The 5G-R network is on the verge of entering the construction stage.Given that the dedicated network for railways is closely linked to train operation safety,there are extremely high requirements for network security....The 5G-R network is on the verge of entering the construction stage.Given that the dedicated network for railways is closely linked to train operation safety,there are extremely high requirements for network security.As a result,there is an urgent need to conduct research on 5G-R network security.To comprehensively enhance the end-to-end security protection of the 5G-R network,this study summarized the security requirements of the GSM-R network,analyzed the security risks and requirements faced by the 5G-R network,and proposed an overall 5G-R network security architecture.The security technical schemes were detailed from various aspects:5G-R infrastructure security,terminal access security,networking security,operation and maintenance security,data security,and network boundary security.Additionally,the study proposed leveraging the 5G-R security situation awareness system to achieve a comprehensive upgrade from basic security technologies to endogenous security capabilities within the 5G-R system.展开更多
Given the grave local and international network security landscape,a national strategic level analysis indicates that the modernization and advancement within the Industry 4.0 era are closely correlated with overall c...Given the grave local and international network security landscape,a national strategic level analysis indicates that the modernization and advancement within the Industry 4.0 era are closely correlated with overall competitive strength.Consequently,China proposed a strategy for the integration of industrialization and informatization,optimizing and adjusting its industrial structure to swiftly achieve transformation and upgrading in the Industry 4.0 era,thereby enhancing the sophistication of intelligent industrial control systems.The distributed control system in a nuclear power plant functions as an industrial control system,overseeing the operational status of the physical process.Its ability to ensure safe and reliable operation is directly linked to nuclear safety and the cybersecurity of the facility.The management of network security in distributed control systems(DCS)is crucial for achieving this objective.Due to the varying network settings and parameters of the DCS implemented in each nuclear power plant,the network security status of the system sometimes diverges from expectations.During system operation,it will undoubtedly encounter network security issues.Consequently,nuclear power plants utilize the technical criteria outlined in GB/T 22239 to formulate a network security management program aimed at enhancing the operational security of DCS within these facilities.This study utilizes existing network security regulations and standards as a reference to analyze the network security control standards based on the nuclear power plant’s control system.It delineates the fundamental requirements for network security management,facilitating integration with the entire life cycle of the research,development,and application of the nuclear power plant’s distributed control system,thereby establishing a network security management methodology that satisfies the control requirements of the nuclear power plant.Initially,it presents DCS and network security management,outlines current domestic and international network security legislation and standards,and specifies the standards pertinent to the administration of DCS in nuclear power plants.Secondly,the design of network security management for DCS is executed in conjunction with the specific context of nuclear power plants.This encompasses the deployment of network security apparatus,validation of the network security management strategy,and optimization adjustments.Consequently,recommendations beneficial to the network security management of nuclear power plants are compiled,aimed at establishing a management system and incorporating the concept of full life cycle management,which is predicated on system requirements,system design,and both software and hardware considerations.Conversely,it presents the notion of comprehensive life cycle management and suggests network security management strategies encompassing system requirements,system architecture,detailed hardware and software design and implementation,procurement,internal system integration,system validation and acceptance testing,system installation,operational maintenance,system modifications,and decommissioning.We will consistently enhance the performance and functionality of DCS in nuclear power plants,establish a safe and secure operational environment,and thereby facilitate the implementation of DCS in nuclear facilities while ensuring robust network security in the future.展开更多
This study proposes a method for analyzing the security distance of an Active Distribution Network(ADN)by incorporating the demand response of an Energy Hub(EH).Taking into account the impact of stochastic wind-solar ...This study proposes a method for analyzing the security distance of an Active Distribution Network(ADN)by incorporating the demand response of an Energy Hub(EH).Taking into account the impact of stochastic wind-solar power and flexible loads on the EH,an interactive power model was developed to represent the EH’s operation under these influences.Additionally,an ADN security distance model,integrating an EH with flexible loads,was constructed to evaluate the effect of flexible load variations on the ADN’s security distance.By considering scenarios such as air conditioning(AC)load reduction and base station(BS)load transfer,the security distances of phases A,B,and C increased by 17.1%,17.2%,and 17.7%,respectively.Furthermore,a multi-objective optimal power flow model was formulated and solved using the Forward-Backward Power Flow Algorithm,the NSGA-II multi-objective optimization algo-rithm,and the maximum satisfaction method.The simulation results of the IEEE33 node system example demonstrate that after opti-mization,the total energy cost for one day is reduced by 0.026%,and the total security distance limit of the ADN’s three phases is improved by 0.1 MVA.This method effectively enhances the security distance,facilitates BS load transfer and AC load reduction,and contributes to the energy-saving,economical,and safe operation of the power system.展开更多
The Fifth Generation of Mobile Communications for Railways(5G-R)brings significant opportunities for the rail industry.However,alongside the potential and benefits of the railway 5G network are complex security challe...The Fifth Generation of Mobile Communications for Railways(5G-R)brings significant opportunities for the rail industry.However,alongside the potential and benefits of the railway 5G network are complex security challenges.Ensuring the security and reliability of railway 5G networks is therefore essential.This paper presents a detailed examination of security assessment techniques for railway 5G networks,focusing on addressing the unique security challenges in this field.In this paper,various security requirements in railway 5G networks are analyzed,and specific processes and methods for conducting comprehensive security risk assessments are presented.This study provides a framework for securing railway 5G network development and ensuring its long-term sustainability.展开更多
Quantum key distribution(QKD)optical networks can provide more secure communications.However,with the increase of the QKD path requests and key updates,network blocking problems will become severe.The blocking problem...Quantum key distribution(QKD)optical networks can provide more secure communications.However,with the increase of the QKD path requests and key updates,network blocking problems will become severe.The blocking problems in the network can become more severe because each fiber link has limited resources(such as wavelengths and time slots).In addition,QKD optical networks are also affected by external disturbances such as data interception and eavesdropping,resulting in inefficient network communication.In this paper,we exploit the idea of protection path to enhance the anti-interference ability of QKD optical network.By introducing the concept of security metric,we propose a routing wavelength and time slot allocation algorithm(RWTA)based on protection path,which can lessen the blocking problem of QKD optical network.According to simulation analysis,the security-metric-based RWTA algorithm(SM-RWTA)proposed in this paper can substantially improve the success rate of security key(SK)update and significantly reduce the blocking rate of the network.It can also improve the utilization rate of resources such as wavelengths and time slots.Compared with the non-security-metric-based RWTA algorithm(NSM-RWTA),our algorithm is robust and can enhance the anti-interference ability and security of QKD optical networks.展开更多
The rapid growth of Internet of things devices and the emergence of rapidly evolving network threats have made traditional security assessment methods inadequate.Federated learning offers a promising solution to exped...The rapid growth of Internet of things devices and the emergence of rapidly evolving network threats have made traditional security assessment methods inadequate.Federated learning offers a promising solution to expedite the training of security assessment models.However,ensuring the trustworthiness and robustness of federated learning under multi-party collaboration scenarios remains a challenge.To address these issues,this study proposes a shard aggregation network structure and a malicious node detection mechanism,along with improvements to the federated learning training process.First,we extract the data features of the participants by using spectral clustering methods combined with a Gaussian kernel function.Then,we introduce a multi-objective decision-making approach that combines data distribution consistency,consensus communication overhead,and consensus result reliability in order to determine the final network sharing scheme.Finally,by integrating the federated learning aggregation process with the malicious node detection mechanism,we improve the traditional decentralized learning process.Our proposed ShardFed algorithm outperforms conventional classification algorithms and state-of-the-art machine learning methods like FedProx and FedCurv in convergence speed,robustness against data interference,and adaptability across multiple scenarios.Experimental results demonstrate that the proposed approach improves model accuracy by up to 2.33%under non-independent and identically distributed data conditions,maintains higher performance with malicious nodes containing poisoned data ratios of 20%–50%,and significantly enhances model resistance to low-quality data.展开更多
Digital content such as games,extended reality(XR),and movies has been widely and easily distributed over wireless networks.As a result,unauthorized access,copyright infringement by third parties or eavesdroppers,and ...Digital content such as games,extended reality(XR),and movies has been widely and easily distributed over wireless networks.As a result,unauthorized access,copyright infringement by third parties or eavesdroppers,and cyberattacks over these networks have become pressing concerns.Therefore,protecting copyrighted content and preventing illegal distribution in wireless communications has garnered significant attention.The Intelligent Reflecting Surface(IRS)is regarded as a promising technology for future wireless and mobile networks due to its ability to reconfigure the radio propagation environment.This study investigates the security performance of an uplink Non-Orthogonal Multiple Access(NOMA)system integrated with an IRS and employing Fountain Codes(FCs).Specifically,two users send signals to the base station at separate distances.A relay receives the signal from the nearby user first and then relays it to the base station.The IRS receives the signal from the distant user and reflects it to the relay,which then sends the reflected signal to the base station.Furthermore,a malevolent eavesdropper intercepts both user and relay communications.We construct mathematical equations for Outage Probability(OP),throughput,diversity evaluation,and Interception Probability(IP),offering quantitative insights to assess system security and performance.Additionally,OP and IP are analyzed using a Deep Neural Network(DNN)model.A deeper comprehension of the security performance of the IRS-assisted NOMA systemin signal transmission is provided by Monte Carlo simulations,which are also carried out to confirm the theoretical conclusions.展开更多
A robust ecological security network(ESN)is essential for ensuring regional ecological security,improving fragile ecological conditions,and promoting sustainable development.Climate change and land use/cover change(LU...A robust ecological security network(ESN)is essential for ensuring regional ecological security,improving fragile ecological conditions,and promoting sustainable development.Climate change and land use/cover change(LUCC)influence the structure and connectivity of the ESN by impacting ecosystem services(ESs).Previous studies primarily focused on the overall effects of LUCC on ESN changes,but they largely overlooked the effects of detailed LUCC transitions.In this study,we evaluated changes in the structure and connectivity of the ESN in the Songnen Plain(SNP),Northeast China,over the past 30 yr(1990s-2020s)using circuit theory and graph theory.We further explored the effects of climate change,LUCC,and detailed LUCC transformations on ESN changes through factorial control experiments.Results revealed a 24.86%decrease in ecological sources and a 27.06%decrease in ecological corridors,accompanied by a decline in ESN connectivity from the 1990s to the 2010s.Conversely,from the 2010s to the 2020s,ecological sources increased by 14.71%and ecological corridors increased by 25.71%due to ecological projects such as returning farmland to wetlands,resulting in an overall increase in ESN connectivity.The changes in ESN structure were primarily attributed to LUCC effects,followed by climate change effects and their interactions.In contrast,the changes in connectivity were significantly affected by climate change,followed by interactive effects and LUCC.Through detailed examination of LUCC transformation effects,we further found that the changes in ESN structure were primarily attributed to wetland loss,followed by deforestation and urban expansion.Meanwhile,the changes in ESN connectivity were mainly due to the effects of wetland loss,urban expansion and deforestation.Notably,the adverse effects of wetland loss partly offset climate change benefits on ESN.Our study offers valuable insights for developing future land management policies and implementing ecological projects,aimed at maintaining a stable ESN and ensuring sustainable human development.展开更多
E-commerce is a very active field of Internet research. A very important aspect of e-commerce is its security. Because of the variety of e-commerce applications, many security policies, protocols and techniques are in...E-commerce is a very active field of Internet research. A very important aspect of e-commerce is its security. Because of the variety of e-commerce applications, many security policies, protocols and techniques are involved in the deployment of the security. The related standards and protocols of e-commerce are studied in this paper. The general model of e-commerce security is set forth. In this model, two most important e-commerce protocols including secure sockets layer (SSL) and secure electronic transaction (SET) are analyzed. The open problems and new trends of e-commerce security are presented.展开更多
The security of mobile agent directly decides its usage width in e-commerce. Especially, to protect users' private information is becoming more important now and future. So an anonymous mobile agent security mechanis...The security of mobile agent directly decides its usage width in e-commerce. Especially, to protect users' private information is becoming more important now and future. So an anonymous mobile agent security mechanism with the secure authentication infrastructure based on PKI (public key infrastructure) is proposed in the paper. The multi-agent system is programmed by java language and every agent must register itself in CA (certificate authority) before working in the net and express his legit identity which is temptly produced and used only once. The CA ensures the legal of all agents' identity which take part in communicaiton or trade. And every user agent identity only is used once which makes other agents cannot decipher users' private information. The security mechanism of the multi-agent system implements anonymity, integrity, data confidentiality of mobile agent based on the MH(multiple hop) integrity protection regard to PKI limit.展开更多
Security practices such as Audits that often focus on penetration testing are performed to find flaws in some types of vulnerability & use tools, which have been tailored to resolve certain risks based on code err...Security practices such as Audits that often focus on penetration testing are performed to find flaws in some types of vulnerability & use tools, which have been tailored to resolve certain risks based on code errors, code conceptual <span style="font-family:Verdana;">assumptions bugs</span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;">,</span></span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;"> etc. Most existing security practices in e-Commerce are</span></span></span><span><span><span style="font-family:;" "=""><span style="font-family:Verdana;"> dealt with as an auditing activity. They may have policies of security, which are enforced by auditors who enable a particular set of items to be reviewed, but </span><span style="font-family:Verdana;">also fail to find vulnerabilities, which have been established in complianc</span><span style="font-family:Verdana;">e </span><span style="font-family:Verdana;">with application logic. In this paper, we will investigate the problem of business</span><span style="font-family:Verdana;"> logic vulnerability in the component-based rapid development of e-commerce applications while reusing design specification of component. We propose secure application functional processing Logic Security technique for compo</span><span style="font-family:Verdana;">nent-based e-commerce application, based on security requirement of</span><span style="font-family:Verdana;"> e-business </span><span style="font-family:Verdana;">process and security assurance logical component behaviour specification</span><span style="font-family:Verdana;"> ap</span><span style="font-family:Verdana;">proach to formulize and design a solution for business logic vulnerability</span><span style="font-family:Verdana;"> phenomena.</span></span></span></span>展开更多
The rise of electronic commerce has broken the traditional trading mode, changed people' s production and life, has gradually become an important factor of regional economic development. The paper comprehensively dis...The rise of electronic commerce has broken the traditional trading mode, changed people' s production and life, has gradually become an important factor of regional economic development. The paper comprehensively discuss on present situation and characteristics of electronic commerce development in our country, on basis of it, the paper analyze electronic commerce major impact on regional economic development, and put forward to strengthen the development of e-commerce related strategies to promote regional economic development role.展开更多
In today' s 21st century of IT, e-commerce began to develop rapidly. Among them, in the process of e-commerce implementation, it is mainly to ensure system security issues. Based primarily on this issue, we discussed...In today' s 21st century of IT, e-commerce began to develop rapidly. Among them, in the process of e-commerce implementation, it is mainly to ensure system security issues. Based primarily on this issue, we discussed issues related to certification systems, SSL protocol as well as SET protocol. In addition, the article also describes the business several other safety-related technology.展开更多
In order to manage all kinds of network security devices and software systems efficiently, and make them collaborate with each other, the model for an open network security management platform is presented. The feasib...In order to manage all kinds of network security devices and software systems efficiently, and make them collaborate with each other, the model for an open network security management platform is presented. The feasibility and key implementing technology of the model are expatiated. A prototype system is implemented to validate it.展开更多
Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmab...Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmability, the “three-layer two-interface” architecture of SDN changes the traditional network and increases the network attack nodes, which results in new security issues. In this paper, we firstly introduced the background, architecture and working process of SDN. Secondly, we summarized and analyzed the typical security issues from north to south: application layer, northbound interface, control layer, southbound interface and data layer. Another contribution is to review and analyze the existing solutions and latest research progress of each layer, mainly including: authorized authentication module, application isolation, DoS/DDoS defense, multi-controller deployment and flow rule consistency detection. Finally, a conclusion about the future works of SDN security and an idealized global security architecture is proposed.展开更多
This study proposes a tractable approach to analyze the physical-layer security in the downlink of a multi-tier heterogeneous cellular network. This method is based on stochastic geometry, has low computational comple...This study proposes a tractable approach to analyze the physical-layer security in the downlink of a multi-tier heterogeneous cellular network. This method is based on stochastic geometry, has low computational complexity, and uses the two-dimensional Poisson point process to model the locations of K-tier base stations and receivers, including those of legitimate users and eavesdroppers. Then, the achievable secrecy rates for an arbitrary user are determined and the upper and lower bounds of secrecy coverage probability derived on the condition that cross-tier interference is the main contributor to aggregate interference. Finally, our analysis results reveal the innate connections between information-theoretic security and the spatial densities of legitimate and malicious nodes.展开更多
Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHS...Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHSAS is developed for national backbone network,large network operators,large enterprises and other large-scale network.This paper describes its architecture and key technologies:Network Security Oriented Total Factor Information Collection and High-Dimensional Vector Space Analysis,Knowledge Representation and Management of Super Large-Scale Network Security,Multi-Level,Multi-Granularity and Multi-Dimensional Network Security Index Construction Method,Multi-Mode and Multi-Granularity Network Security Situation Prediction Technology,and so on.The performance tests show that YHSAS has high real-time performance and accuracy in security situation analysis and trend prediction.The system meets the demands of analysis and prediction for large-scale network security situation.展开更多
With the rapid development of global information and the increasing dependence on network for people, network security problems are becoming more and more serious. By analyzing the existing security assessment methods...With the rapid development of global information and the increasing dependence on network for people, network security problems are becoming more and more serious. By analyzing the existing security assessment methods, we propose a network security situation evaluation system based on modified D-S evidence theory is proposed. Firstly, we give a modified D-S evidence theory to improve the reliability and rationality of the fusion result and apply the theory to correlation analysis. Secondly, the attack successful support is accurately calculated by matching internal factors with external threats. Multi-module evaluation is established to comprehensively evaluate the situation of network security. Finally we use an example of actual network datasets to validate the network security situation evaluation system. The simulation result shows that the system can not only reduce the rate of false positives and false alarms, but also effectively help analysts comprehensively to understand the situation of network security.展开更多
To integrate the satellite communications with the LTE/5G services, the concept of Hybrid Satellite Terrestrial Relay Networks(HSTRNs) has been proposed. In this paper, we investigate the secure transmission in a HSTR...To integrate the satellite communications with the LTE/5G services, the concept of Hybrid Satellite Terrestrial Relay Networks(HSTRNs) has been proposed. In this paper, we investigate the secure transmission in a HSTRN where the eavesdropper can wiretap the transmitted messages from both the satellite and the intermediate relays. To effectively protect the message from wiretapping in these two phases, we consider cooperative jamming by the relays, where the jamming signals are optimized to maximize the secrecy rate under the total power constraint of relays. In the first phase, the Maximal Ratio Transmission(MRT) scheme is used to maximize the secrecy rate, while in the second phase, by interpolating between the sub-optimal MRT scheme and the null-space projection scheme, the optimal scheme can be obtained via an efficient one-dimensional searching method. Simulation results show that when the number of cooperative relays is small, the performance of the optimal scheme significantly outperforms that of MRT and null-space projection scheme. When the number of relays increases, the performance of the null-space projection approaches that of the optimal one.展开更多
Network security situation is a hot research topic in the field of network security. Whole situation awareness includes the current situation evaluation and the future situation prediction. However, the now-existing r...Network security situation is a hot research topic in the field of network security. Whole situation awareness includes the current situation evaluation and the future situation prediction. However, the now-existing research focuses on the current situation evaluation, and seldom discusses the future prediction. Based on the historical research, an improved grey Verhulst model is put forward to predict the future situation. Aiming at the shortages in the prediction based on traditional Verhulst model, the adaptive grey parameters and equal- dimensions grey filling methods are proposed to improve the precision. The simulation results prove that the scheme is efficient and applicable.展开更多
文摘The 5G-R network is on the verge of entering the construction stage.Given that the dedicated network for railways is closely linked to train operation safety,there are extremely high requirements for network security.As a result,there is an urgent need to conduct research on 5G-R network security.To comprehensively enhance the end-to-end security protection of the 5G-R network,this study summarized the security requirements of the GSM-R network,analyzed the security risks and requirements faced by the 5G-R network,and proposed an overall 5G-R network security architecture.The security technical schemes were detailed from various aspects:5G-R infrastructure security,terminal access security,networking security,operation and maintenance security,data security,and network boundary security.Additionally,the study proposed leveraging the 5G-R security situation awareness system to achieve a comprehensive upgrade from basic security technologies to endogenous security capabilities within the 5G-R system.
文摘Given the grave local and international network security landscape,a national strategic level analysis indicates that the modernization and advancement within the Industry 4.0 era are closely correlated with overall competitive strength.Consequently,China proposed a strategy for the integration of industrialization and informatization,optimizing and adjusting its industrial structure to swiftly achieve transformation and upgrading in the Industry 4.0 era,thereby enhancing the sophistication of intelligent industrial control systems.The distributed control system in a nuclear power plant functions as an industrial control system,overseeing the operational status of the physical process.Its ability to ensure safe and reliable operation is directly linked to nuclear safety and the cybersecurity of the facility.The management of network security in distributed control systems(DCS)is crucial for achieving this objective.Due to the varying network settings and parameters of the DCS implemented in each nuclear power plant,the network security status of the system sometimes diverges from expectations.During system operation,it will undoubtedly encounter network security issues.Consequently,nuclear power plants utilize the technical criteria outlined in GB/T 22239 to formulate a network security management program aimed at enhancing the operational security of DCS within these facilities.This study utilizes existing network security regulations and standards as a reference to analyze the network security control standards based on the nuclear power plant’s control system.It delineates the fundamental requirements for network security management,facilitating integration with the entire life cycle of the research,development,and application of the nuclear power plant’s distributed control system,thereby establishing a network security management methodology that satisfies the control requirements of the nuclear power plant.Initially,it presents DCS and network security management,outlines current domestic and international network security legislation and standards,and specifies the standards pertinent to the administration of DCS in nuclear power plants.Secondly,the design of network security management for DCS is executed in conjunction with the specific context of nuclear power plants.This encompasses the deployment of network security apparatus,validation of the network security management strategy,and optimization adjustments.Consequently,recommendations beneficial to the network security management of nuclear power plants are compiled,aimed at establishing a management system and incorporating the concept of full life cycle management,which is predicated on system requirements,system design,and both software and hardware considerations.Conversely,it presents the notion of comprehensive life cycle management and suggests network security management strategies encompassing system requirements,system architecture,detailed hardware and software design and implementation,procurement,internal system integration,system validation and acceptance testing,system installation,operational maintenance,system modifications,and decommissioning.We will consistently enhance the performance and functionality of DCS in nuclear power plants,establish a safe and secure operational environment,and thereby facilitate the implementation of DCS in nuclear facilities while ensuring robust network security in the future.
基金supported in part by the National Nat-ural Science Foundation of China(No.51977012,No.52307080).
文摘This study proposes a method for analyzing the security distance of an Active Distribution Network(ADN)by incorporating the demand response of an Energy Hub(EH).Taking into account the impact of stochastic wind-solar power and flexible loads on the EH,an interactive power model was developed to represent the EH’s operation under these influences.Additionally,an ADN security distance model,integrating an EH with flexible loads,was constructed to evaluate the effect of flexible load variations on the ADN’s security distance.By considering scenarios such as air conditioning(AC)load reduction and base station(BS)load transfer,the security distances of phases A,B,and C increased by 17.1%,17.2%,and 17.7%,respectively.Furthermore,a multi-objective optimal power flow model was formulated and solved using the Forward-Backward Power Flow Algorithm,the NSGA-II multi-objective optimization algo-rithm,and the maximum satisfaction method.The simulation results of the IEEE33 node system example demonstrate that after opti-mization,the total energy cost for one day is reduced by 0.026%,and the total security distance limit of the ADN’s three phases is improved by 0.1 MVA.This method effectively enhances the security distance,facilitates BS load transfer and AC load reduction,and contributes to the energy-saving,economical,and safe operation of the power system.
基金supported in part by the Fundamental Research Funds for the Central Universities under Grant No.2025JBXT010in part by NSFC under Grant No.62171021,in part by the Project of China State Railway Group under Grant No.N2024B004in part by ZTE IndustryUniversityInstitute Cooperation Funds under Grant No.l23L00010.
文摘The Fifth Generation of Mobile Communications for Railways(5G-R)brings significant opportunities for the rail industry.However,alongside the potential and benefits of the railway 5G network are complex security challenges.Ensuring the security and reliability of railway 5G networks is therefore essential.This paper presents a detailed examination of security assessment techniques for railway 5G networks,focusing on addressing the unique security challenges in this field.In this paper,various security requirements in railway 5G networks are analyzed,and specific processes and methods for conducting comprehensive security risk assessments are presented.This study provides a framework for securing railway 5G network development and ensuring its long-term sustainability.
基金funded by Youth Program of Shaanxi Provincial Department of Science and Technology(Grant No.2024JC-YBQN-0630)。
文摘Quantum key distribution(QKD)optical networks can provide more secure communications.However,with the increase of the QKD path requests and key updates,network blocking problems will become severe.The blocking problems in the network can become more severe because each fiber link has limited resources(such as wavelengths and time slots).In addition,QKD optical networks are also affected by external disturbances such as data interception and eavesdropping,resulting in inefficient network communication.In this paper,we exploit the idea of protection path to enhance the anti-interference ability of QKD optical network.By introducing the concept of security metric,we propose a routing wavelength and time slot allocation algorithm(RWTA)based on protection path,which can lessen the blocking problem of QKD optical network.According to simulation analysis,the security-metric-based RWTA algorithm(SM-RWTA)proposed in this paper can substantially improve the success rate of security key(SK)update and significantly reduce the blocking rate of the network.It can also improve the utilization rate of resources such as wavelengths and time slots.Compared with the non-security-metric-based RWTA algorithm(NSM-RWTA),our algorithm is robust and can enhance the anti-interference ability and security of QKD optical networks.
基金supported by State Grid Hebei Electric Power Co.,Ltd.Science and Technology Project,Research on Security Protection of Power Services Carried by 4G/5G Networks(Grant No.KJ2024-127).
文摘The rapid growth of Internet of things devices and the emergence of rapidly evolving network threats have made traditional security assessment methods inadequate.Federated learning offers a promising solution to expedite the training of security assessment models.However,ensuring the trustworthiness and robustness of federated learning under multi-party collaboration scenarios remains a challenge.To address these issues,this study proposes a shard aggregation network structure and a malicious node detection mechanism,along with improvements to the federated learning training process.First,we extract the data features of the participants by using spectral clustering methods combined with a Gaussian kernel function.Then,we introduce a multi-objective decision-making approach that combines data distribution consistency,consensus communication overhead,and consensus result reliability in order to determine the final network sharing scheme.Finally,by integrating the federated learning aggregation process with the malicious node detection mechanism,we improve the traditional decentralized learning process.Our proposed ShardFed algorithm outperforms conventional classification algorithms and state-of-the-art machine learning methods like FedProx and FedCurv in convergence speed,robustness against data interference,and adaptability across multiple scenarios.Experimental results demonstrate that the proposed approach improves model accuracy by up to 2.33%under non-independent and identically distributed data conditions,maintains higher performance with malicious nodes containing poisoned data ratios of 20%–50%,and significantly enhances model resistance to low-quality data.
基金supported in part by Vietnam National Foundation for Science and Technology Development(NAFOSTED)under Grant 102.04-2021.57in part by Culture,Sports and Tourism R&D Program through the Korea Creative Content Agency grant funded by the Ministry of Culture,Sports and Tourism in 2024(Project Name:Global Talent Training Program for Copyright Management Technology in Game Contents,Project Number:RS-2024-00396709,Contribution Rate:100%).
文摘Digital content such as games,extended reality(XR),and movies has been widely and easily distributed over wireless networks.As a result,unauthorized access,copyright infringement by third parties or eavesdroppers,and cyberattacks over these networks have become pressing concerns.Therefore,protecting copyrighted content and preventing illegal distribution in wireless communications has garnered significant attention.The Intelligent Reflecting Surface(IRS)is regarded as a promising technology for future wireless and mobile networks due to its ability to reconfigure the radio propagation environment.This study investigates the security performance of an uplink Non-Orthogonal Multiple Access(NOMA)system integrated with an IRS and employing Fountain Codes(FCs).Specifically,two users send signals to the base station at separate distances.A relay receives the signal from the nearby user first and then relays it to the base station.The IRS receives the signal from the distant user and reflects it to the relay,which then sends the reflected signal to the base station.Furthermore,a malevolent eavesdropper intercepts both user and relay communications.We construct mathematical equations for Outage Probability(OP),throughput,diversity evaluation,and Interception Probability(IP),offering quantitative insights to assess system security and performance.Additionally,OP and IP are analyzed using a Deep Neural Network(DNN)model.A deeper comprehension of the security performance of the IRS-assisted NOMA systemin signal transmission is provided by Monte Carlo simulations,which are also carried out to confirm the theoretical conclusions.
基金Under the auspices of National Key Research and Development Program of China(No.2022YFF1300904)the National Natural Science Foundation of China(No.42271119,42371075,42471127)+1 种基金Youth Innovation Promotion Association,Chinese Academy of Sciences(No.2023238)Jilin Province Science and Technology Development Plan Project(No.20230203001SF)。
文摘A robust ecological security network(ESN)is essential for ensuring regional ecological security,improving fragile ecological conditions,and promoting sustainable development.Climate change and land use/cover change(LUCC)influence the structure and connectivity of the ESN by impacting ecosystem services(ESs).Previous studies primarily focused on the overall effects of LUCC on ESN changes,but they largely overlooked the effects of detailed LUCC transitions.In this study,we evaluated changes in the structure and connectivity of the ESN in the Songnen Plain(SNP),Northeast China,over the past 30 yr(1990s-2020s)using circuit theory and graph theory.We further explored the effects of climate change,LUCC,and detailed LUCC transformations on ESN changes through factorial control experiments.Results revealed a 24.86%decrease in ecological sources and a 27.06%decrease in ecological corridors,accompanied by a decline in ESN connectivity from the 1990s to the 2010s.Conversely,from the 2010s to the 2020s,ecological sources increased by 14.71%and ecological corridors increased by 25.71%due to ecological projects such as returning farmland to wetlands,resulting in an overall increase in ESN connectivity.The changes in ESN structure were primarily attributed to LUCC effects,followed by climate change effects and their interactions.In contrast,the changes in connectivity were significantly affected by climate change,followed by interactive effects and LUCC.Through detailed examination of LUCC transformation effects,we further found that the changes in ESN structure were primarily attributed to wetland loss,followed by deforestation and urban expansion.Meanwhile,the changes in ESN connectivity were mainly due to the effects of wetland loss,urban expansion and deforestation.Notably,the adverse effects of wetland loss partly offset climate change benefits on ESN.Our study offers valuable insights for developing future land management policies and implementing ecological projects,aimed at maintaining a stable ESN and ensuring sustainable human development.
文摘E-commerce is a very active field of Internet research. A very important aspect of e-commerce is its security. Because of the variety of e-commerce applications, many security policies, protocols and techniques are involved in the deployment of the security. The related standards and protocols of e-commerce are studied in this paper. The general model of e-commerce security is set forth. In this model, two most important e-commerce protocols including secure sockets layer (SSL) and secure electronic transaction (SET) are analyzed. The open problems and new trends of e-commerce security are presented.
基金Supported by the National Natural Science Foun-dation of China (50077007) the Youth Teacher Foundation ofNorth China Electric Power University (20051101)
文摘The security of mobile agent directly decides its usage width in e-commerce. Especially, to protect users' private information is becoming more important now and future. So an anonymous mobile agent security mechanism with the secure authentication infrastructure based on PKI (public key infrastructure) is proposed in the paper. The multi-agent system is programmed by java language and every agent must register itself in CA (certificate authority) before working in the net and express his legit identity which is temptly produced and used only once. The CA ensures the legal of all agents' identity which take part in communicaiton or trade. And every user agent identity only is used once which makes other agents cannot decipher users' private information. The security mechanism of the multi-agent system implements anonymity, integrity, data confidentiality of mobile agent based on the MH(multiple hop) integrity protection regard to PKI limit.
文摘Security practices such as Audits that often focus on penetration testing are performed to find flaws in some types of vulnerability & use tools, which have been tailored to resolve certain risks based on code errors, code conceptual <span style="font-family:Verdana;">assumptions bugs</span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;">,</span></span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;"> etc. Most existing security practices in e-Commerce are</span></span></span><span><span><span style="font-family:;" "=""><span style="font-family:Verdana;"> dealt with as an auditing activity. They may have policies of security, which are enforced by auditors who enable a particular set of items to be reviewed, but </span><span style="font-family:Verdana;">also fail to find vulnerabilities, which have been established in complianc</span><span style="font-family:Verdana;">e </span><span style="font-family:Verdana;">with application logic. In this paper, we will investigate the problem of business</span><span style="font-family:Verdana;"> logic vulnerability in the component-based rapid development of e-commerce applications while reusing design specification of component. We propose secure application functional processing Logic Security technique for compo</span><span style="font-family:Verdana;">nent-based e-commerce application, based on security requirement of</span><span style="font-family:Verdana;"> e-business </span><span style="font-family:Verdana;">process and security assurance logical component behaviour specification</span><span style="font-family:Verdana;"> ap</span><span style="font-family:Verdana;">proach to formulize and design a solution for business logic vulnerability</span><span style="font-family:Verdana;"> phenomena.</span></span></span></span>
文摘The rise of electronic commerce has broken the traditional trading mode, changed people' s production and life, has gradually become an important factor of regional economic development. The paper comprehensively discuss on present situation and characteristics of electronic commerce development in our country, on basis of it, the paper analyze electronic commerce major impact on regional economic development, and put forward to strengthen the development of e-commerce related strategies to promote regional economic development role.
文摘In today' s 21st century of IT, e-commerce began to develop rapidly. Among them, in the process of e-commerce implementation, it is mainly to ensure system security issues. Based primarily on this issue, we discussed issues related to certification systems, SSL protocol as well as SET protocol. In addition, the article also describes the business several other safety-related technology.
文摘In order to manage all kinds of network security devices and software systems efficiently, and make them collaborate with each other, the model for an open network security management platform is presented. The feasibility and key implementing technology of the model are expatiated. A prototype system is implemented to validate it.
基金supported by the Wuhan Frontier Program of Application Foundation (No.2018010401011295)National High Technology Research and Development Program of China (“863” Program) (Grant No. 2015AA016002)
文摘Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmability, the “three-layer two-interface” architecture of SDN changes the traditional network and increases the network attack nodes, which results in new security issues. In this paper, we firstly introduced the background, architecture and working process of SDN. Secondly, we summarized and analyzed the typical security issues from north to south: application layer, northbound interface, control layer, southbound interface and data layer. Another contribution is to review and analyze the existing solutions and latest research progress of each layer, mainly including: authorized authentication module, application isolation, DoS/DDoS defense, multi-controller deployment and flow rule consistency detection. Finally, a conclusion about the future works of SDN security and an idealized global security architecture is proposed.
基金supported in part by National Natural Science Foundation of China under Grant No.61401510,61521003National High-tech R&D Program(863 Program)under Grant No.2015AA01A708
文摘This study proposes a tractable approach to analyze the physical-layer security in the downlink of a multi-tier heterogeneous cellular network. This method is based on stochastic geometry, has low computational complexity, and uses the two-dimensional Poisson point process to model the locations of K-tier base stations and receivers, including those of legitimate users and eavesdroppers. Then, the achievable secrecy rates for an arbitrary user are determined and the upper and lower bounds of secrecy coverage probability derived on the condition that cross-tier interference is the main contributor to aggregate interference. Finally, our analysis results reveal the innate connections between information-theoretic security and the spatial densities of legitimate and malicious nodes.
基金This work is funded by the National Natural Science Foundation of China under Grant U1636215the National key research and development plan under Grant Nos.2018YFB0803504,2016YFB0800303.
文摘Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHSAS is developed for national backbone network,large network operators,large enterprises and other large-scale network.This paper describes its architecture and key technologies:Network Security Oriented Total Factor Information Collection and High-Dimensional Vector Space Analysis,Knowledge Representation and Management of Super Large-Scale Network Security,Multi-Level,Multi-Granularity and Multi-Dimensional Network Security Index Construction Method,Multi-Mode and Multi-Granularity Network Security Situation Prediction Technology,and so on.The performance tests show that YHSAS has high real-time performance and accuracy in security situation analysis and trend prediction.The system meets the demands of analysis and prediction for large-scale network security situation.
基金Supported by the Foundation of Tianjin for Science and Technology Innovation(10FDZDGX00400,11ZCKFGX00900)Key Project of Educational Reform Foundation of Tianjin Municipal Education Commission(C03-0809)
文摘With the rapid development of global information and the increasing dependence on network for people, network security problems are becoming more and more serious. By analyzing the existing security assessment methods, we propose a network security situation evaluation system based on modified D-S evidence theory is proposed. Firstly, we give a modified D-S evidence theory to improve the reliability and rationality of the fusion result and apply the theory to correlation analysis. Secondly, the attack successful support is accurately calculated by matching internal factors with external threats. Multi-module evaluation is established to comprehensively evaluate the situation of network security. Finally we use an example of actual network datasets to validate the network security situation evaluation system. The simulation result shows that the system can not only reduce the rate of false positives and false alarms, but also effectively help analysts comprehensively to understand the situation of network security.
基金supported in part by the National Natural Science Foundation of China under Grant No.61871032in part by Chinese Ministry of Education-China Mobile Communication Corporation Research Fund under Grant MCM20170101in part by the Open Research Fund of Key Laboratory of Cognitive Radio and Information Processing,Ministry of Education (Guilin University of Electronic Technology) under Grant CRKL190204
文摘To integrate the satellite communications with the LTE/5G services, the concept of Hybrid Satellite Terrestrial Relay Networks(HSTRNs) has been proposed. In this paper, we investigate the secure transmission in a HSTRN where the eavesdropper can wiretap the transmitted messages from both the satellite and the intermediate relays. To effectively protect the message from wiretapping in these two phases, we consider cooperative jamming by the relays, where the jamming signals are optimized to maximize the secrecy rate under the total power constraint of relays. In the first phase, the Maximal Ratio Transmission(MRT) scheme is used to maximize the secrecy rate, while in the second phase, by interpolating between the sub-optimal MRT scheme and the null-space projection scheme, the optimal scheme can be obtained via an efficient one-dimensional searching method. Simulation results show that when the number of cooperative relays is small, the performance of the optimal scheme significantly outperforms that of MRT and null-space projection scheme. When the number of relays increases, the performance of the null-space projection approaches that of the optimal one.
基金the National Natural Science Foundation of China(No.60605019)
文摘Network security situation is a hot research topic in the field of network security. Whole situation awareness includes the current situation evaluation and the future situation prediction. However, the now-existing research focuses on the current situation evaluation, and seldom discusses the future prediction. Based on the historical research, an improved grey Verhulst model is put forward to predict the future situation. Aiming at the shortages in the prediction based on traditional Verhulst model, the adaptive grey parameters and equal- dimensions grey filling methods are proposed to improve the precision. The simulation results prove that the scheme is efficient and applicable.
