be flexible,extendible,and adaptable so that it can perform real-time monitoring.This paper provides the conceptual view and a general framework of the proposed system.In the end,the architecture is illustrated by an example and by simulation to show it can prevent attacks efficiently.

Application-Transparent Live Migration for Virtual Machine on Network Security Enhanced Hypervisor

As the number of Virtual Machines(VMs) consolidated on single physical server increases with the rapid advance of server hardware,virtual network turns complex and frangible.Modern Network Security Engines(NSE) are introduced to eradicate the intrusions occurring in the virtual network.In this paper,we point out the inadequacy of the present live migration implementation,which hinders itself from providing transparent VM relocation between hypervisors equipped with Network Security Engines(NSE-H).This occurs because the current implementation ignores VM-related Security Context(SC) required by NSEs embedded in NSE-H.We present the CoM,a comprehensive live migration framework,for NSE-H-based virtualization computing environment.We built a prototype system on Xen hypervisors to evaluate our framework,and conduct experiments under various realistic application environments.The results demonstrate that our solution successfully fixes the inadequacy of the present live migration implementation,and the performance overhead is negligible.

Assessing the Risk Situation of Network Security for Active Defense

The risk situation assessment and forecast technique of network security is a basic method of active defense techniques. In order to assess the risk of network security two methods were used to define the index of risk and forecast index in time series, they were analytical hierarchy process （AHP） and support vector regression （SVR）. The module framework applied the methods above was also discussed. Experiment results showed the forecast values were so close to actual values and so it proved the approach is correct.

Security Risk Prevention and Control Deployment for 5G Private Industrial Networks

In this paper,we investigate and analyze the network security risks faced by 5G private industrial networks.Based on current network security architecture and 3GPP requirements and considering the actual application of 5G private industrial networks,a comparative analysis is used to plan and design a private network security construction scheme.The network security construction model,network organization,and key processes of 5G private industrial networks at the current stage are investigated.In addition,the key direction for the next stage of construction is discussed.

Network Security Incidents Frequency Prediction Based on Improved Genetic Algorithm and LSSVM

Since the frequency of network security incidents is nonlinear,traditional prediction methods such as ARMA,Gray systems are difficult to deal with the problem.When the size of sample is small,methods based on artificial neural network may not reach a high degree of preciseness.Least Squares Support Vector Machines (LSSVM) is a kind of machine learning methods based on the statistics learning theory,it can be applied to solve small sample and non-linear problems very well.This paper applied LSSVM to predict the occur frequency of network security incidents.To improve the accuracy,it used an improved genetic algorithm to optimize the parameters of LSSVM.Verified by real data sets,the improved genetic algorithm (IGA) converges faster than the simple genetic algorithm (SGA),and has a higher efficiency in the optimization procedure.Specially,the optimized LSSVM model worked very well on the prediction of frequency of network security incidents.

A network security situation prediction model based on wavelet neural network with optimized parameters

The security incidents ion networks are sudden and uncertain, it is very hard to precisely predict the network security situation by traditional methods. In order to improve the prediction accuracy of the network security situation, we build a network security situation prediction model based on Wavelet Neural Network （WNN） with optimized parameters by the Improved Niche Genetic Algorithm （INGA）. The proposed model adopts WNN which has strong nonlinear ability and fault-tolerance performance. Also, the parameters for WNN are optimized through the adaptive genetic algorithm （GA） so that WNN searches more effectively. Considering the problem that the adaptive GA converges slowly and easily turns to the premature problem, we introduce a novel niche technology with a dynamic fuzzy clustering and elimination mechanism to solve the premature convergence of the GA. Our final simulation results show that the proposed INGA-WNN prediction model is more reliable and effective, and it achieves faster convergence-speed and higher prediction accuracy than the Genetic Algorithm-Wavelet Neural Network （GA-WNN）. Genetic Algorithm-Back Propagation Neural Network （GA-BPNN） and WNN.

FPGA-Based Network Traffic Security: Design and Implementation Using C5.0 Decision Tree Classifier

In this work, a hardware intrusion detection system （IDS） model and its implementation are introduced to perform online real-time traffic monitoring and analysis. The introduced system gathers some advantages of many IDSs： hardware based from implementation point of view, network based from system type point of view, and anomaly detection from detection approach point of view. In addition, it can detect most of network attacks, such as denial of services （DOS）, leakage, etc. from detection behavior point of view and can detect both internal and external intruders from intruder type point of view. Gathering these features in one IDS system gives lots of strengths and advantages of the work. The system is implemented by using field programmable gate array （FPGA）, giving a more advantages to the system. A C5.0 decision tree classifier is used as inference engine to the system and gives a high detection ratio of 99.93%.

Key Management Using Certificate-Based Cryptosystem in Ad Hoc Networks

This paper proposed a distributed key management approach by using the recently developed concepts of certificate-based cryptosystem and threshold secret sharing schemes. Without any assumption of prefixed trust relationship between nodes, the ad hoc network works in a self-organizing way to provide the key generation and key management services using threshold secret sharing schemes, which effectively solves the problem of single point of failure. The proposed approach combines the best aspects of identity-based key management approaches (implicit certification) and traditional public key infrastructure approaches (no key escrow).

Security Model Research Based on Trusted Computing in Ad Hoc Network

With the rapid development of wireless networks,the Ad Hoc networks are widely used in many fields,but the current network security solutions for the Ad Hoc network are not competitive enough.So the critical technology of Ad Hoc network applications shall be how to implement the security scheme.Here the discussions are focused on the specific solution against the security threats which the Ad Hoc networks will face,the methodology of a management model which uses trusted computing technology to solve Ad Hoc network security problems,and the analysis and verification for the security of this model.

AN IMMUNITY-BASED SECURITY ARCHITECTURE FOR MOBILE AD HOC NETWORKS

This paper focuses on investigating immunological principles in designing a multi-agent security architecture for intrusion detection and response in mobile ad hoc networks. In this approach, the immunity-based agents monitor the situation in the network. These agents can take appropriate actions according to the underlying security policies. Specifically, their activities are coordinated in a hierarchical fashion while sensing, communicating, decision and generating responses. Such an agent can learn and adapt to its environment dynamically and can detect both known and unknown intrusions. The proposed intrusion detection architecture is designed to be flexible, extendible, and adaptable that can perform real-time monitoring. This paper provides the conceptual view and a general framework of the proposed system. In the end, the architecture is illustrated by an example to show it can prevent the attack efficiently.