In this paper, we conduct research on the essential network equipment risk assessment method based on vulnerability scanning technology. A growing number of hackers wanton invasion of the computer, through the network...In this paper, we conduct research on the essential network equipment risk assessment method based on vulnerability scanning technology. A growing number of hackers wanton invasion of the computer, through the network to steal important information, or destroy the network, the paralyzed which caused huge losses to the state and society. Find a known vulnerability rather than to find the unknown vulnerabilities much easier, which means that most of the attacker' s use is common vulnerabilities. Therefore, we adopt the advantages of the technique to finalize the methodology for the essential network equipment risk assessment which will be meaningful.展开更多
Container technology plays an essential role in many Information and Communications Technology(ICT)systems.However,containers face a diversity of threats caused by vulnerable packages within container images.Previous ...Container technology plays an essential role in many Information and Communications Technology(ICT)systems.However,containers face a diversity of threats caused by vulnerable packages within container images.Previous vulnerability scanning solutions for container images are inadequate.These solutions entirely depend on the information extracted from package managers.As a result,packages installed directly from the source code compilation,or packages downloaded from the repository,etc.,are ignored.We introduce DAVS–A Dockerfile analysis-based vulnerability scanning framework for OCI-based container images to deal with the limitations of existing solutions.DAVS performs static analysis using file extraction based on Dockerfile information to obtain the list of Potentially Vulnerable Files(PVFs).The PVFs are then scanned to figure out the vulnerabilities in the target container image.The experimental shows the outperform of DAVS on detecting Common Vulnerabilities and Exposures(CVE)of 10 known vulnerable images compared to Clair–the most popular container image scanning project.Moreover,DAVS found that 68%of real-world container images are vulnerable from different image registries.展开更多
Communication-dependent and software-based distributed energy resources(DERs)are extensively integrated into modern microgrids,providing extensive benefits such as increased distributed controllability,scalability,and...Communication-dependent and software-based distributed energy resources(DERs)are extensively integrated into modern microgrids,providing extensive benefits such as increased distributed controllability,scalability,and observability.However,malicious cyber-attackers can exploit various potential vulnerabilities.In this study,a programmable adaptive security scanning(PASS)approach is presented to protect DER inverters against various power-bot attacks.Specifically,three different types of attacks,namely controller manipulation,replay,and injection attacks,are considered.This approach employs both software-defined networking technique and a novel coordinated detection method capable of enabling programmable and scalable networked microgrids(NMs)in an ultra-resilient,time-saving,and autonomous manner.The coordinated detection method efficiently identifies the location and type of power-bot attacks without disrupting normal NM operations.Extensive simulation results validate the efficacy and practicality of the PASS for securing NMs.展开更多
Considering the escalating frequency and sophistication of cyber threats targeting web applications, this paper proposes the development of an automated web security analysis tool to address the accessibility gap for ...Considering the escalating frequency and sophistication of cyber threats targeting web applications, this paper proposes the development of an automated web security analysis tool to address the accessibility gap for non-security professionals. This paper presents the design and implementation of an automated web security analysis tool, AWSAT, aimed at enabling individuals with limited security expertise to effectively assess and mitigate vulnerabilities in web applications. Leveraging advanced scanning techniques, the tool identifies common threats such as Cross-Site Scripting (XSS), SQL Injection, and Cross-Site Request Forgery (CSRF), providing detailed reports with actionable insights. By integrating sample payloads and reference study links, the tool facilitates informed decision-making in enhancing the security posture of web applications. Through its user-friendly interface and robust functionality, the tool aims to democratize web security practices, empowering a wider audience to proactively safeguard against cyber threats.展开更多
Along with the deepening of the reform and opening-up policy and the entering of the WTO,international exchange of economy and culture has become more and more frequent,Internet has become an indispensable part of our...Along with the deepening of the reform and opening-up policy and the entering of the WTO,international exchange of economy and culture has become more and more frequent,Internet has become an indispensable part of our life,its rapid development brings great convenience to us,and all of the computers will be connected by Internet in the 21 century,thus the meaning of information security has changed substantially.It not only changes from a general guarding to a common defence,but from a specific field to a public subject as well.However,the opening and sharing of the Internet resource,unefficient supervision as well as various virus make people's information and belongings being in an extremely dangerous environment.The fight between hackers and anti-hackers,destruction and anti-destruction has already affected the stable running of the network and users' legal right,caused great economy damages and it could also threat our country's security.So a right understanding and in-time measures should be paid special attention to.The thesis firstly expatiates the current state of the network security and its importance,and discusses some major factors and threats that affect the network security.And the thesis also introduce some catalogues of the security techniques,some relevant information and their major characters,besides that,I enumerate some popular and effective methods of protecting our network,including the widely used firewall,and the meticulous techniques such as security scan techniques and techniques of intrusion detection.Lastly,some protective measures are stated.展开更多
Detection of port scan is an important component in a network intrusion detection and prevention system. Traditional statistical methods can be easily evaded by stealthy scans and are prone to DoS attacks. This paper ...Detection of port scan is an important component in a network intrusion detection and prevention system. Traditional statistical methods can be easily evaded by stealthy scans and are prone to DoS attacks. This paper presents a new mechanism termed PSD(port scan detection), which is based on TCP packet anomaly evaluation. By learning the port distribution and flags of TCP packets arriving at the protected hosts, PSD can compute the anomaly score of each packet and effectively detect port scans including slow scans and stealthy scans. Experiments show that PSD has high detection accuracy and low detection latency.展开更多
Pattern matching is a fundamental approach to detect malicious behaviors and information over Internet, which has been gradually used in high-speed network traffic analysis. However, there is a performance bottleneck ...Pattern matching is a fundamental approach to detect malicious behaviors and information over Internet, which has been gradually used in high-speed network traffic analysis. However, there is a performance bottleneck for multi-pattern matching on online compressed network traffic(CNT), this is because malicious and intrusion codes are often embedded into compressed network traffic. In this paper, we propose an online fast and multi-pattern matching algorithm on compressed network traffic(FMMCN). FMMCN employs two types of jumping, i.e. jumping during sliding window and a string jump scanning strategy to skip unnecessary compressed bytes. Moreover, FMMCN has the ability to efficiently process multiple large volume of networks such as HTTP traffic, vehicles traffic, and other Internet-based services. The experimental results show that FMMCN can ignore more than 89.5% of bytes, and its maximum speed reaches 176.470MB/s in a midrange switches device, which is faster than the current fastest algorithm ACCH by almost 73.15 MB/s.展开更多
软件安全性测试技术是互联网时代软件开发商完善软件性能和抵御网络攻击的重要手段,而将安全性(Security)融入开发(Development)和运维(Operations)过程中的理念DevSecOps作为新一代软件开发模式,能够识别软件可能存在的威胁和有效评估...软件安全性测试技术是互联网时代软件开发商完善软件性能和抵御网络攻击的重要手段,而将安全性(Security)融入开发(Development)和运维(Operations)过程中的理念DevSecOps作为新一代软件开发模式,能够识别软件可能存在的威胁和有效评估软件安全性,可将软件安全风险置于可控范围内。于是,以DevOps(Development and Operations)流程为研究起点,梳理DevOps软件开发模式各阶段涉及的软件安全性测试技术,包括源代码审计、模糊测试、漏洞扫描、渗透测试和安全众测技术;收集和分析SCI、EI、SCOPUS、CNKI、CSCD和万方等知名索引库中近三年的相关文献资料,归纳总结以上技术的研究现状,并给出相关测试工具的使用建议;同时针对各技术支撑手段的优缺点,对软件开发模式DevSecOps的未来发展方向进行了展望。展开更多
文摘In this paper, we conduct research on the essential network equipment risk assessment method based on vulnerability scanning technology. A growing number of hackers wanton invasion of the computer, through the network to steal important information, or destroy the network, the paralyzed which caused huge losses to the state and society. Find a known vulnerability rather than to find the unknown vulnerabilities much easier, which means that most of the attacker' s use is common vulnerabilities. Therefore, we adopt the advantages of the technique to finalize the methodology for the essential network equipment risk assessment which will be meaningful.
基金supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea Government(MSIT)(No.2020-0-00952)Development of 5G edge security technology for ensuring 5G+service stability and availability.
文摘Container technology plays an essential role in many Information and Communications Technology(ICT)systems.However,containers face a diversity of threats caused by vulnerable packages within container images.Previous vulnerability scanning solutions for container images are inadequate.These solutions entirely depend on the information extracted from package managers.As a result,packages installed directly from the source code compilation,or packages downloaded from the repository,etc.,are ignored.We introduce DAVS–A Dockerfile analysis-based vulnerability scanning framework for OCI-based container images to deal with the limitations of existing solutions.DAVS performs static analysis using file extraction based on Dockerfile information to obtain the list of Potentially Vulnerable Files(PVFs).The PVFs are then scanned to figure out the vulnerabilities in the target container image.The experimental shows the outperform of DAVS on detecting Common Vulnerabilities and Exposures(CVE)of 10 known vulnerable images compared to Clair–the most popular container image scanning project.Moreover,DAVS found that 68%of real-world container images are vulnerable from different image registries.
基金This work was supported in part by the National Science Foundation,USA(ECCS-2018492,CNS-2006828,ECCS-2002897,and OIA-2040599).
文摘Communication-dependent and software-based distributed energy resources(DERs)are extensively integrated into modern microgrids,providing extensive benefits such as increased distributed controllability,scalability,and observability.However,malicious cyber-attackers can exploit various potential vulnerabilities.In this study,a programmable adaptive security scanning(PASS)approach is presented to protect DER inverters against various power-bot attacks.Specifically,three different types of attacks,namely controller manipulation,replay,and injection attacks,are considered.This approach employs both software-defined networking technique and a novel coordinated detection method capable of enabling programmable and scalable networked microgrids(NMs)in an ultra-resilient,time-saving,and autonomous manner.The coordinated detection method efficiently identifies the location and type of power-bot attacks without disrupting normal NM operations.Extensive simulation results validate the efficacy and practicality of the PASS for securing NMs.
文摘Considering the escalating frequency and sophistication of cyber threats targeting web applications, this paper proposes the development of an automated web security analysis tool to address the accessibility gap for non-security professionals. This paper presents the design and implementation of an automated web security analysis tool, AWSAT, aimed at enabling individuals with limited security expertise to effectively assess and mitigate vulnerabilities in web applications. Leveraging advanced scanning techniques, the tool identifies common threats such as Cross-Site Scripting (XSS), SQL Injection, and Cross-Site Request Forgery (CSRF), providing detailed reports with actionable insights. By integrating sample payloads and reference study links, the tool facilitates informed decision-making in enhancing the security posture of web applications. Through its user-friendly interface and robust functionality, the tool aims to democratize web security practices, empowering a wider audience to proactively safeguard against cyber threats.
文摘Along with the deepening of the reform and opening-up policy and the entering of the WTO,international exchange of economy and culture has become more and more frequent,Internet has become an indispensable part of our life,its rapid development brings great convenience to us,and all of the computers will be connected by Internet in the 21 century,thus the meaning of information security has changed substantially.It not only changes from a general guarding to a common defence,but from a specific field to a public subject as well.However,the opening and sharing of the Internet resource,unefficient supervision as well as various virus make people's information and belongings being in an extremely dangerous environment.The fight between hackers and anti-hackers,destruction and anti-destruction has already affected the stable running of the network and users' legal right,caused great economy damages and it could also threat our country's security.So a right understanding and in-time measures should be paid special attention to.The thesis firstly expatiates the current state of the network security and its importance,and discusses some major factors and threats that affect the network security.And the thesis also introduce some catalogues of the security techniques,some relevant information and their major characters,besides that,I enumerate some popular and effective methods of protecting our network,including the widely used firewall,and the meticulous techniques such as security scan techniques and techniques of intrusion detection.Lastly,some protective measures are stated.
文摘Detection of port scan is an important component in a network intrusion detection and prevention system. Traditional statistical methods can be easily evaded by stealthy scans and are prone to DoS attacks. This paper presents a new mechanism termed PSD(port scan detection), which is based on TCP packet anomaly evaluation. By learning the port distribution and flags of TCP packets arriving at the protected hosts, PSD can compute the anomaly score of each packet and effectively detect port scans including slow scans and stealthy scans. Experiments show that PSD has high detection accuracy and low detection latency.
基金supported by China MOST project (No.2012BAH46B04)
文摘Pattern matching is a fundamental approach to detect malicious behaviors and information over Internet, which has been gradually used in high-speed network traffic analysis. However, there is a performance bottleneck for multi-pattern matching on online compressed network traffic(CNT), this is because malicious and intrusion codes are often embedded into compressed network traffic. In this paper, we propose an online fast and multi-pattern matching algorithm on compressed network traffic(FMMCN). FMMCN employs two types of jumping, i.e. jumping during sliding window and a string jump scanning strategy to skip unnecessary compressed bytes. Moreover, FMMCN has the ability to efficiently process multiple large volume of networks such as HTTP traffic, vehicles traffic, and other Internet-based services. The experimental results show that FMMCN can ignore more than 89.5% of bytes, and its maximum speed reaches 176.470MB/s in a midrange switches device, which is faster than the current fastest algorithm ACCH by almost 73.15 MB/s.
文摘软件安全性测试技术是互联网时代软件开发商完善软件性能和抵御网络攻击的重要手段,而将安全性(Security)融入开发(Development)和运维(Operations)过程中的理念DevSecOps作为新一代软件开发模式,能够识别软件可能存在的威胁和有效评估软件安全性,可将软件安全风险置于可控范围内。于是,以DevOps(Development and Operations)流程为研究起点,梳理DevOps软件开发模式各阶段涉及的软件安全性测试技术,包括源代码审计、模糊测试、漏洞扫描、渗透测试和安全众测技术;收集和分析SCI、EI、SCOPUS、CNKI、CSCD和万方等知名索引库中近三年的相关文献资料,归纳总结以上技术的研究现状,并给出相关测试工具的使用建议;同时针对各技术支撑手段的优缺点,对软件开发模式DevSecOps的未来发展方向进行了展望。
