Software Defined Network(SDN)and Network Function Virtualization(NFV)technology promote several benefits to network operators,including reduced maintenance costs,increased network operational performance,simplified ne...Software Defined Network(SDN)and Network Function Virtualization(NFV)technology promote several benefits to network operators,including reduced maintenance costs,increased network operational performance,simplified network lifecycle,and policies management.Network vulnerabilities try to modify services provided by Network Function Virtualization MANagement and Orchestration(NFV MANO),and malicious attacks in different scenarios disrupt the NFV Orchestrator(NFVO)and Virtualized Infrastructure Manager(VIM)lifecycle management related to network services or individual Virtualized Network Function(VNF).This paper proposes an anomaly detection mechanism that monitors threats in NFV MANO and manages promptly and adaptively to implement and handle security functions in order to enhance the quality of experience for end users.An anomaly detector investigates these identified risks and provides secure network services.It enables virtual network security functions and identifies anomalies in Kubernetes(a cloud-based platform).For training and testing purpose of the proposed approach,an intrusion-containing dataset is used that hold multiple malicious activities like a Smurf,Neptune,Teardrop,Pod,Land,IPsweep,etc.,categorized as Probing(Prob),Denial of Service(DoS),User to Root(U2R),and Remote to User(R2L)attacks.An anomaly detector is anticipated with the capabilities of a Machine Learning(ML)technique,making use of supervised learning techniques like Logistic Regression(LR),Support Vector Machine(SVM),Random Forest(RF),Naïve Bayes(NB),and Extreme Gradient Boosting(XGBoost).The proposed framework has been evaluated by deploying the identified ML algorithm on a Jupyter notebook in Kubeflow to simulate Kubernetes for validation purposes.RF classifier has shown better outcomes(99.90%accuracy)than other classifiers in detecting anomalies/intrusions in the containerized environment.展开更多
System-wide information management(SWIM)is a complex distributed information transfer and sharing system for the next generation of Air Transportation System(ATS).In response to the growing volume of civil aviation ai...System-wide information management(SWIM)is a complex distributed information transfer and sharing system for the next generation of Air Transportation System(ATS).In response to the growing volume of civil aviation air operations,users accessing different authentication domains in the SWIM system have problems with the validity,security,and privacy of SWIM-shared data.In order to solve these problems,this paper proposes a SWIM crossdomain authentication scheme based on a consistent hashing algorithm on consortium blockchain and designs a blockchain certificate format for SWIM cross-domain authentication.The scheme uses a consistent hash algorithm with virtual nodes in combination with a cluster of authentication centers in the SWIM consortium blockchain architecture to synchronize the user’s authentication mapping relationships between authentication domains.The virtual authentication nodes are mapped separately using different services provided by SWIM to guarantee the partitioning of the consistent hash ring on the consortium blockchain.According to the dynamic change of user’s authentication requests,the nodes of virtual service authentication can be added and deleted to realize the dynamic load balancing of cross-domain authentication of different services.Security analysis shows that this protocol can resist network attacks such as man-in-the-middle attacks,replay attacks,and Sybil attacks.Experiments show that this scheme can reduce the redundant authentication operations of identity information and solve the problems of traditional cross-domain authentication with single-point collapse,difficulty in expansion,and uneven load.At the same time,it has better security of information storage and can realize the cross-domain authentication requirements of SWIM users with low communication costs and system overhead.KEYWORDS System-wide information management(SWIM);consortium blockchain;consistent hash;cross-domain authentication;load balancing.展开更多
In the relentless quest for digital sovereignty, organizations face an unprecedented challenge in safeguarding sensitive information, protecting against cyber threats, and maintaining regulatory compliance. This manus...In the relentless quest for digital sovereignty, organizations face an unprecedented challenge in safeguarding sensitive information, protecting against cyber threats, and maintaining regulatory compliance. This manuscript unveils a revolutionary blueprint for cyber resilience, empowering organizations to transcend the limitations of traditional cybersecurity paradigms and forge ahead into uncharted territories of data security excellence and frictionless secrets management experience. Enter a new era of cybersecurity innovation and continued excellence. By seamlessly integrating secrets based on logical environments and applications (assets), dynamic secrets management orchestrates and automates the secrets lifecycle management with other platform cohesive integrations. Enterprises can enhance security, streamline operations, fasten development practices, avoid secrets sprawl, and improve overall compliance and DevSecOps practice. This enables the enterprises to enhance security, streamline operations, fasten development & deployment practices, avoid secrets spawls, and improve overall volume in shipping software with paved-road DevSecOps Practices, and improve developers’ productivity. By seamlessly integrating secrets based on logical environments and applications (assets), dynamic secrets management orchestrates and automates the application secrets lifecycle with other platform cohesive integrations. Organizations can enhance security, streamline operations, fasten development & deployment practices, avoid secrets sprawl, and improve overall volume in shipping software with paved-road DevSecOps practices. Most importantly, increases developer productivity.展开更多
在网络威胁呈爆发式增长的当下,随着业务模式数字化重塑与业务持续性增长,银行业面临因网络安全防线持续扩大所导致的安全设备冗杂、安全运营任务繁重、实战能力不足等问题.对银行业金融机构在安全运营中所面临的挑战进行分析,提出了融...在网络威胁呈爆发式增长的当下,随着业务模式数字化重塑与业务持续性增长,银行业面临因网络安全防线持续扩大所导致的安全设备冗杂、安全运营任务繁重、实战能力不足等问题.对银行业金融机构在安全运营中所面临的挑战进行分析,提出了融合平战一体化安全运营机制的银行业DAO(defence,ability and operation)数字化安全运营体系,重点研究纵深化防护基础、原子化能力中枢、数字化运营总台3层次架构,以及针对常态化、高强度、无间断防护目标的平战一体机制实施路径.展开更多
In the context of enterprise systems,intrusion detection(ID)emerges as a critical element driving the digital transformation of enterprises.With systems spanning various sectors of enterprises geographically dispersed...In the context of enterprise systems,intrusion detection(ID)emerges as a critical element driving the digital transformation of enterprises.With systems spanning various sectors of enterprises geographically dispersed,the necessity for seamless information exchange has surged significantly.The existing cross-domain solutions are challenged by such issues as insufficient security,high communication overhead,and a lack of effective update mechanisms,rendering them less feasible for prolonged application on resource-limited devices.This study proposes a new cross-domain collaboration scheme based on federated chains to streamline the server-side workload.Within this framework,individual nodes solely engage in training local data and subsequently amalgamate the final model employing a federated learning algorithm to uphold enterprise systems with efficiency and security.To curtail the resource utilization of blockchains and deter malicious nodes,a node administration module predicated on the workload paradigm is introduced,enabling the release of surplus resources in response to variations in a node’s contribution metric.Upon encountering an intrusion,the system triggers an alert and logs the characteristics of the breach,facilitating a comprehensive global update across all nodes for collective defense.Experimental results across multiple scenarios have verified the security and effectiveness of the proposed solution,with no loss of its recognition accuracy.展开更多
This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends t...This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].展开更多
Reliable identity management and authentication are significant for network security.In recent years,as traditional centralized identity management systems suffer from security and scalability problems,decentralized i...Reliable identity management and authentication are significant for network security.In recent years,as traditional centralized identity management systems suffer from security and scalability problems,decentralized identity management has received considerable attention in academia and industry.However,with the increasing sharing interaction among each domain,management and authentication of decentralized identity has raised higher requirements for cross-domain trust and faced implementation challenges galore.To solve these problems,we propose BIdM,a decentralized crossdomain identity management system based on blockchain.We design a decentralized identifier(DID)for naming identities based on the consortium blockchain technique.Since the identity subject fully controls the life cycle and ownership of the proposed DID,it can be signed and issued without a central authentication node’s intervention.Simultaneously,every node in the system can participate in identity authentication and trust establishment,thereby solving the centralized mechanism’s single point of failure problem.To further improve authentication efficiency and protect users’privacy,BIdM introduces a one-way accumulator as an identity data structure,which guarantees the validity of entity identity.We theoretically analyze the feasibility and performance of BIdM and conduct evaluations on a prototype implementation.The experimental results demonstrate that BIdM achieves excellent optimization on cross-domain authentication compared with existing identity management systems.展开更多
基金This work was funded by the Deanship of Scientific Research at Jouf University under Grant Number(DSR2022-RG-0102).
文摘Software Defined Network(SDN)and Network Function Virtualization(NFV)technology promote several benefits to network operators,including reduced maintenance costs,increased network operational performance,simplified network lifecycle,and policies management.Network vulnerabilities try to modify services provided by Network Function Virtualization MANagement and Orchestration(NFV MANO),and malicious attacks in different scenarios disrupt the NFV Orchestrator(NFVO)and Virtualized Infrastructure Manager(VIM)lifecycle management related to network services or individual Virtualized Network Function(VNF).This paper proposes an anomaly detection mechanism that monitors threats in NFV MANO and manages promptly and adaptively to implement and handle security functions in order to enhance the quality of experience for end users.An anomaly detector investigates these identified risks and provides secure network services.It enables virtual network security functions and identifies anomalies in Kubernetes(a cloud-based platform).For training and testing purpose of the proposed approach,an intrusion-containing dataset is used that hold multiple malicious activities like a Smurf,Neptune,Teardrop,Pod,Land,IPsweep,etc.,categorized as Probing(Prob),Denial of Service(DoS),User to Root(U2R),and Remote to User(R2L)attacks.An anomaly detector is anticipated with the capabilities of a Machine Learning(ML)technique,making use of supervised learning techniques like Logistic Regression(LR),Support Vector Machine(SVM),Random Forest(RF),Naïve Bayes(NB),and Extreme Gradient Boosting(XGBoost).The proposed framework has been evaluated by deploying the identified ML algorithm on a Jupyter notebook in Kubeflow to simulate Kubernetes for validation purposes.RF classifier has shown better outcomes(99.90%accuracy)than other classifiers in detecting anomalies/intrusions in the containerized environment.
基金funded by the National Natural Science Foundation of China(62172418)the Joint Funds of the National Natural Science Foundation of China and the Civil Aviation Administration of China(U2133203)+1 种基金the Education Commission Scientific Research Project of Tianjin China(2022KJ081)the Open Fund of Key Laboratory of Civil Aircraft Airworthiness Technology(SH2021111907).
文摘System-wide information management(SWIM)is a complex distributed information transfer and sharing system for the next generation of Air Transportation System(ATS).In response to the growing volume of civil aviation air operations,users accessing different authentication domains in the SWIM system have problems with the validity,security,and privacy of SWIM-shared data.In order to solve these problems,this paper proposes a SWIM crossdomain authentication scheme based on a consistent hashing algorithm on consortium blockchain and designs a blockchain certificate format for SWIM cross-domain authentication.The scheme uses a consistent hash algorithm with virtual nodes in combination with a cluster of authentication centers in the SWIM consortium blockchain architecture to synchronize the user’s authentication mapping relationships between authentication domains.The virtual authentication nodes are mapped separately using different services provided by SWIM to guarantee the partitioning of the consistent hash ring on the consortium blockchain.According to the dynamic change of user’s authentication requests,the nodes of virtual service authentication can be added and deleted to realize the dynamic load balancing of cross-domain authentication of different services.Security analysis shows that this protocol can resist network attacks such as man-in-the-middle attacks,replay attacks,and Sybil attacks.Experiments show that this scheme can reduce the redundant authentication operations of identity information and solve the problems of traditional cross-domain authentication with single-point collapse,difficulty in expansion,and uneven load.At the same time,it has better security of information storage and can realize the cross-domain authentication requirements of SWIM users with low communication costs and system overhead.KEYWORDS System-wide information management(SWIM);consortium blockchain;consistent hash;cross-domain authentication;load balancing.
文摘In the relentless quest for digital sovereignty, organizations face an unprecedented challenge in safeguarding sensitive information, protecting against cyber threats, and maintaining regulatory compliance. This manuscript unveils a revolutionary blueprint for cyber resilience, empowering organizations to transcend the limitations of traditional cybersecurity paradigms and forge ahead into uncharted territories of data security excellence and frictionless secrets management experience. Enter a new era of cybersecurity innovation and continued excellence. By seamlessly integrating secrets based on logical environments and applications (assets), dynamic secrets management orchestrates and automates the secrets lifecycle management with other platform cohesive integrations. Enterprises can enhance security, streamline operations, fasten development practices, avoid secrets sprawl, and improve overall compliance and DevSecOps practice. This enables the enterprises to enhance security, streamline operations, fasten development & deployment practices, avoid secrets spawls, and improve overall volume in shipping software with paved-road DevSecOps Practices, and improve developers’ productivity. By seamlessly integrating secrets based on logical environments and applications (assets), dynamic secrets management orchestrates and automates the application secrets lifecycle with other platform cohesive integrations. Organizations can enhance security, streamline operations, fasten development & deployment practices, avoid secrets sprawl, and improve overall volume in shipping software with paved-road DevSecOps practices. Most importantly, increases developer productivity.
文摘在网络威胁呈爆发式增长的当下,随着业务模式数字化重塑与业务持续性增长,银行业面临因网络安全防线持续扩大所导致的安全设备冗杂、安全运营任务繁重、实战能力不足等问题.对银行业金融机构在安全运营中所面临的挑战进行分析,提出了融合平战一体化安全运营机制的银行业DAO(defence,ability and operation)数字化安全运营体系,重点研究纵深化防护基础、原子化能力中枢、数字化运营总台3层次架构,以及针对常态化、高强度、无间断防护目标的平战一体机制实施路径.
基金supported by the Project of National Natural Science Foundation of China under the grant titled“Research on Intermittent Fault Diagnosis of New Interconnection Networks under Comparative Model”(Approval Number:61862003).
文摘In the context of enterprise systems,intrusion detection(ID)emerges as a critical element driving the digital transformation of enterprises.With systems spanning various sectors of enterprises geographically dispersed,the necessity for seamless information exchange has surged significantly.The existing cross-domain solutions are challenged by such issues as insufficient security,high communication overhead,and a lack of effective update mechanisms,rendering them less feasible for prolonged application on resource-limited devices.This study proposes a new cross-domain collaboration scheme based on federated chains to streamline the server-side workload.Within this framework,individual nodes solely engage in training local data and subsequently amalgamate the final model employing a federated learning algorithm to uphold enterprise systems with efficiency and security.To curtail the resource utilization of blockchains and deter malicious nodes,a node administration module predicated on the workload paradigm is introduced,enabling the release of surplus resources in response to variations in a node’s contribution metric.Upon encountering an intrusion,the system triggers an alert and logs the characteristics of the breach,facilitating a comprehensive global update across all nodes for collective defense.Experimental results across multiple scenarios have verified the security and effectiveness of the proposed solution,with no loss of its recognition accuracy.
文摘This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].
基金Key-Area Research and Development Program of Guangdong Province(2020B0101090003)National Natural Science Foundation of China(62072012)+2 种基金Shenzhen Research Project(JSGG20191129110603831)Shenzhen Key Laboratory Project(ZDSYS201802051831427)the project PCL Future Regional Network Facilities for Large Scale Experiments and Applications。
文摘Reliable identity management and authentication are significant for network security.In recent years,as traditional centralized identity management systems suffer from security and scalability problems,decentralized identity management has received considerable attention in academia and industry.However,with the increasing sharing interaction among each domain,management and authentication of decentralized identity has raised higher requirements for cross-domain trust and faced implementation challenges galore.To solve these problems,we propose BIdM,a decentralized crossdomain identity management system based on blockchain.We design a decentralized identifier(DID)for naming identities based on the consortium blockchain technique.Since the identity subject fully controls the life cycle and ownership of the proposed DID,it can be signed and issued without a central authentication node’s intervention.Simultaneously,every node in the system can participate in identity authentication and trust establishment,thereby solving the centralized mechanism’s single point of failure problem.To further improve authentication efficiency and protect users’privacy,BIdM introduces a one-way accumulator as an identity data structure,which guarantees the validity of entity identity.We theoretically analyze the feasibility and performance of BIdM and conduct evaluations on a prototype implementation.The experimental results demonstrate that BIdM achieves excellent optimization on cross-domain authentication compared with existing identity management systems.
