Malicious attacks against data are unavoidable in the interconnected,open and shared Energy Internet(EI),Intrusion tolerant techniques are critical to the data security of EI.Existing intrusion tolerant techniques suf...Malicious attacks against data are unavoidable in the interconnected,open and shared Energy Internet(EI),Intrusion tolerant techniques are critical to the data security of EI.Existing intrusion tolerant techniques suffered from problems such as low adaptability,policy lag,and difficulty in determining the degree of tolerance.To address these issues,we propose a novel adaptive intrusion tolerance model based on game theory that enjoys two-fold ideas:(1)it constructs an improved replica of the intrusion tolerance model of the dynamic equation evolution game to induce incentive weights;and (2)it combines a tournament competition model with incentive weights to obtain optimal strategies for each stage of the game process.Extensive experiments are conducted in the IEEE 39-bus system,whose results demonstrate the feasibility of the incentive weights,confirm the proposed strategy strengthens the system’s ability to tolerate aggression,and improves the dynamic adaptability and response efficiency of the aggression-tolerant system in the case of limited resources.展开更多
In this paper, we describe and analyze the hypothesis about intrusiontolerance software system, so that it can provide an intended server capability and deal with theimpacts caused by the intruder exploiting the inher...In this paper, we describe and analyze the hypothesis about intrusiontolerance software system, so that it can provide an intended server capability and deal with theimpacts caused by the intruder exploiting the inherent security vulnerabilities. Wepresent someintrusion tolerance technology by exploiting N-version module threshold method in constructingmultilevel secure software architecture, by detecting with hash value, by placing an 'antigen' wordnext to the return address on the stack thatis similar to human immune system, and by adding 'Honeycode' nonfunctional code to disturb intruder, so that the security and the availability of thesoftware system are ensured.展开更多
Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the serv...Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the server group structure to improve availability and the key distribution structure needed by proactive security. This paper detailed the implementation of proactive security in DSPS. After thorough performance analysis, the authors concluded that the performance difference between the replicated mechanism and proactive mechanism becomes smaller and smaller with increasing number of concurrent connections; and that proactive security is very useful and practical for large, critical applications.展开更多
Virtual machines have attracted significant attention especially within the high performance computing community. How- ever, there remain problems with respect to security in general and intrusion detection and diagno...Virtual machines have attracted significant attention especially within the high performance computing community. How- ever, there remain problems with respect to security in general and intrusion detection and diagnosis in particular which underpin the realization of the potential offered by this emerging technology. In this paper, one such problem has been highlighted, i.e., intrusion severity analysis for large-scMe virtual machine based systems, such as clouds. Furthermore, the paper proposes a solution to this prob- lem for the first time for clouds. The proposed solution achieves virtual machine specific intrusion severity analysis while preserving isolation between the security module and the monitored virtual machine. Furthermore, an automated approach is adopted to signif- icantly reduce the overall intrusion response time. The paper includes a detailed description of the solution and an evaluation of our approach with the objective to determine the effectiveness and potential of this approach. The evaluation includes both architectural and experimentM evaluation thereby enabling us to strengthen our approach at an architectural level as well. Finally, open problems and challenges that need to be addressed in order to make further improvements to the proposed approach have been highlighted.展开更多
Efficient and effective data acquisition is of theoretical and practical importance in WSN applications because data measured and collected by WSN is often unreliable, such as those often accompanied by noise and erro...Efficient and effective data acquisition is of theoretical and practical importance in WSN applications because data measured and collected by WSN is often unreliable, such as those often accompanied by noise and error, missing values or inconsistent data. Motivated by fog computing, which focuses on how to effectively offload computation-intensive tasks from resource-constrained devices, this paper proposes a simple but yet effective data acquisition approach with the ability of filtering abnormal data and meeting the real-time requirement. Our method uses a cooperation mechanism by leveraging on both an architectural and algorithmic approach. Firstly, the sensor node with the limited computing resource only accomplishes detecting and marking the suspicious data using a light weight algorithm. Secondly, the cluster head evaluates suspicious data by referring to the data from the other sensor nodes in the same cluster and discard the abnormal data directly. Thirdly, the sink node fills up the discarded data with an approximate value using nearest neighbor data supplement method. Through the architecture, each node only consumes a few computational resources and distributes the heavily computing load to several nodes. Simulation results show that our data acquisition method is effective considering the real-time outlier filtering and the computing overhead.展开更多
The threshold cryptography provides a new approach to building intrusion tolerance applications. In this paper, a threshold decryption scheme based elliptic curve cryptography is presented. A zero-knowledge test appro...The threshold cryptography provides a new approach to building intrusion tolerance applications. In this paper, a threshold decryption scheme based elliptic curve cryptography is presented. A zero-knowledge test approach based on elliptic curve cryptography is designed. The application of these techniques in Web security is studied. Performance analysis shows that our scheme is characterized by excellent security as well as high efficiency.展开更多
Quantitative analysis has always been a difficult problem in security analysis of intrusion tolerance systems. An intrusion tolerance model based on multiple recovery mechanisms is introduced in this paper and how to ...Quantitative analysis has always been a difficult problem in security analysis of intrusion tolerance systems. An intrusion tolerance model based on multiple recovery mechanisms is introduced in this paper and how to quantify the security attributes of the model is proposed. A state transition model with recovery states more accurately describes the dynamic behavior of the system. Considering that recovery mechanisms have a great impact on the security performance of the system, we set up the cost models corresponding to different recovery mechanisms. We propose a feasible security measure based on mean cost to security failure in order to evaluate the system cost during the recovery phase. The experimental results confirmed the feasibility of the proposed methods.展开更多
基金supported by the National Natural Science Foundation of China(Nos.51977113,62293500,62293501 and 62293505).
文摘Malicious attacks against data are unavoidable in the interconnected,open and shared Energy Internet(EI),Intrusion tolerant techniques are critical to the data security of EI.Existing intrusion tolerant techniques suffered from problems such as low adaptability,policy lag,and difficulty in determining the degree of tolerance.To address these issues,we propose a novel adaptive intrusion tolerance model based on game theory that enjoys two-fold ideas:(1)it constructs an improved replica of the intrusion tolerance model of the dynamic equation evolution game to induce incentive weights;and (2)it combines a tournament competition model with incentive weights to obtain optimal strategies for each stage of the game process.Extensive experiments are conducted in the IEEE 39-bus system,whose results demonstrate the feasibility of the incentive weights,confirm the proposed strategy strengthens the system’s ability to tolerate aggression,and improves the dynamic adaptability and response efficiency of the aggression-tolerant system in the case of limited resources.
基金Supported by the National Natural Science Foun dation of China (90104005,60373087, 60473023),the Ph. D Pro grams Foundation of Ministry of Education of China(20020486046)
文摘In this paper, we describe and analyze the hypothesis about intrusiontolerance software system, so that it can provide an intended server capability and deal with theimpacts caused by the intruder exploiting the inherent security vulnerabilities. Wepresent someintrusion tolerance technology by exploiting N-version module threshold method in constructingmultilevel secure software architecture, by detecting with hash value, by placing an 'antigen' wordnext to the return address on the stack thatis similar to human immune system, and by adding 'Honeycode' nonfunctional code to disturb intruder, so that the security and the availability of thesoftware system are ensured.
文摘Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the server group structure to improve availability and the key distribution structure needed by proactive security. This paper detailed the implementation of proactive security in DSPS. After thorough performance analysis, the authors concluded that the performance difference between the replicated mechanism and proactive mechanism becomes smaller and smaller with increasing number of concurrent connections; and that proactive security is very useful and practical for large, critical applications.
文摘Virtual machines have attracted significant attention especially within the high performance computing community. How- ever, there remain problems with respect to security in general and intrusion detection and diagnosis in particular which underpin the realization of the potential offered by this emerging technology. In this paper, one such problem has been highlighted, i.e., intrusion severity analysis for large-scMe virtual machine based systems, such as clouds. Furthermore, the paper proposes a solution to this prob- lem for the first time for clouds. The proposed solution achieves virtual machine specific intrusion severity analysis while preserving isolation between the security module and the monitored virtual machine. Furthermore, an automated approach is adopted to signif- icantly reduce the overall intrusion response time. The paper includes a detailed description of the solution and an evaluation of our approach with the objective to determine the effectiveness and potential of this approach. The evaluation includes both architectural and experimentM evaluation thereby enabling us to strengthen our approach at an architectural level as well. Finally, open problems and challenges that need to be addressed in order to make further improvements to the proposed approach have been highlighted.
基金supported by National Natural Science Foundation of China, "Research on Accurate and Fair Service Recommendation Approach in Mobile Internet Environment", (No. 61571066)
文摘Efficient and effective data acquisition is of theoretical and practical importance in WSN applications because data measured and collected by WSN is often unreliable, such as those often accompanied by noise and error, missing values or inconsistent data. Motivated by fog computing, which focuses on how to effectively offload computation-intensive tasks from resource-constrained devices, this paper proposes a simple but yet effective data acquisition approach with the ability of filtering abnormal data and meeting the real-time requirement. Our method uses a cooperation mechanism by leveraging on both an architectural and algorithmic approach. Firstly, the sensor node with the limited computing resource only accomplishes detecting and marking the suspicious data using a light weight algorithm. Secondly, the cluster head evaluates suspicious data by referring to the data from the other sensor nodes in the same cluster and discard the abnormal data directly. Thirdly, the sink node fills up the discarded data with an approximate value using nearest neighbor data supplement method. Through the architecture, each node only consumes a few computational resources and distributes the heavily computing load to several nodes. Simulation results show that our data acquisition method is effective considering the real-time outlier filtering and the computing overhead.
基金Supported by the Foundation of National 863 Programme of China (No. 2002AA142040)
文摘The threshold cryptography provides a new approach to building intrusion tolerance applications. In this paper, a threshold decryption scheme based elliptic curve cryptography is presented. A zero-knowledge test approach based on elliptic curve cryptography is designed. The application of these techniques in Web security is studied. Performance analysis shows that our scheme is characterized by excellent security as well as high efficiency.
基金Supported in part by the National Natural Science Foundation of China(61472139)the Key Project of Shanghai Science and Technology Commission(11511504403)
文摘Quantitative analysis has always been a difficult problem in security analysis of intrusion tolerance systems. An intrusion tolerance model based on multiple recovery mechanisms is introduced in this paper and how to quantify the security attributes of the model is proposed. A state transition model with recovery states more accurately describes the dynamic behavior of the system. Considering that recovery mechanisms have a great impact on the security performance of the system, we set up the cost models corresponding to different recovery mechanisms. We propose a feasible security measure based on mean cost to security failure in order to evaluate the system cost during the recovery phase. The experimental results confirmed the feasibility of the proposed methods.
