Network traffic identification is critical for maintaining network security and further meeting various demands of network applications.However,network traffic data typically possesses high dimensionality and complexi...Network traffic identification is critical for maintaining network security and further meeting various demands of network applications.However,network traffic data typically possesses high dimensionality and complexity,leading to practical problems in traffic identification data analytics.Since the original Dung Beetle Optimizer(DBO)algorithm,Grey Wolf Optimization(GWO)algorithm,Whale Optimization Algorithm(WOA),and Particle Swarm Optimization(PSO)algorithm have the shortcomings of slow convergence and easily fall into the local optimal solution,an Improved Dung Beetle Optimizer(IDBO)algorithm is proposed for network traffic identification.Firstly,the Sobol sequence is utilized to initialize the dung beetle population,laying the foundation for finding the global optimal solution.Next,an integration of levy flight and golden sine strategy is suggested to give dung beetles a greater probability of exploring unvisited areas,escaping from the local optimal solution,and converging more effectively towards a global optimal solution.Finally,an adaptive weight factor is utilized to enhance the search capabilities of the original DBO algorithm and accelerate convergence.With the improvements above,the proposed IDBO algorithm is then applied to traffic identification data analytics and feature selection,as so to find the optimal subset for K-Nearest Neighbor(KNN)classification.The simulation experiments use the CICIDS2017 dataset to verify the effectiveness of the proposed IDBO algorithm and compare it with the original DBO,GWO,WOA,and PSO algorithms.The experimental results show that,compared with other algorithms,the accuracy and recall are improved by 1.53%and 0.88%in binary classification,and the Distributed Denial of Service(DDoS)class identification is the most effective in multi-classification,with an improvement of 5.80%and 0.33%for accuracy and recall,respectively.Therefore,the proposed IDBO algorithm is effective in increasing the efficiency of traffic identification and solving the problem of the original DBO algorithm that converges slowly and falls into the local optimal solution when dealing with high-dimensional data analytics and feature selection for network traffic identification.展开更多
Identification of security risk factors for small reservoirs is the basis for implementation of early warning systems.The manner of identification of the factors for small reservoirs is of practical significance when ...Identification of security risk factors for small reservoirs is the basis for implementation of early warning systems.The manner of identification of the factors for small reservoirs is of practical significance when data are incomplete.The existing grey relational models have some disadvantages in measuring the correlation between categorical data sequences.To this end,this paper introduces a new grey relational model to analyze heterogeneous data.In this study,a set of security risk factors for small reservoirs was first constructed based on theoretical analysis,and heterogeneous data of these factors were recorded as sequences.The sequences were regarded as random variables,and the information entropy and conditional entropy between sequences were measured to analyze the relational degree between risk factors.Then,a new grey relational analysis model for heterogeneous data was constructed,and a comprehensive security risk factor identification method was developed.A case study of small reservoirs in Guangxi Zhuang Autonomous Region in China shows that the model constructed in this study is applicable to security risk factor identification for small reservoirs with heterogeneous and sparse data.展开更多
Identification and resolution system of the industrial Internet is the“neural hub”of the industrial Internet for coordination.Catastrophic damage to the whole industrial Internet industry ecology may be caused if th...Identification and resolution system of the industrial Internet is the“neural hub”of the industrial Internet for coordination.Catastrophic damage to the whole industrial Internet industry ecology may be caused if the identification and resolution system is attacked.Moreover,it may become a threat to national security.Therefore,security plays an important role in identification and resolution system of the industrial Internet.In this paper,an innovative security risk analysis model is proposed for the first time,which can help control risks from the root at the initial stage of industrial Internet construction,provide guidance for related enterprises in the early design stage of identification and resolution system of the industrial Internet,and promote the healthy and sustainable development of the industrial identification and resolution system.展开更多
This study presents a radio frequency(RF)fingerprint identification method combining a convolutional neural network(CNN)and gated recurrent unit(GRU)network to identify measurement and control signals.The proposed alg...This study presents a radio frequency(RF)fingerprint identification method combining a convolutional neural network(CNN)and gated recurrent unit(GRU)network to identify measurement and control signals.The proposed algorithm(CNN-GRU)uses a convolutional layer to extract the IQ-related learning timing features.A GRU network extracts timing features at a deeper level before outputting the final identification results.The number of parameters and the algorithm’s complexity are reduced by optimizing the convolutional layer structure and replacing multiple fully-connected layers with gated cyclic units.Simulation experiments show that the algorithm achieves an average identification accuracy of 84.74% at a -10 dB to 20 dB signal-to-noise ratio(SNR)with fewer parameters and less computation than a network model with the same identification rate in a software radio dataset containing multiple USRP X310s from the same manufacturer,with fewer parameters and less computation than a network model with the same identification rate.The algorithm is used to identify measurement and control signals and ensure the security of the measurement and control link with theoretical and engineering applications.展开更多
As the scale of the power system continues to expand,the environment for power operations becomes more and more complex.Existing risk management and control methods for power operations can only set the same risk dete...As the scale of the power system continues to expand,the environment for power operations becomes more and more complex.Existing risk management and control methods for power operations can only set the same risk detection standard and conduct the risk detection for any scenario indiscriminately.Therefore,more reliable and accurate security control methods are urgently needed.In order to improve the accuracy and reliability of the operation risk management and control method,this paper proposes a method for identifying the key links in the whole process of electric power operation based on the spatiotemporal hybrid convolutional neural network.To provide early warning and control of targeted risks,first,the video stream is framed adaptively according to the pixel changes in the video stream.Then,the optimized MobileNet is used to extract the feature map of the video stream,which contains both time-series and static spatial scene information.The feature maps are combined and non-linearly mapped to realize the identification of dynamic operating scenes.Finally,training samples and test samples are produced by using the whole process image of a power company in Xinjiang as a case study,and the proposed algorithm is compared with the unimproved MobileNet.The experimental results demonstrated that the method proposed in this paper can accurately identify the type and start and end time of each operation link in the whole process of electric power operation,and has good real-time performance.The average accuracy of the algorithm can reach 87.8%,and the frame rate is 61 frames/s,which is of great significance for improving the reliability and accuracy of security control methods.展开更多
Unquestionably, communicating entities (object, or things) in the Internet of Things (IoT) context are playing an active role in human activities, systems and processes. The high connectivity of intelligent object...Unquestionably, communicating entities (object, or things) in the Internet of Things (IoT) context are playing an active role in human activities, systems and processes. The high connectivity of intelligent objects and their severe constraints lead to many security challenges, which are not included in the classical formulation of security problems and solutions. The Security Shield for IoT has been identified by DARPA (Defense Advanced Research Projects Agency) as one of the four projects with a potential impact broader than the Internet itself. To help interested researchers contribute to this research area, an overview of the loT security roadmap overview is presented in this paper based on a novel cognitive and systemic approach. The role of each component of the approach is explained, we also study its interactions with the other main components, and their impact on the overall. A case study is presented to highlight the components and interactions of the systemic and cognitive approach. Then, security questions about privacy, trust, identification, and access control are discussed. According to the novel taxonomy of the loT framework, different research challenges are highlighted, important solutions and research activities are revealed, and interesting research directions are proposed. In addition, current stan dardization activities are surveyed and discussed to the ensure the security of loT components and applications.展开更多
By analyzing existed Internet of Things' system security vulnerabilities, a security architecture on trusting one is constructed. In the infrastructure, an off-line identity authentication based on the combined publi...By analyzing existed Internet of Things' system security vulnerabilities, a security architecture on trusting one is constructed. In the infrastructure, an off-line identity authentication based on the combined public key (CPK) mechanism is proposed, which solves the problems about a mass amount of authentications and the cross-domain authentication by integrating nodes' validity of identity authentication and uniqueness of identification. Moreover, the proposal of constructing nodes' authentic identification, valid authentication and credible communication connection at the application layer through the perception layer impels the formation of trust chain and relationship among perceptional nodes. Consequently, a trusting environment of the Internet of Things is built, by which a guidance of designing the trusted one would be provided.展开更多
To address security and privacy issues in radio frequency identification (RFID) traceability networks, a multi-layer privacy and security framework is proposed, which includes four facets: a security model, a communic...To address security and privacy issues in radio frequency identification (RFID) traceability networks, a multi-layer privacy and security framework is proposed, which includes four facets: a security model, a communication protocol, access permission and privacy preservation. According to the security requirements that are needed in an RFID system, a security model that incorporates security requirements that include privacy of tag data, privacy of ownership, and availability of tag identity is introduced. Using this model, a secure communication protocol that can be used for anti-counterfeiting, automatic identification and privacy preservation is then developed. In order to manage the number of parties, data records of items, and complicated transitions of access permissions in an item-level traceability context, a well-designed access control protocol is proposed to parties that can prove the physical possession of an item;meanwhile, to address the privacy issues during data sharing in an RFID network, a vision of database systems that take responsibility for the privacy of the data they manage is also presented.展开更多
Malicious attacks can be launched by misusing the network address translation technique as a camouflage.To mitigate such threats,network address translation identification is investigated to identify network address t...Malicious attacks can be launched by misusing the network address translation technique as a camouflage.To mitigate such threats,network address translation identification is investigated to identify network address translation devices and detect abnormal behaviors.However,existingmethods in this field are mainly developed for relatively small-scale networks and work in an offline manner,which cannot adapt to the real-time inference requirements in high-speed network scenarios.In this paper,we propose a flexible and efficient network address translation identification scheme based on actively measuring the distance of a round trip to a target with decremental time-tolive values.The basic intuition is that the incoming and outgoing traffic froma network address translation device usually experiences the different number of hops,which can be discovered by probing with dedicated time-to-live values.We explore a joint effort of parallel transmission,stateless probes,and flexible measuring reuse to accommodate the efficiency of the measuring process.We further accelerate statistical countingwith a new sublinear space data structure Bi-sketch.We implement a prototype and conduct real-world deployments with 1000 volunteers in 31 Chinese provinces,which is believed to bring insight for ground truth collection in this field.Experiments onmulti-sources datasets show that our proposal can achieve as high precision and recall as 95%with a traffic handling throughput of over 106 pps.展开更多
Ubiquitous computing systems typically have lots of security problems in the area of identification supply by means of classical Public Key Infrastructure (PKI) methods. The limited computing resources, the disconne...Ubiquitous computing systems typically have lots of security problems in the area of identification supply by means of classical Public Key Infrastructure (PKI) methods. The limited computing resources, the disconnection network, the classification requirements of identification, the requirement of trust transfer and cross identification, the bidirectional identification, the security delegation and the privacy protection etc are all these unsolved problems. In this paper, UCIMssp, a new novel ubiquitous computing identification mechanism based on SPKI/SDSI and Peer-to-Peer (P2P) is presented. SPKI- based authorization is exploited in UCIMssp to solve the above problems in the smalbscale ubiquitous computing environment. The DHT and flooding technology of P2P overlay network over the Intemet is expanded to solve the routing search in the large-scale ubiquitous computing environment. The architecture of ubiquitous computing environment, the validation of identification requisition, the identification authorization processes and the identification supply processes etc of UCIMssp are described in the paper. The performance analysis shows that UCIMssp is a suitable security solution used in the large-scale ubiquitous computing environment.展开更多
The frequent explosion of Internet worms has been one of the most serious problems in cyberspace security. In this paper, by analyzing the worm's propagation model, we propose a new worm warning system based on the m...The frequent explosion of Internet worms has been one of the most serious problems in cyberspace security. In this paper, by analyzing the worm's propagation model, we propose a new worm warning system based on the method of system identification, and use recursive least squares algorithm to estimate the worm's infection rate. The simulation result shows the method we adopted is an efficient way to conduct Internet worm warning.展开更多
Background: Taxicab drivers have high homicide rates compared to all worker occupations. To help taxi fleets select effective taxicab security cameras, this project tested eight sample taxicab security cameras for det...Background: Taxicab drivers have high homicide rates compared to all worker occupations. To help taxi fleets select effective taxicab security cameras, this project tested eight sample taxicab security cameras for determining their photographic quality which correlated to the effectiveness of in-taxicab facial identification. Methods: Five photographic quality metric thresholds: 1) resolution, 2) highlight dynamic range, 3) shadow dynamic range, 4) lens distortion, and 5) shutter speed, were employed to evaluate the photographic quality of the sample cameras. Waterproof tests and fire-resistive tests on recording memory cards were conducted to determine the memory card survivability in water and simulated fire. Results: The Full-HD (1920 × 1080 pixels), HD (1280 × 720 pixels) and dual-lens VGA (2 × 640 × 480 pixels with wide-angle and telephoto lenses) cameras performed well in resolution tests in daylight conditions. The resolution of a single-lens VGA (640 × 480 pixels) camera did not meet the resolution minimum requirements. All of the recording memory cards passed the five-meter/72-hour waterproof test. A fire resistant chamber made with one fire insulation material could protect a single memory card at 538°C/1000°F for a five-minute simulated fire test. Conclusions: Single-lens VGA-resolution (640 × 480 pixels) cameras are not suggested for use as security cameras in taxicabs with two or more rows of seats. The recording memory cards can survive 5-meter/72-hour waterproof tests. The memory card chamber built with an existing heat insulation material can protect an individual memory card during 538°C?(1000°F)/5-minute fire resistance oven-test.展开更多
Design an Automatic Door System using a unique wireless ID by using infrared ray or Bluetooth technology. That consists of a sensing unit, control unit and drive unit to open and close doors at the entrance of a car t...Design an Automatic Door System using a unique wireless ID by using infrared ray or Bluetooth technology. That consists of a sensing unit, control unit and drive unit to open and close doors at the entrance of a car that has the unique ID. This process is controlled by using Arduino Leonard programmed with IDE free open source software, that receives the signal code from the car which sends the ID through IR LED or Bluetooth by using a mobile application, decode it. And switch ON the driver that controls the DC motor. This system was designed considering some factors such as low cost and low power requirements, availability of components and low distance so there is no interference. The hardware design and software development are described, and all of the tests indicate that all component goes according to the initial design of this research.展开更多
为了辨识油气智慧管道系统中存在的信息安全风险,通过基于系统论事故分析模型(systems-theoretic accident modeling and process,STAMP)的方法,对油气智慧管道系统的信息物理安全进行全面评估与分析。首先,系统综合分析了油气智慧管道...为了辨识油气智慧管道系统中存在的信息安全风险,通过基于系统论事故分析模型(systems-theoretic accident modeling and process,STAMP)的方法,对油气智慧管道系统的信息物理安全进行全面评估与分析。首先,系统综合分析了油气智慧管道涉及的设备、设施、工艺、元件,评估其安全性。其次,通过建立STAMP模型,深入分析了各层级、元件之间的反馈信息与控制动作,形成了明确的控制反馈回路,突显了元件之间的关联与控制关系。在此基础上,系统辨识出了潜在的信息风险因素,推导并构建了可能发生的系统失效场景。以天然气输气首站油气智慧管道系统为例,研究验证了基于STAMP模型的可行性和有效性。结果显示,该方法不仅直观地描述了元件之间的关联与控制关系,而且从物理层功能安全的角度全面考虑了信息风险,特别凸显了过程控制系统(process control systems,PCS)及易受攻击的操作员站。与传统方法相比,本研究所提出的方法将信息物理安全风险因素的识别率提升至80%以上,提高了40%以上,有助于避免不必要的安全措施冗余设计,提高了安全风险管控的准确性。展开更多
基金supported by the National Natural Science Foundation of China under Grant 61602162the Hubei Provincial Science and Technology Plan Project under Grant 2023BCB041.
文摘Network traffic identification is critical for maintaining network security and further meeting various demands of network applications.However,network traffic data typically possesses high dimensionality and complexity,leading to practical problems in traffic identification data analytics.Since the original Dung Beetle Optimizer(DBO)algorithm,Grey Wolf Optimization(GWO)algorithm,Whale Optimization Algorithm(WOA),and Particle Swarm Optimization(PSO)algorithm have the shortcomings of slow convergence and easily fall into the local optimal solution,an Improved Dung Beetle Optimizer(IDBO)algorithm is proposed for network traffic identification.Firstly,the Sobol sequence is utilized to initialize the dung beetle population,laying the foundation for finding the global optimal solution.Next,an integration of levy flight and golden sine strategy is suggested to give dung beetles a greater probability of exploring unvisited areas,escaping from the local optimal solution,and converging more effectively towards a global optimal solution.Finally,an adaptive weight factor is utilized to enhance the search capabilities of the original DBO algorithm and accelerate convergence.With the improvements above,the proposed IDBO algorithm is then applied to traffic identification data analytics and feature selection,as so to find the optimal subset for K-Nearest Neighbor(KNN)classification.The simulation experiments use the CICIDS2017 dataset to verify the effectiveness of the proposed IDBO algorithm and compare it with the original DBO,GWO,WOA,and PSO algorithms.The experimental results show that,compared with other algorithms,the accuracy and recall are improved by 1.53%and 0.88%in binary classification,and the Distributed Denial of Service(DDoS)class identification is the most effective in multi-classification,with an improvement of 5.80%and 0.33%for accuracy and recall,respectively.Therefore,the proposed IDBO algorithm is effective in increasing the efficiency of traffic identification and solving the problem of the original DBO algorithm that converges slowly and falls into the local optimal solution when dealing with high-dimensional data analytics and feature selection for network traffic identification.
基金supported by the National Nature Science Foundation of China(Grant No.71401052)the National Social Science Foundation of China(Grant No.17BGL156)the Key Project of the National Social Science Foundation of China(Grant No.14AZD024)
文摘Identification of security risk factors for small reservoirs is the basis for implementation of early warning systems.The manner of identification of the factors for small reservoirs is of practical significance when data are incomplete.The existing grey relational models have some disadvantages in measuring the correlation between categorical data sequences.To this end,this paper introduces a new grey relational model to analyze heterogeneous data.In this study,a set of security risk factors for small reservoirs was first constructed based on theoretical analysis,and heterogeneous data of these factors were recorded as sequences.The sequences were regarded as random variables,and the information entropy and conditional entropy between sequences were measured to analyze the relational degree between risk factors.Then,a new grey relational analysis model for heterogeneous data was constructed,and a comprehensive security risk factor identification method was developed.A case study of small reservoirs in Guangxi Zhuang Autonomous Region in China shows that the model constructed in this study is applicable to security risk factor identification for small reservoirs with heterogeneous and sparse data.
基金supported by the 2018 Industrial Internet Innovation and Development Project--Industrial Internet Identification Resolution System National Top-Level Node Construction Project (Phase Ⅰ)
文摘Identification and resolution system of the industrial Internet is the“neural hub”of the industrial Internet for coordination.Catastrophic damage to the whole industrial Internet industry ecology may be caused if the identification and resolution system is attacked.Moreover,it may become a threat to national security.Therefore,security plays an important role in identification and resolution system of the industrial Internet.In this paper,an innovative security risk analysis model is proposed for the first time,which can help control risks from the root at the initial stage of industrial Internet construction,provide guidance for related enterprises in the early design stage of identification and resolution system of the industrial Internet,and promote the healthy and sustainable development of the industrial identification and resolution system.
基金supported by the National Natural Science Foundation of China(No.62027801).
文摘This study presents a radio frequency(RF)fingerprint identification method combining a convolutional neural network(CNN)and gated recurrent unit(GRU)network to identify measurement and control signals.The proposed algorithm(CNN-GRU)uses a convolutional layer to extract the IQ-related learning timing features.A GRU network extracts timing features at a deeper level before outputting the final identification results.The number of parameters and the algorithm’s complexity are reduced by optimizing the convolutional layer structure and replacing multiple fully-connected layers with gated cyclic units.Simulation experiments show that the algorithm achieves an average identification accuracy of 84.74% at a -10 dB to 20 dB signal-to-noise ratio(SNR)with fewer parameters and less computation than a network model with the same identification rate in a software radio dataset containing multiple USRP X310s from the same manufacturer,with fewer parameters and less computation than a network model with the same identification rate.The algorithm is used to identify measurement and control signals and ensure the security of the measurement and control link with theoretical and engineering applications.
基金This paper is supported by the Science and technology projects of Yunnan Province(Grant No.202202AD080004).
文摘As the scale of the power system continues to expand,the environment for power operations becomes more and more complex.Existing risk management and control methods for power operations can only set the same risk detection standard and conduct the risk detection for any scenario indiscriminately.Therefore,more reliable and accurate security control methods are urgently needed.In order to improve the accuracy and reliability of the operation risk management and control method,this paper proposes a method for identifying the key links in the whole process of electric power operation based on the spatiotemporal hybrid convolutional neural network.To provide early warning and control of targeted risks,first,the video stream is framed adaptively according to the pixel changes in the video stream.Then,the optimized MobileNet is used to extract the feature map of the video stream,which contains both time-series and static spatial scene information.The feature maps are combined and non-linearly mapped to realize the identification of dynamic operating scenes.Finally,training samples and test samples are produced by using the whole process image of a power company in Xinjiang as a case study,and the proposed algorithm is compared with the unimproved MobileNet.The experimental results demonstrated that the method proposed in this paper can accurately identify the type and start and end time of each operation link in the whole process of electric power operation,and has good real-time performance.The average accuracy of the algorithm can reach 87.8%,and the frame rate is 61 frames/s,which is of great significance for improving the reliability and accuracy of security control methods.
文摘Unquestionably, communicating entities (object, or things) in the Internet of Things (IoT) context are playing an active role in human activities, systems and processes. The high connectivity of intelligent objects and their severe constraints lead to many security challenges, which are not included in the classical formulation of security problems and solutions. The Security Shield for IoT has been identified by DARPA (Defense Advanced Research Projects Agency) as one of the four projects with a potential impact broader than the Internet itself. To help interested researchers contribute to this research area, an overview of the loT security roadmap overview is presented in this paper based on a novel cognitive and systemic approach. The role of each component of the approach is explained, we also study its interactions with the other main components, and their impact on the overall. A case study is presented to highlight the components and interactions of the systemic and cognitive approach. Then, security questions about privacy, trust, identification, and access control are discussed. According to the novel taxonomy of the loT framework, different research challenges are highlighted, important solutions and research activities are revealed, and interesting research directions are proposed. In addition, current stan dardization activities are surveyed and discussed to the ensure the security of loT components and applications.
基金supported by the 863 Program under Grant No. 2008AA04A107
文摘By analyzing existed Internet of Things' system security vulnerabilities, a security architecture on trusting one is constructed. In the infrastructure, an off-line identity authentication based on the combined public key (CPK) mechanism is proposed, which solves the problems about a mass amount of authentications and the cross-domain authentication by integrating nodes' validity of identity authentication and uniqueness of identification. Moreover, the proposal of constructing nodes' authentic identification, valid authentication and credible communication connection at the application layer through the perception layer impels the formation of trust chain and relationship among perceptional nodes. Consequently, a trusting environment of the Internet of Things is built, by which a guidance of designing the trusted one would be provided.
基金Program for New Century Excellent Talents in University of Fujian Province (No.X04139)
文摘To address security and privacy issues in radio frequency identification (RFID) traceability networks, a multi-layer privacy and security framework is proposed, which includes four facets: a security model, a communication protocol, access permission and privacy preservation. According to the security requirements that are needed in an RFID system, a security model that incorporates security requirements that include privacy of tag data, privacy of ownership, and availability of tag identity is introduced. Using this model, a secure communication protocol that can be used for anti-counterfeiting, automatic identification and privacy preservation is then developed. In order to manage the number of parties, data records of items, and complicated transitions of access permissions in an item-level traceability context, a well-designed access control protocol is proposed to parties that can prove the physical possession of an item;meanwhile, to address the privacy issues during data sharing in an RFID network, a vision of database systems that take responsibility for the privacy of the data they manage is also presented.
基金The work is supported by the National Key Research and Development Program of China(2018YFB1800202)the NUDT Research Grants(No.ZK19-38).
文摘Malicious attacks can be launched by misusing the network address translation technique as a camouflage.To mitigate such threats,network address translation identification is investigated to identify network address translation devices and detect abnormal behaviors.However,existingmethods in this field are mainly developed for relatively small-scale networks and work in an offline manner,which cannot adapt to the real-time inference requirements in high-speed network scenarios.In this paper,we propose a flexible and efficient network address translation identification scheme based on actively measuring the distance of a round trip to a target with decremental time-tolive values.The basic intuition is that the incoming and outgoing traffic froma network address translation device usually experiences the different number of hops,which can be discovered by probing with dedicated time-to-live values.We explore a joint effort of parallel transmission,stateless probes,and flexible measuring reuse to accommodate the efficiency of the measuring process.We further accelerate statistical countingwith a new sublinear space data structure Bi-sketch.We implement a prototype and conduct real-world deployments with 1000 volunteers in 31 Chinese provinces,which is believed to bring insight for ground truth collection in this field.Experiments onmulti-sources datasets show that our proposal can achieve as high precision and recall as 95%with a traffic handling throughput of over 106 pps.
基金Supported by the Ministry of Educationin China(No.104086)
文摘Ubiquitous computing systems typically have lots of security problems in the area of identification supply by means of classical Public Key Infrastructure (PKI) methods. The limited computing resources, the disconnection network, the classification requirements of identification, the requirement of trust transfer and cross identification, the bidirectional identification, the security delegation and the privacy protection etc are all these unsolved problems. In this paper, UCIMssp, a new novel ubiquitous computing identification mechanism based on SPKI/SDSI and Peer-to-Peer (P2P) is presented. SPKI- based authorization is exploited in UCIMssp to solve the above problems in the smalbscale ubiquitous computing environment. The DHT and flooding technology of P2P overlay network over the Intemet is expanded to solve the routing search in the large-scale ubiquitous computing environment. The architecture of ubiquitous computing environment, the validation of identification requisition, the identification authorization processes and the identification supply processes etc of UCIMssp are described in the paper. The performance analysis shows that UCIMssp is a suitable security solution used in the large-scale ubiquitous computing environment.
文摘The frequent explosion of Internet worms has been one of the most serious problems in cyberspace security. In this paper, by analyzing the worm's propagation model, we propose a new worm warning system based on the method of system identification, and use recursive least squares algorithm to estimate the worm's infection rate. The simulation result shows the method we adopted is an efficient way to conduct Internet worm warning.
文摘Background: Taxicab drivers have high homicide rates compared to all worker occupations. To help taxi fleets select effective taxicab security cameras, this project tested eight sample taxicab security cameras for determining their photographic quality which correlated to the effectiveness of in-taxicab facial identification. Methods: Five photographic quality metric thresholds: 1) resolution, 2) highlight dynamic range, 3) shadow dynamic range, 4) lens distortion, and 5) shutter speed, were employed to evaluate the photographic quality of the sample cameras. Waterproof tests and fire-resistive tests on recording memory cards were conducted to determine the memory card survivability in water and simulated fire. Results: The Full-HD (1920 × 1080 pixels), HD (1280 × 720 pixels) and dual-lens VGA (2 × 640 × 480 pixels with wide-angle and telephoto lenses) cameras performed well in resolution tests in daylight conditions. The resolution of a single-lens VGA (640 × 480 pixels) camera did not meet the resolution minimum requirements. All of the recording memory cards passed the five-meter/72-hour waterproof test. A fire resistant chamber made with one fire insulation material could protect a single memory card at 538°C/1000°F for a five-minute simulated fire test. Conclusions: Single-lens VGA-resolution (640 × 480 pixels) cameras are not suggested for use as security cameras in taxicabs with two or more rows of seats. The recording memory cards can survive 5-meter/72-hour waterproof tests. The memory card chamber built with an existing heat insulation material can protect an individual memory card during 538°C?(1000°F)/5-minute fire resistance oven-test.
文摘Design an Automatic Door System using a unique wireless ID by using infrared ray or Bluetooth technology. That consists of a sensing unit, control unit and drive unit to open and close doors at the entrance of a car that has the unique ID. This process is controlled by using Arduino Leonard programmed with IDE free open source software, that receives the signal code from the car which sends the ID through IR LED or Bluetooth by using a mobile application, decode it. And switch ON the driver that controls the DC motor. This system was designed considering some factors such as low cost and low power requirements, availability of components and low distance so there is no interference. The hardware design and software development are described, and all of the tests indicate that all component goes according to the initial design of this research.
文摘为了辨识油气智慧管道系统中存在的信息安全风险,通过基于系统论事故分析模型(systems-theoretic accident modeling and process,STAMP)的方法,对油气智慧管道系统的信息物理安全进行全面评估与分析。首先,系统综合分析了油气智慧管道涉及的设备、设施、工艺、元件,评估其安全性。其次,通过建立STAMP模型,深入分析了各层级、元件之间的反馈信息与控制动作,形成了明确的控制反馈回路,突显了元件之间的关联与控制关系。在此基础上,系统辨识出了潜在的信息风险因素,推导并构建了可能发生的系统失效场景。以天然气输气首站油气智慧管道系统为例,研究验证了基于STAMP模型的可行性和有效性。结果显示,该方法不仅直观地描述了元件之间的关联与控制关系,而且从物理层功能安全的角度全面考虑了信息风险,特别凸显了过程控制系统(process control systems,PCS)及易受攻击的操作员站。与传统方法相比,本研究所提出的方法将信息物理安全风险因素的识别率提升至80%以上,提高了40%以上,有助于避免不必要的安全措施冗余设计,提高了安全风险管控的准确性。
